4e671c40d9d780b85f8a44aa50a5c175a9f2c2a0a530e450a981905713ec5378

Resubmissions

02/04/2025, 22:36

250402-2h95esxpz5 3

30/03/2025, 19:46

29/03/2025, 19:55

29/03/2025, 19:55

29/03/2025, 18:18

29/03/2025, 10:24

29/03/2025, 00:19

28/03/2025, 22:33

Analysis

max time kernel
149s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2025, 18:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Xeno-v1.1.65/Xeno.exe
Size

140KB
MD5

70797e0760472325728ba786ca208976
SHA1

8912f23afbe8b78a9582f2a458b89a7fd697e638
SHA256

20744d38bc27d656a095e57bef62a44f5f6317de3672020e8a4a1e1057545764
SHA512

787f172cbc18eeb4f8e88420377459f37918edc9aec0105566f9e79555a962d6e89d7d0d6b791475282b2c5fb093c9e85544794639ad2771d9ca4a0e5b456477
SSDEEP

3072:h+f4nYTC3LwjBzaQhlG4a7qWdCXdXxuZjwxfBoy:h+f4nKvaQhcF7qI+xuZjwxB

Score

6^/10

defense_evasion discovery trojan

Malware Config

Signatures

Checks whether UAC is enabled 1 TTPs 1 IoCs

defense_evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Xeno.exe

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedgewebview2.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133877459876249005"	msedgewebview2.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4196	Xeno.exe
4196	Xeno.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 1 IoCs

