Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-02-2024 11:38

General

  • Target

    LaunchBFH.exe

  • Size

    927KB

  • MD5

    d3c1c1a07fc43292e7e29e57c752d4c5

  • SHA1

    378c2bf9ece8f5db60f56fda569d24c413d64b55

  • SHA256

    80441fcf20760b653d36c4bc78c58c9e05b190e811767c7ed523a904e53b0684

  • SHA512

    d16e8e1da988314de0a130d67fe9f8eacd4c49084ed8e122ad11b2a8e0401fc1e1d1bd48f1cacd9742a447719390d93b5c1d32ef366502553a162740f3978adb

  • SSDEEP

    12288:SdPEXbCuPYDfFyTxAgY1jggLXKHeH82f3Mp6ot7amxgtxBR3Z2txznbQb0YNDSry:SlEXbCjFjgYlyFW3Mam6txBe91fPQ+Te

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://assumptionflattyou.shop/api

https://technologyenterdo.shop/api

https://detectordiscusser.shop/api

https://turkeyunlikelyofw.shop/api

https://associationokeo.shop/api

Signatures

  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates processes with tasklist 1 TTPs 2 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 29 IoCs
  • Suspicious use of SendNotifyMessage 27 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\LaunchBFH.exe
    "C:\Users\Admin\AppData\Local\Temp\LaunchBFH.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1132
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /k move Inventory Inventory.bat & Inventory.bat & exit
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4284
      • C:\Windows\SysWOW64\tasklist.exe
        tasklist
        3⤵
        • Enumerates processes with tasklist
        • Suspicious use of AdjustPrivilegeToken
        PID:2176
      • C:\Windows\SysWOW64\findstr.exe
        findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
        3⤵
          PID:4316
        • C:\Windows\SysWOW64\tasklist.exe
          tasklist
          3⤵
          • Enumerates processes with tasklist
          • Suspicious use of AdjustPrivilegeToken
          PID:728
        • C:\Windows\SysWOW64\findstr.exe
          findstr /I "wrsa.exe opssvc.exe"
          3⤵
            PID:4516
          • C:\Windows\SysWOW64\cmd.exe
            cmd /c md 31024
            3⤵
              PID:4188
            • C:\Windows\SysWOW64\cmd.exe
              cmd /c copy /b Cookbook + Increasingly + Rounds + Affordable 31024\Apply.pif
              3⤵
                PID:264
              • C:\Windows\SysWOW64\cmd.exe
                cmd /c copy /b Ink 31024\o
                3⤵
                  PID:5016
                • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\31024\Apply.pif
                  31024\Apply.pif 31024\o
                  3⤵
                  • Executes dropped EXE
                  • Suspicious behavior: EnumeratesProcesses
                  • Suspicious use of FindShellTrayWindow
                  • Suspicious use of SendNotifyMessage
                  PID:4060
                • C:\Windows\SysWOW64\PING.EXE
                  ping -n 5 127.0.0.1
                  3⤵
                  • Runs ping.exe
                  PID:2348
            • C:\Windows\System32\rundll32.exe
              C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
              1⤵
                PID:4760
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe"
                1⤵
                • Enumerates system info in registry
                • Modifies data under HKEY_USERS
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of FindShellTrayWindow
                • Suspicious use of SendNotifyMessage
                • Suspicious use of WriteProcessMemory
                PID:2740
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdefb99758,0x7ffdefb99768,0x7ffdefb99778
                  2⤵
                    PID:4368
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 --field-trial-handle=1940,i,5904241096886863658,11154569233428367820,131072 /prefetch:2
                    2⤵
                      PID:3508
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 --field-trial-handle=1940,i,5904241096886863658,11154569233428367820,131072 /prefetch:8
                      2⤵
                        PID:3056
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3116 --field-trial-handle=1940,i,5904241096886863658,11154569233428367820,131072 /prefetch:1
                        2⤵
                          PID:4648
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1940,i,5904241096886863658,11154569233428367820,131072 /prefetch:8
                          2⤵
                            PID:1384
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3124 --field-trial-handle=1940,i,5904241096886863658,11154569233428367820,131072 /prefetch:1
                            2⤵
                              PID:4548
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4660 --field-trial-handle=1940,i,5904241096886863658,11154569233428367820,131072 /prefetch:1
                              2⤵
                                PID:3404
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 --field-trial-handle=1940,i,5904241096886863658,11154569233428367820,131072 /prefetch:8
                                2⤵
                                  PID:2432
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 --field-trial-handle=1940,i,5904241096886863658,11154569233428367820,131072 /prefetch:8
                                  2⤵
                                    PID:4948
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5220 --field-trial-handle=1940,i,5904241096886863658,11154569233428367820,131072 /prefetch:8
                                    2⤵
                                      PID:3844
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5296 --field-trial-handle=1940,i,5904241096886863658,11154569233428367820,131072 /prefetch:1
                                      2⤵
                                        PID:4588
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5100 --field-trial-handle=1940,i,5904241096886863658,11154569233428367820,131072 /prefetch:1
                                        2⤵
                                          PID:2136
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2320 --field-trial-handle=1940,i,5904241096886863658,11154569233428367820,131072 /prefetch:1
                                          2⤵
                                            PID:4724
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4860 --field-trial-handle=1940,i,5904241096886863658,11154569233428367820,131072 /prefetch:1
                                            2⤵
                                              PID:3568
                                          • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                            "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                            1⤵
                                              PID:4404

