pandastealer | 2817c7f5100108bdca6946d1027566de7a128c0e52fee90db9fe67ca2f64981e

Analysis

max time kernel
284s
max time network
285s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 15:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

functionalities2.png
Size

73KB
MD5

d27f7cff4db6458edd548d20c41565a1
SHA1

fda531d527be5f908e82eee0a54b6a03521c5f9d
SHA256

2817c7f5100108bdca6946d1027566de7a128c0e52fee90db9fe67ca2f64981e
SHA512

7cb1984230729445d10ece5fc0dd5dd2f92993de1315261080783ddca0b6d28beaf8d7a4f3406566c4287f5cced7b379aaca23bba755546adafbf6117c926b0b
SSDEEP

1536:qNpoQE2ygvB2zUTqvq3PLxloMfFxtkCeitQxrJ9tRXDo2q:woO/9aMbtkCeFPTDXq

Score

10^/10

pandastealer spyware stealer

Malware Config

Extracted

Family

pandastealer

Version

1.11

127.0.0.1

Signatures

Panda Stealer payload 3 IoCs

resource	yara_rule
behavioral1/files/0x0007000000023700-1191.dat	family_pandastealer
behavioral1/memory/444-1193-0x00000000001C0000-0x00000000008E8000-memory.dmp	family_pandastealer
behavioral1/files/0x000b0000000234ae-1199.dat	family_pandastealer

PandaStealer
Panda Stealer is a fork of CollectorProject Stealer written in C++.
stealer pandastealer

Executes dropped EXE 3 IoCs

pid	Process
3756	BitRat Cracked.exe
444	CollectorStealerBuilder v2.0.0.exe
4616	build.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133609517345999704"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 33 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	CollectorStealerBuilder v2.0.0.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	CollectorStealerBuilder v2.0.0.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	CollectorStealerBuilder v2.0.0.exe
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings	CollectorStealerBuilder v2.0.0.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	CollectorStealerBuilder v2.0.0.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	CollectorStealerBuilder v2.0.0.exe
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	CollectorStealerBuilder v2.0.0.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	CollectorStealerBuilder v2.0.0.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	CollectorStealerBuilder v2.0.0.exe
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	CollectorStealerBuilder v2.0.0.exe
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	CollectorStealerBuilder v2.0.0.exe
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	CollectorStealerBuilder v2.0.0.exe
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	CollectorStealerBuilder v2.0.0.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	CollectorStealerBuilder v2.0.0.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	CollectorStealerBuilder v2.0.0.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	CollectorStealerBuilder v2.0.0.exe
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	CollectorStealerBuilder v2.0.0.exe
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0	CollectorStealerBuilder v2.0.0.exe
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\1	CollectorStealerBuilder v2.0.0.exe
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\1\0	CollectorStealerBuilder v2.0.0.exe
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	CollectorStealerBuilder v2.0.0.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic"	CollectorStealerBuilder v2.0.0.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	CollectorStealerBuilder v2.0.0.exe
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	CollectorStealerBuilder v2.0.0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	CollectorStealerBuilder v2.0.0.exe
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	CollectorStealerBuilder v2.0.0.exe
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	CollectorStealerBuilder v2.0.0.exe
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	CollectorStealerBuilder v2.0.0.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	CollectorStealerBuilder v2.0.0.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	CollectorStealerBuilder v2.0.0.exe
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	CollectorStealerBuilder v2.0.0.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3120	chrome.exe
3120	chrome.exe
4948	chrome.exe
4948	chrome.exe
4616	build.exe
4616	build.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe

Suspicious use of FindShellTrayWindow 55 IoCs

pid	Process
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
1584	7zG.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
4836	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe

Suspicious use of SetWindowsHookEx 20 IoCs

pid	Process
1228	OpenWith.exe
1228	OpenWith.exe
1228	OpenWith.exe
1228	OpenWith.exe
1228	OpenWith.exe
1228	OpenWith.exe
1228	OpenWith.exe
1228	OpenWith.exe
1228	OpenWith.exe
1228	OpenWith.exe
1228	OpenWith.exe
1228	OpenWith.exe
1228	OpenWith.exe
1228	OpenWith.exe
1228	OpenWith.exe
1228	OpenWith.exe
1228	OpenWith.exe
3756	BitRat Cracked.exe
3756	BitRat Cracked.exe
444	CollectorStealerBuilder v2.0.0.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3120 wrote to memory of 3604	3120	chrome.exe	101
PID 3120 wrote to memory of 3604	3120	chrome.exe	101
PID 3120 wrote to memory of 4944	3120	chrome.exe	102
PID 3120 wrote to memory of 4944	3120	chrome.exe	102
PID 3120 wrote to memory of 4944	3120	chrome.exe	102
PID 3120 wrote to memory of 4944	3120	chrome.exe	102
PID 3120 wrote to memory of 4944	3120	chrome.exe	102
PID 3120 wrote to memory of 4944	3120	chrome.exe	102
PID 3120 wrote to memory of 4944	3120	chrome.exe	102
PID 3120 wrote to memory of 4944	3120	chrome.exe	102
PID 3120 wrote to memory of 4944	3120	chrome.exe	102
PID 3120 wrote to memory of 4944	3120	chrome.exe	102
PID 3120 wrote to memory of 4944	3120	chrome.exe	102
PID 3120 wrote to memory of 4944	3120	chrome.exe	102
PID 3120 wrote to memory of 4944	3120	chrome.exe	102
PID 3120 wrote to memory of 4944	3120	chrome.exe	102
PID 3120 wrote to memory of 4944	3120	chrome.exe	102
PID 3120 wrote to memory of 4944	3120	chrome.exe	102
PID 3120 wrote to memory of 4944	3120	chrome.exe	102
PID 3120 wrote to memory of 4944	3120	chrome.exe	102
PID 3120 wrote to memory of 4944	3120	chrome.exe	102
PID 3120 wrote to memory of 4944	3120	chrome.exe	102
PID 3120 wrote to memory of 4944	3120	chrome.exe	102
PID 3120 wrote to memory of 4944	3120	chrome.exe	102
PID 3120 wrote to memory of 4944	3120	chrome.exe	102
PID 3120 wrote to memory of 4944	3120	chrome.exe	102
PID 3120 wrote to memory of 4944	3120	chrome.exe	102
PID 3120 wrote to memory of 4944	3120	chrome.exe	102
PID 3120 wrote to memory of 4944	3120	chrome.exe	102
PID 3120 wrote to memory of 4944	3120	chrome.exe	102
PID 3120 wrote to memory of 4944	3120	chrome.exe	102
PID 3120 wrote to memory of 4944	3120	chrome.exe	102
PID 3120 wrote to memory of 4944	3120	chrome.exe	102
PID 3120 wrote to memory of 4588	3120	chrome.exe	103
PID 3120 wrote to memory of 4588	3120	chrome.exe	103
PID 3120 wrote to memory of 2644	3120	chrome.exe	104
PID 3120 wrote to memory of 2644	3120	chrome.exe	104
PID 3120 wrote to memory of 2644	3120	chrome.exe	104
PID 3120 wrote to memory of 2644	3120	chrome.exe	104
PID 3120 wrote to memory of 2644	3120	chrome.exe	104
PID 3120 wrote to memory of 2644	3120	chrome.exe	104
PID 3120 wrote to memory of 2644	3120	chrome.exe	104
PID 3120 wrote to memory of 2644	3120	chrome.exe	104
PID 3120 wrote to memory of 2644	3120	chrome.exe	104
PID 3120 wrote to memory of 2644	3120	chrome.exe	104
PID 3120 wrote to memory of 2644	3120	chrome.exe	104
PID 3120 wrote to memory of 2644	3120	chrome.exe	104
PID 3120 wrote to memory of 2644	3120	chrome.exe	104
PID 3120 wrote to memory of 2644	3120	chrome.exe	104
PID 3120 wrote to memory of 2644	3120	chrome.exe	104
PID 3120 wrote to memory of 2644	3120	chrome.exe	104
PID 3120 wrote to memory of 2644	3120	chrome.exe	104
PID 3120 wrote to memory of 2644	3120	chrome.exe	104
PID 3120 wrote to memory of 2644	3120	chrome.exe	104
PID 3120 wrote to memory of 2644	3120	chrome.exe	104
PID 3120 wrote to memory of 2644	3120	chrome.exe	104
PID 3120 wrote to memory of 2644	3120	chrome.exe	104
PID 3120 wrote to memory of 2644	3120	chrome.exe	104
PID 3120 wrote to memory of 2644	3120	chrome.exe	104
PID 3120 wrote to memory of 2644	3120	chrome.exe	104
PID 3120 wrote to memory of 2644	3120	chrome.exe	104
PID 3120 wrote to memory of 2644	3120	chrome.exe	104
PID 3120 wrote to memory of 2644	3120	chrome.exe	104
PID 3120 wrote to memory of 2644	3120	chrome.exe	104

