hxxps://v[.]gd/70iGTh

Resubmissions

11-06-2024 18:17

240611-wxjccswekh 6

11-06-2024 18:07

240611-wp9vcawbpc 6

Analysis

max time kernel
630s
max time network
623s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
11-06-2024 18:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://v.gd/70iGTh

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
14	drive.google.com
15	drive.google.com
16	drive.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133626034966850959"	chrome.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4568	chrome.exe
4568	chrome.exe
4248	chrome.exe
4248	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
4388	OpenWith.exe
3936	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe

Suspicious use of FindShellTrayWindow 49 IoCs

pid	Process
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
2128	7zG.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4388	OpenWith.exe
4388	OpenWith.exe
4388	OpenWith.exe
4388	OpenWith.exe
4388	OpenWith.exe
4388	OpenWith.exe
4388	OpenWith.exe
4388	OpenWith.exe
4388	OpenWith.exe
4388	OpenWith.exe
4388	OpenWith.exe
4388	OpenWith.exe
4388	OpenWith.exe
4388	OpenWith.exe
4388	OpenWith.exe
4388	OpenWith.exe
4388	OpenWith.exe
4388	OpenWith.exe
4388	OpenWith.exe
4388	OpenWith.exe
4388	OpenWith.exe
4388	OpenWith.exe
4388	OpenWith.exe
4388	OpenWith.exe
4388	OpenWith.exe
4388	OpenWith.exe
4388	OpenWith.exe
4388	OpenWith.exe
4388	OpenWith.exe
4388	OpenWith.exe
4388	OpenWith.exe
4388	OpenWith.exe
4388	OpenWith.exe
4388	OpenWith.exe
4388	OpenWith.exe
4388	OpenWith.exe
4388	OpenWith.exe
4388	OpenWith.exe
4388	OpenWith.exe
4388	OpenWith.exe
4388	OpenWith.exe
4388	OpenWith.exe
4388	OpenWith.exe
4388	OpenWith.exe
4388	OpenWith.exe
4388	OpenWith.exe
4388	OpenWith.exe
4388	OpenWith.exe
4388	OpenWith.exe
4388	OpenWith.exe
4388	OpenWith.exe
4388	OpenWith.exe
4388	OpenWith.exe
4388	OpenWith.exe
4388	OpenWith.exe
4388	OpenWith.exe
4388	OpenWith.exe
4388	OpenWith.exe
4388	OpenWith.exe
4388	OpenWith.exe
4388	OpenWith.exe
4388	OpenWith.exe
4388	OpenWith.exe
4388	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4568 wrote to memory of 2236	4568	chrome.exe	72
PID 4568 wrote to memory of 2236	4568	chrome.exe	72
PID 4568 wrote to memory of 4796	4568	chrome.exe	74
PID 4568 wrote to memory of 4796	4568	chrome.exe	74
PID 4568 wrote to memory of 4796	4568	chrome.exe	74
PID 4568 wrote to memory of 4796	4568	chrome.exe	74
PID 4568 wrote to memory of 4796	4568	chrome.exe	74
PID 4568 wrote to memory of 4796	4568	chrome.exe	74
PID 4568 wrote to memory of 4796	4568	chrome.exe	74
PID 4568 wrote to memory of 4796	4568	chrome.exe	74
PID 4568 wrote to memory of 4796	4568	chrome.exe	74
PID 4568 wrote to memory of 4796	4568	chrome.exe	74
PID 4568 wrote to memory of 4796	4568	chrome.exe	74
PID 4568 wrote to memory of 4796	4568	chrome.exe	74
PID 4568 wrote to memory of 4796	4568	chrome.exe	74
PID 4568 wrote to memory of 4796	4568	chrome.exe	74
PID 4568 wrote to memory of 4796	4568	chrome.exe	74
PID 4568 wrote to memory of 4796	4568	chrome.exe	74
PID 4568 wrote to memory of 4796	4568	chrome.exe	74
PID 4568 wrote to memory of 4796	4568	chrome.exe	74
PID 4568 wrote to memory of 4796	4568	chrome.exe	74
PID 4568 wrote to memory of 4796	4568	chrome.exe	74
PID 4568 wrote to memory of 4796	4568	chrome.exe	74
PID 4568 wrote to memory of 4796	4568	chrome.exe	74
PID 4568 wrote to memory of 4796	4568	chrome.exe	74
PID 4568 wrote to memory of 4796	4568	chrome.exe	74
PID 4568 wrote to memory of 4796	4568	chrome.exe	74
PID 4568 wrote to memory of 4796	4568	chrome.exe	74
PID 4568 wrote to memory of 4796	4568	chrome.exe	74
PID 4568 wrote to memory of 4796	4568	chrome.exe	74
PID 4568 wrote to memory of 4796	4568	chrome.exe	74
PID 4568 wrote to memory of 4796	4568	chrome.exe	74
PID 4568 wrote to memory of 4796	4568	chrome.exe	74
PID 4568 wrote to memory of 4796	4568	chrome.exe	74
PID 4568 wrote to memory of 4796	4568	chrome.exe	74
PID 4568 wrote to memory of 4796	4568	chrome.exe	74
PID 4568 wrote to memory of 4796	4568	chrome.exe	74
PID 4568 wrote to memory of 4796	4568	chrome.exe	74
PID 4568 wrote to memory of 4796	4568	chrome.exe	74
PID 4568 wrote to memory of 4796	4568	chrome.exe	74
PID 4568 wrote to memory of 4168	4568	chrome.exe	75
PID 4568 wrote to memory of 4168	4568	chrome.exe	75
PID 4568 wrote to memory of 2416	4568	chrome.exe	76
PID 4568 wrote to memory of 2416	4568	chrome.exe	76
PID 4568 wrote to memory of 2416	4568	chrome.exe	76
PID 4568 wrote to memory of 2416	4568	chrome.exe	76
PID 4568 wrote to memory of 2416	4568	chrome.exe	76
PID 4568 wrote to memory of 2416	4568	chrome.exe	76
PID 4568 wrote to memory of 2416	4568	chrome.exe	76
PID 4568 wrote to memory of 2416	4568	chrome.exe	76
PID 4568 wrote to memory of 2416	4568	chrome.exe	76
PID 4568 wrote to memory of 2416	4568	chrome.exe	76
PID 4568 wrote to memory of 2416	4568	chrome.exe	76
PID 4568 wrote to memory of 2416	4568	chrome.exe	76
PID 4568 wrote to memory of 2416	4568	chrome.exe	76
PID 4568 wrote to memory of 2416	4568	chrome.exe	76
PID 4568 wrote to memory of 2416	4568	chrome.exe	76
PID 4568 wrote to memory of 2416	4568	chrome.exe	76
PID 4568 wrote to memory of 2416	4568	chrome.exe	76
PID 4568 wrote to memory of 2416	4568	chrome.exe	76
PID 4568 wrote to memory of 2416	4568	chrome.exe	76
PID 4568 wrote to memory of 2416	4568	chrome.exe	76
PID 4568 wrote to memory of 2416	4568	chrome.exe	76
PID 4568 wrote to memory of 2416	4568	chrome.exe	76

