661324fbbc8c41a7a2c1cb6fa8430ed60bde6d032b871b1a56586948a990e197

Resubmissions

09-08-2024 01:11

240809-bkehesxfmf 8

09-08-2024 01:07

240809-bg4m5stfjm 8

09-08-2024 01:04

240809-bfazfaxeld 7

09-08-2024 00:52

240809-a7538atcnp 7

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09-08-2024 01:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Unconfirmed 601024.zip
Size

8.9MB
MD5

926e6e63f9df75420b7964345fbb84c5
SHA1

d11759590852f2ac94a3f86fb86f2d30e7134a35
SHA256

661324fbbc8c41a7a2c1cb6fa8430ed60bde6d032b871b1a56586948a990e197
SHA512

b48908f397340567df63b337087a5d62d76a962f8860aafb95e0ce54301a87fb95fc22b3df53949fa174e7b3fe264756676e2e8a1b90f490399897e1c80aa440
SSDEEP

196608:98zPw4KF/kop4qGwABiGBaossKiTXgKjo45812OHclQ6/BTcE0JN6ayPim:qwujBURsBTXX811a5oE0JN6LPZ

Score

8^/10

discovery vmprotect

Malware Config

Signatures

Downloads MZ/PE file

VMProtect packed file 5 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral2/memory/2768-501-0x0000000140000000-0x0000000140AF6000-memory.dmp	vmprotect
behavioral2/memory/4212-508-0x0000000140000000-0x0000000140AF6000-memory.dmp	vmprotect
behavioral2/memory/3940-515-0x0000000140000000-0x0000000140AF6000-memory.dmp	vmprotect
behavioral2/memory/2584-518-0x0000000140000000-0x0000000140AF6000-memory.dmp	vmprotect
behavioral2/memory/3328-524-0x0000000140000000-0x0000000140AF6000-memory.dmp	vmprotect

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
42	discord.com
43	discord.com
41	discord.com

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 5 IoCs

pid	Process
2768	nyxplayerbeta.exe
4212	nyxplayerbeta.exe
3940	nyxplayerbeta.exe
2584	nyxplayerbeta.exe
3328	nyxplayerbeta.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 3 IoCs

evasion

pid	Process
1744	taskkill.exe
4748	taskkill.exe
2360	taskkill.exe

Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Software\Microsoft\Internet Explorer\PhishingFilter	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = 4c0fb5fe11e5da01	iexplore.exe

Modifies Internet Explorer settings 1 TTPs 17 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\Main\DownloadWindowPlacement = 2c0000000000000000000000ffffffffffffffffffffffffffffffff100100003c000000900300001c020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Nyx.exe = "11001"	Nyx.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{1C4B3965-55EC-11EF-BB4F-CA89CBF88D4A} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133676393172313150"	chrome.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1302416131-1437503476-2806442725-1000\{40D08B6D-B166-45FC-B30C-1E0E094167DF}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 26 IoCs

pid	Process
3244	chrome.exe
3244	chrome.exe
2768	nyxplayerbeta.exe
2768	nyxplayerbeta.exe
2768	nyxplayerbeta.exe
2768	nyxplayerbeta.exe
4212	nyxplayerbeta.exe
4212	nyxplayerbeta.exe
4212	nyxplayerbeta.exe
4212	nyxplayerbeta.exe
3940	nyxplayerbeta.exe
3940	nyxplayerbeta.exe
3940	nyxplayerbeta.exe
3940	nyxplayerbeta.exe
2584	nyxplayerbeta.exe
2584	nyxplayerbeta.exe
2584	nyxplayerbeta.exe
2584	nyxplayerbeta.exe
3328	nyxplayerbeta.exe
3328	nyxplayerbeta.exe
3328	nyxplayerbeta.exe
3328	nyxplayerbeta.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1480	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: 33	5024	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5024	AUDIODG.EXE
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe

Suspicious use of FindShellTrayWindow 45 IoCs

pid	Process
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
2396	iexplore.exe
2396	iexplore.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe

Suspicious use of SetWindowsHookEx 51 IoCs

pid	Process
3736	Nyx.exe
3736	Nyx.exe
4896	Nyx.exe
4896	Nyx.exe
4412	Nyx.exe
4412	Nyx.exe
1480	OpenWith.exe
1480	OpenWith.exe
1480	OpenWith.exe
1480	OpenWith.exe
1480	OpenWith.exe
1480	OpenWith.exe
1480	OpenWith.exe
1480	OpenWith.exe
1480	OpenWith.exe
1480	OpenWith.exe
1480	OpenWith.exe
1480	OpenWith.exe
1480	OpenWith.exe
1480	OpenWith.exe
1480	OpenWith.exe
1480	OpenWith.exe
1480	OpenWith.exe
1480	OpenWith.exe
1480	OpenWith.exe
1480	OpenWith.exe
1480	OpenWith.exe
1480	OpenWith.exe
1480	OpenWith.exe
1480	OpenWith.exe
1480	OpenWith.exe
1480	OpenWith.exe
1480	OpenWith.exe
1480	OpenWith.exe
1480	OpenWith.exe
1480	OpenWith.exe
1480	OpenWith.exe
1480	OpenWith.exe
1480	OpenWith.exe
1480	OpenWith.exe
1480	OpenWith.exe
2396	iexplore.exe
2396	iexplore.exe
508	IEXPLORE.EXE
508	IEXPLORE.EXE
2692	Nyx.exe
2692	Nyx.exe
2164	Nyx.exe
2164	Nyx.exe
4612	Nyx.exe
4612	Nyx.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3244 wrote to memory of 388	3244	chrome.exe	89
PID 3244 wrote to memory of 388	3244	chrome.exe	89
PID 3244 wrote to memory of 2336	3244	chrome.exe	90
PID 3244 wrote to memory of 2336	3244	chrome.exe	90
PID 3244 wrote to memory of 2336	3244	chrome.exe	90
PID 3244 wrote to memory of 2336	3244	chrome.exe	90
PID 3244 wrote to memory of 2336	3244	chrome.exe	90
PID 3244 wrote to memory of 2336	3244	chrome.exe	90
PID 3244 wrote to memory of 2336	3244	chrome.exe	90
PID 3244 wrote to memory of 2336	3244	chrome.exe	90
PID 3244 wrote to memory of 2336	3244	chrome.exe	90
PID 3244 wrote to memory of 2336	3244	chrome.exe	90
PID 3244 wrote to memory of 2336	3244	chrome.exe	90
PID 3244 wrote to memory of 2336	3244	chrome.exe	90
PID 3244 wrote to memory of 2336	3244	chrome.exe	90
PID 3244 wrote to memory of 2336	3244	chrome.exe	90
PID 3244 wrote to memory of 2336	3244	chrome.exe	90
PID 3244 wrote to memory of 2336	3244	chrome.exe	90
PID 3244 wrote to memory of 2336	3244	chrome.exe	90
PID 3244 wrote to memory of 2336	3244	chrome.exe	90
PID 3244 wrote to memory of 2336	3244	chrome.exe	90
PID 3244 wrote to memory of 2336	3244	chrome.exe	90
PID 3244 wrote to memory of 2336	3244	chrome.exe	90
PID 3244 wrote to memory of 2336	3244	chrome.exe	90
PID 3244 wrote to memory of 2336	3244	chrome.exe	90
PID 3244 wrote to memory of 2336	3244	chrome.exe	90
PID 3244 wrote to memory of 2336	3244	chrome.exe	90
PID 3244 wrote to memory of 2336	3244	chrome.exe	90
PID 3244 wrote to memory of 2336	3244	chrome.exe	90
PID 3244 wrote to memory of 2336	3244	chrome.exe	90
PID 3244 wrote to memory of 2336	3244	chrome.exe	90
PID 3244 wrote to memory of 2336	3244	chrome.exe	90
PID 3244 wrote to memory of 4844	3244	chrome.exe	91
PID 3244 wrote to memory of 4844	3244	chrome.exe	91
PID 3244 wrote to memory of 3032	3244	chrome.exe	92
PID 3244 wrote to memory of 3032	3244	chrome.exe	92
PID 3244 wrote to memory of 3032	3244	chrome.exe	92
PID 3244 wrote to memory of 3032	3244	chrome.exe	92
PID 3244 wrote to memory of 3032	3244	chrome.exe	92
PID 3244 wrote to memory of 3032	3244	chrome.exe	92
PID 3244 wrote to memory of 3032	3244	chrome.exe	92
PID 3244 wrote to memory of 3032	3244	chrome.exe	92
PID 3244 wrote to memory of 3032	3244	chrome.exe	92
PID 3244 wrote to memory of 3032	3244	chrome.exe	92
PID 3244 wrote to memory of 3032	3244	chrome.exe	92
PID 3244 wrote to memory of 3032	3244	chrome.exe	92
PID 3244 wrote to memory of 3032	3244	chrome.exe	92
PID 3244 wrote to memory of 3032	3244	chrome.exe	92
PID 3244 wrote to memory of 3032	3244	chrome.exe	92
PID 3244 wrote to memory of 3032	3244	chrome.exe	92
PID 3244 wrote to memory of 3032	3244	chrome.exe	92
PID 3244 wrote to memory of 3032	3244	chrome.exe	92
PID 3244 wrote to memory of 3032	3244	chrome.exe	92
PID 3244 wrote to memory of 3032	3244	chrome.exe	92
PID 3244 wrote to memory of 3032	3244	chrome.exe	92
PID 3244 wrote to memory of 3032	3244	chrome.exe	92
PID 3244 wrote to memory of 3032	3244	chrome.exe	92
PID 3244 wrote to memory of 3032	3244	chrome.exe	92
PID 3244 wrote to memory of 3032	3244	chrome.exe	92
PID 3244 wrote to memory of 3032	3244	chrome.exe	92
PID 3244 wrote to memory of 3032	3244	chrome.exe	92
PID 3244 wrote to memory of 3032	3244	chrome.exe	92
PID 3244 wrote to memory of 3032	3244	chrome.exe	92
PID 3244 wrote to memory of 3032	3244	chrome.exe	92

