661324fbbc8c41a7a2c1cb6fa8430ed60bde6d032b871b1a56586948a990e197

Resubmissions

09/08/2024, 01:11

240809-bkehesxfmf 8

09/08/2024, 01:07

240809-bg4m5stfjm 8

09/08/2024, 01:04

240809-bfazfaxeld 7

09/08/2024, 00:52

240809-a7538atcnp 7

Analysis

max time kernel
149s
max time network
153s
platform
windows10-1703_x64
resource
win10-20240611-en
resource tags

arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
submitted
09/08/2024, 01:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Unconfirmed 601024.zip
Size

8.9MB
MD5

926e6e63f9df75420b7964345fbb84c5
SHA1

d11759590852f2ac94a3f86fb86f2d30e7134a35
SHA256

661324fbbc8c41a7a2c1cb6fa8430ed60bde6d032b871b1a56586948a990e197
SHA512

b48908f397340567df63b337087a5d62d76a962f8860aafb95e0ce54301a87fb95fc22b3df53949fa174e7b3fe264756676e2e8a1b90f490399897e1c80aa440
SSDEEP

196608:98zPw4KF/kop4qGwABiGBaossKiTXgKjo45812OHclQ6/BTcE0JN6ayPim:qwujBURsBTXX811a5oE0JN6LPZ

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
14	discord.com
15	discord.com
13	discord.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Nyx.exe = "11001"	Nyx.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133676391205135332"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
3340	chrome.exe
3340	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe

Suspicious use of FindShellTrayWindow 40 IoCs

pid	Process
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4576	Nyx.exe
4576	Nyx.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2080 wrote to memory of 4860	2080	chrome.exe	73
PID 2080 wrote to memory of 4860	2080	chrome.exe	73
PID 2080 wrote to memory of 196	2080	chrome.exe	75
PID 2080 wrote to memory of 196	2080	chrome.exe	75
PID 2080 wrote to memory of 196	2080	chrome.exe	75
PID 2080 wrote to memory of 196	2080	chrome.exe	75
PID 2080 wrote to memory of 196	2080	chrome.exe	75
PID 2080 wrote to memory of 196	2080	chrome.exe	75
PID 2080 wrote to memory of 196	2080	chrome.exe	75
PID 2080 wrote to memory of 196	2080	chrome.exe	75
PID 2080 wrote to memory of 196	2080	chrome.exe	75
PID 2080 wrote to memory of 196	2080	chrome.exe	75
PID 2080 wrote to memory of 196	2080	chrome.exe	75
PID 2080 wrote to memory of 196	2080	chrome.exe	75
PID 2080 wrote to memory of 196	2080	chrome.exe	75
PID 2080 wrote to memory of 196	2080	chrome.exe	75
PID 2080 wrote to memory of 196	2080	chrome.exe	75
PID 2080 wrote to memory of 196	2080	chrome.exe	75
PID 2080 wrote to memory of 196	2080	chrome.exe	75
PID 2080 wrote to memory of 196	2080	chrome.exe	75
PID 2080 wrote to memory of 196	2080	chrome.exe	75
PID 2080 wrote to memory of 196	2080	chrome.exe	75
PID 2080 wrote to memory of 196	2080	chrome.exe	75
PID 2080 wrote to memory of 196	2080	chrome.exe	75
PID 2080 wrote to memory of 196	2080	chrome.exe	75
PID 2080 wrote to memory of 196	2080	chrome.exe	75
PID 2080 wrote to memory of 196	2080	chrome.exe	75
PID 2080 wrote to memory of 196	2080	chrome.exe	75
PID 2080 wrote to memory of 196	2080	chrome.exe	75
PID 2080 wrote to memory of 196	2080	chrome.exe	75
PID 2080 wrote to memory of 196	2080	chrome.exe	75
PID 2080 wrote to memory of 196	2080	chrome.exe	75
PID 2080 wrote to memory of 196	2080	chrome.exe	75
PID 2080 wrote to memory of 196	2080	chrome.exe	75
PID 2080 wrote to memory of 196	2080	chrome.exe	75
PID 2080 wrote to memory of 196	2080	chrome.exe	75
PID 2080 wrote to memory of 196	2080	chrome.exe	75
PID 2080 wrote to memory of 196	2080	chrome.exe	75
PID 2080 wrote to memory of 196	2080	chrome.exe	75
PID 2080 wrote to memory of 196	2080	chrome.exe	75
PID 2080 wrote to memory of 3064	2080	chrome.exe	76
PID 2080 wrote to memory of 3064	2080	chrome.exe	76
PID 2080 wrote to memory of 1704	2080	chrome.exe	77
PID 2080 wrote to memory of 1704	2080	chrome.exe	77
PID 2080 wrote to memory of 1704	2080	chrome.exe	77
PID 2080 wrote to memory of 1704	2080	chrome.exe	77
PID 2080 wrote to memory of 1704	2080	chrome.exe	77
PID 2080 wrote to memory of 1704	2080	chrome.exe	77
PID 2080 wrote to memory of 1704	2080	chrome.exe	77
PID 2080 wrote to memory of 1704	2080	chrome.exe	77
PID 2080 wrote to memory of 1704	2080	chrome.exe	77
PID 2080 wrote to memory of 1704	2080	chrome.exe	77
PID 2080 wrote to memory of 1704	2080	chrome.exe	77
PID 2080 wrote to memory of 1704	2080	chrome.exe	77
PID 2080 wrote to memory of 1704	2080	chrome.exe	77
PID 2080 wrote to memory of 1704	2080	chrome.exe	77
PID 2080 wrote to memory of 1704	2080	chrome.exe	77
PID 2080 wrote to memory of 1704	2080	chrome.exe	77
PID 2080 wrote to memory of 1704	2080	chrome.exe	77
PID 2080 wrote to memory of 1704	2080	chrome.exe	77
PID 2080 wrote to memory of 1704	2080	chrome.exe	77
PID 2080 wrote to memory of 1704	2080	chrome.exe	77
PID 2080 wrote to memory of 1704	2080	chrome.exe	77
PID 2080 wrote to memory of 1704	2080	chrome.exe	77

