Analysis
-
max time kernel
154s -
max time network
267s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
03/06/2024, 10:30
Static task
static1
Behavioral task
behavioral1
Sample
xylex (1).exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
xylex (1).exe
Resource
win10v2004-20240226-en
General
-
Target
xylex (1).exe
-
Size
37.6MB
-
MD5
8eacf3f9be7e3735352c4020fc4e05e9
-
SHA1
0bb6c048d9e683e152de21f7d368a4c151095504
-
SHA256
4c5b20b4ca8009ab72a76ed7fa6e09bd1b0b78969980f2b49d9a6641439c8d7e
-
SHA512
2f5c54c4561f14fbf9a58075dffe268247f3af3408084c12a8a7ed0fbb33f01448e85a06ba684b037e0489fbcbb7481a825cf23785c7b7c1d60c28467825e3f0
-
SSDEEP
786432:R3on1HvSzxAMNjFZArYs4nPv0so7OZJJe:RYn1HvSpNjXm4P5u2e
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Suspicious behavior: EnumeratesProcesses 3 IoCs
pid Process 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe Token: SeShutdownPrivilege 2572 chrome.exe -
Suspicious use of FindShellTrayWindow 34 IoCs
pid Process 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe 2572 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2572 wrote to memory of 2596 2572 chrome.exe 32 PID 2572 wrote to memory of 2596 2572 chrome.exe 32 PID 2572 wrote to memory of 2596 2572 chrome.exe 32 PID 2572 wrote to memory of 1624 2572 chrome.exe 34 PID 2572 wrote to memory of 1624 2572 chrome.exe 34 PID 2572 wrote to memory of 1624 2572 chrome.exe 34 PID 2572 wrote to memory of 1624 2572 chrome.exe 34 PID 2572 wrote to memory of 1624 2572 chrome.exe 34 PID 2572 wrote to memory of 1624 2572 chrome.exe 34 PID 2572 wrote to memory of 1624 2572 chrome.exe 34 PID 2572 wrote to memory of 1624 2572 chrome.exe 34 PID 2572 wrote to memory of 1624 2572 chrome.exe 34 PID 2572 wrote to memory of 1624 2572 chrome.exe 34 PID 2572 wrote to memory of 1624 2572 chrome.exe 34 PID 2572 wrote to memory of 1624 2572 chrome.exe 34 PID 2572 wrote to memory of 1624 2572 chrome.exe 34 PID 2572 wrote to memory of 1624 2572 chrome.exe 34 PID 2572 wrote to memory of 1624 2572 chrome.exe 34 PID 2572 wrote to memory of 1624 2572 chrome.exe 34 PID 2572 wrote to memory of 1624 2572 chrome.exe 34 PID 2572 wrote to memory of 1624 2572 chrome.exe 34 PID 2572 wrote to memory of 1624 2572 chrome.exe 34 PID 2572 wrote to memory of 1624 2572 chrome.exe 34 PID 2572 wrote to memory of 1624 2572 chrome.exe 34 PID 2572 wrote to memory of 1624 2572 chrome.exe 34 PID 2572 wrote to memory of 1624 2572 chrome.exe 34 PID 2572 wrote to memory of 1624 2572 chrome.exe 34 PID 2572 wrote to memory of 1624 2572 chrome.exe 34 PID 2572 wrote to memory of 1624 2572 chrome.exe 34 PID 2572 wrote to memory of 1624 2572 chrome.exe 34 PID 2572 wrote to memory of 1624 2572 chrome.exe 34 PID 2572 wrote to memory of 1624 2572 chrome.exe 34 PID 2572 wrote to memory of 1624 2572 chrome.exe 34 PID 2572 wrote to memory of 1624 2572 chrome.exe 34 PID 2572 wrote to memory of 1624 2572 chrome.exe 34 PID 2572 wrote to memory of 1624 2572 chrome.exe 34 PID 2572 wrote to memory of 1624 2572 chrome.exe 34 PID 2572 wrote to memory of 1624 2572 chrome.exe 34 PID 2572 wrote to memory of 1624 2572 chrome.exe 34 PID 2572 wrote to memory of 1624 2572 chrome.exe 34 PID 2572 wrote to memory of 1624 2572 chrome.exe 34 PID 2572 wrote to memory of 1624 2572 chrome.exe 34 PID 2572 wrote to memory of 2036 2572 chrome.exe 35 PID 2572 wrote to memory of 2036 2572 chrome.exe 35 PID 2572 wrote to memory of 2036 2572 chrome.exe 35 PID 2572 wrote to memory of 2592 2572 chrome.exe 36 PID 2572 wrote to memory of 2592 2572 chrome.exe 36 PID 2572 wrote to memory of 2592 2572 chrome.exe 36 PID 2572 wrote to memory of 2592 2572 chrome.exe 36 PID 2572 wrote to memory of 2592 2572 chrome.exe 36 PID 2572 wrote to memory of 2592 2572 chrome.exe 