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Unconfirmed 601024.zip"
1⤵
PID:5108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd1b03cc40,0x7ffd1b03cc4c,0x7ffd1b03cc58
  2⤵
  PID:388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1808,i,11180683698500253153,18091306756482114685,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1804 /prefetch:2
  2⤵
  PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2192,i,11180683698500253153,18091306756482114685,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2296,i,11180683698500253153,18091306756482114685,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2280 /prefetch:8
  2⤵
  PID:3032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,11180683698500253153,18091306756482114685,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3348,i,11180683698500253153,18091306756482114685,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3604,i,11180683698500253153,18091306756482114685,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4508 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4864,i,11180683698500253153,18091306756482114685,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4876 /prefetch:8
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4404,i,11180683698500253153,18091306756482114685,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4412 /prefetch:8
  2⤵
  PID:1724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5104,i,11180683698500253153,18091306756482114685,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4500 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5232,i,11180683698500253153,18091306756482114685,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5260 /prefetch:8
  2⤵
  PID:2412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3456,i,11180683698500253153,18091306756482114685,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4168 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3516,i,11180683698500253153,18091306756482114685,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4424 /prefetch:1
  2⤵
  PID:1456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3512,i,11180683698500253153,18091306756482114685,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3524 /prefetch:8
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5524,i,11180683698500253153,18091306756482114685,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5872,i,11180683698500253153,18091306756482114685,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=6140,i,11180683698500253153,18091306756482114685,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5936 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:3736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5044,i,11180683698500253153,18091306756482114685,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6184,i,11180683698500253153,18091306756482114685,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6244 /prefetch:8
  2⤵
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6204,i,11180683698500253153,18091306756482114685,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5176 /prefetch:8
  2⤵
  PID:2356

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4632

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1960

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4a0 0x424
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5024

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2392

C:\Users\Admin\Downloads\NYX 4.5 FIXED\Nyx.exe
"C:\Users\Admin\Downloads\NYX 4.5 FIXED\Nyx.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3736

C:\Users\Admin\Downloads\NYX 4.5 FIXED\nyxplayerbeta.exe
"C:\Users\Admin\Downloads\NYX 4.5 FIXED\nyxplayerbeta.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
PID:2768
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
  2⤵
  PID:3296

C:\Users\Admin\Downloads\NYX 4.5 FIXED\nyxplayerbeta.exe
"C:\Users\Admin\Downloads\NYX 4.5 FIXED\nyxplayerbeta.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
PID:4212
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
  2⤵
  PID:1468
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerUI.exe
    3⤵
    - Kills process with taskkill
    PID:2360

