4e671c40d9d780b85f8a44aa50a5c175a9f2c2a0a530e450a981905713ec5378

Resubmissions

02/04/2025, 22:36

250402-2h95esxpz5 3

30/03/2025, 19:46

29/03/2025, 19:55

29/03/2025, 19:55

29/03/2025, 18:18

29/03/2025, 10:24

29/03/2025, 00:19

Analysis

max time kernel
899s
max time network
433s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2025, 10:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Xeno-v1.1.65/Xeno.exe
Size

140KB
MD5

70797e0760472325728ba786ca208976
SHA1

8912f23afbe8b78a9582f2a458b89a7fd697e638
SHA256

20744d38bc27d656a095e57bef62a44f5f6317de3672020e8a4a1e1057545764
SHA512

787f172cbc18eeb4f8e88420377459f37918edc9aec0105566f9e79555a962d6e89d7d0d6b791475282b2c5fb093c9e85544794639ad2771d9ca4a0e5b456477
SSDEEP

3072:h+f4nYTC3LwjBzaQhlG4a7qWdCXdXxuZjwxfBoy:h+f4nKvaQhcF7qI+xuZjwxB

Score

6^/10

defense_evasion discovery trojan

Malware Config

Signatures

Checks whether UAC is enabled 1 TTPs 1 IoCs

defense_evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Xeno.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
31	raw.githubusercontent.com
32	raw.githubusercontent.com
33	raw.githubusercontent.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_1827278835\hyph-ru.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_760586546\Part-NL	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_1659288103\_metadata\verified_contents.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_1475815241\manifest.fingerprint	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_1827278835\hyph-cy.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_1827278835\hyph-eu.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_1827278835\hyph-hr.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_1675096726\kp_pinslist.pb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_1827278835\hyph-cs.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_1827278835\hyph-kn.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_1827278835\hyph-mr.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_760586546\Part-FR	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_760586546\Part-IT	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_1475815241\manifest.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_458382076\manifest.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_1827278835\hyph-en-gb.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_1827278835\hyph-hi.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_1827278835\manifest.fingerprint	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_1475815241\_platform_specific\win_x64\widevinecdm.dll	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_1475815241\_platform_specific\win_x64\widevinecdm.dll.sig	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_1675096726\ct_config.pb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_1364255464\manifest.fingerprint	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_1827278835\hyph-et.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_1827278835\hyph-it.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_760586546\Filtering Rules-AA	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_1827278835\hyph-cu.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_1827278835\hyph-lt.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_1827278835\hyph-pt.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_1827278835\hyph-te.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_1827278835\hyph-und-ethi.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_760586546\Filtering Rules	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_760586546\Part-DE	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_1659288103\LICENSE	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_1827278835\hyph-tk.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_1364255464\manifest.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_458382076\crl-set	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_1827278835\hyph-as.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_1827278835\hyph-mn-cyrl.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_1827278835\hyph-nn.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_2144464578\manifest.fingerprint	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_933093209\manifest.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_1827278835\hyph-de-ch-1901.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_1827278835\hyph-ga.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_1827278835\hyph-sk.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_1827278835\hyph-sv.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_760586546\Filtering Rules-CA	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_760586546\Part-ZH	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_1659288103\keys.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_1659288103\manifest.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_1827278835\hyph-hy.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_1827278835\hyph-pa.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_1827278835\hyph-sq.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_1827278835\hyph-uk.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_1675096726\manifest.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_1364255464\protocols.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_458382076\manifest.fingerprint	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_1827278835\hyph-la.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_1827278835\hyph-lv.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_1827278835\hyph-or.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_1659288103\manifest.fingerprint	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_1475815241\_metadata\verified_contents.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_1827278835\hyph-en-us.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_1827278835\hyph-nb.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1376_1827278835\hyph-nl.hyb	msedgewebview2.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedgewebview2.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133877182791559820"	msedgewebview2.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4228	Xeno.exe
4228	Xeno.exe
4124	msedgewebview2.exe
4124	msedgewebview2.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 1 IoCs

