Malware Analysis Report

2025-06-16 03:29

Sample ID 230506-rjq3tshe55
Target https://anonfiles.com/iac0Bdp5zb/checker_exe
Tags
asyncrat stormkitty default rat spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://anonfiles.com/iac0Bdp5zb/checker_exe was found to be: Known bad.

Malicious Activity Summary

asyncrat stormkitty default rat spyware stealer

StormKitty payload

AsyncRat

StormKitty

Async RAT payload

Downloads MZ/PE file

Executes dropped EXE

Reads user/profile data of web browsers

Looks up external IP address via web service

Drops desktop.ini file(s)

Looks up geolocation information via web service

Checks processor information in registry

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Modifies data under HKEY_USERS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-05-06 14:13

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-05-06 14:13

Reported

2023-05-06 14:15

Platform

win10-20230220-en

Max time kernel

89s

Max time network

73s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://anonfiles.com/iac0Bdp5zb/checker_exe

Signatures

AsyncRat

rat asyncrat

StormKitty

stealer stormkitty

StormKitty payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Async RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Downloads MZ/PE file

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\checker.exe N/A

Reads user/profile data of web browsers

spyware stealer

Drops desktop.ini file(s)

Description Indicator Process Target
File created C:\Users\Admin\AppData\Local\c63bfa55c6905ee8165ea86928172f35\Admin@RDOTXCCL_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\desktop.ini C:\Users\Admin\Downloads\checker.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\c63bfa55c6905ee8165ea86928172f35\Admin@RDOTXCCL_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\desktop.ini C:\Users\Admin\Downloads\checker.exe N/A
File created C:\Users\Admin\AppData\Local\c63bfa55c6905ee8165ea86928172f35\Admin@RDOTXCCL_en-US\Grabber\DRIVE-C\Users\Admin\Desktop\desktop.ini C:\Users\Admin\Downloads\checker.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\c63bfa55c6905ee8165ea86928172f35\Admin@RDOTXCCL_en-US\Grabber\DRIVE-C\Users\Admin\Desktop\desktop.ini C:\Users\Admin\Downloads\checker.exe N/A
File created C:\Users\Admin\AppData\Local\c63bfa55c6905ee8165ea86928172f35\Admin@RDOTXCCL_en-US\Grabber\DRIVE-C\Users\Admin\Documents\desktop.ini C:\Users\Admin\Downloads\checker.exe N/A
File created C:\Users\Admin\AppData\Local\c63bfa55c6905ee8165ea86928172f35\Admin@RDOTXCCL_en-US\Grabber\DRIVE-C\Users\Admin\Pictures\desktop.ini C:\Users\Admin\Downloads\checker.exe N/A
File created C:\Users\Admin\AppData\Local\c63bfa55c6905ee8165ea86928172f35\Admin@RDOTXCCL_en-US\Grabber\DRIVE-C\Users\Admin\Pictures\Camera Roll\desktop.ini C:\Users\Admin\Downloads\checker.exe N/A
File created C:\Users\Admin\AppData\Local\c63bfa55c6905ee8165ea86928172f35\Admin@RDOTXCCL_en-US\Grabber\DRIVE-C\Users\Admin\Pictures\Saved Pictures\desktop.ini C:\Users\Admin\Downloads\checker.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A icanhazip.com N/A N/A

Looks up geolocation information via web service

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0 C:\Users\Admin\Downloads\checker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier C:\Users\Admin\Downloads\checker.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133278632431007363" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3480 wrote to memory of 3552 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3552 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 4392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 4392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 4764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://anonfiles.com/iac0Bdp5zb/checker_exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fff3fec9758,0x7fff3fec9768,0x7fff3fec9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1772,i,1302285884585738640,2346120644438175954,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 --field-trial-handle=1772,i,1302285884585738640,2346120644438175954,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2156 --field-trial-handle=1772,i,1302285884585738640,2346120644438175954,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2968 --field-trial-handle=1772,i,1302285884585738640,2346120644438175954,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2976 --field-trial-handle=1772,i,1302285884585738640,2346120644438175954,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4372 --field-trial-handle=1772,i,1302285884585738640,2346120644438175954,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 --field-trial-handle=1772,i,1302285884585738640,2346120644438175954,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 --field-trial-handle=1772,i,1302285884585738640,2346120644438175954,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3172 --field-trial-handle=1772,i,1302285884585738640,2346120644438175954,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5268 --field-trial-handle=1772,i,1302285884585738640,2346120644438175954,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4860 --field-trial-handle=1772,i,1302285884585738640,2346120644438175954,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 --field-trial-handle=1772,i,1302285884585738640,2346120644438175954,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1528 --field-trial-handle=1772,i,1302285884585738640,2346120644438175954,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5388 --field-trial-handle=1772,i,1302285884585738640,2346120644438175954,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5440 --field-trial-handle=1772,i,1302285884585738640,2346120644438175954,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5568 --field-trial-handle=1772,i,1302285884585738640,2346120644438175954,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5208 --field-trial-handle=1772,i,1302285884585738640,2346120644438175954,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5544 --field-trial-handle=1772,i,1302285884585738640,2346120644438175954,131072 /prefetch:8

