Malware Analysis Report

2024-08-06 19:43

Sample ID 240619-s1j7aasgke
Target 1135f4d76cb6ca7605d54bd690b378bd769acdd28172fe55117f53de8f3c7520.exe
SHA256 1135f4d76cb6ca7605d54bd690b378bd769acdd28172fe55117f53de8f3c7520
Tags
njrat neuf evasion persistence privilege_escalation trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1135f4d76cb6ca7605d54bd690b378bd769acdd28172fe55117f53de8f3c7520

Threat Level: Known bad

The file 1135f4d76cb6ca7605d54bd690b378bd769acdd28172fe55117f53de8f3c7520.exe was found to be: Known bad.

Malicious Activity Summary

njrat neuf evasion persistence privilege_escalation trojan

njRAT/Bladabindi

Modifies Windows Firewall

Executes dropped EXE

Adds Run key to start application

Suspicious use of SetThreadContext

Event Triggered Execution: Netsh Helper DLL

Enumerates physical storage devices

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Modifies data under HKEY_USERS

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Persistence
TA0003
Create or Modify System Process
T1543
Windows Service
T1543.003
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Event Triggered Execution
T1546
Netsh Helper DLL
T1546.007
Privilege Escalation
TA0004
Create or Modify System Process
T1543
Windows Service
T1543.003
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Event Triggered Execution
T1546
Netsh Helper DLL
T1546.007
Defense Evasion
TA0005
Impair Defenses
T1562
Disable or Modify System Firewall
T1562.004
Modify Registry
T1112
Credential Access
TA0006
Discovery
TA0007
System Information Discovery
T1082
Query Registry
T1012
Lateral Movement
TA0008
Collection
TA0009
Exfiltration
TA0010
Command and Control
TA0011
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-06-19 15:35

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-19 15:35

Reported

2024-06-19 16:05

Platform

win11-20240611-en

Max time kernel

1799s

Max time network

1789s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1135f4d76cb6ca7605d54bd690b378bd769acdd28172fe55117f53de8f3c7520.exe"

Signatures

njRAT/Bladabindi

trojan njrat

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000\Software\Microsoft\Windows\CurrentVersion\Run\confuse = "C:\\Users\\Admin\\AppData\\Roaming\\confuse\\chargeable.exe" C:\Users\Admin\AppData\Local\Temp\1135f4d76cb6ca7605d54bd690b378bd769acdd28172fe55117f53de8f3c7520.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000\Software\Microsoft\Windows\CurrentVersion\Run\SysMain = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1135f4d76cb6ca7605d54bd690b378bd769acdd28172fe55117f53de8f3c7520.exe" C:\Users\Admin\AppData\Local\Temp\1135f4d76cb6ca7605d54bd690b378bd769acdd28172fe55117f53de8f3c7520.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 4688 set thread context of 3416 N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe

Enumerates physical storage devices

Event Triggered Execution: Netsh Helper DLL

persistence privilege_escalation
Description Indicator Process Target
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133632849680750111" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3292 wrote to memory of 1012 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 1012 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4764 wrote to memory of 3144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4764 wrote to memory of 3144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4764 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4764 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4764 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4764 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4764 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4764 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4764 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4764 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4764 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4764 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4764 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4764 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4764 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4764 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4764 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4764 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4764 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4764 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4764 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4764 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4764 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4764 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4764 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4764 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4764 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4764 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4764 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4764 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4764 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4764 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4764 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4764 wrote to memory of 4500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4764 wrote to memory of 4500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4764 wrote to memory of 480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4764 wrote to memory of 480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4764 wrote to memory of 480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4764 wrote to memory of 480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4764 wrote to memory of 480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4764 wrote to memory of 480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4764 wrote to memory of 480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4764 wrote to memory of 480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4764 wrote to memory of 480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4764 wrote to memory of 480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4764 wrote to memory of 480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4764 wrote to memory of 480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4764 wrote to memory of 480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4764 wrote to memory of 480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4764 wrote to memory of 480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4764 wrote to memory of 480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4764 wrote to memory of 480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4764 wrote to memory of 480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4764 wrote to memory of 480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4764 wrote to memory of 480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4764 wrote to memory of 480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4764 wrote to memory of 480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4764 wrote to memory of 480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4764 wrote to memory of 480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4764 wrote to memory of 480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4764 wrote to memory of 480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4764 wrote to memory of 480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\1135f4d76cb6ca7605d54bd690b378bd769acdd28172fe55117f53de8f3c7520.exe