pid	Process
1376	msedgewebview2.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4228 wrote to memory of 1376	4228	Xeno.exe	90
PID 4228 wrote to memory of 1376	4228	Xeno.exe	90
PID 1376 wrote to memory of 2936	1376	msedgewebview2.exe	91
PID 1376 wrote to memory of 2936	1376	msedgewebview2.exe	91
PID 1376 wrote to memory of 3568	1376	msedgewebview2.exe	92
PID 1376 wrote to memory of 3568	1376	msedgewebview2.exe	92
PID 1376 wrote to memory of 3568	1376	msedgewebview2.exe	92
PID 1376 wrote to memory of 3568	1376	msedgewebview2.exe	92
PID 1376 wrote to memory of 3568	1376	msedgewebview2.exe	92
PID 1376 wrote to memory of 3568	1376	msedgewebview2.exe	92
PID 1376 wrote to memory of 3568	1376	msedgewebview2.exe	92
PID 1376 wrote to memory of 3568	1376	msedgewebview2.exe	92
PID 1376 wrote to memory of 3568	1376	msedgewebview2.exe	92
PID 1376 wrote to memory of 3568	1376	msedgewebview2.exe	92
PID 1376 wrote to memory of 3568	1376	msedgewebview2.exe	92
PID 1376 wrote to memory of 3568	1376	msedgewebview2.exe	92
PID 1376 wrote to memory of 3568	1376	msedgewebview2.exe	92
PID 1376 wrote to memory of 3568	1376	msedgewebview2.exe	92
PID 1376 wrote to memory of 3568	1376	msedgewebview2.exe	92
PID 1376 wrote to memory of 3568	1376	msedgewebview2.exe	92
PID 1376 wrote to memory of 3568	1376	msedgewebview2.exe	92
PID 1376 wrote to memory of 3568	1376	msedgewebview2.exe	92
PID 1376 wrote to memory of 3568	1376	msedgewebview2.exe	92
PID 1376 wrote to memory of 3568	1376	msedgewebview2.exe	92
PID 1376 wrote to memory of 3568	1376	msedgewebview2.exe	92
PID 1376 wrote to memory of 3568	1376	msedgewebview2.exe	92
PID 1376 wrote to memory of 3568	1376	msedgewebview2.exe	92
PID 1376 wrote to memory of 3568	1376	msedgewebview2.exe	92
PID 1376 wrote to memory of 3568	1376	msedgewebview2.exe	92
PID 1376 wrote to memory of 3568	1376	msedgewebview2.exe	92
PID 1376 wrote to memory of 3568	1376	msedgewebview2.exe	92
PID 1376 wrote to memory of 3568	1376	msedgewebview2.exe	92
PID 1376 wrote to memory of 3568	1376	msedgewebview2.exe	92
PID 1376 wrote to memory of 3568	1376	msedgewebview2.exe	92
PID 1376 wrote to memory of 3568	1376	msedgewebview2.exe	92
PID 1376 wrote to memory of 3568	1376	msedgewebview2.exe	92
PID 1376 wrote to memory of 3568	1376	msedgewebview2.exe	92
PID 1376 wrote to memory of 3568	1376	msedgewebview2.exe	92
PID 1376 wrote to memory of 3568	1376	msedgewebview2.exe	92
PID 1376 wrote to memory of 3568	1376	msedgewebview2.exe	92
PID 1376 wrote to memory of 3568	1376	msedgewebview2.exe	92
PID 1376 wrote to memory of 3568	1376	msedgewebview2.exe	92
PID 1376 wrote to memory of 3568	1376	msedgewebview2.exe	92
PID 1376 wrote to memory of 3568	1376	msedgewebview2.exe	92
PID 1376 wrote to memory of 3568	1376	msedgewebview2.exe	92
PID 1376 wrote to memory of 3568	1376	msedgewebview2.exe	92
PID 1376 wrote to memory of 3568	1376	msedgewebview2.exe	92
PID 1376 wrote to memory of 3568	1376	msedgewebview2.exe	92
PID 1376 wrote to memory of 3568	1376	msedgewebview2.exe	92
PID 1376 wrote to memory of 3568	1376	msedgewebview2.exe	92
PID 1376 wrote to memory of 3568	1376	msedgewebview2.exe	92
PID 1376 wrote to memory of 3568	1376	msedgewebview2.exe	92
PID 1376 wrote to memory of 3568	1376	msedgewebview2.exe	92
PID 1376 wrote to memory of 3568	1376	msedgewebview2.exe	92
PID 1376 wrote to memory of 3568	1376	msedgewebview2.exe	92
PID 1376 wrote to memory of 2884	1376	msedgewebview2.exe	93
PID 1376 wrote to memory of 2884	1376	msedgewebview2.exe	93
PID 1376 wrote to memory of 3492	1376	msedgewebview2.exe	94
PID 1376 wrote to memory of 3492	1376	msedgewebview2.exe	94
PID 1376 wrote to memory of 3492	1376	msedgewebview2.exe	94
PID 1376 wrote to memory of 3492	1376	msedgewebview2.exe	94
PID 1376 wrote to memory of 3492	1376	msedgewebview2.exe	94
PID 1376 wrote to memory of 3492	1376	msedgewebview2.exe	94
PID 1376 wrote to memory of 3492	1376	msedgewebview2.exe	94

