File name:

Xeno-v1.0.85-x64 (1).zip

Full analysis: https://app.any.run/tasks/b8484ccf-a402-426b-b9c5-53640e5ae0f8
Verdict: Malicious activity
Analysis date: October 21, 2024, 13:41:12
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
arch-exec
arch-scr
arch-html
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract, compression method=store
MD5:

67B3006DC1D5A86A75FE88DEB68A0A97

SHA1:

D34B609EEAC92A55109C6D3EDDD115B180439699

SHA256:

C3023707C8A7D5B5B34D7E49E975ACAD94F5A91D204B45DC7E565DFA79F17611

SSDEEP:

98304:eEUopwMqtsoEXKMMixHQnAYaIt4xIDvJTu9043df5zznZGERwstZ3+gecrRTZp8F:PkwG657A

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Generic archive extractor

      • WinRAR.exe (PID: 6784)

  • SUSPICIOUS

    • Starts a Microsoft application from unusual location

      • windowsdesktop-runtime-8.0.10-win-x64.exe (PID: 2416)
      • windowsdesktop-runtime-8.0.10-win-x64.exe (PID: 6852)
      • MicrosoftEdgeUpdate.exe (PID: 6148)

    • Process drops legitimate windows executable

      • windowsdesktop-runtime-8.0.10-win-x64.exe (PID: 3848)
      • windowsdesktop-runtime-8.0.10-win-x64.exe (PID: 2416)
      • windowsdesktop-runtime-8.0.10-win-x64.exe (PID: 6852)
      • WinRAR.exe (PID: 6784)
      • MicrosoftEdgeWebView2RuntimeInstallerX64.exe (PID: 6912)
      • MicrosoftEdgeWebview_X64_130.0.2849.46.exe (PID: 7696)
      • MicrosoftEdgeUpdate.exe (PID: 6148)
      • setup.exe (PID: 7924)
      • msiexec.exe (PID: 7488)

    • Starts itself from another location

      • windowsdesktop-runtime-8.0.10-win-x64.exe (PID: 2416)
      • MicrosoftEdgeUpdate.exe (PID: 6148)

    • Executable content was dropped or overwritten

      • windowsdesktop-runtime-8.0.10-win-x64.exe (PID: 6852)
      • MicrosoftEdgeWebView2RuntimeInstallerX64.exe (PID: 6912)
      • MicrosoftEdgeUpdate.exe (PID: 6148)
      • windowsdesktop-runtime-8.0.10-win-x64.exe (PID: 2416)
      • setup.exe (PID: 7924)
      • windowsdesktop-runtime-8.0.10-win-x64.exe (PID: 3848)
      • MicrosoftEdgeWebview_X64_130.0.2849.46.exe (PID: 7696)

    • Executes application which crashes

      • Xeno.exe (PID: 6872)
      • Xeno.exe (PID: 712)
      • Xeno.exe (PID: 7424)
      • Xeno.exe (PID: 6404)

    • Application launched itself

      • setup.exe (PID: 7924)
      • MicrosoftEdgeUpdate.exe (PID: 7956)

    • The process drops C-runtime libraries

      • msiexec.exe (PID: 7488)

  • INFO

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 6784)
      • msiexec.exe (PID: 7488)
      • msedge.exe (PID: 2132)
      • msedge.exe (PID: 4684)

    • Manual execution by a user

      • Xeno.exe (PID: 6312)
      • Xeno.exe (PID: 6872)
      • Xeno.exe (PID: 6404)
      • Xeno.exe (PID: 7424)
      • Xeno.exe (PID: 712)

    • Application launched itself

      • msedge.exe (PID: 4684)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (36.3)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: None
ZipModifyDate: 2024:10:17 16:49:14
ZipCRC: 0x00000000
ZipCompressedSize: -
ZipUncompressedSize: -
ZipFileName: Xeno-v1.0.85-x64/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
260
Monitored processes
112
Malicious processes
5
Suspicious processes
4

