hxxps://mega[.]nz/folder/WmAyxRaC#J76wNbsVS9RlhD0k7bjJbQ

Resubmissions

08/04/2025, 20:25

250408-y7hvpa1jx8 7

07/04/2025, 12:12

07/04/2025, 06:52

07/04/2025, 06:37

07/04/2025, 06:24

07/04/2025, 06:14

07/04/2025, 05:55

Analysis

max time kernel
71s
max time network
69s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
07/04/2025, 12:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/folder/WmAyxRaC#J76wNbsVS9RlhD0k7bjJbQ

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
4604	Nova.exe
5828	Nova.exe

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	svchost.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133885015548189772"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-869607583-2483572573-2297019986-1000\{EF7896BC-A7FF-4EDC-9AB1-C0EC11CF080F}	svchost.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
460	chrome.exe
460	chrome.exe
4604	Nova.exe
4604	Nova.exe
4604	Nova.exe
4604	Nova.exe
4604	Nova.exe
4604	Nova.exe
4604	Nova.exe
4604	Nova.exe
4604	Nova.exe
4604	Nova.exe
4604	Nova.exe
4604	Nova.exe
4604	Nova.exe
4604	Nova.exe
4604	Nova.exe
4604	Nova.exe
4604	Nova.exe
4604	Nova.exe
4604	Nova.exe
4604	Nova.exe
4604	Nova.exe
4604	Nova.exe
4604	Nova.exe
4604	Nova.exe
4604	Nova.exe
4604	Nova.exe
4604	Nova.exe
4604	Nova.exe
4604	Nova.exe
4604	Nova.exe
4604	Nova.exe
4604	Nova.exe
4604	Nova.exe
4604	Nova.exe
4604	Nova.exe
4604	Nova.exe
4604	Nova.exe
4604	Nova.exe
4604	Nova.exe
4604	Nova.exe
4604	Nova.exe
4604	Nova.exe
4604	Nova.exe
4604	Nova.exe
460	chrome.exe
460	chrome.exe
4604	Nova.exe
4604	Nova.exe
4604	Nova.exe
4604	Nova.exe
4604	Nova.exe
4604	Nova.exe
4604	Nova.exe
4604	Nova.exe
5828	Nova.exe
5828	Nova.exe
5828	Nova.exe
5828	Nova.exe
5828	Nova.exe
5828	Nova.exe
5828	Nova.exe
5828	Nova.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5148	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: 33	2860	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2860	AUDIODG.EXE
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeRestorePrivilege	2268	7zG.exe
Token: 35	2268	7zG.exe
Token: SeSecurityPrivilege	2268	7zG.exe
Token: SeSecurityPrivilege	2268	7zG.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe

Suspicious use of FindShellTrayWindow 44 IoCs

pid	Process
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
2268	7zG.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4664	OpenWith.exe
5148	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 460 wrote to memory of 2184	460	chrome.exe	87
PID 460 wrote to memory of 2184	460	chrome.exe	87
PID 460 wrote to memory of 4616	460	chrome.exe	88
PID 460 wrote to memory of 4616	460	chrome.exe	88
PID 460 wrote to memory of 456	460	chrome.exe	89
PID 460 wrote to memory of 456	460	chrome.exe	89
PID 460 wrote to memory of 4616	460	chrome.exe	88
PID 460 wrote to memory of 4616	460	chrome.exe	88
PID 460 wrote to memory of 4616	460	chrome.exe	88
PID 460 wrote to memory of 4616	460	chrome.exe	88
PID 460 wrote to memory of 4616	460	chrome.exe	88
PID 460 wrote to memory of 4616	460	chrome.exe	88
PID 460 wrote to memory of 4616	460	chrome.exe	88
PID 460 wrote to memory of 4616	460	chrome.exe	88
PID 460 wrote to memory of 4616	460	chrome.exe	88
PID 460 wrote to memory of 4616	460	chrome.exe	88
PID 460 wrote to memory of 4616	460	chrome.exe	88
PID 460 wrote to memory of 4616	460	chrome.exe	88
PID 460 wrote to memory of 4616	460	chrome.exe	88
PID 460 wrote to memory of 4616	460	chrome.exe	88
PID 460 wrote to memory of 4616	460	chrome.exe	88
PID 460 wrote to memory of 4616	460	chrome.exe	88
PID 460 wrote to memory of 4616	460	chrome.exe	88
PID 460 wrote to memory of 4616	460	chrome.exe	88
PID 460 wrote to memory of 4616	460	chrome.exe	88
PID 460 wrote to memory of 4616	460	chrome.exe	88
PID 460 wrote to memory of 4616	460	chrome.exe	88
PID 460 wrote to memory of 4616	460	chrome.exe	88
PID 460 wrote to memory of 4616	460	chrome.exe	88
PID 460 wrote to memory of 4616	460	chrome.exe	88
PID 460 wrote to memory of 4616	460	chrome.exe	88
PID 460 wrote to memory of 4616	460	chrome.exe	88
PID 460 wrote to memory of 4616	460	chrome.exe	88
PID 460 wrote to memory of 4616	460	chrome.exe	88
PID 460 wrote to memory of 8	460	chrome.exe	92
PID 460 wrote to memory of 8	460	chrome.exe	92
PID 460 wrote to memory of 8	460	chrome.exe	92
PID 460 wrote to memory of 8	460	chrome.exe	92
PID 460 wrote to memory of 8	460	chrome.exe	92
PID 460 wrote to memory of 8	460	chrome.exe	92
PID 460 wrote to memory of 8	460	chrome.exe	92
PID 460 wrote to memory of 8	460	chrome.exe	92
PID 460 wrote to memory of 8	460	chrome.exe	92
PID 460 wrote to memory of 8	460	chrome.exe	92
PID 460 wrote to memory of 8	460	chrome.exe	92
PID 460 wrote to memory of 8	460	chrome.exe	92
PID 460 wrote to memory of 8	460	chrome.exe	92
PID 460 wrote to memory of 8	460	chrome.exe	92
PID 460 wrote to memory of 8	460	chrome.exe	92
PID 460 wrote to memory of 8	460	chrome.exe	92
PID 460 wrote to memory of 8	460	chrome.exe	92
PID 460 wrote to memory of 8	460	chrome.exe	92
PID 460 wrote to memory of 8	460	chrome.exe	92
PID 460 wrote to memory of 8	460	chrome.exe	92
PID 460 wrote to memory of 8	460	chrome.exe	92
PID 460 wrote to memory of 8	460	chrome.exe	92
PID 460 wrote to memory of 8	460	chrome.exe	92
PID 460 wrote to memory of 8	460	chrome.exe	92
PID 460 wrote to memory of 8	460	chrome.exe	92
PID 460 wrote to memory of 8	460	chrome.exe	92
PID 460 wrote to memory of 8	460	chrome.exe	92
PID 460 wrote to memory of 8	460	chrome.exe	92
PID 460 wrote to memory of 8	460	chrome.exe	92
PID 460 wrote to memory of 8	460	chrome.exe	92

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://mega.nz/folder/WmAyxRaC#J76wNbsVS9RlhD0k7bjJbQ
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffef3f1dcf8,0x7ffef3f1dd04,0x7ffef3f1dd10
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2060,i,18150771894226398389,16457519748951376533,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1548,i,18150771894226398389,16457519748951376533,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2132 /prefetch:3
  2⤵
  PID:456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2376,i,18150771894226398389,16457519748951376533,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2528 /prefetch:8
  2⤵
  PID:3952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2892,i,18150771894226398389,16457519748951376533,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3088 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3024,i,18150771894226398389,16457519748951376533,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3064 /prefetch:1
  2⤵
  PID:8
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4228,i,18150771894226398389,16457519748951376533,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4256 /prefetch:2
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5192,i,18150771894226398389,16457519748951376533,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5604,i,18150771894226398389,16457519748951376533,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5500 /prefetch:8
  2⤵
  PID:1560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5772,i,18150771894226398389,16457519748951376533,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5952 /prefetch:8
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=208,i,18150771894226398389,16457519748951376533,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5916 /prefetch:8
  2⤵
  PID:720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5932,i,18150771894226398389,16457519748951376533,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6084 /prefetch:8
  2⤵
  PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6108,i,18150771894226398389,16457519748951376533,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6148 /prefetch:8
  2⤵
  PID:1956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5724,i,18150771894226398389,16457519748951376533,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6200 /prefetch:1
  2⤵
  PID:6024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=6304,i,18150771894226398389,16457519748951376533,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6292 /prefetch:1
  2⤵
  PID:6088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3640,i,18150771894226398389,16457519748951376533,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3604 /prefetch:1
  2⤵
  PID:5356

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:3148

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1192

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x50c 0x474
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2860

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3612

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap1133:86:7zEvent23252
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2268

C:\Users\Admin\Desktop\Nova minecraft\Nova.exe
"C:\Users\Admin\Desktop\Nova minecraft\Nova.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4604