C:\Users\Admin\Downloads\checker.exe

"C:\Users\Admin\Downloads\checker.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All

C:\Windows\SysWOW64\chcp.com

chcp 65001

C:\Windows\SysWOW64\netsh.exe

netsh wlan show profile

C:\Windows\SysWOW64\findstr.exe

findstr All

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid

C:\Windows\SysWOW64\chcp.com

chcp 65001

C:\Windows\SysWOW64\netsh.exe

netsh wlan show networks mode=bssid

Network

Country Destination Domain Proto
US 8.8.8.8:53 anonfiles.com udp
SE 45.154.253.152:443 anonfiles.com tcp
US 8.8.8.8:53 apps.identrust.com udp
BE 23.14.90.73:80 apps.identrust.com tcp
US 8.8.8.8:53 250.255.255.239.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 152.253.154.45.in-addr.arpa udp
US 8.8.8.8:53 73.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 vjs.zencdn.net udp
SE 45.154.253.152:443 anonfiles.com tcp
US 151.101.2.217:443 vjs.zencdn.net tcp
US 8.8.8.8:53 djv99sxoqpv11.cloudfront.net udp
SE 45.154.253.152:443 anonfiles.com tcp
SE 45.154.253.152:443 anonfiles.com tcp
SE 45.154.253.152:443 anonfiles.com tcp
SE 45.154.253.152:443 anonfiles.com tcp
NL 13.227.211.132:443 djv99sxoqpv11.cloudfront.net tcp
US 8.8.8.8:53 baconaces.pro udp
US 54.162.51.18:443 baconaces.pro tcp
US 8.8.8.8:53 163.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 217.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 132.211.227.13.in-addr.arpa udp
US 8.8.8.8:53 17.211.227.13.in-addr.arpa udp
US 8.8.8.8:53 kultingecauyuksehinkitw.info udp
FR 18.164.52.73:443 kultingecauyuksehinkitw.info tcp
US 8.8.8.8:53 pogothere.xyz udp
FR 18.164.52.73:443 kultingecauyuksehinkitw.info tcp
US 172.64.173.27:443 pogothere.xyz tcp
US 172.64.173.27:443 pogothere.xyz tcp
US 8.8.8.8:53 moderningvigil.org udp
US 8.8.8.8:53 workhovdiminatedi.info udp
NL 65.9.86.74:443 moderningvigil.org tcp
US 188.114.97.0:443 workhovdiminatedi.info tcp
US 188.114.97.0:443 workhovdiminatedi.info tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
DE 157.240.252.35:443 www.facebook.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
DE 172.217.23.202:443 content-autofill.googleapis.com tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 18.51.162.54.in-addr.arpa udp
US 8.8.8.8:53 73.52.164.18.in-addr.arpa udp
US 8.8.8.8:53 27.173.64.172.in-addr.arpa udp
US 8.8.8.8:53 74.86.9.65.in-addr.arpa udp
US 8.8.8.8:53 0.97.114.188.in-addr.arpa udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.252.240.157.in-addr.arpa udp
US 8.8.8.8:53 202.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 normaticalaccu.com udp
US 54.162.51.18:443 normaticalaccu.com tcp
US 188.114.97.0:443 workhovdiminatedi.info udp
US 54.162.51.18:443 normaticalaccu.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 251.0.0.224.in-addr.arpa udp
US 8.8.8.8:53 b.f.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa udp
US 8.8.8.8:53 antivirusgaming.com udp
US 172.67.208.179:443 antivirusgaming.com tcp
US 172.67.208.179:443 antivirusgaming.com udp
US 8.8.8.8:53 179.208.67.172.in-addr.arpa udp
US 8.8.8.8:53 cdn-149.anonfiles.com udp
SE 195.96.151.42:443 cdn-149.anonfiles.com tcp
SE 195.96.151.42:443 cdn-149.anonfiles.com tcp
US 20.189.173.11:443 tcp
US 8.8.8.8:53 42.151.96.195.in-addr.arpa udp
US 8.8.8.8:53 0.77.109.52.in-addr.arpa udp
US 8.8.8.8:53 icanhazip.com udp
US 104.18.115.97:80 icanhazip.com tcp
US 8.8.8.8:53 api.mylnikov.org udp
US 8.8.8.8:53 97.115.18.104.in-addr.arpa udp
US 172.67.196.114:443 api.mylnikov.org tcp
US 8.8.8.8:53 api.telegram.org udp
NL 149.154.167.220:443 api.telegram.org tcp
US 8.8.8.8:53 114.196.67.172.in-addr.arpa udp
US 8.8.8.8:53 220.167.154.149.in-addr.arpa udp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
N/A 127.0.0.1:7707 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:8808 tcp
N/A 127.0.0.1:8808 tcp

