hxxps://www[.]mediafire[.]com/file/my8nlloviffc577/Nyx[.]zip/file

Analysis

max time kernel
547s
max time network
548s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09/08/2024, 22:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/my8nlloviffc577/Nyx.zip/file

Score

8^/10

discovery evasion persistence privilege_escalation trojan

Malware Config

Signatures

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection 1 TTPs 2 IoCs

persistence

Image File Execution Options Injection

T1546.012

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe

Checks computer location settings 2 TTPs 5 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation	CefSharp.BrowserSubprocess.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation	CefSharp.BrowserSubprocess.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation	CefSharp.BrowserSubprocess.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation	Nyx.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 25 IoCs

pid	Process
6052	Nyx.exe
1688	CefSharp.BrowserSubprocess.exe
1520	CefSharp.BrowserSubprocess.exe
4372	CefSharp.BrowserSubprocess.exe
5176	CefSharp.BrowserSubprocess.exe
5340	CefSharp.BrowserSubprocess.exe
700	CefSharp.BrowserSubprocess.exe
3632	CefSharp.BrowserSubprocess.exe
4148	CefSharp.BrowserSubprocess.exe
3908	CefSharp.BrowserSubprocess.exe
4804	CefSharp.BrowserSubprocess.exe
4432	RobloxPlayerInstaller.exe
2848	CefSharp.BrowserSubprocess.exe
2436	MicrosoftEdgeWebview2Setup.exe
916	MicrosoftEdgeUpdate.exe
3692	MicrosoftEdgeUpdate.exe
3796	MicrosoftEdgeUpdate.exe
1792	MicrosoftEdgeUpdateComRegisterShell64.exe
5424	MicrosoftEdgeUpdateComRegisterShell64.exe
5088	MicrosoftEdgeUpdateComRegisterShell64.exe
3188	MicrosoftEdgeUpdate.exe
4516	MicrosoftEdgeUpdate.exe
5596	MicrosoftEdgeUpdate.exe
1536	MicrosoftEdgeUpdate.exe
5500	CefSharp.BrowserSubprocess.exe

Loads dropped DLL 64 IoCs

pid	Process
6052	Nyx.exe
6052	Nyx.exe
6052	Nyx.exe
6052	Nyx.exe
6052	Nyx.exe
6052	Nyx.exe
1520	CefSharp.BrowserSubprocess.exe
1520	CefSharp.BrowserSubprocess.exe
1520	CefSharp.BrowserSubprocess.exe
1520	CefSharp.BrowserSubprocess.exe
1520	CefSharp.BrowserSubprocess.exe
1520	CefSharp.BrowserSubprocess.exe
1520	CefSharp.BrowserSubprocess.exe
1688	CefSharp.BrowserSubprocess.exe
1688	CefSharp.BrowserSubprocess.exe
4372	CefSharp.BrowserSubprocess.exe
4372	CefSharp.BrowserSubprocess.exe
4372	CefSharp.BrowserSubprocess.exe
4372	CefSharp.BrowserSubprocess.exe
4372	CefSharp.BrowserSubprocess.exe
1688	CefSharp.BrowserSubprocess.exe
1688	CefSharp.BrowserSubprocess.exe
4372	CefSharp.BrowserSubprocess.exe
4372	CefSharp.BrowserSubprocess.exe
1688	CefSharp.BrowserSubprocess.exe
1688	CefSharp.BrowserSubprocess.exe
1688	CefSharp.BrowserSubprocess.exe
1688	CefSharp.BrowserSubprocess.exe
1688	CefSharp.BrowserSubprocess.exe
1688	CefSharp.BrowserSubprocess.exe
1688	CefSharp.BrowserSubprocess.exe
5340	CefSharp.BrowserSubprocess.exe
5340	CefSharp.BrowserSubprocess.exe
5176	CefSharp.BrowserSubprocess.exe
5176	CefSharp.BrowserSubprocess.exe
5340	CefSharp.BrowserSubprocess.exe
5340	CefSharp.BrowserSubprocess.exe
5340	CefSharp.BrowserSubprocess.exe
5176	CefSharp.BrowserSubprocess.exe
5176	CefSharp.BrowserSubprocess.exe
5176	CefSharp.BrowserSubprocess.exe
5340	CefSharp.BrowserSubprocess.exe
5340	CefSharp.BrowserSubprocess.exe
5176	CefSharp.BrowserSubprocess.exe
5176	CefSharp.BrowserSubprocess.exe
700	CefSharp.BrowserSubprocess.exe
700	CefSharp.BrowserSubprocess.exe
700	CefSharp.BrowserSubprocess.exe
700	CefSharp.BrowserSubprocess.exe
700	CefSharp.BrowserSubprocess.exe
700	CefSharp.BrowserSubprocess.exe
700	CefSharp.BrowserSubprocess.exe
3632	CefSharp.BrowserSubprocess.exe
3632	CefSharp.BrowserSubprocess.exe
3632	CefSharp.BrowserSubprocess.exe
3632	CefSharp.BrowserSubprocess.exe
3632	CefSharp.BrowserSubprocess.exe
3632	CefSharp.BrowserSubprocess.exe
3632	CefSharp.BrowserSubprocess.exe
4148	CefSharp.BrowserSubprocess.exe
4148	CefSharp.BrowserSubprocess.exe
4148	CefSharp.BrowserSubprocess.exe
4148	CefSharp.BrowserSubprocess.exe
4148	CefSharp.BrowserSubprocess.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerInstaller.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
650	raw.githubusercontent.com
653	raw.githubusercontent.com

Network Service Discovery 1 TTPs 12 IoCs

Attempt to gather information on host's network.

discovery

Network Service Discovery

T1046

pid	Process
5500	CefSharp.BrowserSubprocess.exe
5340	CefSharp.BrowserSubprocess.exe
700	CefSharp.BrowserSubprocess.exe
4804	CefSharp.BrowserSubprocess.exe
2848	CefSharp.BrowserSubprocess.exe
3632	CefSharp.BrowserSubprocess.exe
4148	CefSharp.BrowserSubprocess.exe
3908	CefSharp.BrowserSubprocess.exe
1520	CefSharp.BrowserSubprocess.exe
4372	CefSharp.BrowserSubprocess.exe
1688	CefSharp.BrowserSubprocess.exe
5176	CefSharp.BrowserSubprocess.exe

Checks system information in the registry 2 TTPs 10 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	Nyx.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	Nyx.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\AvatarToolsShared\RoundedBackgroundRight.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\StudioToolbox\AssetPreview\Link_Arrow.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\Controls\xboxRSDirectional.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\Controls\PlayStationController\PS5\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\avatar\compositing\CompositShirtTemplate.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\DeveloperFramework\checkbox_unchecked_light.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\Settings\LeaveGame\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\ExtraContent\textures\ui\LuaChat\9-slice\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\InspectMenu\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\AppImageAtlas\img_set_2x_19.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\StudioToolbox\Banners\MonsterCat.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\Settings\Players\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\icon_star-16.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\RobloxNameIcon.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\TopBar\leaderboardOn.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\ExtraContent\textures\ui\Controls\DesignSystem\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\AnimationEditor\button_curve_editor.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\MaterialGenerator\Materials\Plastic.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\Controls\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\AnimationEditor\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ManageCollaborators\FriendIcon_dark.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\PublishPlaceAs\navigation_pushBack.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\ExtraContent\textures\ui\LuaChat\graphic\gr-mask-game-icon-48x48.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\Controls\XboxController\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\transformOneDegree.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\LayeredClothingEditor\Default_Preview_Animation.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\Controls\DefaultController\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\Scroll\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\ExtraContent\textures\ui\LuaChat\9-slice\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\TerrainTools\mtrl_snow_2022.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\Controls\DefaultController\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\AppImageAtlas\img_set_3x_1.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\ExtraContent\textures\ui\LuaApp\graphic\Auth\builderman.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\AvatarEditorImages\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\PathEditor\Tangent_Handle_Selected.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\StudioSharedUI\dropShadow.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\Settings\Help\UseToolGesture.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\TerrainTools\sliderbar_button.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\ExtraContent\textures\ui\LuaChat\9-slice\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\fonts\Fondamento-Italic.ttf	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\DeveloperFramework\button_arrow_right.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\AlignTool\button_min_24.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\AvatarEditorImages\LightPixel.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ControlsEmulator\XBox_Light.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\R15Migrator\Icon_ScriptConversionTab.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\ExtraContent\textures\ui\LuaApp\graphic\gr-avatar-frame-36x36.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\Controls\XboxController\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\ExtraContent\textures\ui\LuaApp\icons\ic-more-inventory.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\ExtraContent\textures\ui\LuaChat\icons\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\fonts\families\Montserrat.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\TagEditor\VisibilityOnDarkTheme.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\PlayerList\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\Settings\Radial\BottomLeftSelected.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\TopBar\leaderboardOff.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\ExtraContent\textures\ui\LuaChat\graphic\friendmask.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\fonts\SourceSansPro-Light.ttf	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\InspectMenu\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\DeveloperStorybook\Folder.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\StudioToolbox\Voting\thumb-down.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\InspectMenu\Button_white.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\LoadingScreen\BackgroundLight.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\StudioSharedUI\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\PurchasePrompt\SingleButtonDown.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\VoiceChat\[email protected]	RobloxPlayerInstaller.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 22 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CefSharp.BrowserSubprocess.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeWebview2Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CefSharp.BrowserSubprocess.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CefSharp.BrowserSubprocess.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CefSharp.BrowserSubprocess.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CefSharp.BrowserSubprocess.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CefSharp.BrowserSubprocess.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CefSharp.BrowserSubprocess.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxPlayerInstaller.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CefSharp.BrowserSubprocess.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CefSharp.BrowserSubprocess.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CefSharp.BrowserSubprocess.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CefSharp.BrowserSubprocess.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Nyx.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CefSharp.BrowserSubprocess.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
3188	MicrosoftEdgeUpdate.exe
1536	MicrosoftEdgeUpdate.exe

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Enumerates system info in registry 2 TTPs 8 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Nyx.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	Nyx.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	Nyx.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerInstaller.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerInstaller.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerInstaller.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	Nyx.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133677161304587467"	Nyx.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\NumMethods\ = "23"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachineFallback.1.0\CLSID\ = "{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusSvc\ = "Google Update Policy Status Class"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ = "IJobObserver2"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\ProgID\ = "MicrosoftEdgeUpdate.Update3WebMachine.1.0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\NumMethods\ = "4"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\URL Protocol	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8F09CD6C-5964-4573-82E3-EBFF7702865B}\ = "Microsoft Edge Update Core Class"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ = "IGoogleUpdate"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods\ = "8"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ = "ICurrentState"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\msedgeupdate.dll,-1004"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ = "IPolicyStatus"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ = "IAppBundleWeb"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\NumMethods\ = "26"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ = "IJobObserver2"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\LOCALSERVER32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.Update3WebMachine"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ = "IAppVersion"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ = "IPackage"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\LocalServer32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8F09CD6C-5964-4573-82E3-EBFF7702865B}\VersionIndependentProgID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{08D832B9-D2FD-481F-98CF-904D00DF63CC}	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\PROGID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.CoreMachineClass"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1194130065-3471212556-1656947724-1000\{24BBCF09-C455-43B7-981D-CBC276175DE8}	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}\ = "Microsoft Edge Update Update3Web"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\NumMethods\ = "24"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachineFallback\CurVer\ = "MicrosoftEdgeUpdate.PolicyStatusMachineFallback.1.0"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\MicrosoftEdgeUpdate.exe\AppID = "{A6B716CB-028B-404D-B72C-50E153DD68DA}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusSvc.1.0\ = "Google Update Policy Status Class"	MicrosoftEdgeUpdate.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\Nyx.zip:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 38 IoCs

