Malware Analysis Report

2024-12-01 01:31

Sample ID 241110-bsbfqswgla
Target Xeno-v1.0.9-x64-New.zip
SHA256 d4494d6239ab355a31308234f5c4508c6b31cb2e89e0636101de41bd60d544fb
Tags
discovery execution
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

d4494d6239ab355a31308234f5c4508c6b31cb2e89e0636101de41bd60d544fb

Threat Level: Shows suspicious behavior

The file Xeno-v1.0.9-x64-New.zip was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery execution

Legitimate hosting services abused for malware hosting/C2

Embeds OpenSSL

System Location Discovery: System Language Discovery

Command and Scripting Interpreter: JavaScript

Unsigned PE

Browser Information Discovery

System Time Discovery

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-10 01:24

Signatures

Embeds OpenSSL

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-10 01:23

Reported

2024-11-10 01:26

Platform

win7-20240729-en

Max time kernel

15s

Max time network

18s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\Microsoft.Web.WebView2.WinForms.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\Microsoft.Web.WebView2.WinForms.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-11-10 01:23

Reported

2024-11-10 01:26

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

152s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\Microsoft.Web.WebView2.Wpf.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\Microsoft.Web.WebView2.Wpf.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 72.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 9.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-11-10 01:23

Reported

2024-11-10 01:26

Platform

win7-20241010-en

Max time kernel

117s

Max time network

120s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\Xeno.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\Xeno.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-11-10 01:23

Reported

2024-11-10 01:26

Platform

win10v2004-20241007-en

Max time kernel

148s

Max time network

152s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\bin\Monaco\index.html

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 428 wrote to memory of 4840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 4840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 428 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\bin\Monaco\index.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd8ec646f8,0x7ffd8ec64708,0x7ffd8ec64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,4372061168284824377,4505900301718657832,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2232,4372061168284824377,4505900301718657832,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2232,4372061168284824377,4505900301718657832,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,4372061168284824377,4505900301718657832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,4372061168284824377,4505900301718657832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,4372061168284824377,4505900301718657832,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,4372061168284824377,4505900301718657832,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,4372061168284824377,4505900301718657832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,4372061168284824377,4505900301718657832,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,4372061168284824377,4505900301718657832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,4372061168284824377,4505900301718657832,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,4372061168284824377,4505900301718657832,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5492 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 252.15.104.51.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 36988ca14952e1848e81a959880ea217
SHA1 a0482ef725657760502c2d1a5abe0bb37aebaadb
SHA256 d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6
SHA512 d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

\??\pipe\LOCAL\crashpad_428_VNFKDZTHOMQKRJGF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 fab8d8d865e33fe195732aa7dcb91c30
SHA1 2637e832f38acc70af3e511f5eba80fbd7461f2c
SHA256 1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea
SHA512 39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3da5e69bd1bf21ea803eabbffdd11c51
SHA1 604d71114bc726cfb8abb0be2ce0c7d283f3d119
SHA256 8fb6cd575d34e90066eac25fe497305eaa12e208b758b1e9324ed44bca32b7c0
SHA512 fab5a2c41e80f10dc6aca0056ca3fa0de3c8c85faa04ad738acfdbf992c586cdab485418744f373c72ff64e667bca1fbc814a78c56bb1fd9527ac9826936ebdc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c7f504e5c29c0dad365379c2a26da0a4
SHA1 7a0a8c5ecd1aba7b1222c1d10eb103ee2dfe7583
SHA256 b6c596b238470a53ef36a9d07b73770bb0e8c97b8499439dfd8d10e0c8eafcfe
SHA512 a498a99de0a77b0b2110a77f08601aa94d923e41b8808ad0d0864f653c6ed0b309872680ef370a4bd778287e0b950b6cdb5b5d43b877fe21185dd9529148431c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e238d4f042fc8bda04be205118c3d896
SHA1 29d8c689c349cc14070c27099079e7ef655f3c82
SHA256 5e367125c4d7c1bfb087ed8a1b72933a4f6aefc467c70149933e50858994c3fc
SHA512 40eaada84322be44e17b8c7bfd5fdce4db0418ee0bebf57ceec31cb635dafce21d1bac103ef4ff4dc1cc62423d0abcfc7cddcf73d37f699a37e41a3ee074d911

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 62fc8758c85fb0d08cd24eeddafeda2c
SHA1 320fc202790b0ca6f65ff67e9397440c7d97eb20
SHA256 ee0d15dce841e092ad1a2d4346a612410f8f950fdb019bc7b768f6346f2b5248
SHA512 ca97e615bdcac137a936c10104a702e1529ed3470828f2c3a2f783345ebbef04cac8c051df636c714151671efea53a9b8912b6b0d0b5eafdac5fae1dfdc8f85d

Analysis: behavioral21

Detonation Overview

Submitted

2024-11-10 01:23

Reported

2024-11-10 01:26

Platform

win7-20240903-en

Max time kernel

122s

Max time network

126s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\bin\Monaco\vs\editor\editor.main.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\bin\Monaco\vs\editor\editor.main.js