Behavior graph

Click at the process to see the details
start winrar.exe sppextcomobj.exe no specs slui.exe rundll32.exe no specs xeno.exe msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs windowsdesktop-runtime-8.0.10-win-x64.exe windowsdesktop-runtime-8.0.10-win-x64.exe windowsdesktop-runtime-8.0.10-win-x64.exe msiexec.exe msiexec.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msiexec.exe no specs msiexec.exe no specs msiexec.exe no specs slui.exe no specs xeno.exe werfault.exe werfault.exe no specs svchost.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs microsoftedgewebview2runtimeinstallerx64.exe msedge.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdate.exe no specs microsoftedgeupdate.exe no specs microsoftedgeupdate.exe no specs microsoftedgewebview_x64_130.0.2849.46.exe setup.exe setup.exe no specs microsoftedgeupdate.exe no specs xeno.exe werfault.exe no specs xeno.exe werfault.exe no specs xeno.exe werfault.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
204"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=8304 --field-trial-handle=2344,i,983678003940217857,790584198518885163,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
632"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5644 --field-trial-handle=2344,i,983678003940217857,790584198518885163,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
632"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=7912 --field-trial-handle=2344,i,983678003940217857,790584198518885163,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
712"C:\Users\admin\Desktop\Xeno-v1.0.85-x64\Xeno.exe" C:\Users\admin\Desktop\Xeno-v1.0.85-x64\Xeno.exe
explorer.exe
User:
admin
Company:
XenoUI
Integrity Level:
MEDIUM
Description:
XenoUI
Exit code:
3221225477
Version:
1.0.85
920"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3608 --field-trial-handle=2344,i,983678003940217857,790584198518885163,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
920"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMjUiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMjUiIGlzbWFjaGluZT0iMCIgc2Vzc2lvbmlkPSJ7ODdENEVCQUYtNTlCRi00M0IzLUJGNEEtMjU1MkNEREI0OThDfSIgdXNlcmlkPSJ7OTY0RDhBMkItRUZGMy00NzE3LUJCRTItQTNFMTM5NjZCRDdBfSIgaW5zdGFsbHNvdXJjZT0ib2ZmbGluZSIgcmVxdWVzdGlkPSJ7OTA1Njk5Q0MtOEI0OC00M0Y1LThCMjQtREJDRDM4QTlGQTI1fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjQiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NS40MDQ2IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IkRFTEwiIHByb2R1Y3RfbmFtZT0iREVMTCIvPjxleHAgZXRhZz0iJnF1b3Q7QUtLM0I0T0Y1NnBiZmh3MmRFZmZLT3ZESyt4ZEdHbHhHdGs0UjRYNFBwZz0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTMwLjAuMjg0OS40NiIgbGFuZz0iZW4iIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3ODUzNDQwNDMxIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzg1MzU5NzU2MyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc4Njg3NTMxOTAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3ODg5ODQ4NjQyIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4MzQ1MjMwNTAyIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVkPSIxNzQ5MTU2ODAiIHRvdGFsPSIxNzQ5MTU2ODAiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIxIiBpbnN0YWxsX3RpbWVfbXM9IjQ1NTM4Ii8-PC9hcHA-PC9yZXF1ZXN0PgC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.195.25
1028"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=9464 --field-trial-handle=2344,i,983678003940217857,790584198518885163,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
1112"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=7256 --field-trial-handle=2344,i,983678003940217857,790584198518885163,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1428"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6260 --field-trial-handle=2344,i,983678003940217857,790584198518885163,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
1840C:\WINDOWS\system32\WerFault.exe -u -p 6872 -s 1584C:\Windows\System32\WerFault.exeXeno.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
Total events
26 852
Read events
25 887
Write events
919
Delete events
46

Modification events

(PID) Process:(6784) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\GoogleChromeEnterpriseBundle64.zip
(PID) Process:(6784) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Xeno-v1.0.85-x64 (1).zip
(PID) Process:(6784) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(6784) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(6784) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(6784) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(6312) Xeno.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(6312) Xeno.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(6312) Xeno.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(4684) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
Executable files
724
Suspicious files
1 061
Text files
283
Unknown types
10

