lumma | hxxps://fedded[.]org

Analysis

max time kernel
298s
max time network
303s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
08-01-2025 19:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://fedded.org

Score

10^/10

lumma discovery phishing stealer

Malware Config

Extracted

Family

lumma

https://robinsharez.shop/api

https://handscreamny.shop/api

https://chipdonkeruz.shop/api

https://versersleep.shop/api

https://crowdwarek.shop/api

https://apporholis.shop/api

https://femalsabler.shop/api

https://soundtappysk.shop/api

https://letterdrive.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing

Executes dropped EXE 21 IoCs

pid	Process
5012	Collapse.exe
4864	Collapse.exe
5084	Collapse.exe
4948	Collapse.exe
1168	Collapse.exe
4160	Collapse.exe
532	Collapse.exe
3340	Collapse.exe
3824	Collapse.exe
4880	Collapse.exe
4212	Collapse.exe
1412	Collapse.exe
688	Collapse.exe
2840	Collapse.exe
1272	Collapse.exe
3720	Collapse.exe
8	Collapse.exe
4276	Collapse.exe
4460	Collapse.exe
2944	Collapse.exe
1724	Collapse.exe

Suspicious use of SetThreadContext 8 IoCs

description	pid	Process	procid_target
PID 5012 set thread context of 5084	5012	Collapse.exe	116
PID 4948 set thread context of 1168	4948	Collapse.exe	122
PID 4160 set thread context of 532	4160	Collapse.exe	129
PID 3340 set thread context of 3824	3340	Collapse.exe	134
PID 4880 set thread context of 1412	4880	Collapse.exe	140
PID 688 set thread context of 2840	688	Collapse.exe	145
PID 1272 set thread context of 8	1272	Collapse.exe	151
PID 4276 set thread context of 1724	4276	Collapse.exe	158

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 8 IoCs

pid	pid_target	Process	procid_target
2404	5012	WerFault.exe	112
4212	4948	WerFault.exe	120
3668	4160	WerFault.exe	127
3208	3340	WerFault.exe	132
4532	4880	WerFault.exe	137
2764	688	WerFault.exe	143
4108	1272	WerFault.exe	147
1656	4276	WerFault.exe	154