Network

N/A

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2024-11-10 01:23

Reported

2024-11-10 01:26

Platform

win10v2004-20241007-en

Max time kernel

94s

Max time network

149s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\bin\Monaco\vs\editor\editor.main.nls.es.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\bin\Monaco\vs\editor\editor.main.nls.es.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2024-11-10 01:23

Reported

2024-11-10 01:26

Platform

win10v2004-20241007-en

Max time kernel

95s

Max time network

142s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\bin\Monaco\vs\editor\editor.main.nls.fr.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\bin\Monaco\vs\editor\editor.main.nls.fr.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-10 01:23

Reported

2024-11-10 01:26

Platform

win7-20240903-en

Max time kernel

121s

Max time network

122s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\Microsoft.Web.WebView2.Core.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\Microsoft.Web.WebView2.Core.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-11-10 01:23

Reported

2024-11-10 01:26

Platform

win10v2004-20241007-en

Max time kernel

148s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\XenoUI.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\XenoUI.exe

"C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\XenoUI.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp

Files

memory/2592-0-0x00007FFB495A3000-0x00007FFB495A5000-memory.dmp

memory/2592-1-0x000001721BFB0000-0x000001721BFC6000-memory.dmp

Analysis: behavioral18

Detonation Overview

Submitted

2024-11-10 01:23

Reported

2024-11-10 01:26

Platform

win10v2004-20241007-en

Max time kernel

148s

Max time network

152s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\bin\Monaco\vs\base\worker\workerMain.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\bin\Monaco\vs\base\worker\workerMain.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2024-11-10 01:23

Reported

2024-11-10 01:26

Platform

win10v2004-20241007-en

Max time kernel

94s

Max time network

150s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\bin\Monaco\vs\editor\editor.main.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\bin\Monaco\vs\editor\editor.main.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2024-11-10 01:23

Reported

2024-11-10 01:26

Platform

win7-20240903-en

Max time kernel

122s

Max time network

123s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\bin\Monaco\vs\editor\editor.main.nls.de.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\bin\Monaco\vs\editor\editor.main.nls.de.js

Network

N/A

Files

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2024-11-10 01:23

Reported

2024-11-10 01:26

Platform

win7-20241010-en

Max time kernel

120s

Max time network

126s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\bin\Monaco\vs\editor\editor.main.nls.it.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\bin\Monaco\vs\editor\editor.main.nls.it.js

Network

N/A

Files

N/A

Analysis: behavioral30

Detonation Overview

Submitted

2024-11-10 01:23

Reported

2024-11-10 01:26

Platform

win10v2004-20241007-en

Max time kernel

92s

Max time network

143s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\bin\Monaco\vs\editor\editor.main.nls.it.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\bin\Monaco\vs\editor\editor.main.nls.it.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-10 01:23

Reported

2024-11-10 01:26

Platform

win10v2004-20241007-en

Max time kernel

95s

Max time network

146s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\Microsoft.Web.WebView2.Core.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\Microsoft.Web.WebView2.Core.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-11-10 01:23

Reported

2024-11-10 01:26

Platform

win7-20241023-en

Max time kernel

122s

Max time network

125s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\Xeno.exe"

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

System Time Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{83776E41-9F02-11EF-9841-C6E03328980A} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a907cc1344750743988d8bab481dbfbf000000000200000000001066000000010000200000005fa8fb9b3d1e2aa6977cc015bb3aa688fa25133cc8026f25302d83befd31e033000000000e8000000002000020000000b77b3bd9b8e3138a55bf45369e389de9b8a0b472becf3daa2c3041d35a0e59e120000000edfcfa139d03d17a5102f2ef4eb70932d4d8cbf2480190e56941cffcdceb001a40000000caf3dd573b07a40282821d4f57b54fa9aeef6f563179b681e13fa6e35333eec7b77952508029341df09d01b23ca80ea1458c86419b49143f39593def28812ab9 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60f36d5b0f33db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a907cc1344750743988d8bab481dbfbf00000000020000000000106600000001000020000000603cf6ae8f5a7e583bec3c959d2dbb441339e43661d7307160b8ea8d35addecf000000000e8000000002000020000000243aa493e43fdf2b9987d2ce85ea25cb4ced28c95cfbdcb0b7bcc8d943b8533d9000000046d37392cceb7de9330370b08c399e26baf2d3090906d67a814970c5a88fe7a9d0e69ce196ade0e9c396dbcdb8923f1f8e489d5094a01e10bcf3631cf0b63ee2b88a3cdc60e63c53a753babe260fcf56fd7643906fdea66b7cac854ae07cc7c30e4a8b69e8f7cf1127d4110afc885b5c20f8671039c5f67b744f293edbe1256ed5ae1d274c99dc4bdce1cfe5c2fbf6ac40000000cd57efd370e0cb2ebf32d08c8cb69b944c38ec2a9b6b5d1d4c0b4873d23adb5b5d05561de8ff8a01bd8170d29c90d8ceb3b620d74bdb6674751c7853b7a355de C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1040 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\Xeno.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1040 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\Xeno.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1040 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\Xeno.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2572 wrote to memory of 2552 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2572 wrote to memory of 2552 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2572 wrote to memory of 2552 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2572 wrote to memory of 2552 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2572 wrote to memory of 556 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2572 wrote to memory of 556 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2572 wrote to memory of 556 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2572 wrote to memory of 556 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\Xeno.exe