C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe
"C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe"
1⤵
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4228
- C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=Xeno.exe --webview-exe-version=1.1.0+87ae4f96f8a0927052c1120167982fb069afd1b4 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --mojo-named-platform-channel-pipe=4228.4220.4965667791943354656
  2⤵
  - Drops file in Program Files directory
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of WriteProcessMemory
  PID:1376
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=132.0.6834.160 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=132.0.2957.140 --initial-client-data=0x15c,0x160,0x164,0x13c,0x16c,0x7ffc6bd8b078,0x7ffc6bd8b084,0x7ffc6bd8b090
    3⤵
    PID:2936
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=gpu-process --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView" --webview-exe-name=Xeno.exe --webview-exe-version=1.1.0+87ae4f96f8a0927052c1120167982fb069afd1b4 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1700,i,14369461613094034847,8321435307583860220,262144 --variations-seed-version --mojo-platform-channel-handle=1696 /prefetch:2
    3⤵
    PID:3568
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView" --webview-exe-name=Xeno.exe --webview-exe-version=1.1.0+87ae4f96f8a0927052c1120167982fb069afd1b4 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=2044,i,14369461613094034847,8321435307583860220,262144 --variations-seed-version --mojo-platform-channel-handle=1920 /prefetch:3
    3⤵
    PID:2884
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView" --webview-exe-name=Xeno.exe --webview-exe-version=1.1.0+87ae4f96f8a0927052c1120167982fb069afd1b4 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=2380,i,14369461613094034847,8321435307583860220,262144 --variations-seed-version --mojo-platform-channel-handle=2372 /prefetch:8
    3⤵
    PID:3492
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView" --webview-exe-name=Xeno.exe --webview-exe-version=1.1.0+87ae4f96f8a0927052c1120167982fb069afd1b4 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --always-read-main-dll --field-trial-handle=3600,i,14369461613094034847,8321435307583860220,262144 --variations-seed-version --mojo-platform-channel-handle=3608 /prefetch:1
    3⤵
    PID:1712
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView" --webview-exe-name=Xeno.exe --webview-exe-version=1.1.0+87ae4f96f8a0927052c1120167982fb069afd1b4 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=1224,i,14369461613094034847,8321435307583860220,262144 --variations-seed-version --mojo-platform-channel-handle=4604 /prefetch:8
    3⤵
    PID:2012
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView" --webview-exe-name=Xeno.exe --webview-exe-version=1.1.0+87ae4f96f8a0927052c1120167982fb069afd1b4 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=4800,i,14369461613094034847,8321435307583860220,262144 --variations-seed-version --mojo-platform-channel-handle=4592 /prefetch:8
    3⤵
    PID:5084
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView" --webview-exe-name=Xeno.exe --webview-exe-version=1.1.0+87ae4f96f8a0927052c1120167982fb069afd1b4 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=4568,i,14369461613094034847,8321435307583860220,262144 --variations-seed-version --mojo-platform-channel-handle=4692 /prefetch:8
    3⤵
    PID:2348
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView" --webview-exe-name=Xeno.exe --webview-exe-version=1.1.0+87ae4f96f8a0927052c1120167982fb069afd1b4 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=4700,i,14369461613094034847,8321435307583860220,262144 --variations-seed-version --mojo-platform-channel-handle=4768 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4124
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView" --webview-exe-name=Xeno.exe --webview-exe-version=1.1.0+87ae4f96f8a0927052c1120167982fb069afd1b4 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=4228,i,14369461613094034847,8321435307583860220,262144 --variations-seed-version --mojo-platform-channel-handle=4248 /prefetch:8
    3⤵
    PID:2912
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView" --webview-exe-name=Xeno.exe --webview-exe-version=1.1.0+87ae4f96f8a0927052c1120167982fb069afd1b4 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=4248,i,14369461613094034847,8321435307583860220,262144 --variations-seed-version --mojo-platform-channel-handle=4220 /prefetch:8
    3⤵
    PID:3460
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView" --webview-exe-name=Xeno.exe --webview-exe-version=1.1.0+87ae4f96f8a0927052c1120167982fb069afd1b4 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=2212,i,14369461613094034847,8321435307583860220,262144 --variations-seed-version --mojo-platform-channel-handle=4604 /prefetch:8
    3⤵
    PID:1060
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView" --webview-exe-name=Xeno.exe --webview-exe-version=1.1.0+87ae4f96f8a0927052c1120167982fb069afd1b4 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=4684,i,14369461613094034847,8321435307583860220,262144 --variations-seed-version --mojo-platform-channel-handle=4680 /prefetch:8
    3⤵
    PID:3088
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView" --webview-exe-name=Xeno.exe --webview-exe-version=1.1.0+87ae4f96f8a0927052c1120167982fb069afd1b4 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=4244,i,14369461613094034847,8321435307583860220,262144 --variations-seed-version --mojo-platform-channel-handle=4740 /prefetch:8
    3⤵
    PID:228
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView" --webview-exe-name=Xeno.exe --webview-exe-version=1.1.0+87ae4f96f8a0927052c1120167982fb069afd1b4 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=4440,i,14369461613094034847,8321435307583860220,262144 --variations-seed-version --mojo-platform-channel-handle=4696 /prefetch:8
    3⤵
    PID:4932