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Unconfirmed 601024.zip"
1⤵
PID:3340

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffb44729758,0x7ffb44729768,0x7ffb44729778
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1564 --field-trial-handle=1784,i,253531217443518353,9146235623907037730,131072 /prefetch:2
  2⤵
  PID:196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1740 --field-trial-handle=1784,i,253531217443518353,9146235623907037730,131072 /prefetch:8
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2128 --field-trial-handle=1784,i,253531217443518353,9146235623907037730,131072 /prefetch:8
  2⤵
  PID:1704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2952 --field-trial-handle=1784,i,253531217443518353,9146235623907037730,131072 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2960 --field-trial-handle=1784,i,253531217443518353,9146235623907037730,131072 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3980 --field-trial-handle=1784,i,253531217443518353,9146235623907037730,131072 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4920 --field-trial-handle=1784,i,253531217443518353,9146235623907037730,131072 /prefetch:8
  2⤵
  PID:3924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 --field-trial-handle=1784,i,253531217443518353,9146235623907037730,131072 /prefetch:8
  2⤵
  PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4840 --field-trial-handle=1784,i,253531217443518353,9146235623907037730,131072 /prefetch:1
  2⤵
  PID:3736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5624 --field-trial-handle=1784,i,253531217443518353,9146235623907037730,131072 /prefetch:8
  2⤵
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5916 --field-trial-handle=1784,i,253531217443518353,9146235623907037730,131072 /prefetch:8
  2⤵
  PID:2812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5992 --field-trial-handle=1784,i,253531217443518353,9146235623907037730,131072 /prefetch:8
  2⤵
  PID:476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6132 --field-trial-handle=1784,i,253531217443518353,9146235623907037730,131072 /prefetch:8
  2⤵
  PID:2496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6112 --field-trial-handle=1784,i,253531217443518353,9146235623907037730,131072 /prefetch:8
  2⤵
  PID:2492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1048 --field-trial-handle=1784,i,253531217443518353,9146235623907037730,131072 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5892 --field-trial-handle=1784,i,253531217443518353,9146235623907037730,131072 /prefetch:8
  2⤵
  PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 --field-trial-handle=1784,i,253531217443518353,9146235623907037730,131072 /prefetch:8
  2⤵
  PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3144 --field-trial-handle=1784,i,253531217443518353,9146235623907037730,131072 /prefetch:8
  2⤵
  PID:5080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2368 --field-trial-handle=1784,i,253531217443518353,9146235623907037730,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3340

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2796

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x320
1⤵
PID:3036

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4536

C:\Users\Admin\Downloads\NYX 4.5 FIXED\Nyx.exe
"C:\Users\Admin\Downloads\NYX 4.5 FIXED\Nyx.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4576

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
0e5f19747eb2ce2757c9d3ae091d15ff

SHA1
19022a591a9782865bbb15e559363b2eeed7df06

SHA256
ec9609a70948c40c02723c73d21005d60243622c20efa228fa8f29f9dfc567d6

SHA512
9ecacbae6a31f919c7554c78ae8df6ce5dd2117997a5c184e70602e3f1f776dd6a64b541e879f580958c07b940170dfa7eb62799ee8739b55363a40c5fcdaf2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
081c61b4e248a61b94f4ae2d156fcacc

