088d012a3d2788f797faf54d4f3db945c84ddab03a656c24d3badb06ae74324e

Analysis

max time kernel
128s
max time network
130s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
21/09/2024, 13:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

clumsy.exe
Size

1.4MB
MD5

e08b34a17ffb179d98d3452107e07189
SHA1

f89c80d58497e88577f77d21f44c08d0ff89cdc4
SHA256

088d012a3d2788f797faf54d4f3db945c84ddab03a656c24d3badb06ae74324e
SHA512

e3dc85f8134fd09a725a0081efbb8816b82e61131e6c98882dda44b10467f7042f6bd9b30854d4a4f8c6e0449132b8d27aebac58fed2c15fc7dd81178db63d5f
SSDEEP

24576:qjp/TkhdH/OHW2Cq1aaIQtGymaADRQpNBmCD:ql/whdYcqUAG9DRorm

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	clumsy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	clumsy.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133713995956114050"	chrome.exe

NTFS ADS 4 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\clumsy-0.3-win64-a.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\clumsy-0.3-win32-a (1).zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\clumsy-0.3-win32-a.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\clumsy-0.3-win64-c.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
4752	chrome.exe
4752	chrome.exe
1104	msedge.exe
1104	msedge.exe
1668	msedge.exe
1668	msedge.exe
3884	msedge.exe
3884	msedge.exe
1448	msedge.exe
1448	msedge.exe
2388	identity_helper.exe
2388	identity_helper.exe
3756	msedge.exe
3756	msedge.exe
1228	msedge.exe
1228	msedge.exe
2960	msedge.exe
2960	msedge.exe
2808	msedge.exe
2808	msedge.exe

Suspicious behavior: LoadsDriver 15 IoCs

pid	Process
680	Process not Found
680	Process not Found
680	Process not Found
680	Process not Found
680	Process not Found
680	Process not Found
680	Process not Found
680	Process not Found
680	Process not Found
680	Process not Found
680	Process not Found
680	Process not Found
680	Process not Found
680	Process not Found
680	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe

Suspicious use of AdjustPrivilegeToken 20 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe

Suspicious use of SendNotifyMessage 40 IoCs

pid	Process
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4752 wrote to memory of 4904	4752	chrome.exe	86
PID 4752 wrote to memory of 4904	4752	chrome.exe	86
PID 4752 wrote to memory of 1712	4752	chrome.exe	87
PID 4752 wrote to memory of 1712	4752	chrome.exe	87
PID 4752 wrote to memory of 1712	4752	chrome.exe	87
PID 4752 wrote to memory of 1712	4752	chrome.exe	87
PID 4752 wrote to memory of 1712	4752	chrome.exe	87
PID 4752 wrote to memory of 1712	4752	chrome.exe	87
PID 4752 wrote to memory of 1712	4752	chrome.exe	87
PID 4752 wrote to memory of 1712	4752	chrome.exe	87
PID 4752 wrote to memory of 1712	4752	chrome.exe	87
PID 4752 wrote to memory of 1712	4752	chrome.exe	87
PID 4752 wrote to memory of 1712	4752	chrome.exe	87
PID 4752 wrote to memory of 1712	4752	chrome.exe	87
PID 4752 wrote to memory of 1712	4752	chrome.exe	87
PID 4752 wrote to memory of 1712	4752	chrome.exe	87
PID 4752 wrote to memory of 1712	4752	chrome.exe	87
PID 4752 wrote to memory of 1712	4752	chrome.exe	87
PID 4752 wrote to memory of 1712	4752	chrome.exe	87
PID 4752 wrote to memory of 1712	4752	chrome.exe	87
PID 4752 wrote to memory of 1712	4752	chrome.exe	87
PID 4752 wrote to memory of 1712	4752	chrome.exe	87
PID 4752 wrote to memory of 1712	4752	chrome.exe	87
PID 4752 wrote to memory of 1712	4752	chrome.exe	87
PID 4752 wrote to memory of 1712	4752	chrome.exe	87
PID 4752 wrote to memory of 1712	4752	chrome.exe	87
PID 4752 wrote to memory of 1712	4752	chrome.exe	87
PID 4752 wrote to memory of 1712	4752	chrome.exe	87
PID 4752 wrote to memory of 1712	4752	chrome.exe	87
PID 4752 wrote to memory of 1712	4752	chrome.exe	87
PID 4752 wrote to memory of 1712	4752	chrome.exe	87
PID 4752 wrote to memory of 1712	4752	chrome.exe	87
PID 4752 wrote to memory of 840	4752	chrome.exe	88
PID 4752 wrote to memory of 840	4752	chrome.exe	88
PID 4752 wrote to memory of 3172	4752	chrome.exe	89
PID 4752 wrote to memory of 3172	4752	chrome.exe	89
PID 4752 wrote to memory of 3172	4752	chrome.exe	89
PID 4752 wrote to memory of 3172	4752	chrome.exe	89
PID 4752 wrote to memory of 3172	4752	chrome.exe	89
PID 4752 wrote to memory of 3172	4752	chrome.exe	89
PID 4752 wrote to memory of 3172	4752	chrome.exe	89
PID 4752 wrote to memory of 3172	4752	chrome.exe	89
PID 4752 wrote to memory of 3172	4752	chrome.exe	89
PID 4752 wrote to memory of 3172	4752	chrome.exe	89
PID 4752 wrote to memory of 3172	4752	chrome.exe	89
PID 4752 wrote to memory of 3172	4752	chrome.exe	89
PID 4752 wrote to memory of 3172	4752	chrome.exe	89
PID 4752 wrote to memory of 3172	4752	chrome.exe	89
PID 4752 wrote to memory of 3172	4752	chrome.exe	89
PID 4752 wrote to memory of 3172	4752	chrome.exe	89
PID 4752 wrote to memory of 3172	4752	chrome.exe	89
PID 4752 wrote to memory of 3172	4752	chrome.exe	89
PID 4752 wrote to memory of 3172	4752	chrome.exe	89
PID 4752 wrote to memory of 3172	4752	chrome.exe	89
PID 4752 wrote to memory of 3172	4752	chrome.exe	89
PID 4752 wrote to memory of 3172	4752	chrome.exe	89
PID 4752 wrote to memory of 3172	4752	chrome.exe	89
PID 4752 wrote to memory of 3172	4752	chrome.exe	89
PID 4752 wrote to memory of 3172	4752	chrome.exe	89
PID 4752 wrote to memory of 3172	4752	chrome.exe	89
PID 4752 wrote to memory of 3172	4752	chrome.exe	89
PID 4752 wrote to memory of 3172	4752	chrome.exe	89
PID 4752 wrote to memory of 3172	4752	chrome.exe	89
PID 4752 wrote to memory of 3172	4752	chrome.exe	89

C:\Users\Admin\AppData\Local\Temp\clumsy.exe
"C:\Users\Admin\AppData\Local\Temp\clumsy.exe"
1⤵
PID:2932

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff81edfcc40,0x7ff81edfcc4c,0x7ff81edfcc58
  2⤵
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1784,i,3874113862383996354,8109387997718185512,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1780 /prefetch:2
  2⤵
  PID:1712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2116,i,3874113862383996354,8109387997718185512,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2128 /prefetch:3
  2⤵
  PID:840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2208,i,3874113862383996354,8109387997718185512,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2224 /prefetch:8
  2⤵
  PID:3172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,3874113862383996354,8109387997718185512,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3160,i,3874113862383996354,8109387997718185512,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3312,i,3874113862383996354,8109387997718185512,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3556 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4740,i,3874113862383996354,8109387997718185512,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4748 /prefetch:8
  2⤵
  PID:564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4920,i,3874113862383996354,8109387997718185512,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4960 /prefetch:8
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5128,i,3874113862383996354,8109387997718185512,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:2324

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3064

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff81ecb3cb8,0x7ff81ecb3cc8,0x7ff81ecb3cd8
  2⤵
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,16411973858877239779,2145372524411438776,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,16411973858877239779,2145372524411438776,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,16411973858877239779,2145372524411438776,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:8
  2⤵
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16411973858877239779,2145372524411438776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16411973858877239779,2145372524411438776,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16411973858877239779,2145372524411438776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16411973858877239779,2145372524411438776,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4592 /prefetch:1
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16411973858877239779,2145372524411438776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16411973858877239779,2145372524411438776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16411973858877239779,2145372524411438776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:2736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16411973858877239779,2145372524411438776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16411973858877239779,2145372524411438776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2084,16411973858877239779,2145372524411438776,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5620 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16411973858877239779,2145372524411438776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,16411973858877239779,2145372524411438776,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5820 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2084,16411973858877239779,2145372524411438776,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5256 /prefetch:8
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16411973858877239779,2145372524411438776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16411973858877239779,2145372524411438776,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4568 /prefetch:1
  2⤵
  PID:676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16411973858877239779,2145372524411438776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16411973858877239779,2145372524411438776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
  2⤵
  PID:624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2084,16411973858877239779,2145372524411438776,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3996 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16411973858877239779,2145372524411438776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2084,16411973858877239779,2145372524411438776,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3340 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16411973858877239779,2145372524411438776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2084,16411973858877239779,2145372524411438776,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2084,16411973858877239779,2145372524411438776,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3400 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff81ecb3cb8,0x7ff81ecb3cc8,0x7ff81ecb3cd8
  2⤵
  PID:1040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1824,13742044595597894423,12634155094279791722,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1804 /prefetch:2
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1824,13742044595597894423,12634155094279791722,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1596