Dropped files

PID
Process
Filename
Type
6784WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6784.39972\Xeno-v1.0.85-x64\bin\Monaco\vs\editor\editor.main.jss
MD5:A7E3083CFE200263EDFB4BF011B893A3
SHA256:9E2FB6171592F7A3C33D3B5BAEF58B516B36473FF7717BBD643574991923435E
6784WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6784.39972\Xeno-v1.0.85-x64\bin\Monaco\vs\base\worker\workerMain.jss
MD5:D0AC5294C58E523CDDF25BC6D785FA48
SHA256:E90D1A8F116FA74431117A3AD78DDE16DDE060A4BF7528DFE3D5A3AD6156504B
6784WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6784.39972\Xeno-v1.0.85-x64\bin\Monaco\vs\editor\editor.main.nls.ru.jstext
MD5:6E7D5B984917B00F131C47473CE2B866
SHA256:1BB069D95A395BF258D1F262814591AA762C4B30529ADDE32CCBCAA7C7CA508D
6784WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6784.39972\Xeno-v1.0.85-x64\bin\Monaco\vs\editor\editor.main.nls.zh-cn.jstext
MD5:05E49314CF801F5D3992B55243690EA7
SHA256:E9ADC8FFCA9853EF6E0BD4E955AF9F395A570BC7772FC2DAC0C0FF241AAC864B
6784WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6784.39972\Xeno-v1.0.85-x64\bin\Monaco\vs\loader.jss
MD5:BC15BB48D4D5C60CE7F16819F4D988C4
SHA256:5C3CF09973404BA31D760952F267751EF2BB09F315331D13CA432B65CE2C480B
6784WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6784.39972\Xeno-v1.0.85-x64\bin\Monaco\vs\editor\editor.main.csstext
MD5:23C7DB6E12F6454EF6E7FB98D17924D8
SHA256:615824C59ED1E07F5924286E9F02F3120B9064D59E115D3F668A914E07839451
6784WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6784.39972\Xeno-v1.0.85-x64\bin\Monaco\vs\editor\editor.main.nls.jstext
MD5:E871D4D9539C26D7D2BF32801EBDECF0
SHA256:5FF0084E6A7EEE82A735616239AAF2190EA9D90E89E19340831F3D590828016A
6784WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6784.39972\Xeno-v1.0.85-x64\libcrypto-3-x64.dllexecutable
MD5:E3E4236C4483DBE1BC5954FD63C965B8
SHA256:923D7641E3655C627B80DFD63BD5E701A26E9B8B6186D56B901A60CB57494901
6784WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6784.39972\Xeno-v1.0.85-x64\bin\Monaco\vs\editor\editor.main.nls.zh-tw.jstext
MD5:BECBF441D95B0BC1565FAF47CE9DE373
SHA256:94A7FF81B8EC3217A46BC5CDEBE2C6AEE98F73E6E902B7D9CF394836D052BBE5
6784WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6784.39972\Xeno-v1.0.85-x64\bin\Monaco\index.htmlhtml
MD5:A9793319D1395E6F3564BBA48465D42A
SHA256:02AC2CEAFC55B77FC9AE9DD8C15285A4BB0247F5851AE601C9CBFEF5228A8325
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
54
TCP/UDP connections
201
DNS requests
211
Threats
11

