Resubmissions

17-06-2024 21:47

240617-1nl44svgle 3

17-06-2024 21:44

240617-1lvy8szank 3

17-06-2024 21:39

240617-1h36faverh 3

17-06-2024 18:01

240617-wmbvjaybqa 10

Analysis

  • max time kernel
    254s
  • max time network
    204s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-06-2024 21:39

General

  • Target

    yiff-patcher.exe

  • Size

    472KB

  • MD5

    7ad46837428260d0882bfecaeb855546

  • SHA1

    391ed1de614e439cc6fb3d8abd0210633edee949

  • SHA256

    e00388356146e2346a4b5f699cd222732d02242c65764650d77cae5ebf4d1089

  • SHA512

    005b5349a5b826aebd516c7b808014cb0cd92ff01bc4f4bb45041adf22a38a30d5634889cf85c87361233ab8c243222abc049f05d4391d92b2261abe0690550a

  • SSDEEP

    6144:7lhpExVAjyoj5PIN9tIyMAAMUGjP9kRIkyUtP0QfGz4cmNc6koXcJvhFlUZ:7lhpXeTtyAzdjFaIkyUtPaUTC6yhYZ

Score
1/10

Malware Config

Signatures

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\yiff-patcher.exe
    "C:\Users\Admin\AppData\Local\Temp\yiff-patcher.exe"
    1⤵
      PID:1880
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe"
      1⤵
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:2780
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa7e8bab58,0x7ffa7e8bab68,0x7ffa7e8bab78
        2⤵
          PID:3664
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1716,i,17319801856554805025,8025766987650485090,131072 /prefetch:2
          2⤵
            PID:720
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1716,i,17319801856554805025,8025766987650485090,131072 /prefetch:8
            2⤵
              PID:3044
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2196 --field-trial-handle=1716,i,17319801856554805025,8025766987650485090,131072 /prefetch:8
              2⤵
                PID:2504
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3064 --field-trial-handle=1716,i,17319801856554805025,8025766987650485090,131072 /prefetch:1
                2⤵
                  PID:3768
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3100 --field-trial-handle=1716,i,17319801856554805025,8025766987650485090,131072 /prefetch:1
                  2⤵
                    PID:4388
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3588 --field-trial-handle=1716,i,17319801856554805025,8025766987650485090,131072 /prefetch:1
                    2⤵
                      PID:4772
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4292 --field-trial-handle=1716,i,17319801856554805025,8025766987650485090,131072 /prefetch:8
                      2⤵
                        PID:4496
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4620 --field-trial-handle=1716,i,17319801856554805025,8025766987650485090,131072 /prefetch:8
                        2⤵
                          PID:4564
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4052 --field-trial-handle=1716,i,17319801856554805025,8025766987650485090,131072 /prefetch:8
                          2⤵
                            PID:4212
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4844 --field-trial-handle=1716,i,17319801856554805025,8025766987650485090,131072 /prefetch:8
                            2⤵
                              PID:1728
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 --field-trial-handle=1716,i,17319801856554805025,8025766987650485090,131072 /prefetch:8
                              2⤵
                                PID:4208
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5100 --field-trial-handle=1716,i,17319801856554805025,8025766987650485090,131072 /prefetch:1
                                2⤵
                                  PID:3036
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3124 --field-trial-handle=1716,i,17319801856554805025,8025766987650485090,131072 /prefetch:1
                                  2⤵
                                    PID:1564
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4552 --field-trial-handle=1716,i,17319801856554805025,8025766987650485090,131072 /prefetch:8
                                    2⤵
                                      PID:3932
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3184 --field-trial-handle=1716,i,17319801856554805025,8025766987650485090,131072 /prefetch:8
                                      2⤵
                                        PID:3016
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 --field-trial-handle=1716,i,17319801856554805025,8025766987650485090,131072 /prefetch:8
                                        2⤵
                                        • Modifies registry class
                                        PID:2984
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3596 --field-trial-handle=1716,i,17319801856554805025,8025766987650485090,131072 /prefetch:8
                                        2⤵
                                          PID:3384
                                      • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                                        "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                                        1⤵
                                          PID:4004
                                        • C:\Windows\system32\AUDIODG.EXE
                                          C:\Windows\system32\AUDIODG.EXE 0x404 0x384
                                          1⤵
                                          • Suspicious use of AdjustPrivilegeToken
                                          PID:4504
                                        • C:\Users\Admin\AppData\Local\Temp\yiff-patcher.exe
                                          "C:\Users\Admin\AppData\Local\Temp\yiff-patcher.exe"
                                          1⤵
                                            PID:60
                                          • C:\Users\Admin\AppData\Local\Temp\yiff-patcher.exe
                                            "C:\Users\Admin\AppData\Local\Temp\yiff-patcher.exe"
                                            1⤵
                                              PID:4588
                                            • C:\Users\Admin\Desktop\yiff-patcher.exe
                                              "C:\Users\Admin\Desktop\yiff-patcher.exe"
                                              1⤵
                                                PID:4032
                                              • C:\Users\Admin\Desktop\yiff-patcher.exe
                                                "C:\Users\Admin\Desktop\yiff-patcher.exe"
                                                1⤵
                                                  PID:4440
                                                • C:\Users\Admin\Desktop\yiff-patcher.exe
                                                  "C:\Users\Admin\Desktop\yiff-patcher.exe"
                                                  1⤵
                                                    PID:4152
                                                  • C:\Users\Admin\Desktop\yiff-patcher.exe
                                                    "C:\Users\Admin\Desktop\yiff-patcher.exe"
                                                    1⤵
                                                      PID:1400
                                                    • C:\Users\Admin\Desktop\yiff-patcher.exe
                                                      "C:\Users\Admin\Desktop\yiff-patcher.exe"
                                                      1⤵
                                                        PID:1200
                                                      • C:\Users\Admin\Desktop\yiff-patcher.exe
                                                        "C:\Users\Admin\Desktop\yiff-patcher.exe"
                                                        1⤵
                                                          PID:3228
                                                        • C:\Users\Admin\Desktop\yiff-patcher.exe
                                                          "C:\Users\Admin\Desktop\yiff-patcher.exe"
                                                          1⤵
                                                            PID:1448
                                                          • C:\Users\Admin\Desktop\yiff-patcher.exe
                                                            "C:\Users\Admin\Desktop\yiff-patcher.exe"
                                                            1⤵
                                                              PID:2472
                                                            • C:\Users\Admin\Desktop\yiff-patcher.exe
                                                              "C:\Users\Admin\Desktop\yiff-patcher.exe"
                                                              1⤵
                                                                PID:4872
                                                              • C:\Users\Admin\Desktop\yiff-patcher.exe
                                                                "C:\Users\Admin\Desktop\yiff-patcher.exe"
                                                                1⤵
                                                                  PID:4552
                                                                • C:\Users\Admin\Desktop\yiff-patcher.exe
                                                                  "C:\Users\Admin\Desktop\yiff-patcher.exe"
                                                                  1⤵
                                                                    PID:1736
                                                                  • C:\Users\Admin\Desktop\yiff-patcher.exe
                                                                    "C:\Users\Admin\Desktop\yiff-patcher.exe"
                                                                    1⤵
                                                                      PID:3304
                                                                    • C:\Users\Admin\Desktop\yiff-patcher.exe
                                                                      "C:\Users\Admin\Desktop\yiff-patcher.exe"
                                                                      1⤵
                                                                        PID:3904
                                                                      • C:\Users\Admin\Desktop\yiff-patcher.exe
                                                                        "C:\Users\Admin\Desktop\yiff-patcher.exe"
                                                                        1⤵
                                                                          PID:2816
                                                                        • C:\Users\Admin\Desktop\yiff-patcher.exe
                                                                          "C:\Users\Admin\Desktop\yiff-patcher.exe"
                                                                          1⤵
                                                                            PID:564
                                                                          • C:\Users\Admin\Desktop\yiff-patcher.exe
                                                                            "C:\Users\Admin\Desktop\yiff-patcher.exe"
                                                                            1⤵
                                                                              PID:2184
                                                                            • C:\Users\Admin\Desktop\yiff-patcher.exe
                                                                              "C:\Users\Admin\Desktop\yiff-patcher.exe"
                                                                              1⤵
                                                                                PID:1120
                                                                              • C:\Users\Admin\Desktop\yiff-patcher.exe
                                                                                "C:\Users\Admin\Desktop\yiff-patcher.exe"
                                                                                1⤵
                                                                                  PID:4812
                                                                                • C:\Users\Admin\Desktop\yiff-patcher.exe
                                                                                  "C:\Users\Admin\Desktop\yiff-patcher.exe"
                                                                                  1⤵
                                                                                    PID:1564
                                                                                  • C:\Users\Admin\Desktop\yiff-patcher.exe
                                                                                    "C:\Users\Admin\Desktop\yiff-patcher.exe"
                                                                                    1⤵
                                                                                      PID:4256
                                                                                    • C:\Users\Admin\Desktop\yiff-patcher.exe