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4296

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004C8
1⤵
PID:1008

C:\Users\Admin\AppData\Local\Temp\Temp1_clumsy-0.3-win64-a.zip\clumsy.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_clumsy-0.3-win64-a.zip\clumsy.exe"
1⤵
PID:2640

C:\Users\Admin\AppData\Local\Temp\Temp1_clumsy-0.3-win32-a (1).zip\clumsy.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_clumsy-0.3-win32-a (1).zip\clumsy.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4260

C:\Users\Admin\Downloads\clumsy-0.3-win32-a (1)\clumsy.exe
"C:\Users\Admin\Downloads\clumsy-0.3-win32-a (1)\clumsy.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:492

C:\Users\Admin\Downloads\clumsy-0.3-win64-c\clumsy.exe
"C:\Users\Admin\Downloads\clumsy-0.3-win64-c\clumsy.exe"
1⤵
PID:4728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
a9d133377bb54aa0898ecb6b5be96842

SHA1
270101b149b23aa8e9c4726e5313bc5c7d9874bd

SHA256
95ea4f33c75a50a765acb266cbf0c0b0326eee1871a6f2ea73da5b73c6bcde0e

SHA512
7967a2833296280273e2e790f5d7e92b161ea90efdac4cdd4cde47132fb34fb79da4f2a1eb63f802dc41bbd02152d26283cdc2afffb7d4bbde1e2a49def71314

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
8e3419e947cf692772f41cba972c48e0

SHA1
180001682a673940a6aa70e403bd64d2a325b7ec

SHA256
b4dc4a9743406ed7fa2dc283320b818685810d127d3e7bb4a147a23a0c650ee0

SHA512
8310db9c37af34b9fdcda972d5f180c2e4df5931675eb6f55e8aa3955fdea689e5ffc3d2aa0456dc5ccf8e3440b45868ac057312876354b6d7ccb7c2940cce9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c5a6c51a518d975cd90eb44d5e8d4b26

SHA1
d31b06cdd5d6b8c58fdde9e7f448f6550141c75b

SHA256
c699e3e96ae90cb00645ddf86a72a3660c230d717f5d2838e47d25ac802f67bf

SHA512
786d505c74154afc81e5a5b9a8c206de6383be06a78a6d6d5466d8c260f451c8648bc2529e1501f5d15e314b24bdc60396fe85771cc4832127d492a4399d84af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
a9c55b575c739307551af90c8aefeea9

SHA1
35d850d6b89a0a0c9e1799013c460ef23f403f46

SHA256
59aacfaa1d70dd8a971cefc549dfb0313c729504a898b40ee59cdd8105bcfc89

SHA512
9cdbbfacff74d5a6fc8923eba016acc441eab3971b17c4e39995aea1e0c852ea4aa383121bcad0ec0da5233146460292bf3998df0e59afec112776ad5b692fb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a7ab7efe8c0713912a9a67570222d853

SHA1
ea5a0501a0b86896422ad8f8259d9adf4929b5a2

SHA256
e9582f33578b778d7d08b11f7342c05ea70a4c3fd030293b3a34a9b375bd1f19

SHA512
1bf9797e1698857e69682a23d800cca4e57cdf432f81407133f158b158c24ebe40bb0c34fe0d11755de6b3c4cfa89e81ae8a3aadd2ed7168bfd2bc911e030966

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
2e74993b43825bb3e460813090c63185