pid	Process
6052	Nyx.exe
6052	Nyx.exe
1520	CefSharp.BrowserSubprocess.exe
1520	CefSharp.BrowserSubprocess.exe
1688	CefSharp.BrowserSubprocess.exe
1688	CefSharp.BrowserSubprocess.exe
4372	CefSharp.BrowserSubprocess.exe
4372	CefSharp.BrowserSubprocess.exe
5340	CefSharp.BrowserSubprocess.exe
5340	CefSharp.BrowserSubprocess.exe
5176	CefSharp.BrowserSubprocess.exe
5176	CefSharp.BrowserSubprocess.exe
700	CefSharp.BrowserSubprocess.exe
700	CefSharp.BrowserSubprocess.exe
2988	chrome.exe
2988	chrome.exe
3632	CefSharp.BrowserSubprocess.exe
3632	CefSharp.BrowserSubprocess.exe
4148	CefSharp.BrowserSubprocess.exe
4148	CefSharp.BrowserSubprocess.exe
3908	CefSharp.BrowserSubprocess.exe
3908	CefSharp.BrowserSubprocess.exe
3908	CefSharp.BrowserSubprocess.exe
3908	CefSharp.BrowserSubprocess.exe
4804	CefSharp.BrowserSubprocess.exe
4804	CefSharp.BrowserSubprocess.exe
5640	chrome.exe
5640	chrome.exe
5640	chrome.exe
5640	chrome.exe
2848	CefSharp.BrowserSubprocess.exe
2848	CefSharp.BrowserSubprocess.exe
4432	RobloxPlayerInstaller.exe
4432	RobloxPlayerInstaller.exe
916	MicrosoftEdgeUpdate.exe
916	MicrosoftEdgeUpdate.exe
5500	CefSharp.BrowserSubprocess.exe
5500	CefSharp.BrowserSubprocess.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4588	firefox.exe
Token: SeDebugPrivilege	4588	firefox.exe
Token: SeDebugPrivilege	4588	firefox.exe
Token: SeDebugPrivilege	4588	firefox.exe
Token: SeDebugPrivilege	4588	firefox.exe
Token: SeDebugPrivilege	4588	firefox.exe
Token: SeDebugPrivilege	4588	firefox.exe
Token: SeRestorePrivilege	3840	7zG.exe
Token: 35	3840	7zG.exe
Token: SeSecurityPrivilege	3840	7zG.exe
Token: SeSecurityPrivilege	3840	7zG.exe
Token: SeDebugPrivilege	6052	Nyx.exe
Token: SeDebugPrivilege	1520	CefSharp.BrowserSubprocess.exe
Token: SeDebugPrivilege	1688	CefSharp.BrowserSubprocess.exe
Token: SeDebugPrivilege	4372	CefSharp.BrowserSubprocess.exe
Token: SeShutdownPrivilege	6052	Nyx.exe
Token: SeCreatePagefilePrivilege	6052	Nyx.exe
Token: SeDebugPrivilege	5340	CefSharp.BrowserSubprocess.exe
Token: SeDebugPrivilege	5176	CefSharp.BrowserSubprocess.exe
Token: SeShutdownPrivilege	6052	Nyx.exe
Token: SeCreatePagefilePrivilege	6052	Nyx.exe
Token: SeShutdownPrivilege	6052	Nyx.exe
Token: SeCreatePagefilePrivilege	6052	Nyx.exe
Token: SeDebugPrivilege	700	CefSharp.BrowserSubprocess.exe
Token: SeShutdownPrivilege	6052	Nyx.exe
Token: SeCreatePagefilePrivilege	6052	Nyx.exe
Token: SeShutdownPrivilege	6052	Nyx.exe
Token: SeCreatePagefilePrivilege	6052	Nyx.exe
Token: SeShutdownPrivilege	6052	Nyx.exe
Token: SeCreatePagefilePrivilege	6052	Nyx.exe
Token: SeShutdownPrivilege	6052	Nyx.exe
Token: SeCreatePagefilePrivilege	6052	Nyx.exe
Token: SeShutdownPrivilege	6052	Nyx.exe
Token: SeCreatePagefilePrivilege	6052	Nyx.exe
Token: SeShutdownPrivilege	6052	Nyx.exe
Token: SeCreatePagefilePrivilege	6052	Nyx.exe
Token: SeShutdownPrivilege	6052	Nyx.exe
Token: SeCreatePagefilePrivilege	6052	Nyx.exe
Token: SeShutdownPrivilege	6052	Nyx.exe
Token: SeCreatePagefilePrivilege	6052	Nyx.exe
Token: SeShutdownPrivilege	6052	Nyx.exe
Token: SeCreatePagefilePrivilege	6052	Nyx.exe
Token: SeShutdownPrivilege	6052	Nyx.exe
Token: SeCreatePagefilePrivilege	6052	Nyx.exe
Token: SeShutdownPrivilege	6052	Nyx.exe
Token: SeCreatePagefilePrivilege	6052	Nyx.exe
Token: SeShutdownPrivilege	6052	Nyx.exe
Token: SeCreatePagefilePrivilege	6052	Nyx.exe
Token: SeShutdownPrivilege	6052	Nyx.exe
Token: SeCreatePagefilePrivilege	6052	Nyx.exe
Token: SeShutdownPrivilege	6052	Nyx.exe
Token: SeCreatePagefilePrivilege	6052	Nyx.exe
Token: SeShutdownPrivilege	6052	Nyx.exe
Token: SeCreatePagefilePrivilege	6052	Nyx.exe
Token: SeShutdownPrivilege	6052	Nyx.exe
Token: SeCreatePagefilePrivilege	6052	Nyx.exe
Token: SeShutdownPrivilege	6052	Nyx.exe
Token: SeCreatePagefilePrivilege	6052	Nyx.exe
Token: SeShutdownPrivilege	6052	Nyx.exe
Token: SeCreatePagefilePrivilege	6052	Nyx.exe
Token: SeShutdownPrivilege	6052	Nyx.exe
Token: SeCreatePagefilePrivilege	6052	Nyx.exe
Token: SeShutdownPrivilege	6052	Nyx.exe
Token: SeCreatePagefilePrivilege	6052	Nyx.exe

Suspicious use of FindShellTrayWindow 58 IoCs

pid	Process
4588	firefox.exe
4588	firefox.exe
4588	firefox.exe
4588	firefox.exe
4588	firefox.exe
4588	firefox.exe
4588	firefox.exe
4588	firefox.exe
4588	firefox.exe
4588	firefox.exe
4588	firefox.exe
4588	firefox.exe
4588	firefox.exe
4588	firefox.exe
4588	firefox.exe
4588	firefox.exe
4588	firefox.exe
4588	firefox.exe
4588	firefox.exe
4588	firefox.exe
4588	firefox.exe
4588	firefox.exe
3840	7zG.exe
6052	Nyx.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe

Suspicious use of SendNotifyMessage 44 IoCs

pid	Process
4588	firefox.exe
4588	firefox.exe
4588	firefox.exe
4588	firefox.exe
4588	firefox.exe
4588	firefox.exe
4588	firefox.exe
4588	firefox.exe
4588	firefox.exe
4588	firefox.exe
4588	firefox.exe
4588	firefox.exe
4588	firefox.exe
4588	firefox.exe
4588	firefox.exe
4588	firefox.exe
4588	firefox.exe
4588	firefox.exe
4588	firefox.exe
4588	firefox.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
4588	firefox.exe
4588	firefox.exe
4588	firefox.exe
4588	firefox.exe
4588	firefox.exe
4588	firefox.exe
4588	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5016 wrote to memory of 4588	5016	firefox.exe	85
PID 5016 wrote to memory of 4588	5016	firefox.exe	85
PID 5016 wrote to memory of 4588	5016	firefox.exe	85
PID 5016 wrote to memory of 4588	5016	firefox.exe	85
PID 5016 wrote to memory of 4588	5016	firefox.exe	85
PID 5016 wrote to memory of 4588	5016	firefox.exe	85
PID 5016 wrote to memory of 4588	5016	firefox.exe	85
PID 5016 wrote to memory of 4588	5016	firefox.exe	85
PID 5016 wrote to memory of 4588	5016	firefox.exe	85
PID 5016 wrote to memory of 4588	5016	firefox.exe	85
PID 5016 wrote to memory of 4588	5016	firefox.exe	85
PID 4588 wrote to memory of 4028	4588	firefox.exe	86
PID 4588 wrote to memory of 4028	4588	firefox.exe	86
PID 4588 wrote to memory of 4028	4588	firefox.exe	86
PID 4588 wrote to memory of 4028	4588	firefox.exe	86
PID 4588 wrote to memory of 4028	4588	firefox.exe	86
PID 4588 wrote to memory of 4028	4588	firefox.exe	86
PID 4588 wrote to memory of 4028	4588	firefox.exe	86
PID 4588 wrote to memory of 4028	4588	firefox.exe	86
PID 4588 wrote to memory of 4028	4588	firefox.exe	86
PID 4588 wrote to memory of 4028	4588	firefox.exe	86
PID 4588 wrote to memory of 4028	4588	firefox.exe	86
PID 4588 wrote to memory of 4028	4588	firefox.exe	86
PID 4588 wrote to memory of 4028	4588	firefox.exe	86
PID 4588 wrote to memory of 4028	4588	firefox.exe	86
PID 4588 wrote to memory of 4028	4588	firefox.exe	86
PID 4588 wrote to memory of 4028	4588	firefox.exe	86
PID 4588 wrote to memory of 4028	4588	firefox.exe	86
PID 4588 wrote to memory of 4028	4588	firefox.exe	86
PID 4588 wrote to memory of 4028	4588	firefox.exe	86
PID 4588 wrote to memory of 4028	4588	firefox.exe	86
PID 4588 wrote to memory of 4028	4588	firefox.exe	86
PID 4588 wrote to memory of 4028	4588	firefox.exe	86
PID 4588 wrote to memory of 4028	4588	firefox.exe	86
PID 4588 wrote to memory of 4028	4588	firefox.exe	86
PID 4588 wrote to memory of 4028	4588	firefox.exe	86
PID 4588 wrote to memory of 4028	4588	firefox.exe	86
PID 4588 wrote to memory of 4028	4588	firefox.exe	86
PID 4588 wrote to memory of 4028	4588	firefox.exe	86
PID 4588 wrote to memory of 4028	4588	firefox.exe	86
PID 4588 wrote to memory of 4028	4588	firefox.exe	86
PID 4588 wrote to memory of 4028	4588	firefox.exe	86
PID 4588 wrote to memory of 4028	4588	firefox.exe	86
PID 4588 wrote to memory of 4028	4588	firefox.exe	86
PID 4588 wrote to memory of 4028	4588	firefox.exe	86
PID 4588 wrote to memory of 4028	4588	firefox.exe	86
PID 4588 wrote to memory of 4028	4588	firefox.exe	86
PID 4588 wrote to memory of 4028	4588	firefox.exe	86
PID 4588 wrote to memory of 4028	4588	firefox.exe	86
PID 4588 wrote to memory of 4028	4588	firefox.exe	86
PID 4588 wrote to memory of 4028	4588	firefox.exe	86
PID 4588 wrote to memory of 4028	4588	firefox.exe	86
PID 4588 wrote to memory of 4028	4588	firefox.exe	86
PID 4588 wrote to memory of 4028	4588	firefox.exe	86
PID 4588 wrote to memory of 4028	4588	firefox.exe	86
PID 4588 wrote to memory of 4028	4588	firefox.exe	86
PID 4588 wrote to memory of 2232	4588	firefox.exe	87
PID 4588 wrote to memory of 2232	4588	firefox.exe	87
PID 4588 wrote to memory of 2232	4588	firefox.exe	87
PID 4588 wrote to memory of 2232	4588	firefox.exe	87
PID 4588 wrote to memory of 2232	4588	firefox.exe	87
PID 4588 wrote to memory of 2232	4588	firefox.exe	87
PID 4588 wrote to memory of 2232	4588	firefox.exe	87
PID 4588 wrote to memory of 2232	4588	firefox.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://www.mediafire.com/file/my8nlloviffc577/Nyx.zip/file"
1⤵
- Suspicious use of WriteProcessMemory
PID:5016
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://www.mediafire.com/file/my8nlloviffc577/Nyx.zip/file
  2⤵
  - Checks processor information in registry
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4588
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2008 -parentBuildID 20240401114208 -prefsHandle 1924 -prefMapHandle 1916 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c68b28df-2081-44d4-bbe6-10af658a2b3c} 4588 "\\.\pipe\gecko-crash-server-pipe.4588" gpu
    3⤵
    PID:4028
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2448 -parentBuildID 20240401114208 -prefsHandle 2304 -prefMapHandle 2024 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a73fa6c-3f90-49c8-923c-ac61eca18026} 4588 "\\.\pipe\gecko-crash-server-pipe.4588" socket
    3⤵
    - Checks processor information in registry
    PID:2232
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3180 -childID 1 -isForBrowser -prefsHandle 3204 -prefMapHandle 3172 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ddf5987c-824d-4a0a-856c-97facd19d5ac} 4588 "\\.\pipe\gecko-crash-server-pipe.4588" tab
    3⤵
    PID:2968
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3684 -childID 2 -isForBrowser -prefsHandle 3664 -prefMapHandle 2744 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d69df287-c89a-40db-be81-111bd5a1a999} 4588 "\\.\pipe\gecko-crash-server-pipe.4588" tab
    3⤵
    PID:2212
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4840 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4832 -prefMapHandle 4816 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1532f52-cc36-4760-b606-7058d64f2ee2} 4588 "\\.\pipe\gecko-crash-server-pipe.4588" utility
    3⤵
    - Checks processor information in registry
    PID:4432
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5384 -childID 3 -isForBrowser -prefsHandle 5400 -prefMapHandle 5372 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8aa5c711-063d-40b7-9e5d-c3d4096f039f} 4588 "\\.\pipe\gecko-crash-server-pipe.4588" tab
    3⤵
    PID:2264
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5520 -childID 4 -isForBrowser -prefsHandle 5528 -prefMapHandle 5532 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7093d9b9-a6c4-4382-90d6-f43cbdea74d5} 4588 "\\.\pipe\gecko-crash-server-pipe.4588" tab
    3⤵
    PID:3864
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5728 -childID 5 -isForBrowser -prefsHandle 5808 -prefMapHandle 5804 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8adf5569-3fab-4a3e-9801-6f19f0a266da} 4588 "\\.\pipe\gecko-crash-server-pipe.4588" tab
    3⤵
    PID:3708
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6068 -parentBuildID 20240401114208 -prefsHandle 6212 -prefMapHandle 6196 -prefsLen 29278 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd3ce2d1-78e7-47f0-8cdd-c5872f37a2a7} 4588 "\\.\pipe\gecko-crash-server-pipe.4588" rdd
    3⤵
    PID:1240
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6364 -childID 6 -isForBrowser -prefsHandle 6736 -prefMapHandle 4692 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b4396b0-fafc-49d8-b4ff-3cbe06d1bfc1} 4588 "\\.\pipe\gecko-crash-server-pipe.4588" tab
    3⤵
    PID:5388
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6884 -childID 7 -isForBrowser -prefsHandle 6892 -prefMapHandle 6896 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1299b061-baf7-4d15-9263-11aa61bc7d31} 4588 "\\.\pipe\gecko-crash-server-pipe.4588" tab
    3⤵
    PID:5400
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7236 -childID 8 -isForBrowser -prefsHandle 7228 -prefMapHandle 7224 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c47111a3-4d78-4fec-b23b-1547751c0757} 4588 "\\.\pipe\gecko-crash-server-pipe.4588" tab
    3⤵
    PID:5856
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7364 -childID 9 -isForBrowser -prefsHandle 7372 -prefMapHandle 7376 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2537697-609b-414e-aa7a-270e2c1f519a} 4588 "\\.\pipe\gecko-crash-server-pipe.4588" tab
    3⤵
    PID:5868
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7652 -childID 10 -isForBrowser -prefsHandle 7572 -prefMapHandle 7580 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cbc1e2d6-37f6-4afc-8ec1-b00282bdc329} 4588 "\\.\pipe\gecko-crash-server-pipe.4588" tab
    3⤵
    PID:5880
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1552 -childID 11 -isForBrowser -prefsHandle 3588 -prefMapHandle 3808 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {48b32467-63c4-4da4-b0ae-bf3121524c99} 4588 "\\.\pipe\gecko-crash-server-pipe.4588" tab
    3⤵
    PID:5624
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5788 -childID 12 -isForBrowser -prefsHandle 7620 -prefMapHandle 6760 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f0111c6-9dc1-4548-906a-409e1b7e8adc} 4588 "\\.\pipe\gecko-crash-server-pipe.4588" tab
    3⤵
    PID:5676
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1376 -childID 13 -isForBrowser -prefsHandle 2976 -prefMapHandle 2972 -prefsLen 30509 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2cf64e40-4379-4778-ae61-ff815dfd8f1e} 4588 "\\.\pipe\gecko-crash-server-pipe.4588" tab
    3⤵
    PID:5616
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5868 -childID 14 -isForBrowser -prefsHandle 3200 -prefMapHandle 6780 -prefsLen 28054 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {89f8ec25-8e17-43d4-a028-dfe4e33715c6} 4588 "\\.\pipe\gecko-crash-server-pipe.4588" tab
    3⤵
    PID:2772
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5392 -childID 15 -isForBrowser -prefsHandle 5480 -prefMapHandle 2960 -prefsLen 28054 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5494c12e-2619-48c8-bbde-3d581e704e53} 4588 "\\.\pipe\gecko-crash-server-pipe.4588" tab
    3⤵
    PID:5444