                                            Network

                                            MITRE ATT&CK Enterprise v15

                                            Replay Monitor

                                            Loading Replay Monitor...

                                            Downloads

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

                                              Filesize

                                              195KB

                                              MD5

                                              873734b55d4c7d35a177c8318b0caec7

                                              SHA1

                                              469b913b09ea5b55e60098c95120cc9b935ddb28

                                              SHA256

                                              4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d

                                              SHA512

                                              24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                              Filesize

                                              168B

                                              MD5

                                              03199825de6df1c7d08b78e0fd5b596d

                                              SHA1

                                              ecfcf83be7534f65b159215bba84a21a47bb0150

                                              SHA256

                                              9e2700c61d7448b507f1b5cb1dd39b854bfa5cb442bacd93e1c35e3b6753cbe0

                                              SHA512

                                              fd4194bd04b02a13769f2ed908a0ff960145ea3c38c7d7b1afa7f9dfd2de8490af357f417f9cf388de9fbf81d0e9c4e5b5c633520e8ed81bca42b20931a05cf8

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                              Filesize

                                              168B

                                              MD5

                                              426eaad8b7da181fe46c4eb8ffa347a8

                                              SHA1

                                              a5a40c83f304a93baf88d9dbbcf4e63711b27f3e

                                              SHA256

                                              f6bbc021702945efb669ca91c6e47c484712fd9faa64e9099c2e258a3b65e46d

                                              SHA512

                                              e1807e54e6bd07ad3393f62372b3b8c6c72bd68d9ddbaf39b96ef6aa56c8a2606334f3c942af5ba1a565d7647cfb7ba293035935a5d220474d20c80caad820e0

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                              Filesize

                                              1KB

                                              MD5

                                              9da486be90c56074841ebd8882828c22

                                              SHA1

                                              539b0811035efc603fa2406afd1e30bb01c137f8

                                              SHA256

                                              07954a153a7ec29d972c487c3c661dbe2fb18309b2d7a26743e3b213b95ab804

                                              SHA512

                                              1cf838e87d67d80574abfabe3d6fe9c9b047ff88f36a735f773342320834d4b36d6880f134e39e4818863bfea8f75f154ff4e7a16e2efa28bc492b78d7491595

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                              Filesize

                                              369B

                                              MD5

                                              f1d18c4aa200473896c09ff4034b23cc

                                              SHA1

                                              7aaad75470f69680ecab64f6b8c5315ef4a5c6de

                                              SHA256

                                              466554c1888f53a48fbc681569a7f89a3796c0ecb7fa08f5e0c2ed683edb8f8e

                                              SHA512

                                              3a0a919bf6c8b138a46257bb7cc47d7f67ef4cd0eb824a0bf849a684061bdf5376a48c64ebe133ee7b552f7af5641c1e7f8271948b4ee3ae58ad4fe95f6b6605