SHA1
2ca4bd2a8121a906c9cd6db68e786bcb358bd448

SHA256
8a7b0234e9cd396a4cc01014908bce7bdd2f6c2487be82bf5d69420555d6a825

SHA512
2305762b2c451d5150f771001eda43caae9c2cabb6c0ae40eec20d7910cc59cf5592dfdf9548a90f30ebc79119b3301c3c895d51b4865ffa92b8f80ec858aae1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
211KB

MD5
799673803c656c97e63f4ed632878537

SHA1
4858be6a56b9e99bac569d74674c2dc2111faf12

SHA256
9919ad30e3c0322ef9c4767a694c163c81efe6ee15ee040342cf85d71ba4a3ea

SHA512
c0cd4199ca183b0cd141624ae4d0415e69cccb3bb0a22212cb275d9d756bb6e88f8f4428ff95484a0113294b5eb61608728e45924f51c476d1b609ca00c7acbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
211KB

MD5
4b5b9f111d6f594ad19f839719cccae8

SHA1
2ac568d4a3fb5983d89f4b4a2af085f97c121b62

SHA256
28adae95abf168ea27a5b82be1810a41192a33d1993bd4342edaef6988cc475f

SHA512
119d21ebe75510f010e7b8b35f992457123dfb28d8a9fd65a8547faac0ea85bda182738066ef9f46abcec89d5b9cf57cb042d35a06baaecd927c7da43b39654f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5578283903c07cc737a43625e2cbb093

SHA1
f438ad2bef7125e928fcde43082a20457f5df159

SHA256
7268c7d8375d50096fd5f773a0685ac724c6c2aece7dc273c7eb96b28e2935b2

SHA512
3b29531c0bcc70bfc0b1af147fe64ce0a7c4d3cbadd2dbc58d8937a8291daae320206deb0eb2046c3ffad27e01af5aceca4708539389da102bff4680afaa1601

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0487ced0fdfd8d7a8e717211fcd7d709

SHA1
598605311b8ef24b0a2ba2ccfedeecabe7fec901

SHA256
76693c580fd4aadce2419a1b80795bb4ff78d70c1fd4330e777e04159023f571

SHA512
16e1c6e9373b6d5155310f64bb71979601852f18ee3081385c17ffb943ab078ce27cd665fb8d6f3bcc6b98c8325b33403571449fad044e22aa50a3bf52366993

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
6ee47ca471ff4bb725c416aafb996d2e

SHA1
3181b4cbf358f19266de3a702518e177911ae1ae

SHA256
94200712ed99cf812f2fc22636f2f71315fbfd1146a7dc2232316b4f6c33d0a8

SHA512
e7b19df6ea322e05d4162cbdf9ea1ad2ad591d3cc41afb4468925723468b441e355890d7304b9f82f765c68f3d0116c6e037cca5f32597799aa39e0011331aa4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
931B

MD5
cd4dd746d91d511c6f14a4902dd76eb5

SHA1
261d2526349b39f2b2176631e9f317b8377d98cd

SHA256
f8f64dd556a91f48b4dcfb12ec80773eaa75ec59a3099e52f47fef945ccc2ec6

SHA512
72c52ee6eb925c878b1d058175c15192d1e1a148659601de3bd434f2873780ff91d00bc2524b5419d85693d4d53c0990c0fe734f510efa17e7379e278da8ea00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b89335b28295fd474f87061f39156ca9

SHA1
4a8df6d9da0f1b1118d9abe27d41049e570f8b66

SHA256
d3ab4286b31f32907593e19cf39b366bf1c593c890885ad38213906452cb4276

SHA512
8cdf84c724c58dfadbcaa24f3209f0f5ac096aba9888484631be36ca96f74611b3b1e5d2697b520dd2bd8f475f29734cbd395f6c217051a564f9665955445cfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0c13c16a1171831b766391de13737224

SHA1
8d0030935d0913cd22e46d36b64749251916d53f

SHA256
e088fd8cd40a896d63f55fb1ef6667a70f9001fc8b8f8b8beb65b45e7dc53893

SHA512
fa15d67ccbff73553b23c4a7a45c2771f5252a60714685ae23f74f687415d4cf9501e3898f4cd39039c526438bd5164e3827ee0e8b2fdc5f6d18e444f5bf2a81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
334567b4cc0d063415ae0db36ef0e928

SHA1
c27ecaa55d3f5d3a5be3f09e2cff21d94162e24d

SHA256
865b49e80d68c478e0a6b7ceb382401442a5cc08e234b9605ff817cd28d5627c

SHA512
ed8dce926beec35c8118129a9be72eac153ac3ce765da65c426fa0baa98776c0792d9e8773bd548df5b9eb54123d80f7b9506e057015154c95f971077f96b8b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
97b85b22dcb665bc154e1c5281f33f91