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:556

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Nyx\" -spe -an -ai#7zMap81:68:7zEvent24479
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3840

C:\Users\Admin\Downloads\Nyx\Nyx.exe
"C:\Users\Admin\Downloads\Nyx\Nyx.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:6052
- C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\CefSharp.BrowserSubprocess.exe
  "C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\CefSharp.BrowserSubprocess.exe" --type=gpu-process --no-sandbox --enable-chrome-runtime --user-data-dir="C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache" --locales-dir-path="C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\locales" --resources-dir-path="C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp" --cefsharpexitsub --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2840,i,9173616039470690782,2726823705084566634,262144 --disable-features=EnableHangWatcher --variations-seed-version --enable-logging=handle --log-file=2848 --mojo-platform-channel-handle=2836 /prefetch:2 --host-process-id=6052
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Network Service Discovery
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1688
- C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\CefSharp.BrowserSubprocess.exe
  "C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --enable-chrome-runtime --user-data-dir="C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache" --locales-dir-path="C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\locales" --resources-dir-path="C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp" --cefsharpexitsub --field-trial-handle=2972,i,9173616039470690782,2726823705084566634,262144 --disable-features=EnableHangWatcher --variations-seed-version --enable-logging=handle --log-file=3020 --mojo-platform-channel-handle=2940 /prefetch:3 --host-process-id=6052
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Network Service Discovery
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1520
- C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\CefSharp.BrowserSubprocess.exe
  "C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --enable-chrome-runtime --user-data-dir="C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache" --locales-dir-path="C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\locales" --resources-dir-path="C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp" --cefsharpexitsub --field-trial-handle=3084,i,9173616039470690782,2726823705084566634,262144 --disable-features=EnableHangWatcher --variations-seed-version --enable-logging=handle --log-file=3104 --mojo-platform-channel-handle=3092 /prefetch:8 --host-process-id=6052
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Network Service Discovery
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4372
- C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\CefSharp.BrowserSubprocess.exe
  "C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\CefSharp.BrowserSubprocess.exe" --type=renderer --enable-chrome-runtime --user-data-dir="C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache" --locales-dir-path="C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\locales" --resources-dir-path="C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp" --cefsharpexitsub --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=4896,i,9173616039470690782,2726823705084566634,262144 --disable-features=EnableHangWatcher --variations-seed-version --enable-logging=handle --log-file=4932 --mojo-platform-channel-handle=4928 --host-process-id=6052 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Network Service Discovery
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:5340
- C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\CefSharp.BrowserSubprocess.exe
  "C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\CefSharp.BrowserSubprocess.exe" --type=renderer --enable-chrome-runtime --user-data-dir="C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache" --locales-dir-path="C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\locales" --resources-dir-path="C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp" --cefsharpexitsub --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=4904,i,9173616039470690782,2726823705084566634,262144 --disable-features=EnableHangWatcher --variations-seed-version --enable-logging=handle --log-file=5148 --mojo-platform-channel-handle=5140 --host-process-id=6052 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Network Service Discovery
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:5176
- C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\CefSharp.BrowserSubprocess.exe
  "C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-sandbox --enable-chrome-runtime --user-data-dir="C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache" --locales-dir-path="C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\locales" --resources-dir-path="C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp" --cefsharpexitsub --field-trial-handle=5552,i,9173616039470690782,2726823705084566634,262144 --disable-features=EnableHangWatcher --variations-seed-version --enable-logging=handle --log-file=5544 --mojo-platform-channel-handle=5540 /prefetch:8 --host-process-id=6052
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Network Service Discovery
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:700
- C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\CefSharp.BrowserSubprocess.exe
  "C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-sandbox --enable-chrome-runtime --user-data-dir="C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache" --locales-dir-path="C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\locales" --resources-dir-path="C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp" --cefsharpexitsub --field-trial-handle=6088,i,9173616039470690782,2726823705084566634,262144 --disable-features=EnableHangWatcher --variations-seed-version --enable-logging=handle --log-file=5944 --mojo-platform-channel-handle=5952 /prefetch:8 --host-process-id=6052
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Network Service Discovery
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:3632
- C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\CefSharp.BrowserSubprocess.exe
  "C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-sandbox --enable-chrome-runtime --user-data-dir="C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache" --locales-dir-path="C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\locales" --resources-dir-path="C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp" --cefsharpexitsub --field-trial-handle=5964,i,9173616039470690782,2726823705084566634,262144 --disable-features=EnableHangWatcher --variations-seed-version --enable-logging=handle --log-file=5972 --mojo-platform-channel-handle=5940 /prefetch:8 --host-process-id=6052
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Network Service Discovery
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:4148
- C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\CefSharp.BrowserSubprocess.exe
  "C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\CefSharp.BrowserSubprocess.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-sandbox --enable-chrome-runtime --user-data-dir="C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache" --locales-dir-path="C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\locales" --resources-dir-path="C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp" --cefsharpexitsub --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4332,i,9173616039470690782,2726823705084566634,262144 --disable-features=EnableHangWatcher --variations-seed-version --enable-logging=handle --log-file=5952 --mojo-platform-channel-handle=5528 /prefetch:8 --host-process-id=6052
  2⤵
  - Executes dropped EXE
  - Network Service Discovery
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:3908
- C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\CefSharp.BrowserSubprocess.exe
  "C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-sandbox --enable-chrome-runtime --user-data-dir="C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache" --locales-dir-path="C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\locales" --resources-dir-path="C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp" --cefsharpexitsub --field-trial-handle=5972,i,9173616039470690782,2726823705084566634,262144 --disable-features=EnableHangWatcher --variations-seed-version --enable-logging=handle --log-file=6116 --mojo-platform-channel-handle=5980 /prefetch:8 --host-process-id=6052
  2⤵
  - Executes dropped EXE
  - Network Service Discovery
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:4804
- C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\CefSharp.BrowserSubprocess.exe
  "C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-sandbox --enable-chrome-runtime --user-data-dir="C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache" --locales-dir-path="C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\locales" --resources-dir-path="C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp" --cefsharpexitsub --field-trial-handle=964,i,9173616039470690782,2726823705084566634,262144 --disable-features=EnableHangWatcher --variations-seed-version --enable-logging=handle --log-file=6140 --mojo-platform-channel-handle=5984 /prefetch:8 --host-process-id=6052
  2⤵
  - Executes dropped EXE
  - Network Service Discovery
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:2848
- C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\CefSharp.BrowserSubprocess.exe
  "C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-sandbox --enable-chrome-runtime --user-data-dir="C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache" --locales-dir-path="C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\locales" --resources-dir-path="C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp" --cefsharpexitsub --field-trial-handle=4224,i,9173616039470690782,2726823705084566634,262144 --disable-features=EnableHangWatcher --variations-seed-version --enable-logging=handle --log-file=1304 --mojo-platform-channel-handle=6140 /prefetch:8 --host-process-id=6052
  2⤵
  - Executes dropped EXE
  - Network Service Discovery
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:5500

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2384

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:4512

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffc28c2cc40,0x7ffc28c2cc4c,0x7ffc28c2cc58
  2⤵
  PID:4048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1848,i,15415260879838010761,8021987062202762183,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1844 /prefetch:2
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1380,i,15415260879838010761,8021987062202762183,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1944 /prefetch:3
  2⤵
  PID:5160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2284,i,15415260879838010761,8021987062202762183,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2312 /prefetch:8
  2⤵
  PID:5204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,15415260879838010761,8021987062202762183,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:5948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3312,i,15415260879838010761,8021987062202762183,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4596,i,15415260879838010761,8021987062202762183,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4584 /prefetch:1
  2⤵
  PID:5588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4412,i,15415260879838010761,8021987062202762183,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:5804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4476,i,15415260879838010761,8021987062202762183,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3724 /prefetch:8
  2⤵
  PID:1536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4076,i,15415260879838010761,8021987062202762183,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5008 /prefetch:8
  2⤵
  PID:4144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5036,i,15415260879838010761,8021987062202762183,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4072 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5176,i,15415260879838010761,8021987062202762183,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5388,i,15415260879838010761,8021987062202762183,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5308 /prefetch:8
  2⤵
  PID:2600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5304,i,15415260879838010761,8021987062202762183,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5400 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5124,i,15415260879838010761,8021987062202762183,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:1328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5264,i,15415260879838010761,8021987062202762183,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5236 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:5640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4936,i,15415260879838010761,8021987062202762183,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5716 /prefetch:8
  2⤵
  PID:5148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5392,i,15415260879838010761,8021987062202762183,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5648 /prefetch:8
  2⤵
  PID:5948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5200,i,15415260879838010761,8021987062202762183,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5028 /prefetch:8
  2⤵
  PID:708

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3016

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
1⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:4432
- C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
  MicrosoftEdgeWebview2Setup.exe /silent /install
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2436
- - C:\Program Files (x86)\Microsoft\Temp\EUD36B.tmp\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\Temp\EUD36B.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
    3⤵
    - Event Triggered Execution: Image File Execution Options Injection
    - Checks computer location settings
    - Executes dropped EXE
    - Checks system information in the registry
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:916
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:3692
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:3796
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:1792
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:5424
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:5088
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7Q0IxMzIzMTgtNUJDMi00RDBELTlGM0YtOUU0QUZCMUY4QUM4fSIgdXNlcmlkPSJ7RTQ4MTY0OTgtMUMxMi00NDUyLTlBOTItRDA4QzVGNzI4Njg3fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InswMTZCNzVDQy1ENzc1LTQzNDYtODE5My02RkI0QTA3QTE1NUF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE5NS4xNSIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk1MTczMTc3MDciIGluc3RhbGxfdGltZV9tcz0iNDQ2Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
      4⤵
      Executes dropped EXE
      Checks system information in the registry
      System Location Discovery: System Language Discovery
      System Network Configuration Discovery: Internet Connection Discovery
      PID:3188
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{CB132318-5BC2-4D0D-9F3F-9E4AFB1F8AC8}" /silent
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:4516

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Checks system information in the registry
- System Location Discovery: System Language Discovery
PID:5596
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7Q0IxMzIzMTgtNUJDMi00RDBELTlGM0YtOUU0QUZCMUY4QUM4fSIgdXNlcmlkPSJ7RTQ4MTY0OTgtMUMxMi00NDUyLTlBOTItRDA4QzVGNzI4Njg3fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins4Qjk3NzcyMS1GQkUyLTQxQ0YtODA5Qy00OUExNjdCOUNDQkN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIG5leHR2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk1MjI2Mjc4OTAiLz48L2FwcD48L3JlcXVlc3Q-
  2⤵
  - Executes dropped EXE
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:1536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Network Service Discovery

T1046

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

Filesize
201KB

MD5
4dc57ab56e37cd05e81f0d8aaafc5179

SHA1
494a90728d7680f979b0ad87f09b5b58f16d1cd5

SHA256
87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718

SHA512
320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

Download Submit
C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

Filesize
5.5MB

MD5
9f1edaf7fec140c4fbf752bceb8faee9

SHA1
446e908ae656e01c864606d2cef06ed8abd96fb3

SHA256
810a386924e8aeb9ad6a432067a96b9af05b2070b4a034b28c6d715d99740666

SHA512
2a97bdf30878cabc8460b26baa810fce2f06e649a98937c4112e674ddec24a3cab259b820fd6a382a11cb7d8167b33ebe28ae7e10338a283b299b9c5a4951f0e

Download Submit
C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping6052_1573284045\manifest.json

Filesize
300B

MD5
01f3de10093b3b262105724e85817fa6

SHA1
97dee66ece41b53a27cbd4579f44c204e35d19d6

SHA256
be1b2d4b5880584961c46ec8ed276b6ee43ea595da56720268e05bd3d5c95340

SHA512
9646b13e23c4214bcc45715fbc60eb9afb29f934d5d33b3471ee89a6f399a68d83b5bdff14748f73ce6a7c2c9fdce782a4ce849f855a900514636b529e9b400f

Download Submit
C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping6052_1714168205\manifest.fingerprint

Filesize
66B

MD5
57012f0588deb5dfaafa7ced4107cd2a

SHA1
b6ac783d3ece395c15741847bdd028fc882ed74d

SHA256
ee0c17e0e32e387bedf020cad1483625b02f00ce51009661cd5fbf538e6e22ee

SHA512
96fc7b453c187f11446b64cc07da842cee73c84a5c2afd7271fcd65c2b463000180a90933e04c99bb5938603b97a8e75eaa9a707b25063b37b9b6076275b2738

Download Submit
C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping6052_1714168205\manifest.json

Filesize
96B

MD5
86adf8bb2dc9269a5b7313d84c152051

SHA1
56399efb0ba8b2836276c7bef3b953b807b08c40

SHA256
2860e6bbea4e667cc37ef397846ccc5f67bd8735da8f99f0dcdb57b799fb806f

SHA512
b467f236ecbf029cbaec433cc1b8b708a1fc6204348a82139808b6fd906755c1fb250a12a903720f87ae2852ebec26249d6b80f77ae3d7f081f85beb5e0946a5

Download Submit
C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping6052_173108980\manifest.json

Filesize
984B

MD5
0359d5b66d73a97ce5dc9f89ed84c458

SHA1
ce17e52eaac909dd63d16d93410de675d3e6ec0d

SHA256
beeab2f8d3833839399dde15ce9085c17b304445577d21333e883d6db6d0b755

SHA512
8fd94a098a4ab5c0fcd48c2cef2bb03328dd4d25c899bf5ed1ca561347d74a8aab8a214ba2d3180a86df72c52eb26987a44631d0ecd9edc84976c28d6c9dc16a

Download Submit
C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping6052_2094304188\manifest.json

Filesize
95B

MD5
40afbdf2c25958c94c91fc2704dd5bd1

SHA1
3048ae9740518a279e2c0c8a20a7fb17aaca050c

SHA256
57449b0ef36c0ca9d15eeab1595099519de04a4d04de7f3f81ef6627175ab570

SHA512
ba39bde5f88ae713475332a7168a39c39df03bd471e15eb1f5b620804617ff4f33e53f72d6d756e01a99136ed25bc9a29f99f1a4ff5b124da54a13e7fdc61f32

Download Submit
C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping6052_756244130\manifest.json

Filesize
111B

MD5
225c08f039684dfb54aac162dd9d5b9e

SHA1
426bd1044bfcd5e1a10b58ed1f217a6b33b2e9c3

SHA256
98306b21c0aaf9546301f4ab7fed785dc369c67e2fd2ad4d62fc63f072a51e3c

SHA512
d6ff6cea0c08d13a642996a110432792048d21160c04543fbcacc60abcde362318e13a42fcd7520bc7673e98544a68a3eb6cc4338f4f4d8e90e0dfd5c40b77b7

