045cd5de254bccdef47685d5669ac04556669b4eca54a751a9ae853ea15f05fb

Analysis

max time kernel
41s
max time network
159s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16/04/2024, 15:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AutoHotkey_2.0.2_setup.exe
Size

2.8MB
MD5

7ce7d260acfddf2dbc0286c1493560b2
SHA1

882b4d50de925a5411b83b47a1dbbd478490131c
SHA256

9c8b1aecaf1bdded80bec98ec5ab5b9b9754cbce9439dd9eacc7d1774d1438f8
SHA512

66ec91c9ee568342410e2b84b475b60190dcb31a8bb11b9999c81eefc43418b91dfb5822649d43c4376dbd8d804b3693d05decd30fb0035e190953d445035fcf
SSDEEP

49152:F5eZSM1m5dOO/VtzVrwHUR0QpGrfkrQdYhCl/EllK8g3pOkTQ26:YA9V9NHFpIfyQdzVK48AOkTQD

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1632-0-0x0000000000400000-0x000000000092B000-memory.dmp	upx
behavioral1/memory/1632-1-0x0000000000400000-0x000000000092B000-memory.dmp	upx
behavioral1/memory/1632-2-0x0000000000400000-0x000000000092B000-memory.dmp	upx

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3024	chrome.exe
3024	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1632	AutoHotkey_2.0.2_setup.exe

Suspicious use of AdjustPrivilegeToken 46 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3024 wrote to memory of 1204	3024	chrome.exe	29
PID 3024 wrote to memory of 1204	3024	chrome.exe	29
PID 3024 wrote to memory of 1204	3024	chrome.exe	29
PID 3024 wrote to memory of 2544	3024	chrome.exe	31
PID 3024 wrote to memory of 2544	3024	chrome.exe	31
PID 3024 wrote to memory of 2544	3024	chrome.exe	31
PID 3024 wrote to memory of 2544	3024	chrome.exe	31
PID 3024 wrote to memory of 2544	3024	chrome.exe	31
PID 3024 wrote to memory of 2544	3024	chrome.exe	31
PID 3024 wrote to memory of 2544	3024	chrome.exe	31
PID 3024 wrote to memory of 2544	3024	chrome.exe	31
PID 3024 wrote to memory of 2544	3024	chrome.exe	31
PID 3024 wrote to memory of 2544	3024	chrome.exe	31
PID 3024 wrote to memory of 2544	3024	chrome.exe	31
PID 3024 wrote to memory of 2544	3024	chrome.exe	31
PID 3024 wrote to memory of 2544	3024	chrome.exe	31
PID 3024 wrote to memory of 2544	3024	chrome.exe	31
PID 3024 wrote to memory of 2544	3024	chrome.exe	31
PID 3024 wrote to memory of 2544	3024	chrome.exe	31
PID 3024 wrote to memory of 2544	3024	chrome.exe	31
PID 3024 wrote to memory of 2544	3024	chrome.exe	31
PID 3024 wrote to memory of 2544	3024	chrome.exe	31
PID 3024 wrote to memory of 2544	3024	chrome.exe	31
PID 3024 wrote to memory of 2544	3024	chrome.exe	31
PID 3024 wrote to memory of 2544	3024	chrome.exe	31
PID 3024 wrote to memory of 2544	3024	chrome.exe	31
PID 3024 wrote to memory of 2544	3024	chrome.exe	31
PID 3024 wrote to memory of 2544	3024	chrome.exe	31
PID 3024 wrote to memory of 2544	3024	chrome.exe	31
PID 3024 wrote to memory of 2544	3024	chrome.exe	31
PID 3024 wrote to memory of 2544	3024	chrome.exe	31
PID 3024 wrote to memory of 2544	3024	chrome.exe	31
PID 3024 wrote to memory of 2544	3024	chrome.exe	31
PID 3024 wrote to memory of 2544	3024	chrome.exe	31
PID 3024 wrote to memory of 2544	3024	chrome.exe	31
PID 3024 wrote to memory of 2544	3024	chrome.exe	31
PID 3024 wrote to memory of 2544	3024	chrome.exe	31
PID 3024 wrote to memory of 2544	3024	chrome.exe	31
PID 3024 wrote to memory of 2544	3024	chrome.exe	31
PID 3024 wrote to memory of 2544	3024	chrome.exe	31
PID 3024 wrote to memory of 2544	3024	chrome.exe	31
PID 3024 wrote to memory of 2544	3024	chrome.exe	31
PID 3024 wrote to memory of 2428	3024	chrome.exe	32
PID 3024 wrote to memory of 2428	3024	chrome.exe	32
PID 3024 wrote to memory of 2428	3024	chrome.exe	32
PID 3024 wrote to memory of 2204	3024	chrome.exe	33
PID 3024 wrote to memory of 2204	3024	chrome.exe	33
PID 3024 wrote to memory of 2204	3024	chrome.exe	33
PID 3024 wrote to memory of 2204	3024	chrome.exe	33
PID 3024 wrote to memory of 2204	3024	chrome.exe	33
PID 3024 wrote to memory of 2204	3024	chrome.exe	33
PID 3024 wrote to memory of 2204	3024	chrome.exe	33
PID 3024 wrote to memory of 2204	3024	chrome.exe	33
PID 3024 wrote to memory of 2204	3024	chrome.exe	33
PID 3024 wrote to memory of 2204	3024	chrome.exe	33
PID 3024 wrote to memory of 2204	3024	chrome.exe	33
PID 3024 wrote to memory of 2204	3024	chrome.exe	33
PID 3024 wrote to memory of 2204	3024	chrome.exe	33
PID 3024 wrote to memory of 2204	3024	chrome.exe	33
PID 3024 wrote to memory of 2204	3024	chrome.exe	33
PID 3024 wrote to memory of 2204	3024	chrome.exe	33
PID 3024 wrote to memory of 2204	3024	chrome.exe	33
PID 3024 wrote to memory of 2204	3024	chrome.exe	33
PID 3024 wrote to memory of 2204	3024	chrome.exe	33