Files

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 bfca3daf5b8fbc6424d9f1bf904c9036
SHA1 c9fe4f7ca4ca1bb2a52db95fe1b8d31eb82bfbf4
SHA256 095a276f7f007984fcb28b786733bdfb04ddfe656cc322584e231d174fe98432
SHA512 67c59a053af97a4ef124579547273e3c48fa1ccf4528d029a421e14168d444e828d7c3b964a9128747585aa3e32f874dc1d845f8e6fb90a6e4d0c452483fef5b

\??\pipe\crashpad_3480_PTDJTRBNVRRUGZWI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d09666e486cd060863ccdf7fa2602c51
SHA1 03111b7b9414d481244eeac12034291d46d048db
SHA256 1d10e663c652de0e2b17b2c8c098c51c1606f8955ddcf0abac81e6e45a7b4e73
SHA512 373b8ead4dd77111659b872c485786eb7d9a060ccfa5b8673bf95ac1c75427f8a86790860dc34215c2c8081fef4bfb5372c238c2f156ac84cad2dccc4ad62e54

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0fa0f50d0489c059ac88f45cf860089e
SHA1 45d534297fca7fe3804a3b06161487860653068c
SHA256 654ec7559bdb77d69f26a953fb716239a8137cf6222885dd151a5206cb9beb70
SHA512 fbafcbab3e58eb207d80fcec4b39a30ce2a9bb43bc2ce2d1276f5a662d3b82288b9739b5008159096ce781d02111968ed65f77819456b8746df007f5f3686d8b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 06db82b9c212193ab67231840d0d6edb
SHA1 695c2124320d722b49ee0b8f56f6db8fcf47d170
SHA256 8bc82edb22b20f0f8a09322933ba9e19a8d8ea578f965689dab8448faaf3e3fa
SHA512 aa6f7a33ceb2c46f1c5cefc4fbb688d01d85efe535bec958fa08ea2a75c3b79d9eaf1dc3316aa5cead806fbcd862c390631bce0aeab9a131a79524ba0a2716b2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9b49d2a1be496d45e9346e887a3646f1
SHA1 5080b64636705db2b148e2f0a048e28440e60380
SHA256 d6d0a1e79657e1035a554481bbcb8ccab3247e8939f4eb52e0896d7368da10dd
SHA512 c853a0b65849d007b7d2fa5907610f1d382509509a9bc5408d04bb974295a6d47ad873a5a726345d598dd9956b622682586f75581fdf637b3725e3a007cd34ab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c716dc46d9bd27cac22481ae5a6da612
SHA1 032ff8ce9d8f03858854217afa482cc72427caf4
SHA256 d775c4859c84fcf1a140c8eb798614a9856e03251566878d29e4b942626ae1a3
SHA512 6f3f3e01048f9869717549c11231e3a85d2b882945f354a2e374ce8d42c4e024122ca2d9c64753f11dd77ff86bc7a2020e03aa2d8dfdb19a76a83d6755340124

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 fd05e1daa8a8f16ec68788044fed48eb
SHA1 ce962b7f0419d3a87923d5b36ed657754a4156ba
SHA256 7a873bf279f3358f63d1ce07f4883a84909107e41a5a76f8f8b674fa897f6394
SHA512 37da96654ab5d18cd5762377059496920c43bc9105b1d7e3ee10560df9d0fb9d056829e3d77e672626f0e540294c2ccfc94f1a87707a136e6e8fa530ebbb34f2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe56d381.TMP