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
180KB

MD5
61b91b6d83cd66e39573f4bafee545c0

SHA1
4495f8e318d2caa62cf083108baad9f4a742654d

SHA256
c9090a7cf303a4f46ef527f596d9048040a585a700c03baf3cb1469f1db62db9

SHA512
75752e5283f89a23e31d179de9a03c9a7ee960ddc274ec005a28c4601ea9a7392f98f9513c60adec41988baa04c2a38343fa8c55472cf074fba452e08a6c6c90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
fdc75b8b511aab6ebf666701f6952343

SHA1
635240577c9ba3a55d50d85ee417268b3ac65692

SHA256
a0e471a3072ab0c5bf57977f6c7cb8177fed42715ea46a2250591de42201a265

SHA512
81780fd7e904a3a152edfe97e780b8993f722e0430ce74f8998074125dcb241b83346ab5c8d0a8c9110e77f9e1afaeefb94f5d3c71a6e382249d21f1aece3ad4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
100KB

MD5
fdf09c3c067041ffdefcc9e1bdea9718

SHA1
e31cf28187466b23af697eedc92c542589b6c148

SHA256
144754d90b3eaad27d8a11c86faadb24da4ddc251bead8e43b9ed515fafb84da

SHA512
9e32b294cfc17fd52fbdd62732571f4ee57dc0308d62af476331887d0e2446b483ceac06ba4617cfbb1c347d771c0f7ea12108bc384e93f69b180c7ca1a92268

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
438a0f346d5bbceeeaf3e3aeb90e44a4

SHA1
714f964f49cd6d9c09d6fa43a184505727bfdf14

SHA256
76ce9db8bb65c73229cfd72344aff8609ff4343810c4bdb9d6e2d7f3dd25dca9

SHA512
d06b75b6ebdefb10b51271989f9412a7d4ad90006bab98513ee526a43130e42ea2763505e830779fa7e2a8eb215c54b3ec9a0e454b25cd1e898c7cc00c6407f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
c4ffa845f3402dd0e06b82b1938b5c84

SHA1
ea88e78fc830a88c38f9dc9992d8d1764ee5a730

SHA256
b6ddf5f0f468725cd55b7b658de9ceabfa18be80550e8fb684527549557db72f

SHA512
772818f8327a2cab0b8a3ab951bcd7524ed57859fce242730f983e02534b5429f1b2bc2f3104309096a1946ca767bc4493f5618998bea90695733eb41bf06955

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
78fb2cc699acfda5adf56ce6a6c68792

SHA1
36947db88461d60390b7c19e088a5e6627cc8687

SHA256
df554c41aeb49f682630d187f8913e7dd51a4cf9b9582ce75e14e87af790cc34

SHA512
ac1035fd2287ed6b173ce8aef7d624ca5adb0acfa9f6586bbf5411db2e8382b76e38b9d817335fbc063243731c45795ac640bbc7eb12940cce52611a4e64f2b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
8abb30e6600c92a9484453b3c20a8e7d

SHA1
a996c8f01a50252c68088dee3a9506a2aad8766c

SHA256
539616c1f90c5e3209622530c64bff304d4c33a4f291cfcc85c3a6ae205f5db4

SHA512
1afc8da34009ab3a41faa524a8e09e62d8e1b1a8b6118e2aa038ddccb03b837eca7070c3b72fe74d48d0d53f88ba5442a1202a28a6a9eb1d15f5bac884d769a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
12KB

MD5
5fd05e36e542b59166cc9be9248290df

SHA1
4c056b6093068250d767ed3a16efdc072ad7abcc

SHA256
3f68b03cb554ead03d6842e63e1166ae343dc484013de32b904aea9b561a5596

SHA512
2ff217efac268f507a61a58e88d3d94b730121365c835b11424526a892ea5fd18508e61a3d83d300be5fc28759a8a09c0ef23f4332dcefefd93e2c4e374e8e34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
21ebee9d71048cece658426ee77deba6

SHA1
02a43fa413c9714e963b9db1ff8e3cffc5ae7b40

SHA256
ef74af4a9525e14c3737b7275ce1f66d6252a3e9f15aabe95f96281731041ab7

SHA512
10fac7cd630243e20c9faf902b6cd3bbab644d5ae502159b4ab4c39000568be292b843990c74042ef73b6c1015903524ce694b3a432f69844e1763dcae000350

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
13KB

MD5
c06ed5b9b78a68a1eba598dd5e00b014

SHA1
7050d190b0309547db55123f1f1ec17746ffa286

SHA256
e0be9f120e1fa6a7e39e335b3689b1ab9a1f69903505c992952372248112f1bf

SHA512
f089d693516a88947812df87057d22e9c8fd975fdf13f2de67a2fbb4261f8e1c03ea3b1b9c4c8a1ced94c18ef832b6575eb7bca167a3d81d138abe6de61179cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
41e3ce9313197dab52caa6471a011f97

SHA1
81bae7ed9badc0fc0a422a9afdb7c37af9e7e281

SHA256
893c27953e6a99bc6899f8a5c27285d3878ddce8cfe89ee377a1b04c82d473d1

SHA512
ec6d0a6e0ddf6894c6d02a47a365afa37af51f80869f5bdcc14d9ecb112c021a1e85dff0fd09f77ef9ee462cf1d3374e9f4185e16431e747399421974e575d62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
ab721b3167667cd75702a63f9c5464e8

SHA1
bb06ff53be49f38e3a83c616ae230e15aa376950

SHA256
be1cad526b614fc3e56488526cd93749f43845a49f0745b131dd12eb17728f16

SHA512
0fb9908db29490e0b9aa1260c31b80101df31b4205bc6b23bc39c5086b45919e0f1930cd5d52ba1cfe432110d0928dc0ddeb821fe6aba94b37b8e43cf9edab0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
25648a59969758fce48819b24cf10915

SHA1
2dd1e954831b62d775231e58d9aef72ba862e867

SHA256
a557b8459912ef6c07a8b088df56f373b46ed93ad975ffb18ef045ecefcaf4ac

SHA512
fbd557cc661379e2a6e442cc8cc6e8587c42bfdce52b295c0c8fda9b92074ac9a4cd2cccf6488141bfdbaea45a5cdcde870d397604d942a813208fee2ee316d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
d4ba48efbb26160909e1de77995a8efd

SHA1
ac9eae25dde4db5f1c5f2df3d030da9752b0573c

SHA256
815200cae50f035a24b684b38a00d5744b9f82262baee04ae0ee377fa25e208d

SHA512
04e2b1d004c1230c12ee90971625640c4e6bce5eac5ebddcbe110f51487443d606b808419e0eb3af31cfd1bae7719e76fe7fe350714aebab384e3aff7d6af6ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ab5ffe0921d986d23d812e655164ad65

SHA1
4fa47c0d873bca3b7949ecfe304c287f244bdb0a

SHA256
60cd460ea7ad091b7144215b51469414cc36abee7cb7adc229769f031d824975

SHA512
8fb20030150ff4c80144bfac3039d729868ac33bf43c8d362540f6bf720278c77c88d730f1251d2653c3578bb3b91e6467bdb3a39a8cd54661eb9c13e48474ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
f43e596e828771d86967afd3463ad680

SHA1
be8a6c3f017ce3832a32917d188e2d4f77f652fb

SHA256
40459848f87332014d48c9113978b270d362a17a6f39c7676bb26ac16559fd19

SHA512
0a3b9f8eaf1ed2014b148c62e01ca0f46a27fded7cbc08598df7682cf9c0690ed50ec70ab03a96dcd4fb4aa229d8dd8711199499df2dcdebdd008db935ec5652

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
22f5c35aa0e6873175210845787f5160

SHA1
8f484e098b87b5fe9773c542250eb6159bd2fe39

SHA256
05ff44b2e389fecdb471213fab71c02946432d1692cdd659fd8048b4dc4a36e1

SHA512
4be25587595f0820f711e400980c0cde339eec74b704eb0009455e59b7d45622d9c0527794864777cd5db4d1f042ef850ab693c7fe2b107a914610cc1a5a9f99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
b0c93195e53bad9c5d4e282fc840208a

SHA1
50662a5f3fd170c5d5505be7fc52e89987978402

SHA256
450c675a3ee73d2782d63d72ecdf0b1e537ea4090dd767cbcb60e6b34b182393

SHA512
456133ef128bb56b4d27c9671a86b7ae4efe025a86328993cc028d5d23fe59c3cebc087cd867eda136976bcd91a535cfde8d959d4386a10c10c59fd57e25fb76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
b373d28d2717ce809c7aa9bc6cbf000f

SHA1
ac0787d1e0f0e7656905fe95ba3f2ac9e93de068

SHA256
d96a40feb44d2d1c960d203fb268dfa605e46629817bd2ad8d264d0afc6978c5

SHA512
81e85930ad9e53aa3091cc2554ca7a376bdea875e4f07c30049ee87ec759513763a46c515dac3253c9d06319b1c002dc96539990d27602edfe8307dba8595cfc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
1c83ee6eb3d09d6565fbe788557172d5

SHA1
27dd8a3f9b6e6f434e22afed75f010a01721e3e7

SHA256
c6fa5689f0fcf6bc6775b8aba7248c1b75aac81ffe3b744ec8d3d7ea7fb92175

SHA512
76f0681fe89f7cbef2a5ba8d67fc850ec20c045f973f0cbf575a8b4a462510ef2786278a561aa9e5c5419cccd0f556696475b9d692ebebf3c70e6abdccae59b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
9313d999e391eabdc2043fa1b573d74a

SHA1
22e29c6f892e0dac0efd70dad1a3fd8ec0410f0d

SHA256
d2c9b95b206b24ad8298674a68c8a67ecfeac9beb6457de912bc58cec5f694bf

SHA512
410db253278b04c5d513c9eab7e817f27fa17cac87d9ac5a19a542cf6f0d5774f22e2c545085e630a995c779edac6b5a12de802b267589433e809012b64746f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
09ffdc502072781efe4bfb3b87d49f00

SHA1
a0f17b024e06e8b7ae557ce9c766620f48003e7c

SHA256
63b3de88a27e8e2d38c495b6cab0a3d4bb3d4853b539dd2458887dedd8545a12

SHA512
5ad40d54a74659d78509448b838327c985a1589caaef696999be3b946d3e55a38f33a36bb7f9badc5e97a8ff258b98a0556d22fa31c7fbaeb8c2eaa5837c8cbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f2dad38169d05722c10701fe7ebccb79

SHA1
32deef2675cd6cab0b76f00059b7f67769ae7807

SHA256
65035c5f673d40b98c24714d27b54aafe93f8ccd83f2df4f445b6511366abaf5

SHA512
a5ac3ba7f3e5068bc713311b7c4c957bc3b86cc7cf35fda12ddd4fce7bf02cad13de2409d8a770c4fea2e058f05d3372528af5c6e196d2453889fe6caa527b93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
57f421f73655a611451c9902b41caf51

SHA1
f12f76bd8be99b8387ec2c167a177234886bcf23

SHA256
b34a1fc9fe2ebe2bc4db29d896bceee860123969a8c1554682a0d8341aa753c3

SHA512
4ca96cf60d1faaf49ef6b44ce08de1fc39abf57d9ce847badfa6fe21a507c2afc3184a0120a2ae4db13b3acb21eb6f450b8642abab540c9047ffbcd10ab740fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d418c2e4ca9425564c32900a4d455427

SHA1
68af6c803f0c8d00a906652e492997f1ee65d5f3

SHA256
ff768e5558e6cbe66e0b15565274552a8fbcfba5e7dbf47149eb23d6f2760794

SHA512
b58f3338effe6dd562921ce642db8af5acd48bfd8d2cfeca994e77ea1cbe6426b6de53b5cb644e7c00dcd51520154a01890fefc28430fc29aa3e4ff84d663b0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
320af08cfbe6ba5a8dce37a459a004d7

SHA1
836778058c9c29efa486c386de97fafd0e65d7da

SHA256
4fd67f5b145c2aa534ab78e7611caabcdf7c93770cc29469a871bf090da9833b

SHA512
c860fed1f93b55bd395924622084533bc766dc1d93ba981cf369cf7c0a4a0e6b081056831f06b804b32a80da9f4082b7fe380cba5e9cf81691b44bf378b3dc40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7148624741c2ec217873de5e524a0f61

SHA1
9d20a129c02c20571acd1eaac51235cae293aef7

SHA256
f466cea249b2d18b6a4e8a01906cde7c0e0557172c3536973a7c76c69987a6c5

SHA512
128d8cb562de60f3e1c0658d55190f75a4ff818f30804adb9ed0cf585fffa39060f26a73211a4e5a0c62c91b4a28e73615254db02a641c57bdc061dd961f8cf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
dafbd2a9660981a4ecf6bbf2f95e417c

SHA1
a3587c4adec71fdb0178a5abbf27dbe3f7d42e78

SHA256
63bafd20161cfba5eabc1e4917b3ba20ce1a50f7f483fedbb04517d0369bf4a2

SHA512
8e544a01caa88e5929dc89c7270ea74f3e7c75421567fa760ca0d266933befa7018b9bd237a87464be230583d0f7b2473c0a5f2b1426b9a82dd285961ab3a33c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0cad305b7daa432af9b7e8d2f8fcbd0e

SHA1
08d94f20951247019188245382615f663d766c4b

SHA256
4e32f79257fbb705ef5669ed871f6d4e1e70b6654afa92d1e830d6bb1a3ef749

SHA512
9c7421e0bfec225c5de31b66aee9d3e5608ee94f0788a489e37b12ddeac0394b39a2d7a0724edd7dd66415238ab2d5471277e8639ec8a6be3d5a9b3119c5013f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2a8a69c8fee2b2c3c0a9aedd6945044b

SHA1
7c2474ecbfd3a0811e2b80a0fcd312d7450b72ce

SHA256
2c0b471f79c9afb1ccc22300f77dce4bc8be7131bf2c2cb727b6962970beaf2f

SHA512
9c3ef62ff3363a8ba3a4517a37c0a207f28ef7995273be5e05550ed8d529295592d3ef464e242ed5c1cc2c27ea0d0ee9252bd118e1a9a4186b2ed2e9b0f481ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dbc0828e8cd2f771e599254a350d6399

SHA1
e889cc98a81f62a165a69579dfc0fd70014f90ad

SHA256
d1e24241ac4a80e21f405b04cd0af6ab550eea2cd2ab4537777593b6756fb53a

SHA512
4adbf3023f536021388f2316f16d8d5766496c3b6e672fffa9a1c2a9328caeb73ae385b54aee4ed0fafb8de7e0a86c91c2374d9ac433b6a83697997af9dbba4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
74ad5c9e77f89de5f67ef0ae4e66dadf