System Location Discovery: System Language Discovery 1 TTPs 16 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Collapse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Collapse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Collapse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Collapse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Collapse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Collapse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Collapse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Collapse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Collapse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Collapse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Collapse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Collapse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Collapse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Collapse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Collapse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Collapse.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133808393465332857"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
960	chrome.exe
960	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
180	7zFM.exe
180	7zFM.exe
180	7zFM.exe
180	7zFM.exe
180	7zFM.exe
180	7zFM.exe
180	7zFM.exe
180	7zFM.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
180	7zFM.exe
1988	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 960 wrote to memory of 4468	960	chrome.exe	83
PID 960 wrote to memory of 4468	960	chrome.exe	83
PID 960 wrote to memory of 3700	960	chrome.exe	84
PID 960 wrote to memory of 3700	960	chrome.exe	84
PID 960 wrote to memory of 3700	960	chrome.exe	84
PID 960 wrote to memory of 3700	960	chrome.exe	84
PID 960 wrote to memory of 3700	960	chrome.exe	84
PID 960 wrote to memory of 3700	960	chrome.exe	84
PID 960 wrote to memory of 3700	960	chrome.exe	84
PID 960 wrote to memory of 3700	960	chrome.exe	84
PID 960 wrote to memory of 3700	960	chrome.exe	84
PID 960 wrote to memory of 3700	960	chrome.exe	84
PID 960 wrote to memory of 3700	960	chrome.exe	84
PID 960 wrote to memory of 3700	960	chrome.exe	84
PID 960 wrote to memory of 3700	960	chrome.exe	84
PID 960 wrote to memory of 3700	960	chrome.exe	84
PID 960 wrote to memory of 3700	960	chrome.exe	84
PID 960 wrote to memory of 3700	960	chrome.exe	84
PID 960 wrote to memory of 3700	960	chrome.exe	84
PID 960 wrote to memory of 3700	960	chrome.exe	84
PID 960 wrote to memory of 3700	960	chrome.exe	84
PID 960 wrote to memory of 3700	960	chrome.exe	84
PID 960 wrote to memory of 3700	960	chrome.exe	84
PID 960 wrote to memory of 3700	960	chrome.exe	84
PID 960 wrote to memory of 3700	960	chrome.exe	84
PID 960 wrote to memory of 3700	960	chrome.exe	84
PID 960 wrote to memory of 3700	960	chrome.exe	84
PID 960 wrote to memory of 3700	960	chrome.exe	84
PID 960 wrote to memory of 3700	960	chrome.exe	84
PID 960 wrote to memory of 3700	960	chrome.exe	84
PID 960 wrote to memory of 3700	960	chrome.exe	84
PID 960 wrote to memory of 3700	960	chrome.exe	84
PID 960 wrote to memory of 3696	960	chrome.exe	85
PID 960 wrote to memory of 3696	960	chrome.exe	85
PID 960 wrote to memory of 3252	960	chrome.exe	86
PID 960 wrote to memory of 3252	960	chrome.exe	86
PID 960 wrote to memory of 3252	960	chrome.exe	86
PID 960 wrote to memory of 3252	960	chrome.exe	86
PID 960 wrote to memory of 3252	960	chrome.exe	86
PID 960 wrote to memory of 3252	960	chrome.exe	86
PID 960 wrote to memory of 3252	960	chrome.exe	86
PID 960 wrote to memory of 3252	960	chrome.exe	86
PID 960 wrote to memory of 3252	960	chrome.exe	86
PID 960 wrote to memory of 3252	960	chrome.exe	86
PID 960 wrote to memory of 3252	960	chrome.exe	86
PID 960 wrote to memory of 3252	960	chrome.exe	86
PID 960 wrote to memory of 3252	960	chrome.exe	86
PID 960 wrote to memory of 3252	960	chrome.exe	86
PID 960 wrote to memory of 3252	960	chrome.exe	86
PID 960 wrote to memory of 3252	960	chrome.exe	86
PID 960 wrote to memory of 3252	960	chrome.exe	86
PID 960 wrote to memory of 3252	960	chrome.exe	86
PID 960 wrote to memory of 3252	960	chrome.exe	86
PID 960 wrote to memory of 3252	960	chrome.exe	86
PID 960 wrote to memory of 3252	960	chrome.exe	86
PID 960 wrote to memory of 3252	960	chrome.exe	86
PID 960 wrote to memory of 3252	960	chrome.exe	86
PID 960 wrote to memory of 3252	960	chrome.exe	86
PID 960 wrote to memory of 3252	960	chrome.exe	86
PID 960 wrote to memory of 3252	960	chrome.exe	86
PID 960 wrote to memory of 3252	960	chrome.exe	86
PID 960 wrote to memory of 3252	960	chrome.exe	86
PID 960 wrote to memory of 3252	960	chrome.exe	86
PID 960 wrote to memory of 3252	960	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://fedded.org
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd773fcc40,0x7ffd773fcc4c,0x7ffd773fcc58
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2008,i,10613783169384933358,132134004876281817,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1980 /prefetch:2
  2⤵
  PID:3700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1824,i,10613783169384933358,132134004876281817,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2040 /prefetch:3
  2⤵
  PID:3696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2256,i,10613783169384933358,132134004876281817,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2268 /prefetch:8
  2⤵
  PID:3252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3132,i,10613783169384933358,132134004876281817,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:1180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,10613783169384933358,132134004876281817,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3744,i,10613783169384933358,132134004876281817,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4684 /prefetch:8
  2⤵
  PID:3968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4976,i,10613783169384933358,132134004876281817,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3324,i,10613783169384933358,132134004876281817,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3392,i,10613783169384933358,132134004876281817,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3676 /prefetch:1
  2⤵
  PID:1052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3196,i,10613783169384933358,132134004876281817,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:1032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3116,i,10613783169384933358,132134004876281817,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4888 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4824,i,10613783169384933358,132134004876281817,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4952,i,10613783169384933358,132134004876281817,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=952 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4476,i,10613783169384933358,132134004876281817,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5260 /prefetch:8
  2⤵
  PID:2968