SHA1
8486d2d28f18d37ddd2fe7cb544bcf58f59ec09b

SHA256
16343ddfff7b37bf6cb8ef2880295e477c79d1dbebf66cac4e27ee5ff65fabe6

SHA512
eadd934bd3e26ac7eecbd9d95bfc0b653223c1b99facfa9ae0dd378626e4c10d22bf93dd34db5bc2cbcccefbc2898d6c8a87a3ce6488622779adfce0bae400a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0ce1f419d50d7977d05e965c3c48f863

SHA1
0df31e58c79d6db864a987b3fe18dcef4809fc63

SHA256
efd6bacd85a7fd6d5c696d077e48143b003649223f76982f03535aad432391b1

SHA512
3530a259ea18693255583502611ae5a5de976d313b225f19cc5513824b44f8c44055fcf7e9b3367a92eccd56c401c2ec16e4606f3a2feca73a2616533f91fe08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9a402430a2e3ad581f835a5d69510672

SHA1
2f7e379370e9dfa88c046735428f9c39bf268205

SHA256
720d5dae30b0f03b8ee00f22862536646637965e4dd6bd31d676a1595b0cadb2

SHA512
90db250f2b2b953b3ef07789180737015c355f0424d72d27974aa64fe6ab28de1129345480db8246419a7d4cddefbe49cfb7166b269f1acc51bb951f8f2c292d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8156852ba54db84140e25cf6437bf78f

SHA1
e5976ef8a908cb8c4d1f602c5f9b7c9b9e18d958

SHA256
ee884a184212d8082becf3fe94fe01180da1e804c5691a4cdd6ea3379529a102

SHA512
4fd9a1e12d27463df77fbf4f583d797fe02c0ef6de14c3c22b082ce86653e71117bb5ffd9e621999e7a2b5482c233fcd494ddf123c06abbf0cb305b88663d185

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58631a.TMP

Filesize
1KB

MD5
eb386e530488e845e100e1996e7db102

SHA1
2c826a5d71a6490af0b59559ba9bf0f728626628

SHA256
3d454a8b91f025f9c71a2920d8a152661558a6b630ffac4fd305585245765440

SHA512
58fa5ae733329ec2c178e64e419aada5d2f97a97c4e4481e4d2fe697109fc375a2d690599aecadc4cf8fe7d2722fb0ddc2f711d0978541f0d0eea27a41e210f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7193a95a12df237965617f1cdae68931

SHA1
df428609a415f76f250162974d730938ec034b8a

SHA256
56d74a78262eee68af5111aaeeb0e92aed5fa203f90896ca1634ce38b513d0b5

SHA512
8c60f66ad89e5584338ab57644ebc01ed500390761f99abdf4ae4cd7e3203514a164dc8f6e925c7afb77a93dc0410b9262597de8a52b6477b352eb42d37cdcc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
61eb15105803fc109a39a467ad6ae835

SHA1
78a2ece95cd8d25ef4cb3f75ce2efb1711f60978

SHA256
75645836f2acdf7e26289be6975a3661529f671cc02b6e8192a36d13620ac378

SHA512
65d48d9eff8c2802d58cd8dcc782051bbba5cfe764f2368085a278ba4444df3935fedf153ba6b99fbed280ca07a544bc43b0214a6eafdf7293ecfa37859f9d70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
6eb8e06ffa7bec3d4ab6d32590426f6f

SHA1
aeae13b78b32d5b8aea5221cd6d594c3a79f5c46

SHA256
e38cdaf9946a9fd88c49cd7d9963a128820766d1c8eda7ab1e8c6ccc8c122e0c

SHA512
f6b9984ba44d8c597a075a4b7415a27c74fbdb29778ba388f7f06a5313edaaba3baa94dc069782729345ad5a317a764140baca9f3c2034a89349d6cf13811909

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d29c5d27bfde7f2555d3c544f4e2000e

SHA1
955546154e79ce48decc8e1b595a62754a937823

SHA256
0e418c39c2bd56c286a43e34ab312f890ef112e940e0ea47b729a380c203c7c8

SHA512
0d255c879af9ba35eef1490518227149a2458539408c36f66ef5d37b000c81708296e2c330eb80c25378c0cf68b6e3a45daca93af77921c8b60c79ca263619b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c16ed3d6783a9e0eeddfd55df5c79d4d