                                                                                      "C:\Users\Admin\Desktop\yiff-patcher.exe"
                                                                                      1⤵
                                                                                        PID:1868
                                                                                      • C:\Users\Admin\Desktop\yiff-patcher.exe
                                                                                        "C:\Users\Admin\Desktop\yiff-patcher.exe"
                                                                                        1⤵
                                                                                          PID:2500
                                                                                        • C:\Users\Admin\Desktop\yiff-patcher.exe
                                                                                          "C:\Users\Admin\Desktop\yiff-patcher.exe"
                                                                                          1⤵
                                                                                            PID:2812
                                                                                          • C:\Users\Admin\Desktop\yiff-patcher.exe
                                                                                            "C:\Users\Admin\Desktop\yiff-patcher.exe"
                                                                                            1⤵
                                                                                              PID:3972
                                                                                            • C:\Users\Admin\Desktop\yiff-patcher.exe
                                                                                              "C:\Users\Admin\Desktop\yiff-patcher.exe"
                                                                                              1⤵
                                                                                                PID:2996
                                                                                              • C:\Users\Admin\Desktop\yiff-patcher.exe
                                                                                                "C:\Users\Admin\Desktop\yiff-patcher.exe"
                                                                                                1⤵
                                                                                                  PID:4188
                                                                                                • C:\Users\Admin\Desktop\yiff-patcher.exe
                                                                                                  "C:\Users\Admin\Desktop\yiff-patcher.exe"
                                                                                                  1⤵
                                                                                                    PID:3276
                                                                                                  • C:\Users\Admin\Desktop\yiff-patcher.exe
                                                                                                    "C:\Users\Admin\Desktop\yiff-patcher.exe"
                                                                                                    1⤵
                                                                                                      PID:2136
                                                                                                    • C:\Users\Admin\Desktop\yiff-patcher.exe
                                                                                                      "C:\Users\Admin\Desktop\yiff-patcher.exe"
                                                                                                      1⤵
                                                                                                        PID:2248
                                                                                                      • C:\Users\Admin\Desktop\yiff-patcher.exe
                                                                                                        "C:\Users\Admin\Desktop\yiff-patcher.exe"
                                                                                                        1⤵
                                                                                                          PID:2300
                                                                                                        • C:\Users\Admin\Desktop\yiff-patcher.exe
                                                                                                          "C:\Users\Admin\Desktop\yiff-patcher.exe"
                                                                                                          1⤵
                                                                                                            PID:2728
                                                                                                          • C:\Users\Admin\Desktop\yiff-patcher.exe
                                                                                                            "C:\Users\Admin\Desktop\yiff-patcher.exe"
                                                                                                            1⤵
                                                                                                              PID:3384
                                                                                                            • C:\Users\Admin\Desktop\yiff-patcher.exe
                                                                                                              "C:\Users\Admin\Desktop\yiff-patcher.exe"
                                                                                                              1⤵
                                                                                                                PID:1572
                                                                                                              • C:\Users\Admin\Desktop\yiff-patcher.exe
                                                                                                                "C:\Users\Admin\Desktop\yiff-patcher.exe"
                                                                                                                1⤵
                                                                                                                  PID:2804
                                                                                                                • C:\Users\Admin\Desktop\yiff-patcher.exe
                                                                                                                  "C:\Users\Admin\Desktop\yiff-patcher.exe"
                                                                                                                  1⤵
                                                                                                                    PID:1884
                                                                                                                  • C:\Users\Admin\Desktop\yiff-patcher.exe
                                                                                                                    "C:\Users\Admin\Desktop\yiff-patcher.exe"
                                                                                                                    1⤵
                                                                                                                      PID:1652
                                                                                                                    • C:\Users\Admin\Desktop\yiff-patcher.exe
                                                                                                                      "C:\Users\Admin\Desktop\yiff-patcher.exe"
                                                                                                                      1⤵
                                                                                                                        PID:3692
                                                                                                                      • C:\Users\Admin\Desktop\yiff-patcher.exe
                                                                                                                        "C:\Users\Admin\Desktop\yiff-patcher.exe"
                                                                                                                        1⤵
                                                                                                                          PID:2448
                                                                                                                        • C:\Users\Admin\Desktop\yiff-patcher.exe
                                                                                                                          "C:\Users\Admin\Desktop\yiff-patcher.exe"
                                                                                                                          1⤵
                                                                                                                            PID:3044
                                                                                                                          • C:\Users\Admin\Desktop\yiff-patcher.exe
                                                                                                                            "C:\Users\Admin\Desktop\yiff-patcher.exe"
                                                                                                                            1⤵
                                                                                                                              PID:3864
                                                                                                                            • C:\Users\Admin\Desktop\yiff-patcher.exe
                                                                                                                              "C:\Users\Admin\Desktop\yiff-patcher.exe"
                                                                                                                              1⤵
                                                                                                                                PID:4972
                                                                                                                              • C:\Users\Admin\Desktop\yiff-patcher.exe
                                                                                                                                "C:\Users\Admin\Desktop\yiff-patcher.exe"
                                                                                                                                1⤵
                                                                                                                                  PID:4980
                                                                                                                                • C:\Users\Admin\Desktop\yiff-patcher.exe
                                                                                                                                  "C:\Users\Admin\Desktop\yiff-patcher.exe"
                                                                                                                                  1⤵
                                                                                                                                    PID:3416
                                                                                                                                  • C:\Users\Admin\Desktop\yiff-patcher.exe
                                                                                                                                    "C:\Users\Admin\Desktop\yiff-patcher.exe"
                                                                                                                                    1⤵
                                                                                                                                      PID:2452
                                                                                                                                    • C:\Users\Admin\Desktop\yiff-patcher.exe
                                                                                                                                      "C:\Users\Admin\Desktop\yiff-patcher.exe"
                                                                                                                                      1⤵
                                                                                                                                        PID:2572
                                                                                                                                      • C:\Users\Admin\Desktop\yiff-patcher.exe
                                                                                                                                        "C:\Users\Admin\Desktop\yiff-patcher.exe"
                                                                                                                                        1⤵
                                                                                                                                          PID:748
                                                                                                                                        • C:\Users\Admin\Desktop\yiff-patcher.exe
                                                                                                                                          "C:\Users\Admin\Desktop\yiff-patcher.exe"
                                                                                                                                          1⤵
                                                                                                                                            PID:2684
                                                                                                                                          • C:\Users\Admin\Desktop\yiff-patcher.exe
                                                                                                                                            "C:\Users\Admin\Desktop\yiff-patcher.exe"
                                                                                                                                            1⤵
                                                                                                                                              PID:4568
                                                                                                                                            • C:\Users\Admin\Desktop\yiff-patcher.exe
                                                                                                                                              "C:\Users\Admin\Desktop\yiff-patcher.exe"
                                                                                                                                              1⤵
                                                                                                                                                PID:1760
                                                                                                                                              • C:\Users\Admin\Desktop\yiff-patcher.exe
                                                                                                                                                "C:\Users\Admin\Desktop\yiff-patcher.exe"
                                                                                                                                                1⤵
                                                                                                                                                  PID:692
                                                                                                                                                • C:\Users\Admin\Desktop\yiff-patcher.exe
                                                                                                                                                  "C:\Users\Admin\Desktop\yiff-patcher.exe"
                                                                                                                                                  1⤵
                                                                                                                                                    PID:4060
                                                                                                                                                  • C:\Users\Admin\Desktop\yiff-patcher.exe
                                                                                                                                                    "C:\Users\Admin\Desktop\yiff-patcher.exe"
                                                                                                                                                    1⤵
                                                                                                                                                      PID:2848
                                                                                                                                                    • C:\Users\Admin\Desktop\yiff-patcher.exe
                                                                                                                                                      "C:\Users\Admin\Desktop\yiff-patcher.exe"
                                                                                                                                                      1⤵
                                                                                                                                                        PID:4616
                                                                                                                                                      • C:\Users\Admin\Desktop\yiff-patcher.exe
                                                                                                                                                        "C:\Users\Admin\Desktop\yiff-patcher.exe"
                                                                                                                                                        1⤵
                                                                                                                                                          PID:1124
                                                                                                                                                        • C:\Users\Admin\Desktop\yiff-patcher.exe
                                                                                                                                                          "C:\Users\Admin\Desktop\yiff-patcher.exe"
                                                                                                                                                          1⤵
                                                                                                                                                            PID:3628
                                                                                                                                                          • C:\Users\Admin\Desktop\yiff-patcher.exe
                                                                                                                                                            "C:\Users\Admin\Desktop\yiff-patcher.exe"
                                                                                                                                                            1⤵
                                                                                                                                                              PID:4232
                                                                                                                                                            • C:\Users\Admin\Desktop\yiff-patcher.exe
                                                                                                                                                              "C:\Users\Admin\Desktop\yiff-patcher.exe"
                                                                                                                                                              1⤵
                                                                                                                                                                PID:4992
                                                                                                                                                              • C:\Users\Admin\Desktop\yiff-patcher.exe
                                                                                                                                                                "C:\Users\Admin\Desktop\yiff-patcher.exe"
                                                                                                                                                                1⤵
                                                                                                                                                                  PID:4176
                                                                                                                                                                • C:\Users\Admin\Desktop\yiff-patcher.exe
                                                                                                                                                                  "C:\Users\Admin\Desktop\yiff-patcher.exe"
                                                                                                                                                                  1⤵
                                                                                                                                                                    PID:1056
                                                                                                                                                                  • C:\Users\Admin\Desktop\yiff-patcher.exe
                                                                                                                                                                    "C:\Users\Admin\Desktop\yiff-patcher.exe"
                                                                                                                                                                    1⤵
                                                                                                                                                                      PID:4668
                                                                                                                                                                    • C:\Users\Admin\Desktop\yiff-patcher.exe
                                                                                                                                                                      "C:\Users\Admin\Desktop\yiff-patcher.exe"
                                                                                                                                                                      1⤵
                                                                                                                                                                        PID:1432
                                                                                                                                                                      • C:\Users\Admin\Desktop\yiff-patcher.exe
                                                                                                                                                                        "C:\Users\Admin\Desktop\yiff-patcher.exe"
                                                                                                                                                                        1⤵
                                                                                                                                                                          PID:4516
                                                                                                                                                                        • C:\Windows\system32\taskmgr.exe
                                                                                                                                                                          "C:\Windows\system32\taskmgr.exe" /7
                                                                                                                                                                          1⤵
                                                                                                                                                                          • Checks SCSI registry key(s)
                                                                                                                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                          • Suspicious use of FindShellTrayWindow
                                                                                                                                                                          • Suspicious use of SendNotifyMessage
                                                                                                                                                                          PID:1736

                                                                                                                                                                        Network

                                                                                                                                                                        MITRE ATT&CK Enterprise v15

                                                                                                                                                                        Replay Monitor

                                                                                                                                                                        Loading Replay Monitor...

                                                                                                                                                                        Downloads

                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                                                          Filesize

                                                                                                                                                                          504B

                                                                                                                                                                          MD5

                                                                                                                                                                          b17ff7cdd4df871c6d2491c551ecb5cf

                                                                                                                                                                          SHA1

                                                                                                                                                                          1cc1de18bf5aec9802eccdac9edc78c43c3339fe

                                                                                                                                                                          SHA256

                                                                                                                                                                          292aa2554c311320fa84f03380084c9d4356ce5cf4d3e9709289b4447b3e7daa

                                                                                                                                                                          SHA512

                                                                                                                                                                          0645cd6bcbaef70006858e762f148ade6bedc433fec3dbc1f9a55ddde455b56e4031ed6214d5e61e84fd4ab7e373454d982027d7e514fa06264ea0988ba2918d

                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

                                                                                                                                                                          Filesize

                                                                                                                                                                          264KB

                                                                                                                                                                          MD5

                                                                                                                                                                          10df9df3ec3ffe154ce8431330033057

                                                                                                                                                                          SHA1

                                                                                                                                                                          f5c1c5737c9bdec31e94e8f75fbc42f7b762689b

                                                                                                                                                                          SHA256

                                                                                                                                                                          7e61a272027462e07eaffa473b7a8ce27f7b6556fa0a3e4f81b6d4017af6ec90

                                                                                                                                                                          SHA512

                                                                                                                                                                          15ab33d2ae0e8b0ff400b9fa8dc8ea0a740e4ff02f3843591a273170675043c7e282ab7213c489835d250096fc5f4b7e88df84089c2b368cf5cec258143851ef

                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                                                                                          Filesize

