hxxps://drive[.]google[.]com/file/d/11_kjv-OyyGwzcYODBkP6MKh8v8rU2iQj/view?usp=sharing

Resubmissions

26-08-2024 08:07

240826-j1cyjavfqn 6

26-08-2024 07:46

240826-jl8rnasglb 8

Analysis

max time kernel
142s
max time network
109s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
26-08-2024 07:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/11_kjv-OyyGwzcYODBkP6MKh8v8rU2iQj/view?usp=sharing

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 3 IoCs

pid	Process
3416	Nyx.exe
3416	Nyx.exe
3416	Nyx.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
5	drive.google.com
29	raw.githubusercontent.com
56	raw.githubusercontent.com
58	raw.githubusercontent.com

Network Service Discovery 1 TTPs 6 IoCs

Attempt to gather information on host's network.

discovery

Network Service Discovery

T1046

pid	Process
3576	CefSharp.BrowserSubprocess.exe
460	CefSharp.BrowserSubprocess.exe
4680	CefSharp.BrowserSubprocess.exe
1700	CefSharp.BrowserSubprocess.exe
2412	CefSharp.BrowserSubprocess.exe
1676	CefSharp.BrowserSubprocess.exe

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	Nyx.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CefSharp.BrowserSubprocess.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Nyx.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CefSharp.BrowserSubprocess.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CefSharp.BrowserSubprocess.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CefSharp.BrowserSubprocess.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CefSharp.BrowserSubprocess.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CefSharp.BrowserSubprocess.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	Nyx.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Nyx.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	Nyx.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133691320080704568"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	Nyx.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\NYX 4.8.zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
3416	Nyx.exe
3416	Nyx.exe
2412	CefSharp.BrowserSubprocess.exe
2412	CefSharp.BrowserSubprocess.exe
3576	CefSharp.BrowserSubprocess.exe
3576	CefSharp.BrowserSubprocess.exe
1676	CefSharp.BrowserSubprocess.exe
1676	CefSharp.BrowserSubprocess.exe
460	CefSharp.BrowserSubprocess.exe
460	CefSharp.BrowserSubprocess.exe
4680	CefSharp.BrowserSubprocess.exe
4680	CefSharp.BrowserSubprocess.exe
1700	CefSharp.BrowserSubprocess.exe
1700	CefSharp.BrowserSubprocess.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4848	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1564 wrote to memory of 1524	1564	chrome.exe	81
PID 1564 wrote to memory of 1524	1564	chrome.exe	81
PID 1564 wrote to memory of 3452	1564	chrome.exe	82
PID 1564 wrote to memory of 3452	1564	chrome.exe	82
PID 1564 wrote to memory of 3452	1564	chrome.exe	82
PID 1564 wrote to memory of 3452	1564	chrome.exe	82
PID 1564 wrote to memory of 3452	1564	chrome.exe	82
PID 1564 wrote to memory of 3452	1564	chrome.exe	82
PID 1564 wrote to memory of 3452	1564	chrome.exe	82
PID 1564 wrote to memory of 3452	1564	chrome.exe	82
PID 1564 wrote to memory of 3452	1564	chrome.exe	82
PID 1564 wrote to memory of 3452	1564	chrome.exe	82
PID 1564 wrote to memory of 3452	1564	chrome.exe	82
PID 1564 wrote to memory of 3452	1564	chrome.exe	82
PID 1564 wrote to memory of 3452	1564	chrome.exe	82
PID 1564 wrote to memory of 3452	1564	chrome.exe	82
PID 1564 wrote to memory of 3452	1564	chrome.exe	82
PID 1564 wrote to memory of 3452	1564	chrome.exe	82
PID 1564 wrote to memory of 3452	1564	chrome.exe	82
PID 1564 wrote to memory of 3452	1564	chrome.exe	82
PID 1564 wrote to memory of 3452	1564	chrome.exe	82
PID 1564 wrote to memory of 3452	1564	chrome.exe	82
PID 1564 wrote to memory of 3452	1564	chrome.exe	82
PID 1564 wrote to memory of 3452	1564	chrome.exe	82
PID 1564 wrote to memory of 3452	1564	chrome.exe	82
PID 1564 wrote to memory of 3452	1564	chrome.exe	82
PID 1564 wrote to memory of 3452	1564	chrome.exe	82