SHA1
5f954677b28341c2e858a93547761afcc321863a

SHA256
9aa91c869f1d460327553b3ba3e577284c2eff75446e65df7b2f3d20508ced77

SHA512
cfa2a06760130908a8a4a15d913ae339e2aa30962ecae90f20b56d1757536a26bdfd814bdbdfa8e298ea023ab769ee01a459786e6f778c87b8d6400d8889f9c3

Download Submit
C:\Users\Admin\Downloads\clumsy-0.3-win32-a.zip

Filesize
568KB

MD5
38963e0c87202a3e2fefe3389de65d47

SHA1
3eb7af1f94aac8ece1c40407aece24408bb22abd

SHA256
57b880f65e8a628a84749df09358235676e361f576fc263f00f4f275c1a4ea51

SHA512
4358488000d54d102601a8df37ece687e1a24e8912628dbf3d7af32f8cfc8ad66f8ec0270ec393fcad8b107c8b23870768881c085c4478a730397fecad47d0a1

Download Submit
C:\Users\Admin\Downloads\clumsy-0.3-win32-a.zip:Zone.Identifier

Filesize
607B

MD5
3b97403742e5c14ca47dd12c8207221a

SHA1
4a95c05674ef190ad4dad703ae11a3ff62ce482e

SHA256
9e02399379b32673a46e86c7332ca6ec0b158a00015798491a15a319d43b4d7e

SHA512
4a60baa549f9d35e50efd6f728f9c8ef5ae76be53fecec650bba335a86a9e759252918ff1da6dd4ed89a092097c383ed3b5daa43336a327f2f4b9abf6e9e7b62

Download Submit
C:\Users\Admin\Downloads\clumsy-0.3-win64-a.zip

Filesize
524KB

MD5
4b53a792fdd035a7ac6b335b705fdfbc

SHA1
2be6fbe140b4ec1d91b043bf2f3c6b5ebbf8122b

SHA256
f50dc734148815831c67d9fc2c246c22d421c53dcea51e26eee905b0b2806c27

SHA512
7f87683895bf833636f81d1092adb6fafb42457890f6631cf532c9909502eb598e6f5eeeeecfbc416048123133a52fd7e5ddaece65a0f5bcfc4a62c824ae5b5e

Download Submit
C:\Users\Admin\Downloads\clumsy-0.3-win64-a.zip:Zone.Identifier

Filesize
607B

MD5
35ea7a03c9d41fd8d45730df9caad336

SHA1
3bb4725437e6cc844d1580785c1332d3947bc9c5

SHA256
9cd465279a7dd392ddf2ba48f7adfa925cccb20eae56fabb6b5c8a3b00e84d70

SHA512
d4649e9373dc9d337de58a7f58bb83995340663fa97dece6497fa36743595c9c4591781f3cf3fec942191c5d753dddf5f20e3e7f8ca00760253db895fd5a5440

Download Submit
C:\Users\Admin\Downloads\clumsy-0.3-win64-c.zip

Filesize
523KB

MD5
c4bff457ccdee069b604c80123e09eb4

SHA1
8d7b052937552b4d8b245d102592914552569817

SHA256
64781e9840146e3f5c3196915452ef87939eae4445695ed47b05eda34148286c

SHA512
76432d4b667195d2eceba273326b7519ca95901ace015f70ae858e992abc461b8b58d2dcd701ebb6346123243d69962d60dd468df8dd9e63edd9591f592646ba

Download Submit
C:\Users\Admin\Downloads\clumsy-0.3-win64-c.zip:Zone.Identifier

Filesize
607B

MD5
b69e33158aa6bf111a862991d9f8a58b

SHA1
d47c5c7b04d4741d0c3e7143b826e5621d702d02

SHA256
a1ef0a1dde6c24ed33bae5d58f4547b2245f84b0da1ecce35caeeeb7fe73da72

SHA512
235f4ba17c92d9cfc903f1ef7e3a3428770cfcdaf4fbf60a8a723678002ba4b5419dde51a762535df18d120826fd92099f74f1493190b8e10f41b97226fb337f

Download Submit
memory/492-644-0x0000000063D40000-0x0000000063D4F000-memory.dmp

Filesize
60KB

Download
memory/4728-670-0x0000000062800000-0x0000000062813000-memory.dmp

Filesize
76KB

Download