"C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\Xeno.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win-x64&os=win7&apphost_version=8.0.8&gui=true

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2572 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2572 CREDAT:668678 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 aka.ms udp
US 8.8.8.8:53 aka.ms udp
IT 2.22.34.124:443 aka.ms tcp
IT 2.22.34.124:443 aka.ms tcp
IT 2.22.34.124:443 aka.ms tcp

Files

memory/1040-0-0x00000000002E0000-0x00000000002E1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\CabEE18.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarEED9.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a2c7bf6c3549145c7d3ba3f8b4dc8461
SHA1 4ff4d35523aa2a8af4aa36f8be268019edd96480
SHA256 90b4a5c9dcb6842e7baca09fb4e7ba63ef486f6d06242c41c82f5ed4d0e2fa94
SHA512 963848f836808bc039c2a2375e42e2a74331c53d648a53fc65d5245764d4ab4f24876b001b59a8f8c660e7386d4003941c76b5f2743e8cc3563c6c6c4491545a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d6d43cc833da881f726ff096102549a7
SHA1 b0cc3124da54eea4e01a77eb41e10068601c4a5a
SHA256 4917ff026c4e7af7056d501239e9727a96bfd296430ac003b0aa5aea6505d9c1
SHA512 482cde775f5fe496e80a8c63cfc272c11b164819baf2b7a42b3adace0e9c6202c426b675a43759aa179296b673b4c3fd192d742f9ea638501d4f77008b2b7563

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5a0fbc0d86713b2271cfb89e9c896b04
SHA1 67e652174f3903ef304e713664b04a4b8a3e946b
SHA256 d458258335917c3888fc6551232686d5f2c784842c36a0414a074b8b04e64459
SHA512 f2160b8fa7bd04afaa278c2abf80629472547badc2a6347a9ba8c7d95c5416bfcb94828052705dda4ae9caa246607d1df720a9419a0fb5629d9a122b2cb5346a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c5030f32b9e3e8d0abdc26fc93bdc61d
SHA1 04e7dbf96e765ddeeedc394d52ecc41b2a8fbc87
SHA256 92ef7b58c107addcdf6ec6e2dc689e3ff9921885db4da7378eb66515b4404ed6
SHA512 674122fdc919a7641269223f86a79f9ecdfda1bc0ffffda0c8d77e778a79c9d4441e7b9456859480be44121e1b2f1978305d49e9ae12f9d6872c1865858d9ca8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1c4f05b5f12e250ae903a1d4b4a86799
SHA1 077e99bf38554894bc81b1a2fdb446cb2a6a97d0
SHA256 00388644ffc797e5b23201f383bdaa5cb8b1401fa03ac6ca818a0be0db243233
SHA512 917758d94e5837e0b0240d7dc8c8dc2f5ee5437e2bcbfe0feb82fb3a3ebb61a440d37ea4daf143abcdd4ae7414b26d6dccd6bf456f27761f52f7994ba32bb168

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8b0c4f1891d74394bed66198491c6d18
SHA1 7647433504b05fab7f70e9f4d71358cf26655d76
SHA256 0d0ddd5e22600eba9f236188db4dcb41d7acc2aa701054df83faec9ef5bf8ec4
SHA512 aa77f9d50165f99e600bca34ef7b9e7dbaeaa8fe88182e500a1bc6fa04fb5646dd5cca73062c3586ecb1413169d7c6624e5be8f58aaa4e38f8a316787710cfac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 577471f49f9a4ca6409f7cbf326a46a2
SHA1 0dd92ec880fbf1cd404c354de578c8650663fc0e
SHA256 2c8339449c4e609c819314f9f042320abe01df6503c0f2d7932d3dd41028fc77
SHA512 7d76ce4e634b0db42325b6f0cbecb6a58e5404b639d46c27bfa409930fbf958ce25bc81f5aeaa3e47e50ec12e773f1624f534170016b9448c59804e0b1df4a61

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7a85d5f27e43ed9d627dba190c6db10b
SHA1 57e59cbb1e510bac4a5dc2db47a51f8a8c4f7763
SHA256 043b1702e6cc3490dc0bd1bd563a1844f39f66336ad0a0de22a5dd45074b45e9
SHA512 7c470de4913c39b4f28ef647aa50d92bb9b197c91f701be23ab0cc9d2178bbd05c353122e9d56abfa99764f8950792cce9f4a947d423d7c71f2cbb6d08406180

