4e671c40d9d780b85f8a44aa50a5c175a9f2c2a0a530e450a981905713ec5378

Resubmissions

28/03/2025, 18:34

250328-w742ta1pz2 6

28/03/2025, 16:55

250328-ve97paywgx 8

28/03/2025, 16:52

250328-vdj9waywfs 8

Analysis

max time kernel
149s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2025, 18:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Xeno-v1.1.65/Xeno.exe
Size

140KB
MD5

70797e0760472325728ba786ca208976
SHA1

8912f23afbe8b78a9582f2a458b89a7fd697e638
SHA256

20744d38bc27d656a095e57bef62a44f5f6317de3672020e8a4a1e1057545764
SHA512

787f172cbc18eeb4f8e88420377459f37918edc9aec0105566f9e79555a962d6e89d7d0d6b791475282b2c5fb093c9e85544794639ad2771d9ca4a0e5b456477
SSDEEP

3072:h+f4nYTC3LwjBzaQhlG4a7qWdCXdXxuZjwxfBoy:h+f4nKvaQhcF7qI+xuZjwxB

Score

6^/10

defense_evasion discovery trojan

Malware Config

Signatures

Checks whether UAC is enabled 1 TTPs 1 IoCs

defense_evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Xeno.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
31	raw.githubusercontent.com
32	raw.githubusercontent.com
33	raw.githubusercontent.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Drops file in Program Files directory 11 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4840_1282923359\manifest.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4840_1282923359\protocols.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4840_1282923359\manifest.fingerprint	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4840_1552799327\crl-set	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4840_1552799327\manifest.fingerprint	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4840_454171900\manifest.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4840_454171900\manifest.fingerprint	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4840_1725507897\manifest.fingerprint	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4840_1552799327\manifest.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4840_1725507897\manifest.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4840_1725507897\Microsoft.CognitiveServices.Speech.core.dll	msedgewebview2.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedgewebview2.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133876605031403576"	msedgewebview2.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3880	Xeno.exe
3880	Xeno.exe
2980	msedgewebview2.exe
2980	msedgewebview2.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 1 IoCs