"C:\Users\Admin\AppData\Local\Temp\1135f4d76cb6ca7605d54bd690b378bd769acdd28172fe55117f53de8f3c7520.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffecf16ab58,0x7ffecf16ab68,0x7ffecf16ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffecf16ab58,0x7ffecf16ab68,0x7ffecf16ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1728,i,12002658666317063191,13939505862531099269,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1728,i,12002658666317063191,13939505862531099269,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2188 --field-trial-handle=1728,i,12002658666317063191,13939505862531099269,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3024 --field-trial-handle=1728,i,12002658666317063191,13939505862531099269,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3100 --field-trial-handle=1728,i,12002658666317063191,13939505862531099269,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1828,i,143531308104967753,2693761346453501808,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=1828,i,143531308104967753,2693761346453501808,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4332 --field-trial-handle=1728,i,12002658666317063191,13939505862531099269,131072 /prefetch:1

C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe

"C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4752 --field-trial-handle=1728,i,12002658666317063191,13939505862531099269,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 --field-trial-handle=1728,i,12002658666317063191,13939505862531099269,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4500 --field-trial-handle=1728,i,12002658666317063191,13939505862531099269,131072 /prefetch:8

C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe

C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe

C:\Windows\SysWOW64\netsh.exe

netsh firewall add allowedprogram "C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe" "chargeable.exe" ENABLE

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4568 --field-trial-handle=1728,i,12002658666317063191,13939505862531099269,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 --field-trial-handle=1728,i,12002658666317063191,13939505862531099269,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5100 --field-trial-handle=1728,i,12002658666317063191,13939505862531099269,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 --field-trial-handle=1728,i,12002658666317063191,13939505862531099269,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4080 --field-trial-handle=1728,i,12002658666317063191,13939505862531099269,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4380 --field-trial-handle=1728,i,12002658666317063191,13939505862531099269,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5024 --field-trial-handle=1728,i,12002658666317063191,13939505862531099269,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4744 --field-trial-handle=1728,i,12002658666317063191,13939505862531099269,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5312 --field-trial-handle=1728,i,12002658666317063191,13939505862531099269,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4380 --field-trial-handle=1728,i,12002658666317063191,13939505862531099269,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2472 --field-trial-handle=1728,i,12002658666317063191,13939505862531099269,131072 /prefetch:2