MD5 4f1d1eb9ae6dd7c4ff603d769e41a13b
SHA1 b494cd5759955491782e20939ba1e30346e3f966
SHA256 52c3ea1da0e25ab78a589f4fe850630a38b0da0d0392db7d99ed7bacd628d5bd
SHA512 6b8383f169a93544e9c95e8eea1db4205340a934019b06cdaa5baf83d9b572ab111423547c1ac469bd9b09d435d3ff21d5cd6ae0d809dfebef6beb0b877551ea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\f6b099ae-69b4-45e5-85ac-b0102240055c.tmp

MD5 e1beb02b006fc5cc2b595afd63fef237
SHA1 8385a3e2d9b5100f97b51f718af07c134846071d
SHA256 28853b07e1056acc066b70fdcfdab912841f535809f0b1dd7e61ea9446b8d180
SHA512 d4898171134a448e0922b7134586f28cfbda5891c83958e2a4d7ab6daf2f687eb9c2ffe867a9c3463f06213eef8a645632f22223aaaa74f50be534df82f713f5

C:\Users\Admin\Downloads\checker.exe.crdownload

MD5 075502feb35553ae0c5cfb7dfb5c4c92
SHA1 5e6d95e20e8c5e060649a87b8fc662b3302d4742
SHA256 45574ef8a8b7e8c507a2ecb11fb5f35abe8d8d28c6af660d36b667185635cfe2
SHA512 ae23e3c0f7f37cc96a6eca26ed7f775af9af27024e3a1c32c9b62b14d27fac8b308aa0c838b579be2a2cbb211a609cfc49d023c43115f0ec89efddcc7055b959

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ddf1eff990d0d46c85d5cc9cb8ccdaaf
SHA1 fdadced01438ae9b04f4b3f99699a1c7784db4c5
SHA256 1c5c9c60f5038f158ad3089e0d554b5bb4e652c74e5d6c00817e3923b15c808b
SHA512 348b5b066ffd110342adf17a361e931157f77cf6a79812806386870439d468c0442f5dbb0070e672331240142bd403677d7cab0c1614fdeae47a097dea3968a4

C:\Users\Admin\Downloads\checker.exe

MD5 075502feb35553ae0c5cfb7dfb5c4c92
SHA1 5e6d95e20e8c5e060649a87b8fc662b3302d4742
SHA256 45574ef8a8b7e8c507a2ecb11fb5f35abe8d8d28c6af660d36b667185635cfe2
SHA512 ae23e3c0f7f37cc96a6eca26ed7f775af9af27024e3a1c32c9b62b14d27fac8b308aa0c838b579be2a2cbb211a609cfc49d023c43115f0ec89efddcc7055b959

C:\Users\Admin\Downloads\checker.exe

MD5 075502feb35553ae0c5cfb7dfb5c4c92
SHA1 5e6d95e20e8c5e060649a87b8fc662b3302d4742
SHA256 45574ef8a8b7e8c507a2ecb11fb5f35abe8d8d28c6af660d36b667185635cfe2
SHA512 ae23e3c0f7f37cc96a6eca26ed7f775af9af27024e3a1c32c9b62b14d27fac8b308aa0c838b579be2a2cbb211a609cfc49d023c43115f0ec89efddcc7055b959

memory/3324-298-0x0000000000E20000-0x0000000000E50000-memory.dmp

memory/3324-299-0x00000000032A0000-0x00000000032B0000-memory.dmp

memory/3324-302-0x0000000005A90000-0x0000000005AF6000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

MD5 66d410ff90f1ef742d0245e555f153fc
SHA1 6c4433642df2a686c5ccc8201965e84f05c4839b
SHA256 19f0bd9b327bc6531dbc39ca9d3a63221a2e679667aba61d65005f9063154d32
SHA512 959ba718e7ec5d30b4bd6cc77cc609e8b2482019e110a9d08d2280b78d9a433461fcc15796855fc72b51582bfa5ad13846c343b57941359c55216b7bef25a213

C:\Users\Admin\AppData\Local\c63bfa55c6905ee8165ea86928172f35\Admin@RDOTXCCL_en-US\Browsers\Firefox\Bookmarks.txt