pid	Process
4840	msedgewebview2.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3880 wrote to memory of 4840	3880	Xeno.exe	91
PID 3880 wrote to memory of 4840	3880	Xeno.exe	91
PID 4840 wrote to memory of 68	4840	msedgewebview2.exe	92
PID 4840 wrote to memory of 68	4840	msedgewebview2.exe	92
PID 4840 wrote to memory of 4984	4840	msedgewebview2.exe	93
PID 4840 wrote to memory of 4984	4840	msedgewebview2.exe	93
PID 4840 wrote to memory of 4984	4840	msedgewebview2.exe	93
PID 4840 wrote to memory of 4984	4840	msedgewebview2.exe	93
PID 4840 wrote to memory of 4984	4840	msedgewebview2.exe	93
PID 4840 wrote to memory of 4984	4840	msedgewebview2.exe	93
PID 4840 wrote to memory of 4984	4840	msedgewebview2.exe	93
PID 4840 wrote to memory of 4984	4840	msedgewebview2.exe	93
PID 4840 wrote to memory of 4984	4840	msedgewebview2.exe	93
PID 4840 wrote to memory of 4984	4840	msedgewebview2.exe	93
PID 4840 wrote to memory of 4984	4840	msedgewebview2.exe	93
PID 4840 wrote to memory of 4984	4840	msedgewebview2.exe	93
PID 4840 wrote to memory of 4984	4840	msedgewebview2.exe	93
PID 4840 wrote to memory of 4984	4840	msedgewebview2.exe	93
PID 4840 wrote to memory of 4984	4840	msedgewebview2.exe	93
PID 4840 wrote to memory of 4984	4840	msedgewebview2.exe	93
PID 4840 wrote to memory of 4984	4840	msedgewebview2.exe	93
PID 4840 wrote to memory of 4984	4840	msedgewebview2.exe	93
PID 4840 wrote to memory of 4984	4840	msedgewebview2.exe	93
PID 4840 wrote to memory of 4984	4840	msedgewebview2.exe	93
PID 4840 wrote to memory of 4984	4840	msedgewebview2.exe	93
PID 4840 wrote to memory of 4984	4840	msedgewebview2.exe	93
PID 4840 wrote to memory of 4984	4840	msedgewebview2.exe	93
PID 4840 wrote to memory of 4984	4840	msedgewebview2.exe	93
PID 4840 wrote to memory of 4984	4840	msedgewebview2.exe	93
PID 4840 wrote to memory of 4984	4840	msedgewebview2.exe	93
PID 4840 wrote to memory of 4984	4840	msedgewebview2.exe	93
PID 4840 wrote to memory of 4984	4840	msedgewebview2.exe	93
PID 4840 wrote to memory of 4984	4840	msedgewebview2.exe	93
PID 4840 wrote to memory of 4984	4840	msedgewebview2.exe	93
PID 4840 wrote to memory of 4984	4840	msedgewebview2.exe	93
PID 4840 wrote to memory of 4984	4840	msedgewebview2.exe	93
PID 4840 wrote to memory of 4984	4840	msedgewebview2.exe	93
PID 4840 wrote to memory of 4984	4840	msedgewebview2.exe	93
PID 4840 wrote to memory of 4984	4840	msedgewebview2.exe	93
PID 4840 wrote to memory of 4984	4840	msedgewebview2.exe	93
PID 4840 wrote to memory of 4984	4840	msedgewebview2.exe	93
PID 4840 wrote to memory of 4984	4840	msedgewebview2.exe	93
PID 4840 wrote to memory of 4984	4840	msedgewebview2.exe	93
PID 4840 wrote to memory of 4984	4840	msedgewebview2.exe	93
PID 4840 wrote to memory of 4984	4840	msedgewebview2.exe	93
PID 4840 wrote to memory of 4984	4840	msedgewebview2.exe	93
PID 4840 wrote to memory of 4984	4840	msedgewebview2.exe	93
PID 4840 wrote to memory of 4984	4840	msedgewebview2.exe	93
PID 4840 wrote to memory of 4984	4840	msedgewebview2.exe	93
PID 4840 wrote to memory of 4984	4840	msedgewebview2.exe	93
PID 4840 wrote to memory of 4984	4840	msedgewebview2.exe	93
PID 4840 wrote to memory of 4984	4840	msedgewebview2.exe	93
PID 4840 wrote to memory of 4984	4840	msedgewebview2.exe	93
PID 4840 wrote to memory of 4984	4840	msedgewebview2.exe	93
PID 4840 wrote to memory of 4984	4840	msedgewebview2.exe	93
PID 4840 wrote to memory of 4736	4840	msedgewebview2.exe	94
PID 4840 wrote to memory of 4736	4840	msedgewebview2.exe	94
PID 4840 wrote to memory of 1492	4840	msedgewebview2.exe	95
PID 4840 wrote to memory of 1492	4840	msedgewebview2.exe	95
PID 4840 wrote to memory of 1492	4840	msedgewebview2.exe	95
PID 4840 wrote to memory of 1492	4840	msedgewebview2.exe	95
PID 4840 wrote to memory of 1492	4840	msedgewebview2.exe	95
PID 4840 wrote to memory of 1492	4840	msedgewebview2.exe	95
PID 4840 wrote to memory of 1492	4840	msedgewebview2.exe	95