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping1376_1364255464\manifest.fingerprint

Filesize
66B

MD5
496b05677135db1c74d82f948538c21c

SHA1
e736e675ca5195b5fc16e59fb7de582437fb9f9a

SHA256
df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7

SHA512
8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1376_1364255464\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1376_1475815241\manifest.json

Filesize
1003B

MD5
578c9dbc62724b9d481ec9484a347b37

SHA1
a6f5a3884fd37b7f04f93147f9498c11ed5c2c2d

SHA256
005a2386e5da2e6a5975f1180fe9b325da57c61c0b4f1b853b8bcf66ec98f0a0

SHA512
2060eb35fb0015926915f603c8e1742b448a21c5a794f9ec2bebd04e170184c60a31cee0682f4fd48b65cff6ade70befd77ba0446cc42d6fe1de68d93b8ea640

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1376_1659288103\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1376_1675096726\manifest.json

Filesize
102B

MD5
a64e2a4236e705215a3fd5cb2697a71f

SHA1
1c73e6aad8f44ade36df31a23eaaf8cd0cae826d

SHA256
014e9fc1219beefc428ec749633125c9bff7febc3be73a14a8f18a6691cd2846

SHA512
75b30c0c8cef490aaf923afbdb5385d4770de82e698f71f8f126a6af5ef16f3a90d0c27687f405274177b1a5250436efddd228a6d2949651f43bd926e8a1cc99