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4b638f1984ed325c24994916ecd92f4c
SHA1 d0e33039116cdc1f8490748042ae223cdb049c3a
SHA256 18248b9ba44547a14b1f2a0d7d7ed4e9c75e06da8d59247dcfd3355cc8aec6ac
SHA512 162f77bbb70de44c2c4a98e70cafcb5946ef1bb73674b66445c40755ded3e14eebf921ac54efc97bdb18957e3932c53039e1c94be9dadee08decc1b2b32e027d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 54dc979b32072136a172d0e0c4d36044
SHA1 4bd63c9b89524f4bcb90e91cb6dabe4761e24971
SHA256 0053b3c68c918745d14f0d9ba71df51f0adc387e843ad0dc138b792bb2b97e36
SHA512 68dc25c8b1bc6548f79c899ccb29c59319a6d9e4e43dd430aae814c012bcad94c3fa719438f3b8afea29729e5c3540f89a7bccdae196710fc873101bc0b3098f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e3d6ac467632f5f3d6ce0ecc3dc78203
SHA1 e01f4113efa8e6684b8026cdff283d3f94b86e4e
SHA256 a5b3c77b2c9fcda51f8168f6c1951f0254004d8e9e562ecd2732c49ae80329c7
SHA512 eba42b91623f7393d72a8f262cc2afa75018850cf301b145315ff803262d563d6fd25553c2a69a551827076f0471959820404535a3dc02c626a64e7ce371b064

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 39354d2b81504ed87b1b6b055f071728
SHA1 4eb4c31bdbe2cf408679f6a726c127d2a060a989
SHA256 dd5b07544b590cbc03544a5dd88581b5f06b9fa52afd45a57261d4ca2131fa85
SHA512 28e61b576da12751854a25d40a3def5c462fe6eb74afb22d6eee6722b05cbfcffc8212e02446e87754934ce00d613f999baff43f5c93e358b55690568ea7e194

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 02da64b3d1dfece2807aec1a8971a39b
SHA1 92d60651a2574b3d5e885156667f0e08adb6d7a8
SHA256 e55ddb1562b048c616b453429a7754b4293bee359600510d4ee97ed42816faaa
SHA512 8ea3e6f778b8443a304590f8069e73cc97dcbfaf333f956ed389ff902989daaa7ebc7665638ecf09b965313c08cd5e06838385e97be6989f486c53485ff4d38f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b5fa13c2df3e50b02d9fdc18ef6f3879
SHA1 9b0e09e2d934a0a37090b6b06167355debd3a8cb
SHA256 c2c74fa40e53a737088dacac582b27fee4bc156b1c87bbbe169ff121cc06956e
SHA512 9dc604875f9acb8b97555224e05f2a362d00285a0da68edf7a8af6c6227f4f763f81cfe5df3852fe8b8a33e98c66eda20d8a01fc6cb8462b42b1d8ff66cc9ebc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 962745b1d8a6e176148a379c8c2513a4
SHA1 864fa758cf63beeb6ac09fb64de79e0e4ce1d9eb
SHA256 c93a58921e11881f8d7e21092466d3e9723a127d0059afbab2e59b6f9a62060b
SHA512 005836a2203ff9c095729718fb5b332cfa00cbadf2082a98d3a6ad91ec525dabfcb87f56b9a70258a4acc3f0aa14629276c13d9fdfd72e738f9cafaf09638440

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 58c63f3b7f71952db2823dd5ca0a0cdf
SHA1 eb3b1a435e316e1e326e9b8bb36e8f19e7b42454
SHA256 51177b9337b0b11baaa7723b4202c634d2600453ecb398925573978204d98b1c
SHA512 ad499b72caef4ffd30d701046a4166af3b5e4980ab50881c64f5eb46a87334cc9f0cae2e6169becd3f825ffe34e03e5b2db0f35cff7c8932c2c59823f80cc1f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 82ce977d455579b4958946014cf5583c
SHA1 58223c79770fe3a93eeb160c2ea7044ba694d41a
SHA256 b125541a8eba76c414a14c6f22b0d0e7b27add1f7792f376ad54cf6f805a6e91
SHA512 e14b8192eab07aaf1ee532e995dfa353c1dcb5b1965d0a62e1aaff4c5109a79c38b9c6b74de91e0e0246bdb5218e85bb0379486b191edae1631a5fdedde752c4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 962c4798124b8c8e0e17bdc1fb400a8b
SHA1 1c535de9a32258449a91ba14c839735e4b1fe5ed
SHA256 5a1474a51a768766966a54375a3da2e4a0f9b224daf85054e5d72510475f23a9
SHA512 f65dddbc56fcae358fd7a8e3c94648c341d573c25bffa9730b29a132e4fcf7932536be95b166593a40bb4deb35d20a69579b256c3ea4bfeb05f2dfeeedecfdaf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 03b47c534245055d8efd504ef1f06119
SHA1 cc489db208c3f1d273950a691ec6707f2bafd268
SHA256 6e61694acecf4c5c323a4d7c118eb1b69882f2a407426356d214f077338e9470
SHA512 a23c067b45863851f94040d6a4daf010b3704f7633d61021c25ae2dd29e1e4514d41bb4030c841bae1a5c7500dd6ea12623b94107452ce161254779c65bb07d8