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                              Filesize

                                              369B

                                              MD5

                                              ae29ab42aff50a3a9aa3a2b9e9cab14f

                                              SHA1

                                              b5e2ac39059d81431fbc96817e21656e0723a620

                                              SHA256

                                              81337ae0a8f03bcba1df1442066b92e571a148af694bd4ea927bdf95e01c182d

                                              SHA512

                                              66a4ae09a93f6a6818c0358161d9df99e9dbfecd9db4b0a36fd009ef2bb9a41e412e73b4b1331c632f6e4595059e2048553abd3af7abba6714f478d167aa3891

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                              Filesize

                                              1KB

                                              MD5

                                              71a4b12e152e465b023336f882773de1

                                              SHA1

                                              d450af10404ba3f439efaf2d99fb328cdae0ef77

                                              SHA256

                                              3082c77ced19e7fd8fc016448c243d73354d0a38a7834d1a9694da65deba8523

                                              SHA512

                                              92bd0b240c564a9d57b642f86033e548bd04f587f05a3317bcf35617a46b961f0422107fe811174918bc78719c37baf7ade37b1382eb1f5c3b8f103886109435

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                              Filesize

                                              6KB

                                              MD5

                                              4d7c9467a3da64dc6e3b6eabd578e322

                                              SHA1

                                              3aa2627d5f2a154bffadfca40f24091bda0b27c7

                                              SHA256

                                              85d1746bafda3b041752ba2d90cfa602b884372dfb0bd2dcd2781b84d12cd71a

                                              SHA512

                                              6e15cfcfaedf67dd2e88573e570c1b88e45c133b9916a0a463443aba83aa1fc776cd3ac84dae4ccef03213c2b81801d0daf4fdc0bd7ff6a70d630b9ec9b383ff

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                              Filesize

                                              6KB

                                              MD5

                                              c5613103a9952cbc5cf4e388367aeab7

                                              SHA1

                                              8445c5824a611598e15ebd1bea97580a2cea1a61

                                              SHA256

                                              a4b8c6000fd934a9f6475fe103896b3fd9e60c227624a48289807274a3829f35

                                              SHA512

                                              c8089ece0a58f77ef5281e7c5e7c921185cb780ae68aa67a039eb9c00707587dc4f0432647056dd5a9f747edeac261c6a2e6d1b878658c52aba30bbe4020a28c

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                              Filesize

                                              7KB

                                              MD5

                                              c6ab2acaba9980e5748ea29c7c9b95a7

                                              SHA1

                                              8e039c05b7ff1a362145ab327c1161b61021fb73

                                              SHA256

                                              1d2cabc0d85c63986ec298cfc674517e69885ab8813a7c6556d2e969c653bbdc

                                              SHA512

                                              06d076643ce7e58b1faa00ad2d97e1e0514497e19a7465290570996638f08d9d2ba0ccac2ca916979a65e8822bfaaf4ded99062db74de9c54256f732fb6c360a

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                              Filesize

                                              6KB

                                              MD5

                                              dab506181704062a41c7ce234896612e

                                              SHA1

                                              39c1dbd587128abfd1370e75efc1455a41a3ad08

                                              SHA256

                                              2c9cb24eaffad9ff076acfe926f27c0834d91295065af41198cbb800fd6889e0

                                              SHA512

                                              9bf6fb5a48f2d9ebaf644ca307895938913f9f49551444d52212fa0f0ba3a590f3b8044bcadde83f836f03258a5b0f43f7c8e6bb5dff0925b5d33f775e46fda0

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                              Filesize

                                              15KB

                                              MD5

                                              08988709d3c0608a1370177f25984ef6

                                              SHA1

                                              65b51056efb76718434b3abda1c675846804840e

                                              SHA256

                                              ae5e4dcc8a31232a02457378f45be73f2f0b9cecb88fb7d7b9f82328f36e9237

                                              SHA512

                                              b6537a612e8afa285cf758381631f85d36f64bad7f2aee4bb6e861e21b3bbc65299562bdecebb27f8be959007218c65ad156de0063dc1ad74de566f96a4d7532