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\functionalities2.png
1⤵
PID:1300

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding
1⤵
PID:4068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8e69dab58,0x7ff8e69dab68,0x7ff8e69dab78
  2⤵
  PID:3604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 --field-trial-handle=1896,i,11806338635810334863,18383133345104556101,131072 /prefetch:2
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1896,i,11806338635810334863,18383133345104556101,131072 /prefetch:8
  2⤵
  PID:4588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2244 --field-trial-handle=1896,i,11806338635810334863,18383133345104556101,131072 /prefetch:8
  2⤵
  PID:2644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3076 --field-trial-handle=1896,i,11806338635810334863,18383133345104556101,131072 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3096 --field-trial-handle=1896,i,11806338635810334863,18383133345104556101,131072 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4344 --field-trial-handle=1896,i,11806338635810334863,18383133345104556101,131072 /prefetch:1
  2⤵
  PID:4272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4336 --field-trial-handle=1896,i,11806338635810334863,18383133345104556101,131072 /prefetch:8
  2⤵
  PID:936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4632 --field-trial-handle=1896,i,11806338635810334863,18383133345104556101,131072 /prefetch:8
  2⤵
  PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4780 --field-trial-handle=1896,i,11806338635810334863,18383133345104556101,131072 /prefetch:8
  2⤵
  PID:3336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4628 --field-trial-handle=1896,i,11806338635810334863,18383133345104556101,131072 /prefetch:8
  2⤵
  PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4796 --field-trial-handle=1896,i,11806338635810334863,18383133345104556101,131072 /prefetch:8
  2⤵
  PID:732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4656 --field-trial-handle=1896,i,11806338635810334863,18383133345104556101,131072 /prefetch:8
  2⤵
  PID:1920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4728 --field-trial-handle=1896,i,11806338635810334863,18383133345104556101,131072 /prefetch:8
  2⤵
  PID:3528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4620 --field-trial-handle=1896,i,11806338635810334863,18383133345104556101,131072 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4648 --field-trial-handle=1896,i,11806338635810334863,18383133345104556101,131072 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4636 --field-trial-handle=1896,i,11806338635810334863,18383133345104556101,131072 /prefetch:8
  2⤵
  PID:2024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2572 --field-trial-handle=1896,i,11806338635810334863,18383133345104556101,131072 /prefetch:8
  2⤵
  PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4568 --field-trial-handle=1896,i,11806338635810334863,18383133345104556101,131072 /prefetch:8
  2⤵
  PID:508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 --field-trial-handle=1896,i,11806338635810334863,18383133345104556101,131072 /prefetch:8
  2⤵
  PID:628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1552 --field-trial-handle=1896,i,11806338635810334863,18383133345104556101,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4100 --field-trial-handle=1896,i,11806338635810334863,18383133345104556101,131072 /prefetch:8
  2⤵
  PID:2564

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1744

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4940

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1228

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\BitRAT Builder (Unknown Variant)\" -spe -an -ai#7zMap14114:124:7zEvent26741
1⤵
- Suspicious use of FindShellTrayWindow
PID:1584