                                                                                                                                                                          5KB

                                                                                                                                                                          MD5

                                                                                                                                                                          1a470e3f6d0b916fbe3a0dd724ed37d2

                                                                                                                                                                          SHA1

                                                                                                                                                                          e91b41b13d737aeee8d3a4de49af285624ce9281

                                                                                                                                                                          SHA256

                                                                                                                                                                          09f813d7e91192c7d5f002e7a4f222cc72bf4cb2c24d81351b79f8482ad90ddc

                                                                                                                                                                          SHA512

                                                                                                                                                                          7873e87af5d8f7f17a630bb42ae936e5a7ec77e702507025bbbbbecf07c823a945da3a98c0f0e6c80f88a44643c9b82442c9218be90476034828e608742278f1

                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                                                                                          Filesize

                                                                                                                                                                          5KB

                                                                                                                                                                          MD5

                                                                                                                                                                          ae97634308dcda3e789296705a0253a1

                                                                                                                                                                          SHA1

                                                                                                                                                                          2932635c5c4d34dad9f783c0fda0cd62c17549e2

                                                                                                                                                                          SHA256

                                                                                                                                                                          10cacc04011ff11574a22623e6280795da23d9ebddf1effe2a9bc2bafce5ee30

                                                                                                                                                                          SHA512

                                                                                                                                                                          728efb679ffa455a9f0405bff652a09b379ff96e983947ecb3c0543efc74600a9ff7bf7878094df585022cccff22ff317d32680e4ee72c67cd2b4a21cf4a8815

                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                                                                                                                                                          Filesize

                                                                                                                                                                          2B

                                                                                                                                                                          MD5

                                                                                                                                                                          d751713988987e9331980363e24189ce

                                                                                                                                                                          SHA1

                                                                                                                                                                          97d170e1550eee4afc0af065b78cda302a97674c

                                                                                                                                                                          SHA256

                                                                                                                                                                          4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                                                                                                          SHA512

                                                                                                                                                                          b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                          Filesize

                                                                                                                                                                          859B

                                                                                                                                                                          MD5

                                                                                                                                                                          963b7918fd1a9e21d34a450923819414

                                                                                                                                                                          SHA1

                                                                                                                                                                          071f7aa6e6c92d0068e44f197c1e496a6133a11d

                                                                                                                                                                          SHA256

                                                                                                                                                                          ff64084bc2d79cbf71006c2f6c45a7849967052973029ca2b30916b67ba88f37

                                                                                                                                                                          SHA512

                                                                                                                                                                          289d79196caf817acb8fe531ef605205a7512396a5b143bb1292aec490ab0d5c741ef44be8758456fd084aae2184df42aa327ab264480525fa895e8a74c34b6a

                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                          Filesize

                                                                                                                                                                          859B

                                                                                                                                                                          MD5

                                                                                                                                                                          3c574b93a20ef6721a53d87e47bca361

                                                                                                                                                                          SHA1

                                                                                                                                                                          adaf790976cf3f1c36ad3d38fb5b6c4ae9fed83c

                                                                                                                                                                          SHA256

                                                                                                                                                                          fb8031b14b8dddc3649f2bca879274b33aea5fa77e4cbcdb960f28bdadd471e6

                                                                                                                                                                          SHA512

                                                                                                                                                                          9fee29e7355f15e5422dd0b223a2c56615f21622a89fa94142c652789ae8450d4d9e9aa48aa6d059659d2d57664208ae6b231e2f6570fc652c4cf4e39fc3073a

                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                          Filesize

                                                                                                                                                                          7KB

                                                                                                                                                                          MD5

                                                                                                                                                                          9290a805ed59db80e1be20871e48bac8

                                                                                                                                                                          SHA1

                                                                                                                                                                          20de5d44015e7ae900b24f71ae5420cf6406ca11

                                                                                                                                                                          SHA256

                                                                                                                                                                          37d8a5aba253a89977b22ea5bce949c6290d50d6657e5382278d7de2f90523a0

                                                                                                                                                                          SHA512

                                                                                                                                                                          80bb986b2f8694b22fabfd82dd1c50ff695ae5c95d418ca5cd2d099df927d00ce42b6b9baf0a53077d2edc66211f55369f9ccfd5d88d325e47981d41a1c51e58

                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                          Filesize

                                                                                                                                                                          8KB

                                                                                                                                                                          MD5

                                                                                                                                                                          7b6b71aec7aef08df671cac941515a7b

                                                                                                                                                                          SHA1

                                                                                                                                                                          a8814b167bf87488ec209e7900ec00d230c5357c

                                                                                                                                                                          SHA256

                                                                                                                                                                          ace354e083199f84b6a91556f738deae227fc4c2ff189c0bbc9e7f6e21fa6ce5

                                                                                                                                                                          SHA512

                                                                                                                                                                          b89d622e33afa837c290c1d8c6f07461145b955fe1fe59d8fcd37e3319aded2500a906f8a8c3d5cc92b9b20985685ee0ce166929130581d920baffa7d993c332

                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                          Filesize

                                                                                                                                                                          7KB

                                                                                                                                                                          MD5

                                                                                                                                                                          92ec20af0bb6be59008a9069b42a37ae

                                                                                                                                                                          SHA1

                                                                                                                                                                          f0a98fa2343a8a38f424a0637d76798be27ea23f

                                                                                                                                                                          SHA256

                                                                                                                                                                          05dde7b2935a15e8c86d7743b9eb691ca3fed43970a6b5d2c991c01114c050a3

                                                                                                                                                                          SHA512

                                                                                                                                                                          0655f3c5ba06d099014eb00fca388230cfcb308842e7eb65ba6020b14f885eb91148a9e0ca7f7dc3e21a586dec3e1eb1c3046aba03602486575ce11a47130c71