C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe
"C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe"
1⤵
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3880
- C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=Xeno.exe --webview-exe-version=1.1.0+87ae4f96f8a0927052c1120167982fb069afd1b4 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --mojo-named-platform-channel-pipe=3880.4852.14970606894216057597
  2⤵
  - Drops file in Program Files directory
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of WriteProcessMemory
  PID:4840
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=132.0.6834.160 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=132.0.2957.140 --initial-client-data=0x15c,0x160,0x164,0x138,0x16c,0x7ffb09a3b078,0x7ffb09a3b084,0x7ffb09a3b090
    3⤵
    PID:68
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=gpu-process --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView" --webview-exe-name=Xeno.exe --webview-exe-version=1.1.0+87ae4f96f8a0927052c1120167982fb069afd1b4 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1728,i,13694049132094088344,10334330321268726035,262144 --variations-seed-version --mojo-platform-channel-handle=1732 /prefetch:2
    3⤵
    PID:4984
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView" --webview-exe-name=Xeno.exe --webview-exe-version=1.1.0+87ae4f96f8a0927052c1120167982fb069afd1b4 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=1372,i,13694049132094088344,10334330321268726035,262144 --variations-seed-version --mojo-platform-channel-handle=2056 /prefetch:3
    3⤵
    PID:4736
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView" --webview-exe-name=Xeno.exe --webview-exe-version=1.1.0+87ae4f96f8a0927052c1120167982fb069afd1b4 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=2380,i,13694049132094088344,10334330321268726035,262144 --variations-seed-version --mojo-platform-channel-handle=2388 /prefetch:8
    3⤵
    PID:1492
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView" --webview-exe-name=Xeno.exe --webview-exe-version=1.1.0+87ae4f96f8a0927052c1120167982fb069afd1b4 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --always-read-main-dll --field-trial-handle=3612,i,13694049132094088344,10334330321268726035,262144 --variations-seed-version --mojo-platform-channel-handle=3636 /prefetch:1
    3⤵
    PID:3740
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView" --webview-exe-name=Xeno.exe --webview-exe-version=1.1.0+87ae4f96f8a0927052c1120167982fb069afd1b4 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=1216,i,13694049132094088344,10334330321268726035,262144 --variations-seed-version --mojo-platform-channel-handle=3948 /prefetch:8
    3⤵
    PID:5168
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView" --webview-exe-name=Xeno.exe --webview-exe-version=1.1.0+87ae4f96f8a0927052c1120167982fb069afd1b4 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=2248,i,13694049132094088344,10334330321268726035,262144 --variations-seed-version --mojo-platform-channel-handle=4744 /prefetch:8
    3⤵
    PID:4664
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView" --webview-exe-name=Xeno.exe --webview-exe-version=1.1.0+87ae4f96f8a0927052c1120167982fb069afd1b4 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=4508,i,13694049132094088344,10334330321268726035,262144 --variations-seed-version --mojo-platform-channel-handle=752 /prefetch:8
    3⤵
    PID:4404
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView" --webview-exe-name=Xeno.exe --webview-exe-version=1.1.0+87ae4f96f8a0927052c1120167982fb069afd1b4 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=4668,i,13694049132094088344,10334330321268726035,262144 --variations-seed-version --mojo-platform-channel-handle=4648 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2980
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView" --webview-exe-name=Xeno.exe --webview-exe-version=1.1.0+87ae4f96f8a0927052c1120167982fb069afd1b4 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=4376,i,13694049132094088344,10334330321268726035,262144 --variations-seed-version --mojo-platform-channel-handle=932 /prefetch:8
    3⤵
    PID:5772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping4840_1282923359\manifest.fingerprint

Filesize
66B

MD5
496b05677135db1c74d82f948538c21c

SHA1
e736e675ca5195b5fc16e59fb7de582437fb9f9a

SHA256
df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7

SHA512
8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4840_1282923359\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4840_1552799327\manifest.json

Filesize
114B

MD5
e6cd92ad3b3ab9cb3d325f3c4b7559aa

SHA1
0704d57b52cf55674524a5278ed4f7ba1e19ca0c

SHA256
63dfb8d99ce83b3ca282eb697dc76b17b4a48e4065fc7efafb77724739074a9d

SHA512
172d5dc107757bb591b9a8ed7f2b48f22b5184d6537572d375801113e294febfbe39077c408e3a04c44e6072427cbe443c6614d205a5a4aa290101722e18f5e8

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4840_1725507897\manifest.json

Filesize
76B

MD5
ba25fcf816a017558d3434583e9746b8

SHA1
be05c87f7adf6b21273a4e94b3592618b6a4a624

SHA256
0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11

SHA512
3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4840_454171900\manifest.json

Filesize
43B

MD5
af3a9104ca46f35bb5f6123d89c25966

SHA1
1ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8

SHA256
81bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea

SHA512
6a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\XENO_CACHE.bin

Filesize
28B

MD5
78d58a032761f1b9767ce9a961560a55

SHA1
16e75b82eb992b85361cfa782e2eac73f627717e

SHA256
895c607361d12436b3c82f8e233278f594d1de2ac032fd9534670a26f9bd5ce5

SHA512
4395ec8d0e057016daa654d94aeac4aea172814193ee9c3d5717093636db0972fea522a5e0596427b7c89cc2ab7f10c9be7c103b12b0c4151fc7b221d13e0f0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\CertificateRevocation\6498.2024.12.2\crl-set