PID 1564 wrote to memory of 3452	1564	chrome.exe	82
PID 1564 wrote to memory of 3452	1564	chrome.exe	82
PID 1564 wrote to memory of 3452	1564	chrome.exe	82
PID 1564 wrote to memory of 3452	1564	chrome.exe	82
PID 1564 wrote to memory of 3452	1564	chrome.exe	82
PID 1564 wrote to memory of 3328	1564	chrome.exe	83
PID 1564 wrote to memory of 3328	1564	chrome.exe	83
PID 1564 wrote to memory of 2340	1564	chrome.exe	84
PID 1564 wrote to memory of 2340	1564	chrome.exe	84
PID 1564 wrote to memory of 2340	1564	chrome.exe	84
PID 1564 wrote to memory of 2340	1564	chrome.exe	84
PID 1564 wrote to memory of 2340	1564	chrome.exe	84
PID 1564 wrote to memory of 2340	1564	chrome.exe	84
PID 1564 wrote to memory of 2340	1564	chrome.exe	84
PID 1564 wrote to memory of 2340	1564	chrome.exe	84
PID 1564 wrote to memory of 2340	1564	chrome.exe	84
PID 1564 wrote to memory of 2340	1564	chrome.exe	84
PID 1564 wrote to memory of 2340	1564	chrome.exe	84
PID 1564 wrote to memory of 2340	1564	chrome.exe	84
PID 1564 wrote to memory of 2340	1564	chrome.exe	84
PID 1564 wrote to memory of 2340	1564	chrome.exe	84
PID 1564 wrote to memory of 2340	1564	chrome.exe	84
PID 1564 wrote to memory of 2340	1564	chrome.exe	84
PID 1564 wrote to memory of 2340	1564	chrome.exe	84
PID 1564 wrote to memory of 2340	1564	chrome.exe	84
PID 1564 wrote to memory of 2340	1564	chrome.exe	84
PID 1564 wrote to memory of 2340	1564	chrome.exe	84
PID 1564 wrote to memory of 2340	1564	chrome.exe	84
PID 1564 wrote to memory of 2340	1564	chrome.exe	84
PID 1564 wrote to memory of 2340	1564	chrome.exe	84
PID 1564 wrote to memory of 2340	1564	chrome.exe	84
PID 1564 wrote to memory of 2340	1564	chrome.exe	84
PID 1564 wrote to memory of 2340	1564	chrome.exe	84
PID 1564 wrote to memory of 2340	1564	chrome.exe	84
PID 1564 wrote to memory of 2340	1564	chrome.exe	84
PID 1564 wrote to memory of 2340	1564	chrome.exe	84
PID 1564 wrote to memory of 2340	1564	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/11_kjv-OyyGwzcYODBkP6MKh8v8rU2iQj/view?usp=sharing
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe1536cc40,0x7ffe1536cc4c,0x7ffe1536cc58
  2⤵
  PID:1524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1836,i,2212476536563695892,5209523452566039908,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1864 /prefetch:2
  2⤵
  PID:3452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1420,i,2212476536563695892,5209523452566039908,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  PID:3328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2208,i,2212476536563695892,5209523452566039908,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2416 /prefetch:8
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3092,i,2212476536563695892,5209523452566039908,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3112 /prefetch:1
  2⤵
  PID:412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,2212476536563695892,5209523452566039908,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:1624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4436,i,2212476536563695892,5209523452566039908,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4280 /prefetch:1
  2⤵
  PID:2024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4592,i,2212476536563695892,5209523452566039908,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4728 /prefetch:8
  2⤵
  PID:4032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4916,i,2212476536563695892,5209523452566039908,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5056,i,2212476536563695892,5209523452566039908,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5224 /prefetch:8
  2⤵
  PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=212,i,2212476536563695892,5209523452566039908,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5276 /prefetch:8
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5252,i,2212476536563695892,5209523452566039908,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4908 /prefetch:8
  2⤵
  - NTFS ADS
  PID:4316