C:\Users\Admin\Downloads\NYX 4.5 FIXED\nyxplayerbeta.exe
"C:\Users\Admin\Downloads\NYX 4.5 FIXED\nyxplayerbeta.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
PID:3940
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
  2⤵
  PID:4108
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerUI.exe
    3⤵
    - Kills process with taskkill
    PID:1744

C:\Users\Admin\Downloads\NYX 4.5 FIXED\nyxplayerbeta.exe
"C:\Users\Admin\Downloads\NYX 4.5 FIXED\nyxplayerbeta.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
PID:2584
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
  2⤵
  PID:4744

C:\Users\Admin\Downloads\NYX 4.5 FIXED\nyxplayerbeta.exe
"C:\Users\Admin\Downloads\NYX 4.5 FIXED\nyxplayerbeta.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
PID:3328
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
  2⤵
  PID:1756
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerUI.exe
    3⤵
    - Kills process with taskkill
    PID:4748

C:\Users\Admin\Downloads\NYX 4.5 FIXED\Nyx.exe
"C:\Users\Admin\Downloads\NYX 4.5 FIXED\Nyx.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4896

C:\Users\Admin\Downloads\NYX 4.5 FIXED\Nyx.exe
"C:\Users\Admin\Downloads\NYX 4.5 FIXED\Nyx.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4412

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1480
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Downloads\NYX 4.5 FIXED\libcurl.dll
  2⤵
  - Modifies Internet Explorer Phishing Filter
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:2396
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2396 CREDAT:17410 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:508

C:\Users\Admin\Downloads\NYX 4.5 FIXED\Nyx.exe
"C:\Users\Admin\Downloads\NYX 4.5 FIXED\Nyx.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2692

C:\Users\Admin\Downloads\NYX 4.5 FIXED\Nyx.exe
"C:\Users\Admin\Downloads\NYX 4.5 FIXED\Nyx.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2164

C:\Users\Admin\Downloads\NYX 4.5 FIXED\Nyx.exe
"C:\Users\Admin\Downloads\NYX 4.5 FIXED\Nyx.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e855e2e51a91971f5fae7e876d2c9fe3

SHA1
a8ea64c770423cfbf1de5a9d7f3810b62b94ebf7

SHA256
44e2c1b1387d91bf6997e4498aa74259762a685c17a6ab5017ee2a68d062c932

SHA512
5fcdb0dd5812f70190551dd3d8c6c78c513214390a76a2d0ff333264ae94fefb3957a48c38c61be7345899cd7d5b683167c4fd46471f6252f2cb7303f4c65cc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
014033a246225eca0ec40b6891dd6613

SHA1
637539c21024be142160566ebdb74ad60445ead4

SHA256
96d7f8f07bcff2e7fa371a4979a038efda5351b5d7d3b4f41a521a9778d5d746

SHA512
bfa22523192a5700238649613c2fee6b848997c873e82cc1524f5ea4deb605f48fefcc9851caa53c27fa587637a149edfa54648f4ea483ebc48d9937061c0065

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b8d5b9d8b46753313189d8977c3d8f1a

SHA1
891cdaebe5357eff28d3164e1ab50c42703d6ae8

SHA256
608bd88cf4c4d0cf374da970dfdb5254bc46755d36ba540420d9d61c7ccf6a90

SHA512
c5047981092b74797b06a2ad4e33f71fa72e21f6f5076f801d3833f4850ee9933271749d9b9f4c726de0f9930457b1b7cb4da261c1167cbda50c57a131cc59f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1024B

MD5
674f0491bd30e071fbd786db319fb0e1

SHA1
ce8ef38ab7ee0be1036500bae83e0bdf9da6948b

SHA256
4284a857e8fff811c8cc948794a3053207d8b079e04cbe2a19c2fa09900b5540

SHA512
1421973cb2b3151d42bbf4a18666d6345b4c58b22ce346dbaec11c349b2437906e82ff29908458808ee7ee8629f6450fa00085ea78592c4aa1697330fcdf8abd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
834a725ed3b817d820d4c4a444d83ccf

SHA1
ee86a3b09e4f16857390831e9bb98cdea8cb3b1b

SHA256
0c8f3aa837627c34b15a4aa5534612bce251548035d27c620da9b5db03916738

SHA512
0f3d285fa6f43ccd5555fa9eda5931bb253342a89429ddfecf82f22339b4d16b815a5dc80fc98f0f5a3d31220f15fee075bb86a62f7407c62af50f79acddd006

