Sandbox report | PDF Host

Sandbox report https://tria.ge/251121-tcdj9s1lb1/pdf-report.html?c=fb8cd8f 1 of 43 21/11/2025, 17:07 Malware Analysis Report 2025-11-21 16:07 Sample ID 251121-tcdj9s1lb1 Target Xeno.exe SHA256 7f371e7aee4e61cd4b356058cd7a26c5f306cf0f3b0c804e5fcce8435e251f66 Tags hijackloader discovery loader persistence 10 /10 score Sandbox report https://tria.ge/251121-tcdj9s1lb1/pdf-report.html?c=fb8cd8f 2 of 43 21/11/2025, 17:07 Table of Contents Part 1. Analysis Overview Part 2. MITRE ATT&CK 2 . 1. Enterprise Matrix V16 Part 3. Analysis: static1 3 . 1. Detonation Overview 3 . 2. Signatures Part 4 Analysis: behavioral1 4 . 1. Detonation Overview 4 . 2. Command Line 4 . 3. Signatures 4 . 4. Processes 4 . 5. Network 4 . 6. Files Part 5. Analysis: behavioral2 5 . 1. Detonation Overview 5 . 2. Command Line 5 . 3. Signatures 5 . 4. Processes 5 . 5. Network 5 . 6. Files Sandbox report https://tria.ge/251121-tcdj9s1lb1/pdf-report.html?c=fb8cd8f 3 of 43 21/11/2025, 17:07 Part 1. Analysis Overview SHA256 7f371e7aee4e61cd4b356058cd7a26c5f306cf0f3b0c804e5fcce8435e251f66 Threat Level: Known bad The file Xeno.exe was found to be: Known bad. Malicious Activity Summary hijackloader discovery loader persistence HijackLoader, IDAT loader, Ghostulse, Hijackloader family Detects HijackLoader (aka IDAT Loader) Network Share Discovery Drops desktop.ini file(s) Legitimate hosting services abused for malware hosting/C2 Drops file in Windows directory Untrusted Codesign Signers Browser Information Discovery NTFS ADS Suspicious use of AdjustPrivilegeToken Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary Modifies data under HKEY_USERS Suspicious behavior: EnumeratesProcesses Suspicious use of SetWindowsHookEx Checks processor information in registry Enumerates system info in registry Suspicious use of FindShellTrayWindow Suspicious use of WriteProcessMemory Uses Task Scheduler COM API Modifies registry class 10 /10 score Sandbox report https://tria.ge/251121-tcdj9s1lb1/pdf-report.html?c=fb8cd8f 4 of 43 21/11/2025, 17:07 Part 2. MITRE ATT&CK 2 . 1. Enterprise Matrix V16 Discovery TA0007 Browser Information Disco ... T1217 Network Share Discovery T1135 Query Registry T1012 System Information Disco ... T1082 Command and Control TA0011 Web Service T1102 Reconnaissance TA0043 Resource Development TA0042 Initial Access TA0001 Execution TA0002 Persistence TA0003 Privilege Escalation TA0004 Defense Evasion TA0005 Credential Access TA0006 Lateral Movement TA0008 Collection TA0009 Exfiltration TA0010 Impact TA0040 Sandbox report https://tria.ge/251121-tcdj9s1lb1/pdf-report.html?c=fb8cd8f 5 of 43 21/11/2025, 17:07 Part 3. Analysis: static1 3 . 1. Detonation Overview Reported 2025-11-21 15:54 3 . 2. Signatures Untrusted Codesign Signers Description Indicator Process Target N/A N/A N/A N/A Sandbox report https://tria.ge/251121-tcdj9s1lb1/pdf-report.html?c=fb8cd8f 6 of 43 21/11/2025, 17:07 Part 4 Analysis: behavioral1 4 . 1. Detonation Overview Submitted 2025-11-21 15:54 Reported 2025-11-21 16:04 Platform win10v2004-20251016-en Max time kernel 580s Max time network 576s 4 . 2. Command Line "C:\Users\Admin\AppData\Local\Temp\Xeno.exe" 4 . 3. Signatures N/A 4 . 4. Processes C:\Users\Admin\AppData\Local\Temp\Xeno.exe "C:\Users\Admin\AppData\Local\Temp\Xeno.exe" 4 . 5. Network Country Destination Domain Proto US 8.8.8.8:53 c.pki.goog udp FR 216.58.215.35:80 c.pki.goog tcp 4 . 6. Files N/A Sandbox report https://tria.ge/251121-tcdj9s1lb1/pdf-report.html?c=fb8cd8f 7 of 43 21/11/2025, 17:07 Part 5 Analysis: behavioral2 5 . 1. Detonation Overview Submitted 2025-11-21 15:54 Reported 2025-11-21 15:59 Platform win11-20251015-en Max time kernel 270s Max time network 273s 5 . 2. Command Line "C:\Users\Admin\AppData\Local\Temp\Xeno.exe" 5 . 3. Signatures Detects HijackLoader (aka IDAT Loader) Description Indicator Process Target N/A N/A N/A N/A HijackLoader, IDAT loader, Ghostulse, hijackloader loader Hijackloader family hijackloader Drops desktop.ini file(s) Description Indicator Process Target File opened for modification C:\Users\Admin\Documents\desktop.ini C:\Program Files\Mozilla Firefox\firefox.exe N/A File opened for modification C:\Users\Public\desktop.ini C:\Program Files\Mozilla Firefox\firefox.exe N/A File opened for modification C:\Users\Public\Documents\desktop.ini C:\Program Files\Mozilla Firefox\firefox.exe N/A Legitimate hosting services abused for malware hosting/C2 Description Indicator Process Target N/A discord.com N/A N/A N/A discord.com N/A N/A N/A discord.com N/A N/A N/A discord.com N/A N/A N/A discord.com N/A N/A N/A discord.com N/A N/A N/A raw.githubusercontent.com N/A N/A N/A discord.com N/A N/A N/A discord.com N/A N/A N/A discord.com N/A N/A N/A discord.com N/A N/A N/A discord.com N/A N/A N/A raw.githubusercontent.com N/A N/A N/A raw.githubusercontent.com N/A N/A Network Share Discovery discovery Drops file in Windows directory Description Indicator Process Target File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8008 _1265335723\_locales\zu\messages.json C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8008 _1265335723\_locales\nl\messages.json C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8008 _1265335723\_locales\tr\messages.json