Filesize
21KB

MD5
846feb52bd6829102a780ec0da74ab04

SHA1
dd98409b49f0cd1f9d0028962d7276860579fb54

SHA256
124b7eeba31f0e3d9b842a62f3441204beb13fade81da38b854aecba0e03a5b4

SHA512
c8759e675506ccc6aa9807798252c7e7c48a0ab31674609738617dc105cee38bce69d4d41d6b95e16731466880b386d35483cbeea6275773f7041ba6e305fae9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
9a60eb0beb66f7d96958acb4ea2f9688

SHA1
329a49e65dbaaf76039281a434486a9c0592c787

SHA256
cf408e1053b6ec4cd41591080d3477985ff8b325b5be01624c154f4fb2d82b86

SHA512
4c85b70b0eb7e812b7507d61fe7ea56254c47d7f836c78a4912b8196f7cace04e0230c7533e283a5ebeadba96363454fa4065d5a279f56be5dbfde60b1a4f8e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
af5bba83f913f73a6640fc9ed263cfa8

SHA1
92ecd3d1133d4e499aad81403815e00f459a850e

SHA256
5b73f7f79a630f5e3d74a9dfbe2fca87669902879363f13591fa0ccd826a0f75

SHA512
5e819cd7e08a12de3d062351ba66453f65b242e3dae95952b0679873ef78cf321bca91b6b311aabd0f51d392d1a8468857e10f5bb3f909cd4b54349b23903586

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Default\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Default\DawnWebGPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Default\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Default\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Default\Extension Rules\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Default\Network\Network Persistent State

Filesize
229B

MD5
5c9f79435fd36dd2a8914a542651f839

SHA1
81f4f5faf2f14d448626b3f49618d11fd4295cad

SHA256
153938ecc186cd98a2f1ebd1f53ae88cfe9d9884bd470e9166a53348a071fb2b

SHA512
0e7cf3372f919b11b0c6341bc4df2bb8ba5106463b06c74f0736b14755fa23a78db7e9b3111938570225435169bd01f7198b6124007defa77e90bbe21fd14588

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Default\Network\Network Persistent State~RFe587877.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Default\Preferences

Filesize
6KB

MD5
34ccdd8b323b1eb58e2ab5f84ec7d203

SHA1
2dbf7532e91fb30f0497529daf311c4e6f933225

SHA256
70330d511fe781faafec97b27ae2b663834c7d6c0222b1e1129246ed373c15f9

SHA512
8fdb10fac91bf18fc7d9592d99cde16761dd005c6868f5c1a08c09504d39b483f7a20ffae5bd0d0e2fe1f5b80688f2d9e0b4e3c6e121866b4daa8f49d5ef883c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Default\Preferences~RFe5801b1.TMP

Filesize
6KB

MD5
337ca90e66d8e207504ea455de79539d

SHA1
4b95f7d80e7e3f573d1518a3cb50b8da3c571bc8

SHA256
034453aa72d6d34af5e98774bf57136971c57495ba5778c1efdd42726bb4d059

SHA512
a1074c48f4955d6eae47e68544f92df01538d18cc090a6d662a2f751055b2cf973acb871fcd0b41f1546f0f8d502a090d1676954a5848e87c8b3b870807f828c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Local State

Filesize
2KB

MD5
7f8db46de362ce6ab63eaa49b1cddec7

SHA1
769a0f89193168a30c31f7c51620ebfe2fe485d0

SHA256
99207218bc3037b9630949fb771f968f5ca7184bbca1aacde3f7690d2dbfcd81

SHA512
bfe4ef35bee6a8a1476539481c710d39464ef0c339be68cb3f48128e2f5dbe5b60727c894ca36fa09b2b29ada59908de8517207dfe6801764411ecdfdbaef8ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Local State