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2844

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3048

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4848

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Collapse.zip"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
PID:180
- C:\Users\Admin\AppData\Local\Temp\7zO4B0F77FA\Collapse.exe
  "C:\Users\Admin\AppData\Local\Temp\7zO4B0F77FA\Collapse.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  PID:5012
- - C:\Users\Admin\AppData\Local\Temp\7zO4B0F77FA\Collapse.exe
    "C:\Users\Admin\AppData\Local\Temp\7zO4B0F77FA\Collapse.exe"
    3⤵
    - Executes dropped EXE
    PID:4864
- - C:\Users\Admin\AppData\Local\Temp\7zO4B0F77FA\Collapse.exe
    "C:\Users\Admin\AppData\Local\Temp\7zO4B0F77FA\Collapse.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:5084
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5012 -s 800
    3⤵
    - Program crash
    PID:2404
- C:\Users\Admin\AppData\Local\Temp\7zO4B054A3B\Collapse.exe
  "C:\Users\Admin\AppData\Local\Temp\7zO4B054A3B\Collapse.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  PID:4948
- - C:\Users\Admin\AppData\Local\Temp\7zO4B054A3B\Collapse.exe
    "C:\Users\Admin\AppData\Local\Temp\7zO4B054A3B\Collapse.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:1168
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 804
    3⤵
    - Program crash
    PID:4212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5012 -ip 5012
1⤵
PID:636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4948 -ip 4948
1⤵
PID:4736

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Collapse.zip"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:1988

C:\Users\Admin\Desktop\Collapse\Collapse.exe
"C:\Users\Admin\Desktop\Collapse\Collapse.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:4160
- C:\Users\Admin\Desktop\Collapse\Collapse.exe
  "C:\Users\Admin\Desktop\Collapse\Collapse.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:532
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4160 -s 796
  2⤵
  - Program crash
  PID:3668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 4160 -ip 4160
1⤵
PID:4052

C:\Users\Admin\Desktop\Collapse\Collapse.exe
"C:\Users\Admin\Desktop\Collapse\Collapse.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:3340
- C:\Users\Admin\Desktop\Collapse\Collapse.exe
  "C:\Users\Admin\Desktop\Collapse\Collapse.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3824
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 776
  2⤵
  - Program crash
  PID:3208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 3340 -ip 3340
1⤵
PID:3112

C:\Users\Admin\Desktop\Collapse\Collapse.exe
"C:\Users\Admin\Desktop\Collapse\Collapse.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:4880
- C:\Users\Admin\Desktop\Collapse\Collapse.exe
  "C:\Users\Admin\Desktop\Collapse\Collapse.exe"
  2⤵
  - Executes dropped EXE
  PID:4212
- C:\Users\Admin\Desktop\Collapse\Collapse.exe
  "C:\Users\Admin\Desktop\Collapse\Collapse.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1412
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 772
  2⤵
  - Program crash
  PID:4532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 4880 -ip 4880
1⤵
PID:2484

C:\Users\Admin\Desktop\Collapse\Collapse.exe
"C:\Users\Admin\Desktop\Collapse\Collapse.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:688
- C:\Users\Admin\Desktop\Collapse\Collapse.exe
  "C:\Users\Admin\Desktop\Collapse\Collapse.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2840
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 688 -s 692
  2⤵
  - Program crash
  PID:2764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 688 -ip 688
1⤵
PID:2476

C:\Users\Admin\Desktop\Collapse\Collapse.exe
"C:\Users\Admin\Desktop\Collapse\Collapse.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:1272
- C:\Users\Admin\Desktop\Collapse\Collapse.exe
  "C:\Users\Admin\Desktop\Collapse\Collapse.exe"
  2⤵
  - Executes dropped EXE
  PID:3720
- C:\Users\Admin\Desktop\Collapse\Collapse.exe
  "C:\Users\Admin\Desktop\Collapse\Collapse.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:8
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1272 -s 784
  2⤵
  - Program crash
  PID:4108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1272 -ip 1272
1⤵
PID:3220