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                              Filesize

                                              257KB

                                              MD5

                                              09bc1c50b698d564216dcb208d68849a

                                              SHA1

                                              7839f08b2ffba5f0d4b86f599b6e11e3cdaf64b8

                                              SHA256

                                              24ebd05f7958f24ad9b1d574da0fb1d2f5bfd1476ef03ad468678dc850a8985f

                                              SHA512

                                              eefc04c09f1c158a9f874032f4f510ec1d530d9ea2ce107ae4e7e9f8695f658e7f96dd7a973d738169f778f9c6ddd244e50e053b3c42926f45db9271815fd50c

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                              Filesize

                                              257KB

                                              MD5

                                              4aaee11ff002e03811b62c8629d52f24

                                              SHA1

                                              7d15f1ab07f0de992a079bcaa74796ec73c7fa54

                                              SHA256

                                              431c17e1a0bfe7ad10aa3dc14b83e03893d4b613317256dbaa4868fc5c24c4ba

                                              SHA512

                                              d9a082eb129b02d25c85dc8b3b2fd11fc89a7e486ae81234e7d189bd9b5f7c987a8eb8ec3ccac4930b7547e0845ccb48d31f6ebc4d52c2225968b81564aebc53

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                              Filesize

                                              2B

                                              MD5

                                              99914b932bd37a50b983c5e7c90ae93b

                                              SHA1

                                              bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                              SHA256

                                              44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                              SHA512

                                              27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                            • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\31024\Apply.pif

                                              Filesize

                                              924KB

                                              MD5

                                              848164d084384c49937f99d5b894253e

                                              SHA1

                                              3055ef803eeec4f175ebf120f94125717ee12444

                                              SHA256

                                              f58d3a4b2f3f7f10815c24586fae91964eeed830369e7e0701b43895b0cefbd3

                                              SHA512

                                              aabe1cf076f48f32542f49a92e4ca9f054b31d5a9949119991b897b9489fe775d8009896408ba49ac43ec431c87c0d385daead9dbbde7ef6309b0c97bbaf852a

                                            • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Affordable

                                              Filesize

                                              142KB

                                              MD5

                                              e66c8890c2eb6adba5948d082bd215a6

                                              SHA1

                                              93a813794b38b728c8a6248c64221a419b026ce4

                                              SHA256

                                              99e62c44a3dbf370201324564c94be16ffb81b29c543ec5fd6f14e1a3be75e1a

                                              SHA512

                                              9b7546cee1ba82ff4db0a3598098be91bbd114e4a80116b15ac9ea106fa881b201eee6dda4ee91b2d917ecaab5bc2327dcd34047c60f122f6e0fdacb79e49d17

                                            • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Cookbook

                                              Filesize

                                              213KB

                                              MD5

                                              e9db611974409fb7c1770fe95bfd5402

                                              SHA1

                                              ad077d6f8ad48bd4a8edbca88711cc4b7c71c1b5

                                              SHA256

                                              fc141ffe6bf256b8794c769feed25fa8bfeff01a60cdd2699e2d84e94585553c

                                              SHA512

                                              623694fdcc7acd66ed8170a158d2209706311566e04629c5a03b133902f729a554c3aaa6c85ef1163edaa3dfafd72d85b49f6edfa73e5419e57fac1d2f489799

                                            • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Increasingly

                                              Filesize

                                              289KB

                                              MD5

                                              863ce19b37f186c47a26882e399b9a81

                                              SHA1

                                              3843eded5fdd895e41694174d79789854bccada5

                                              SHA256

                                              0dbcc3e2ccfd18644f4ec3a24058cf6109e520b0c2213d8a083b5200696d20c6

                                              SHA512

                                              ca5323396012958b0269f4f0c1af62c0b26f593d061d81755060873dc270aa8680d4f61b00a445fc123d406d6f0e06fc1f7d45bc54c1efdc757b7e3531199f33