Analysis: behavioral20

Detonation Overview

Submitted

2024-11-10 01:23

Reported

2024-11-10 01:26

Platform

win10v2004-20241007-en

Max time kernel

92s

Max time network

140s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\bin\Monaco\vs\basic-languages\lua\lua.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\bin\Monaco\vs\basic-languages\lua\lua.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2024-11-10 01:23

Reported

2024-11-10 01:26

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

153s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\bin\Monaco\vs\editor\editor.main.nls.de.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\bin\Monaco\vs\editor\editor.main.nls.de.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 13.179.89.13.in-addr.arpa udp

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2024-11-10 01:23

Reported

2024-11-10 01:26

Platform

win7-20240903-en

Max time kernel

122s

Max time network

123s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\bin\Monaco\vs\editor\editor.main.nls.ja.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\bin\Monaco\vs\editor\editor.main.nls.ja.js

Network

N/A

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2024-11-10 01:23

Reported

2024-11-10 01:26

Platform

win7-20240903-en

Max time kernel

121s

Max time network

126s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\bin\Monaco\vs\editor\editor.main.nls.es.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\bin\Monaco\vs\editor\editor.main.nls.es.js

Network

N/A

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2024-11-10 01:23

Reported

2024-11-10 01:26

Platform

win10v2004-20241007-en

Max time kernel

95s

Max time network

142s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\bin\Monaco\vs\editor\editor.main.nls.ja.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\bin\Monaco\vs\editor\editor.main.nls.ja.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 71.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-11-10 01:23

Reported

2024-11-10 01:26

Platform

win10v2004-20241007-en

Max time kernel

148s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\Xeno.exe"

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\Xeno.exe

"C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\Xeno.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-11-10 01:23

Reported

2024-11-10 01:26

Platform

win7-20241010-en

Max time kernel

14s

Max time network

20s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\bin\Monaco\vs\base\worker\workerMain.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\bin\Monaco\vs\base\worker\workerMain.js

Network

N/A

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2024-11-10 01:23

Reported

2024-11-10 01:26

Platform

win7-20241023-en

Max time kernel

118s

Max time network

120s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\bin\Monaco\vs\editor\editor.main.nls.fr.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\bin\Monaco\vs\editor\editor.main.nls.fr.js

Network

N/A

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-11-10 01:23

Reported

2024-11-10 01:26

Platform

win7-20240903-en

Max time kernel

118s

Max time network

123s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\Newtonsoft.Json.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\Newtonsoft.Json.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2024-11-10 01:23

Reported

2024-11-10 01:26

Platform

win7-20240729-en

Max time kernel

15s

Max time network

18s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\bin\Monaco\vs\basic-languages\lua\lua.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\bin\Monaco\vs\basic-languages\lua\lua.js

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-11-10 01:23

Reported

2024-11-10 01:26

Platform

win10v2004-20241007-en

Max time kernel

148s

Max time network

151s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\Microsoft.Web.WebView2.WinForms.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\Microsoft.Web.WebView2.WinForms.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-11-10 01:23

Reported

2024-11-10 01:26

Platform

win7-20240708-en

Max time kernel

119s

Max time network

120s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\Microsoft.Web.WebView2.Wpf.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\Microsoft.Web.WebView2.Wpf.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-11-10 01:23

Reported

2024-11-10 01:26

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

151s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\Newtonsoft.Json.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\Newtonsoft.Json.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-11-10 01:23

Reported

2024-11-10 01:26

Platform

win10v2004-20241007-en

Max time kernel

93s

Max time network

135s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\Xeno.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\Xeno.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 105.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-11-10 01:23

Reported

2024-11-10 01:26

Platform

win7-20240903-en

Max time kernel

121s

Max time network

125s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\XenoUI.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\XenoUI.exe

"C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\XenoUI.exe"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 2900 -s 504