C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8008 _1265335723\_locales\el\messages.json C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8008 _1265335723\manifest.json C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A Sandbox report https://tria.ge/251121-tcdj9s1lb1/pdf-report.html?c=fb8cd8f 8 of 43 21/11/2025, 17:07 Description Indicator Process Target File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Microsoft\EdgeWebView\Ap plication\132.0.2957.140\msedgewebview2.exe N/A File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8008 _1265335723\_locales\is\messages.json C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8008 _1265335723\_locales\pl\messages.json C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8008 _1265335723\_locales\es_419\messages.json C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8008 _1265335723\_locales\ml\messages.json C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8008 _1265335723\_metadata\verified_contents.json C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8008 _1265335723\_locales\si\messages.json C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8008 _1265335723\_locales\mn\messages.json C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8008 _1265335723\_locales\ta\messages.json C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8008 _1265335723\_locales\ro\messages.json C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8008 _1265335723\_locales\sk\messages.json C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A File created C:\Windows\SystemTemp\msedge_url_fetcher_8008_1851385285 \GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_98_1_0.crx C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8008 _1265335723\_locales\en_US\messages.json C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8008 _1265335723\_locales\my\messages.json C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8008 _1265335723\_locales\id\messages.json C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8008 _1265335723\_locales\bn\messages.json C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8008 _1265335723\_locales\bg\messages.json C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8008 _1265335723\_locales\uk\messages.json C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8008 _1265335723\_locales\fa\messages.json C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8008 _1265335723\_locales\ca\messages.json C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8008 _1265335723\_locales\eu\messages.json C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8008 _1265335723\_locales\en\messages.json C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8008 _1265335723\_locales\ja\messages.json C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8008 _1265335723\_locales\vi\messages.json C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8008 _1265335723\_locales\ar\messages.json C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8008 _1265335723\page_embed_script.js C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8008 _1265335723\_locales\pt_PT\messages.json C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8008 _1265335723\_locales\kk\messages.json C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8008 _1265335723\_locales\da\messages.json C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8008 _1265335723\_locales\lt\messages.json C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8008 _1265335723\_locales\gu\messages.json C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8008 _1265335723\_locales\ms\messages.json C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8008 _1265335723\_locales\et\messages.json C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A Sandbox report https://tria.ge/251121-tcdj9s1lb1/pdf-report.html?c=fb8cd8f 9 of 43 21/11/2025, 17:07 Description Indicator Process Target File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8008 _1265335723\offscreendocument_main.js C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8008 _1265335723\_locales\it\messages.json C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8008 _1265335723\_locales\de\messages.json C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8008 _1265335723\_locales\lv\messages.json C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8008 _1265335723\_locales\fr_CA\messages.json C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8008 _1265335723\_locales\km\messages.json C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8008 _1265335723\_locales\zh_HK\messages.json C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8008 _1265335723\_locales\en_CA\messages.json C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8008 _1265335723\_locales\ko\messages.json C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8008 _1265335723\dasherSettingSchema.json C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8008 _1265335723\128.png C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8008 _1265335723\_locales\fr\messages.json C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8008 _1265335723\_locales\kn\messages.json C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8008 _1265335723\_locales\af\messages.json C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8008 _1265335723\_locales\no\messages.json C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8008 _1265335723\offscreendocument.html C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8008 _1265335723\manifest.fingerprint C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8008 _1265335723\_locales\ur\messages.json C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8008 _1265335723\_locales\hu\messages.json C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8008 _1265335723\_locales\zh_CN\messages.json C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8008 _1265335723\_locales\pa\messages.json C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8008 _1265335723\_locales\cs\messages.json C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8008 _1265335723\_locales\te\messages.json C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8008 _1265335723\_locales\hy\messages.json C:\Program Files (x86)\Microsoft\Edge\Application \msedge.exe N/A Browser Information Discovery discovery Checks processor information in registry Description Indicator Process Target Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\fire fox.exe N/A Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\fire fox.exe N/A Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Up date Revision C:\Program Files\Mozilla Firefox\fire fox.exe N/A Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Ve ndorIdentifier C:\Program Files\Mozilla Firefox\fire fox.exe N/A Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\fire fox.exe N/A Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~M hz C:\Program Files\Mozilla Firefox\fire fox.exe N/A Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\fire fox.exe N/A Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\fire fox.exe N/A Sandbox report https://tria.ge/251121-tcdj9s1lb1/pdf-report.html?c=fb8cd8f 10 of 43 21/11/2025, 17:07 Description Indicator Process Target Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\fire fox.exe N/A Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\fire fox.exe N/A Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\fire fox.exe N/A Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\fire fox.exe N/A Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~M hz C:\Program Files\Mozilla Firefox\fire fox.exe N/A Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~M hz C:\Program Files\Mozilla Firefox\fire fox.exe N/A Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\fire fox.exe N/A Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~M hz C:\Program Files\Mozilla Firefox\fire fox.exe N/A Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~M hz C:\Program Files\Mozilla Firefox\fire fox.exe N/A Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Up date Signature C:\Program Files\Mozilla Firefox\fire fox.exe N/A Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~M hz C:\Program Files\Mozilla Firefox\fire fox.exe N/A Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~M hz C:\Program Files\Mozilla Firefox\fire fox.exe N/A Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\fire fox.exe N/A Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Pr ocessorNameString C:\Program Files\Mozilla Firefox\fire fox.exe N/A Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\fire fox.exe N/A Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\fire fox.exe N/A Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~M hz C:\Program Files\Mozilla Firefox\fire fox.exe N/A Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~M hz C:\Program Files\Mozilla Firefox\fire fox.exe N/A Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\fire fox.exe N/A Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~M hz C:\Program Files\Mozilla Firefox\fire fox.exe N/A Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\fire fox.exe N/A Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~M hz C:\Program Files\Mozilla Firefox\fire fox.exe N/A Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\fire fox.exe N/A Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\fire fox.exe N/A Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~M hz C:\Program Files\Mozilla Firefox\fire fox.exe N/A Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~M hz C:\Program Files\Mozilla Firefox\fire fox.exe N/A Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~M hz C:\Program Files\Mozilla Firefox\fire fox.exe N/A Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~M hz C:\Program Files\Mozilla Firefox\fire fox.exe N/A Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~M hz C:\Program Files\Mozilla Firefox\fire fox.exe N/A Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~M hz C:\Program Files\Mozilla Firefox\fire fox.exe N/A Enumerates system info in registry Description Indicator Process Target Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\Syst em\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\Syst em\BIOS C:\Program Files (x86)\Microsoft\EdgeWebView\Application\13 2.0.2957.140\msedgewebview2.exe N/A Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\Syst