                                            • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Ink

                                              Filesize

                                              701KB

                                              MD5

                                              baa1587c7effd1d982a3cfe987d0f4a2

                                              SHA1

                                              edf879652a193ac9f685a44fc8ff39da7571f803

                                              SHA256

                                              e4160779100599c8404fd1153f0af398df82c8a78ce0ae98e53fdcefdfcad60f

                                              SHA512

                                              68d8fdd4877ac7d97a238ad9fe2f91160bf71ea54cbb62bebe56dbfb00dcfe88d6291b9188ff6500caff28bd3b4518f4697e30227279f6059324e6756a995ea4

                                            • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Inventory

                                              Filesize

                                              12KB

                                              MD5

                                              b649c8b485f6b192061ad04a185f03dc

                                              SHA1

                                              6fb0cc214d6d55d400793c3d085d9ea98c7fbb87

                                              SHA256

                                              fee25a6fcbd1d1bfbeca85e9a97e882d1b4a0bc5a521838f8b6ee1fe6c7370e9

                                              SHA512

                                              e12fdc7e64f6b2ad9ef45b01ec7ab87bb1dba4c29e727517b9690018b2ec699bdd2173cf9eac8a0f3441c32ba8a952ab8de2b0bf63c6c47c94f56ba92bf2cbe3

                                            • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Rounds

                                              Filesize

                                              280KB

                                              MD5

                                              12073c3269a07bf6bc9cd8b66462fc0f

                                              SHA1

                                              f3a762ef9933b82aeae112b09a231f140ed2363f

                                              SHA256

                                              12221e02174a5148dd215e1b1dcc81e47704be82e8dbc4e93eb9a664e582cbda

                                              SHA512

                                              e0c586ebb4b18a45345e293189ff52e83d974f52a76c0cd614ac28c6d50288e84f78fc28adeeb0d10adf3bae0a21789e59698e86a96012c2901a32406aceb206

                                            • \??\pipe\crashpad_2740_AMXRVYPIBVKDREHA

                                              MD5

                                              d41d8cd98f00b204e9800998ecf8427e

                                              SHA1

                                              da39a3ee5e6b4b0d3255bfef95601890afd80709

                                              SHA256

                                              e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                              SHA512

                                              cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                            • memory/4060-28-0x0000000001540000-0x0000000001541000-memory.dmp

                                              Filesize

                                              4KB

                                            • memory/4060-37-0x0000000000490000-0x00000000004D9000-memory.dmp

                                              Filesize

                                              292KB

                                            • memory/4060-36-0x0000000004EB0000-0x0000000004EF0000-memory.dmp

                                              Filesize

                                              256KB

                                            • memory/4060-35-0x0000000004EB0000-0x0000000004EB1000-memory.dmp

                                              Filesize

                                              4KB

                                            • memory/4060-34-0x0000000004EB0000-0x0000000004EB1000-memory.dmp

                                              Filesize

                                              4KB

                                            • memory/4060-33-0x0000000004EB0000-0x0000000004EB1000-memory.dmp

                                              Filesize

                                              4KB

                                            • memory/4060-32-0x0000000000490000-0x00000000004D9000-memory.dmp

                                              Filesize

                                              292KB

                                            • memory/4060-31-0x0000000000490000-0x00000000004D9000-memory.dmp

                                              Filesize

                                              292KB

                                            • memory/4060-30-0x0000000000490000-0x00000000004D9000-memory.dmp

                                              Filesize

                                              292KB

                                            • memory/4060-29-0x0000000000490000-0x00000000004D9000-memory.dmp

                                              Filesize

                                              292KB

                                            • memory/4060-27-0x0000000000490000-0x00000000004D9000-memory.dmp

                                              Filesize

                                              292KB

                                            • memory/4060-26-0x0000000000490000-0x00000000004D9000-memory.dmp

                                              Filesize

                                              292KB

                                            • memory/4060-25-0x0000000077401000-0x0000000077521000-memory.dmp

                                              Filesize

                                              1.1MB