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1376_1827278835\hyph-as.hyb

Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1376_1827278835\hyph-hi.hyb

Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1376_1827278835\hyph-nb.hyb

Filesize
141KB

MD5
677edd1a17d50f0bd11783f58725d0e7

SHA1
98fedc5862c78f3b03daed1ff9efbe5e31c205ee

SHA256
c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

SHA512
c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1376_1827278835\manifest.json

Filesize
82B

MD5
2617c38bed67a4190fc499142b6f2867

SHA1
a37f0251cd6be0a6983d9a04193b773f86d31da1

SHA256
d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665

SHA512
b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1376_2144464578\manifest.json

Filesize
43B

MD5
af3a9104ca46f35bb5f6123d89c25966

SHA1
1ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8

SHA256
81bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea

SHA512
6a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1376_760586546\manifest.json

Filesize
116B

MD5
2188c7ec4e86e29013803d6b85b0d5bb

SHA1
5a9b4a91c63e0013f661dfc472edb01385d0e3ce

SHA256
ac47cc331bb96271da2140941926a8accc6cb7599a6f3c17bd31c78f46709a62

SHA512
37c21eaff24a54c2c7571e480ff4f349267e4404111508f241f54a41542ce06bcde4c830c6e195fc48d1bf831ed1fe78da361d1e43416cfd6c02afa8188af656

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1376_933093209\manifest.json

Filesize
76B

MD5
ba25fcf816a017558d3434583e9746b8

SHA1
be05c87f7adf6b21273a4e94b3592618b6a4a624

SHA256
0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11

SHA512
3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f

Download Submit
C:\Users\Admin\AppData\Local\Temp\XENO_CACHE.bin

Filesize
28B

MD5
78d58a032761f1b9767ce9a961560a55

SHA1
16e75b82eb992b85361cfa782e2eac73f627717e

SHA256
895c607361d12436b3c82f8e233278f594d1de2ac032fd9534670a26f9bd5ce5

SHA512
4395ec8d0e057016daa654d94aeac4aea172814193ee9c3d5717093636db0972fea522a5e0596427b7c89cc2ab7f10c9be7c103b12b0c4151fc7b221d13e0f0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
b358ca599940cdccf5695d0cba0e7790

SHA1
58ca76d4b26a8fc54dd0a6026f6b259baf12300d

SHA256
05a07795fcb3ea84875b0108d44900ee5dcbd6698a9c74c205612e673369b28c

SHA512
bab206af1623ac5153e9e05a7fcecbb09873c36f6cf1c02b812660a77b0150bbe7c31636bb6bd1280eddcd8f1497d8b50a538020f4ff03fe8cb9d0cb58bed96a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
4b9c67ea03833f7fec683c6bf405731f

SHA1
c461352c09b54ea7f1dda57998aa6e158f3f00e6

SHA256
d2971fe6fbf4ef2b215e21c7ddcf0a6a1725d3186cc13cac9eb13ab428a96f80

SHA512
8aabf2f0d00034f014ae238ef5a62452bbbc775bcebeda4623a13bea7d1a37c3f0b0e5d2ea6babd0936d312a4f4ef4579466ae31cde45f78be6852f955b2e8d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Default\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Default\DawnWebGPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Default\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Default\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Default\Extension Rules\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Default\Network\Network Persistent State

Filesize
229B

MD5
5c9f79435fd36dd2a8914a542651f839

SHA1
81f4f5faf2f14d448626b3f49618d11fd4295cad

SHA256
153938ecc186cd98a2f1ebd1f53ae88cfe9d9884bd470e9166a53348a071fb2b

SHA512
0e7cf3372f919b11b0c6341bc4df2bb8ba5106463b06c74f0736b14755fa23a78db7e9b3111938570225435169bd01f7198b6124007defa77e90bbe21fd14588

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Default\Network\Network Persistent State~RFe58a544.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Default\Preferences