SHA1
c940ca73b26ca0c0a81cdf8e3e32b33848dfda9f

SHA256
7aed433685890333bfc93b755190a1238a9ece68acdccf1e4d3b954ae1c50152

SHA512
22030cd9be73560197e7fa401807797739c053ddbdc2745c3835f62e4b50fa6c4bee5cd76d1776d25f70654d3aaff0eac64fa1abfaabcab965c3bfc7b820d0ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
041f352e28ca04877c37db3f0a07934c

SHA1
2f25f08ce686fefc377b0122607b1dc0722d5b77

SHA256
6144c7883d5e49b77fc80e6d7a9904a888b6f34ab1d110ff4e4504c9031211db

SHA512
6e9c2c1319203cf37f149529b9ed5a313f02e65372ea9aed33973d2d0c8b66a9f7c3fe2c73d86361374d9effeb2aa91d3b73e4e8a2ffc2f1507978df7af69f08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
986066ee4a6de08b9cb80ba72430de27

SHA1
24c0cdc5b086c88f92f3a73c6be62642dcaf15ce

SHA256
02064007f9bf3cdc7e848f1d3448235f6078ef7798a3245b5f1bf0712da2e89d

SHA512
c1b0136259c000f025048e5107f3f84de88c0e3f460dc17489480f7878d4d93bfacd9d5a66a8c11812bf069101734b113ff0188ff55cca33c5f6f93549469863

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
873B

MD5
bd049c69b25f2d354f67faee62c7298b

SHA1
82be5482f21170c8ca8c5b6a6e509e3b533e8aab

SHA256
7bba8656634bc01d4b3627f7da05a32da0057df122f7f1c62c47fd1e3c33ab3c

SHA512
247c0fff9b165da70ac1851617fc70c35cf5ba6c6036fcaf7b6af061c3bc288463fb9be9988b3301022025d4fa61ad41c5d52c361f78937fdb3e15f5b95b7293

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
15c20afdf962bdaa3dabfabb2cf27a82

SHA1
b1b3bebadb4341b07d1d639589574a67120b8130

SHA256
6708b3023e2e0c907034c34d891ed775831add99ffa96c025bba853211d16c7d

SHA512
7fcb9b174f33c70b7636607c819c10c6e3aa56bf2b0764de4ff4688dbd56213dedc430a5a52e84ba841dd072e742428c0fa6a4755d27279a04412b460a5e8d90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
204B

MD5
a39e220bbef5670d91884cd55e651ae4

SHA1
9041a2f5a3e0e9aabdd02584dbf58c71d54b809e

SHA256
fdbfa3b6e8930d65b645e63c6d2983f2519f7cac71629809c0bc3308940a0124

SHA512
2e357ef8e7ac2f23afcbd86b3b5e17c3d26716b241bfa81468c2dc1cdb7ffcfb4645c67902d179f9da13c40cedec07d0c0df275eba0559f5589d9e449ec145f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
e142be146bda792afc66305c3c0a3309

SHA1
4f1355adb5225955c98e4975ec9c622baf01997a

SHA256
df50dcea0ff4692262184c3115980c910694ea9b85e45c1b315786927d65bbd5

SHA512
fd2d41528b82d35a2740fd5f5ac340c8b8faefd2a494a0cd8e374d32acbeb80f84f7e551c170c7178d5751dcde0a44908c2ea23faa758c80b756b531e7481888

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
93b8e9afb7c3d4cb49ac8c62f8b3ce72

SHA1
147fdcea543d657018858f681723d281de40310f

SHA256
8bf6df4b9f2a80bc8de1f0bd9b951eaa73fca447ac39f4edf7064a6c091ef30d

SHA512
9a3e89f64f9ce4dd4347c1ca61612b35f006a89b49240a11ddb74a96656f5c8948177d5068061f61d02ec52e32670a196b6e0540332b1083a8efa2df0fedfa07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4a5f04421d367f15f96baacf44bf6f74

SHA1
eec77dc5d1cbfdc7f44ae426d7520bfc6cb2e62b

SHA256
3bed856937803677cc33946d5dedc55d54388047fb068c9a4f0d541481fd9525

SHA512
4a383cadaaf3b9b9db27d7cb0d8181067c00848f81f703ace50c0bd0c2449fd7f0c4c3f36d118e831be891ab37d54a1ea77a98994676b38f00ad46b8bf0aba4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a545d844624c5254f91890232dd131e6