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:896

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4184

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4600

C:\Users\Admin\Downloads\NYX 4.8\Nyx.exe
"C:\Users\Admin\Downloads\NYX 4.8\Nyx.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
PID:3416
- C:\Users\Admin\Downloads\NYX 4.8\lib\resources\cefsharp\CefSharp.BrowserSubprocess.exe
  "C:\Users\Admin\Downloads\NYX 4.8\lib\resources\cefsharp\CefSharp.BrowserSubprocess.exe" --type=gpu-process --no-sandbox --enable-chrome-runtime --user-data-dir="C:\Users\Admin\AppData\Local\Temp\CefSharpCache" --locales-dir-path="C:\Users\Admin\Downloads\NYX 4.8\lib\resources\cefsharp\locales" --resources-dir-path="C:\Users\Admin\Downloads\NYX 4.8\lib\resources\cefsharp" --cefsharpexitsub --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3496,i,1712691984918378596,9213044847922323026,262144 --disable-features=EnableHangWatcher --variations-seed-version --enable-logging=handle --log-file=3508 --mojo-platform-channel-handle=3492 /prefetch:2 --host-process-id=3416
  2⤵
  - Network Service Discovery
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:1676
- C:\Users\Admin\Downloads\NYX 4.8\lib\resources\cefsharp\CefSharp.BrowserSubprocess.exe
  "C:\Users\Admin\Downloads\NYX 4.8\lib\resources\cefsharp\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --enable-chrome-runtime --user-data-dir="C:\Users\Admin\AppData\Local\Temp\CefSharpCache" --locales-dir-path="C:\Users\Admin\Downloads\NYX 4.8\lib\resources\cefsharp\locales" --resources-dir-path="C:\Users\Admin\Downloads\NYX 4.8\lib\resources\cefsharp" --cefsharpexitsub --field-trial-handle=3548,i,1712691984918378596,9213044847922323026,262144 --disable-features=EnableHangWatcher --variations-seed-version --enable-logging=handle --log-file=3572 --mojo-platform-channel-handle=3568 /prefetch:3 --host-process-id=3416
  2⤵
  - Network Service Discovery
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:2412
- C:\Users\Admin\Downloads\NYX 4.8\lib\resources\cefsharp\CefSharp.BrowserSubprocess.exe
  "C:\Users\Admin\Downloads\NYX 4.8\lib\resources\cefsharp\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --enable-chrome-runtime --user-data-dir="C:\Users\Admin\AppData\Local\Temp\CefSharpCache" --locales-dir-path="C:\Users\Admin\Downloads\NYX 4.8\lib\resources\cefsharp\locales" --resources-dir-path="C:\Users\Admin\Downloads\NYX 4.8\lib\resources\cefsharp" --cefsharpexitsub --field-trial-handle=3708,i,1712691984918378596,9213044847922323026,262144 --disable-features=EnableHangWatcher --variations-seed-version --enable-logging=handle --log-file=3684 --mojo-platform-channel-handle=3596 /prefetch:8 --host-process-id=3416
  2⤵
  - Network Service Discovery
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:3576
- C:\Users\Admin\Downloads\NYX 4.8\lib\resources\cefsharp\CefSharp.BrowserSubprocess.exe
  "C:\Users\Admin\Downloads\NYX 4.8\lib\resources\cefsharp\CefSharp.BrowserSubprocess.exe" --type=renderer --enable-chrome-runtime --user-data-dir="C:\Users\Admin\AppData\Local\Temp\CefSharpCache" --locales-dir-path="C:\Users\Admin\Downloads\NYX 4.8\lib\resources\cefsharp\locales" --resources-dir-path="C:\Users\Admin\Downloads\NYX 4.8\lib\resources\cefsharp" --cefsharpexitsub --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=5076,i,1712691984918378596,9213044847922323026,262144 --disable-features=EnableHangWatcher --variations-seed-version --enable-logging=handle --log-file=5152 --mojo-platform-channel-handle=5148 --host-process-id=3416 /prefetch:1
  2⤵
  - Network Service Discovery
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:4680
- C:\Users\Admin\Downloads\NYX 4.8\lib\resources\cefsharp\CefSharp.BrowserSubprocess.exe
  "C:\Users\Admin\Downloads\NYX 4.8\lib\resources\cefsharp\CefSharp.BrowserSubprocess.exe" --type=renderer --enable-chrome-runtime --user-data-dir="C:\Users\Admin\AppData\Local\Temp\CefSharpCache" --locales-dir-path="C:\Users\Admin\Downloads\NYX 4.8\lib\resources\cefsharp\locales" --resources-dir-path="C:\Users\Admin\Downloads\NYX 4.8\lib\resources\cefsharp" --cefsharpexitsub --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=5084,i,1712691984918378596,9213044847922323026,262144 --disable-features=EnableHangWatcher --variations-seed-version --enable-logging=handle --log-file=5172 --mojo-platform-channel-handle=5164 --host-process-id=3416 /prefetch:1
  2⤵
  - Network Service Discovery
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:460
- C:\Users\Admin\Downloads\NYX 4.8\lib\resources\cefsharp\CefSharp.BrowserSubprocess.exe
  "C:\Users\Admin\Downloads\NYX 4.8\lib\resources\cefsharp\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-sandbox --enable-chrome-runtime --user-data-dir="C:\Users\Admin\AppData\Local\Temp\CefSharpCache" --locales-dir-path="C:\Users\Admin\Downloads\NYX 4.8\lib\resources\cefsharp\locales" --resources-dir-path="C:\Users\Admin\Downloads\NYX 4.8\lib\resources\cefsharp" --cefsharpexitsub --field-trial-handle=5636,i,1712691984918378596,9213044847922323026,262144 --disable-features=EnableHangWatcher --variations-seed-version --enable-logging=handle --log-file=5652 --mojo-platform-channel-handle=5644 /prefetch:8 --host-process-id=3416
  2⤵
  - Network Service Discovery
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:1700