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5488
MoUsoCoreWorker.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
5488
MoUsoCoreWorker.exe
GET
200
2.16.164.49:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6376
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5588
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
7636
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
4684
msedge.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl
unknown
whitelisted
4684
msedge.exe
GET
200
23.216.77.28:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6472
svchost.exe
HEAD
200
23.50.131.24:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/181d62d0-8e71-4ab0-b6f0-62f746749689?P1=1729772807&P2=404&P3=2&P4=OJ29Mgu55QUdXjQUP%2bCWqXiPkutTLjcteFTv9dGMngy3UMsKcebLqWpF4efkVDzKwMl27shAkqE3AqC1iAjM7A%3d%3d
unknown
whitelisted
7636
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
5700
RUXIMICS.exe
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5488
MoUsoCoreWorker.exe
2.16.164.49:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
5488
MoUsoCoreWorker.exe
88.221.169.152:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4360
SearchApp.exe
2.23.209.168:443
www.bing.com
Akamai International B.V.
GB
whitelisted
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
6944
svchost.exe
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4020
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:138
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.184.206
whitelisted
crl.microsoft.com
  • 2.16.164.49
  • 2.16.164.120
  • 23.216.77.28
  • 23.216.77.6
whitelisted
www.microsoft.com
  • 88.221.169.152
  • 184.30.21.171
whitelisted
www.bing.com
  • 2.23.209.168
  • 2.23.209.178
  • 2.23.209.167
  • 2.23.209.177
  • 2.23.209.164
  • 2.23.209.166
  • 2.23.209.171
  • 2.23.209.173
  • 2.23.209.169
  • 2.23.209.191
  • 2.23.209.185
  • 2.23.209.187
  • 2.23.209.181
  • 2.23.209.183
  • 2.23.209.188
  • 2.23.209.192
  • 2.23.209.189
  • 2.23.209.182
  • 104.126.37.144
  • 104.126.37.185
  • 104.126.37.186
  • 104.126.37.128
  • 104.126.37.139
  • 104.126.37.131
  • 104.126.37.136
  • 104.126.37.130
  • 104.126.37.123
  • 104.126.37.152
  • 104.126.37.146
  • 104.126.37.154
  • 104.126.37.171
  • 104.126.37.184
  • 104.126.37.179
  • 104.126.37.177
  • 104.126.37.163
  • 104.126.37.170
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
login.live.com
  • 40.126.32.136
  • 40.126.32.72
  • 20.190.160.17
  • 20.190.160.14
  • 20.190.160.22
  • 40.126.32.74
  • 40.126.32.140
  • 40.126.32.68
  • 20.190.159.75
  • 20.190.159.64
  • 20.190.159.68
  • 20.190.159.71
  • 20.190.159.23
  • 20.190.159.0
  • 20.190.159.4
  • 40.126.31.71
whitelisted
th.bing.com
  • 2.23.209.140
  • 2.23.209.149
  • 2.23.209.153
  • 2.23.209.150
  • 2.23.209.143
  • 2.23.209.142
  • 2.23.209.141
  • 2.23.209.154
  • 2.23.209.135
  • 104.126.37.186
  • 104.126.37.128
  • 104.126.37.136
  • 104.126.37.139
  • 104.126.37.152
  • 104.126.37.146
  • 104.126.37.144
  • 104.126.37.154
  • 104.126.37.123
  • 104.126.37.184
  • 104.126.37.179
  • 104.126.37.177
  • 104.126.37.185
  • 104.126.37.163
  • 104.126.37.170
  • 104.126.37.171
whitelisted
go.microsoft.com
  • 184.28.89.167
  • 23.218.210.69
whitelisted
settings-win.data.microsoft.com
  • 20.73.194.208
whitelisted
client.wns.windows.com
  • 40.113.110.67
whitelisted

Threats

PID
Process
Class
Message
2172
svchost.exe
Potentially Bad Traffic
ET DNS Query for .to TLD
2172
svchost.exe
Potentially Bad Traffic
ET INFO DYNAMIC_DNS Query to a *.us .to Domain
7036
msedge.exe
Misc activity
SUSPICIOUS [ANY.RUN] Tracking Service (.popin .cc)
7036
msedge.exe
Potentially Bad Traffic
ET DNS Query for .cc TLD
7036
msedge.exe
Potentially Bad Traffic
ET DNS Query for .cc TLD
7036
msedge.exe
Misc activity
SUSPICIOUS [ANY.RUN] Tracking Service (.popin .cc)
Potentially Bad Traffic
ET DNS Query for .to TLD
Potentially Bad Traffic
ET DNS Query for .to TLD
Potentially Bad Traffic
ET INFO DYNAMIC_DNS Query to a *.us .to Domain
Potentially Bad Traffic
ET INFO DYNAMIC_DNS Query to a *.us .to Domain
Process
Message
Xeno.exe
You must install .NET to run this application. App: C:\Users\admin\Desktop\Xeno-v1.0.85-x64\Xeno.exe Architecture: x64 App host version: 8.0.8 .NET location: Not found Learn more: https://aka.ms/dotnet/app-launch-failed Download the .NET runtime: https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win-x64&os=win10&apphost_version=8.0.8
Xeno.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Xeno-v1.0.85-x64 (1).zip