C:\Users\Admin\AppData\Local\Temp\AutoHotkey_2.0.2_setup.exe
"C:\Users\Admin\AppData\Local\Temp\AutoHotkey_2.0.2_setup.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:1632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6d49758,0x7fef6d49768,0x7fef6d49778
  2⤵
  PID:1204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1172 --field-trial-handle=1260,i,11451459926396431500,8460943551464971239,131072 /prefetch:2
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1568 --field-trial-handle=1260,i,11451459926396431500,8460943551464971239,131072 /prefetch:8
  2⤵
  PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1668 --field-trial-handle=1260,i,11451459926396431500,8460943551464971239,131072 /prefetch:8
  2⤵
  PID:2204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2304 --field-trial-handle=1260,i,11451459926396431500,8460943551464971239,131072 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2312 --field-trial-handle=1260,i,11451459926396431500,8460943551464971239,131072 /prefetch:1
  2⤵
  PID:1556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1460 --field-trial-handle=1260,i,11451459926396431500,8460943551464971239,131072 /prefetch:2
  2⤵
  PID:1732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3208 --field-trial-handle=1260,i,11451459926396431500,8460943551464971239,131072 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3448 --field-trial-handle=1260,i,11451459926396431500,8460943551464971239,131072 /prefetch:8
  2⤵
  PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3464 --field-trial-handle=1260,i,11451459926396431500,8460943551464971239,131072 /prefetch:8
  2⤵
  PID:636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3700 --field-trial-handle=1260,i,11451459926396431500,8460943551464971239,131072 /prefetch:8
  2⤵
  PID:1456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3744 --field-trial-handle=1260,i,11451459926396431500,8460943551464971239,131072 /prefetch:1
  2⤵
  PID:996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2636 --field-trial-handle=1260,i,11451459926396431500,8460943551464971239,131072 /prefetch:1
  2⤵
  PID:276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2304 --field-trial-handle=1260,i,11451459926396431500,8460943551464971239,131072 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3712 --field-trial-handle=1260,i,11451459926396431500,8460943551464971239,131072 /prefetch:8
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3988 --field-trial-handle=1260,i,11451459926396431500,8460943551464971239,131072 /prefetch:8
  2⤵
  PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=1128 --field-trial-handle=1260,i,11451459926396431500,8460943551464971239,131072 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3928 --field-trial-handle=1260,i,11451459926396431500,8460943551464971239,131072 /prefetch:1
  2⤵
  PID:1092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3932 --field-trial-handle=1260,i,11451459926396431500,8460943551464971239,131072 /prefetch:8
  2⤵
  PID:1552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3224 --field-trial-handle=1260,i,11451459926396431500,8460943551464971239,131072 /prefetch:1
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3724 --field-trial-handle=1260,i,11451459926396431500,8460943551464971239,131072 /prefetch:8
  2⤵
  PID:2080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4020 --field-trial-handle=1260,i,11451459926396431500,8460943551464971239,131072 /prefetch:8
  2⤵
  PID:2836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3736 --field-trial-handle=1260,i,11451459926396431500,8460943551464971239,131072 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3216 --field-trial-handle=1260,i,11451459926396431500,8460943551464971239,131072 /prefetch:8
  2⤵
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=2480 --field-trial-handle=1260,i,11451459926396431500,8460943551464971239,131072 /prefetch:1
  2⤵
  PID:2604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4104 --field-trial-handle=1260,i,11451459926396431500,8460943551464971239,131072 /prefetch:8
  2⤵
  PID:344