pid	Process
4488	msedgewebview2.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4196 wrote to memory of 4488	4196	Xeno.exe	89
PID 4196 wrote to memory of 4488	4196	Xeno.exe	89
PID 4488 wrote to memory of 1516	4488	msedgewebview2.exe	90
PID 4488 wrote to memory of 1516	4488	msedgewebview2.exe	90
PID 4488 wrote to memory of 2612	4488	msedgewebview2.exe	91
PID 4488 wrote to memory of 2612	4488	msedgewebview2.exe	91
PID 4488 wrote to memory of 2612	4488	msedgewebview2.exe	91
PID 4488 wrote to memory of 2612	4488	msedgewebview2.exe	91
PID 4488 wrote to memory of 2612	4488	msedgewebview2.exe	91
PID 4488 wrote to memory of 2612	4488	msedgewebview2.exe	91
PID 4488 wrote to memory of 2612	4488	msedgewebview2.exe	91
PID 4488 wrote to memory of 2612	4488	msedgewebview2.exe	91
PID 4488 wrote to memory of 2612	4488	msedgewebview2.exe	91
PID 4488 wrote to memory of 2612	4488	msedgewebview2.exe	91
PID 4488 wrote to memory of 2612	4488	msedgewebview2.exe	91
PID 4488 wrote to memory of 2612	4488	msedgewebview2.exe	91
PID 4488 wrote to memory of 2612	4488	msedgewebview2.exe	91
PID 4488 wrote to memory of 2612	4488	msedgewebview2.exe	91
PID 4488 wrote to memory of 2612	4488	msedgewebview2.exe	91
PID 4488 wrote to memory of 2612	4488	msedgewebview2.exe	91
PID 4488 wrote to memory of 2612	4488	msedgewebview2.exe	91
PID 4488 wrote to memory of 2612	4488	msedgewebview2.exe	91
PID 4488 wrote to memory of 2612	4488	msedgewebview2.exe	91
PID 4488 wrote to memory of 2612	4488	msedgewebview2.exe	91
PID 4488 wrote to memory of 2612	4488	msedgewebview2.exe	91
PID 4488 wrote to memory of 2612	4488	msedgewebview2.exe	91
PID 4488 wrote to memory of 2612	4488	msedgewebview2.exe	91
PID 4488 wrote to memory of 2612	4488	msedgewebview2.exe	91
PID 4488 wrote to memory of 2612	4488	msedgewebview2.exe	91
PID 4488 wrote to memory of 2612	4488	msedgewebview2.exe	91
PID 4488 wrote to memory of 2612	4488	msedgewebview2.exe	91
PID 4488 wrote to memory of 2612	4488	msedgewebview2.exe	91
PID 4488 wrote to memory of 2612	4488	msedgewebview2.exe	91
PID 4488 wrote to memory of 2612	4488	msedgewebview2.exe	91
PID 4488 wrote to memory of 2612	4488	msedgewebview2.exe	91
PID 4488 wrote to memory of 2612	4488	msedgewebview2.exe	91
PID 4488 wrote to memory of 2612	4488	msedgewebview2.exe	91
PID 4488 wrote to memory of 2612	4488	msedgewebview2.exe	91
PID 4488 wrote to memory of 2612	4488	msedgewebview2.exe	91
PID 4488 wrote to memory of 2612	4488	msedgewebview2.exe	91
PID 4488 wrote to memory of 2612	4488	msedgewebview2.exe	91
PID 4488 wrote to memory of 2612	4488	msedgewebview2.exe	91
PID 4488 wrote to memory of 2612	4488	msedgewebview2.exe	91
PID 4488 wrote to memory of 2612	4488	msedgewebview2.exe	91
PID 4488 wrote to memory of 2612	4488	msedgewebview2.exe	91
PID 4488 wrote to memory of 2612	4488	msedgewebview2.exe	91
PID 4488 wrote to memory of 2612	4488	msedgewebview2.exe	91
PID 4488 wrote to memory of 2612	4488	msedgewebview2.exe	91
PID 4488 wrote to memory of 2612	4488	msedgewebview2.exe	91
PID 4488 wrote to memory of 2612	4488	msedgewebview2.exe	91
PID 4488 wrote to memory of 2612	4488	msedgewebview2.exe	91
PID 4488 wrote to memory of 2612	4488	msedgewebview2.exe	91
PID 4488 wrote to memory of 2612	4488	msedgewebview2.exe	91
PID 4488 wrote to memory of 2612	4488	msedgewebview2.exe	91
PID 4488 wrote to memory of 2612	4488	msedgewebview2.exe	91
PID 4488 wrote to memory of 2728	4488	msedgewebview2.exe	92
PID 4488 wrote to memory of 2728	4488	msedgewebview2.exe	92
PID 4488 wrote to memory of 3168	4488	msedgewebview2.exe	93
PID 4488 wrote to memory of 3168	4488	msedgewebview2.exe	93
PID 4488 wrote to memory of 3168	4488	msedgewebview2.exe	93
PID 4488 wrote to memory of 3168	4488	msedgewebview2.exe	93
PID 4488 wrote to memory of 3168	4488	msedgewebview2.exe	93
PID 4488 wrote to memory of 3168	4488	msedgewebview2.exe	93
PID 4488 wrote to memory of 3168	4488	msedgewebview2.exe	93

C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe
"C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe"
1⤵
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4196
- C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=Xeno.exe --webview-exe-version=1.1.0+87ae4f96f8a0927052c1120167982fb069afd1b4 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --mojo-named-platform-channel-pipe=4196.2108.4758317126951493474
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of WriteProcessMemory
  PID:4488
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=132.0.6834.160 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=132.0.2957.140 --initial-client-data=0x15c,0x160,0x164,0x138,0x16c,0x7ff9bfd1b078,0x7ff9bfd1b084,0x7ff9bfd1b090
    3⤵
    PID:1516
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=gpu-process --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView" --webview-exe-name=Xeno.exe --webview-exe-version=1.1.0+87ae4f96f8a0927052c1120167982fb069afd1b4 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1728,i,4223124752445526127,13266173669429163231,262144 --variations-seed-version --mojo-platform-channel-handle=1716 /prefetch:2
    3⤵
    PID:2612
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView" --webview-exe-name=Xeno.exe --webview-exe-version=1.1.0+87ae4f96f8a0927052c1120167982fb069afd1b4 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=1376,i,4223124752445526127,13266173669429163231,262144 --variations-seed-version --mojo-platform-channel-handle=2040 /prefetch:3
    3⤵
    PID:2728
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView" --webview-exe-name=Xeno.exe --webview-exe-version=1.1.0+87ae4f96f8a0927052c1120167982fb069afd1b4 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=2364,i,4223124752445526127,13266173669429163231,262144 --variations-seed-version --mojo-platform-channel-handle=2380 /prefetch:8
    3⤵
    PID:3168
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView" --webview-exe-name=Xeno.exe --webview-exe-version=1.1.0+87ae4f96f8a0927052c1120167982fb069afd1b4 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --always-read-main-dll --field-trial-handle=3576,i,4223124752445526127,13266173669429163231,262144 --variations-seed-version --mojo-platform-channel-handle=3584 /prefetch:1
    3⤵
    PID:2376
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView" --webview-exe-name=Xeno.exe --webview-exe-version=1.1.0+87ae4f96f8a0927052c1120167982fb069afd1b4 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=4436,i,4223124752445526127,13266173669429163231,262144 --variations-seed-version --mojo-platform-channel-handle=692 /prefetch:8
    3⤵
    PID:4760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\XENO_CACHE.bin