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://v.gd/70iGTh
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffa73939758,0x7ffa73939768,0x7ffa73939778
  2⤵
  PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1768,i,5663396415110967466,16255499239395847316,131072 /prefetch:2
  2⤵
  PID:4796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1812 --field-trial-handle=1768,i,5663396415110967466,16255499239395847316,131072 /prefetch:8
  2⤵
  PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2064 --field-trial-handle=1768,i,5663396415110967466,16255499239395847316,131072 /prefetch:8
  2⤵
  PID:2416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2868 --field-trial-handle=1768,i,5663396415110967466,16255499239395847316,131072 /prefetch:1
  2⤵
  PID:1864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2920 --field-trial-handle=1768,i,5663396415110967466,16255499239395847316,131072 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4640 --field-trial-handle=1768,i,5663396415110967466,16255499239395847316,131072 /prefetch:8
  2⤵
  PID:3868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4384 --field-trial-handle=1768,i,5663396415110967466,16255499239395847316,131072 /prefetch:8
  2⤵
  PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4948 --field-trial-handle=1768,i,5663396415110967466,16255499239395847316,131072 /prefetch:1
  2⤵
  PID:4016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4976 --field-trial-handle=1768,i,5663396415110967466,16255499239395847316,131072 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 --field-trial-handle=1768,i,5663396415110967466,16255499239395847316,131072 /prefetch:8
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5344 --field-trial-handle=1768,i,5663396415110967466,16255499239395847316,131072 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 --field-trial-handle=1768,i,5663396415110967466,16255499239395847316,131072 /prefetch:8
  2⤵
  PID:4588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 --field-trial-handle=1768,i,5663396415110967466,16255499239395847316,131072 /prefetch:8
  2⤵
  PID:2440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6092 --field-trial-handle=1768,i,5663396415110967466,16255499239395847316,131072 /prefetch:8
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3492 --field-trial-handle=1768,i,5663396415110967466,16255499239395847316,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4248

