lumma | hxxps://app[.]mediafire[.]com/wpwomcqc0688x

Analysis

max time kernel
188s
max time network
185s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
08-01-2025 17:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://app.mediafire.com/wpwomcqc0688x

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://robinsharez.shop/api

https://handscreamny.shop/api

https://chipdonkeruz.shop/api

https://versersleep.shop/api

https://crowdwarek.shop/api

https://apporholis.shop/api

https://femalsabler.shop/api

https://soundtappysk.shop/api

https://letterdrive.shop/api

Extracted

Family

lumma

https://letterdrive.shop/api

https://soundtappysk.shop/api

https://crowdwarek.shop/api

https://versersleep.shop/api

https://handscreamny.shop/api

https://robinsharez.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Executes dropped EXE 2 IoCs

pid	Process
824	Collapse.exe
852	Collapse.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 824 set thread context of 852	824	Collapse.exe	126

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3756	824	WerFault.exe	122

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Collapse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Collapse.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133808311450137590"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4796	chrome.exe
4796	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4796 wrote to memory of 3656	4796	chrome.exe	84
PID 4796 wrote to memory of 3656	4796	chrome.exe	84
PID 4796 wrote to memory of 3540	4796	chrome.exe	85
PID 4796 wrote to memory of 3540	4796	chrome.exe	85
PID 4796 wrote to memory of 3540	4796	chrome.exe	85
PID 4796 wrote to memory of 3540	4796	chrome.exe	85
PID 4796 wrote to memory of 3540	4796	chrome.exe	85
PID 4796 wrote to memory of 3540	4796	chrome.exe	85
PID 4796 wrote to memory of 3540	4796	chrome.exe	85
PID 4796 wrote to memory of 3540	4796	chrome.exe	85
PID 4796 wrote to memory of 3540	4796	chrome.exe	85
PID 4796 wrote to memory of 3540	4796	chrome.exe	85
PID 4796 wrote to memory of 3540	4796	chrome.exe	85
PID 4796 wrote to memory of 3540	4796	chrome.exe	85
PID 4796 wrote to memory of 3540	4796	chrome.exe	85
PID 4796 wrote to memory of 3540	4796	chrome.exe	85
PID 4796 wrote to memory of 3540	4796	chrome.exe	85
PID 4796 wrote to memory of 3540	4796	chrome.exe	85
PID 4796 wrote to memory of 3540	4796	chrome.exe	85
PID 4796 wrote to memory of 3540	4796	chrome.exe	85
PID 4796 wrote to memory of 3540	4796	chrome.exe	85
PID 4796 wrote to memory of 3540	4796	chrome.exe	85
PID 4796 wrote to memory of 3540	4796	chrome.exe	85
PID 4796 wrote to memory of 3540	4796	chrome.exe	85
PID 4796 wrote to memory of 3540	4796	chrome.exe	85
PID 4796 wrote to memory of 3540	4796	chrome.exe	85
PID 4796 wrote to memory of 3540	4796	chrome.exe	85
PID 4796 wrote to memory of 3540	4796	chrome.exe	85
PID 4796 wrote to memory of 3540	4796	chrome.exe	85
PID 4796 wrote to memory of 3540	4796	chrome.exe	85
PID 4796 wrote to memory of 3540	4796	chrome.exe	85
PID 4796 wrote to memory of 3540	4796	chrome.exe	85
PID 4796 wrote to memory of 2880	4796	chrome.exe	86
PID 4796 wrote to memory of 2880	4796	chrome.exe	86
PID 4796 wrote to memory of 4452	4796	chrome.exe	87
PID 4796 wrote to memory of 4452	4796	chrome.exe	87
PID 4796 wrote to memory of 4452	4796	chrome.exe	87
PID 4796 wrote to memory of 4452	4796	chrome.exe	87
PID 4796 wrote to memory of 4452	4796	chrome.exe	87
PID 4796 wrote to memory of 4452	4796	chrome.exe	87
PID 4796 wrote to memory of 4452	4796	chrome.exe	87
PID 4796 wrote to memory of 4452	4796	chrome.exe	87
PID 4796 wrote to memory of 4452	4796	chrome.exe	87
PID 4796 wrote to memory of 4452	4796	chrome.exe	87
PID 4796 wrote to memory of 4452	4796	chrome.exe	87
PID 4796 wrote to memory of 4452	4796	chrome.exe	87
PID 4796 wrote to memory of 4452	4796	chrome.exe	87
PID 4796 wrote to memory of 4452	4796	chrome.exe	87
PID 4796 wrote to memory of 4452	4796	chrome.exe	87
PID 4796 wrote to memory of 4452	4796	chrome.exe	87
PID 4796 wrote to memory of 4452	4796	chrome.exe	87
PID 4796 wrote to memory of 4452	4796	chrome.exe	87
PID 4796 wrote to memory of 4452	4796	chrome.exe	87
PID 4796 wrote to memory of 4452	4796	chrome.exe	87
PID 4796 wrote to memory of 4452	4796	chrome.exe	87
PID 4796 wrote to memory of 4452	4796	chrome.exe	87
PID 4796 wrote to memory of 4452	4796	chrome.exe	87
PID 4796 wrote to memory of 4452	4796	chrome.exe	87
PID 4796 wrote to memory of 4452	4796	chrome.exe	87
PID 4796 wrote to memory of 4452	4796	chrome.exe	87
PID 4796 wrote to memory of 4452	4796	chrome.exe	87
PID 4796 wrote to memory of 4452	4796	chrome.exe	87
PID 4796 wrote to memory of 4452	4796	chrome.exe	87
PID 4796 wrote to memory of 4452	4796	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://app.mediafire.com/wpwomcqc0688x
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa4bdbcc40,0x7ffa4bdbcc4c,0x7ffa4bdbcc58
  2⤵
  PID:3656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1968,i,5371059363713458892,11534528151420677849,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1964 /prefetch:2
  2⤵
  PID:3540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1908,i,5371059363713458892,11534528151420677849,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2136 /prefetch:3
  2⤵
  PID:2880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2216,i,5371059363713458892,11534528151420677849,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2436 /prefetch:8
  2⤵
  PID:4452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,5371059363713458892,11534528151420677849,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:3024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,5371059363713458892,11534528151420677849,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3764,i,5371059363713458892,11534528151420677849,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4628 /prefetch:8
  2⤵
  PID:2736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4800,i,5371059363713458892,11534528151420677849,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3796 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4344,i,5371059363713458892,11534528151420677849,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4028 /prefetch:1
  2⤵
  PID:1824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3836,i,5371059363713458892,11534528151420677849,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:3824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3356,i,5371059363713458892,11534528151420677849,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:2096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5692,i,5371059363713458892,11534528151420677849,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3312 /prefetch:8
  2⤵
  PID:4200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5368,i,5371059363713458892,11534528151420677849,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5356 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3568

