6b8033ec2038275f5480359438e93fb9346d1f1921a1abc38990a8b6b650d83d

Analysis

max time kernel
149s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
27/06/2024, 13:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Nexus-MultiTool-main/Helper/Common/__pycache__/utils.cpython-311.pyc
Size

10KB
MD5

5fa1e480704b83c78acabdbf5fb59233
SHA1

70ed090968ee7881b2bca66d7214d2e148b5db2d
SHA256

95d710eec388b812ca145d16e2dce5b0cb6fd82dc99935d6be7d28237870b00b
SHA512

785fcfc2d428dae1744db8f6aef26ab1e6fcf90a14bff0cc0e56d5be2bd77aea9100cf37be18f20400a3a364cbcf1d9be73887ff40ba5c35b0396ae4d4c6b1a3
SSDEEP

192:1P2D0Vje0wXUjAksfodWrPhMHmME//fzJTH7pxi//fzJTHapbCwpWWH:1k0Je0wXyhc1MHmbpW6

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
115	camo.githubusercontent.com
118	camo.githubusercontent.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133639683130481198"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4088	chrome.exe
4088	chrome.exe
4888	chrome.exe
4888	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe
Token: SeShutdownPrivilege	4088	chrome.exe
Token: SeCreatePagefilePrivilege	4088	chrome.exe

Suspicious use of FindShellTrayWindow 40 IoCs

pid	Process
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe
4088	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4900	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4088 wrote to memory of 2728	4088	chrome.exe	99
PID 4088 wrote to memory of 2728	4088	chrome.exe	99
PID 4088 wrote to memory of 3664	4088	chrome.exe	100
PID 4088 wrote to memory of 3664	4088	chrome.exe	100
PID 4088 wrote to memory of 3664	4088	chrome.exe	100
PID 4088 wrote to memory of 3664	4088	chrome.exe	100
PID 4088 wrote to memory of 3664	4088	chrome.exe	100
PID 4088 wrote to memory of 3664	4088	chrome.exe	100
PID 4088 wrote to memory of 3664	4088	chrome.exe	100
PID 4088 wrote to memory of 3664	4088	chrome.exe	100
PID 4088 wrote to memory of 3664	4088	chrome.exe	100
PID 4088 wrote to memory of 3664	4088	chrome.exe	100
PID 4088 wrote to memory of 3664	4088	chrome.exe	100
PID 4088 wrote to memory of 3664	4088	chrome.exe	100
PID 4088 wrote to memory of 3664	4088	chrome.exe	100
PID 4088 wrote to memory of 3664	4088	chrome.exe	100
PID 4088 wrote to memory of 3664	4088	chrome.exe	100
PID 4088 wrote to memory of 3664	4088	chrome.exe	100
PID 4088 wrote to memory of 3664	4088	chrome.exe	100
PID 4088 wrote to memory of 3664	4088	chrome.exe	100
PID 4088 wrote to memory of 3664	4088	chrome.exe	100
PID 4088 wrote to memory of 3664	4088	chrome.exe	100
PID 4088 wrote to memory of 3664	4088	chrome.exe	100
PID 4088 wrote to memory of 3664	4088	chrome.exe	100
PID 4088 wrote to memory of 3664	4088	chrome.exe	100
PID 4088 wrote to memory of 3664	4088	chrome.exe	100
PID 4088 wrote to memory of 3664	4088	chrome.exe	100
PID 4088 wrote to memory of 3664	4088	chrome.exe	100
PID 4088 wrote to memory of 3664	4088	chrome.exe	100
PID 4088 wrote to memory of 3664	4088	chrome.exe	100
PID 4088 wrote to memory of 3664	4088	chrome.exe	100
PID 4088 wrote to memory of 3664	4088	chrome.exe	100
PID 4088 wrote to memory of 3664	4088	chrome.exe	100
PID 4088 wrote to memory of 4056	4088	chrome.exe	101
PID 4088 wrote to memory of 4056	4088	chrome.exe	101
PID 4088 wrote to memory of 4360	4088	chrome.exe	102
PID 4088 wrote to memory of 4360	4088	chrome.exe	102
PID 4088 wrote to memory of 4360	4088	chrome.exe	102
PID 4088 wrote to memory of 4360	4088	chrome.exe	102
PID 4088 wrote to memory of 4360	4088	chrome.exe	102
PID 4088 wrote to memory of 4360	4088	chrome.exe	102
PID 4088 wrote to memory of 4360	4088	chrome.exe	102
PID 4088 wrote to memory of 4360	4088	chrome.exe	102
PID 4088 wrote to memory of 4360	4088	chrome.exe	102
PID 4088 wrote to memory of 4360	4088	chrome.exe	102
PID 4088 wrote to memory of 4360	4088	chrome.exe	102
PID 4088 wrote to memory of 4360	4088	chrome.exe	102
PID 4088 wrote to memory of 4360	4088	chrome.exe	102
PID 4088 wrote to memory of 4360	4088	chrome.exe	102
PID 4088 wrote to memory of 4360	4088	chrome.exe	102
PID 4088 wrote to memory of 4360	4088	chrome.exe	102
PID 4088 wrote to memory of 4360	4088	chrome.exe	102
PID 4088 wrote to memory of 4360	4088	chrome.exe	102
PID 4088 wrote to memory of 4360	4088	chrome.exe	102
PID 4088 wrote to memory of 4360	4088	chrome.exe	102
PID 4088 wrote to memory of 4360	4088	chrome.exe	102
PID 4088 wrote to memory of 4360	4088	chrome.exe	102
PID 4088 wrote to memory of 4360	4088	chrome.exe	102
PID 4088 wrote to memory of 4360	4088	chrome.exe	102
PID 4088 wrote to memory of 4360	4088	chrome.exe	102
PID 4088 wrote to memory of 4360	4088	chrome.exe	102
PID 4088 wrote to memory of 4360	4088	chrome.exe	102
PID 4088 wrote to memory of 4360	4088	chrome.exe	102
PID 4088 wrote to memory of 4360	4088	chrome.exe	102