C:\Users\Admin\Desktop\Collapse\Collapse.exe
"C:\Users\Admin\Desktop\Collapse\Collapse.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:4276
- C:\Users\Admin\Desktop\Collapse\Collapse.exe
  "C:\Users\Admin\Desktop\Collapse\Collapse.exe"
  2⤵
  - Executes dropped EXE
  PID:4460
- C:\Users\Admin\Desktop\Collapse\Collapse.exe
  "C:\Users\Admin\Desktop\Collapse\Collapse.exe"
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Users\Admin\Desktop\Collapse\Collapse.exe
  "C:\Users\Admin\Desktop\Collapse\Collapse.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1724
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4276 -s 156
  2⤵
  - Program crash
  PID:1656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 4276 -ip 4276
1⤵
PID:1340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
1fd2bcf7be677e004a5421b78e261340

SHA1
4e5abd04329ee1ffaebe9c04b67deef17f89ff84

SHA256
f539c848f584add20b43d5daefd614526b67adbf22b0c89eaa7802a8a653cd31

SHA512
929499946e38281bd808b37b362c4a86f3b6382eb1ecd5fc094410d3688906d14a114ca930a2cf38b6241ab734bc5959e6fe541270d47ca9538e82a68c99cc77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
bdb022c98577806e46503df01b8360d2

SHA1
ba0aadba1f4546bea69507caf2ad86f1094a3c72

SHA256
99d24b8386eeb40dc9b1996b9ae844c2d74946b507c5c9e004ca1b85c8007d7c

SHA512
93116a530c26283360bbfa63bb3c35b6f0b12d9c5f70d6b8ed50edffea2beea5796bbff5b8d161b5edf4727bc7cc471576b8c0dd0b3e44aba9be565f8c16bd1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
435f12500068f0194d747f880527f496

SHA1
d3d34e65ca6c110c1480f5c105007ee4e78efea2

SHA256
7cf5321084f2f137d2993a441d03acb58c57bd64a8df304bfa32b13d113eb430

SHA512
533fe8a72556d6636e740ca7725370012f0a194bfeebef8a509a1c519878921ba90ed4419683c2abcf876a91c50befc1b4afa0b7c2a9abac622818e1dd4a3f63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d90732044e43fd0095be830d14965efc

SHA1
a8813b148618bf2eb6633cbd25747ae3537b1eda

SHA256
6e182dcea0c854e93f4e232b0340e9d0f1279888d918e0cadf6a660fd3b0489c

SHA512
9e93bfcced9887bd5d4cb6c36c91e6076f36e009fc0f56e5acacbf6f5964153a912d2ab06c8221744e5f9bd5f3777c3e8a04cba0cb3603fbdd1f897e0d14c1e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5a6aabcff22ea0d069c3eae8f8ddff27

SHA1
e5ff99bf0d3a5754b0a23e1dd61141270254ace2

SHA256
b77ecaa566895028e235c32b9e9b768db0e408f1d509b766fea194a1e2db4bcb

SHA512
6a33d6b91ac9b24546a56915ba44cc3150e92071c4f74beada305b258ebe268cd475017359f61da2db5b9d4c88cc96262b57fcb36dfe9ac7738f9855b921c324

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
d98f0eda411964ec15599543153972ea

SHA1
bb7d28535096b23ab8b3a21f7d38602c9d35ec95

SHA256
c376fcc013500acb36f20131982813af7a8ba81588662e4cc223d62081a735dd

SHA512
d4035e82217f15b90dc6f79bb5ef693b704ea266f2dfbdbd91f670b2327cb6c7bb0e6207c6cfea881079cd4f1806476480a577060023ce92ecc00f4b897fab78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
fa42ab7ec4c4463ba69c4174d767d140

SHA1
bdc9eab79fbbc71a7298573c8e27ab7e23994343

SHA256
63bc9b7685dcf9d5bd7235421d91912fca852cc2d533f872b1b25df401a4b2b0

SHA512
5ae02fcf579056b7e1ef2bd5f801e9408c847794488fc7c1b8eb3edfeaa2b0be7c82300e4decebfbd15a0b607b17e733b30e707fa6079c2848d86c4bb7ddfe33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f11077c73ddcd94342d203aa284420df