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4936

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2188

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2704

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap23613:78:7zEvent24551
1⤵
PID:2380

C:\Users\Admin\Downloads\Collapse\Collapse.exe
"C:\Users\Admin\Downloads\Collapse\Collapse.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:824
- C:\Users\Admin\Downloads\Collapse\Collapse.exe
  "C:\Users\Admin\Downloads\Collapse\Collapse.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:852
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 824 -s 828
  2⤵
  - Program crash
  PID:3756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 824 -ip 824
1⤵
PID:1560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
6adcd808d1a2a6f9ebac5f805cd220cf

SHA1
0f0e1fea371ce8cbc6cf270c6863f9dcd546e4e5

SHA256
3bed64a9bfe94bc32d7519e6ab1132f4bba27029407c0d710aea073b92b4eb26

SHA512
bb11c7df6fcd3f7a66c3a5c9445084e386e0db6579c5d2b4480f6381e8f41b945279e4c9b2753c134834e5c25663ad6368b3af41ca9a018d7713fd184cafc48d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
d112029e84cc72fab83b82c87b6eb3ed

SHA1
87887d1c9f247811364d3f298e428cabe1f3f588

SHA256
d8bc1a39dc0abff5a1b8ee2559854d22ba550daea9d9bada4530b32c02de5087

SHA512
99d15cea631281ad50d5f9f5e486a9155e16d0e91f85b44e18e662524f6018e7d9065ad148aa1b26f4f7dce4d633490823bd87aa20173b9bd41af580452ea002

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
984B

MD5
fded32dcbe39f3f027933b192976acff

SHA1
ec2f1944bc2191a77d6b787858e305dae945efc9

SHA256
c4a3edc2583f0919ff217abae080553c357dd97003d9d86460c9cbdc153ee1c5

SHA512
504e56e90622f6f1bd1252c418def57d17fd3e62dba5c0d9549e16f6beb1ed81fab3346699f212ba176c871e561ff3a270077f34911b19bf5115e8cd1b6d9a3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
dfb98dff63bed7efc89f424ed9bfed38