Network

N/A

Files

memory/2900-0-0x000007FEF56D3000-0x000007FEF56D4000-memory.dmp

memory/2900-1-0x000000013F020000-0x000000013F036000-memory.dmp

Analysis: behavioral15

Detonation Overview

Submitted

2024-11-10 01:23

Reported

2024-11-10 01:26

Platform

win7-20240729-en

Max time kernel

132s

Max time network

129s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\bin\Monaco\index.html

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7F3CE171-9F02-11EF-8A1D-72B582744574} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "437363722" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007583ab4f7a5ccf46bca16dd6fb1465670000000002000000000010660000000100002000000065f6cc5ae6392b74a09a67109cc21b5d3e5fe04647643c52960405c013007cb3000000000e800000000200002000000085d950d8e0137d001bbda684c2241c37d5398b6d6738b236992d42db5a211cee200000008f12a11dcd0c35a5084e87731382b8163a9c250805c809800fece20ab164c566400000006a44a30c1cbf1d7e65654d5a19dca245159544cc5952150da4a50b42c1770d3e4a823cc8e5b61cce20092e0f1d4171fcfa3a9b0767c35dad63c074e13978372b C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007583ab4f7a5ccf46bca16dd6fb1465670000000002000000000010660000000100002000000057d97e14cd0ff2ffc0e27e13cad8c7a09e2a5c74d82a264ed7a6033a321411a3000000000e8000000002000020000000386eba7450a1fb824ae532f47775884059664d8a00c072b918238aa62db7cbce90000000a5b023c7f0b747cb4fe9374b28c9bab13d9f03c0f165ee1337b413bc2bc17dc674604a84fd36c03315de99eccbefa97ab360da403a77a9a4922eba9714b63053dcd64b467b9d694ba650100a0cb63b8ebf73eba35463b99a6a76c27b0e656d210682a0381d7048662409c61928cde157637ae773cf3380f6bdfe6ccd8b91acce03ce19b924ec347bbbf0fd48c13f65164000000067885608cd3c52bf7b17984cb8e862eb15a436a8183c88874b4225e6280026d22d22826e79fccbd52ee925cb787a25cff6bdfcda7b22bad1e705af2e51878cba C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0e2b3550f33db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.9-x64-New\bin\Monaco\index.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1976 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabD00D.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarD08D.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 085f7eb9dbb0e8d2818e84f93e5298ea
SHA1 cc9b1fc2bacc6b8e915eb68d12acecea1b7b8aea
SHA256 8d5b7135138b7c2663cebe0b50e6194555cf137f3fb8b82c5fb232998368b97d
SHA512 924f310d30470fa4cf3ee4a85fa6609cdfd22404b2da650f3a17aaf8ffdcb9259d216b23c01c8294500eb326089b07d47b6cde74f65f4f63376afc611022310d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 25de96994de4c64445a1c9b10ed31605
SHA1 07b14f985cbb7a0b62a7f7898d105cc59574391b
SHA256 4b4b8150254ab870ead859048ac5c90b1e78c17960c1dbf05078e0fcbc18bba1
SHA512 c387e562b1bd3b636f8dddf19e5713f0a147e4a3e9dbd709c768d758c84371e70d8b03c9f7d72ace9f1cf298f6560e1ab32d2fa46ace592c7cf9cea4357ecc0c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1e2a32b87c9f4499560385d588cd2221
SHA1 f0f929b92f8658fdaa54dcc904e4b3a61beb67b7
SHA256 d97978ce67864ec569313494aa36d8dfdcfd2a7794db4e2fff425f18f959c039
SHA512 5c6b33a90b9440c836b1624054d747c3d0ed5ceb06b69ec7eb5fbb2af1f2c7cf4aacc22740f46ff6a5ecf60b9257cfa04357daf02de9d4b20b3b59a85c611abc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 78d30daee01ff17e684dc775e166774d
SHA1 fe7e5eee9a8b7bd83879d3327bb924f3cde19a3e
SHA256 4d9102da1d5fce75713689a25ca802ed64c6b8cc28a2d811ba58537cbfcf1534
SHA512 2bc5ccdd65ce9e3eef9f5c252b55fe8b9f642a6de38fbc92d86324d288a16645df403f71a44c964c3a2e884ce127f4acab677e38159ce61f5bef1c82cede89ee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e77853dde224588b345754b28dadaf67
SHA1 9f418188ef27c84759ea97927b213dec7375e2ec
SHA256 ca40cf212384bd9a814390ac392f9a4f2fc2dff0a502d57807e0ca1e8add9b7e
SHA512 36250f26caa580d9c84bf3e1d6279f13a393c90c9e1243be84fea6fd11b87ca6c7a5bab84c2d5022933023bd2d7c1a8460238cababd9d0d1d8c7e6a1f566dd11

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 27753a01c8f456cc99f8ee8bb8fde35d
SHA1 f8e877bf816fa0cca69282b4b219bda3acfa1553
SHA256 3f0f1a162358ea76255fbc6d18efb4a5b829220a49580a0c9325f68155aeff2d
SHA512 7259c0fbdf43020e79d49512a0ca312bef90b39b88136a1f0b7a21043cfb0b089fcd4da3795bc43edfd0b30eca2e0b28d9ee70e09c28f8ee4ccfc57460d8c544

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d2a3fbe91a24cec72b92f011637098e7
SHA1 0dcf1d1e0fd6bf11c3d02b526f81301d74604720
SHA256 3476a104cfad996d45d3129f048c0bac7932ea440af40fae1470f6185caa6fa7
SHA512 5345afd527b103779f8ef74ae43a908253074bba3113dd9ae090441f769eb7e2f18b6a030203e3f73e89ef9857d1dc7b691804ed9d1d489f511c2937cd096e59

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6260feab37367101904e6ac29a56a1a4
SHA1 d653de99cb24d9c576c6640021eb576ba53755fe
SHA256 023bbf8b55c657b41704c7a548c02136a543c09f96cc67ec32fe32575a0eb676
SHA512 06c962778b362ec89ff59f95b1195fad0bacce8381e20b98ab9a1a70558d8adb9f5f8245f57cf236f97a5c57dd7b0782dd34a469fd9c6afe190e93aa4d104ec9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cf181277e2db7e2ff5daf2b05388b836
SHA1 c0c1d2446a54f362b7ba5813f0a0234bfeaf7f84
SHA256 3fbe64fc933f3869109984bc440650ca002588d5f983a8b1625c20304adc07fb
SHA512 c4332c3337ba367585fa7dd02b468736cdce1c2f8b66009640353b59e8fc04136444375e964cce5755a8ec287f74b9547134f23e1f26dd7678052a883c165970