SHA1
1e6c1e1a0240d726a0ec4a2a83bd7bdbed2bcf5e

SHA256
93a6c4675ca0a11b0d299dcf6293c5e0d82361d1b32470b8735b1848841e2012

SHA512
fe93ee0432fce42326d40cbfa0453b0dcfcad90cc986ccf7f941533ebffba10d1a0946e1ffc41ab8be75cbcf31207849824e22f164baf6ff275f82c8f7ed135e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ec43c75f3cd2f33ed01a91efbad5adb6

SHA1
11f809c00a938d92ed6dd90e27146ff13a74a7bf

SHA256
cc1cd9894727abc6bd01ede9f894978b61222f6cf0d8ffe6cb9e8043fc9b4164

SHA512
f72a033086797552d06f45257b30cb7d6f05e8b84ff16c68ee01e3f6d50af90b48566c4dbcdb63a84a89cd99832cb2c754d3d82b08b654692544b157151f00e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
6b6e51bf9807cb69d3484ca02c892fa4

SHA1
3f6862654344da9dc360bb075b2bfc5b9c933eef

SHA256
970f03e9b383d04c2601ce2b1c5a65d47c6d7cda332827d44933cd0ed915030d

SHA512
1fc8bc6148e3b141ecdb69d98aa0749501d878a0e8b73cf01da6f7cae89dde49008d57744a59a8845303125df0b6a106040a5ccd76ae92a8b2f8b8ca0d24d148

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
12KB

MD5
cc950b867e0b8a93afc1a751d62bdf28

SHA1
6504cc716f7d683656007369ff7667f868e7d253

SHA256
95acd273a7118420a3027f87da05502a538b0ebe6cf14079c3ad30c59cd922ce

SHA512
6f268efba54d8635208a8e99c6b1e8e677e5ef4e6bd07c678589788a13fd413ed68bfb0bd90253104bfad6892d1ee8f33fb893e93b6365e96c0c2f1f9c7a1ebc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
12KB

MD5
85aeb720b0521421cc9653269619f4cc

SHA1
2cd23b8dcfa7075661fd7f6c4c14b15816f0b7d0

SHA256
48b01f4235af223f2300b7058cf36ee6e909e91dfca72e3bb7d09351cb635fb5

SHA512
e8591546ddcfb951554230ec50f364e17e7549c78a9999a1509feac450c4b99c1890fc2cb6c9f5a67d34b70d9b44bb517b246a228afc775749f042a08f639647

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
519B

MD5
a85c2fc93888a3f8e63e6b6c2fb3471a

SHA1
3200e5e064bee53377ba9ef5a9af5bcb6b920e9f

SHA256
3c88712542e4db64edca669b12f3000c0023329eea4e68f3e27d2f972aa14eb5

SHA512
f54794d58cfa232f70bf1cb1c56840c1da685a6383a8f5fbefb8fcad37b7a391a2aeba60ddeb4553e09ffdc7bbd60e6a7c7dcd9cbbdf8fd4167e327bf2929d73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6ef169599dd119d6f91543c1abc54944

SHA1
54e6d44b77b22e1fa07e58c0c0c6efe58121c093

SHA256
7a513d940114d40275dfb03d957ff8bbb3261d6d16946ae27e64fa99bb7cbd63

SHA512
09778b85ae46aaa75c03ba0e1858c971d53ccc0eed45bf069a4e8e285b8cd80fd2446a7237aa246faa8b29eed2efce05c19ca4f171448a744fbf8d3540d10d5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
74455880ab43cd43fddd4dd253c0dc81

SHA1
51a14390c0fbf6282b13da903d7fb39c9e87a9dd

SHA256
79f1f47a2aceb135bb7d3cb2fd2d5e96d708b62dd30a921e8d9b3006154bead9

SHA512
92f7b6193fd55432743c563820011302e4e20859453f3b745a5413b6981747e861dd5c2b7b8cf8a85b9170568eecfd8baf672dc52c2f1631fa62edd816258287

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d537d796fd489e30de801d01e203b219

SHA1
328a0158b9b44f4cac7946616e8363f39ded4f1b

SHA256
9ff33f34a50b29380495f759597a9c656c18715badf244614ca8063544f13040

SHA512
f3f7a6ce64fcc0608e1478b41a19ae5bb7b954d576053d24e2761022e2836ced9f055502d7fef21af08fd69fed7b99a1714fad7e4031110c28aff432d4f2e5ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
beea4eabae23e4b44b88d82485808cf2