C:\Users\Admin\Downloads\BitRAT Builder (Unknown Variant)\BitRat Cracked.exe
"C:\Users\Admin\Downloads\BitRAT Builder (Unknown Variant)\BitRat Cracked.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3756

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Collector Stealer Builder\" -spe -an -ai#7zMap6644:110:7zEvent20549
1⤵
- Suspicious use of FindShellTrayWindow
PID:4836

C:\Users\Admin\Downloads\Collector Stealer Builder\Collector\CollectorStealerBuilder v2.0.0.exe
"C:\Users\Admin\Downloads\Collector Stealer Builder\Collector\CollectorStealerBuilder v2.0.0.exe"
1⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:444

C:\Users\Admin\Downloads\Collector Stealer Builder\Collector\build.exe
"C:\Users\Admin\Downloads\Collector Stealer Builder\Collector\build.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4616

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
34af09fb9b0eff91f3418476e6e5f600

SHA1
479108b01487ce7f55be40b2accb2efbd6977ef9

SHA256
4f23d8eed54f80a82612b0bcbbd357fe3b4eb53cbfa0d145b5966948c53d54cf

SHA512
3f47d2324b163677dbe76102b951cab16ad0e6236d869a90ba3239713e676ef3c6a3a10e11d3f8edfcef4bfeae49b4ce94bac5c15417d3f1528e5d4bf796eebf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
08a6c279d47e941b759281ba53d01a45

SHA1
d7d1b8351cd417c8e3e29514f0dc48520cadca57

SHA256
1cfbcce6af726157bc70e31c77e227205536562f3d69e3369198e75af782f319

SHA512
7b74fdbc95179d4746eb96e7099fdd1295fc7e48f7b3bd85775fdc876eb0af6e36e0b9628c16265bc7e7f4238fb4e221cb2ff027cb0f61cfc6c56d941ca83da0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
7990d596643ba2227547e00211ba2568

SHA1
be54f6cf1d1a607397a8fe6066c756b8df04e1d7

SHA256
40a9475d5f92bcd85d5d2e7c325f7e4d7a26e9b0b78d5554eae7c4924496b6f4

SHA512
06b7d3e186f5c27abf5c35cf87f9a37a0699da38e509c06b0b6c6952ac9ee2c091479254d1c7f29c74d08b1706a38e5fae12ca65fecaa4ee2af07faf325a45c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
fa0dc7f05105e6b61afdc927aa993083

SHA1
a7717401b7260816c1a556ac0bc0e36895a0c012

SHA256
a22575a686b96a3fce5d8b29893e246f5b57103d726c4c9db7b1969be0661f67

SHA512
4e0737437cf56b1538b481a7b1c900f7ead91220ff65237081380450e895f3adec3019a4fc18bad7a1c9223227009bee5eeccf022165ebeac26d6dd93dd5cfe6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
ff08806ca0494f2463711ea9796a2ec3

SHA1
7cdedb76afbb4c8ce2985be65d0435b3b9c17ce0

SHA256
cb10ca8f08a095bab1d263b5e5a9826acebf4fd7a7da5e7c77738e5a0fe9cf93

SHA512
2085ec9be8a5aa646a897e5c7e2782b087ca60de03e521abd406910e92fc227e75d548d6b754b11a9f1f06f1f557a410f9e21238857a77ac1444700be5731017

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
27d56d8b8cb2d7619a7f804d34b80fd0

SHA1
05d8d73cdab8b776a20f0609bbfd7477d4d4ce17

SHA256
9ac2d7fb47104e472e9adb0cc6fdee14d2f65cf415e2ff3cb1aec6b734bcfce4

SHA512
4c616f759b88b498edb3c3dce6c156c01a5101170d80482fd62d06229b7d2e3955d649ed467eb03446b9dc52cd54dbb0e683d7bd3d92ba61e90c88fbfab1b493

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f2fb1c3d19dd0ae62934337f7304e98b

SHA1
972b512a15120e95fd50c4cca20f029ed518b5ee

SHA256
b176fa842536215f8759ee1aba981c2fe8519e25ee6a59b4dc257688f1a8fe21

SHA512
ead99885dbb67cae8635ccb42842e105a3e519c14e754d8c09538500935cd37bb352117acc512711f3e34589d90ac91cb44f9735a251a835064b4e0d0ea2f64e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
b0c8159f86e28e02c25bd63310be60db

SHA1
52241d1acd93a1b99688a2589085088f7cb11ac3

SHA256
63851b4d66650b57e5e33e1fef4c99943869a15560d41047d1386841e64e3279

SHA512
0443546dfb1dcf9ead24808b5133bb35f12e757b38d0429e3b9fcba210e64daa20d244e05e4ac2d6cfa0df27feafb4c2c17d24628ce6fc55c46a7b9ebdda0e56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c454d3a357ec137fa3a7b605ff9531e4

SHA1
3904e0ac65b82107164e258a16abc8b5209b66a2

SHA256
ff64592c2b0595065d11b5189a52cecf5b2304e2f7fcf32cb748e5ee01d30d66

SHA512
e8aa45e67fabacc3b3df313160186e990553278b0d0ade1041de1a7e2236ed5d969b69acf53d90ef6d43616a6ecf49f2a3600652513b88cb4e9d0916e28fd9c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
7075323949c7f37208247acbe8ed9f37

SHA1
ed9d8caa37689ab5f74e9d7fadae9925390539cf

SHA256
331eb813b9a13082d85f25c6524c47137436ef243b4e1761b2bb6e1c1b9f4299

SHA512
c8b6ad1d8867514c82a2b230dba33ab24f8be76dcdbf93e7aad8e0313f2742782dee1d3488a042885b60e448972087c189c352244c84de77431060211f5cad62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
aac31f0302bb47a84eb4f1bc49401a5b

SHA1
ef092be8125b54142afdaf225f5e79034541876e

SHA256
2fd998af872b5742e49f9d0f3c8c7bf04d4535188a7518d32fffd32d99b41969

SHA512
9f164ac506f4cbdef1c7dabe0bcc8056d33dc12c218b5122e83c40df7239df47966c0b1665a808ace05daa8fcaac7aca7df660ccff9f506f19c0431585a8ad50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
024a743ed8049654867592e783928bb6

SHA1
bdc7847fcdfd88b5e21f06c1c1a628bfc00cc210

SHA256
f83725a99243558a86c26507e5886325a272aa172cc7fdf3cc10bf5086a9d5fa

SHA512
525717de7dcf62ee415424b0bb495980e05ab11f117c9d7be828bb46b763b23bf5f5a155d5d9d091f70f6825f4c610c36868e9ba1063cfe5a8a7b9603e5e5643

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data

Filesize
100KB

MD5
69a10a8499fc1c12880c211bc524bf99

SHA1
3cb8002cadf603ba8dc6229c4bbbec9c2fbbcce1

SHA256
1b4d7411d4df16547a8e3e2c7d25a7fce4129a7185724f541cc0cfe56a5629c2

SHA512
cbb3c0efda9642e4482f20069d564ed176de34fa719414590b0ff5155f1ac7da14952874ace29147c775b604a8bae97bfdda122a55131b0e71b0406d43ab1016

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
260KB

MD5
0fe39ae2dc4ad00c8712eaa215c342c3

SHA1
bf5ca75280046b18197835a55e9d325ed1a5dd91

SHA256
b22df1253b8570ede85a7bcf8deb4aa40112248183bf758290011a7b9829d37f

SHA512
fab1f18fd8f4c7e22c3cc51a80ee742744974155708dd884d390a4fd7fe69fca25469aac6be37e1c0903543f2e732720f990c63501e48dbed68609d3aaeda685

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
7df66b124049910f80e9f535afbf50b9

SHA1
1b10f2c84deb98e47becc3d5576b2744e4f9d79c

SHA256
8b987a6410ad7ff86634d67638e681d9b33b7032006d5fc346ef5788b2012e3c

SHA512
5180af0b7b6b5cd81788d4f95fc75158695cd824e32cc7eb36deb64d7e6894d312da163b780182ead1577b9d229f7c1e9c3d5f470288f7cc9d3d3da26427562c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
91KB

MD5
653001a0d4c9005801fcd3cfe63d3cb9

SHA1
942e2ca7b78b115ad963e26c52726510ac264801

SHA256
a9defa45f3e6ccdb36a2dc6c9afa7aaaf77f62ccfa7d511d869d53a74607900d

SHA512
9c4ff0919c2feef603c153ef9f79501c872bfb17af01335f3b985deb4fea88146d571e18b0380541637eb06e9d47c3c3e32e998254982848303f682e8f9f85c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57ea02.TMP

Filesize
88KB

MD5
ec3e97ccdfbe5c0523c12535e3d9f293

SHA1
9d2791c96fae160c9738584132c8b74665183086

SHA256
22856e928cb65cb4a2f82ab69bfe7fa436ea056498f5ce5fc8eaac9ea168829a

SHA512
ca593b0b4d9d6c694c7aa463f26be2fbcf1e13ed2e55c56e47a357e25d4baf74e4b6a9af1ad1273345dda03426985d4acca6c826bb4c4a255adaf2f63edb712a

Download Submit
C:\Users\Admin\Downloads\Collector Stealer Builder.7z.crdownload

Filesize
3.2MB

MD5
f9d6871b9240fccfc2b8f9ae5149beed

SHA1
7b292366771827d06c4f7d3f15be72dfc70cc540

SHA256
3deb336acc00cb29ba21f4eafe57faaf81894339151c9abeeade89ece3de88ef

SHA512
43094702f145028f4c0d2e4ac77e7f3e768b6eb6ed8c683a41bf3a2b6e36feb28a5e8587a238f8776480273be23fc8de9f4fff215989d2a4944ac013f1e8e8d3

Download Submit
C:\Users\Admin\Downloads\Collector Stealer Builder\Collector\COLLECTOR\assets\js\extensions\cookie\bootstrap-table-cookie.js

Filesize
89KB

MD5
1ddf0b026b7d3aa9b0103401813eae4f

SHA1
482eca155470ee7c04fe2b84d17dfd37065acead

SHA256
610ea8f4250c66d739baa35fe38509af89c10c64405b0679ce63aa181a25bcc4

SHA512
fc631669f8251a2c91eb5718afc5c0ff980c752037f194166735789cb390d315b533096fc3ea3a001bb8f5af0cba0d4e3b85d596647a9799d7c0c3c85a098089

Download Submit
C:\Users\Admin\Downloads\Collector Stealer Builder\Collector\CollectorStealerBuilder v2.0.0.exe

Filesize
4.3MB

MD5
54530f88c8e4f4371c9418f00c256b1d

SHA1
0d08e77508f2db70f4a6ec08834febc8a1c6efc6

SHA256
01f8bbdf9b65a8181d96fa6472537f8194ecda04b902350bd435e04eca06a132

SHA512
1ea4a40a8134586c57f3868d577f434426ae2568606ba619ee09c95c908b235f209c5faf093cc3306a73b54d5ba397e891685a37e42d38e40e4f7eade9570193

Download Submit
C:\Users\Admin\Downloads\Collector Stealer Builder\Collector\build.exe

Filesize
681KB

MD5
5ca21f42a39d1cec23e91cbd5fbd0f26

SHA1
28f3d92c4218231790275a8503551aa804686ea2

SHA256
cf03c64ecb4053630112cc2f6050e281d1c1ab21c28bfb484b1d75517d0d4afd

SHA512
a8881af113a4233839224289bb13288cf59d1175130b2a92fd6d821c7c0a1c7257c4e2e62116cb450a9e5b0a6827ad8c94c83d7a3199890b8cae133374f9d692

Download Submit
memory/444-1194-0x0000000005A50000-0x0000000005FF4000-memory.dmp

Filesize
5.6MB

Download
memory/444-1195-0x0000000005580000-0x0000000005612000-memory.dmp

Filesize
584KB

Download
memory/444-1196-0x0000000005710000-0x000000000571A000-memory.dmp

Filesize
40KB

Download
memory/444-1193-0x00000000001C0000-0x00000000008E8000-memory.dmp

Filesize
7.2MB

Download