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:4664

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Drops desktop.ini file(s)
- Checks processor information in registry
- Modifies registry class
PID:2564

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
PID:5832

C:\Users\Admin\Desktop\Nova minecraft\Nova.exe
"C:\Users\Admin\Desktop\Nova minecraft\Nova.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:5828

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
2cc938c4477d99ca1eaeff2ad559887c

SHA1
e639f041e589725a3e9edca380b42a03cf3e80e4

SHA256
1f7d6df216250ce7e71e36e8012f71bacca38ebebd8caffdd6d4950007a63d8c

SHA512
f5e66a5dd0d78765cef762b7310604601c607292b39cf244182d954663977d9cda45ddfee9a7b021b4048a153fdcb94bd90be5a553abe4ceecd35575b7b863fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
7bd8e332b692032680ae9c362adcb4ec

SHA1
109fbe4f17cd26729d1ebe111da9e1bd88e0349c

SHA256
690a908358d5a4b02acf0a9e802f8b20833526f05882a631b0fca94986676cc4

SHA512
0692fff35d3d9ba4a1a3650e690861d5758c92445f325b9f42b210cc5650301a3a21118bf899842bc6601856132f8221bccf644150a0ef0085243bd201258f26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnWebGPUCache\data_1

Filesize
264KB

MD5
6c4d5ff7208be226e86862c0f6122778

SHA1
b063374d356dcb5de9e6bcefffa62c6ab5a97535

SHA256
493b5ffbe50d4417412cafdb22fc09f3bac5d55966cc530a9d07ae61daa6908c

SHA512
93ab809c8244e5600241c59ec289760ff336cd103973c2a610e98063913aaed1f41dc0de7fdebb15bda807e10dcca56972d3b3db0e2d7b5af6a458b3a4329326

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\p\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
cfe0a97ef58fd29701659164c6078313

SHA1
74e2b98899d40cd0f8ff6d112eb5760b6fb6c2b5

SHA256
aa27c6ec22d82b020a9db79db323bb42f6c86a707609dc071659dcb893a56bfe

SHA512
bc096170adb2241d547c64f218ce80af5ba390baa8b6a452aec9b941a1934dc945fa2fafb5f0ab95d25b2a69f3b977b660a9143a045c01e428ed2d4c188f9a2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
519B

MD5
9520941222d9e064f746e5cc5bba9eed

SHA1
531f609079203d905ac619d95d5dbdc59c4a5cf6

SHA256
26c5f8a065bd5b71f9fabbae611fc044f25fd50314bed6ca5956131a7ec1bf30

SHA512
1d1ebd6cc77c73ce327f893501236d89b08d2e80d0fb36bc96c13a23d9a2f5e138f002601eddb45f8e44d00f34f6b7fad3c8c4397eed3725d4ee4fb2234fcfb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ec3d1a2bc1d0ad4e456853a6673e91b1

SHA1
41c0b67bccf83fffda6fac64bd14664347430200

SHA256
34747fa3a413202acc0ef727e1e81e39e0e41179a77598ee9c35a8dd3d52e43a

SHA512
9609a6c2b4e0f3137540bf39e26ff97e67771dde9d5c44080ddffb4d874423a05271bc14ed131d0b0269083d937dcd6d12d7272a8af7d145be2e30e4d421212b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b365339e27489afa11ac4290f2e7c962

SHA1
feed55dc6aeda1a08b5b7b021f3a55cdbb9ff542

SHA256
0c66be60c905a5a4765453542fdf39a1ed1b084edefd05c5abf81a8054721b3f

SHA512
ef4aa01a12d3ce17920943f909992923c397c020b49ed71837945cb55a70fd556c9b635508674b6713edf6ffd1b2c511d3e7757a54852e1a16206137cc12d3de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
cb194d5c78b892ead4838fb66162801e

SHA1
340c06e99eea9eab494a348f2b3c5485336d7e18

SHA256
aece6ebed9a332ee93935d0afdecc390fead3321126fcad587f53c01d1ba5d34

SHA512
7cd963000879f5765c7dd663ec8e206e6ed113b487544aff5c114ae5680e8f22839ae8629e53fd4b80616504123a9f3b9a0686a299717fe744acd044d57e036b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
4950b7d71a8a94898b5a39c690366bf5