SHA1
ae8acdd2c358c9749ca25abed7fba3748046c967

SHA256
533f3156a42538b11dcb3b158a6b4697289ab096bc8c0bbb3b74359eb85ab8ea

SHA512
436dd31619f806c39637919c26cd55c81c4964bcefd06b032e9d2147d0effab2a50720bd45d6d0e31d7498a5d804b512583d62d9987e60e889d70e688634aaf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
409c58fc9bdef17fabfff4bad6980e35

SHA1
aca6a6f39d1db06536a6619d42d4119e4db129e3

SHA256
a793c0f0a3a2ea56620f81aec0293effc52ba9f90474f944401646ef4cf73327

SHA512
9ebab3d62b308960cbec55e5324c0e29e04fb03d84277110bec860786c7d597656f026dcabcdf350f8c9cbb2ac9a598b4b3573a37c5d05c24b79ec581e146604

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2dbd985b411d9b8217ad618eaa89b360

SHA1
dce95c2d649c60ad4b56e1f319724934f462fd22

SHA256
0401322a275885ec79d678e410cc39082cc714ba63ecd476f9ca132a6679c6ef

SHA512
d15a2f1e7d227fb7db178ab480371cc228cd56163716f33e86d208e6d19ec80d082993ec62dd9136f88f3fcba53b948b13042f551bf557ba8fbbdc5723015c50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
479f6f1ae21ca7307d6b313803882415

SHA1
d64ed64f3505d4da63b96b8ebd21d61caa1e5614

SHA256
1b6b572591387e9bc185fd8f760e87d2da72147d31baa5933e1c88a0adcb50df

SHA512
f7548d493e4d1ed99aaa3d3782d056f6b94f2eaea1ff673e4e7d7d8c353d823f43739553b24c87544689b7a1e9e5b62ce31033f029b947873c9f62a00aa0549e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
8ea5ba47eb711fa2496e16fc3610f309

SHA1
e9a690a8cdebda055f7a8f2c8f660ca5eca9c7e8

SHA256
010ee7ab061ec39a3a27dbb8331c665c161241e579d3d4ed64378e9447ac8ba8

SHA512
797856bf222c1ef042139043933901f2c26387de6df8bdac0d64bceaf40a61df70bbb72a95b03c12ca31d05d6ae589dcc76feeb44a9ce141fcc76027f6875268

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7d470416827b5e7c593c68addcb8b778

SHA1
6925993cc31e2f7b71f4beee579c7ff9c96bc798

SHA256
751dcb5ded30cf6e463fa91e0908f9c38d45b02db3cb64148681bedfd6056c8e

SHA512
3b60e7e823ddf84d40e2ad53b0929ed75d8734a8b16b6462fea3f34cf19da96d523de4d8857935fdec824626a0efbdf0a84b0dc0716df076a56fcf6b8104a9e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
919f506eec64ec07433b33a1e5f57835

SHA1
9d0993e5aa453ce450903446826dc7be19feb0a2

SHA256
4c8b6da7976d34f5874f2c29b80247e91c72bdff2a28ece750d0805ebf8d6feb

SHA512
7eb8e6a70b7e1b10a11df6072547365e292a01623fa37184d75ce6351f023f865cf798244bc3722f02d8e3fa5642357a18b053518dbd8add6d8529c493287963

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b838a52c23feb0fa1d37b150eb41af8d

SHA1
6ebdaa33eaeb1fcb1cc5c60a207a522324ec4fb5

SHA256
44c43d9b83b5f7f0adfe69bcbae42c60fd5aa708cc303bf83b20482f7b42f86b

SHA512
b1346c43eb8bbea56fd47a604621266468e6af677884921e6b641f777361d13977a07bbb97292a186ee9af0a822ee36a07c55785f2d49e05ae267a76824a975e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f47373c09f5c8a1dc765d39916b6a69d