36 PID 2572 wrote to memory of 2592 2572 chrome.exe 36 PID 2572 wrote to memory of 2592 2572 chrome.exe 36 PID 2572 wrote to memory of 2592 2572 chrome.exe 36 PID 2572 wrote to memory of 2592 2572 chrome.exe 36 PID 2572 wrote to memory of 2592 2572 chrome.exe 36 PID 2572 wrote to memory of 2592 2572 chrome.exe 36 PID 2572 wrote to memory of 2592 2572 chrome.exe 36 PID 2572 wrote to memory of 2592 2572 chrome.exe 36 PID 2572 wrote to memory of 2592 2572 chrome.exe 36 PID 2572 wrote to memory of 2592 2572 chrome.exe 36 PID 2572 wrote to memory of 2592 2572 chrome.exe 36 PID 2572 wrote to memory of 2592 2572 chrome.exe 36 PID 2572 wrote to memory of 2592 2572 chrome.exe 36
Processes
-
C:\Users\Admin\AppData\Local\Temp\xylex (1).exe"C:\Users\Admin\AppData\Local\Temp\xylex (1).exe"1⤵PID:2176
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2572 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6839758,0x7fef6839768,0x7fef68397782⤵PID:2596
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1172 --field-trial-handle=1228,i,4186482953405257907,13882293623882123005,131072 /prefetch:22⤵PID:1624
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1520 --field-trial-handle=1228,i,4186482953405257907,13882293623882123005,131072 /prefetch:82⤵PID:2036
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1640 --field-trial-handle=1228,i,4186482953405257907,13882293623882123005,131072 /prefetch:82⤵PID:2592
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2132 --field-trial-handle=1228,i,4186482953405257907,13882293623882123005,131072 /prefetch:12⤵PID:1872
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2168 --field-trial-handle=1228,i,4186482953405257907,13882293623882123005,131072 /prefetch:12⤵PID:1844
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1368 --field-trial-handle=1228,i,4186482953405257907,13882293623882123005,131072 /prefetch:22⤵PID:1636
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3160 --field-trial-handle=1228,i,4186482953405257907,13882293623882123005,131072 /prefetch:12⤵PID:1616
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3432 --field-trial-handle=1228,i,4186482953405257907,13882293623882123005,131072 /prefetch:82⤵PID:2984
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3568 --field-trial-handle=1228,i,4186482953405257907,13882293623882123005,131072 /prefetch:82⤵PID:2940
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3692 --field-trial-handle=1228,i,4186482953405257907,13882293623882123005,131072 /prefetch:82⤵PID:2316
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3756 --field-trial-handle=1228,i,4186482953405257907,13882293623882123005,131072 /prefetch:12⤵PID:2296
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3716 --field-trial-handle=1228,i,4186482953405257907,13882293623882123005,131072 /prefetch:12⤵PID:2484
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2236 --field-trial-handle=1228,i,4186482953405257907,13882293623882123005,131072 /prefetch:12⤵PID:2752
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2496 --field-trial-handle=1228,i,4186482953405257907,13882293623882123005,131072 /prefetch:82⤵PID:1196
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3808 --field-trial-handle=1228,i,4186482953405257907,13882293623882123005,131072 /prefetch:82⤵PID:2092
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3908 --field-trial-handle=1228,i,4186482953405257907,13882293623882123005,131072 /prefetch:82⤵PID:2428
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3968 --field-trial-handle=1228,i,4186482953405257907,13882293623882123005,131072 /prefetch:82⤵PID:2412
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=888 --field-trial-handle=1228,i,4186482953405257907,13882293623882123005,131072 /prefetch:12⤵PID:2824