MD5 2e9d094dda5cdc3ce6519f75943a4ff4
SHA1 5d989b4ac8b699781681fe75ed9ef98191a5096c
SHA256 c84c98bbf5e0ef9c8d0708b5d60c5bb656b7d6be5135d7f7a8d25557e08cf142
SHA512 d1f7eed00959e902bdb2125b91721460d3ff99f3bdfc1f2a343d4f58e8d4e5e5a06c0c6cdc0379211c94510f7c00d7a8b34fa7d0ca0c3d54cbbe878f1e9812b7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 17fc39f81e9166a07534bb6f64b1acf1
SHA1 605d3317fbc43bb8beaf3fcc60218c3cec96f5e8
SHA256 43a8993245fb91d33d03436cdb33e8697a1c1a9a69e2795406524efc792cfb44
SHA512 856f14ff668714d6229faa94f73e1feb333f1cb938e593f8c7925c0146549a321263b1c96b53c34f337cdcc5bef28924353b9d43ff7d1e5227b4298f7e96509e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe573f89.TMP

MD5 01667b4a6c8f69f3d2745bd41076d41d
SHA1 42f1fb87869bd34f7de341d6cb624f78fdbeb469
SHA256 0eaa337f44fabf6550b68e350f4124a893e44578cea9028177148cdb271b037f
SHA512 fda0eb57fad9dcc72561028df532f1947e697fbe76a3229fe4e32b343618e956dede1c9766492b43ae68c5642d5cf6abfdc05e0ef5c806c939599149627723b6

memory/3324-408-0x00000000032A0000-0x00000000032B0000-memory.dmp

C:\Users\Admin\AppData\Local\c63bfa55c6905ee8165ea86928172f35\Admin@RDOTXCCL_en-US\System\Process.txt

MD5 5e278e9654537fe26a47e8bf0c42a52c
SHA1 1ed49c94ecc816960d18fa5f0a5ad394ffb5f570
SHA256 d2be44b6182e36a85a6f1231e8343947833411382d1bf8cb792d7d12ca683c9b
SHA512 b3c54d8de2d08093d0f76e153d632bce066b8528acac423815eb15e6184ef694535022d912e3705ac07e65951e0998e7bb5c36b38f7aa4b7358d31e32203fe7a

memory/3324-439-0x0000000006680000-0x0000000006712000-memory.dmp

memory/3324-440-0x0000000006C20000-0x000000000711E000-memory.dmp

memory/3324-442-0x00000000032A0000-0x00000000032B0000-memory.dmp

memory/3324-445-0x0000000006880000-0x000000000688A000-memory.dmp

C:\Users\Admin\AppData\Local\13798e8c66c72f29b7bf2f9a864054c0\msgid.dat

MD5 184260348236f9554fe9375772ff966e
SHA1 c6d28f73737fec3883c5b4cebe30bfe12bbe4bf4
SHA256 5b64147d2864c61f08bdd4fb85c70d4d26e2b8d7774dc20edabeb13c9391c327
SHA512 63706ed5b6bcee264f69454748241b91975b60f1022b167c430701a9390a5c032d89d67e3ce21b2d918e2f512e14ac928efc89d798012fcd1282d364a4048ab5

memory/3324-461-0x0000000006BF0000-0x0000000006C02000-memory.dmp

memory/3324-487-0x00000000032A0000-0x00000000032B0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 883779237d38a0a9d97098e3fff80154
SHA1 78454c819b15084725860407943243a3fb6c03fc
SHA256 fb7a477c760a36998e65a8a0a331fc8ee7a8ff4ea4967cbe71dfa89c954bf546
SHA512 94d6bcb08f901825b2989b0ddbb8e77f96f2316a0982285cfeb690735743e39bcf34c772546fd8a351ea40af6094f85441c46a89ae17af09fdfdbbfbdb431137

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 22ef0b33c27926cb284485b26cde6a7f
SHA1 d880e210dd8dd0e8b887391cbaa9888382095ab9
SHA256 a847dd2512a6451e6dde72dca33c3f3011dddce56508f60d14feae19b74e9945
SHA512 a54d336f71ef58cc5ffbc671a7e53c4a8077f08b9f0052aa6da6c0ea7b349f87246da80475c65b6aa6494c8c3198204cc6f9e9b0e55f4fed6b5c8d9cd22aec3c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 f367dee742886a3e7020c64bee8c2ce2
SHA1 475d8bd4bc8e633262d4c0b2d83428e6342e2ae7
SHA256 d9b830dee5e5731a3f4545e5800f7bb482b8cc5f82cf93a4b67b8811f766cfab
SHA512 1cd18c6fa3ee73282884409cf8cc5bb08dce26b2e8ed2573220448d4bca5850a1f4c220787d6b57a727b6f8458370110141b98ea3865a0d957758c9407382ad7