Filesize
6KB

MD5
21ac274102f4a3996930f84431ab4f64

SHA1
91753a0d042a94d8e05d0850d41636649d9baf16

SHA256
fb01591d6151ed11d4c807baa80804c0e6772f422cdd4d648af6c29b8db82000

SHA512
457f5d1234e23863d686999bef6ac88cf1de2352825a8b3a0d82e6ed0346494376e09bc26ce5be6131b7236d940e862b81953c93bdf43aa011bf2f27da127103

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Default\Preferences~RFe582e7d.TMP

Filesize
6KB

MD5
29c18844a1a477c8934ab5461d4b6d5e

SHA1
7991fe72081b7ec5c7f7d35d49780620be2f67b2

SHA256
88bb9c8413b9ed6071f92ea67c94cb3022a74f146989cdfe9084a2e1615ad2b4

SHA512
0b2560f9a9abfa596b16c3cfb915ab8b0e140d89f659a49af1ca3d9a18803504df1bc092f8b0dd461facaf9580a5b986ff61241e97c41938ab01aba324523df2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Local State

Filesize
2KB

MD5
f3739a87931b60e21a026588bca635ae

SHA1
9f3964af2ff08db8acb7cecb2f886edb48515c77

SHA256
ae813f910f33ae56f7eaf74dac181e2e25ab42489f34af7a85a7f6c64ec1efa5

SHA512
2e28e729936b4e667770be7f1f4c7fe49c96a4e774c7691e24cffaa9f632ec21969926b5405619e45a048ba6ce5b8b4c01157a2caed6caffe8a1978e81a08340

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Local State

Filesize
16KB

MD5
a09258434fe1dbdbd31fd00ef996b087

SHA1
9c0e6f3eadc6d2dca59d6444907c7bfeb172deab

SHA256
37fae7f7c20f145e2459c4ce9e3d4eceb515fc2e33d8885b612d7e74e854221e

SHA512
90f9277631c08f7531d03487f02576e4926a4c24f9da3227f2d81a1fd4c51c55bd80219e5c111563ddad9c2edc52d3759adb437f87d94714f404c3ed8be6bf31

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Local State

Filesize
3KB

MD5
0e2efd3792b0b7ffb56eddc0c2610e90

SHA1
487eb0ac637416cf4badb2cb132b32b6ef72b113

SHA256
1b52646768f2fc5cfb398c4859d3ea151c1e4831c29e48b86eb1cdc26ec8da37

SHA512
95ffe280aa7cd05df60dcb09ffa0e1e4046c44fcdf20ad16ca8d77a9b203ca896433917a168a5247998f77e2ee5db82efa7320f57cebced6cda4497de7bcd7dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Local State

Filesize
1KB

MD5
28cdb1138200088efab618200388b13b

SHA1
2d92f68d64436d2b84b24ddd9b6d8ca53df0a0ba

SHA256
c4f5a74b10c17625d6a3a5a4690779e66f18d3ed6258267039ddaf45ed10306c

SHA512
f2328481277b6955f8dab62b66ffb2c8335055489fe95468c4833e0136423f359037ba376ec82ceb1472d6a108e12fe84bd83ad66dd3bb1d87ebdd509b20ad7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Local State~RFe578fdc.TMP

Filesize
1KB

MD5
c23b12202d760cd7ea597adfa346ddf9

SHA1
d20e9d565456f671bd4be62cb766ca5bad00b20a

SHA256
7d694e26b8b447f4921479dc390827e6d306cc68735364e65a7259682a11a227

SHA512
75b9eba294d08845626858c5818f61e0a990b7a6003e7329f20212e6136b3fa1a7cdc1392b87b53444f187cb0c4545b41560bb4fbb6a87b6ed234362ae2b85af

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\PKIMetadata\22.0.0.0\crs.pb

Filesize
289KB

MD5
2b59269e7efdd95ba14eeb780dfb98c2

SHA1
b3f84cbc37a79eeecb8f1f39b615577d78600096

SHA256
ff2ced650772249abb57f6f19c5d0322d6df22c85c7cf2be193b6134e1b95172

SHA512
e4b454db2248021e0d198805ea54f1c0cfd84b9716a9348b1d0e0acb7c6fb5dd0839e532a5eb6d4410ab759d6688dd6cce8375ad55a150d738d280993142e9d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\PKIMetadata\22.0.0.0\ct_config.pb