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1652

C:\Users\Admin\Downloads\clumsy-0.3-win32-a\clumsy.exe
"C:\Users\Admin\Downloads\clumsy-0.3-win32-a\clumsy.exe"
1⤵
PID:1152

C:\Users\Admin\Downloads\clumsy-0.3-win64-a\clumsy.exe
"C:\Users\Admin\Downloads\clumsy-0.3-win64-a\clumsy.exe"
1⤵
PID:2940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0beba04b9fb3e70d1916beb95cb3d7af

SHA1
4b0cd923788ba9215ad6db3aec0fb79bb89e5265

SHA256
8acb8851a96ea8b8bfb904a4530d12f6e342673e814572cb7fb5081b5d9bd023

SHA512
dfdf9111cd2d80e3d8385c6074c24a3e92178b3f7b1034ffb77ce530c2d637df5b02c8276cab0e03b6773728ab2dc57025c2a70bfb25e1bc374227d441393d58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8dd9eefdd3c99e0cb45593d2496b8b44

SHA1
c7496b2f2d03bf143d99db8ea23f63f301f9820b

SHA256
a251042709101dc79f450e544f8fd1d16d2f645b18fe781cb7b883180d99867b

SHA512
4b4eae5c23bf2820e578c96d53f34d3ec61e18a3a1ff2c0149dfa02294ea717e33fbd6b60ed2a7bcf3ae9bf89ae450c544f5d1033bc141c284a53286fe9946fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\2e803581-5c0a-4f15-96ea-26564c23a8a7.tmp

Filesize
267KB

MD5
7d4dd1b61d958a619d8ef302f7067d6c

SHA1
1ce6ca1baf51581bd772668960f9698710cbb71c

SHA256
0db4f3a290ee3d1bb540fbca7c019ad7b8d787854a2abb4a6e7ea2f61758b5bd

SHA512
ab941128d305fcaa30b29bf48f6ed5862e4b0d20e434eb32e843a8e08bf3c1f6a6a95a1dbe0923a33d24143bb67e7f6012cb5677258f74e4ce909f363b49e2ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\68310671-ef7b-4e41-ab6d-6ea61da1f5bd.tmp