Network

Country Destination Domain Proto
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
GB 142.250.187.206:443 www.youtube.com udp
GB 142.250.187.206:443 www.youtube.com tcp
N/A 224.0.0.251:5353 udp
MA 41.249.109.189:10000 doddyfire.linkpc.net tcp
GB 172.217.169.46:443 www.youtube.com udp
GB 172.217.169.46:443 www.youtube.com tcp
GB 172.217.16.246:443 i.ytimg.com tcp
GB 172.217.16.246:443 i.ytimg.com tcp
GB 172.217.16.246:443 i.ytimg.com tcp
GB 172.217.169.46:443 www.youtube.com udp
GB 172.217.16.246:443 i.ytimg.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 142.250.200.42:443 jnn-pa.googleapis.com udp
GB 172.217.16.226:443 googleads.g.doubleclick.net udp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.180.14:443 encrypted-vtbn0.gstatic.com tcp
FR 216.58.215.35:443 beacons.gcp.gvt2.com tcp
FR 216.58.215.35:443 beacons.gcp.gvt2.com udp
GB 216.58.213.3:443 beacons3.gvt2.com tcp
GB 216.58.213.3:443 beacons3.gvt2.com udp
FR 151.106.4.82:443 bonzi.link tcp
FR 151.106.4.82:443 bonzi.link tcp
FR 5.35.253.150:443 w2.updatestar.com tcp
FR 5.35.253.150:443 w2.updatestar.com tcp
FR 91.250.81.8:443 www.updatestar.com tcp
FR 91.250.81.8:443 www.updatestar.com tcp
GB 172.217.16.234:443 ajax.googleapis.com tcp
US 8.8.8.8:53 www.gravatar.com udp
FR 5.35.253.150:443 w2.updatestar.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 2.73.0.192.in-addr.arpa udp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
US 192.0.73.2:443 www.gravatar.com udp
FR 5.35.253.150:443 w2.updatestar.com tcp
FR 5.35.253.150:443 w2.updatestar.com tcp
FR 5.35.253.150:443 w2.updatestar.com tcp
DE 173.249.62.84:443 eu2.contabostorage.com tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
FR 5.35.253.150:443 w2.updatestar.com tcp
FR 5.35.253.150:443 w2.updatestar.com tcp
FR 91.250.81.8:443 www.updatestar.com tcp
GB 142.250.187.227:443 www.google.de tcp
FR 91.250.81.8:443 www.updatestar.com tcp
BE 64.233.166.155:443 stats.g.doubleclick.net tcp
GB 142.250.187.238:443 fundingchoicesmessages.google.com tcp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com tcp
GB 142.250.187.238:443 fundingchoicesmessages.google.com tcp
GB 216.58.212.195:80 www.gstatic.com tcp
US 207.241.224.2:443 archive.org tcp
US 207.241.224.2:443 archive.org tcp
US 207.241.239.241:443 polyfill.archive.org tcp
US 207.241.225.195:443 analytics.archive.org tcp
US 207.241.225.195:443 analytics.archive.org tcp
US 207.241.225.195:443 analytics.archive.org tcp
US 207.241.225.195:443 analytics.archive.org tcp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 138.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
FR 216.58.215.35:443 beacons.gcp.gvt2.com udp
FR 216.58.215.35:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 beacons.gvt2.com udp
GB 172.217.169.3:443 beacons.gvt2.com tcp
GB 172.217.169.3:443 beacons.gvt2.com udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

memory/3608-0-0x0000000075311000-0x0000000075312000-memory.dmp

memory/3608-1-0x0000000075310000-0x00000000758C1000-memory.dmp

memory/3608-2-0x0000000075310000-0x00000000758C1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 767147a173231a9acb252df47c72fd36
SHA1 ede4b0ac5e9f0d30966504e769e26014d5ef5afe
SHA256 560ea47c2a453d4c8d678522d3da389933d5481b5c0db4f23da212a5d2133b3a
SHA512 a3fcbc35c20cb71f3e8fda9345137f207794666c6ca3862670d33db7c8e7b05e0c1c11d0cd591e2e31c4af1309b2fef872b788507e564db3801e8320d1fda7c2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 961e3604f228b0d10541ebf921500c86
SHA1 6e00570d9f78d9cfebe67d4da5efe546543949a7
SHA256 f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed
SHA512 535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

\??\pipe\crashpad_4764_NZHUTZGSIFZOBNFW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3b28012d38e7072da1338cc63eb45e02
SHA1 b75b80742cbc2ed98eea54a77e142290bc091826
SHA256 844b24c63546b9128392f0ca582ac5a88e61105c698be8e7a46d2b7a73541a7a
SHA512 8f0dc37a720bb1ab39c29e1058fa385054a5e15f8c19ed67a703fd43fb4e83fc34eba7fe22b450e87ae31b13e6dcd0658b3de22419a71d51ba401996cd4db7a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 82d990ebbc08da42d621e6315c8f3180
SHA1 8317d5e82a46d179d8ed85cc9fcd7aea1c2f93b8
SHA256 84527ab2a6b63648a42c6df230a56f45d2c36ded53472a39ee8bed57ea14fbdd
SHA512 bf504e27d7f0c45f94eebf9a9f4933ade113cddc51838f0e8c98c2b92b08b21291b2438bb651874746e704fcf4ed04a9a11ff59c8de1c3b651229b8ededa11c6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe

MD5 6c937a6eb071d9e8366b89811b26f519
SHA1 1ad3228b41fc5077f6565e5d9fbfcdbc1c55b8ec
SHA256 3e596489f00c333c491ebd73e2a006063cd85aad7606ef7905a8d047cba587a2
SHA512 1c6846fefff6970730003dc855b99aa22f41a9287900e4b682b5aac9aea658975ac50d7fba3b4dff7df4011b9950b08ed6ce1f9ec25be696b3d6945d3c626ecb

memory/3608-80-0x0000000075310000-0x00000000758C1000-memory.dmp

memory/4688-81-0x0000000075310000-0x00000000758C1000-memory.dmp

memory/4688-82-0x0000000075310000-0x00000000758C1000-memory.dmp

memory/4688-83-0x0000000075310000-0x00000000758C1000-memory.dmp

memory/3416-89-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\chargeable.exe.log

MD5 120bfac9d59228edf92ec26d4bbfaf9e
SHA1 bc36d828b7f358671ef0cb934c4ab2fdfb02b447
SHA256 c4c6e7ef90b460bf232e55933594a95ba4a2d156fa5accb06d1c7c2f817fcf35
SHA512 684f086ff7d41d85782b21f5bc7e79584f5866f3c06eabbca2c5a697c1d142aa81e0dc25c78be978ba67e9e6fc014f3b62d1da114dc1bb009c7637491a619137

memory/4688-93-0x0000000075310000-0x00000000758C1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 bc1f9d5ac1a09c15b4d04aac63e367ac
SHA1 be8086e26da3c1971d5e729967f160fc1326f411
SHA256 7a2e5735356514ad6eacef89a4952fad3d4f53a5be35a6b03a7fd8d1be502216
SHA512 a15dd69aaa979e03f086840632b7712593cfd13ab142ab0839ee7f2578ebffe79bca203cc5fde69d731611d5f873e333bfc8cf8e5d710875e5e620ccac9a2dcb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 dff54fa16e29aadee917895f453f968e
SHA1 8c5995316ce186ad76bbdb9a5033ff6178bcde4d
SHA256 838f605fb2d5cf5476dd5998304222220b1987b65d4318532e80d69547da3486
SHA512 c5c151e031d6631070039d71fd3585288280e41da95589e1ff3d67c866875e399d0e283f69a21d2676d5976efd08923b88be8981b0fe1d42d2fb6a70fd028f45

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b9c4387a58d93b2b5345360ab7a9797b
SHA1 4dfae8675dc37bc600efe1fc4b6265a7410f8700
SHA256 5b16f6913d97b3c07552bbf5ffd057cb3502eaceff7c04b075462d48dda659da
SHA512 ffa40f3c2fb71e527d7cecb0c76cd2936c1fac391d6da1d41c63d8d6f31046f54ebf3b0fe0eed916ec4de513f19ec04dce64739d3023ba5d453f27a767c3a88b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 00fb6e039a514387ffdea5abf846e4b5
SHA1 024a31c41ca1490b009576c0a10386959f004e94
SHA256 c0854b10f0d9d08da489ab81e0aef6ebed98651132b87b61e857680a0cf0c06e
SHA512 6e1666bde254016bc4eac167d849b7df25bb0aa004209ac2ad56d131d6aafb12dbfc60dda359087027cd7fc4332a5a6071946d4569856df0c5c8b12d523770ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 58e0014600dd17763997e98f05c6e081
SHA1 97d64bd608f43df6be1cc07607248e126e4e5573
SHA256 9793c8a747ce95a47e43c9b0046a7d0e3ff561afe2435fa73593e41ccdf9b80e
SHA512 8017b86cd9401cd7594a4ee8c8af370099b7084bab208451144642931fc94ff13c82d9e1a727113a45166ebffcaa7e1ca0339df58e78b70f1bfd232f91f56aba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