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:540

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3032

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\Augustus\" -ad -an -ai#7zMap15777:78:7zEvent23447
1⤵
- Suspicious use of FindShellTrayWindow
PID:2128

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4388

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:3936

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Desktop\Augustus\Augustus\Augustus.jar"
1⤵
PID:1360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\756dc86b-d04a-4ead-8982-24b75ff73313.tmp

Filesize
7KB

MD5
879242deccd7acdcbe3d90d1a9d2a676

SHA1
302ed5d686f991f59ac0959ce2e0ba46e4be226e

SHA256
d1176b5fa50bbfb8421eb5d688217ca65bc4b486b13b91ac8ec47e4d6c73fb2f

SHA512
be6c37eeb170c37cd4da8762c3c87d99dfc46549a32527fb160b6146526e8b81f4236fec28257b3d81f25f8b21574a0ed0022b1f8723bb9ae752652877aa14a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
5c3e9e3ec4430dc42cc028d701f3708b

SHA1
158db3ed42c3e6444c66036c15eeff19d35f3ec1

SHA256
066ab20fc2fe132fe98aa2f202bbc19835e03b1e9fafca524ad421d571111a3d

SHA512
79b7948172c09ed5b5ba6e218a5d7e824ead155c4b934099f3b9286be64436557a406614329ff2f0ac990f6230d0a67a72eb64a0bd95d90480f41554467c2bee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
e31b5f0ed7e174653d5f1bab1fce7a83

SHA1
7743324d7dd594d1e4c077caeb0dcb171018e0b3

SHA256
f679f3064c7e85ef6ae052e7427f7eb0283661f3cea3b91c4af1c32481437f65

SHA512
3a377873051e8615d2681f4d73af119c9464e2f6d3e0f812383b8a1b9df41a0978d2ee4c0b8563d9d8b01d844ca25de27aefd6a0a0bd71e1df52e20314baa6a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
a5ee15563880001db34e0992d9127876

SHA1
817de002c97230d85d817fc5f634ea9a51f97405

SHA256
e47b766e3fcba808d21d5da9bc24a48cd1c86fc9f9f9fa6723ef772c23f4db78

SHA512
80282f3ee5b2b3baeab76c08cabcfa5aba418a063373b161172ae9f278845a3e27330332f5afbb46d4c13cca9e73b9f2200fdbf212dd5ac34f323c3052f842f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
6146970eb0cefa741c8e5504c1cf76c3

SHA1
2581e7d2944524debdae90886302eb43df2662b8

SHA256
6b2b6484d96358969209098553fb65c6f761bc38a7af1f97580f20304f5e9144

SHA512
9545e70671c0072010e323bb835568dacdc9e3049410d26b47e8cd0c4e9c9d021360b17fa789e589d5a7c1159d9835a9628f7310779594b1a406d2ae7abe838f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
1e3ed1dd46efdfa594643c38241edd4f