Filesize
6KB

MD5
f2538838e0869dbccc11ac297beeac4a

SHA1
2744eca3d2f3ffb8560d3b7e242939894a0542be

SHA256
9fb760d93c9b5f408005ef68027bbd6896b7b122e965a0428fc15eef3801febe

SHA512
374b2a66a02f4f230c75a3d791fe9175d6b571f3269b4997bfcedd9e5bf9bffc5e79d3d5051c084e3d45c05384d3eaa41e94d511d04cf8fcd897bbfc01a01e2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf76dfb5.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
b79d0e30fbe40695aeb438d0c5a5cf2c

SHA1
7a90a5524a33de9be32d7e5e61a62032582d7a37

SHA256
20c27fa60f8b7d317504974b0ebe6a872b4504f9f7418a5cd2ac6cbcfbe16cd5

SHA512
b1ab64ccd07e3079f1e642f8f2058849133adc67656891f1ce6e3439dc2ab6786a3f6ed30cc389b8901e54eaf59b1052735ad0afde26eab9ab2c797fc9e95a0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
e6dc96c3d83a001f7b5cefe038a1fc30

SHA1
7c098fd72f496c40e5e54167edd7a8b25823d8c1

SHA256
8712c64913f7942fccdca9e36de296147736dbc3cf1785eaecfd956b0ed3e9b8

SHA512
5bb37a1fa96e13556bee67a390e9a4f83cb8b16626d8dec1d2a3d0da25e1981f32a7d7f30c3c92270133734b003ba292d598ad398ce4cd05a6e136a5ed8392b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
854B

MD5
9fb07e7b8165104de01652e06016a483

SHA1
4b500cae6f60be8fc300f837db7e579a68b49c71

SHA256
27ba1c8c9a4c083968d64dcbbe5b3571d59d495248bc3ac8cf0ed290e25947a4

SHA512
a5f597b9faa4afe9b18a498651b3a6644c98905f9c404839661ec9b51955438650809587a3034eaca8b9f4b97915cc80e5a8355e968f93401d493503ab6c4ba7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
1cce597120826c81fc632b031a1af466

SHA1
fd30523e7658f84304d81597494cce0ba993466d

SHA256
e15295d32bbf8dc1b06f7a328c5cf8a9b5f91a7e5b5541407da20d66e23a593a

SHA512
5745fa01608d9a2af019d25493431b4f7cc4838025249b9e5d727d32f65d7838b99d3dcd3c813fd1fecd9fa6c8dd273cf6e031ed89596b0916f15dcd374c6867

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2f2afdc390ee18cd5a0d20d43d6d73ee

SHA1
5dd32393369e5836629fb4b5d0382cfa6eee78a7

SHA256
30823d3a31816d47c91cd548a77e153ce49fd4c7666171d039273554a038fc06

SHA512
8c846252510cd26b4171563ad71ee76614aae833b826c6f12c5b5bb859ef30553e7088f9c83310a51edbfb54d3b304ca3d2ddf33230b160e526ecac2811583a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
6c7686bdd8a57231fe2b7ad6f69ef1a5

SHA1
f00ab63ce8c8e7b728dc476aa64120aba2679bbc

SHA256
c0050c55717128deb23b2856d998083cdf10ac856b133032ee07fa4caae92dd0

SHA512
1625710a64a4dc7595e6ce0d6851d336c45264566eb1bc4a7e3d1e854968dc8b97b24f3a49432e51999667040d14539cc09750373daddb399d901733291bb4f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
d550fb726ec4aae22e007257113b238f

SHA1
768af3790e40103f34d912065f0f327bbc5c753b

SHA256
8dba8de5d1dde58427ef478d9f16255f4fff55e7c50e6783fd6ca118811d424b

SHA512
0d4460c884cd8d3e86dc89207971b9e509f98a229aa873f196d179d08e968367e64a9b9bbc23768f6c9e7de8ed45ea28dc8f9466edd61948a4279e4c15a61291