SHA1
4a1385db2b85318e16af86e6dc5264305b4fe934

SHA256
f82815a33d7fb58197d8fa0e7cc38ff870feb760b36a54fb333967d3e837a269

SHA512
f7693f9d5bc57568fad696d64dc227796bf63aec366708376dcd7bc02cd9c7034e5dcea2ba181d37e1b3bc94fc802532fddeb43c9fc1e2d0e21f7c948fc3945b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
67c79b12b3c0332069777cc1ef315e97

SHA1
036ccec5dcd54ba7ec2545af2e18cf0bfa5c2719

SHA256
7279e15bb282ee69f61ab4dff48a8a188f4ef463a8c10d3478cdb030729f40e2

SHA512
7fbf88eb7b5a0820141f252f0b7e2d48312292db7b414efda860a788c8807d32a823443285640cb4befb7fbb741aee53ed9668abf8218512171cd114e2b7c1e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a7e1eb99f9cc25e19367708dd5d9545a

SHA1
2c3c19a42334e26744bea67045015d52ff70f830

SHA256
5eb4b3d0d2cdd623889f44865cc97a166220aaa78e050864dcbb5b19c2eb7938

SHA512
38cf535e1258de748287b316be52c3a06ddc942175e677f7825ae705cb9a4471d29419c9e503ae1df6b3c473dea50f963c5811f1eb1fa446759b1fcfd650c9f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ca64b427396009b0e26f852f3ec8e962

SHA1
97e51e1d435a9f657dc9de5b3d1b888023424e77

SHA256
4c8de285812bc04c42f6194a0ce7a66641a811be1755dea61a197f614dcd5841

SHA512
af88c265b8f7d1a53237431db06747b05da4588322dd2f15cb2615cdcaa316c4a4d85364bb4e5cbb001ec3efb9bd9b515f64e874bb0188290f3b5bfb73ba6dd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3efad81ba48efe28b663e1e32fa1b51b

SHA1
e24167c60831f2f5e4ad89d3aa64e8443fe0e7f5

SHA256
fb874fd53cfb29534a1017b64edf5398d3d29040abfad29c4a7fa95c3894c767

SHA512
1f8fddfeebc3418258f238aae286a8f16ea210817c6bb7e9be173c31f2ad2f363d00ac181bc335a0caa83be8340e50638110adee2f3fe600e235ebdfa8e33cd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cad633a4ca4345f9a3baa298f7fea9ac

SHA1
2679cc7c42668b41948e8c9c42abeae81850cd7f

SHA256
589a76f802182437a956fe61961ff57a805e50ce9a94d187dc1dff383582efde

SHA512
ffa751a91a7447ee0b3713180891ea11c050331245311a89b5487d5f10cd790d2be044a2ac344c17d919952c1adff07a8aa105f9379ee5b381b4fab7c4c3f679

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1c859151480d859175655a79d78852d6

SHA1
00f5bed54f46989b0c69c5899bf8dd60cab5f0b3

SHA256
eb7dffe8ca52486f044a9f2800bfe775cee429de1a291ebfc4ae715882c94dc8

SHA512
636a37b818ae0b34f3bb9beaea64c1507c8be7375021dcc7361867d660d70609a9b5a1198b60f013a6ac9698c3663a304f7d620f531e430a4a3557977a6a55aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6be0b22d1ec7ccc02e40c9c8693374ed

SHA1
ed08caf5d590294a2089b84e3a5a5a9d398ea3f9

SHA256
6ef7634fb2011ffc242552b92e1175364e94d467d4a73b2f08bb97f7a16dd85b

SHA512
af6022a847a50b5386a41cb3e333b28ae0778041f6be78d179c039f08f672596f0f3edaa13cdd7bef9c99a2c30c007dda21be16e530cc0761e982d04c11e794a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
2f011719699c8aba7fa27ea4e3bf4c0e

SHA1
08fefdb6f3190319b4de954a03fa074ef02c0cf7

SHA256
e538c9e6d46e3c2c3c05f662b14adef14250e88bdd21bd027fb8ce267cf7067b

SHA512
a5f5f2d47aaa385b2443eb60afef4526145b9f6c87c056a8adfff6bb5f37169871ef5580faf6b7666a280d6a8f10ab89fe32a0e95aef117bc3aa9690e05ea515

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
4101618114ce07c75ea00ce7ecf8e315

SHA1
132da4511777305fb7185b2185635dbdba5b5cd8

SHA256
e9027f801574ed21aecf9e697292bd8d6d7982c9926490b792af6718a8ee6e4e

SHA512
b38276880cab5750553579af943f562550f864474d50c47ef47377cfe9c4b64ef349c080a6c29bf79e024dbec19f8a048ad54cdc12f6b84630ff2ce8b2f14e9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
5e19247254fe075e59db95d5500b2f83

SHA1
84603fc81b8329d518b3274c22c9043b0dd44bc0

SHA256
cea13ac6ec66f79cfa9c9bff5a455e1a89771a4d48117b927b2a501c587f73a8

SHA512
7122113c48616a6614e1c628083a0e85cf0c343884f9680fff7e0d720883f532be5bbf8ff63b4ebe32c3257d490e3c1b49e6833492283982c9743fe474f3c147

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\activity-stream.discovery_stream.json

Filesize
32KB

MD5
a54e80b507b72fa403982d5fad5e8b7e

SHA1
81229125d3e3e41f43a84f726f3519c945c041f2

SHA256
5e7263511e85ba7a0ffde23ba05d41dee5cfebfc353d8c0e04751162798a66a3

SHA512
0e4b633dad3f97af6ec73a2361159ff7d3e8ca1b88815610c2011bdc2e770dc5e76ed1facc47fdcf47c84608afbc7afc63fd1d2a1ae359f71c1936d5d3d8aa6a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\cache2\entries\76E7147E90F950CD5C9FEF108FF5987AED18E9F2

Filesize
60KB

MD5
c38892f68800065b2dc33b7447f16a2e

SHA1
17038c74c6575ba245fd25e17cf74063e54093a1

SHA256
4ef5bbd6e5702e5506a8a081628540d5c212ee23c1aca3f94db000a8f9b3c67f

SHA512
0f5c65dc4b450f0fb2a0922164249faa022481af036017e9ab5a5496112ddc8d761ee7b0737a27cb7253ddc26964d758c408f780053f249020a6f6784fefde42

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\cache2\entries\8999BC8CB7B8114B87D8185D8CE1BBF1E6377016

Filesize
219KB

MD5
028d9e2c52a2ecdb0553c0540fbae5d8

SHA1
0b8541b9750ce59ff350791e580a2e93220c905a

SHA256
9ca38609b0b85ae6ee188e6c288a4ec9975655060176e8c139b1f34156964834

SHA512
5b57c85fe1360cc8945eafc782ae51ba71cae39a6af45e7624d5cc7fcdff47c3848bc339e9ecedac09bdcd4339c9ce1950d4d0647df37e94d60c9f3af4d24b97

Download Submit
C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\3191d6165056c1d4283c23bc0b6a0785

Filesize
5.5MB

MD5
3191d6165056c1d4283c23bc0b6a0785

SHA1
d072084d2cac90facdf6ee9363c71a79ff001016

SHA256
cbd127eca5601ef7b8f7bec72e73cf7ae1386696c68af83a252c947559513791

SHA512
ac0fa1c6e8192395ec54f301bc9294c2a13cb50698d79d1ca32db9d4deb4852e7607032733d721bc5c9fd8d1ce5610dd73b30b66e0302141377f263a3b7fa0f3

Download Submit
C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\576e1c153e9a4c8db9cb845a7679bfcc

Filesize
5.9MB

MD5
576e1c153e9a4c8db9cb845a7679bfcc

SHA1
7fa5235289c1eb038774cdcf30be21cb72771201

SHA256
da54941bc273cb5ea3c50a3df7983f6560114d0e9f6fe196a2077e3810f561dd

SHA512
a4d956c4c860ba9b652647c4fd94ba0a617d1ec3436a8fe267292d36b38805acc4f484aa65e9c45e20c10536365a13645d25acbdc4c23e7506829a6f603820af

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\013VBACNVSB53KEL1JH8.temp

Filesize
21KB

MD5
40237e10fc0013bad6ebe5e83aea06bf

SHA1
44a401e271d655363a9169109ab537843f556556

SHA256
77ce536e228740adfbabebb214c0fd0dec8b9253d8f5c48d3658bd846ad58b72

SHA512
e1849900b89c8d13942920138fd590056f369fcd9499a546463444eda6ec17e6a7d6bf0abc502327d07467deae2e684d4d27174dbc2839a465ed7d0d07676949

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\AlternateServices.bin

Filesize
15KB

MD5
12626813a3cdf36ae2e80a2b522a7f7a

SHA1
a564f1f1df1a1e3c3b4e3c8fe43df411bad8d039

SHA256
4da6f8dd103b9f9c8608088640bca85ad0c245b6e2685e2cf7033cb30f7b1959

SHA512
cc9e36627ae9b78f51d55823143ec5646a03ee9c21e49d9da754f3bf6c110a2a696074feb462229193b07b73a1db777b6c35fb5c691fa81d7f795388a95679c6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\AlternateServices.bin

Filesize
66KB

MD5
ea05c4cb26e7228a48cb74818fe892bb

SHA1
d2620a61f6b0ec0d2982ab7368a501a07db885b2

SHA256
4ce6b89be9ca00a84de330beb1f29ff8fd7c6b98e6e11e6f940780509a87f678

SHA512
8dc2605d4e1d24b8963307bf935a2b8df11323bc80f20f13257962c87be1a8d20a27a298b1047b9205565b94927ecb0a94a28a2c79a432283f671d29792e9628

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
36ec5572382526b7107313b6da2ea45a

SHA1
b25ecc428fc9da45a672a9bf8a39ee4ecfa1cfda

SHA256
1918549dc46a6427e02dfc45aa4cd7e40bbdd279c371d5ba808bcbc16e47da59

SHA512
0b5c5720082854aecd90746a658cc18c02a04595434f52f09e369d38602b1a38aa2ad7ce7f03a23de466341ce684a8cb6ea3981fc697c06fed5c9fb2c348c067

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
33aaf73533281de38594e3474b386f89

SHA1
d150ff1b3c62d4e83f6eed306b5a81857322256a

SHA256
a96c9000514cbd11a86eeb680e819b4cec9b999e9e6868a9b80c570e31e868c6

SHA512
8d54d61026e35c64025b781e17df59d8c7cb0152e6b6036b25b9769ce4f22f41ba56f89be6ac361541f714fdbe045db934bb53d1aa25fa729a2e1b07d0f078b2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
70KB

MD5
ee524cc2bec1ca6279070757f5178701

SHA1
45b9e5dfe82fb11b9c49b9e6ce72a0bd8d2c0696

SHA256
9061e494438d32188278b884824036ee8fb9e72192cd69c1c692b62c6b28aa46

SHA512
1c634a5adae9202f19f2fd26e7ac4c418b9e47079e2e0d7b9c482bcdee2e4faf10358167f8ad12f07a53269195153d0d2e40533bb94e64184d8369d18d95a002

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
70KB

MD5
463fcb6efba57b63b2921eaa63c96f8b

SHA1
8fec396de81d82a5f44f06346a32907b0e8a4405

SHA256
6904a614d5d70dc9208bf58067428ec7dcc18eb2e4e4528b5d30445ff04aafdf

SHA512
c9d934bb3b350b59ed89bfc540fcb8d096a0227518f2737295460d7185543e4dc874cbac22311b47366d5eaf91b06a7aab199e7ca30786db3567cb8360faa9c9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
44KB

MD5
09271932155293be9dcc68bc11431fb8

SHA1
edda5abc5aa5cfbc4ea88d821dc7dffb4001ec14

SHA256
144d60b2f16e6236a2f777877605ecc4316e3995b82de5267bbaf5075c99f916

SHA512
b00105de0036b85914b80f4c1cbe8f32403fddb4b3c15234eb9b39381b529a154672e1dabd7e924dac289a4291c4e67dc1f97059c9f77663081c075b38c34f55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
233aea3bee46650056bae69b4be39a3b

SHA1
80cec40cb5d95532fec373000f3053ff4c5dbbb5

SHA256
8fbd2e30b79134390f379f96b8e9e1d13966b36ca634b7efa9cb1c73004253ae

SHA512
c40025cb25058d83f964e49b6b557446ef30cbfca9d0c6ec98927f8ba778b73550583b83c62c34bf4caf4518e84f119770c3e35cae26f058550368f629dfb3d9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\pending_pings\46bab7dd-a0d0-4356-9b8c-204c15d55b9c

Filesize
19KB

MD5
fb5b77d37969d476ddce42e92953c65d

SHA1
5c60893ece0b5a191cabb474bb918f3227252fd3

SHA256
c0fc165e090012a6cd4acefe3d12ce6d2586d97f689cb943a21329a3b1ae4c49

SHA512
62b152a42b28d59b8cd880d0808404787ffd65cc8b1719993730fdc04b866acacb772d9b671418d1be8d5b19d4039d6857a09cb01c0b4bad484c0863273c7709

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\pending_pings\5ebd9e0e-0ea2-4767-9189-bd477eca2b99

Filesize
671B

MD5
9ecf0ad9341940021c142c4dfc51c9b0

SHA1
45a2e98e5b379acac537ba2f395231beef2dbcee

SHA256
56bff9d7e6bfd6279ddc2efc33eeef545f616ea33dd71772b59ad4cb73adb69e

SHA512
d84d85b16624e4337625d2c600a0e468ea47f798894fa15aedb2125ce52bc3c63e392babd3a62441ed0e65fd7430eff67282b636f1694594a97b0864409c78b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\pending_pings\79b1c2fb-8c53-43d0-805b-bb8ec345a749

Filesize
846B

MD5
299d162c6be2f2bbbe7d9f477185c87f

SHA1
144b465bf25006813e05e35c77db20f0f074450c

SHA256
10394d80fbaf851173cff2ac58f5ab08462574a8a10f228326d77216808b5a6b

SHA512
0499c1107f6f86124562fbf067883e2babd7ffacbbe3442658ba4e3428eeeb3c9392cd623ed2fd32845d2608bac1cc588e5c2553ad5a3b52cd11b903185f83c6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\pending_pings\88fa7202-626a-4011-ae48-d7c7b32795bd

Filesize
28KB

MD5
d9c0f3bf2e04a1f6c93709dc337ffd3e

SHA1
625339e2cca26946c4c595465a724238fa1b0450

SHA256
2ec7cfab9770bfc3bffede5d96e66401ebe7cdee30da233d07cc335af4cacbe0

SHA512
3099bddc9fcbb8aed6d7b2bda24dada83d3081b1977f0d6d25d91f03be3ab0052cdb1d3569ad4ed4ec4f07526091515ade523d97d7f099e9ea76dda786c249cb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\pending_pings\afcd731f-52fd-4032-9a9c-e5b0932d1985