SHA1
a3416ede34f3639146c1f9004e828b56a4762a1e

SHA256
28678caa6cadd6c943e17f261593d871d20430eea466a89089b1e7f8a9ab251e

SHA512
6f42b76f487374f6046a52cbfc2a0003045604f21540c63433e0708e50f80a9ed9599185930873bca63e8320cc9aa4af22f3cd47caf88cb3a5ff8568b7bebe7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
a120a7081b97283f5d98c54d83590bb0

SHA1
effea9db901842ec8537de6fd4ab02e05aa8f644

SHA256
8b3633463f4ded7ecccca42d17aa1db41d7d648240c8e33a88fc20390ed62a2a

SHA512
7b3b638cfe01cc2e55503daef9cac97b691747e79c7e589cd1695a08ff25a1bab4aff846693711f2fb06e6af98749a6a17d27adb0134532ee5cd8bf6930c7d83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
e75ef0795ec0bd22acd86fdcc5b8d6fb

SHA1
d446629fbac82af5d801d7d69f4540f659c4d808

SHA256
61c9d3fc4650a1ffe35f98f4a9ff60faf61f0a624ca72f6d25e424323589afe2

SHA512
a55e7e1013846889a702a51f68a2278913da53788fc251cfe8876778a5ad2f4bada3baa2500a9a9113c171ea658f423139ed947c18fffbfb6e6f4d51fbc45c33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
536B

MD5
7141fe2f398937ce7f34eaaa28041c62

SHA1
c13585a3eaf7c24a78c2fb0368ff4b59eb7f563c

SHA256
e572187e546ecb59cc6482ab9aa4c5477bde3cd82074010191439436df29ea28

SHA512
940dba22f8ac92e3bd6046ca9c99a4dbce4948a7c79f90e6c64c2ce46b5a412c67e7f84594a2137459993fa487e644e23cd8a459d009b301e00a68327ada03f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
23f4aa701ae53aa8e714efb0c3ab4b89

SHA1
900d3524778faba4e023b427901edd7de8171522

SHA256
309e3de600f2867883343df4a3171218108ebe64972421e70218565cda76abff

SHA512
9ef9966ca82111363f9f1e345f3f188f6b65fb3b61f9105b6c42e8714a31f91a7df52814f274f253967a3164150701ed7dfce30e08c56188f16bb07811a689a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
90ae3f848a51549b18ec8dc6a6a55dbc

SHA1
c23769dc952424450ba1b0258997d81f01518c2e

SHA256
245a023836cd1a3873e5c7a6307197ba43285ca6317fb948427134fbaa7390ed

SHA512
29923250e033f85b1eccf1787aac16d29435cefd42cba1ede9cbc0b69ca6ad96d3ada46436421c58c71d2d69546ffa5663b4946fada9a87546d7553afa9f9b9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a27a25da1e4fa3f0895b1420234eca73

SHA1
ac1c3d5b7c88765ebfe10108e073af9552b32fc2

SHA256
b9db7f4652b588a5512a7961b7cfe8c60d045f7fd67a4eb808a8cd68f2f75425

SHA512
6c4be732412150804d2b19c3229d33b4b1fbbfac1bce6ac539445e73e1e456ea2cfcdd8ca7510c843170299b4818f1ebec298fc72a08293ad9f81bd7eef9c9e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
773722155694fbaadd247f0f2db3ffe9

SHA1
52557ba398fba061b45731dda99f9d1958493621

SHA256
9dd80a3c233d5f47d02daeba1bc0c47ba3cfb23f11deb5b4486724c49b08ef59

SHA512
f66b3a5f7805000bcb12d87eeedb33344465a6bed84407ef5ca2a8327310f4d8a75ca5ea70b40be2c96d6017e7a3a4b2f70ce513991432e0e5ff2c36c21a4580

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
235a0ed15b28136873a7c1229f38174a

SHA1
cfbd1575259d0f20acd793b1a30ad71b5f534f66

SHA256
ea3ebaf40234f32f110eb47f16ef2d6c031e8a2eb7ebc65f73ecba33824efecd

SHA512
b214fc3ceb4011b76d34603dc484d8b0a735d9076f03750472079517548eb1d925e16e86df9766ffe32b07d7b55cb6f79eb08bc44d11ce1de2a0643d8136efc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
4c3ea03d2a782b2f1c6b7ad44a014aef