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Nexus-MultiTool-main\Helper\Common\__pycache__\utils.cpython-311.pyc
1⤵
- Modifies registry class
PID:2812

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcac1eab58,0x7ffcac1eab68,0x7ffcac1eab78
  2⤵
  PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 --field-trial-handle=1904,i,15638160230675461669,4462867835884942849,131072 /prefetch:2
  2⤵
  PID:3664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1904,i,15638160230675461669,4462867835884942849,131072 /prefetch:8
  2⤵
  PID:4056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2208 --field-trial-handle=1904,i,15638160230675461669,4462867835884942849,131072 /prefetch:8
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3080 --field-trial-handle=1904,i,15638160230675461669,4462867835884942849,131072 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3088 --field-trial-handle=1904,i,15638160230675461669,4462867835884942849,131072 /prefetch:1
  2⤵
  PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3588 --field-trial-handle=1904,i,15638160230675461669,4462867835884942849,131072 /prefetch:1
  2⤵
  PID:1144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3060 --field-trial-handle=1904,i,15638160230675461669,4462867835884942849,131072 /prefetch:8
  2⤵
  PID:4000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4628 --field-trial-handle=1904,i,15638160230675461669,4462867835884942849,131072 /prefetch:8
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4548 --field-trial-handle=1904,i,15638160230675461669,4462867835884942849,131072 /prefetch:8
  2⤵
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4856 --field-trial-handle=1904,i,15638160230675461669,4462867835884942849,131072 /prefetch:8
  2⤵
  PID:3164
- C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:2540
- - C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x238,0x23c,0x240,0x220,0x244,0x7ff6aa92ae48,0x7ff6aa92ae58,0x7ff6aa92ae68
    3⤵
    PID:3892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4864 --field-trial-handle=1904,i,15638160230675461669,4462867835884942849,131072 /prefetch:8
  2⤵
  PID:4156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4424 --field-trial-handle=1904,i,15638160230675461669,4462867835884942849,131072 /prefetch:1
  2⤵
  PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1652 --field-trial-handle=1904,i,15638160230675461669,4462867835884942849,131072 /prefetch:1
  2⤵
  PID:3360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3068 --field-trial-handle=1904,i,15638160230675461669,4462867835884942849,131072 /prefetch:1
  2⤵
  PID:3680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3324 --field-trial-handle=1904,i,15638160230675461669,4462867835884942849,131072 /prefetch:8
  2⤵
  PID:3476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 --field-trial-handle=1904,i,15638160230675461669,4462867835884942849,131072 /prefetch:8
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4228 --field-trial-handle=1904,i,15638160230675461669,4462867835884942849,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4888

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1236

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3644

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Temp1_Nexus-MultiToolV4.zip\Nexus-MultiTool-main\setup.bat" "
1⤵
PID:208

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Temp1_Nexus-MultiToolV4.zip\Nexus-MultiTool-main\setup.bat" "
1⤵
PID:3696

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:3052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
36a6056212699e9552ef326759f9ee9d

SHA1
af8a6c386623d53ff9d13dbba6c45a7ed89461ac

SHA256
818ca7e7bcdd147c582510038136f447d52005ec3542370242391556d298c161

SHA512
1349bf05dc4da51ef4f74f73c061eb1119b5053df82f22dd01ddb575fdd9a555fb3d2decd3c3ee38182bb0772e5b599001e20f1af58d4f2a4116bb689b61b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
cee1dbc99f1a7552334151b81e145eb2