SHA1
e099627c67131dca5b3e5b259f408380f126fad3

SHA256
f0a9032c00a5e4e2b52c590d8f89489052a765d6e2ac08f88a89a7c728215ddb

SHA512
c2136edb4993b8c41f58d5aba095ea788acd9e7505d15fde72ed4b8be3547a918e8857853ec1e06b9835a100a074d376a36484ad8b2d387713498f4361ebffd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
724209545026432aac2be75de667d95b

SHA1
fbbf8cb5649be89f8be7fa5ba993dfc1f304abca

SHA256
ea752d6dcd3dbcd554fea922757efa2b5fab693574f2db941a84c6e1f7f573f9

SHA512
bd897ae40f40c7960edcb729e72da9fcedb5a3869bf7adacd1c1eeaf2366b136be05709534f504e25339541a4d4893b8119422a5489096b9efeedc54f5bfe31f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b5d347416b116e77a490e468aac73e98

SHA1
26375d0a8ac2617a6796382aa0656b2c9e1a290a

SHA256
4bb2ef102ec2d90676505a9b6e16da8e7dddd3e9421a317482c6f4c80e6b78e3

SHA512
2dcdd09441196e1fbf475804bc396a34ee3434979f019e78d0e349688e0a8458d29c3735d36d32b2d4001def17578c1d51cf9dfda2ca46cb5d3d0937a1cbcb37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
66a23f1603d706800d08df1202dfd173

SHA1
43eb6243a470e566b22e1926eb4b374a3a6c3736

SHA256
5ed52aac9fb0216e50ac9b0572963ab8614cd28bc264629bfa98b5018a767501

SHA512
98d66665361ecc6501ad50bbafd665c23a753ec8cefde77a7ba8f66d10ca025feb40def73b2b37c31a59c44b85d666cae03d30b0074f20e402789e865c77fa33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
59aca9c7919e0aba05ef100d341463ce

SHA1
58ffd83e4b35ccb3c896061903438bacbaf54539

SHA256
9e3d1109db5425e93d9b41ab401cb1cb5af91484ddda05196513587d324c1dea

SHA512
24bb61aec2cde91669364b0818002fcb3a29c0aa70ef162a9407225bb81288b0b4e96b4076d3d4fc7fa800aa25ce27db9f989ce98a9b790ca397ed87da486967

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
4e2c9ad1e0c31e8aacc55fa6fafd4f49

SHA1
71061b4b095aa02104524d9f41123b137bffd56b

SHA256
87c77c80ab7dce644697a26f8cc61d512e89d6ea6edc322a9d89f116d4917d67

SHA512
173ae9b63929482e9aaecd984cf6e53a41c3e10b71ea0135bd95d63842e04902be53250f898e4ec7ed33e199b808383f04b240b572b7d83f28fc5322c2afcb50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
16bf794067d5b482001662e214cf4250

SHA1
b7817d02755488781267fcb0ecd9b3447e06846c

SHA256
b74335f52f3448fd7679193e4ba13abe19ef6a276cb475404a414d4247e9e957

SHA512
83b884e5b5baaae8224a8ac16f220812dfa262aa48e99ce2a02fb419e9a26a7c72f6fc4cf76b888d179d2002a145b09500bbaa4d946f46d7a1e57e8aceded303

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
670f8c63c2fa1ecfc65ba90985638c02

SHA1
72fe811c2ea30dfad9054308a98e9072ab6b9f55

SHA256
15982c54e56e7d541c01c592b09859b43d4b523e601fdedfb0e03c8c2b476eb8

SHA512
6c5ac88c94eb38efb5b0601082bd8b02fbe78e29db42c6f30cdf8f83d2d5d47c09af96b34cd7be6320077e61d4c5bd1ce3c13d8b8097ff89c0ecbdc10f010e4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
2081b00a4959d3d7a78ea961ee22c8cc

SHA1
7eedd8048d84d6003758590eb589b99b44027833

SHA256
cf0c779fc3231dcd16848731c7f74babcd0255e0c8eebd680e5df2278fd4ec6a

SHA512
57dcc9ea4b02530165b8a979e9b3a76dde49fe49f5edd482b1a838a3e0c024ed8ca7c8242432ca35db360f4f0ecd27ef36ed8e080f8ac0e628bb37be31bcf80e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
55d9c490f3e27acaf3f900f6e4fd33be