Filesize
982B

MD5
230bf8059d1f1e8d71459d8b2c23254a

SHA1
485eb43f52eaf7efd77d33c1b4a57d069bd82f0b

SHA256
9777cfdbd5d7783f77b30cbffb371f78378fb140aef7721859bded6e168728b4

SHA512
76f3b645ae4a8904747f5c048e4070de9c24ffd10c2cb51c6a4c4dd8f5e9135c4c64c7d0d5689c7b51f701a418b1af8ff7dd6e2265d53e215e80aed2f62bceb3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\pending_pings\c409ad1b-f02d-4b7f-8180-f423d6e0c823

Filesize
1KB

MD5
7f16b4f9f58d250f1a19fe1f28d21be7

SHA1
9feb761808395cf564c198b602aa3de07413ce9d

SHA256
1e624973f04d6daa53453c7408f43cae6d77f055a3f015a16dd0a4a46bbcefe5

SHA512
c25dd925f88baf441ce9a1dcb9f09ab501069f93d351e6b7373762146c484cba0317a6cc816a59862eaca107f9f1d6f7017aba6276c6faea0350f177b408d21d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\prefs-1.js

Filesize
11KB

MD5
f7ba04a0031c12264658086b3dc2df20

SHA1
3fce7b50075d700cf28b7f8cd8eb7cbece586d95

SHA256
0dac00b3550e702b5e216e22ef33c5fbaa08bbc9bc7a2681f8f27a6646844f65

SHA512
53c715282de7d93d073b7994dff0b2dffbe290fa6bbe72611c767aa9c056c73479c3ad5f5fc0ede83dffbaff114db03a310cc6510bef439b2772bee9407832cd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\prefs-1.js

Filesize
12KB

MD5
6fb63c6b0a9afdef8648b15f024b64e0

SHA1
6bfd6877695418060cabf5ab7d48c22ba6164caa

SHA256
64d1b14c41acee0b218de286c27a79dbe1acedae935694302c843838b56025fa

SHA512
10898dd790635c49a081e0fa867f79692d873130e5989c584225d2cdeb781e2af1e811b4269505f1710956a5c801bfd216defc6ae6146b9ec94e8e0d840789a9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\prefs.js

Filesize
11KB

MD5
93e427507d6c3a7955c7517050abb7c8

SHA1
3057142636da7301a0d225a7a0e111b41a7f8c7b

SHA256
6456cd5b5248eb32be2da2aa02b33ecc4b1177ffa4af76e860c062eba90dc691

SHA512
f8241542ad7bc0798693950805c7797202d025ff558cc7a08047075d6dfd14b0a74b7c1d53f17e81659d1d4d81726c19cd5aff476814bd446dc4df03e5610588

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\prefs.js

Filesize
11KB

MD5
6e5cd40d77f3e844b799c8913ddfe2ff

SHA1
605f73d2c9efa77e001d269df3958a9265beb83e

SHA256
145fba9ce8d675cd3f65f7d061a3731f30b11bf41ebfb0ff4b4ec09853fb9040

SHA512
80f4abf493ef09b2e8a1ecec21254f3b246c267a2fcc91b2f58661bc62bde4362ac90b0fdfddc9d24c4b842d2c9f608266e53a15dace6546b0f474d110ff9d59

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\sessionstore-backups\recovery.baklz4

Filesize
9KB

MD5
28bdc8a30f247d9410f0b53d23608706

SHA1
23a89769709572eb88e36454ee37233d8e2223f0

SHA256
0221d8e10d14569a8382afe7e600df59c93f8689272f50b4056e7576725bd174

SHA512
2095c8484cf22daae7d44ebd32bad5fb9271444cb8a411e9cb1a362719015091d1b43011066472883657071d961a8bc66c550495a83632cc5eb1d94b9cf156aa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\sessionstore-backups\recovery.baklz4

Filesize
7KB

MD5
8286b35df21481e4f32882506afb5dbf

SHA1
a0362976611c7dcb207941e751848ffa29b24933

SHA256
2dfe4fede97cc535468831503fceb9dd2db6b7091a9848eb8137f88476a25a3b

SHA512
665d7e48249a901a1f4f9443ff6482cb316409b6c5e5cf27fbc9cd57ff13dcd1ad9c1ffddc3f533143a5fb585e9c0aac3fbe8a134ddc2c6a20e7900abdcf1f66

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\sessionstore-backups\recovery.baklz4

Filesize
7KB

MD5
02f2e13293464524f056de5e3f62042b

SHA1
7cac0bda1af74f9c61aa906153de8b92e5e752a0

SHA256
750d7a4f3182640d62477d638073d54f919d99925110a110903ddf68489e77d7

SHA512
ec0ea5b50420bb2535acdbb4b331ede344f2197184e70554939dc7d6f601a30bb165812b1332be5fc160d7b39c2be12e22552440341e9272ab950bca9bc13526

Download Submit
C:\Users\Admin\Downloads\Nyx\CefSharp.Core.Runtime.dll

Filesize
1.3MB

MD5
41571881b1113b2813d80a8fd063fd18

SHA1
8e01d0f9daf636979b09cf3f3bf7235de1be3c81

SHA256
e3a9a58317217393ba110b1fd1a7f39c0fb819ce96d425e5d1220e200420938c

SHA512
b74c0f0cbe46e9902bd19041fb2f7ded7b1849c790837f29eab250392e612d1fc42767847cb39a2d94fcbf8d528e0ccf25a445d42b26379aaa8de823a1cd0b9b

Download Submit
C:\Users\Admin\Downloads\Nyx\D3DCOMPILER_47.dll

Filesize
3.9MB

MD5
08ac37f455e0640c0250936090fe91b6

SHA1
7a91992d739448bc89e9f37a6b7efeb736efc43d

SHA256
2438b520ac961e38c5852779103734be373ee2b6d1e5a7a5d49248b52acc7c4d

SHA512
35a118f62b21160b0e7a92c7b9305da708c5cbd3491a724da330e3fc147dde2ca494387866c4e835f8e729b89ee0903fd1b479fcc75b9e516df8b86a2f1364c8

Download Submit
C:\Users\Admin\Downloads\Nyx\Nyx.exe

Filesize
4.8MB

MD5
b4c616bcce873d8e67c00a7b1f15a667

SHA1
c5b0ae8ce1c0ece6ffac2c31b0f12278342bfd0a

SHA256
1018285114db243522e06ba1f62d6fa6b2ced1aae5daeaba493426872ef264ea

SHA512
330e65e639d341ad4cd45f908509a99a0e2cc77f90d60d17079616183d2bc0794c96b5bf53446235c88c6cd6a8bd78b20b3a7789a8ebc05ec443dcf41cadfeaf

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\CefSharp.BrowserSubprocess.exe

Filesize
7KB

MD5
497798e81da92b6df18118d863cd75d7

SHA1
9cab39bf70b870dcc3db3636db05a7662ec60cc1

SHA256
d9603f57e2ba3fff744a4965a3283b55423db63c35a6758c655337c493f42395

SHA512
de9097cddab74a67e358280d1663a4164a45d55186e39ac619c27cc61159c90e1e00e1153c3847301055fc3f9f462d884869edc3437688c68d14d9e369963a25

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache\CertificateRevocation\9015\crl-set

Filesize
21KB

MD5
8a19a852abfe13cbc46846b4f175f0bf

SHA1
e99931868f315e68f66c4970830564a326805eba

SHA256
741b14a51fb5043f068ea3fc6a20bff0fc5fc35c65832406ae9aa463f8273668

SHA512
e404966955c5096496bf1e918d0578b99bbd7f815f6ebba03dc5a88e91aa3f3af3172104a8c2c99766b37961944ab1042704a216e4998fb1cb25744df7c8eb1b

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache\Crowd Deny\2023.11.29.1201\Preload Data

Filesize
12KB

MD5
aa3ef996bce08a9c34fe513d078d1ee3

SHA1
21688d164d442d37fd5471e13b41b1d216f88d37

SHA256
09d2155be71880356a993fabacc2ce01f4fbab99497ec157b53a094b8927c039

SHA512
285c85ca55fa54a1a12c47909b8575e8388570a76f238dc75aedece12e58dc0a3fe15edeffc41af14bb7944a0682de76f0ee0d6502d15973f8d9b1c5b2f828bd

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache\Default\7ffc3578-f206-40ab-bcb7-09247db87224.tmp

Filesize
38B

MD5
3433ccf3e03fc35b634cd0627833b0ad

SHA1
789a43382e88905d6eb739ada3a8ba8c479ede02

SHA256
f7d5893372edaa08377cb270a99842a9c758b447b7b57c52a7b1158c0c202e6d

SHA512
21a29f0ef89fec310701dcad191ea4ab670edc0fc161496f7542f707b5b9ce619eb8b709a52073052b0f705d657e03a45be7560c80909e92ae7d5939ce688e9c

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache\Default\Affiliation Database

Filesize
52KB

MD5
3a5a1b5681601d04c79f16f740244039

SHA1
c7c2f00345ad16077dfa5908c2d00a37025dee30

SHA256
5b038cef519b60bb378ceaad1ea0a101be111c74613cba63fc7f76625b4f72c7

SHA512
e8ccb322e60fc7107482d809b0d2cbc81bf76517a2b55fc0b690ab57da0177b88d7481b7645a200d085af255bbd469a44289965f06c9d90a4eec20ee8fa6afbe

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache\Default\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache\Default\DawnWebGPUCache\data_1

Filesize
264KB

MD5
46a8565b777f2561d3ac549c903b8b21

SHA1
a59060a61d9f161ac8788a57e6492b43ed007236

SHA256
dd370f7cee09e4edc2290ec507432db444c02c9a034e8ba6ca0659f9f6a59774

SHA512
612ca84425e8b54a4171af5c5d6017afcf173567ed97f389e6b9dba82d0738ac805b2aadbc980574b9a7ed1314292489b51337bdacd377a535fdfefcbc241ab3

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache\Default\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache\Default\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache\Default\Extension Rules\000003.log

Filesize
228B

MD5
af1d95e1f9eb485393273b25446e1ae5

SHA1
1d762c96b1c38ba6a849a5b76d12fac636b8d780

SHA256
48d535bb330519c00d150578734c6cecb056c4b5cdd2a45c70590bc896d27d9f

SHA512
826d207edd55401e1c13249350814adbb3ab00a135c46b8da8bb7267751c70580f183982cccbc1e47bf3e3f433f20ba1d2f2afd601fcb67b635c0e7429558165

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache\Default\Extension Rules\LOG

Filesize
360B

MD5
27be9a62f647fa50f4cbefe8a9e29e86

SHA1
8a8ee1bbced5455c7ee4b6c9059ec6177a818d02

SHA256
aa7792f4581cd61374e30b0e45ee67521840353213e701341fdf8445b81ec222

SHA512
c70795297d5ae9e7025501201e67f4f899194e682cbb2b2b505b4204b63997b6463654e95d8ec86c823469f56ebd1ea84d1949065cb2f2483451ed82aba61721

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache\Default\Extension Rules\LOG.old

Filesize
319B

MD5
a24f420537ab3575729ce6582bd18153

SHA1
8299406f46cdbb4d8bbd584166d374582aeb792d

SHA256
5d7bfd010a3ffc3dae07df358046db41d0e6d31cbd11fd4bf1bc771bce4155ca

SHA512
8a24f435cdf660b8c8dd9e9b35fd152c0053c34ff337c94273b905ba5f7b1629be77968f773baa99b237ba12e249a3676ba4cee144245de9be1884f6f0d71284

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache\Default\Extension Scripts\000003.log

Filesize
114B

MD5
891a884b9fa2bff4519f5f56d2a25d62

SHA1
b54a3c12ee78510cb269fb1d863047dd8f571dea

SHA256
e2610960c3757d1757f206c7b84378efa22d86dcf161a98096a5f0e56e1a367e

SHA512
cd50c3ee4dfb9c4ec051b20dd1e148a5015457ee0c1a29fff482e62291b32097b07a069db62951b32f209fd118fd77a46b8e8cc92da3eaae6110735d126a90ee

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache\Default\Extension Scripts\LOG

Filesize
364B

MD5
793c189fe9eeedc97ea2795f5a0e7d44

SHA1
72a41e0d2421484d47d624cf2627fef8520f85db

SHA256
ac1eff570b6db4673225d405d6cd2fda04bf8d582c036757e42db767aa5c46dd

SHA512
99a7d2e235c60f39ac71d3838a218a14cefb86901c9aab324a3571bd756d093ee54986133945382f6324bf5189de192c2dfb424ca640008117064eda41ce261f

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache\Default\Extension Scripts\LOG.old

Filesize
323B

MD5
411704d0fee35834c6c8d548cb1ecf0a

SHA1
33c2c42a2378e806425e238f04806b583ae3800d

SHA256
52e18f726e526392fc21c9371e4a0eb6c4f06e049bac47618ca01095699c008d

SHA512
88c7a5c1b8f204e627a40bb828e376b10051ef56c0e0b9bd66ff8af4c470d6d966e8b43c7d7133b7025390152dca81143c22f0077631337779c71d563eb22ba7

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache\Default\Extension State\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache\Default\Extension State\LOG

Filesize
360B

MD5
69e58ed98c7a4858e6f8be64f625f8a9

SHA1
6a371ef004dd19c96506bbccd5bdef2cda6980e8

SHA256
59dacf9cb14e23f88d8ddfb6379f1e7ed46ed35360cabb73705bc8430b87d0ce

SHA512
26729e03e617c035960692f6217ccbdba2f4fe2cc6aa3e2dd0be94522733928932ffced62501c8d140cd48df6c4aca61aa496d37bb5dfff636571b5befff3d6e

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache\Default\Extension State\LOG.old

Filesize
360B

MD5
63d8a362d778f63cad5629a1f96ab766

SHA1
5fdeb73e6198628f9b31c7e122fc8e58ccbc860e

SHA256
d9b9d5198c2a57ef08c162d0fc9363215307a612aef8f9fe133ac6472fc8cf72

SHA512
6cef6e5798603bfca199f8ddcf0f6d357b83d220833f65c3224b86c888ce53bc68e5dcee520f45f03ac646a7204e5469f63cb48cf524cb19b31b0a32f888eeb1