SHA1
6f6e63bf10125ccbeea8f3ecf623f67e2633f0d5

SHA256
22f1e1f60ef994093f1339eda09076a46c2da63643cd8d137ee8de02cb356007

SHA512
ffc289c99a3436f4a89b6ccd5bb068580c52c1cc6387d2864075e8cf48c69911f05bf7731975e1d2f4787b175255af7119e2a0e7f169da0ee98aec8577b79211

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
6b93611b06a695e053bc08b80a9aacc4

SHA1
20af625525fc910e7ac69bbaa9f053a648b0b519

SHA256
6b66217fca5f095587aab3b1c0d5708808a708738d5e4221f4460a18281dd467

SHA512
1a5633db5242e7ab5b624a97a897b641b6458193029b6596fb1c169543058188176caed7c960d64fba947e412f1a62c9adbb02d4a54af75558f1bbb3304eb167

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57e3b9.TMP

Filesize
48B

MD5
44497884397dbad08c83e8571a0f5461

SHA1
a8c53f25f44df494b6fe3abacfe34a72a45ffcb8

SHA256
7845319a5a524f9e3fce51cceb8938326f6c1515f5562d1133977c0881867305

SHA512
ba47ae1df1862d631c580b9454f06bcab4bf824b1f4736b59605445c64b9debf51956b8ee92bc2999581457968232f6bfea78494b870eea0d324c949a9e6ec56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
386143987dd8cd034dd869218ce6a025

SHA1
2c5f9261a4e510f03ac571b636d16b15313165ad

SHA256
54dc7f209ea9aa38bf4d979bdee7835c3949307487d84a5f1649362382ab334c

SHA512
3bb6a3eded2ba6cc53d01512565543e3fba7d623ea11b179d17e33abd792c6a4edb698e997c708902637d3606546cfa5fb3489ac95d58b1720d7cf7064e35def

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
6d5ab1694de75cc8a689418a45ecfc7a

SHA1
e24aac8e95d7d354effee5419ba9805e32e3ad0b

SHA256
7504de37632b09f2b8792b68e60fe81b3c9a636fdba574bbb5160ba778553a43

SHA512
3bc2c368bfc86ca21aa7b2d97d8135161c64ad74f5c0c9de7d15d605814cab0e93d4be94a38470fc711a9d15b47532338ce392443cedb4177dc8a5c019e35f99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
ce5bc0f5dbce939abff9eed3d3e6c516

SHA1
a0847dfdfc3617a46d3d7239e2a138f997f2139c

SHA256
67a1f57ffd44bcff1b6a5902daf634f0c91587a35d6037bd2466a91ad20e7a84

SHA512
d26723fec072da8cbf154493d443a611b5f69045ca56af143f3e7fdf8c86d3a182e934c744b8dd2a36698ffc0e45cb6670dbd3c9e1ae984d7cf0f251ce3c837d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\a1ecfba2-c5b2-4f9e-aabc-b5b9fd407b2c.tmp

Filesize
190KB

MD5
1083551d3939685efb9f8cb43db0f50c

SHA1
75b67b25d3faa28ab6f25246d48bb7a8c1171c6b

SHA256
36257f5394ea48c95bc1ca9a5f006f08b9ab8aa04ee58266dee3505624fde089

SHA512
1d87452c87077061f563d3ffd137ed19eda6b4ed38525cb3c7de36097d7e2a23f70adb859591807ffb12a391aea946527075da1b80e94cacce23d401251caed6

Download Submit
C:\Users\Admin\Desktop\Nova minecraft\Nova.exe

Filesize
18.4MB

MD5
3f886e3f527615eab1dfc5a54021a252

SHA1
bc6179374305b6d9d3bd3a6959336a24f8e298e1

SHA256
829af67d5ce7430ba9f3c73dd7eb406f102d4e9a94848c112f15897b31ce2a0d

SHA512
5853758a1da868082805c379c22688a9c958b3c484e119a82299afa81b7e13191f3b6b2dfdaa346463f7a7f40c73f6319860ee0855a4f7cdcee8027fe42ff7de

Download Submit
C:\Users\Admin\Downloads\Nova minecraft.zip.crdownload

Filesize
18.4MB

MD5
2eb2f4a364d1cdf4814d3e7513fbeed2

SHA1
e44da5c0c70b1c3f49ac758021d73b5e6e1c4c92

SHA256
3d59e6818b60fbeae2965391fceba6faa6685a13b05219c34278be5ecdf2de7a

SHA512
5ad84d99786eb06ce9e77dd00b30395d21a55d9f4a36ac8ad54a70dc34758ba9af0c3db005bcdc5786d8b36e8f73f422b04248e0a2113e25a099de15b761d3ed

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit