Resubmissions
19-01-2022 20:28
220119-y83aqachhm 10Analysis
-
max time kernel
1934s -
max time network
1937s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
19-01-2022 20:28
General
-
Target
E_TRANSF.EXE
-
Size
300.0MB
-
MD5
affebb601f181b9c290753caae06050a
-
SHA1
64942ee5d84b1a2262d02a1dd0ae1aa6e8b66486
-
SHA256
e2ce88575e964545d834e0bae841ec554b02fa4a290e645e19cb7556123bb49e
-
SHA512
3870beafddb9972863a2b0d74eeded9bd21eb3b8c13563808754927ce3a29579adad56e7eb3bc37b4777cb16caea0d9d5d233b01432aa42fe0c5ecafc3c025b2
Score
10/10
Malware Config
Extracted
Family
bitrat
Version
1.38
C2
yakbitpeople.duckdns.org:9175
Attributes
-
communication_password
827ccb0eea8a706c4c34a16891f84e7b
-
tor_process
tor
Signatures
-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
-
Executes dropped EXE 1 IoCs
-
UPX packed file 6 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 6 IoCs
-
Suspicious use of SetThreadContext 2 IoCs
-
Creates scheduled task(s) 1 TTPs 2 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 20 IoCs
-
Suspicious use of FindShellTrayWindow 34 IoCs
-
Suspicious use of SendNotifyMessage 32 IoCs
-
Suspicious use of SetWindowsHookEx 5 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\E_TRANSF.EXE"C:\Users\Admin\AppData\Local\Temp\E_TRANSF.EXE"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.exe"cmd" /c mkdir "C:\Users\Admin\AppData\Roaming\YAKBITT"2⤵
-
C:\Windows\SysWOW64\cmd.exe"cmd" /c schtasks /create /sc minute /mo 1 /tn "Nanias" /tr "'C:\Users\Admin\AppData\Roaming\YAKBITT\YAKBITT.exe'" /f2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /sc minute /mo 1 /tn "Nanias" /tr "'C:\Users\Admin\AppData\Roaming\YAKBITT\YAKBITT.exe'" /f3⤵
- Creates scheduled task(s)
-
C:\Windows\SysWOW64\cmd.exe"cmd" /c copy "C:\Users\Admin\AppData\Local\Temp\E_TRANSF.EXE" "C:\Users\Admin\AppData\Roaming\YAKBITT\YAKBITT.exe"2⤵
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵
-
C:\Windows\system32\migwiz\migwiz.exe"C:\Windows\system32\migwiz\migwiz.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\taskeng.exetaskeng.exe {90199CDA-ED11-4E15-99B5-8D58C4CCA9D8} S-1-5-21-3846991908-3261386348-1409841751-1000:VQVVOAJK\Admin:Interactive:[1]1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\YAKBITT\YAKBITT.exeC:\Users\Admin\AppData\Roaming\YAKBITT\YAKBITT.exe2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"3⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exe"cmd" /c mkdir "C:\Users\Admin\AppData\Roaming\YAKBITT"3⤵
-
C:\Windows\SysWOW64\cmd.exe"cmd" /c schtasks /create /sc minute /mo 1 /tn "Nanias" /tr "'C:\Users\Admin\AppData\Roaming\YAKBITT\YAKBITT.exe'" /f3⤵
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /sc minute /mo 1 /tn "Nanias" /tr "'C:\Users\Admin\AppData\Roaming\YAKBITT\YAKBITT.exe'" /f4⤵
- Creates scheduled task(s)
-
C:\Windows\SysWOW64\cmd.exe"cmd" /c copy "C:\Users\Admin\AppData\Roaming\YAKBITT\YAKBITT.exe" "C:\Users\Admin\AppData\Roaming\YAKBITT\YAKBITT.exe"3⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5674f50,0x7fef5674f60,0x7fef5674f702⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1100,13384906225419760315,3854042005688155536,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1112 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1100,13384906225419760315,3854042005688155536,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1408 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1100,13384906225419760315,3854042005688155536,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1820 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1100,13384906225419760315,3854042005688155536,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2052 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1100,13384906225419760315,3854042005688155536,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2136 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1100,13384906225419760315,3854042005688155536,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2824 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1100,13384906225419760315,3854042005688155536,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2548 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1100,13384906225419760315,3854042005688155536,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3208 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1100,13384906225419760315,3854042005688155536,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3308 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1100,13384906225419760315,3854042005688155536,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3412 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1100,13384906225419760315,3854042005688155536,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3992 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1100,13384906225419760315,3854042005688155536,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4100 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1100,13384906225419760315,3854042005688155536,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3792 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1100,13384906225419760315,3854042005688155536,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3848 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1100,13384906225419760315,3854042005688155536,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4056 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1100,13384906225419760315,3854042005688155536,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4036 