SHA1
ef9134546edf3cb7ffae860bbb59d72a6ee623c0

SHA256
a791304bce0e5dc1eb5349a300f46357041ba37e4dcda33362308d92ae38c889

SHA512
5351aa9e3eeca762d2d62f947d5654baf7761fa55501b364abe6d7b57d5ea486c421818d06553c179ec3fe7d87bb5e61a0a2a677fdcfc6e1cb6942d8def3a490

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
667e536f0673ee51f4a288cb9bb1b843

SHA1
d6a8cdaebebddbe0659cc676e7fd52f3c95a7fd5

SHA256
da27ce65d0c5a89775a4d14c08801a343e04ffc5911696763ea8f0382079d938

SHA512
d2087e5a488377ec2ff9cbf3f7c891f2a5c76d453cf4bf0d74aa2d9425370942dbf41f5999c93b0bd5f3051ab559faa23cded9ece3d6c0f7cb7b80a9170e08e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
192dc038cdb77c6349e0527277ee4a5c

SHA1
7261ca909bf6c6f8b9863181654f270fce07823b

SHA256
597e9f3595b883a286a84d53d2902063f8c16684486d170bdb9438100f717716

SHA512
38e39b421eb09d0e948825a6c4270cb9ebcd7f98e32999680b2bf82e2a896e6d046bf519308269079d8c7040752b153045ae20cb759b81446e406fc0cad976d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
de79ec2c0d064a480a14f2cbd4cc5160

SHA1
6c49ad9f3fab103426f61a71477025c139a25d64

SHA256
a9f291e7f93fc0396ca3fe6e5c413ae476e8505706f3019470d55c4408e05f68

SHA512
ffc68867ce811472a872e7045ec09da7f8615f44068141b2f56a7d0e03746dc7d4c14c17fdb9351b2fafb02fab942694bb494b8500b4341ef18ab9e75c29e3e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
a900f5586e4c6e6c0e7d5b7a6ffad66e

SHA1
131a29a31c2e6bfb5d34aa2efb089fea2664d4cd

SHA256
5c22adfc845292e861823b39fd24c623b4bcca4b3a5d96265b2017376c124f69

SHA512
7a67877e0f8d45b2f8d2dfdfd0d2ad5d8bf7b15d7051516d62aabbbb61d8211df1ef80fc58fe6ca9c67da62b41c3c903fb214a1d01d9ee0c4eed0af21b798f41

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE4C7CC0BB\Collapse\cfg\resources\hi.pak

Filesize
787KB

MD5
1185163466551aacae45329c93e92a91

SHA1
0dcbfed274934991966ce666d6d941cfe8366323

SHA256
eda355e3785313e3d982c1d3652266dce1b6e08832056fe58854b825e0712ca5

SHA512
6fad3e24eb868acf78db0591c7ba77abc84e92cda28e8bffee435ea89940a8607e7628c6c5159349377a8d933f373db2dfa4e5715ca404bc3e67fd4a0f22a606

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE4C7CC0BB\Collapse\library\.tests\isfile.txt

Filesize
7B

MD5
260ca9dd8a4577fc00b7bd5810298076

SHA1
53a5687cb26dc41f2ab4033e97e13adefd3740d6

SHA256
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

SHA512
51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO4B0F77FA\Collapse.exe

Filesize
336KB

MD5
58e356698e059580d7a91f1da30a473e

SHA1
4a050d66a844142ce4ad1f5014b3afa3813ddfb1

SHA256
1559ec4125894401a8220120dd99113c12a4a359f386d0ea162368cdf108c1bf

SHA512
6c3ad4f8cbd68270ccbb84af65ec231b951dce36196af55d75185b8edfbecafc126813814c85b29c5355564b39732afff72b273c67c52ed0d5511f0c038b295e

Download Submit
memory/5012-434-0x0000000005910000-0x0000000005EB4000-memory.dmp

Filesize
5.6MB

Download
memory/5012-433-0x0000000000820000-0x000000000087C000-memory.dmp

Filesize
368KB

Download
memory/5084-439-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/5084-437-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download