SHA1
0a817d97dc1750a064d81ad22ea26c9c3690608b

SHA256
7990219dd2ed61f2236dfc20f59fa739e4f95ef4773f650142d8884baf11e7bc

SHA512
4537eb3527dbf34da8e98c32ca9314782da22171828b0f78085c6c27b4efca8f03d2b4c8860e31e974a6eec9406871a17fad61ad2255f13d46575402fdef1abc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
b57fdfc0708e08f2ec9d7982ed8e21bf

SHA1
9592641364ec329cbe3246ec8d8806f7137ec2c4

SHA256
ed926d4a6b72dd0a97fae6096df2aca899c37c230ca3b60995b3a840ba7603e6

SHA512
8d18f80b481b07f63e1e8e3daad6cac7c0352dd5cec7105a962e41714b32a76877eb8d7478b5cc25470a2456608191803010c0491a5e5eba06e42acbd8b5ed7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
4e90968c59263dc60916a29bfd2df65b

SHA1
79508b82a0b216179fd3e086c615daeb288ea118

SHA256
3b641c9c1faed12f7f8d9e1ff57f101c8505e88ba8df4fa360e9864c27595e5d

SHA512
8e2ff09303d6404bab51c416ea9fea9a1636581b1ed787e952bb06801f37aa2e989577b513a062e7a56aaefb9a1b435e94898e065db8bb7b37297847186b7448

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
4ed9efc34d69d6c14d46e9e704ec7b4d

SHA1
7de0eaae3a45ee80b843eac7daba88174071c3c9

SHA256
e19bf6b6afaf2abbb0c188634fa73cbf185db3a9d488e93f82c5be554bb1dca8

SHA512
e99c4dc1b59b07024619e90df72a3079a060aed219a3deb05d536c8bf5d31808164ff8289d5fe96f880bfb1c79b558e45a593940a08647ed01d4a7416278cece

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
52fa134d38220a7e346d75efa756bbed

SHA1
66d6eb10ef4befffc0d8a5e02103b7490f9e096e

SHA256
72cd77d5d8c7e93e5360f9d77676e019172985212d8be8953addfad8902e608d

SHA512
1fecf02079d00bfe5681638f38ae6e3a0dbbedef063027276049bff3afc91ac9e8976a2ee3bd4409b903a3bca538da3d8cd4507b3486f9a59d5dcabf20f3b0c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
f7522d453e2097be733038881189bb64

SHA1
5f160bd803683815fac6d1dded1ef119d175cc4b

SHA256
6be6d6a85b696b71c14646618e947aa734085242bcb6ece066e554a8e0c1cda8

SHA512
6a4125f3dd124a2b3854893d8ef089ad1249d852b04c56cd27bd2c61ab0f565d7607cf3ba383c9139f0c91d9f501ad0849f9cbab4ac14d909fdf6b0ad5cd11ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
1d79178ded7fd609713530c639d9740b

SHA1
8323ec83b4f7d186760d75267bccbd77b94200a2

SHA256
223eed644bb5cd3076ac9bd4b18102818f8fce2ec856c7fe5443d237ece50447

SHA512
0a8c90be64b65287adb8226cacdfaf8d8d7b94869d8f60bac0b1a77229cb112d138b15018f13951c904709bda79c344180af180cc34a29e004d35d47662ff996

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
74211f02adc981a3bf4530742f65a372

SHA1
7a765e8ff26c5ca6a99bfdf4bb9b5730c5ebdd1c

SHA256
e55ef782c2b9d7d6b8daf84bfa822dceab808fd7273f3c6e335589e05837efa3

SHA512
773a302bc969f2b722ecf0c4a82d1392bf42dff5ec6a61b2936e8661e0ad17378525be28da1edd064ba5391cda122aa0fbb86546d1249512bba59dd8a2cda85f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a5acae98ee16ca2cfd0871c70bcdbfb0

SHA1
4b1122dd00d88fbdb715a281d4e589ad95e0cef0

SHA256
0a1643b79c32fd3f0ac48599ff285de8132ef9d77a6453908aca6fa8632ed4c5

SHA512
3668b20c0d7c351d4372b1e1ccb11498cec331c09bd830a223f991d825b46e060a018f6ac76627737f8a9d6e707f2832e1c6225341c666eb9a976e18ef183ce6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
3c7bf1812d635fefff233f1e136c6a3a