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
8a4127dd099a4c0e1c6e3c0b95f15ba4

SHA1
db3d684a008de37b31936555d7c546c1f57c7383

SHA256
7481dfeff9b6bafb74a76de37a4aaa24d59b085aa8e32248ec4acd43f5cc6193

SHA512
6a3cbedcb1b4ce059c53b6526d4afe1a69a072985c253a25d25ec73f3c2613c5709c183499767fa00cab96494925f1b3ea1bb438fd2ec89721a9a5396c1f1a62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
7b0d8e69a2d717fefeb7ca6e8b62378e

SHA1
8a6a5bf723ee25658a7fd29482e4a327fd7559af

SHA256
a3d83db92134f6e8097bc87ab08704dbffb271d2169258486080906f02c49860

SHA512
10a404b7ae5598e925cb7a5c33dd2a76508014a59dcc814db646d40df4cd85ac35815fb41e45e41a28493c26e36b7d4f35c5cf8ccf4930a95916c33bf3c7d809

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
315KB

MD5
d3bdac2ef96230be49b1d618b0748b6e

SHA1
ceee34ef0b6a754d9b5e4dcc54ea9e21914a754d

SHA256
1d79ae8750dcf264d25913c31bd9230c767a3b7d7e95f050205e5d4142c6cc6b

SHA512
6b8a564db57ce28ed514ca6ad22dbae0c56ba4395a64e475a33e7f9af79515bc63a89bd8b9619687f7cdc91ef2a4c82464a922ed60a77a284201cbff2da8aa43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
fb68befaefc896011ff2ff88adaabc77

SHA1
ac7f7d4b10be1e1156b1fc9618cc79acc29c3d29

SHA256
3c2c38ed0ee2eaec3b459446d2d3538a84966538c1954f6c377c930d69730037

SHA512
e4e74a7d05e3b64f89da1a223327810ef78b50b8a9d797acf6cce8ec97bda059d81c8bbc1591512e487abc3767998e78e4c950573a0dd43c37472c1748df599f

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE1AF.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\Downloads\clumsy-0.3-win32-a.zip

Filesize
568KB

MD5
38963e0c87202a3e2fefe3389de65d47

SHA1
3eb7af1f94aac8ece1c40407aece24408bb22abd

SHA256
57b880f65e8a628a84749df09358235676e361f576fc263f00f4f275c1a4ea51

SHA512
4358488000d54d102601a8df37ece687e1a24e8912628dbf3d7af32f8cfc8ad66f8ec0270ec393fcad8b107c8b23870768881c085c4478a730397fecad47d0a1

Download Submit
C:\Users\Admin\Downloads\clumsy-0.3-win64-a.zip

Filesize
524KB

MD5
4b53a792fdd035a7ac6b335b705fdfbc

SHA1
2be6fbe140b4ec1d91b043bf2f3c6b5ebbf8122b

SHA256
f50dc734148815831c67d9fc2c246c22d421c53dcea51e26eee905b0b2806c27

SHA512
7f87683895bf833636f81d1092adb6fafb42457890f6631cf532c9909502eb598e6f5eeeeecfbc416048123133a52fd7e5ddaece65a0f5bcfc4a62c824ae5b5e

Download Submit
memory/1152-424-0x0000000063D40000-0x0000000063D4F000-memory.dmp

Filesize
60KB

Download
memory/1632-0-0x0000000000400000-0x000000000092B000-memory.dmp

Filesize
5.2MB

Download
memory/1632-2-0x0000000000400000-0x000000000092B000-memory.dmp

Filesize
5.2MB

Download
memory/1632-1-0x0000000000400000-0x000000000092B000-memory.dmp

Filesize
5.2MB

Download
memory/2940-482-0x0000000062800000-0x0000000062813000-memory.dmp

Filesize
76KB

Download