File name:

Xeno-v1.0.85-x64 (1).zip

Full analysis: https://app.any.run/tasks/b8484ccf-a402-426b-b9c5-53640e5ae0f8
Verdict: Malicious activity
Analysis date: October 21, 2024, 13:41:12
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
arch-exec
arch-scr
arch-html
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract, compression method=store
MD5:

67B3006DC1D5A86A75FE88DEB68A0A97

SHA1:

D34B609EEAC92A55109C6D3EDDD115B180439699

SHA256:

C3023707C8A7D5B5B34D7E49E975ACAD94F5A91D204B45DC7E565DFA79F17611

SSDEEP:

98304:eEUopwMqtsoEXKMMixHQnAYaIt4xIDvJTu9043df5zznZGERwstZ3+gecrRTZp8F:PkwG657A

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Generic archive extractor

      • WinRAR.exe (PID: 6784)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • WinRAR.exe (PID: 6784)
      • windowsdesktop-runtime-8.0.10-win-x64.exe (PID: 3848)
      • windowsdesktop-runtime-8.0.10-win-x64.exe (PID: 2416)
      • windowsdesktop-runtime-8.0.10-win-x64.exe (PID: 6852)
      • msiexec.exe (PID: 7488)
      • MicrosoftEdgeWebView2RuntimeInstallerX64.exe (PID: 6912)
      • MicrosoftEdgeUpdate.exe (PID: 6148)
      • setup.exe (PID: 7924)
      • MicrosoftEdgeWebview_X64_130.0.2849.46.exe (PID: 7696)

    • Executable content was dropped or overwritten

      • windowsdesktop-runtime-8.0.10-win-x64.exe (PID: 3848)
      • windowsdesktop-runtime-8.0.10-win-x64.exe (PID: 2416)
      • windowsdesktop-runtime-8.0.10-win-x64.exe (PID: 6852)
      • MicrosoftEdgeUpdate.exe (PID: 6148)
      • MicrosoftEdgeWebView2RuntimeInstallerX64.exe (PID: 6912)
      • MicrosoftEdgeWebview_X64_130.0.2849.46.exe (PID: 7696)
      • setup.exe (PID: 7924)

    • Starts a Microsoft application from unusual location

      • windowsdesktop-runtime-8.0.10-win-x64.exe (PID: 2416)
      • windowsdesktop-runtime-8.0.10-win-x64.exe (PID: 6852)
      • MicrosoftEdgeUpdate.exe (PID: 6148)

    • Starts itself from another location

      • windowsdesktop-runtime-8.0.10-win-x64.exe (PID: 2416)
      • MicrosoftEdgeUpdate.exe (PID: 6148)

    • The process drops C-runtime libraries

      • msiexec.exe (PID: 7488)

    • Executes application which crashes

      • Xeno.exe (PID: 6872)
      • Xeno.exe (PID: 712)
      • Xeno.exe (PID: 6404)
      • Xeno.exe (PID: 7424)

    • Application launched itself

      • MicrosoftEdgeUpdate.exe (PID: 7956)
      • setup.exe (PID: 7924)

  • INFO

    • Manual execution by a user

      • Xeno.exe (PID: 6312)
      • Xeno.exe (PID: 6872)
      • Xeno.exe (PID: 6404)
      • Xeno.exe (PID: 712)
      • Xeno.exe (PID: 7424)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 6784)
      • msedge.exe (PID: 4684)
      • msiexec.exe (PID: 7488)
      • msedge.exe (PID: 2132)

    • Application launched itself

      • msedge.exe (PID: 4684)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (36.3)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: None
ZipModifyDate: 2024:10:17 16:49:14
ZipCRC: 0x00000000
ZipCompressedSize: -
ZipUncompressedSize: -
ZipFileName: Xeno-v1.0.85-x64/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
260
Monitored processes
112
Malicious processes
5
Suspicious processes
4