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Service Discovery

T1046

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
2a56b6b76f6d4fcf934ee05db67ee4c7

SHA1
cb681c1913c1e319be8929c50f30ea06e721e1d0

SHA256
93ef3be813fd7ef04b17d0874ffc95ac2a42e25c1f5f3ff81f9cb50027e9ef8c

SHA512
a1944e6faf9ab01950e218776275dfaa9583b426f8e22b062b773b7664bdd234b79d558b46a3f99aacc4b02ac2826988250493ca6a2a6f1471d9188026c1ed86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
705102ce6e90d29567dcabd26c3f2e0c

SHA1
a58abfaa6ac2adfca475dfde1bab9f4ba389b398

SHA256
48153445dfb821cfb445a067ae9dce0dfbc2e893df9f3583f14de7016d438f61

SHA512
6ba3b886017bf9789f5e79551e414d99016d555b0669db63e15b622766254474219d5d7a9e74ff20296f7e096792c84b56d17ef6eca453fcfc0ae2561fd2b4c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\3a890f55-777f-4c22-bb90-ab8d8a8bbe6a.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
a4c9752785ab51459523f41077630f5d

SHA1
043d3e2a124ae1c0b0433f326a9538597c6c91f6

SHA256
00e6b0c8f0aa20a3eaf1ac03e34176bafd227c970486348cfbc6c5d1f27d3959

SHA512
bd9dadfaca24af1a08fbb970d74c5220cb6daa5175ae161558137b0529c6629a2b48b8ec6266f58122b1d3cc6e1a2ce6c991e60cb48e94362b80b8a3884064b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
2fbdd2d5fbb124c1053fe37072ad13e0

SHA1
a26fdf88f6b82551253144a3d74099d1690120ac

SHA256
554f4168cff16dce55c7b658391e424817318a81888c699ceb53acec3fd98a91

SHA512
597f22619c8660c4d90e1156cd6acc1a3169f99bcb79583a2cb0b6b8d29e2f844bc6e9d95a0b83616aaeed1ac0aeed59eee44e905085eb312889ac7349b51e3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e84a91764c65feca139533f003cb2dc2

SHA1
2fdf29ca1ecbb12f796e57203cc1baf47e52ef7e

SHA256
31a409e037e8ed925f1c445efa2f1ed816a211e1a654bf2ab7f90697f38a24bd

SHA512
429e2136a1b6c00b2f84cae4ee68b5b42ba36a10532aa2293ece0f30f38fae3931407a1e4912b7a44452df889445f7f87588357af2a9a91289667ba1729546c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
636c6d2b7c036d91608d9e2e54856580

SHA1
222a437d0b05b75ecc98a19dc7b1f44df50b9f11

SHA256
2b14d08e76fc4c6b9bbf13c797a64aac53d7c51ddcede0b6073dd5b050e0c4bc

SHA512
2dd7bfec450af6f91c5b329bffeae42f98d4e41cbe65879b2226dd00f2f3a557f82fb330f9c7d5d60cf3cd740839e3e163a3c0b89c743594ff430a8bab9e23b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
07297c0fe47dd6e9a5df6c2d7e53372d