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=732 --field-trial-handle=1228,i,4186482953405257907,13882293623882123005,131072 /prefetch:82⤵PID:2684
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3852 --field-trial-handle=1228,i,4186482953405257907,13882293623882123005,131072 /prefetch:12⤵PID:1860
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=736 --field-trial-handle=1228,i,4186482953405257907,13882293623882123005,131072 /prefetch:12⤵PID:2920
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3900 --field-trial-handle=1228,i,4186482953405257907,13882293623882123005,131072 /prefetch:82⤵PID:2200
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3788 --field-trial-handle=1228,i,4186482953405257907,13882293623882123005,131072 /prefetch:82⤵PID:1644
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2212 --field-trial-handle=1228,i,4186482953405257907,13882293623882123005,131072 /prefetch:82⤵PID:1108
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2764 --field-trial-handle=1228,i,4186482953405257907,13882293623882123005,131072 /prefetch:82⤵PID:1724
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2204 --field-trial-handle=1228,i,4186482953405257907,13882293623882123005,131072 /prefetch:82⤵PID:1712
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2804 --field-trial-handle=1228,i,4186482953405257907,13882293623882123005,131072 /prefetch:82⤵PID:1148
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3696 --field-trial-handle=1228,i,4186482953405257907,13882293623882123005,131072 /prefetch:82⤵PID:1808
-
-
C:\Users\Admin\Downloads\xylex.exe"C:\Users\Admin\Downloads\xylex.exe"2⤵PID:888
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=4132 --field-trial-handle=1228,i,4186482953405257907,13882293623882123005,131072 /prefetch:12⤵PID:988
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1960 --field-trial-handle=1228,i,4186482953405257907,13882293623882123005,131072 /prefetch:82⤵PID:316
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=736 --field-trial-handle=1228,i,4186482953405257907,13882293623882123005,131072 /prefetch:82⤵PID:2156
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4260 --field-trial-handle=1228,i,4186482953405257907,13882293623882123005,131072 /prefetch:82⤵PID:2368
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2320 --field-trial-handle=1228,i,4186482953405257907,13882293623882123005,131072 /prefetch:82⤵PID:2628
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4324 --field-trial-handle=1228,i,4186482953405257907,13882293623882123005,131072 /prefetch:82⤵PID:760
-
-
C:\Users\Admin\Downloads\xylex (1).exe"C:\Users\Admin\Downloads\xylex (1).exe"2⤵PID:3064
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2108
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-1036325670512111022-3585524841769610654449926172724770581528381074-359282447"1⤵PID:2428
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
282KB
MD58410344add70fc6e878cd84e8844c86c
SHA13b942b77f6405f912f51deff1874882da7807f28
SHA256084a492ca8832f198b979be054821e317066713f0f5c711049700262ffac31e3
SHA512853afbcb661d08be2a00a5e053e30cc4d27f3801985f1b2320acfef74b91d5d1dc1965c22d056df4d1d5d0afd8945c332f88cd3fb84003eb98a15d5793f64f75
-
Filesize
16B
MD5aefd77f47fb84fae5ea194496b44c67a
SHA1dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA2564166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3
-
Filesize
1KB
MD5076255f1b4da689ff6fa9509580aa197
SHA1ec4e44b0bbba250d4ef01f0cf0544317cbe37a75
SHA256e0e2523458a02be5de0c49ff4882a6c54fda62c916771941bb2706aa34f95c0b
SHA512a376783eea30aebc69dee8983576844792f6d2ae97617647a3a33b8bcb249c828daef2945bf78eb695c124376676fb53aa5818ec2362358f3b6343c87784d6b8
-
Filesize