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache\Default\Favicons

Filesize
20KB

MD5
5cdda88f9acbfd47b1d204e1f667f718

SHA1
38c98603e0ffb54ec103988803240831c609c1c9

SHA256
513edd15673066ad238ea11267aeeeb618959b5a974197243fc6b385ef7bb329

SHA512
dc0a73219d9b4d978f5a91bcb7a3fe629d6f7bc6e69097d0e1531a70e98f3d8e15f73347e92d7ed21f649e831a65b9af331647888d698a65d6ef21630fc533cf

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache\Default\History

Filesize
160KB

MD5
653369addc4c6860d95dad7a4fa979bf

SHA1
0b9ecbe818226eebe81e223ee9f1ac7bce593cc0

SHA256
a670e732fbe5d18a41fd220ced2e59b5b894ac90dc017263d90c9253a27e4824

SHA512
82bdf16e6f884a3f638b0457866841543124fc330ed7b1c27fc2c8f098df5c739c692f562e6da40ccac920e81b5c5f321512f1a94296f8ccb465e07212f34b7f

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache\Default\Login Data

Filesize
40KB

MD5
cd6917cc36422aed5e2a20a1132943db

SHA1
481f964fc0721a3338a3a9a1f6ceb7d6b27b231c

SHA256
0ace9ff85bc53be1debb74c7f6a767babfef479921cbc174496e701afd2239a9

SHA512
20e82cc32641275828acd5bf5ab2ef5f760414b9b77fcd2e9afea76df47615259ac7ba1d58f8a8f341f1492ceadcc3c98243bdb19d5b83d97674e7a238e48272

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache\Default\Network\045a8ba3-1ec8-4de9-a23f-06eaf7963139.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache\Default\Network\1f7fe0f1-5f5c-4ccd-947e-0c24493b77e4.tmp

Filesize
908B

MD5
d0ccbad1d4061a284e74fa4533c61cf2

SHA1
315b030c852ecdfa881744da642e1b5c267c9209

SHA256
b031cf9a48a2ba57667b168629ebcb88fc9cc2b7f4f241d36fe08bd78f7f1503

SHA512
c40c97649bdbd9d5cb7abcd6dae8f14294136765d3e891ee7abeaf2fb470181f8050316c6fe0d2c19b7687461187da22b58c1aa9076c3148b75455c323669831

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache\Default\Network\Network Persistent State

Filesize
908B

MD5
e6464133403621c1d491ee4a06200af2

SHA1
ba232bba19c94252fe863066346503a5fccf5eaa

SHA256
c76171d3d148ded08c2dd35058ec069e82ee5f0285fa832359143d8880a91509

SHA512
ec7657081e7924abb96ee77706c3efd8503a1cc87c17b7fd7fc310d933014ccbc46afd29b94af7c33b1fc1178ce2c5ba1351d410899d7e746479c496f9b94a6c

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache\Default\Network\TransportSecurity

Filesize
355B

MD5
d77f477e60d270cca25ff49a6c294a76

SHA1
c91751e435d9b1ba7b03e428603aa588eaeded30

SHA256
46db18c3e6e01c4a10be35511c4f8bd37a5f1766aa60e736ea4415c99d0cdcb6

SHA512
0dd74d331af7e77541a8ac1f82dfa4f48b97ef5bea37db9d866b5478d9905d23d7f2498738db3b59148d35cbac2ad7b4a85b60c00449d235a9733f863644f245

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache\Default\Network\TransportSecurity

Filesize
355B

MD5
8fff32ade8d9b8757532e0e2e11fde43

SHA1
224d0f7a38f6e4aff5ce41ce5ddbbae6e4bca5eb

SHA256
1dd6ae10099ca25dbc0e55711dbd18c37796c4458b50b6f8732a84802b7b5bd8

SHA512
8fa7e95b943680469df5e2d2122962d0525b792f555205652be8176f8fa8d432169cd420646fbfb764e0a2ddf799990289a4aab3abe871fc8c133add1b56fe07

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache\Default\Network\TransportSecurity

Filesize
355B

MD5
c292e0bed0e09c40b07ee518b17c4f5f

SHA1
9128bc9f2faa99164e74783e322ca86f01af98a8

SHA256
d30829030da4847d5296b842f97ceda9ce1e717e0a85d506edb5ac29ebd31de8

SHA512
8ba264772bc419e418b43b6084691ec3e936aeecb6c1373e029375f614825a7b7b5a9388d30511b9a1baeb80004516770fe8166d70df5a67165b192f10650744

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache\Default\Preferences

Filesize
8KB

MD5
871c6f89a72eecc4265b6ea099ae6959

SHA1
832b7030adc623e7a9e3daa62d89707b7704bac9

SHA256
beed930a721128c075a963d181d1bb9b3b61361d1ef07aaa47d693696c5d06da

SHA512
94ecf371d669fbc9ea3b96c8f58d97f5ced2ca8d0be4e58f62fc4dd72937caf8e2a899f17a8cf1ef2700475608b79024cec386c0b9f6cd0bd5e3e3d2e2d80902

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache\Default\Preferences

Filesize
8KB

MD5
a451270c5393985a5b957444725cf220

SHA1
5c02dfce0c03ec17eed2f0fa1f82d74ab1481c2c

SHA256
fd87708e4d4c9afcc9217a96b2194dec9215f7cd66623717320f4917b0730560

SHA512
69bbb5b1f4a30b7e0ddb35ced2e89738a6f20ec72d43de42c92f1e2b1b07222c27bce34523bf085fdeb483ad254e6dfe855e1ac56784304ca587225d86261404

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache\Default\Preferences

Filesize
8KB

MD5
775a13358204d73b9d3fee6d1f174952

SHA1
50e528910aa7c95b14d787740f8b9d898b3b0f4a

SHA256
6b787b70dfb883ec13d40270ffd59895888f2ad19c2ac161d9d52f97da90cb3f

SHA512
f204d9d9c85960e2a1bfebca0188193ec7212754bdad30d489fed14a1f275afdc2ca420b0e22f98bfb4e466ae35e7816aac814af14e6fd4b95fd8ca200453874

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache\Default\Secure Preferences

Filesize
4KB

MD5
17909b2f0b5073c17b606a0a9b0bca49

SHA1
3ea5d5f0fa9098a5e8396fa7d61a5dd6bda6a553

SHA256
c59d853232ccb1ea1fe5762e8de8e90c627f7c6ee4e51628a0836843b31f0f56

SHA512
d366c604822b258a2a7eafa6208bde9ced0142974c1ef977acc824bb5bc14d7b7a8c1f569bf1c0eed815643a9881c8b79986d6bf0f6f6df7f1fe9e96d5396c9b

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache\Default\Secure Preferences

Filesize
4KB

MD5
33bacd9975eb06d4617c81418b9a7bb9

SHA1
8791f54258fae2d7cb71ba36df7cf4d1b836d85f

SHA256
98cfd81455a24749af70e8921bd40d81b7b7c199e325814d6e5e900d37c61db4

SHA512
4999539dbffb519611b7fda88e241302dcc80b5a288ec40cd78d63592e2d1d51a68bfe92b92b8a0190e90915efbe76b48ba9906be61a3f965dcbd60a3f6b166d

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache\Default\Shared Dictionary\cache\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache\Default\SharedStorage

Filesize
4KB

MD5
b016510815cfc2bcd2e04d07a0d4cf80

SHA1
8b67dff3debd7898315d5051c1ca791e3ec9e25f

SHA256
02e374a9c1afdd0d65f515922c3343cd3ea5cc8ccea04d9f026a9406af752b55

SHA512
5af6956cc960770d5651b19096a0f55143cac4fe79f76054042180e9ebbb322a9b1a29dc4fbbb8c12bd8708bb2af67c8b4280b70b0d1192021fd8d423333344b

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache\Default\Site Characteristics Database\000003.log

Filesize
40B

MD5
148079685e25097536785f4536af014b

SHA1
c5ff5b1b69487a9dd4d244d11bbafa91708c1a41

SHA256
f096bc366a931fba656bdcd77b24af15a5f29fc53281a727c79f82c608ecfab8

SHA512
c2556034ea51abfbc172eb62ff11f5ac45c317f84f39d4b9e3ddbd0190da6ef7fa03fe63631b97ab806430442974a07f8e81b5f7dc52d9f2fcdc669adca8d91f

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache\Default\Site Characteristics Database\LOG

Filesize
388B

MD5
72a6d119c8d2de7fa2b678b050108c70

SHA1
90a2c8f6dfbc3bdb507aa5e57806b7ac4700856a

SHA256
e602d1ceeb216fb6acf1f803966e70ef1bb0b09630575ff97ceb6f30f1431582

SHA512
f5ef88a84bb2060bbb4b5bfffead1b76edda08cdfdc402367c668fbe120fab565c6ad2fd9f79b52d1a675b50fcd3c179cd17dcd767462cf836a9194f756b3db2

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache\Default\Site Characteristics Database\LOG.old

Filesize
388B

MD5
d9be142792f952af934bf96a43684521

SHA1
8f1acf67db50f5d41ecd6c0b31649297136c9851

SHA256
83f59cabcbd5105169ca1e1d5c2036e8c2bdd519abdec790f74b46f5162cfdf6

SHA512
a5d8ff97bb714c0891935283d673ac1fe0b07fbcb6c53e934209ea2d347d8bcf03c866837a8fef91bf32ae1f0bee96a0841dbf4ba38d86c8cd269b3c74c02aa6

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache\Default\Sync Data\LevelDB\000003.log

Filesize
46B

MD5
90881c9c26f29fca29815a08ba858544

SHA1
06fee974987b91d82c2839a4bb12991fa99e1bdd

SHA256
a2ca52e34b6138624ac2dd20349cde28482143b837db40a7f0fbda023077c26a

SHA512
15f7f8197b4fc46c4c5c2570fb1f6dd73cb125f9ee53dfa67f5a0d944543c5347bdab5cce95e91dd6c948c9023e23c7f9d76cff990e623178c92f8d49150a625

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache\Default\Sync Data\LevelDB\LOG

Filesize
364B

MD5
56a60a1723dd262902ad293f42797374

SHA1
2443ee84a32fdd4e152bb3ad1dadc1c3385aaa7c

SHA256
7bb97359aec3eff71729018abfd47150af20a2bb08f90504e7e33b85c64d53ab

SHA512
a795a6f7062ca983856ec25e3157f03ad280333b6d4e960db270a6c626a68818289358cc95c5e916509454c4a4cfa0a3a052126f6694144f35c2f1d802f32f0c

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache\Default\Sync Data\LevelDB\LOG.old

Filesize
364B

MD5
bcdb7ca614ea78060dd3da61db5546a0

SHA1
c83c7ff251ce5ebc44dfc316ca2500eeb2cc3932

SHA256
6a21249786939b52580b1b910179cba4ec62d4faaf2fab9243bf0d73964e5fbc

SHA512
89ba91ba1b342001da4ae7525cfbf224aa9dbafe1dcc9453d3b8afedcbe5daccbd7319b503a74c6ec24ee1a59297c88858816b8edf91c23fd161db5bd7da00cc

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache\Default\Visited Links

Filesize
128KB

MD5
d0bbf93a10da5f0e939b6e4de90c4d40

SHA1
9a8fdde7dfb66fc009cdc726eb2c5f1044f4bd5c

SHA256
d04254f92f587a9e3d4cf76609b6785a4743842dcc9fa2c756cfb9c160d0d1d6

SHA512
314a266ca04f20a4bec1b47238e4dc1ab782b1f7c0d1fd833365fd57531a747e87c23339de6daaad7305bd32404fe33cb29ff834afb6c5d8fbe4f31c32b9608e

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache\Default\Web Data

Filesize
126KB

MD5
759ea4b5b7bd47ccae284fcd42b7c74a

SHA1
c1e6e7177bd9f07dcca36e0f20e02eb17956cd26

SHA256
706a236402dbdb9ead5725c68f919f5b53a55665604bd5bc114ce58a6df26410

SHA512
78daa270a4fe9aa3b1bf1c6ddbefa553efac36b60952f5fd19fdf3f60458e4540c4640f235bb8b588c3649747dc142c0115bf70956ae9045b2d20319576f727c

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache\Default\shared_proto_db\metadata\LOG

Filesize
378B

MD5
cc7fb3e2e4128a57c7d26d54024b5879

SHA1
b3eb57f3140a95b74e9c9204acc22495962f9f43

SHA256
ab47c4b7aef77f1393e5955b6ac863c2484b3d34a85edca0be229addd2d23ba2

SHA512
9c94678e0bd91312850b1bcd80fa5be9c120c57646ad95cbf81af737ea4be76ba45cfc75751ada218a5f8907e0f5667e7831332b77f46c0ad0b07e07e68b1d93

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache\Default\shared_proto_db\metadata\LOG.old

Filesize
378B

MD5
aee0fd04af45d1a032f1d224020eee30

SHA1
604381e151f6e2e9b20e86c43691f5b25d145b4b

SHA256
f98d2358359d1d54d142cec018701b5247df76b1e46926080f442fcaa8162531

SHA512
269a3da30f4a14d313633227681dd0606c2a8eb61f074dce8db1d15df00328b6942fb97647f1921b15cfa32713f6ad36ec12030243e1eee19635b5196c31b6ce

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache\Local State

Filesize
5KB

MD5
49a4d0cfb28b4e3c2b713caeb03fb683

SHA1
972779bb44af9359051e22ece77d39cb704f78a8

SHA256
410c1ad17bc591eccff62d9dfd62580971169704c773d0d7b0fcf2feb7b4aced

SHA512
408094aec788041a12c0e273718290cd537477421038af3011abd5b5859a394ca6c6672cfd3f3125c7b4a057e94ae0b0e40b3e1bcb8c77ddb6b24f9c6e5ceee8

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache\Local State

Filesize
1KB

MD5
541459403ac29634a68b8c0d3fae7c9c

SHA1
62baadca7f5a3621c0e79f19ba5616a0929ec61b

SHA256
ccd95744b13426c874cb997c345886fd24da9adba9588f2036ab81e61773e39c

SHA512
164eb81b7e83c97c21689175ef14677f6b3b839ff109d95230e42e301c642aeecc75a7b3282bd6e513c055b02b54856290612b06b07c2dfaca9a2058c7e84ad0

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache\Local State

Filesize
5KB

MD5
10300da42b85639423064fbb14d5b43d

SHA1
f9f39ec3316961f29dd5dc3bee723a47017811f6

SHA256
59ae1abddfec6182ee52ab9cae8975630fda97aae9dbd36038692eafccd50648

SHA512
5adfeb27defd00065e49b05ffef0701562fcffb58ad54b1146a9cfe873a4edaa5f72e7968731de285168fdf6363133a2669199688890fe4f804931d172c7ba41