SHA1
f757fc6bfc2b5da856aa84efef096a1d776e1b7b

SHA256
71ab1bcb510a3570908b06f83d83e9c37c5adca2d94bf26361ed534d6fc1a9f3

SHA512
de39de0a2509f2da7caf41bac4a02cc3c4ab90edd1118a95032efb6031c803da1e8e8f4e617eb6a5d2b286cc883ba7b969fd3b5db3936c19d06cab8592695da7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
7820214b9da80745ea9fb53f3f9c19a7

SHA1
69ec43cc2e4cafd54b44f2a3603b9b9b012352aa

SHA256
feb1c2748dcfdd62ef8a18fadeaaa9c2e1b926ef5bd7141c93a58b49c90a51cf

SHA512
2e1e4bdeeb16905135d4f1be501877d6b10d0476255879a5e16a3a51f05cbda73761bf5caabf8cf80ab04cec906d55d375843e85f9e02ab5e0a7c906e3b74b40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
7f537d64ede77f153bea480e5eb7d20e

SHA1
b0041dd7b992e599545b3fcd1de4d74cb4d204fa

SHA256
39566710e5b9b42151709dc9a9a2f49db77ecd5a9f2516f8cf0c40b8bf6a114f

SHA512
9d6adf92e9a7dee7ceaf8b6c501a14b917b24e977c2f5dddbdc6f102e0d529b4c8b02d156dc173f74c94ac67be6e68677e659eb00f961b14b3b7a9f0b1b4214d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
106KB

MD5
0dc01b77e3a4d374f4004d0b31868597

SHA1
7864d328811f21a2c0066facfea0c4d735f99003

SHA256
7dc1a53455b9da2108b57f2f321b6bf2791f25c7430f0367a6a83590c884fa99

SHA512
46a1992ec07f03583938b2eb49c865bc932f84985b0eafffb64471f8af0678fcc4e2862934e745164d9454c3efcf7cd870d5af29512a727bce69296a1d00d38d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
99KB

MD5
dd5113da6755c4809bbca3b2c9f08ed5

SHA1
0131ed9df45c14bcb77b5cd18dc89db70f93ed1f

SHA256
0c09f60786584cfce2830cef62c18c5076c56e9df931ccea60971f83de1a95e0

SHA512
7179c367fbdba8d3cff718170e68683ae91069819d7ac0c800d1dc6858dede94a4a7225c022856423db377d1c871055ea86f92b1932c7c3775e2835eb0ccf04e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
109KB

MD5
cc2cb6a9f8ce00754c16ad46f7cfa827

SHA1
b7e53579d6842ebfb5c8793aae5bdfa6980874ce

SHA256
64da98b445b75eb8306bde04cf9eca436e42ef445bb131d4bda021071776dfd2

SHA512
2709b740f1d6c5a4ab106f9a0c88276aab9dd7e4eff702463eb07cc83c2a4689a49fd5eaecb3ebd66d352652897b7ec034591d2748f9929db54ff214269a8676

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe585232.TMP

Filesize
98KB

MD5
7852df84199da2908dfe5fadca37651a

SHA1
fd7a0c4fe9b17be098ec9720fd7aea3b5d166406

SHA256
da98f24e4c7aedc6a8d5cc1bceda6a53a49dc431cc6e2229500b32405d150fcd

SHA512
c3bd792eda79cd8bfe358e62358405f52e120e4532447fc7bed9169b915c52e781abf412f5bb409e03eedb270fd01050b76fb9f9ba64374064fc9430850fbc61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\Augustus.rar

Filesize
49.8MB

MD5
72bc20daf59ee68804a6a5b522024a6d

SHA1
39accd847b99f577a853d75d86f31068c1f17242

SHA256
fffd84d0b3c56c89dba9d0abaa62f683da097591710e858ae78057a71834ed7f

SHA512
eb86910929aa953d0dacab87006ee5fe89f8abb789aea7d351843ce07b98bf1d778ea1df55192555e5e77807bdfd701a331fc5dc11bf64b36ae566d516dcd285

Download Submit