SHA1
bdea5bdb5cde9889af01f2cf4285d17f3d7d1082

SHA256
66997f971b987ed4c927099ebc44c49e7a9db865a1981a8116d21bf00e27373b

SHA512
d731aa4a6c9b352e4b8c2e63b710f15bd3048b621ff5a91dba92bc435b1cf0b4f5a792c020681fb5abae1a49837d10ccee168e40e8fcaf6f174552551a994b57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
374088f41075ff247a66b5919dc02717

SHA1
ce558a77e6fc603efb9763f5fcb7f60f3af12801

SHA256
dd17f6ae99cf28a4d15854404f3dbdca0829d9a371bb43bbbfd287e13d21c1b9

SHA512
dd8e7d863b04f72dd886f2d86d434df400c7a5438bd4a599c83d7fa6d4c10a32cb91b4a30908cfeaf504ef8e0582d096a60c7e4dfffe56fb71d0271cc910c8b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f8e4695b3632c6a3c7257e4e80778e02

SHA1
097705223a09e77f707c32a70d2406d4e5df7592

SHA256
8704f706f0b59e943383140c8bdb93ecdf733220eca747c5d6995706ca116e63

SHA512
1f7eb68b638b08ba2761803f454d1aa68fd056663d32b41656292b3870e73115f7dd08df6fa68c71a324c963e20cdd7f29b875d4133eeb6c59b787a13ddf3aab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
25276eb7114f831bc63744c9ae7ca7b6

SHA1
110cb4815348ac915782e6592a8c2fc3d9e8e1bb

SHA256
efe1a7238f38a71aa4274b4b20944486ccbf1df10c9e22b70f27bddfadcefed7

SHA512
d9eb695d9ddb3a9a03db345d61272b1e6d94adf4c7dda30e1e1f03ec237295bbb3dfa777e954d63c78b32a5b649c843e4c90a9a76473c91b2ffdd814bf6fdf1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
6113e2f4dad108752795969dfcdcc843

SHA1
f642d3a2df0c82c35e7cb29ffc074cca9b34c081

SHA256
8620064d74e79f23479d806674f087645fd9524b26956fc9d5fd3c2d4a98ca1a

SHA512
1ac44b520d0dcd160b3e6b02c2563af5b87a178300ff6acb6d19410f3d6390f9c4747073079d89b4adc8dd1af132fb418c5ccbab07c34d1d665fe1b08b9dc97d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
6bfdbf3c917d7ca6f03590fdbd0ad590

SHA1
cb7e8318b21db1948edc4162539f601d666286c3

SHA256
b94648d0a036d4f0c8cf64767a96be35f0928226030faa70b0f82f569293fa6e

SHA512
b0c8a896b4450e9ef1cfe0b31b189e2a200b95b71329fcbeea3fad54fa1cf8573feb3539e074c35398a6b1ddf489846de8d6ab417e143e8321b33ef94a473574

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
5c4089157d358312b96c808e7e0a45ca

SHA1
cac093250bcbf6a21fe16a209a956d4354b24af6

SHA256
16f774cd365926d0f1f3febfe63f14d9634b16b7fff4f1ef398880b18f87c10d

SHA512
50e8647cbef119db683bc115e13b0373acf4e2884e04cd663671598445c8beb7955fc01661c22b2c95ce4ae90634feed0146e69c276785d11fe10460ceb1c801

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
abd145fe2979b4eddac188930332221f

SHA1
d4ffec5715e2d56e541f6b07807e2dc676772dbf

SHA256
b5bd6b50295cf0ef69cc6cbb1748ac5af35dfeef4eff3bfc803cae7fc5f209f9

SHA512
dcf255f309f880acd99dad995be571459eea119102d49dd847e7543b9c5eeb79e8ffb46d3fbf01321d4e3e384f456e1fba71dc616a65c2c2699b76bb838a74fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
12a8a2d854339bf1daa83815b562431c

SHA1
b0cf58320d1d1687f3f05b123cd8dd66ad042305

SHA256
e84ee5fb150f34ffa038fc124405a6f79cb23307c40a10a36961311ce2524e7c

SHA512
e73ebde347312b85d5f52282a3958fef2bca8d28079084ffed571657a27816df5fc8f6b6854eb78a69f271349dc686c6b6d9f9c4855e041b8434b15004b8b5b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
be5e8ef5427e750ec68a86124ad0e47f

