4e671c40d9d780b85f8a44aa50a5c175a9f2c2a0a530e450a981905713ec5378

Resubmissions

28/03/2025, 18:34

250328-w742ta1pz2 6

28/03/2025, 16:55

250328-ve97paywgx 8

28/03/2025, 16:52

250328-vdj9waywfs 8

Analysis

max time kernel
149s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2025, 16:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Xeno-v1.1.65/Xeno.exe
Size

140KB
MD5

70797e0760472325728ba786ca208976
SHA1

8912f23afbe8b78a9582f2a458b89a7fd697e638
SHA256

20744d38bc27d656a095e57bef62a44f5f6317de3672020e8a4a1e1057545764
SHA512

787f172cbc18eeb4f8e88420377459f37918edc9aec0105566f9e79555a962d6e89d7d0d6b791475282b2c5fb093c9e85544794639ad2771d9ca4a0e5b456477
SSDEEP

3072:h+f4nYTC3LwjBzaQhlG4a7qWdCXdXxuZjwxfBoy:h+f4nKvaQhcF7qI+xuZjwxB

Score

6^/10

defense_evasion discovery trojan

Malware Config

Signatures

Checks whether UAC is enabled 1 TTPs 1 IoCs

defense_evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Xeno.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
35	raw.githubusercontent.com
36	raw.githubusercontent.com
37	raw.githubusercontent.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Drops file in Program Files directory 60 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4444_164522236\manifest.fingerprint	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4444_728313122\hyph-gl.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4444_728313122\hyph-hi.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4444_728313122\hyph-hr.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4444_728313122\hyph-mr.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4444_133425705\manifest.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4444_728313122\hyph-be.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4444_728313122\hyph-cu.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4444_728313122\hyph-la.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4444_728313122\hyph-nn.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4444_164522236\manifest.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4444_728313122\hyph-sl.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4444_728313122\hyph-bn.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4444_728313122\hyph-da.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4444_728313122\hyph-gu.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4444_728313122\hyph-kn.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4444_728313122\hyph-mul-ethi.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4444_728313122\hyph-es.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4444_728313122\hyph-nl.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4444_728313122\hyph-und-ethi.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4444_728313122\hyph-de-ch-1901.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4444_728313122\hyph-tk.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4444_728313122\manifest.fingerprint	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4444_728313122\hyph-af.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4444_728313122\hyph-en-us.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4444_728313122\hyph-hy.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4444_728313122\hyph-ka.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4444_728313122\hyph-ml.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4444_728313122\hyph-nb.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4444_728313122\hyph-sq.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4444_728313122\manifest.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4444_133425705\Microsoft.CognitiveServices.Speech.core.dll	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4444_728313122\hyph-et.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4444_728313122\hyph-fr.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4444_728313122\hyph-pt.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4444_728313122\hyph-de-1901.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4444_728313122\hyph-eu.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4444_728313122\hyph-te.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4444_728313122\hyph-as.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4444_728313122\hyph-cs.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4444_728313122\hyph-el.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4444_728313122\hyph-ga.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4444_728313122\hyph-lv.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4444_728313122\hyph-or.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4444_728313122\hyph-pa.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4444_728313122\hyph-ru.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4444_728313122\hyph-en-gb.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4444_728313122\hyph-hu.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4444_728313122\hyph-sk.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4444_133425705\manifest.fingerprint	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4444_728313122\hyph-cy.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4444_728313122\_metadata\verified_contents.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4444_728313122\hyph-de-1996.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4444_728313122\hyph-mn-cyrl.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4444_728313122\hyph-lt.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4444_728313122\hyph-sv.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4444_728313122\hyph-ta.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4444_728313122\hyph-bg.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4444_728313122\hyph-it.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4444_728313122\hyph-uk.hyb	msedgewebview2.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedgewebview2.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133876545430294025"	msedgewebview2.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1952	Xeno.exe
1952	Xeno.exe
5028	msedgewebview2.exe
5028	msedgewebview2.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 1 IoCs

pid	Process
4444	msedgewebview2.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1952 wrote to memory of 4444	1952	Xeno.exe	88
PID 1952 wrote to memory of 4444	1952	Xeno.exe	88
PID 4444 wrote to memory of 4480	4444	msedgewebview2.exe	89
PID 4444 wrote to memory of 4480	4444	msedgewebview2.exe	89
PID 4444 wrote to memory of 2760	4444	msedgewebview2.exe	91
PID 4444 wrote to memory of 2760	4444	msedgewebview2.exe	91
PID 4444 wrote to memory of 2760	4444	msedgewebview2.exe	91
PID 4444 wrote to memory of 2760	4444	msedgewebview2.exe	91
PID 4444 wrote to memory of 2760	4444	msedgewebview2.exe	91
PID 4444 wrote to memory of 2760	4444	msedgewebview2.exe	91
PID 4444 wrote to memory of 2760	4444	msedgewebview2.exe	91
PID 4444 wrote to memory of 2760	4444	msedgewebview2.exe	91
PID 4444 wrote to memory of 2760	4444	msedgewebview2.exe	91
PID 4444 wrote to memory of 2760	4444	msedgewebview2.exe	91
PID 4444 wrote to memory of 2760	4444	msedgewebview2.exe	91
PID 4444 wrote to memory of 2760	4444	msedgewebview2.exe	91
PID 4444 wrote to memory of 2760	4444	msedgewebview2.exe	91
PID 4444 wrote to memory of 2760	4444	msedgewebview2.exe	91
PID 4444 wrote to memory of 2760	4444	msedgewebview2.exe	91
PID 4444 wrote to memory of 2760	4444	msedgewebview2.exe	91
PID 4444 wrote to memory of 2760	4444	msedgewebview2.exe	91
PID 4444 wrote to memory of 2760	4444	msedgewebview2.exe	91
PID 4444 wrote to memory of 2760	4444	msedgewebview2.exe	91
PID 4444 wrote to memory of 2760	4444	msedgewebview2.exe	91
PID 4444 wrote to memory of 2760	4444	msedgewebview2.exe	91
PID 4444 wrote to memory of 2760	4444	msedgewebview2.exe	91
PID 4444 wrote to memory of 2760	4444	msedgewebview2.exe	91
PID 4444 wrote to memory of 2760	4444	msedgewebview2.exe	91
PID 4444 wrote to memory of 2760	4444	msedgewebview2.exe	91
PID 4444 wrote to memory of 2760	4444	msedgewebview2.exe	91
PID 4444 wrote to memory of 2760	4444	msedgewebview2.exe	91
PID 4444 wrote to memory of 2760	4444	msedgewebview2.exe	91
PID 4444 wrote to memory of 2760	4444	msedgewebview2.exe	91
PID 4444 wrote to memory of 2760	4444	msedgewebview2.exe	91
PID 4444 wrote to memory of 2760	4444	msedgewebview2.exe	91
PID 4444 wrote to memory of 2760	4444	msedgewebview2.exe	91
PID 4444 wrote to memory of 2760	4444	msedgewebview2.exe	91
PID 4444 wrote to memory of 2760	4444	msedgewebview2.exe	91
PID 4444 wrote to memory of 2760	4444	msedgewebview2.exe	91
PID 4444 wrote to memory of 2760	4444	msedgewebview2.exe	91
PID 4444 wrote to memory of 2760	4444	msedgewebview2.exe	91
PID 4444 wrote to memory of 2760	4444	msedgewebview2.exe	91
PID 4444 wrote to memory of 2760	4444	msedgewebview2.exe	91
PID 4444 wrote to memory of 2760	4444	msedgewebview2.exe	91
PID 4444 wrote to memory of 2760	4444	msedgewebview2.exe	91
PID 4444 wrote to memory of 2760	4444	msedgewebview2.exe	91
PID 4444 wrote to memory of 2760	4444	msedgewebview2.exe	91
PID 4444 wrote to memory of 2760	4444	msedgewebview2.exe	91
PID 4444 wrote to memory of 2760	4444	msedgewebview2.exe	91
PID 4444 wrote to memory of 2760	4444	msedgewebview2.exe	91
PID 4444 wrote to memory of 2760	4444	msedgewebview2.exe	91
PID 4444 wrote to memory of 2760	4444	msedgewebview2.exe	91
PID 4444 wrote to memory of 2760	4444	msedgewebview2.exe	91
PID 4444 wrote to memory of 2760	4444	msedgewebview2.exe	91
PID 4444 wrote to memory of 2760	4444	msedgewebview2.exe	91
PID 4444 wrote to memory of 4172	4444	msedgewebview2.exe	92
PID 4444 wrote to memory of 4172	4444	msedgewebview2.exe	92
PID 4444 wrote to memory of 4720	4444	msedgewebview2.exe	93
PID 4444 wrote to memory of 4720	4444	msedgewebview2.exe	93
PID 4444 wrote to memory of 4720	4444	msedgewebview2.exe	93
PID 4444 wrote to memory of 4720	4444	msedgewebview2.exe	93
PID 4444 wrote to memory of 4720	4444	msedgewebview2.exe	93
PID 4444 wrote to memory of 4720	4444	msedgewebview2.exe	93
PID 4444 wrote to memory of 4720	4444	msedgewebview2.exe	93