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1100,13384906225419760315,3854042005688155536,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3424 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1100,13384906225419760315,3854042005688155536,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3864 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1100,13384906225419760315,3854042005688155536,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3196 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1100,13384906225419760315,3854042005688155536,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1100,13384906225419760315,3854042005688155536,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1100,13384906225419760315,3854042005688155536,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=920 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1100,13384906225419760315,3854042005688155536,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1484 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1100,13384906225419760315,3854042005688155536,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4084 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1100,13384906225419760315,3854042005688155536,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1012 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1100,13384906225419760315,3854042005688155536,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1100,13384906225419760315,3854042005688155536,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1808 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1100,13384906225419760315,3854042005688155536,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1484 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1100,13384906225419760315,3854042005688155536,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1484 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1100,13384906225419760315,3854042005688155536,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1740 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1100,13384906225419760315,3854042005688155536,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=836 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1100,13384906225419760315,3854042005688155536,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1752 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1100,13384906225419760315,3854042005688155536,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1484 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1100,13384906225419760315,3854042005688155536,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2156 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1100,13384906225419760315,3854042005688155536,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1668 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1100,13384906225419760315,3854042005688155536,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=108 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1100,13384906225419760315,3854042005688155536,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1012 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1100,13384906225419760315,3854042005688155536,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1100,13384906225419760315,3854042005688155536,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3512 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1100,13384906225419760315,3854042005688155536,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:82⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\YAKBITT\YAKBITT.exeMD5
affebb601f181b9c290753caae06050a
SHA164942ee5d84b1a2262d02a1dd0ae1aa6e8b66486
SHA256e2ce88575e964545d834e0bae841ec554b02fa4a290e645e19cb7556123bb49e
SHA5123870beafddb9972863a2b0d74eeded9bd21eb3b8c13563808754927ce3a29579adad56e7eb3bc37b4777cb16caea0d9d5d233b01432aa42fe0c5ecafc3c025b2
-
C:\Users\Admin\AppData\Roaming\YAKBITT\YAKBITT.exeMD5
affebb601f181b9c290753caae06050a
SHA164942ee5d84b1a2262d02a1dd0ae1aa6e8b66486
SHA256e2ce88575e964545d834e0bae841ec554b02fa4a290e645e19cb7556123bb49e
SHA5123870beafddb9972863a2b0d74eeded9bd21eb3b8c13563808754927ce3a29579adad56e7eb3bc37b4777cb16caea0d9d5d233b01432aa42fe0c5ecafc3c025b2
-
\??\pipe\crashpad_1952_ZRBOLJUFONVBUBWCMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/756-56-0x000007FEFC261000-0x000007FEFC263000-memory.dmpFilesize
8KB
-
memory/1296-55-0x0000000002450000-0x0000000002451000-memory.dmpFilesize
4KB
-
memory/1296-54-0x0000000000290000-0x00000000004A0000-memory.dmpFilesize
2.1MB
-
memory/1560-64-0x0000000075CE1000-0x0000000075CE3000-memory.dmpFilesize
8KB
-
memory/1560-66-0x0000000000460000-0x0000000000844000-memory.dmpFilesize
3.9MB
-
memory/1756-70-0x00000000049C0000-0x00000000049C1000-memory.dmpFilesize
4KB
-
memory/1756-69-0x00000000011E0000-0x00000000013F0000-memory.dmpFilesize
2.1MB
-
memory/2000-59-0x000007FEF4AD1000-0x000007FEF4AD3000-memory.dmpFilesize
8KB
-
memory/2000-58-0x000007FEF4221000-0x000007FEF4223000-memory.dmpFilesize
8KB
-
memory/2468-72-0x0000000000400000-0x00000000007E4000-memory.dmpFilesize
3.9MB
-
memory/2468-73-0x0000000000400000-0x00000000007E4000-memory.dmpFilesize
3.9MB
-
memory/2468-74-0x0000000000400000-0x00000000007E4000-memory.dmpFilesize
3.9MB
-
memory/2468-75-0x0000000000400000-0x00000000007E4000-memory.dmpFilesize
3.9MB
-
memory/2468-77-0x0000000000400000-0x00000000007E4000-memory.dmpFilesize
3.9MB
-
memory/2468-78-0x0000000000400000-0x00000000007E4000-memory.dmpFilesize
3.9MB
-
memory/2468-79-0x0000000000401000-0x00000000007E4000-memory.dmpFilesize
3.9MB