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 db504af1883bd78d1b258d839d20d763
SHA1 ad4a963e011d3bbff43b01d6a4eb12619316da00
SHA256 842ad21b20f0e524ce3a0ac488641758d098de3cb7a9b9b317a86bc5fb4899d7
SHA512 ccbedd78dd16ccaab01bbef54e2b97f202f015e50987e66df8acb57736ca6e58a063dea0d4b1289d57fc5dee316238ed4bd9565c891c38dd5f84bc46a96b2892

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a547897ff38e62e0ddab3c034e3ad275
SHA1 3526648e45cbed4f6c80fa712fc3ab6459e4c1ea
SHA256 4da2ed9199beb30b09518f1d81d37a14c0660613ddfc164bae953c898745716e
SHA512 24becd169cb150b3c48b7d9efdf4a143b78e3d93e2fc62272c2c5ea9cc2620c4e77e5f99264c1d08d417a0cdccd0d5c251ef9deacc689a1124d582098edf9d0f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ac9dbd565af03d0147d55e4903bc1195
SHA1 6df6eb28a27b3677ce3bd3cf6c48780c781cf504
SHA256 410bbfb9ce5283d0e60f74b82bce9d23615534627bd217e520be8be265480a49
SHA512 bea8a07fedeb6bcfae39bc66bda49ac52d9f07ee9d12971f88058d3b0a6ff262f22efd272122880d6ff5ba9be29390620d9261b4d05551f0264ace6a63d6edc4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2dfe15bfa47b27ec0496a157c1bd7a7d
SHA1 299680355d0a5be7cbe7ec8fb735fe750ff899d6
SHA256 02edf9fb282143d3f73d1812818b45ca3a7d7cf692d839b1b02a4b67b277dbc0
SHA512 2db5b6116f3b91dc1d75c21b02901a800af8b2d112d119bbbb1bb50ea0b308a29d55ae510a4579215af11ebcc6d28e3af75b6443adf217e7ec7d80353a7d7b17

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f84319188595fbc5db48236638afee7b
SHA1 cb26072b1f6d2d70ab6333b475fb15b5d8faa368
SHA256 6358f98024fd697448720b7d81abe3549bff8df6da6b71597a8327057cd81e88
SHA512 82685fc412f8696dd95d22596195812c2aaa527d11b6341d52f2f05f11fdf8be14a929b64e90202c0e992a80d659e73cab2331cbe95aad4d97a3559e22cad6d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5d9153af3914ed5d835b0f77275d369b
SHA1 c85956786057a70ebbe71427f4a8eee042cc959e
SHA256 6b8490f40592960874984f46ba2e118a62ffc3f84aa0e7229c98d5474d4592af
SHA512 bfd65fc73efbb7e190b8076014795238178981025ad1b80302637719dfb60cb76241d315d52438f5989a18f581fc17acaa6f2c7f0e7a88e55edc03b8d6a537fe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e658d515842b1ab3bcab9e79217dba59
SHA1 41fb3135e85ccc1ad623aa6fe8fca651646b028a
SHA256 67f750a87282a3e31a7247faf649334cbed24f78c953de6e4f80a525c6168a26
SHA512 bc738b346cd70a7f51e75699b32646a6f320ea8ce0bc637cd45a0337fb18e9f1990d7d3998b0d65d772643f5a35f37f3b414839694610534b74d16c3424d02ef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0438c966668b2461b2d4ad8a09dea485
SHA1 5a0aebf82785ab97a6fc0106a2371719b0e2f9b1
SHA256 a61a5a7e5ab530b2593af183e5e813b6bb20a6a1f05384226bdc744eae9f0aa6
SHA512 36427e32b55139537a0246f97d9435bf908ba9710bd9d9f7362c6388ab564c0c31d9be7b13fb35e1dd62212f6801c6f8e6b6dc2362a120a87915e12639072a5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7f53ffb0e830f9733d7bfe89c39d988a
SHA1 50042c6310bf22d686b173ffc69d9e1f372c9a1e
SHA256 d8d3f66908c5f9bdc52e95165e7214b2ee25ea83f524f9a6713ce58d1523624e
SHA512 e81016b88a6833336bfd7ffadb3632e8419d2afc4dbb0d7b6b55c7df981aa5ad118af914e53969e43de9ccc548a0987868a03424c02ced3221542f48972c6e5a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 28746dad9b07ddb057fe1362bbbdda4f
SHA1 7e755bd731321f49cabdc261a242734f9b15a98a
SHA256 e477d498359c1fe764899e3ed3781dcc1e6ab3a0ef85d269f66a4fc61fc74c48
SHA512 1fc7aea24f13ff0a8e38121a0e657e83b0e269256b77fc1ad5f2223a47e338a0657ef1cd788991bfbf21b10fcd405957387aa9d27a1c7e349722a9f348ba066a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f1a89f05d6e41f2ba4981d066b7c344f
SHA1 68bec1a62d83ee3cea260c2ad62e74a2762d0e7c
SHA256 fd7b02bb2f78cdd7efe4479b2efaf4f0a83b0d30a90579cd59f4c404a796456d
SHA512 a079a987273b63d904253f3193ba3be227a6dbcabacfa4f13c74528ee28f2fd872f88bd3cdcf8b92927d0a6d9e301bf3f5ce7992b122cea72e359f2fc529d434