Filesize
3KB

MD5
c795fb44cad95233374ccaafb68ebee1

SHA1
529aa34d64e343fd1ea4f74bb9553f8fb9f9d106

SHA256
8ece7c7dbd33fc96379578c35b3240f435a7f1d07649043e7829f8ed171f14b3

SHA512
a9b51e7df87a672ea1a78075579072035bbddc8a9fd536557aba19971b7d8b4e2e2e9fe6028ae47270b30cb1021068e6fbeec3bf063898f0f6146b7cbc27dba8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Local State

Filesize
16KB

MD5
4a9198f88100258fe7465b147996cd8d

SHA1
b56c790a26b82ff5e2b6fbbee8685e9866e5b83d

SHA256
e4115b42c14672468391d63c06102fe00c6884cee98787720a4069b5b82582d7

SHA512
0b9ebe730360a46d64a82e403913902240da6657aa0b0b524519a88d570546f8e5cd68677c4b7756f56154b31a5ccf03c8e6cb6621a0b864d1c459fd750272e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Local State

Filesize
1KB

MD5
431ab3eb737782ba4ebb8f2af6747da6

SHA1
d0d19bdf2f8134864e240ab1b24f0b2407669788

SHA256
0ab57dd4ee40505ea120c93f744198e0ed94aa58af75a6d6004ed75e1b8ee888

SHA512
3138f7d8f13c79318f8c35d0efaf501707aa58e83eb13a9033b8393d47ddca35b1353283f1ad8be501c1013b9673b946b81f0923f414452f65c783bf54ca0b92

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Local State

Filesize
1KB

MD5
a6c9012560acdd55a1601f03e58f4d45

SHA1
8db8173ae9866025d8668a1443e75d03f47dcc2e

SHA256
c1beae543acbf80cc6c2fd620d2457e1f271e6962a54428663d3f5ed19da875a

SHA512
058f39acf4ef8c24bd11b498fdc300671916a6e1e0c624eee00c83caee6c7cc2bb6acc6b382185ca35b15a721677eb80b034d8d8ac338087e4f3e23834cf92fa

Download Submit
memory/1492-75-0x00007FFB2CFA0000-0x00007FFB2CFA1000-memory.dmp

Filesize
4KB

Download
memory/1492-74-0x00007FFB2CF90000-0x00007FFB2CF91000-memory.dmp

Filesize
4KB

Download
memory/2980-488-0x00000291AED60000-0x00000291AED61000-memory.dmp

Filesize
4KB

Download
memory/2980-493-0x00000291AED60000-0x00000291AED61000-memory.dmp

Filesize
4KB

Download
memory/2980-489-0x00000291AED60000-0x00000291AED61000-memory.dmp

Filesize
4KB

Download
memory/2980-491-0x00000291AED60000-0x00000291AED61000-memory.dmp

Filesize
4KB

Download
memory/2980-483-0x00000291AED60000-0x00000291AED61000-memory.dmp

Filesize
4KB

Download
memory/2980-484-0x00000291AED60000-0x00000291AED61000-memory.dmp

Filesize
4KB

Download
memory/2980-482-0x00000291AED60000-0x00000291AED61000-memory.dmp

Filesize
4KB

Download
memory/2980-492-0x00000291AED60000-0x00000291AED61000-memory.dmp

Filesize
4KB

Download
memory/2980-490-0x00000291AED60000-0x00000291AED61000-memory.dmp

Filesize
4KB

Download
memory/2980-494-0x00000291AED60000-0x00000291AED61000-memory.dmp

Filesize
4KB

Download
memory/3740-152-0x00007FFB2C370000-0x00007FFB2C371000-memory.dmp

Filesize
4KB

Download
memory/3740-222-0x000002D856900000-0x000002D856A2A000-memory.dmp

Filesize
1.2MB

Download
memory/4984-244-0x00000135B20D0000-0x00000135B21FA000-memory.dmp

Filesize
1.2MB

Download
memory/4984-35-0x00007FFB2C370000-0x00007FFB2C371000-memory.dmp

Filesize
4KB

Download
memory/4984-201-0x00000135B20D0000-0x00000135B21FA000-memory.dmp

Filesize
1.2MB

Download
memory/4984-540-0x00000135B20D0000-0x00000135B21FA000-memory.dmp

Filesize
1.2MB

Download