                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                                                                                                                                                          Filesize

                                                                                                                                                                          16KB

                                                                                                                                                                          MD5

                                                                                                                                                                          bd8a3ba3657293708d46c483f86d5be2

                                                                                                                                                                          SHA1

                                                                                                                                                                          391d53816b5d7d2db2755483c5276b8686f4a60f

                                                                                                                                                                          SHA256

                                                                                                                                                                          26e571cd90f604a12457aec95c89b1c399578d3bce3e687e0f16bff7bf1f01bc

                                                                                                                                                                          SHA512

                                                                                                                                                                          c4ebbf07eaafb0f09a66d095690692fe26e1b66f5323a56f5beaceb7aeb4df7ad3ecb504e1e7c4d7a6ee07262231c164b3df66e71b56272c00c7f54daf7d2525

                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0fc34e02-b056-4cbd-8a0d-37a1d2a9ac3d\index-dir\the-real-index

                                                                                                                                                                          Filesize

                                                                                                                                                                          624B

                                                                                                                                                                          MD5

                                                                                                                                                                          a7dccbd31c61f17fa5b11be57827e92a

                                                                                                                                                                          SHA1

                                                                                                                                                                          a000e37f154821ef1329e2f3f02a8a1501f79baf

                                                                                                                                                                          SHA256

                                                                                                                                                                          6a7fe24b43d67e8e35c1d28a45ac722346d1efb285ce86e757097126e28b38ff

                                                                                                                                                                          SHA512

                                                                                                                                                                          601fc20470e4b50994105969b98920129411783128e861fd89dbe018bc992c38bd3616f792affa1c87c8a25c19cb4e9af8fe26e143abf8c04373ce98befe18f0

                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0fc34e02-b056-4cbd-8a0d-37a1d2a9ac3d\index-dir\the-real-index~RFe57d978.TMP

                                                                                                                                                                          Filesize

                                                                                                                                                                          48B

                                                                                                                                                                          MD5

                                                                                                                                                                          d922aa67d9258d7ac9a9d518d43719a2

                                                                                                                                                                          SHA1

                                                                                                                                                                          c1fe0dabb77e1ae26f50cd0564107a9e8086b39d

                                                                                                                                                                          SHA256

                                                                                                                                                                          79840dc3897164c0d610ef01e725b686e837fe5eee82a1a1782beba2cde854fe

                                                                                                                                                                          SHA512

                                                                                                                                                                          e10b12769dbd79eae80ce94ec8400234534dc4f5d2e18c46023862d547ddcf6dbecaf39b7e2d8daf9c4b3a508bcbe3af57bdc2b0154ec223031ee11760542cc2

                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9af59f61-7dad-44b8-91eb-3fb10d16aa7c\index-dir\the-real-index

                                                                                                                                                                          Filesize

                                                                                                                                                                          2KB

                                                                                                                                                                          MD5

                                                                                                                                                                          1e52f7ee14532f999b39f6cb2451a559

                                                                                                                                                                          SHA1

                                                                                                                                                                          d1067c38b994bd4a9f097a767f5b87b25b295083

                                                                                                                                                                          SHA256

                                                                                                                                                                          bbe923c16771e9a682612e7da99ae948db42540f2d39c60c885019901bd17d85

                                                                                                                                                                          SHA512

                                                                                                                                                                          97ffd7441756cbcc9a1055dcbfbbf09b017525767ef10817c3088d767afa566ca2116d87fb215a129863d9a485e635ab9a23a61806742ec40157146d66747033

                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9af59f61-7dad-44b8-91eb-3fb10d16aa7c\index-dir\the-real-index~RFe5813e1.TMP

                                                                                                                                                                          Filesize

                                                                                                                                                                          48B

                                                                                                                                                                          MD5

                                                                                                                                                                          5bb1d605a475178ac0bc03767b2cc460

                                                                                                                                                                          SHA1

                                                                                                                                                                          3460b89ebe9b063308be61e551171c5f4117da31

                                                                                                                                                                          SHA256

                                                                                                                                                                          3be5d29f0b57039defeb5f41a6ebb902a6588941b0331571d9463da5b67f899a

                                                                                                                                                                          SHA512

                                                                                                                                                                          80eb8796e807144c7758d1913bb4f28b14e7fb623cb98045e177c9cd26b1cd6fe93c90719e2accfa1dee93ea745bf579e59897e093cf5cb5d19516791800428f

                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                                                                                                                          Filesize

                                                                                                                                                                          176B

                                                                                                                                                                          MD5

                                                                                                                                                                          134f07fe1de4637c3b9db74a2e54c5b3

                                                                                                                                                                          SHA1

                                                                                                                                                                          bd775bc11c7c7f18fe57de7c44aa087972b190b9

                                                                                                                                                                          SHA256

                                                                                                                                                                          9c12aed2ada8033114de85c9af801601291797592dbe5162e1e2b7f1d8b50d00

                                                                                                                                                                          SHA512

                                                                                                                                                                          f86a220268a5e6785e514cd85d9035c96cbafc10bd2165b02dd9709e90949108afba720b08e17e9cfd033e3b608eef78d4255712bc6b1e74455abd1dcb4ccbef