SHA1
62af76c44975836d9ed57e004aae47750d6d5a50

SHA256
c8df877b26e24f7710b5c0b6d9c500bd22b76435de246f8048c30e6f85e2df4e

SHA512
b75f45e3533861adb0a7873de381816c9f15d301d511eb8f99efd52dd94138009a16a4a214199dafce0439369a39af31a697278d1a75fe7868dd385c56c372e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7de7239e39caa5db11efb43e6e3d2546

SHA1
895bb5f7dd9f33fac0cffa822cb5e928fe93cbfa

SHA256
2069035a617bec585b006eb6ee48df0735ff0088db7054b309c780331013adc6

SHA512
205aa0073add24a384ecb6f10482354421a8bb9801ecae10bee7d3e128d8f1e532eeedb1e1fcd08519d42ad37fe65df6dd4ceb1f585e2c79e4ab94a3baff0698

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1178af788ab0cc33fff202211407e67a

SHA1
3992695925d633197444becd51adafd23bf12a67

SHA256
82d7bba925058320eb9207dbcc0ed61732df87bcbe43a26fd34f446ac9a40316

SHA512
92a6ce11155b6d574640b3e5603bae7325e401f674944b21cea38eaed12d722694dd8e3b67b7c70b79cb1560b5d367a3c7f68e741d5501a156801649fba5da93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
99e53d32b9d27d38dfa724185ba7a818

SHA1
238cb95615d321954c18139793e64d647421fb80

SHA256
3ef50c3683e549aa02aec1db58aa4710d0b01b48a6280fcb7cec4f365e760b37

SHA512
a683fd5bb5ef80bf6d8ecdea8553ed016c6af93003152f646b78286e8d14879d97869056d3af83739d599457afd305d846305972f8b982902ca3effe8db5b58c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
86262009943d5eaa8a6954e79fcb0813

SHA1
8370e5a25d14fc75525ef0dbce795c473f28c711

SHA256
ef1aef77fed496197f5241d5d8168beaa3b7ac0b50ebfbce17dcf9cd5f2c299e

SHA512
ccbbcd8ed0c18990db3da83f7ad42317b2a86877f6c3cd93f82bccc844e9bed12f9451f36b8dbcad8f9a1f0d23134ebeee19b916b7378d0b0bfaba52c1e4f331

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
92964954a2de2449cb2809e64137330a

SHA1
7ff04853898ac4cd6f54522edc97d280b59c1ce0

SHA256
0b6748751ea3577804057599c76f1308dc51badd2cea3030c6beda5aea9e9c8e

SHA512
4f8ddcce7e531c50a04bf5452247396d087bc17c1f1d6a80d6b93d3913dcc31da714d70184de13c7ec336112e79afe20e38a9c028e0105d8fafdb049d3df3ded

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
f1a08e3b6ec5954da604ae6341d3bfd1

SHA1
d54f0f592b724d682a4342d1bf4a9109a6037254

SHA256
44aef5cef26401e36f529526f0c9d3d3914360b1bbcf9fdff3a8d54c55e1c64a

SHA512
f32ef5178ae39e19ba01bec93697c14a4de8aed7b421d9065117836dade410e2abfb512f45289b5283f9ce7d18841913f4ca74205d8a876fb829122121901cfe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
143KB

MD5
e498b771b533da23e45cd4af1f388bb1

SHA1
4cb5cb954c2e062c34a33106edf216456435bacd

SHA256
014e63c62d95a1e7c2cfa3c6d17a67f95d4aabfd3e3a4e78756887243b4ce846

SHA512
be6e237438ebaccda11131b6567763fb182c0dd7ff2d759db4394bb40e18ed77317922407e85f7c98c18e51a366137dcb41c50f61123f78f2f4264c2c0a8f3c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
fee8b5b030dcf391020f58a2cfaa8a3f

SHA1
e96bdaac9841400c131ab57eba15054d6ea4f80f

SHA256
743324ac8a833c3a555fb84db85df6195868a2f5d54aa8f271de5eb44f7fe750

SHA512
b91821ea26b3a57ca4d4b7d5155f7ebee6feb496361f0c42a44f1ac0cd16f81e6aac155c5798f9a2f71207f257967927276a36dfa61d136deebc08d95cf0e936

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
740f71cc2da065bc4ada53e926401071

SHA1
57ea8d7b8cf5d9ea651e4f41d979aa48bac93ae0

SHA256
3de57fa6292a3211db952f1f2dcbff800800d0ca0d141b119619b2a0003a99a0

SHA512
6a0d21629d365335ededcea230d1f741564304d930baaa0584f71dac154e9ee0dd5660da6780826a06d10f1b6b07a7bb171981157ecf18b6c81229aaf490b4df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
756655616af150ff72f666ddc6982b38