C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe
"C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe"
1⤵
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1952
- C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=Xeno.exe --webview-exe-version=1.1.0+87ae4f96f8a0927052c1120167982fb069afd1b4 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --mojo-named-platform-channel-pipe=1952.5220.17327182212469601554
  2⤵
  - Drops file in Program Files directory
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of WriteProcessMemory
  PID:4444
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=132.0.6834.160 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=132.0.2957.140 --initial-client-data=0x15c,0x160,0x164,0x138,0x16c,0x7ff8d77ab078,0x7ff8d77ab084,0x7ff8d77ab090
    3⤵
    PID:4480
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=gpu-process --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView" --webview-exe-name=Xeno.exe --webview-exe-version=1.1.0+87ae4f96f8a0927052c1120167982fb069afd1b4 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1712,i,17941592161155771023,2998218813011975107,262144 --variations-seed-version --mojo-platform-channel-handle=1708 /prefetch:2
    3⤵
    PID:2760
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView" --webview-exe-name=Xeno.exe --webview-exe-version=1.1.0+87ae4f96f8a0927052c1120167982fb069afd1b4 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=2016,i,17941592161155771023,2998218813011975107,262144 --variations-seed-version --mojo-platform-channel-handle=2028 /prefetch:3
    3⤵
    PID:4172
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView" --webview-exe-name=Xeno.exe --webview-exe-version=1.1.0+87ae4f96f8a0927052c1120167982fb069afd1b4 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=2352,i,17941592161155771023,2998218813011975107,262144 --variations-seed-version --mojo-platform-channel-handle=2364 /prefetch:8
    3⤵
    PID:4720
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView" --webview-exe-name=Xeno.exe --webview-exe-version=1.1.0+87ae4f96f8a0927052c1120167982fb069afd1b4 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --always-read-main-dll --field-trial-handle=3564,i,17941592161155771023,2998218813011975107,262144 --variations-seed-version --mojo-platform-channel-handle=3588 /prefetch:1
    3⤵
    PID:856
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView" --webview-exe-name=Xeno.exe --webview-exe-version=1.1.0+87ae4f96f8a0927052c1120167982fb069afd1b4 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=4636,i,17941592161155771023,2998218813011975107,262144 --variations-seed-version --mojo-platform-channel-handle=4628 /prefetch:8
    3⤵
    PID:3512
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView" --webview-exe-name=Xeno.exe --webview-exe-version=1.1.0+87ae4f96f8a0927052c1120167982fb069afd1b4 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=4496,i,17941592161155771023,2998218813011975107,262144 --variations-seed-version --mojo-platform-channel-handle=4712 /prefetch:8
    3⤵
    PID:316
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView" --webview-exe-name=Xeno.exe --webview-exe-version=1.1.0+87ae4f96f8a0927052c1120167982fb069afd1b4 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=4548,i,17941592161155771023,2998218813011975107,262144 --variations-seed-version --mojo-platform-channel-handle=4724 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5028
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView" --webview-exe-name=Xeno.exe --webview-exe-version=1.1.0+87ae4f96f8a0927052c1120167982fb069afd1b4 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=4180,i,17941592161155771023,2998218813011975107,262144 --variations-seed-version --mojo-platform-channel-handle=4144 /prefetch:8
    3⤵
    PID:1356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping4444_133425705\manifest.json

Filesize
76B

MD5
ba25fcf816a017558d3434583e9746b8

SHA1
be05c87f7adf6b21273a4e94b3592618b6a4a624

SHA256
0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11

SHA512
3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4444_164522236\manifest.json

Filesize
43B

MD5
af3a9104ca46f35bb5f6123d89c25966

SHA1
1ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8

SHA256
81bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea

SHA512
6a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4444_728313122\hyph-af.hyb