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
748d6621842ef60eee2af624f605eb21

SHA1
3e0ca16f146eb4ce9b42d31cc140076baf7e18f3

SHA256
7e0e1012cdeed6af29322f585f51cc1f2400aa9c86a123fdb24c29c5b34d1372

SHA512
4f5ef9b0d33119bf2f16d88e81ee77cfa2366dbc7713eed82c4a8b0db6916a0fc37ee2976fa8268fcd498dce69b9cd7dd6f0d4ce0de9d0b064ee18d34d261975

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d9b7c3ac9dda82094c23ab6c12dad77e

SHA1
a15d327f9367dacd1494b919780c734c222d3c69

SHA256
83ad655453149ae08979b8911f7c4f33704c78acde306b7aeddbe530f7ab1f2b

SHA512
d9fc26982c53357ae64c5e6fbffcddd5c126035482636e71edc4fbcfb7a511245b53d9c357d4d139830211d683c1fe7e9e69baedae8979576d16a759b3dbabb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
4a625968b04b93f30d2d6ab7db330ddc

SHA1
77a2da25d12dc92fc2fe4e766803f2a04fb75cee

SHA256
cc1219920d9298d5f8909708bfaa5968a82b97106f4bfbb65006ec007ca1ef69

SHA512
348af373aab103268f79c18829ac9f8bea795ba7d6e651ffb7459f9fba9bce0a280229a57e7697996ab3d564fb718a7daf423560b5026165d1c1d9d33a81f94e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
b52fc2513fc7ba837dc585de855209d9

SHA1
f19b237c38b4ae05d3c020a7738ee227db1234e7

SHA256
63920d9df401a2c7234d46378c4af86176870acfa86bb6b8eeb405ff1078e329

SHA512
aa2b3798ea160f9f5c31636b25e95c1086aaed90d386e3fd7b7046b8ae739e901d40ef676a4b2fe186c28617d450184b9688d84dc23c72ea5f731dffd7115bf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d0683dafa8169fe43fb6937890e56eb7

SHA1
8a1fb413ceb021d367c4dbaa9d2716b04129884f

SHA256
d1de3992ec89d8647c750d1587ba2ebede599f12b5fc1094107e1afca4083cd3

SHA512
5be6bd017191b7a60006d643abdd3923eb08cd9a9eec0d72c4ef5678762e7a3700f04aad6e98f7a7d9e6e89ffa3648ed77dffce131adc1f46b496f1b08a69b49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1ead8b8e3b4a71e18d10b1957f0dc306

SHA1
407d8d72c788c3ccb566e31f0581e861a431626f

SHA256
c4d18446e0962e3286da2c9f1cb627016a90756ea36a115a8143f538d6144cac

SHA512
5ab96cbfdef88a39e67e7a6466f92ba2138b11d28dfad126c1317355176256f8705fae20af41d5a96cfbd28b25e85b343070a2e5566f2dc423cbd263fc3ef491

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1cf0789a6cfce06629c2877c333863fe

SHA1
d43b2ff8a95917a78f648cfdc365ebcfed1dd5e4

SHA256
a46f7a090e28266ba6a7631810d4f91491b283851df0b9f97518f72a26b4e9d7

SHA512
d3feb61f2d9c63848bc4dbd24127e830d97cf028892a1d480aa5bba87753a507766074f10e2d45e5a1a186c25dd709a9576e37719357d3774052c036c3f65c82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
58519f4cb428208499a735e2d13adfbe

SHA1
381486a4b998b92d2c5a4e1c4514902f53a1f4e1

SHA256
967b8a159e2cbc0ecb98051f3687a95fc1950be72378c8e0c0c25dc93dd65d9b

SHA512
d7b87c7a08164b953441b474d59056a22f7224a788f194a516da0592935111afd04b959afe20bba1bdf352933d49bf437f3b5fe59eff94f632ebcc4afcb99131

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8cdc93cffa48e5764b346dff26db8f3c

SHA1
44b7c932abc23e8979632fb031c02945b286622e

SHA256
213affc0faf201a16ba2411ca8fedb906aa2b24754a036b49373aa48c7d3f603

SHA512
975edee5eca6dfdb430b61aa3c94452a9dcbf14316c7f93aec13ada8b8ab69952dacb30db7e474aeeb5bfe436539fd1d96f084d385208705f3e6de5ac900644c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
924665766466e037a209c227beca238b