                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                                                                                                                          Filesize

                                                                                                                                                                          112B

                                                                                                                                                                          MD5

                                                                                                                                                                          eabdd1065647b4f01a0cff48eb2fb544

                                                                                                                                                                          SHA1

                                                                                                                                                                          2ccf5421961bab23cbe3e4a989d3bb580d208907

                                                                                                                                                                          SHA256

                                                                                                                                                                          9eb2a8d3a2b5d02cac046acbfbae62a41719ba78a179b6069b14ace62fa00728

                                                                                                                                                                          SHA512

                                                                                                                                                                          3e7c4ce0df5c49fe3cee94ad6ddb28803bb8bd70716df5e0df16f242f62cc63f3b903c43fe4987dd1c30c3a85b0cddae7de0f2ace318d51779093ebc465af05d

                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                                                                                                                          Filesize

                                                                                                                                                                          183B

                                                                                                                                                                          MD5

                                                                                                                                                                          3016743f43eda63f1e1d3ff8d00f50f9

                                                                                                                                                                          SHA1

                                                                                                                                                                          6ddbd71d94ca51cff93b7757839f86efd471c3a8

                                                                                                                                                                          SHA256

                                                                                                                                                                          b151a4d9a6307c12ad94bfcd9ff3dedc473847e7a808ec60a0fb59155c1e0e02

                                                                                                                                                                          SHA512

                                                                                                                                                                          10a112ecf7f4b345595ac326d90c2d35086c2af441e069f672a496eb5b7f79fca188a685637e90b83894ed10094cdcbf9511ac740d00ea820c46ec27db02fd96

                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                                                                                                                          Filesize

                                                                                                                                                                          185B

                                                                                                                                                                          MD5

                                                                                                                                                                          b34422140bace573340295cf19ca5e75

                                                                                                                                                                          SHA1

                                                                                                                                                                          f089e90f9a8c038be99168b730361adc8636d392

                                                                                                                                                                          SHA256

                                                                                                                                                                          a34f9217bc3bffc808dfc8cf5f2eb5bec7fdc092d25f58c74bd1e3df94d382fd

                                                                                                                                                                          SHA512

                                                                                                                                                                          63f6a2142e3af15893ee6ac3a24e0c606a7ec33a6d91781d19f749c158b24659d379fbc894f6e0b680a64c3c8fab8ccb0de46c588d2c42fd42430f72e4b7c72a

                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe578230.TMP

                                                                                                                                                                          Filesize

                                                                                                                                                                          119B

                                                                                                                                                                          MD5

                                                                                                                                                                          b09261270aa4027ad040528b23d26977

                                                                                                                                                                          SHA1

                                                                                                                                                                          e8d4f2587f36a981f1e841c253466ac65bbe3bcc

                                                                                                                                                                          SHA256

                                                                                                                                                                          f1a095ed0b2e0c5e6e8741ff7bc204ce05242e0ce4bc633f13bcfe5dae39d17e

                                                                                                                                                                          SHA512

                                                                                                                                                                          783e85240da92a60be82922373aec21f420ba9225badb1e030e9fe3e4ed2e2782de33af82d37b12c19e0b72595973f464afbf00c3992bcbf1118f0bca890345a

                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                                                                                                                                                          Filesize

                                                                                                                                                                          120B

                                                                                                                                                                          MD5

                                                                                                                                                                          ef935d3423bd6f09e12e3a1ee8af6899

                                                                                                                                                                          SHA1

                                                                                                                                                                          18dd388df885423c29b7f7f0e0c258bf8dbb6785

                                                                                                                                                                          SHA256

                                                                                                                                                                          b06791e2dcfdca19372129fb5da957b15b7a3d72fa4bab51c237f19eae0c8071

                                                                                                                                                                          SHA512

                                                                                                                                                                          c059c23371832133dd6c731c3f395fdc2403c21cde228e333134c8f12a633bf9168516cf5b6d6406ec4f6ac7cc9b79bbbc4bebb46945151ed0e70203c5bbfe34

                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2780_1646451159\Shortcuts Menu Icons\Monochrome\0\512.png

                                                                                                                                                                          Filesize

                                                                                                                                                                          2KB

                                                                                                                                                                          MD5

                                                                                                                                                                          12a429f9782bcff446dc1089b68d44ee

                                                                                                                                                                          SHA1

                                                                                                                                                                          e41e5a1a4f2950a7f2da8be77ca26a66da7093b9

                                                                                                                                                                          SHA256

                                                                                                                                                                          e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37

                                                                                                                                                                          SHA512

                                                                                                                                                                          1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2780_1646451159\Shortcuts Menu Icons\Monochrome\1\512.png

                                                                                                                                                                          Filesize

                                                                                                                                                                          10KB

                                                                                                                                                                          MD5

                                                                                                                                                                          7f57c509f12aaae2c269646db7fde6e8

                                                                                                                                                                          SHA1

                                                                                                                                                                          969d8c0e3d9140f843f36ccf2974b112ad7afc07

                                                                                                                                                                          SHA256

                                                                                                                                                                          1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f

                                                                                                                                                                          SHA512

                                                                                                                                                                          3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2780_1865112293\Icons Monochrome\16.png