SHA1
c435093a6f2a9381061af6eb841f71cab7b77d3e

SHA256
f4a5fd7d58e6957a27fe84afb574e72e48379dec8164ae855b19c795c2f2bddb

SHA512
914d0a4cbec6fba3a7bc45a2e3d1702c28ec843ee39e79cb5b30291f7ea465c49b1f860ea76b88bed28715ce81bd1f2a0d2c552995229e070dbd1d2c94f1a56f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
93d0f90ec4787c9e27d4a39d4b4a538b

SHA1
cc4d235cb91c681eac04ac24dccc57590414f912

SHA256
ee285a9c2c62e1e793a63b504655d1a8c98b481de47671d58e6748933d2574f2

SHA512
104bb89e0706cb16114e87a1a01c691fac451a369cfe3d9e364c7ea0ceca7764e36cf69217a27c284c99dd1c0b43590f08089144f8ea96e4b014946c70b862cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bfd4983a4000e30f5b4b84eb020b343d

SHA1
4768fa688db918585b77ca3e6486d859be09e9d1

SHA256
3d50b3b3e06b83edcecad41bea58b8f09988d2246530b2366a2e8974c37433f4

SHA512
ffb015d3aaab52c851ce89c77d67efb49ec1a1c759d7546c5060e4f4481486c67de7091424048e56d532ac137a0f7271c4767d7a0af9c16918eae78ab947e47c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8757ea0fce37eff81675add70b508df0

SHA1
06cc7e540e6281c266e0dc3d1e9577ca223be013

SHA256
71fb8749124e2d65eaa99514fe43c4122351e4fc61eb9f66f0f1be827c8a1126

SHA512
f3d64404391fafb34162eb041e2159ff1c6f78cfd133bc2bcae8664920422da5bc5c9ab06d24e36994ee5670656555630e341026cb240f7af8376c68858e6a4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
17e25a75b6cd6e4a39af60465ebfb21d

SHA1
7b68922b8dcb934054590d230f4c40620a280b28

SHA256
c775d1b7483edc3dbccb7a633660150e02782244a955a46c8ef27be924c7cd4a

SHA512
36b13b0a2bf309aaf6b0e2cfc98ff718355acdf41778319d2c252c59d3916910e03eecb80208c06a41201f7825ee1c8029846adb6e64e43fa712aa9736ac2b08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
843759b6c43a0f7ff82aba66f3423a80

SHA1
4eaefe0a4b3e7b6d03eb448ada3873252a26e18b

SHA256
797ef76f6afadbf5bc6733dde82edca263e8e17abc98d936e4f7b1e72a6e173c

SHA512
e9bc678a2035f70cd616c9c4fa5a910d707270b095cf79dc244b3e455897ce769dc4fba325f116adea019e0417722eb3aeedd913a45821da7896f0448524315d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8476eaaf5121310354dc5b6b93a2e046

SHA1
ce73b73f5dfef23a0ccb64843830af2c79bdf7db

SHA256
5bc4ba3cd365c697a22d21a54556b66cedad61a9b456c3fb8f4cdd45df6c73cd

SHA512
06a3914596e39ec1ffe3cd225759e5ff0ac7973e9a0ffe87c843be0950d72eea62cd8a1f9bbd244882acd72af8ddf84eb4affe25b7e8db38b20152d738ec7063

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b29fcd06967e2c0482a477756b8e0e51

SHA1
fffc6a17d12dae294639dfbef5d5d5d62aeccbef

SHA256
920662ede0cee2352e5f60ac38963624ae2bfc1f3994e3c8af7d2b35a40061e3

SHA512
948c8fb29d73e20063764b4b475b2a58c19c98b7263af6b12ed67a7957a230e1d3345d42a70caab111badbf4bd2f698d938dabc9cbac10c601ce5e0301dc8cca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
03e3eff52e4ea9888100fa85997d032e

SHA1
4bf5d23cabdba2e40b806c60810fe62f68755b9f

SHA256
abe978f2916729b9fa20f87ef69ed5487032ad70b74685e8ecb544bb25071735

SHA512
3935327224ee247fa8a01525e23175c3f558f02875a076d1f1b63f0b27e5bca99b925e8f10e546405b923f9b164a6a61a8f624e5dde179505d5fd6580267b73a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
306KB

MD5
46003b22031e9fc554b07c47e7cae5e0

SHA1
7a54536d08492517fab3299390aa66953c45d3e1

SHA256
fe67b49cb07e8fcf62477fb775fcd525d9a6f03acad6a32a59278b80b8ebf2d7

SHA512
3bee326abc6381d669024de0d613db1b0340ff3cf456984bf1c8b9ac9daacba90a645e674cfa0e71ad5d8f03a97bdd89e41860cfc407d604dc5e0ed41c0389f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
358KB

MD5
ce2b77a1b2139267949d91d3de9dd63a

SHA1
fcbf9ad8f5fd9789fe2484aa8349c1df8d664e96

SHA256
22afb1bdbf05b3ec5e50fff5dca61c1a1eebf4280367fc7ef79f3cd449ec4d3d

SHA512
e7fa7aee45cc553912493989b30f5fdcba98010c86be9d6a7279398500cb8d6b622e3e57cb48aea331b9d34a22329c052a02d75e946c6a03c22989fce5048423

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
306KB

MD5
4012afb64227f9986a78a6988a448f82

SHA1
b5cf21436da81b9f238190300eb9a3d66467d6df

SHA256
d4be8f0b8616d5a95f262ad02428f1458979a969c642fe72a902caf595ff9f4f

SHA512
c9f9f7d6b858ca081c2ffb60391976157f87e3a4524070c56fd1e9ae08e27cf45a6bd4f592918b33fa454ff34dc46667235518e571f61b850147ad43e64c0f4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
86ea3b408a48e8b91bc6db1c15ef4466

SHA1
7183cd5e14950ac28718e4c6649209200deeb6f7

SHA256
a281191fd518b53a78f93c5253de9130173fc3c2bb900d7ff4ce3ef8efba410d

SHA512
68547a464ecf2a64009f92db5a644d494ca85bad2677d8240a86c125736a2065a8ed87f08912c58bf7003dce76849a0a6d002b921b05e8842c614b8b280b8031

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
306KB

MD5
e499cc66ff469cb15220b527f4bbaf40

SHA1
8e1d5cb29374c9d5d8ee6ba08fabaa37a3d26baa

SHA256
6403397427996ebf9e9cb23835871c3bccf5c20deb1a79a261270cfdc257fe34

SHA512
bf2d0892eb70cf92e796a8616f319cc5289c287cd2f62025b8f9388f7586458d29a714155a735250aa9155e086e3c8dab25e5cc0b159f1d92d48cafab4eaeac6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
111KB

MD5
60da2ab6ca712fa4430cb917ecd9d36a

SHA1
f38db7db8ea6b3edb96d0141240ea8abb998b115

SHA256
f8bd2a29dc7c1844123234b4478b622afe2265001a58152f9206b35c485e762f

SHA512
2f8de1e6e306f56bc9a9925d07b6037f275b6b4924d19d4d9f922720066e25be2cb43b72acdaf5385cd0202c61d267622a7fd775c68504a2bdef5735be2cf5cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
052d26ef623aa3b18c25a893e53dfbeb

SHA1
b358afd6b73451a6856b2b7d4798b23426bd4f8b

SHA256
3d02a4d977f69874ddec2cf2acf9c83f22a9261044b6d8077830cacefb89b0d6

SHA512
158613b253256da99a0e0e0888e93411ca316170aeca97870920cb5863c677f65d06b7076fe0cfb7236db4423c5afe0c254cfd9588c930d6ed15b210b1f062d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe588e12.TMP

Filesize
93KB

MD5
c727e5035c4509fe2d1d566ee990a48e

SHA1
627963eebbc6b51be749747eaf3e7882059924e2

SHA256
c6d9614d695cbf7d51383b929c8790df9fb3c37eae5d991fa18410279267875e

SHA512
98d1c46b35d6717e03f49d45a4195c0bbccbd432f584bfc42bafb4b5cac3ec244813ea7d83dddbab27f43f15be489c5c5201541b281098fdad7c89e1d22d0d65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\NYX 4.5 FIXED.zip

Filesize
8.9MB

MD5
926e6e63f9df75420b7964345fbb84c5

SHA1
d11759590852f2ac94a3f86fb86f2d30e7134a35

SHA256
661324fbbc8c41a7a2c1cb6fa8430ed60bde6d032b871b1a56586948a990e197

SHA512
b48908f397340567df63b337087a5d62d76a962f8860aafb95e0ce54301a87fb95fc22b3df53949fa174e7b3fe264756676e2e8a1b90f490399897e1c80aa440

Download Submit
memory/4576-813-0x0000010599190000-0x00000105992E4000-memory.dmp

Filesize
1.3MB

Download
memory/4576-814-0x00000105B3E60000-0x00000105B4236000-memory.dmp

Filesize
3.8MB

Download
memory/4576-817-0x0000010DB8810000-0x0000010DB8910000-memory.dmp

Filesize
1024KB

Download