SHA1
91bb39b2abea6f29d9928e3c7fc52506969e6ee5

SHA256
41d697dab6417ae0ec0f4dae953c13b4826208b1f37b86576c14467b568e4694

SHA512
4794719142cb43271d67afdf62e5ac27c4e7d1c57a4cc1f501ff29b9e7c6d4b651931d86d7769f94ea99410a92e4abf72b837bd732a76fde2949e1ef4010be8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
193KB

MD5
fce3db1804b3d92d68086a0b054f89b4

SHA1
8287de97932b5587b7065348f1d35a3eb62c7865

SHA256
189decd9636bab0c49474285a1fb12d643e77f85a525d22abcd88293095a6a84

SHA512
d805f417c8b7e001fb8fde4ffdcedb289b9bafbe7bd484f1d0e278fbf2da421ef0e91edb3fcaafa22aea31cdef923e000d2f15b3c5121339b3a43124a2e13f7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
193KB

MD5
940f722da0fd98b7f46ab659b963a992

SHA1
43ad580af6563f642c01295183e69ecd5f9c5875

SHA256
98f0d27e73ce2507d0a7e6f271e11d2eadfa510decd3a58019970cb4037c04c6

SHA512
9f44d0bbd12e34a24d4089893b55e7463d2647123ee566f3c70fdf5e379c36478438a8ecd2fa925b6093ae83c7dfe8ca9b736848e38183be221ebfe7382f3292

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
193KB

MD5
3e7e31a78a16a3364e3c1314da5d00a0

SHA1
724a31c1a478aa1956393395aa494076f4009760

SHA256
6db57841ef39e2e768980ee3f72d8293ba6fae0d2bd30df4b6afaf306a884eaf

SHA512
24737da421b3915bfc8231064f1c2aa97fdada5f52c54c995a44fc05d6b1100759a84be64b819a350ad6a92d8c181dedbcc03f0b42ef22df24b159452863e19f

Download Submit
C:\Users\Admin\Downloads\NYX 4.5 FIXED.zip.crdownload

Filesize
8.9MB

MD5
926e6e63f9df75420b7964345fbb84c5

SHA1
d11759590852f2ac94a3f86fb86f2d30e7134a35

SHA256
661324fbbc8c41a7a2c1cb6fa8430ed60bde6d032b871b1a56586948a990e197

SHA512
b48908f397340567df63b337087a5d62d76a962f8860aafb95e0ce54301a87fb95fc22b3df53949fa174e7b3fe264756676e2e8a1b90f490399897e1c80aa440

Download Submit
memory/2164-563-0x000002CF5BAE0000-0x000002CF5BBE0000-memory.dmp

Filesize
1024KB

Download
memory/2584-518-0x0000000140000000-0x0000000140AF6000-memory.dmp

Filesize
11.0MB

Download
memory/2692-560-0x000001F557F80000-0x000001F558080000-memory.dmp

Filesize
1024KB

Download
memory/2768-498-0x00007FFD38D70000-0x00007FFD38D72000-memory.dmp

Filesize
8KB

Download
memory/2768-499-0x00007FFD38D80000-0x00007FFD38D82000-memory.dmp

Filesize
8KB

Download
memory/2768-501-0x0000000140000000-0x0000000140AF6000-memory.dmp

Filesize
11.0MB

Download
memory/3328-524-0x0000000140000000-0x0000000140AF6000-memory.dmp

Filesize
11.0MB

Download
memory/3736-474-0x000001C3F5F40000-0x000001C3F6316000-memory.dmp

Filesize
3.8MB

Download
memory/3736-473-0x000001C3DB430000-0x000001C3DB584000-memory.dmp

Filesize
1.3MB

Download
memory/3940-515-0x0000000140000000-0x0000000140AF6000-memory.dmp

Filesize
11.0MB

Download
memory/4212-508-0x0000000140000000-0x0000000140AF6000-memory.dmp

Filesize
11.0MB

Download
memory/4412-533-0x00000287F5080000-0x00000287F5180000-memory.dmp

Filesize
1024KB

Download
memory/4612-575-0x00000257C5560000-0x00000257C5660000-memory.dmp

Filesize
1024KB

Download
memory/4896-530-0x0000022E7DC40000-0x0000022E7DD40000-memory.dmp

Filesize
1024KB

Download