Filesize
28B

MD5
78d58a032761f1b9767ce9a961560a55

SHA1
16e75b82eb992b85361cfa782e2eac73f627717e

SHA256
895c607361d12436b3c82f8e233278f594d1de2ac032fd9534670a26f9bd5ce5

SHA512
4395ec8d0e057016daa654d94aeac4aea172814193ee9c3d5717093636db0972fea522a5e0596427b7c89cc2ab7f10c9be7c103b12b0c4151fc7b221d13e0f0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
282c57773825b695985ad697083fa16f

SHA1
5c599490db0efeb2b114876514d2a63f7a44b102

SHA256
c0edfe47a1e90b4549f5d73433aef4f7ee18ef8635c5f10908aa1d2a7c991e18

SHA512
e1471053789c3d84a62a2efcdbf49f89f7c520050f86703be3a08e0b041f48b86fea8ec7e61688db5a7aa16abc401efc6f0de014faf58c1109ab7221bf88e614

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
f3814ab0c9a656b26da8e9fabea94eea

SHA1
d4557dc5646209f98d9c56b166d3fb808e121625

SHA256
9458a2e02e7731dc0a8a6e49c688b362a86f4537b5e3f48495c780196322d165

SHA512
3e06e21e39e818c0e59be088d28aa65889d87d948805b98c90acc0774e95d2c1f33a61c1e1f4dd13a650bd689e94ad49b975513af5470f045cf5eab6698454af

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Default\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Default\DawnWebGPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Default\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Default\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Default\Extension Rules\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Default\Preferences

Filesize
6KB

MD5
0ed0c1ccfe6b7efccb5fe9b6f97a0a59

SHA1
574af3c52d52735cae2390759a70825ea391103a

SHA256
f95f894fad38914323d6950cb24b002e2e2799836b0e14d288e2685bfd9154e5

SHA512
98091ceea1c964f3e122983c364c71f5133159288a4b40bc9b53dcad907132b617ee5414ba83bbd00c94e769d24523a821d5fb5e5e5b0fa191a57a16daefc4e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Default\Preferences~RFe583d43.TMP

Filesize
5KB

MD5
c361ea9f895a66dc48b95539a0c27e6b

SHA1
76e8e2df13d90be02ada8241677ce7a653eff167

SHA256
fb6643e482a4db0e7178224e0c43d30532d5f9733bf6771e069c3c46c9d3da4a

SHA512
aa3c24aa6b9c532172c16099eb3bbbf6872a01dcc05c3e1d3a9031c4bb6f9f140c47ff303ffdebc9a9386c4589ec9ca92e4cc0d22da338dba685b6072c05503f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Local State

Filesize
1KB

MD5
295fa767c38c65067a67a49570a17c8e

SHA1
06499653f80f7eaade523ea4a62f69a5d5069f2f

SHA256
aa392387098d61e1283ab639426df09dad3b2f89bbef0f568e0b21eb1d0ba735

SHA512
44b2ee480836b40012fa52e6fc3a0ed7d54daec4d61915c0469002236d84d773512670a57f539a93b82cc51b989690a99471548752498a82d8c863cd814f0d52