                                                                                                                                                                          Filesize

                                                                                                                                                                          216B

                                                                                                                                                                          MD5

                                                                                                                                                                          a4fd4f5953721f7f3a5b4bfd58922efe

                                                                                                                                                                          SHA1

                                                                                                                                                                          f3abed41d764efbd26bacf84c42bd8098a14c5cb

                                                                                                                                                                          SHA256

                                                                                                                                                                          c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3

                                                                                                                                                                          SHA512

                                                                                                                                                                          7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                                                          Filesize

                                                                                                                                                                          277KB

                                                                                                                                                                          MD5

                                                                                                                                                                          152fd1fb4b8434a7f1d788a1c9613c0b

                                                                                                                                                                          SHA1

                                                                                                                                                                          8eed06b1fab5bbb3712a175f5b66241fff47d4d0

                                                                                                                                                                          SHA256

                                                                                                                                                                          9bb05880f1b8dd7a8442fb5a7c5a4fb88c240f5130c354e17c05e208b589731f

                                                                                                                                                                          SHA512

                                                                                                                                                                          f5f29d6c19463080791db230c80c373f555f9db46e136282ca2c40b5e84366cd175c660686be059e700626632e1fad2bd5959a73a55a9beb09ded834b240bf3d

                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                                                          Filesize

                                                                                                                                                                          277KB

                                                                                                                                                                          MD5

                                                                                                                                                                          03e3b3ef7f31dc8c3ef0683ef753e963

                                                                                                                                                                          SHA1

                                                                                                                                                                          8ea9db9a7cd30136eabcc2fbff54d28ddae96802

                                                                                                                                                                          SHA256

                                                                                                                                                                          76e9af9d5a85c6711f9de4cb2462715a404901212ca3947ef99fb3b4549b06b6

                                                                                                                                                                          SHA512

                                                                                                                                                                          c0ab8dacf4eabb26c0865690b66b15015808ef420515aa89cc726bec705c7d385b5d9996adc8bcea98f8cbe469f68a42c44bbb292dc852ca694477e3d08a1b46

                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                                                                                                                                          Filesize

                                                                                                                                                                          89KB

                                                                                                                                                                          MD5

                                                                                                                                                                          d957c0e991d465bd0a6953efb69a783c

                                                                                                                                                                          SHA1

                                                                                                                                                                          9a6fb63b16df68bc2d9221c0f51ed43641638dea

                                                                                                                                                                          SHA256

                                                                                                                                                                          d0547f96ed519c3c853f4a2ea508cd2070ac00ac4197642123accf67470fbdb2

                                                                                                                                                                          SHA512

                                                                                                                                                                          db9dc528ff5ad4bc26b1facebd8e1a0bf1d56ddb81480ecad3e65e7a64db8e58ec1eb2f2b7134bc5115a4bfa41f2ee0217b9cc9d5408a221f8b2425a65eae1f9

                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57e9d3.TMP

                                                                                                                                                                          Filesize

                                                                                                                                                                          88KB

                                                                                                                                                                          MD5

                                                                                                                                                                          3504d57d810575128d5a42322a3f1f70

                                                                                                                                                                          SHA1

                                                                                                                                                                          a6d781082a12fb741d635d278ff1a4c35bcecc60

                                                                                                                                                                          SHA256

                                                                                                                                                                          960b89a6f99486b3625ac46cc13c3207c65deb4ac3154851eb3233d857e7e92f

                                                                                                                                                                          SHA512

                                                                                                                                                                          c1defff13c43cd7468cd67fb197d52ca07a9664374074237c24f2f08461249541eb31517f0e09be2a8cb447b72bb66d01ad4112f1e011f9fb2167889d3780b87

                                                                                                                                                                        • memory/1736-756-0x000001D08CF10000-0x000001D08CF11000-memory.dmp

                                                                                                                                                                          Filesize

                                                                                                                                                                          4KB

                                                                                                                                                                        • memory/1736-758-0x000001D08CF10000-0x000001D08CF11000-memory.dmp

                                                                                                                                                                          Filesize

                                                                                                                                                                          4KB

                                                                                                                                                                        • memory/1736-757-0x000001D08CF10000-0x000001D08CF11000-memory.dmp

                                                                                                                                                                          Filesize

                                                                                                                                                                          4KB

                                                                                                                                                                        • memory/1736-762-0x000001D08CF10000-0x000001D08CF11000-memory.dmp

                                                                                                                                                                          Filesize

                                                                                                                                                                          4KB

                                                                                                                                                                        • memory/1736-768-0x000001D08CF10000-0x000001D08CF11000-memory.dmp

                                                                                                                                                                          Filesize

                                                                                                                                                                          4KB

                                                                                                                                                                        • memory/1736-767-0x000001D08CF10000-0x000001D08CF11000-memory.dmp

                                                                                                                                                                          Filesize

                                                                                                                                                                          4KB

                                                                                                                                                                        • memory/1736-766-0x000001D08CF10000-0x000001D08CF11000-memory.dmp

                                                                                                                                                                          Filesize

                                                                                                                                                                          4KB

                                                                                                                                                                        • memory/1736-765-0x000001D08CF10000-0x000001D08CF11000-memory.dmp

                                                                                                                                                                          Filesize

                                                                                                                                                                          4KB

                                                                                                                                                                        • memory/1736-764-0x000001D08CF10000-0x000001D08CF11000-memory.dmp

                                                                                                                                                                          Filesize

                                                                                                                                                                          4KB

                                                                                                                                                                        • memory/1736-763-0x000001D08CF10000-0x000001D08CF11000-memory.dmp

                                                                                                                                                                          Filesize

                                                                                                                                                                          4KB