SHA1
0bcbadc5dc804df9b741df884bcd5a6b308cd6fc

SHA256
83152edabece1880708a2178c0065507fe7882393833f4c51fd5f87cc9acd797

SHA512
355029df126f2efd7b63741dd5444b51c8851431d2786b917f5d265d7563d01a2b4c2e38e6677a8ae39bd1b86554eb26f75dc4102f62babf1e3d4d96cedac23c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
107KB

MD5
3b2e1bb0a7375960256f0633950ed29c

SHA1
65add15463360973b80e90298a92d5690d792ea6

SHA256
c19aaea8d3c58736852445493dcbf4fbf81c1225072966dfa684081f02b48d3c

SHA512
79e27df04cb54a983566f88b45b364ea9589aeec7003c03ef4cdc04a7ae17e0edd167fde3b40a9f09f5e30ad4b41432537d6e72b5f6096a74cf828e5ca5a2280

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
137cdc5d67c1a6d521c8c0db3f98f97c

SHA1
5d37eab99fb6fb13abfd29b7e1780748decb08f2

SHA256
ba6ca438717cdbc9e904b4d8d1b2b893c390b1425dfc163bc2494f71feba8dd3

SHA512
7efc8bd8864b50539cbfd30b371992f3aa0f9caa8170a0bc106ed9269cbc2c5af06225a7b65a54bd427a446a552c5794ba928f35010e63fcb746ce954798c868

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
145fdb91befdb7165c5951abe79d1932

SHA1
9b8ca3c8c10c4d92078c4cd7aa672ba2200f7934

SHA256
e197f7af851b24775f53fabc971ddd81fa208b4b79f7d7fc684abff3278799d1

SHA512
49a49ea9be71016a58769ff49acfce31b18fccabfa2e8da41eca228b69a99c45060753dd1476b8905183efcdd1d70a737cc61a14ef4a890bfeee7d06c4f13ed3

Download Submit
C:\Users\Admin\AppData\Local\Temp\CefSharpCache\Default\Extension Rules\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\CefSharpCache\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\CefSharpCache\Default\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\CefSharpCache\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\CefSharpCache\Default\Preferences

Filesize
6KB

MD5
ea082b2d522b9a12e7e5d56c926d70d5

SHA1
335fa9a4c4e1d59712e43b83803864363087b174

SHA256
adc368676a07ae588e7aee97be391a3c74573f4b71126d910f485ac5fcdf45eb

SHA512
30833482e925bffeac1af76f71a9644996b39c4e368c69047fe0c9c17cf5092104d4cca60e119b7b7d3893f57dea37cfdadf9dba5e471a8d388ec2382d4f9c88

Download Submit
C:\Users\Admin\AppData\Local\Temp\CefSharpCache\Default\Preferences~RFe59bbc4.TMP

Filesize
6KB

MD5
1b580a5cd900fe7a75b6bb9b46216ee5

SHA1
01d21214f1a4189e33e4daa589df3c7f61c5a064

SHA256
f418f4e831d218ea2c2c5fe191bb0809bcc0221fab26533cc355332e7f1cd377

SHA512
8cf2a6fca91493591765e574a0f746db8f3abb4d943e88bfd4340aa7d48f1c43e91954f2bed322908f0461f09b2ce4d1f68a5674b3a1550560b2fd83645246d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\CefSharpCache\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\CefSharpCache\Local State

Filesize
2KB

MD5
dd5183ccbf823195455d69a97f54db60

SHA1
3ec215e9040ad34f4702869f9940f45ad232fa1c

SHA256
27b0639c72de0b62e952bafd00d946e59a8080412b10445dcb75de88abb09468

SHA512
beb75a15089336c1f89d19374449a50d0c01bf73a018692ad8d1ff54490627e01f3c260984749abf630c4c5d0596bdb2c20cdbdc0578e24924c3828264c7c90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\CefSharpCache\Local State

Filesize
1KB

MD5
a2c49b800b107aa709d98b2baf2ebbed

SHA1
79244472b15a8013ab8389643d5b82c9088eba75

SHA256
daea9032c1e6193c1c97ab63359b1f59bed5c30ce58358a3447c5e250c1e8b35

SHA512
638e78794b98b10a20ac5f892f0dfcfb9d88b85b1161672dc0f9a1f7cbb1d71681438587273ec361d3452f14df953c0bc99c63b314dfed92eee12eff5cbae302