Filesize
8KB

MD5
811b65320a82ebd6686fabf4bb1cb81a

SHA1
c660d448114043babec5d1c9c2584df6fab7f69b

SHA256
52687dd0c06f86a2298a4442ab8afa9b608271ec01a67217d7b58dab7e507bdf

SHA512
33350cce447508269b7714d9e551560553e020d6acf37a6a6021dc497d4008ce9e532dd615ad68872d75da22ac2039ef0b4fa70c23ec4b58043c468d5d75fd81

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\PKIMetadata\22.0.0.0\kp_pinslist.pb

Filesize
11KB

MD5
0779206f78d8b0d540445a10cb51670c

SHA1
67f0f916be73bf5cffd3f4c4aa8d122c7d73ad54

SHA256
bf0945921058b9e67db61e6a559531af2f9b78d5fbedb0b411384225bdd366ec

SHA512
4140b2debe9c0b04e1e59be1387dca0e8e2f3cbc1f67830cbc723864acc2276cde9529295dcb4138fa0e2e116416658753fe46901dfa572bdfe6c7fb67bd8478

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.57\Filtering Rules

Filesize
1.8MB

MD5
d7c9c6d2e1d9ae242d68a8316f41198c

SHA1
8d2ddccc88a10468e5bffad1bd377be82d053357

SHA256
f215127185b2ee6b01e12b6ca75d3e5c4e454598dd4aed36124ae13d59afd547

SHA512
7fd14824e9200dd99e1fd2cee402656dc0cfc3d0a60058c5eb05c68e9e65b7f0b47e550fb4d6c2b59eba204dbf3ef9e69dc9723b43a9b3ccd5412d6b77715fc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.57\LICENSE

Filesize
24KB

MD5
aad9405766b20014ab3beb08b99536de

SHA1
486a379bdfeecdc99ed3f4617f35ae65babe9d47

SHA256
ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d

SHA512
bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
memory/1712-131-0x00007FFC8FE70000-0x00007FFC8FE71000-memory.dmp

Filesize
4KB

Download
memory/3492-65-0x00007FFC8DF90000-0x00007FFC8DF91000-memory.dmp

Filesize
4KB

Download
memory/3492-64-0x00007FFC8EBF0000-0x00007FFC8EBF1000-memory.dmp

Filesize
4KB

Download
memory/3568-35-0x00007FFC8FE70000-0x00007FFC8FE71000-memory.dmp

Filesize
4KB

Download
memory/4124-711-0x000001F8B1D30000-0x000001F8B1D31000-memory.dmp

Filesize
4KB

Download
memory/4124-710-0x000001F8B1D30000-0x000001F8B1D31000-memory.dmp

Filesize
4KB

Download
memory/4124-712-0x000001F8B1D30000-0x000001F8B1D31000-memory.dmp

Filesize
4KB

Download
memory/4124-713-0x000001F8B1D30000-0x000001F8B1D31000-memory.dmp

Filesize
4KB

Download
memory/4124-714-0x000001F8B1D30000-0x000001F8B1D31000-memory.dmp

Filesize
4KB

Download
memory/4124-715-0x000001F8B1D30000-0x000001F8B1D31000-memory.dmp

Filesize
4KB

Download
memory/4124-709-0x000001F8B1D30000-0x000001F8B1D31000-memory.dmp

Filesize
4KB

Download
memory/4124-704-0x000001F8B1D30000-0x000001F8B1D31000-memory.dmp

Filesize
4KB

Download
memory/4124-705-0x000001F8B1D30000-0x000001F8B1D31000-memory.dmp

Filesize
4KB

Download
memory/4124-703-0x000001F8B1D30000-0x000001F8B1D31000-memory.dmp

Filesize
4KB

Download