SHA1
bbadc40f8a3c62fc930684f33bc1ddc7713e2d6d

SHA256
1263d7d95790e248e6e29d6fc25a37ff1fbfb1847568352a9908e3143113b69b

SHA512
292554b4464398af5a26b52982a43e7f7f7d449988fc0dd9dea13076247048511764b2b6055c10d072e7953a0e617d8ea59d792b88ea4691f6f4011365238545

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3389086c81b1c7e93cf1127f68a2ec77

SHA1
3aee55ceb300f8558f76e1e0db486fc43177e880

SHA256
81c0751053b790e98a4d91dbe5e7fb251c76c83b166e0a7a077c6139cf5b9bfa

SHA512
f7b1da508e535b1ad06694cf415f5423fbe381854a1f9b35ad074a91f1455748d3b282e663eddc06fd77d8b51095d363118e9b2fc828fc0892a1e20f81c4f9fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
230c98c945bc59f4b7f3fa21c0529938

SHA1
5caa355f4c889a5c20147b4ff11637748d56ba46

SHA256
a683318f371eb722b56d17f3e438005fca49614fde4d9f24a380cade32ecde61

SHA512
9986f8821ed596bea22081c5d6e898d79a07e071f34e27fb5d1ac13056d8adf4450c6654387b849c9db86f6f64a447d962ecc2594c319b63733c9337e568f4fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
869ad62e6ba093f90b6d86774dd9bda6

SHA1
001a6fc7de340dc11d28979717060cbd1a66433a

SHA256
d575b18e2826629d1c2215053892f7a5a7699d5faec33c4467e90edead568614

SHA512
f3166df947a443ce456b07ff19a059bd03a5e51b9b62c0cc95400f45f5b1224f9c8a5d7915acd654f07b1df14217ff8db6a77579b2ea4cab04967ddc8b65eed9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6fe9d0e34a38fa04a6f64c818858977b

SHA1
31e6f37c372e0b6da0edabe0d031783a7f5f8ae2

SHA256
55ca9aed5ed2664f4a8736be62fd7c3779eb418d989a700e1adbf7c12b9d33aa

SHA512
d10993e8ac382d9bed01b3d3d0fa9568a3f0c7f0904889543f4f273acef35a3ed39e5f106c159d973378862fabf7a99297a049d77236f00c224c028103448343

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
42e8ae06fb7f2e33d9649ec53442223f

SHA1
054ee74098719c3537722111b238357c3b6040db

SHA256
eb1cb4a3cd83978c8441e7f979e8cb59b57356378376fa3c90f9cb0037ae131b

SHA512
d29b1909cc3288b99761002ca71f0e2dc0212319cc966f7f14775d3bf837ab7027bae9bb6ee0c6e30f0acf5fc95a4758a0a1713176b3e44316e4eaa5c3afa6c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e5c4ab13909639f0227122c72e4a15f2

SHA1
cbea666facb070535e9ecdc59e8589ab506bb148

SHA256
19968ef78a915356220aea1d6c0799e20f5901217761350b324b52b9d276f6b0

SHA512
941b38007c967baecdf117cad2c26c93716a5fd9a0153d3ac1920f464da2552c6c47d43a840c07e5264f913fe197010eef43a0b51f84a87823bd07b1f9af9fca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2d05e4e6fb825e177d7cc26bb687ed2a

SHA1
4411ed19d91a73e84b7dc818d4802ef5650f9489

SHA256
e47fb45f35f373fafc15bf44cdd259d53b0af3ed232fb4ca6674e48006cf6728

SHA512
771dfb9302394f33522221d2371d295828a0aa733102a4be5f2d767b76f2691676deb04595a27e9f7f9af0a312f25504ad5138079c9285ed8805e9a08901685b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
634da6f151ef52e50482e9f84363ff29

SHA1
20fe07f3b8c47785b61e7b8203e4000cb370f127

SHA256
a5cbb50c066fa164756d1178b1d2c27c64b021d0ea29b9764b953d6e3c3069b6

SHA512
907ae48bb8807d9ec2a31db2267144357ce47fa66714c7290a6549f319766b106fa0ab07ebdfc33fbdf06d52d5d262b524f11b6cb3d4de74bdabb30cc9de91db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f268788e57d8865b6e88396642989483