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache\Local State

Filesize
5KB

MD5
3f001514b7af1057c2552f55dd9ce04a

SHA1
6e261124a45c968e38d674641494f07d3a357842

SHA256
afce1855d51c9f5e4e7365e32818c360fba417a79782a30f9428d3b9f4aae132

SHA512
f40ece0a481aef30b9ae3f96d40118033796ff5732cb59493f8df594c4a680039091f4f5dd3869cd7b2de235c8158487af8258cb0d0005fb0214e58ec34135bf

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache\Local State

Filesize
2KB

MD5
2e6901aa65801c85e82e50045f2faf81

SHA1
02a22bf1034cabb2b6c332db40c5406d5c515267

SHA256
bc4011f40b9c0cb8dcf07ef8d4fb586374c4629bc1fe5aaa0a1f8ad1cd75f00e

SHA512
1df614f013554df721b48876bf5ec1c7f9997f89438285644a0e6019dd155a80336879a07dbebf7767cc6b32ccb24d80035e6baf8564524cbf227fbe9e09e3ef

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache\Local State~RFe5babbd.TMP

Filesize
890B

MD5
1d18e7fc13cd6cad2aeb165989f8587a

SHA1
0406c38bd04a79254f78c94fe408e333043d0529

SHA256
c74ec19d4d4904691815c6237c8ccf2df617dca8c85b17fbbfe8ac8d8b4100ef

SHA512
71510941c5546652716bd4e16e11b8affdc6e2cfc481d397ae635e27da6bb8fb6a815727e6f8431f7ecec3800b576243ab88b3c816c3fe93379a0f21dc8a793e

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache\PrivacySandboxAttestationsPreloaded\2024.8.7.0\privacy-sandbox-attestations.dat

Filesize
6KB

MD5
e6a23ec30cee57e578db5268c267ac3d

SHA1
33f31bf96e8e9ce23f25fe953badfb4dff1c7334

SHA256
3f405f041dd3bd8a24a089598e80e2b05945f63f52d86e97093a5a522614b5cd

SHA512
a3dfc66dbe29b0240ad5c2f1e879cae1198ee142849883690753a37c25515ff9cb815081db28a6a1e757b9c8e1f90a5d6fc1e67c296e70753b4b95cd7f328c24

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache\Subresource Filter\Unindexed Rules\9.49.1\manifest.fingerprint

Filesize
66B

MD5
97a21b537a496ddb93f258be89d5157e

SHA1
640fab7cc72ff72c1dae9f94d4d3b45e9d07cce3

SHA256
6fa60cd5a6a1b84dfbb38135b514bb7973ed1c648d47f308848ee67590a5a44c

SHA512
526f5cb036a773c33a56cc417c048fb739763de492d0ab9d2ab6ada502b6c39c2698e07e569c64c8fbf101c2c6c5a88b70bf346de154810a2072321d29a2b46d

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache\Subresource Filter\Unindexed Rules\9.49.1\manifest.json

Filesize
114B

MD5
4c30f6704085b87b66dce75a22809259

SHA1
8953ee0f49416c23caa82cdd0acdacc750d1d713

SHA256
0152e17e94788e5c3ff124f2906d1d95dc6f8b894cc27ec114b0e73bf6da54f9

SHA512
51e2101bcad1cb1820c98b93a0fb860e4c46172ca2f4e6627520eb066692b3957c0d979894e6e0190877b8ae3c97cb041782bf5d8d0bb0bf2814d8c9bb7c37f3

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache\ZxcvbnData\3\manifest.fingerprint

Filesize
66B

MD5
988167fd5715382c371973188dbf9641

SHA1
43b762a33d209647ba157784cdeb3ef6a97d5812

SHA256
9d894ca8c4f8b0b64c1589b3ce87a478d38ef24f84b40795ce376d4499ebbe4b

SHA512
443503f77d649122b4f40a0b46c47f98c5272498520bea1dd838e2ec46092e75f1515f8923fa9f4044368c7c5c2130797866e61dd17f65a2924a1a4f6c17e8e6

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache\ZxcvbnData\3\manifest.json

Filesize
69B

MD5
fb195043cfc35ce711b45934e387267b

SHA1
6f1aaafee57a3da2687e9fc8defe2dbc7cba0e07

SHA256
aeb364b60303212808fac02eb490ee5b054ae843ce084376e5981ef8767e5198

SHA512
bd7fee1d6f8e51137c849d76ff53f3b501d60ddce83cce18f3a217703d3d8b1a1cc7696b656c666d4f6de62a17ea2407c857137d12e0b6ac7bcdde4b3c8ff86b

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache\ZxcvbnData\3\ranked_dicts

Filesize
865KB

MD5
959460a18173908111523bbf4c39073e

SHA1
c42a9a7042f6d87a6a9de7f9bf378f1fe9485fcc

SHA256
5820d0bf9cfc363ff929492b1eb6df430039f4ac0e212a5b5411f7c2614f79d0

SHA512
291decc0f58cf71d7929a52d2c21a07590c02bcd202b73fb20391d6d0c7dcbe3aec24e02606f22dbd589ee2546a0eb8414c232f74ec646a1f26496c280705600

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache\segmentation_platform\ukm_db

Filesize
48KB

MD5
bbb6b987fe8ff31370ff7757ae227378

SHA1
a473d3a8833c7e3d623d321608a4380ef12676bc

SHA256
b7a9be82880b29131f822321b1851a4d899fe3e4ea84115ef7bcf45c1e9f742b

SHA512
ca5ff4805a5b8485c76b8f5c3cc703ce73e4e736c1433b5d11fbb3d30e152aeef70a23d157be33e7ea4444d43a8a00db840655a185625b08e2b86e15429bda97

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\cache\segmentation_platform\ukm_db-journal

Filesize
4KB

MD5
bb70ab4d8716749be943c6ed8f51073c

SHA1
c0bf4b1ddc45b265292c69d1382c213aaf7f10ba

SHA256
08e720148f06082a6f474e7020b334b8b724e747c094ca4af12708bf49c0126c

SHA512
4a33f11a7f4245a764130e7af85874bcfd417874df7394d7257047557e1513af5135af0558bf0047a8a4e553ecedab8d3f7a1bf631ad98a26aff6a72613c5ee0

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\chrome_100_percent.pak

Filesize
665KB

MD5
ba24f7efcb97f1ecd06f71a4e38d9554

SHA1
d3cc1139e276bce735c6335e6b8eabf95c15e783

SHA256
5bae7e1edacb8da2abb5c64853ffd3d5be0f2f495ce9d45364c313390db78e0f

SHA512
963ba34897812f409d2b4898bd3307725164e9f59b2b3e10b7d04a1a31452096237aef6ee4c89885c96eb82e003f53c58881300810106c6bab12b9937e747b53

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\chrome_200_percent.pak

Filesize
1.0MB

MD5
16e85e5e11ef09e3a9c671952931e266

SHA1
140729a22beb3a3760ab14b65252446c34db00ec

SHA256
708180733b8f697c433329a07453a93995d4dfce09faf41e51697695ad7a8f4c

SHA512
0515d5fa9acf143ce7d14b59b80dedbd8d5c2f9f8a4b55d834fd4ef4c491f587f99384256c2dbf45f84a4b4eb44dd72e86557bf3e966b80550700e59854b0270

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\chrome_elf.dll

Filesize
1.0MB

MD5
23cb2495d60adfe089f2d21d12ff44bf

SHA1
37a09b8f09787d542c25634823248bb8f1d38874

SHA256
589a9e8db3fac6b36191bcff5977054289924d66dbacb084fec3fd0552c916eb

SHA512
ce6243d0e0f439752dfdb6138e4243dd90494d414950dc1019ed6b0b86e4d46742dfd413b52c88b3eaa48dc073851f74bac0be4880af0af8ee3bbafbdd78cabe

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\debug.log

Filesize
965B

MD5
cf0b926334e7af77d0e773405d119889

SHA1
64ccd1f3f16e7c7a8682e4d884c3b3745a9cfc6b

SHA256
92aa8fe01fba7dbf109e1f3f21dcd04a53989eed2e7df6eceffac605b3654f21

SHA512
c5ceb041623412d08505b22e1e154392aa6c3458ce29eae6de027689ce8d40159e16abe983438135f61f777436b77e34016c0aa59e7f47dcfe660e4439f1ebe9

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\debug.log

Filesize
440B

MD5
7ae8e356500347d5d2c2290ad34d1713

SHA1
7484089af1edd3413af392de1178608fcd7920f1

SHA256
380fb271d450e6658e7b1c20b2ebcdc943ad738b446f5ab4a9b34c685de37def

SHA512
4d856310cf1b19d60d4430c4bb580ff7a55a099ee7c13497825fe9f224c3ac2697bf698bb23c8ca310fdb51185155a518cad858517499827ebbeb7f0fbbdd064

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\icudtl.dat

Filesize
10.0MB

MD5
ffd67c1e24cb35dc109a24024b1ba7ec

SHA1
99f545bc396878c7a53e98a79017d9531af7c1f5

SHA256
9ae98c06cbb0ea43c5cd6b5725310c008c65e46072421a1118cb88e1de9a8b92

SHA512
e1a865e685d2d3bacd0916d4238a79462519d887feb273a251120bb6af2b4481d025f3b21ce9a1a95a49371a0aa3ecf072175ba756974e831dbfde1f0feaeb79

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\locales\en-US.pak

Filesize
467KB

MD5
796cf132ed80eee3dff08c20554156cf

SHA1
0941cdd68c45d32dc8b6aff229f2fee37299825c

SHA256
ec3bf34eaa69c30da913923aa5e86866934e8cdfc60f14018d9e2a7244b864ae

SHA512
207478bffb429362e857abc21cfeff7d40054dbe670ba8a445047b54c93c6dfe0061fe6d44970c82b7eb1df7e6c84b275383b6a69dbedf5777ef901e4aa9e9d8

Download Submit
C:\Users\Admin\Downloads\Nyx\lib\resources\cefsharp\resources.pak

Filesize
8.3MB

MD5
8f9b1bc4bcbbcfbc94e46a9d1020e2e0

SHA1
fb9b9de5fe9aa5f1d9460805436b9c37a6aa5a3a

SHA256
79faa3da0ce7b64169a1696fb1e22c40364a2974f62fcdd5163202d5f30a9ed2

SHA512
b2e6536091a7ec41ffd24276eea72e82d460e2bf5519a19c42dc5494d3c1d6e0eb19cc77cf5ee97e74ce7fc6764d458fa31d1812a8740fd98b3d10a4f73bd7c4

Download Submit
memory/916-3308-0x0000000000790000-0x00000000007C5000-memory.dmp

Filesize
212KB

Download
memory/916-3356-0x000000005D740000-0x000000005D950000-memory.dmp

Filesize
2.1MB

Download
memory/916-3309-0x000000005D740000-0x000000005D950000-memory.dmp

Filesize
2.1MB

Download
memory/1520-1497-0x0000000004EB0000-0x0000000004EFA000-memory.dmp

Filesize
296KB

Download
memory/1520-1496-0x0000000004D20000-0x0000000004E0B000-memory.dmp

Filesize
940KB

Download
memory/1688-1450-0x0000000000140000-0x0000000000148000-memory.dmp

Filesize
32KB

Download
memory/3908-2063-0x0000000008CD0000-0x0000000008CD1000-memory.dmp

Filesize
4KB

Download
memory/3908-2053-0x0000000008CD0000-0x0000000008CD1000-memory.dmp

Filesize
4KB

Download
memory/3908-2054-0x0000000008CD0000-0x0000000008CD1000-memory.dmp

Filesize
4KB

Download
memory/3908-2055-0x0000000008CD0000-0x0000000008CD1000-memory.dmp

Filesize
4KB

Download
memory/3908-2059-0x0000000008CD0000-0x0000000008CD1000-memory.dmp

Filesize
4KB

Download
memory/3908-2061-0x0000000008CD0000-0x0000000008CD1000-memory.dmp

Filesize
4KB

Download
memory/3908-2065-0x0000000008CD0000-0x0000000008CD1000-memory.dmp

Filesize
4KB

Download
memory/3908-2064-0x0000000008CD0000-0x0000000008CD1000-memory.dmp

Filesize
4KB

Download
memory/3908-2060-0x0000000008CD0000-0x0000000008CD1000-memory.dmp

Filesize
4KB

Download
memory/3908-2062-0x0000000008CD0000-0x0000000008CD1000-memory.dmp

Filesize
4KB

Download
memory/6052-1555-0x0000000074520000-0x0000000074CD0000-memory.dmp

Filesize
7.7MB

Download
memory/6052-1498-0x0000000074520000-0x0000000074CD0000-memory.dmp

Filesize
7.7MB

Download
memory/6052-1422-0x000000000CC70000-0x000000000CDCC000-memory.dmp

Filesize
1.4MB

Download
memory/6052-1552-0x000000007452E000-0x000000007452F000-memory.dmp

Filesize
4KB

Download
memory/6052-1553-0x0000000074520000-0x0000000074CD0000-memory.dmp

Filesize
7.7MB

Download
memory/6052-1554-0x0000000074520000-0x0000000074CD0000-memory.dmp

Filesize
7.7MB

Download
memory/6052-1414-0x000000000CEA0000-0x000000000CF8C000-memory.dmp

Filesize
944KB

Download
memory/6052-1410-0x00000000062C0000-0x00000000062F8000-memory.dmp

Filesize
224KB

Download
memory/6052-1411-0x0000000006290000-0x000000000629E000-memory.dmp

Filesize
56KB

Download
memory/6052-1614-0x0000000074520000-0x0000000074CD0000-memory.dmp

Filesize
7.7MB

Download
memory/6052-1409-0x0000000074520000-0x0000000074CD0000-memory.dmp

Filesize
7.7MB

Download
memory/6052-1408-0x0000000006240000-0x0000000006248000-memory.dmp

Filesize
32KB

Download
memory/6052-1407-0x0000000008040000-0x000000000808A000-memory.dmp

Filesize
296KB

Download
memory/6052-1406-0x0000000005050000-0x0000000005074000-memory.dmp

Filesize
144KB

Download
memory/6052-1405-0x00000000076D0000-0x0000000007E34000-memory.dmp

Filesize
7.4MB

Download
memory/6052-1404-0x0000000074520000-0x0000000074CD0000-memory.dmp

Filesize
7.7MB

Download
memory/6052-1403-0x0000000074520000-0x0000000074CD0000-memory.dmp

Filesize
7.7MB

Download
memory/6052-1402-0x0000000000200000-0x00000000006D0000-memory.dmp

Filesize
4.8MB

Download
memory/6052-1401-0x000000007452E000-0x000000007452F000-memory.dmp

Filesize
4KB

Download