363B
MD51a430d13ab2086e8dcc663aaed8a1357
SHA1c78808f52dab2b8e540e26231c49b6aee0559525
SHA256b13a3d9733cac457ecda6b6b56f407394afb72af24f583ecc7fed8781efc5366
SHA512761837461635cb4bfbbc1a063788b69fd3c865be897bd0e7d8c8913bcfa9692e4601c2dbdb7791cb6884c8bc85052d343ce46f9c74d6813a456111175b2e5ca3
-
Filesize
363B
MD5fa6e9e43e7863d2a9dfb88bb841952e3
SHA1cf58306a68b05de999c09e633f1fbb91c91b32e7
SHA2560a0fd936d5be8c602a538ee3289fa597141f30025041bf1aae3057daf30bd13c
SHA512279d98162e3e7ca888a6f9219061755ee2c02646f3c41757de6713b879b3e63e7ac91a00aa5ad1feeaeb2761da83635bec11f377d416e666ca64bbc8daed1a9b
-
Filesize
6KB
MD580b357248435941254dbace65ab424d1
SHA11573bf04326008fcb28bf6ecbf53cfee12700416
SHA25660289c672cbb50910e40322a4c2213e126513ce345fba93478cd45d81990e4b4
SHA512ee89fcacd56f2b59d6a27ae5d97bd3a2f4e12df6a2aeee8f60481f7385a4043b126b3fd5738cd566ea07cb899a85c9f97fefed9247776a7c98ca25d619119ad2
-
Filesize
6KB
MD57414c353637de260a5ed3b7f80cb8427
SHA167d739e4349c72d04b1f899667624cbeb9b2f3e0
SHA2569b60c8fcbfbb8838812c305b6ec027a09ff2ed0a4d9e1e25d4a18fcab38afb50
SHA512a79c5687bfb317c5a87cdba6b25091e4acae1d9e4d7b9244aa0c8afc87c97f3dbc191c04b9106a53e833a1701226f4984fbc59181a5c0a2ebb8aaa5bfba81ec8
-
Filesize
6KB
MD59a90e16dac2719d093c76a5669881d64
SHA16e86b2c79b2c51ed9645f231dbdb4555fa675fc3
SHA25629e2854071d21f9d1274d387f8b10889a3393d2fe66bc646c53d3f13324c7675
SHA5129375b075a6f23896343eec3c62c89654c0bc69ff5f2f2fea2c4352cd9bc1f1d97f2619869ee7500b56a3c58be7c2266c07cd6758a745276c2e7ebcba9b11e22c
-
Filesize
5KB
MD51b4b7af134756a3d47daa9c59c3e362b
SHA19341454293bb489f6872ccdcc7c4a5dac274d3f3
SHA25653aba708611e33506ff0382e4aaceb2348d0512bed09fcaa29cd148f93714851
SHA512e485a2bcc69c49495c3fbe85fffdec70df94bfa7dbfa74d77addb6482a9cb49a5afab43c3bb31c74094bd9cedf65d063c27679e8b1e14783bdc8a458c820386c
-
Filesize
6KB
MD5760829d589e656aecaf08de28aac4811
SHA1b83d9e5ff846346c6e9150edcddd1e817491eb28
SHA25644ab9565ca8af1d1e7c0d5e1a23bc25cc76478668c8c04fbf6fdbbdb311f892d
SHA5127a89562b5d59853968a9ae3b25c0dbe3cf1fa63fa26827bdf2bdfd2c6a9502c6af22b7427cb42bfa69dfbcf3b48633487fc09c98f98ccde05c146ec306cb4b4f
-
Filesize
6KB
MD5086d0c6d2fc2bbd211cf654ac57fc202
SHA162666ae9bf251139eaf89177d452983ba8adcfe5
SHA256f2d6b3b83c599468b0f6592fa26fef510e8d2a325d0b7f3391e6fc78d9ba4647
SHA512deb1e8debfe940cf9e6e4658ac1e48cc67c4f0a91d0626b4a429e3a6075103daaa91c04f0344d15a2d576565eb9e7c729779e3e7304ff663eff37dcd64a010f9
-
Filesize
16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
Filesize
282KB
MD5e8712043642931ac9108c15a475c5c2f
SHA19f1e91817406dde357ce0d2e0778def3d5236072
SHA25681e0adafa19198134ebc62dd39f446d10731e8c935c1ce70ee5add149b0a5a0d
SHA51247e065dfde826827f9f93286847b9aa62b37e4ce2982285204d48a4344af13155110546873a29ee33b54adff060218938d43d6357c4db2c6411c62954af2c665
-
Filesize
324KB
MD54fb8e0b3d6a0b08408075e6afefcc650
SHA118bdc8a4c22b5d126ba47fc5ee7dcc59d518ab04
SHA2562728078b9562e53f9bacf542e7da3ec1eea75d5e1b6ab11e76d94400507f94bf
SHA512d24c9c0ec442ffedbc4d967fa2d35fa3d6242023c22f8f46f4210dd0a4407040eb624864f527c1c374d342684c679f91eff21d3c8951091a1c32dee1eed07f2b
-
Filesize
140KB
MD5453961073b327260067320ff7f6f6f7c
SHA1fc0a753afb767aefa22a91fc7b0c95f004b2c38d
SHA2567388f522bb6167c9d5d4255b5dc105fdfc7c8d58fc31748f8e3c1094ea4b9e1b
SHA5120a658fe3d711c598d780294c03cf596d4d3ce8449cd5a32f348a70ea3caacc70f9dd26ca70601d55e559f5d2616760b73291cb08fbb4df494eb5d2ff8cbd9798
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
37.6MB
MD58eacf3f9be7e3735352c4020fc4e05e9
SHA10bb6c048d9e683e152de21f7d368a4c151095504
SHA2564c5b20b4ca8009ab72a76ed7fa6e09bd1b0b78969980f2b49d9a6641439c8d7e
SHA5122f5c54c4561f14fbf9a58075dffe268247f3af3408084c12a8a7ed0fbb33f01448e85a06ba684b037e0489fbcbb7481a825cf23785c7b7c1d60c28467825e3f0