Download Submit
C:\Users\Admin\AppData\Local\Temp\CefSharpCache\Local State~RFe591f36.TMP

Filesize
890B

MD5
a7f840499754210b4621eed92252aff3

SHA1
49cd7d47eeada9bc2c9711f2c3e89bf5d9e58b2c

SHA256
6daba4ca6ebb776684892a02d3c442f076fe358bff58722382c74584fa0c6ae5

SHA512
e35ac52d77873ba1b78120854a70746901b1fd6a871307de9ff82861eb2d868ca592887521b49eb9e0fa58927f7bfb60cc59cee78caf45a761b59ddabbe74676

Download Submit
C:\Users\Admin\Downloads\NYX 4.8.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\NYX 4.8\CefSharp.Core.Runtime.dll

Filesize
1.3MB

MD5
41571881b1113b2813d80a8fd063fd18

SHA1
8e01d0f9daf636979b09cf3f3bf7235de1be3c81

SHA256
e3a9a58317217393ba110b1fd1a7f39c0fb819ce96d425e5d1220e200420938c

SHA512
b74c0f0cbe46e9902bd19041fb2f7ded7b1849c790837f29eab250392e612d1fc42767847cb39a2d94fcbf8d528e0ccf25a445d42b26379aaa8de823a1cd0b9b

Download Submit
memory/1676-380-0x0000000000720000-0x0000000000728000-memory.dmp

Filesize
32KB

Download
memory/1700-484-0x00000000079C0000-0x00000000079D1000-memory.dmp

Filesize
68KB

Download
memory/1700-483-0x00000000079B0000-0x00000000079BE000-memory.dmp

Filesize
56KB

Download
memory/2412-382-0x0000000005A10000-0x0000000005A5A000-memory.dmp

Filesize
296KB

Download
memory/2412-381-0x0000000005820000-0x000000000590B000-memory.dmp

Filesize
940KB

Download
memory/3416-330-0x0000000005930000-0x0000000005954000-memory.dmp

Filesize
144KB

Download
memory/3416-325-0x0000000074A8E000-0x0000000074A8F000-memory.dmp

Filesize
4KB

Download
memory/3416-331-0x0000000005950000-0x000000000599A000-memory.dmp

Filesize
296KB

Download
memory/3416-336-0x000000000E3A0000-0x000000000E3AE000-memory.dmp

Filesize
56KB

Download
memory/3416-340-0x0000000008450000-0x000000000853C000-memory.dmp

Filesize
944KB

Download
memory/3416-334-0x000000000E2C0000-0x000000000E2C8000-memory.dmp

Filesize
32KB

Download
memory/3416-333-0x0000000074A80000-0x0000000075231000-memory.dmp

Filesize
7.7MB

Download
memory/3416-332-0x00000000097D0000-0x0000000009D76000-memory.dmp

Filesize
5.6MB

Download
memory/3416-335-0x000000000EA10000-0x000000000EA48000-memory.dmp

Filesize
224KB

Download
memory/3416-339-0x00000000083B0000-0x0000000008442000-memory.dmp

Filesize
584KB

Download
memory/3416-472-0x0000000074A80000-0x0000000075231000-memory.dmp

Filesize
7.7MB

Download
memory/3416-471-0x0000000074A8E000-0x0000000074A8F000-memory.dmp

Filesize
4KB

Download
memory/3416-329-0x0000000008560000-0x0000000008CC4000-memory.dmp

Filesize
7.4MB

Download
memory/3416-328-0x0000000074A80000-0x0000000075231000-memory.dmp

Filesize
7.7MB

Download
memory/3416-487-0x0000000074A80000-0x0000000075231000-memory.dmp

Filesize
7.7MB

Download
memory/3416-488-0x0000000074A80000-0x0000000075231000-memory.dmp

Filesize
7.7MB

Download
memory/3416-327-0x0000000074A80000-0x0000000075231000-memory.dmp

Filesize
7.7MB

Download
memory/3416-326-0x0000000000F70000-0x0000000001450000-memory.dmp

Filesize
4.9MB

Download
memory/3416-343-0x000000000A510000-0x000000000A66C000-memory.dmp

Filesize
1.4MB

Download