Behavior graph

Click at the process to see the details
start winrar.exe sppextcomobj.exe no specs slui.exe rundll32.exe no specs xeno.exe msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs windowsdesktop-runtime-8.0.10-win-x64.exe windowsdesktop-runtime-8.0.10-win-x64.exe windowsdesktop-runtime-8.0.10-win-x64.exe msiexec.exe msiexec.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msiexec.exe no specs msiexec.exe no specs msiexec.exe no specs slui.exe no specs xeno.exe werfault.exe werfault.exe no specs svchost.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs microsoftedgewebview2runtimeinstallerx64.exe msedge.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdate.exe no specs microsoftedgeupdate.exe no specs microsoftedgeupdate.exe no specs microsoftedgewebview_x64_130.0.2849.46.exe setup.exe setup.exe no specs microsoftedgeupdate.exe no specs xeno.exe werfault.exe no specs xeno.exe werfault.exe no specs xeno.exe werfault.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
204"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=8304 --field-trial-handle=2344,i,983678003940217857,790584198518885163,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
632"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5644 --field-trial-handle=2344,i,983678003940217857,790584198518885163,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
632"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=7912 --field-trial-handle=2344,i,983678003940217857,790584198518885163,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
712"C:\Users\admin\Desktop\Xeno-v1.0.85-x64\Xeno.exe" C:\Users\admin\Desktop\Xeno-v1.0.85-x64\Xeno.exe
explorer.exe
User:
admin
Company:
XenoUI
Integrity Level:
MEDIUM
Description:
XenoUI
Exit code:
3221225477
Version:
1.0.85
920"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3608 --field-trial-handle=2344,i,983678003940217857,790584198518885163,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
920"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMjUiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMjUiIGlzbWFjaGluZT0iMCIgc2Vzc2lvbmlkPSJ7ODdENEVCQUYtNTlCRi00M0IzLUJGNEEtMjU1MkNEREI0OThDfSIgdXNlcmlkPSJ7OTY0RDhBMkItRUZGMy00NzE3LUJCRTItQTNFMTM5NjZCRDdBfSIgaW5zdGFsbHNvdXJjZT0ib2ZmbGluZSIgcmVxdWVzdGlkPSJ7OTA1Njk5Q0MtOEI0OC00M0Y1LThCMjQtREJDRDM4QTlGQTI1fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjQiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NS40MDQ2IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IkRFTEwiIHByb2R1Y3RfbmFtZT0iREVMTCIvPjxleHAgZXRhZz0iJnF1b3Q7QUtLM0I0T0Y1NnBiZmh3MmRFZmZLT3ZESyt4ZEdHbHhHdGs0UjRYNFBwZz0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTMwLjAuMjg0OS40NiIgbGFuZz0iZW4iIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3ODUzNDQwNDMxIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzg1MzU5NzU2MyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc4Njg3NTMxOTAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3ODg5ODQ4NjQyIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4MzQ1MjMwNTAyIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVkPSIxNzQ5MTU2ODAiIHRvdGFsPSIxNzQ5MTU2ODAiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIxIiBpbnN0YWxsX3RpbWVfbXM9IjQ1NTM4Ii8-PC9hcHA-PC9yZXF1ZXN0PgC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.195.25
1028"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=9464 --field-trial-handle=2344,i,983678003940217857,790584198518885163,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
1112"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=7256 --field-trial-handle=2344,i,983678003940217857,790584198518885163,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1428"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6260 --field-trial-handle=2344,i,983678003940217857,790584198518885163,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
1840C:\WINDOWS\system32\WerFault.exe -u -p 6872 -s 1584C:\Windows\System32\WerFault.exeXeno.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
Total events
26 852
Read events
25 887
Write events
919
Delete events
46

Modification events

(PID) Process:(6784) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\GoogleChromeEnterpriseBundle64.zip
(PID) Process:(6784) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Xeno-v1.0.85-x64 (1).zip
(PID) Process:(6784) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(6784) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(6784) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(6784) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(6312) Xeno.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(6312) Xeno.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(6312) Xeno.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(4684) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
Executable files
724
Suspicious files
1 061
Text files
283
Unknown types
10