em\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeWebView\Application\13 2.0.2957.140\msedgewebview2.exe N/A Sandbox report https://tria.ge/251121-tcdj9s1lb1/pdf-report.html?c=fb8cd8f 11 of 43 21/11/2025, 17:07 Description Indicator Process Target Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\Syst em\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\Syst em\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\Syst em\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\Syst em\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\EdgeWebView\Application\13 2.0.2957.140\msedgewebview2.exe N/A Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\Syst em\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\Syst em\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A Modifies data under HKEY_USERS Description Indicator Process Target Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM \Telemetry C:\Program Files (x86)\Microsoft\Edge\Application\msed ge.exe N/A Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM \Telemetry C:\Program Files (x86)\Microsoft\Edge\Application\msed ge.exe N/A Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM \Telemetry C:\Program Files (x86)\Microsoft\EdgeWebView\Applicat ion\132.0.2957.140\msedgewebview2.exe N/A Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM \Telemetry\TraceTimeLast = "134082143160122068" C:\Program Files (x86)\Microsoft\EdgeWebView\Applicat ion\132.0.2957.140\msedgewebview2.exe N/A Modifies registry class Description Indicator Process Target Key created \REGISTRY\USER\S-1-5-21-3261906842-2611857369-1513979305-1000_Classes\Local Settin gs C:\Program Files\Mozilla Fire fox\firefox.exe N/A Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVe rsion\AppModel\Deployment\Package\*\S-1-5-21-3261906842-2611857369-1513979305-1000 \{DB6C9486-2D91-49B7-84C6-58D6B81BCACE} C:\Program Files (x86)\Micro soft\Edge\Application\msedg e.exe N/A Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d66 8}\Instance\ C:\Program Files (x86)\Micro soft\Edge\Application\msedg e.exe N/A Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVe rsion\AppModel\Deployment\Package\*\S-1-5-21-3261906842-2611857369-1513979305-1000 \{02B15D98-4F4D-4592-A324-73C8E8F3760D} C:\Program Files (x86)\Micro soft\Edge\Application\msedg e.exe N/A Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d66 8}\Instance\ C:\Program Files (x86)\Micro soft\Edge\Application\msedg e.exe N/A Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVe rsion\AppModel\Deployment\Package\*\S-1-5-21-3261906842-2611857369-1513979305-1000 \{B03F0757-F5BB-4DFF-8FC0-95331CA5119A} C:\Program Files (x86)\Micro soft\Edge\Application\msedg e.exe N/A NTFS ADS Description Indicator Process Target File created C:\Users\Admin\Downloads\Xeno-v1.3.0a.zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A Suspicious behavior: EnumeratesProcesses Description Indicator Process Target N/A N/A C:\Users\Admin\Downloads\Xeno-v1.3.0a\Xeno-v1.3.0a\Xeno.exe N/A N/A N/A C:\Users\Admin\Downloads\Xeno-v1.3.0a\Xeno-v1.3.0a\Xeno.exe N/A N/A N/A C:\Users\Admin\Downloads\Xeno-v1.3.0a\Xeno-v1.3.0a\Xeno.exe N/A N/A N/A C:\Users\Admin\Downloads\Xeno-v1.3.0a\Xeno-v1.3.0a\Xeno.exe N/A Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary Description Indicator Process Target N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe N/A Suspicious use of AdjustPrivilegeToken Description Indicator Process Target Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A Sandbox report https://tria.ge/251121-tcdj9s1lb1/pdf-report.html?c=fb8cd8f 12 of 43 21/11/2025, 17:07 Description Indicator Process Target Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Xeno-v1.3.0a\Xeno-v1.3.0a\Xeno.exe N/A Suspicious use of FindShellTrayWindow Description Indicator Process Target N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A Suspicious use of SetWindowsHookEx Description Indicator Process Target N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A Sandbox report https://tria.ge/251121-tcdj9s1lb1/pdf-report.html?c=fb8cd8f 13 of 43 21/11/2025, 17:07 Description Indicator Process Target N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A Suspicious use of WriteProcessMemory Description Indicator Process Target PID 892 wrote to memory of 5312 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe PID 892 wrote to memory of 5312 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe PID 892 wrote to memory of 5312 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe PID 892 wrote to memory of 5312 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe PID 892 wrote to memory of 5312 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe PID 892 wrote to memory of 5312 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe PID 892 wrote to memory of 5312 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe PID 892 wrote to memory of 5312 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe PID 892 wrote to memory of 5312 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe PID 892 wrote to memory of 5312 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe PID 892 wrote to memory of 5312 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe PID 5312 wrote to memory of 