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Local State

Filesize
3KB

MD5
dec0f837d087c57b00156ba5a83a9412

SHA1
5e7054b21c229118922ebcbb1b71287e965d938a

SHA256
e55dfdebac2d229dbc78f9c865cb065acf2e534af648ee9d35eacc084d36b87f

SHA512
4ae4df8e0685218cf421cedd7d5a1c8765cf8a6e9a7ddb587558e69bed7759310c1ddc32cf3d7539a51a97ee31a7aa0da21113d72802d7922723b7c194599798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Local State

Filesize
2KB

MD5
64cc3ba5e26ce2e2083200afa514c64d

SHA1
add398d1f917152560add3337bc246f433cba5ce

SHA256
a77758bdf6879b53e8c9fbfc197285303a5acc7036c5ca2d29814db373f20a73

SHA512
59b115e5ec74eb4ed67e3228fb2dd6bac7da2d2a62ba33f506d670a95feb4f7c0d08010bc5fcd49d88474ffc1ff1b209c62572a2d89508c36d99295863772744

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Local State

Filesize
3KB

MD5
6c9d576fae6f30685890f3af2373a317

SHA1
dd94f969cebadf2e4d5fe56f1f21a8e3254110b0

SHA256
fb60dc5af258369963255e3e750ae0e87ddbe8e5a1043d26d2b7140e46038046

SHA512
30b4340060d3fe989bed6df7aa8762cd20372d6ab7911c8d36b13b8fe55e584977257f91f340f307c0c519efdee4504dcb08e5b689a657fb19d7ad3432599c39

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Local State

Filesize
3KB

MD5
9f46eae575cd9c0f7cd6d5b9eaccc904

SHA1
ea7656b7faab5f83e90c18ba13a1543d074b4b1d

SHA256
254c27ced1589ab01efc671a740d93476997a0ff77ab16f19c436ff883f59473

SHA512
fd85da8e90463a6f7fb48533417c673fd32a55348b89ad8c0daac72949ef1c347b38d4d3b8c271ac54763dbe3cd4675c1228e02d7f3f60cf7bf20898b383a124

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Local State

Filesize
4KB

MD5
854dec223cf3dd48c9b69c60e44f4a9d

SHA1
c15d9997d8b82c6d3edcc6d3148d7b049bba44e7

SHA256
74abce27843e0e7d08435c9042a4f9467ca6f0ba391cea6e8d1f2b46b7b415cc

SHA512
3f1b2a53fd3cad91e72a3d10f4d70db52e61c1398f8dc88ad2f30dee752bbb8ade4bd4701883b7b33e8e29226d7f2bff9573643bb2c22b4c8853a5f579e10df5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Local State

Filesize
4KB

MD5
517e8f634a9c73122cfe00f3630af23c

SHA1
5db730297c6a87953a4bb6315934f0f52fead29d

SHA256
63c7f51718fd739f2f11f33822f0db60d4e028833ea2f4eeb46ce2063ab1d338

SHA512
b1a35a401cfc22922992defd359f5bf3c3546e4f902ac8e21ce7e060fd569a88a2f2df7d86ec2f316626216b9d2a2740973a89c9d6c3ee533f6820d12e8acb79

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.65\Xeno.exe.WebView2\EBWebView\Local State~RFe579e53.TMP

Filesize
1KB

MD5
57bad3bade52e7b1e77bc91e3790e922

SHA1
fa60e1c7fd72059da9b5612f66acc92e8ddccfdf

SHA256
8cb9b75d66eca57726f2fe19c961de7d452d0ec3463eae657fccaabe6d7af783

SHA512
e8c07baa56f96251ebafc51221355c5296571b0b1a528e36e5545b36404fb4410822f6625bbdce56e26353894b4f15c85197b17dd9eb174130a7998869c814c8

Download Submit
memory/2376-115-0x00007FF9E4520000-0x00007FF9E4521000-memory.dmp

Filesize
4KB

Download
memory/2612-36-0x00007FF9E4520000-0x00007FF9E4521000-memory.dmp

Filesize
4KB

Download