Dropped files

PID
Process
Filename
Type
6784WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6784.39972\Xeno-v1.0.85-x64\bin\Monaco\vs\editor\editor.main.csstext
MD5:23C7DB6E12F6454EF6E7FB98D17924D8
SHA256:615824C59ED1E07F5924286E9F02F3120B9064D59E115D3F668A914E07839451
6784WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6784.39972\Xeno-v1.0.85-x64\bin\Monaco\vs\editor\editor.main.jss
MD5:A7E3083CFE200263EDFB4BF011B893A3
SHA256:9E2FB6171592F7A3C33D3B5BAEF58B516B36473FF7717BBD643574991923435E
6784WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6784.39972\Xeno-v1.0.85-x64\bin\Monaco\vs\basic-languages\lua\lua.jss
MD5:EEBDA1FDD970433750C115EAE2F03865
SHA256:AC729EFB3164F48D6B08F74D4B15060C126A30D40FB4CD4FC9CC94F2E19BD7C7
6784WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6784.39972\Xeno-v1.0.85-x64\bin\Monaco\vs\editor\editor.main.nls.de.jstext
MD5:D1FD2FB756C73970B9C5E0BA07BFF708
SHA256:CB1C3416FF242A738C45C3B2590D7D222B159A95A69CE3B7B8D7C8D18EA70828
6784WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6784.39972\Xeno-v1.0.85-x64\bin\Monaco\vs\editor\editor.main.nls.ko.jstext
MD5:60FCD422AC97A1B645FF48CB6928F7AF
SHA256:98E649FA40D8E2CCFDC212341FEB8165A7D7BBEC31E8A77D9819AD9474E4B8BA
6784WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6784.39972\Xeno-v1.0.85-x64\bin\Monaco\vs\editor\editor.main.nls.it.jstext
MD5:18E88F58301AD5AE926204507AB99C6B
SHA256:4FE2C4420294758883E134BDF7DA9E6C2ABF631D3A89C765F32F6C1D0F62653C
6784WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6784.39972\Xeno-v1.0.85-x64\bin\Monaco\vs\editor\editor.main.nls.es.jstext
MD5:36F546B28CA17ECE9F8EB9BCF8344E13
SHA256:327437EE3793E9AE0686C78196B459592C282ED2E86F95CE28D32693B76D7654
6784WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6784.39972\Xeno-v1.0.85-x64\bin\Monaco\vs\editor\editor.main.nls.jstext
MD5:E871D4D9539C26D7D2BF32801EBDECF0
SHA256:5FF0084E6A7EEE82A735616239AAF2190EA9D90E89E19340831F3D590828016A
6784WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6784.39972\Xeno-v1.0.85-x64\bin\Monaco\vs\editor\editor.main.nls.zh-cn.jstext
MD5:05E49314CF801F5D3992B55243690EA7
SHA256:E9ADC8FFCA9853EF6E0BD4E955AF9F395A570BC7772FC2DAC0C0FF241AAC864B
6784WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6784.39972\Xeno-v1.0.85-x64\bin\Monaco\vs\editor\editor.main.nls.ja.jstext
MD5:3BF851CC70F515CBBE1D39DA93E4F041
SHA256:1F3556EA7233843B9E08B3C97B6727C533D702563E195C2090A438070DC85F0F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
54
TCP/UDP connections
201
DNS requests
211
Threats
11