2264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe PID 5312 wrote to memory of 2264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe PID 5312 wrote to memory of 2264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe PID 5312 wrote to memory of 2264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe PID 5312 wrote to memory of 2264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe PID 5312 wrote to memory of 2264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe PID 5312 wrote to memory of 2264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe PID 5312 wrote to memory of 2264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe PID 5312 wrote to memory of 2264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe PID 5312 wrote to memory of 2264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe PID 5312 wrote to memory of 2264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe PID 5312 wrote to memory of 2264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe PID 5312 wrote to memory of 2264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe PID 5312 wrote to memory of 2264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe PID 5312 wrote to memory of 2264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe PID 5312 wrote to memory of 2264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe PID 5312 wrote to memory of 2264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe PID 5312 wrote to memory of 2264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe PID 5312 wrote to memory of 2264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe PID 5312 wrote to memory of 2264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe PID 5312 wrote to memory of 2264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe PID 5312 wrote to memory of 2264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe PID 5312 wrote to memory of 2264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe PID 5312 wrote to memory of 2264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe PID 5312 wrote to memory of 2264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe PID 5312 wrote to memory of 2264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe PID 5312 wrote to memory of 2264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe PID 5312 wrote to memory of 2264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe PID 5312 wrote to memory of 2264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe PID 5312 wrote to memory of 2264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe PID 5312 wrote to memory of 2264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe PID 5312 wrote to memory of 2264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe PID 5312 wrote to memory of 2264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe PID 5312 wrote to memory of 2264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe PID 5312 wrote to memory of 2264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe PID 5312 wrote to memory of 2264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe PID 5312 wrote to memory of 2264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe PID 5312 wrote to memory of 2264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe PID 5312 wrote to memory of 2264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe PID 5312 wrote to memory of 2264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe PID 5312 wrote to memory of 2264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe PID 5312 wrote to memory of 2264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe PID 5312 wrote to memory of 2264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe PID 5312 wrote to memory of 2264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe PID 5312 wrote to memory of 2264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe PID 5312 wrote to memory of 4992 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe Sandbox report https://tria.ge/251121-tcdj9s1lb1/pdf-report.html?c=fb8cd8f 14 of 43 21/11/2025, 17:07 Description Indicator Process Target PID 5312 wrote to memory of 4992 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe PID 5312 wrote to memory of 4992 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe PID 5312 wrote to memory of 4992 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe PID 5312 wrote to memory of 4992 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe PID 5312 wrote to memory of 4992 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe PID 5312 wrote to memory of 4992 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe PID 5312 wrote to memory of 4992 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe Uses Task Scheduler COM API persistence 5 . 4. Processes C:\Users\Admin\AppData\Local\Temp\Xeno.exe "C:\Users\Admin\AppData\Local\Temp\Xeno.exe" C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 1976 -prefsLen 27097 -prefMapHandle 1980 - prefMapSize 270279 -ipcHandle 2064 -initialChannelId {ab14500e-b99c-448d-b322-0755deaaab64} -parentPid 5312 -crashReporter "\\.\pipe\gecko-crash- server-pipe.5312" -appDir "C:\Program Files\Mozilla Firefox\browser" - 1 gpu C:\Program Files\Mozilla Firefox\f