SHA1
f0ac44dd513d3d64c82409f2c0034fe75f4009e6

SHA256
b558a2d9b1049b75f3badfedb9f2e6a0aa0818638727aee8e725485f41b1c28f

SHA512
0a6507924e893fef2fc234f5caaaf25d3e27dfe1608a100078ccfa6c6b5d4343a532f60216b6756f2db81a918751e3989b6c9f3edf4868be0b62d16ee3ad5af6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
eee4c92fe9b753b013e8b15e343e28a9

SHA1
c2867910d07bd0a5963b325aa7bf7dbb631c720c

SHA256
890ada229f5a11b7e04ae3e7071cc74efaa659fe4efb79f4163d59d2df3511eb

SHA512
c56c62471a050e74c6c0ed79e9dcc32c300caef2b247c6bd62d920dc8746509d5c63f50f5f9692c0380036c3bb7b58bd50aa2796ac3607ad41a03a9ff8025f2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
d06e198d7cf22dfd85113ee65960c0a8

SHA1
41931d553f3482afe15100b445fa3c7f0c77ee18

SHA256
5f2bbfa3f3e7667f53605e6716a1349730bb03676ff47006dd4cc1b0268921f1

SHA512
110d943e1ce7b87b0d6951901d4957decec2efd6ec68b717b7ecc7eb98d85c3f43aab09f83bc67d4dedbe43acbd4c5fd1f3722898df1258239fb04017c78f466

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b0989b2a-f4ea-412f-bdef-a2707b67718c.tmp

Filesize
7KB

MD5
2ae39e3fd7402a324c533149377b032a

SHA1
ba8ec32f1ab5faa5d30fb7d809dd3f8901d4c376

SHA256
57e581eed1af2a4bdeaf666e91bffd77f3dbaa8e5b6083a09de32a1c4bd52d64

SHA512
f51c9cc51ae281addd7ca7de7ceac744f30a11f2d808c0ac9522cd6c94599362421d2695d5c84b037874919c68f7c4d303f23e1b373228cbf9524878802c6e9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d1fbd734-8b94-4210-a2ea-1812320577cd.tmp

Filesize
8KB

MD5
8606c7e2d9bed8b406be60d6d17f0431

SHA1
3ee8d4b6b8a840878006f56e8dc3a03d26ad0814

SHA256
a3da674b66ea4f86238f602683248a0bedf24cb0d674603d05dca104978f229e

SHA512
5f36362a3b03e33e9421c0456de0086962f1aee2125c0a3c703ffbba4c95fde677b355a1215e293f6df2d49bff19cfbe8b52d489551e0e9587ea260c08d26e26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
281KB

MD5
a7faf3d068acf6d4598741859db9c559

SHA1
f559ec912845856283b579144898437e01a7efb7

SHA256
433cda0db2ce45467bf5691af54b4ef1cd4bf4c579cdb3b8e95ecac7b33d9eb3

SHA512
aecad52299dbda790c133ff67117f6b8fb34c0dce56102cadc49f9147a7af67871b13b21743af3a2cd239ed0ece43705783be65ba6667cc6f237ffa1948faac3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
94KB

MD5
86df38bfac18754b0e1570790ba29a5a

SHA1
f577d0d5c3cbc33df1eb5d5919d5be568436e9a6

SHA256
90ab3bfbc7b9987f91201872890e1703fdbf6fddbde31bd23c250bb185eb1fb1

SHA512
314e3fd4681de6fd4a7296207724bf4637a9991b8a35f3abdb19868aa1830ccd226d46bb5cc88ff3b91b482088446e846dab7e0c4385789f3ae6727b35dc841b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58f49c.TMP

Filesize
89KB

MD5
8e93253bc2d4b032e4aea1c8310c0c4e

SHA1
1ee06566ee5f848a4af2a029dae462ccf602db6a

SHA256
5646e4fa90df79f6f0c5c21e986157956fbf7cfe8fa9d9c8ea5bcdfec850706c

SHA512
66613266c7b3bbce4bc91aea5ccbe8e3926e410f55220b8d066409e19c93515943f43d7d5ba9e14ffa15147e6175aa7cfe11ac302f43f463eb519f7ff9e64b9f

Download Submit
C:\Users\Admin\Downloads\Nexus-MultiToolV4.zip.crdownload

Filesize
13.9MB

MD5
b89f5d06e6c15fa46a2e742c5ae258d5

SHA1
220ee01e6361446a6df3b65217f7c11d602321ba

SHA256
6b8033ec2038275f5480359438e93fb9346d1f1921a1abc38990a8b6b650d83d

SHA512
8117dc9e880f537f40a180b4c24774804b9517f4c6d34ad4743b032c5f7c9d935f0605cacfcf6453d3fe7a759988ac3d83da24abef156b169792290c6051c057

Download Submit