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5488
MoUsoCoreWorker.exe
GET
200
2.16.164.49:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
5488
MoUsoCoreWorker.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
7636
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
6376
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5588
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
7636
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
4684
msedge.exe
GET
200
23.216.77.28:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6472
svchost.exe
HEAD
200
23.50.131.24:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/181d62d0-8e71-4ab0-b6f0-62f746749689?P1=1729772807&P2=404&P3=2&P4=OJ29Mgu55QUdXjQUP%2bCWqXiPkutTLjcteFTv9dGMngy3UMsKcebLqWpF4efkVDzKwMl27shAkqE3AqC1iAjM7A%3d%3d
unknown
whitelisted
4684
msedge.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
5700
RUXIMICS.exe
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5488
MoUsoCoreWorker.exe
2.16.164.49:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
5488
MoUsoCoreWorker.exe
88.221.169.152:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4360
SearchApp.exe
2.23.209.168:443
www.bing.com
Akamai International B.V.
GB
whitelisted
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
6944
svchost.exe
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4020
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:138
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.184.206
whitelisted
crl.microsoft.com
  • 2.16.164.49
  • 2.16.164.120
  • 23.216.77.28
  • 23.216.77.6
whitelisted
www.microsoft.com
  • 88.221.169.152
  • 184.30.21.171
whitelisted
www.bing.com
  • 2.23.209.168
  • 2.23.209.178
  • 2.23.209.167
  • 2.23.209.177
  • 2.23.209.164
  • 2.23.209.166
  • 2.23.209.171
  • 2.23.209.173
  • 2.23.209.169
  • 2.23.209.191
  • 2.23.209.185
  • 2.23.209.187
  • 2.23.209.181
  • 2.23.209.183
  • 2.23.209.188
  • 2.23.209.192
  • 2.23.209.189
  • 2.23.209.182
  • 104.126.37.144
  • 104.126.37.185
  • 104.126.37.186
  • 104.126.37.128
  • 104.126.37.139
  • 104.126.37.131
  • 104.126.37.136
  • 104.126.37.130
  • 104.126.37.123
  • 104.126.37.152
  • 104.126.37.146
  • 104.126.37.154
  • 104.126.37.171
  • 104.126.37.184
  • 104.126.37.179
  • 104.126.37.177
  • 104.126.37.163
  • 104.126.37.170
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
login.live.com
  • 40.126.32.136
  • 40.126.32.72
  • 20.190.160.17
  • 20.190.160.14
  • 20.190.160.22
  • 40.126.32.74
  • 40.126.32.140
  • 40.126.32.68
  • 20.190.159.75
  • 20.190.159.64
  • 20.190.159.68
  • 20.190.159.71
  • 20.190.159.23
  • 20.190.159.0
  • 20.190.159.4
  • 40.126.31.71
whitelisted
th.bing.com
  • 2.23.209.140
  • 2.23.209.149
  • 2.23.209.153
  • 2.23.209.150
  • 2.23.209.143
  • 2.23.209.142
  • 2.23.209.141
  • 2.23.209.154
  • 2.23.209.135
  • 104.126.37.186
  • 104.126.37.128
  • 104.126.37.136
  • 104.126.37.139
  • 104.126.37.152
  • 104.126.37.146
  • 104.126.37.144
  • 104.126.37.154
  • 104.126.37.123
  • 104.126.37.184
  • 104.126.37.179
  • 104.126.37.177
  • 104.126.37.185
  • 104.126.37.163
  • 104.126.37.170
  • 104.126.37.171
whitelisted
go.microsoft.com
  • 184.28.89.167
  • 23.218.210.69
whitelisted
settings-win.data.microsoft.com
  • 20.73.194.208
whitelisted
client.wns.windows.com
  • 40.113.110.67
whitelisted

Threats

PID
Process
Class
Message
2172
svchost.exe
Potentially Bad Traffic
ET DNS Query for .to TLD
2172
svchost.exe
Potentially Bad Traffic
ET INFO DYNAMIC_DNS Query to a *.us .to Domain
7036
msedge.exe
Misc activity
SUSPICIOUS [ANY.RUN] Tracking Service (.popin .cc)
7036
msedge.exe
Potentially Bad Traffic
ET DNS Query for .cc TLD
7036
msedge.exe
Potentially Bad Traffic
ET DNS Query for .cc TLD
7036
msedge.exe
Misc activity
SUSPICIOUS [ANY.RUN] Tracking Service (.popin .cc)
Potentially Bad Traffic
ET DNS Query for .to TLD
Potentially Bad Traffic
ET DNS Query for .to TLD
Potentially Bad Traffic
ET INFO DYNAMIC_DNS Query to a *.us .to Domain
Potentially Bad Traffic
ET INFO DYNAMIC_DNS Query to a *.us .to Domain
Process
Message
Xeno.exe
You must install .NET to run this application. App: C:\Users\admin\Desktop\Xeno-v1.0.85-x64\Xeno.exe Architecture: x64 App host version: 8.0.8 .NET location: Not found Learn more: https://aka.ms/dotnet/app-launch-failed Download the .NET runtime: https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win-x64&os=win10&apphost_version=8.0.8
Xeno.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Xeno-v1.0.85-x64 (1).zip