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a48ca4922cf7c05507b8956f6427624c
SHA1 61ca6c2dc9b1ca0a784653e77a93f5ca70c66828
SHA256 e9ad2269d9109e7cbaf6bd65494c4122b9f1b2416e4c45a2d9df6472526ccd20
SHA512 2b9c389484619e05b212e031eb771f240b9ab55ba23537e94ce3f65934d1b403cfbfc08c965f39ca58e424a5ba3d9f628d96b15330881145115e83cc8ab02e13

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7b1047d640efe0348b48a24a5a0e9e56
SHA1 f5e26e2e59117c394c565f4c58270a6211bfdb53
SHA256 579a0e0007f735c5ad42d6fcf38c247f1d942038481701ab8eb15122d5f6f17d
SHA512 a6c89dae1dc6cea742cbf5252e5fededc7e2308f154c5e57f7feca2efb87570d3ecef0570eaae99f59452de7ae949423b4383e295b5ce77604fe5505f6b03faa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3eb1ba8e645f247c4c5f1033a0ae6d86
SHA1 2d17ef38dbf561fca1a33f1e7e2c686fab31df42
SHA256 bfd01986ce44734bd31804bcb04b0974cb1b8829c96c5969b8e753b00ada3cbd
SHA512 833cf3288a9fc5948ee626bd234802d27ba529afa5cfaea8b6ff4f5f71bb9d514cad60b06191e9e53ed00506334cf8a53d4c442d20656bfee1d860a48af9ce81

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0c76a388171d262fb40a639a1f663d8a
SHA1 217ad0e006b60153c813d99738cbefcd5c0600c0
SHA256 5a993ffc88cd357f4a84a71455ca07c7889f89ab94ff57b02d2c205d2a67e987
SHA512 7d4a37afadff72b775b3df376d9740537f5289c52125f920aaa739368411228ccb0fb15aee62828248ef77a627a99e1bf4e8a3d23f628515a8ad5e139eecd542

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 52eefb853acbeb9e1ea132756925499f
SHA1 77c7a0eda2cf005740da89ad005dfd63adb4a00c
SHA256 8cf824f760f907cedd9b91dc3eb3087e320faa17327a3f6d0d0cad1c191e4d83
SHA512 2e9f40115a5cb4fd9c66f97f889cc5d2b84c3d3bf45083f795e4d4c0a32e1701e2aba5127da4ec01cd01775f13e228f4d3ee5356dcf7713a79e6471d5ef488d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a45074a27cdfcb6eb2104f0dc8c7d288
SHA1 d7cf531a5f23687dea2f571e360917f5e517ac47
SHA256 1b4199a9be680955afa51e2351a29a0bcb296140227ce0aa9c3d758ba9f124d9
SHA512 c78d3d0945c1bcae12af0d25b3318b5654ea59064185dcb2cd128362ed0a9e337965101241ee41eff4d96167ca6d26317ddfda041c3e0bfa0cf9f4628b15872b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 db3a5383486898cf3d791cbfcd1308f4
SHA1 3c13f27afcfe3e627b8cb0dd64d8624490bde414
SHA256 1285f2826f5bd7b7ad13a52552d8a1f1030ee40ce36d9070004bda79ca05683d
SHA512 69e774e182ddb97fe15724ed500cf5f85abf495edb15e0a72b37f04c93a4af808cee1f4231c3f37f5f2bcd1a29adb865d21147b5a4ce8a2b901350df5da071bc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ad0c1120bc8360c01376f80ae358187e
SHA1 dd17364733f4b45c282c371b9be98aad15d5d599
SHA256 d1ae2700c58a7bb5222e2d9217391c93ae9a38909238207139061232316a9b08
SHA512 d75b57181a51925155423f7f770846b45a390f6c3dcc0464c72ead9ac1dbb0936d1f966a5fcd1bf8541de6c4fbcc6c522660c0d53a7d854f458a2df0fd2c1b54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0adcaa436943a530206ec97c92c67282
SHA1 9182cae0d659deebe9a78556530777cccaa3fe3f
SHA256 fa88998f1cd9c0cc41877be95ca9ca43af96f4c8ada409b9e0927284910906fd
SHA512 de0cbf5c639159b37ca8a3660517430f8202b1b64f7736e6fab5f7bab73a8a603edb3f973b00d5ce9262386248635a4effc2777884ab2c1f32d7fe8f93fca45b