Filesize
70KB

MD5
ffa9db945f0f0c15b8bba75a6e064880

SHA1
49217a9d5bb7a868464403b4e3c82e80df53456c

SHA256
5487ee44a4cd706d0086522e90c59c76cdf2ac68ce506fd3eae6054b9220c0cf

SHA512
cc67b2dfbbb009dd3fdb999fe86410425455613c12dac755a3cded435cd25ca4363782d70f3b7bb7c0fdd63e2eb649ae6a4053d929f463b646b43d7dbfda79c0

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4444_728313122\hyph-as.hyb

Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4444_728313122\hyph-hi.hyb

Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4444_728313122\hyph-nb.hyb

Filesize
141KB

MD5
677edd1a17d50f0bd11783f58725d0e7

SHA1
98fedc5862c78f3b03daed1ff9efbe5e31c205ee

SHA256
c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

SHA512
c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4444_728313122\manifest.json

Filesize
82B

MD5
2617c38bed67a4190fc499142b6f2867

SHA1
a37f0251cd6be0a6983d9a04193b773f86d31da1

SHA256
d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665

SHA512
b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\XENO_CACHE.bin

Filesize
28B

MD5
78d58a032761f1b9767ce9a961560a55

SHA1
16e75b82eb992b85361cfa782e2eac73f627717e

SHA256
895c607361d12436b3c82f8e233278f594d1de2ac032fd9534670a26f9bd5ce5

SHA512
4395ec8d0e057016daa654d94aeac4aea172814193ee9c3d5717093636db0972fea522a5e0596427b7c89cc2ab7f10c9be7c103b12b0c4151fc7b221d13e0f0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
8c36e5261212fecc8f34c088b21bce4c

SHA1
b3095cef1de2346baef304d7f93e1f42537d435d

SHA256
b04edc5fa85a5466192b58d7e8aa4b92a70f3d58fa40d3e193e000d2acf3e58d

SHA512
9557fd31ec7243e711ffed56ce14e7cce5ca67dc7505562da8ecc28a18fc999c259e6e8612ce073b6146ae18e4c721616b760fa0a41e929982c4d03c2dec33d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
f0d1fc60c610e6c892ae59ac68e26bf5

SHA1
1e613c4bea463a92d2bbe1475583807dbcb45268

SHA256
5d0cf027bb7d8f2fb7c99d7f5b1825f67c365205675dacebd7e3a46e486d370e

SHA512
65f75e47b5310fad9009e87c01a177cf65d71483bda3cd26b1bfcbea0a2cfc1de5ddc57fe0b4e0b7830256f84d9c45c6ceb9b22a04b33cfed7d421191837dfe9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Default\DawnGraphiteCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Default\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Default\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Default\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Default\Extension Rules\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Default\Network\Network Persistent State

Filesize
229B

MD5
5c9f79435fd36dd2a8914a542651f839

SHA1
81f4f5faf2f14d448626b3f49618d11fd4295cad

SHA256
153938ecc186cd98a2f1ebd1f53ae88cfe9d9884bd470e9166a53348a071fb2b

SHA512
0e7cf3372f919b11b0c6341bc4df2bb8ba5106463b06c74f0736b14755fa23a78db7e9b3111938570225435169bd01f7198b6124007defa77e90bbe21fd14588

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Default\Network\Network Persistent State~RFe5870b6.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Default\Preferences

Filesize
6KB

MD5
c3b9e05e030de38063b29d67a40ab9af

SHA1
8e9015f82c795ca6146773d63e4188fd5607c846

SHA256
66547ecc864e1c544825f676fd20289e0b022f291f6f6191bc511e6356ed4003

SHA512
12528d0e7fbca9eefbf0d720a87eaa47e495351f8bb60faeb4b786bed26ee327080ba8d97c74c1ffaa6156695b9245143e460f6854a6c4a0827dab0e5c318426

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Default\Preferences~RFe57f992.TMP

Filesize
6KB

MD5
4bddea6f8e925a79fbb43fda5f3ee376

SHA1
c91ab8e6b27081c7ab8d65fb72cf3f5dabbfa282

SHA256
bd3362ddad01e0c6798c497ed0e740a9ed2ba1f74363b7f07a63cb24a6fa5aef

SHA512
0d6a3c81d83e6df7f7365b8e4149730a63a11a43fb9a21ce4cae257b9c4a613cb14a0a68d8f0a8ad30fd30227cab8f136f9e5a23f124b295791cedfa902ddd29

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Local State

Filesize
1KB

MD5
4f2c74a4be8dce96186b6aaf1f0e8159

SHA1
4a0abf0b9e62dc974e5af34616105efd58b2c516

SHA256
e8b1075ba87fa7383d174f8a0a5cbe3336b3bad51edbec2dd84a92edbcb25e33

SHA512
383743313bbb1cbe9a6936b8958e381bb6ff9ad85af23327c905faa4c2ee8c9547c266194721dc367bb5770c667a40f38abc0f542dedd82afb1ef8894fbc4c40

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Local State

Filesize
2KB

MD5
2f6ad3dc25a0e9e9d0e71e0543d7795c

SHA1
a10ed33cdd72233a3e3e48f4d09122bf93b6aba2

SHA256
1abbefd0a57eb6eaf829644cfa8866da774d26629100831f4f7e2ad3fcfbd4e5

SHA512
aef9e5c93d1209c89de5c8932ce8f1fdc18f7cf908c216afdd7ad8b1b245e2bef7f228ae8a7a0870e38fd87caea5a30205625f9fe7c2995612b02af4ffe8bc76

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Local State

Filesize
3KB

MD5
b6f34b5ffb5c3017e480cd67c36bc517

SHA1
a9a13e85add91198412855e47b8dfcfcea1830ac

SHA256
6e58692a0893f1fa213dcb673d9268e0801c1e49e6eb2548eb29d6cb8b3c1c99

SHA512
3f42db7a44cf1a2eaddb96435bf5c5195ab252edb678a7a5eac538b001f22db0251bc4d001d50df9320391eed492f82a3963d231f5837e6070333a2965925185

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Local State

Filesize
16KB

MD5
3dc7b54f532038feefbf3b02e50a969c

SHA1
ed7414a2e6367fd089cca39c76e55fc780c5eee7

SHA256
baf56b13deb11b57d9523aabdc2294ad2d7710cae28b52030c0a9639254d0148

SHA512
5e9bca82ee7e956a0861993e17bef000804e38017ec8245537a6902e529236e308f98cea2b4dd99226466a4db8aebcd616f7d5684d4f491b16a0adeb7575254d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Local State~RFe575b3f.TMP

Filesize
1KB

MD5
ae5edb0962cfceeff046ac5c0dfb3d18

SHA1
276ec0c3542a4989c73301e0b80ca1879c52a47c

SHA256
e69bfbe6787199b46f2c6136e2df6400738717cf36e22960b1abf0c51205b828

SHA512
9aa36da33aa1be9791be93093b5fee27ade1293864a6cf3dc47aaf8a107a8564cf0dbd31d580e31089ebad41e7b05c9219a347968f2a31947a015d6a17f62785

Download Submit
memory/856-126-0x00007FF8FBBC0000-0x00007FF8FBBC1000-memory.dmp

Filesize
4KB

Download
memory/2760-35-0x00007FF8FBBC0000-0x00007FF8FBBC1000-memory.dmp

Filesize
4KB

Download
memory/4720-61-0x00007FF8FBA00000-0x00007FF8FBA01000-memory.dmp

Filesize
4KB

Download
memory/4720-60-0x00007FF8FAA50000-0x00007FF8FAA51000-memory.dmp

Filesize
4KB

Download
memory/5028-695-0x00000167AC2F0000-0x00000167AC2F1000-memory.dmp

Filesize
4KB

Download
memory/5028-689-0x00000167AC2F0000-0x00000167AC2F1000-memory.dmp

Filesize
4KB

Download
memory/5028-690-0x00000167AC2F0000-0x00000167AC2F1000-memory.dmp

Filesize
4KB

Download
memory/5028-699-0x00000167AC2F0000-0x00000167AC2F1000-memory.dmp

Filesize
4KB

Download
memory/5028-701-0x00000167AC2F0000-0x00000167AC2F1000-memory.dmp

Filesize
4KB

Download
memory/5028-700-0x00000167AC2F0000-0x00000167AC2F1000-memory.dmp

Filesize
4KB

Download
memory/5028-698-0x00000167AC2F0000-0x00000167AC2F1000-memory.dmp

Filesize
4KB

Download
memory/5028-697-0x00000167AC2F0000-0x00000167AC2F1000-memory.dmp

Filesize
4KB

Download
memory/5028-696-0x00000167AC2F0000-0x00000167AC2F1000-memory.dmp

Filesize
4KB

Download
memory/5028-691-0x00000167AC2F0000-0x00000167AC2F1000-memory.dmp

Filesize
4KB

Download