SHA1
7afb786aa9dfcb967619d1058db480fd0855d0db

SHA256
5364f23c666d5b9e10fde5fa91d4bf2ef0759ac7e6ed63cd958edadb295b3ed9

SHA512
f4b78f4944af46c628140f26764a32f465fabffa3a7b687285c3aeb8b28f8468487f4c4a29a095f20676716e2a681ca6c05555130174ebf0d51ffae48cb31e3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5420b3e6a612c5d5341491d7a13eec11

SHA1
1c121fab86a6b5ad50b172a27a935084f15c32c3

SHA256
690417aad5a34e6854a598894bcb5a37b79adbc0fd091ae583e7d8e45bc255bf

SHA512
f938583fdc27ce73738239493273dd6e7e7412b3bf38cf8b9f38f39cce476f4f51121f28b2e25eba8ce349b874ec8b19186b207bb39df689f5131e9c7f28a807

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1d6090079e14e795393d73b2c7cb4d5e

SHA1
2f4725b34332def87736f10c41ebf385a4a68ca4

SHA256
c6960c9dd355efd738e37c8e5b7c9a3f6efcff31719781a98fac125e0dbed383

SHA512
6034dd4ea1aeafd89d0921b51911d7fd5f4cdd0fa0264df5de9995ab106758060ce6eb3aeaefde04d70d1c57ac428dd479ead142b07d90d3fedfe84d06ee6434

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
4cba58d1a86a45391e2d4d4e39443ff2

SHA1
0e6c5306f35124b89578ca0489b40dd79a779d57

SHA256
b8b5bc6f0ec947d585ace2db08df8b4c8f96d60e1bde8f40ef2007fbd535e853

SHA512
317ebdbec131f1834f4b47a4aacc2ead31c53799cc335cbb0124292dc0fb3f7ee2aa6c2917f7f7109665d4044a4f530c38e918426f43a1275a41cc15218cd3f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
168f63451a884d78ee1b8f951f61e538

SHA1
c3b9ea3fff94ef5482e7add53379b181f6f30e1f

SHA256
1809c33f52aae7be770cdd2a037e1587e9370f3cdffa95bfa68b6bc29d4b3677

SHA512
3026b01336c21e7b86507d4a8ea03eaa6a87f9988d280ca29fd44295512ac01ba163be94473342b324236518e24a0543be6c830240416409e1efd33a9dcef62f

Download Submit
C:\Users\Admin\Downloads\Collapse\Collapse.exe

Filesize
336KB

MD5
58e356698e059580d7a91f1da30a473e

SHA1
4a050d66a844142ce4ad1f5014b3afa3813ddfb1

SHA256
1559ec4125894401a8220120dd99113c12a4a359f386d0ea162368cdf108c1bf

SHA512
6c3ad4f8cbd68270ccbb84af65ec231b951dce36196af55d75185b8edfbecafc126813814c85b29c5355564b39732afff72b273c67c52ed0d5511f0c038b295e

Download Submit
C:\Users\Admin\Downloads\Collapse\cfg\resources\hi.pak

Filesize
787KB

MD5
1185163466551aacae45329c93e92a91

SHA1
0dcbfed274934991966ce666d6d941cfe8366323

SHA256
eda355e3785313e3d982c1d3652266dce1b6e08832056fe58854b825e0712ca5

SHA512
6fad3e24eb868acf78db0591c7ba77abc84e92cda28e8bffee435ea89940a8607e7628c6c5159349377a8d933f373db2dfa4e5715ca404bc3e67fd4a0f22a606

Download Submit
C:\Users\Admin\Downloads\Collapse\library\.tests\isfile.txt

Filesize
7B

MD5
260ca9dd8a4577fc00b7bd5810298076

SHA1
53a5687cb26dc41f2ab4033e97e13adefd3740d6

SHA256
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

SHA512
51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7

Download Submit
memory/824-649-0x0000000005AA0000-0x0000000006044000-memory.dmp

Filesize
5.6MB

Download
memory/824-648-0x0000000000BB0000-0x0000000000C0C000-memory.dmp

Filesize
368KB

Download
memory/824-647-0x0000000074B9E000-0x0000000074B9F000-memory.dmp

Filesize
4KB

Download
memory/852-653-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/852-651-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download