MD5 99916ce0720ed460e59d3fbd24d55be2
SHA1 d6bb9106eb65e3b84bfe03d872c931fb27f5a3db
SHA256 07118bf4bbc3ba87d75cbc11ddf427219a14d518436d7f3886d75301f897edaf
SHA512 8d3d52e57806d1850b57bffee12c1a8d9e1a1edcf871b2395df5c889991a183a8d652a0636d5452068f5ef78d37e08ce10b2b2f4e05c3e3c0f2f2230310418a8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ad47c4f8df43afd673750805128e2fab
SHA1 5eb11b13f9b426784bc4380faa875cd2fa9007ca
SHA256 5d602bae522772508233958885471c00039f17916bcc91dc134ff782725f5542
SHA512 6419329475cc45682d2f571abb747a21969350477d1a75a402aa4ccb142a2afdd4b9e7c44e0a1628873c67bfb577a09b65bae12db031bd37b3387315bbdd10a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4e0f86ab2785ffef4b333b32609958b4
SHA1 96affc197caa06a73cc318e733688cac2c6b9faa
SHA256 e2d70bfe48eb200b7cb12fc61a5af8ae9be6add6ddc3bf1dcd20eb0c5efa0b80
SHA512 cdbfce61ff034cdfc7f94efea63760d7d9beca91cff76c3e0f7e07b7cda226061136b487d682f23e2eefb0156666c0e8ce85ee6852b5d1cae1a8cb6835f3cf17

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 20b7234b76468fac3592ace72b505510
SHA1 5d91d95789183b07c64f59cf47aa7d1711a4bbdb
SHA256 4399c230af7d8ab5369c5dce18cb980cc407b2adeee82143bd74088b41fe5cd4
SHA512 111d5130562f8568c0dabee078305b435c3f02893653d4302f78e08f6ce5af8f02febadc7308b4edc6fe522c20643e0b7a092526275c9c61cbcaa45f187baec2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 d0e01f091ca32620bb5702fbd675b72c
SHA1 7bd0482becfe056656f2b03d75ce438fb7fb13b6
SHA256 fa1ad01704f0df191b3483a90a19dc898d749286c424c7fddad609ad33490179
SHA512 169a61f68e4363424838f8608412d7b510ed0f2847ff253bea61ea766e5234e89dbc1ace027637dd38437167d11464749fa8955e384c5760bb4752c3424cef21

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe581ece.TMP

MD5 61f7ca7f087db50f74cb3754e365cacf
SHA1 4c7cda50dcd4cb045e05a081a45dc9387312278c
SHA256 880a2982069b031ac71a54dffc7f5640c8eb3a773eca3a1e002c4ae98eb5fe30
SHA512 cb5210428849599f66ce3862c820cd32e0b88f870c52060d4fcd84d2dcd242e87e243c4ff644571fa6a67972a80e5d1779d56c76f6cb46684a08eb6a9819cdce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 94275bde03760c160b707ba8806ef545
SHA1 aad8d87b0796de7baca00ab000b2b12a26427859
SHA256 c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968
SHA512 2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58393b.TMP

MD5 820b0312c80fdb5b7eeac0d7bbb82a0e
SHA1 831c976e558aa6ccb73e95f435eff98c60cf3a43
SHA256 4390bdf30cd42d9edac65f8525563c108dee85ec6db6675bb4af24f1d7e9f1e7
SHA512 82ffe609b9359c3b328aa755141d3d1490766d042b2795afe6e55b332b3be2a6178a0834d11d86258681d84bbe25c013460eeac8e3e99a9086520769be6bed7b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3c5dbba3819ee8900eb65dc8c4a48b79
SHA1 51f39a97c4b35fd3501ac07ab388e5bb5a6ab12f
SHA256 578d9e224e37885cac4d6a8e0ba691191ad192e7f865e958082216df6750bfef
SHA512 8128a2f5af337655f9dde3952d7dbe1302ca19d7dfe455142d20f7cb589e87490b04ffb497509dc6d01c23014cf9c003eeddbffafb465d42d77817b6fab5673d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 43dfd0826c8d31055248eb0b5339a7cd
SHA1 ccb4f5ae25f001c19cfb6904aee5ac025b3169a7
SHA256 e035f871ebcb64b9a6364b45c855fe9f0e60a84419f4c32b741d66bafb46c1bc
SHA512 8b95983411a0649e1310dc951aae61698d8d053f95da953d3247e38a62dbf4783a8aaebf3663569389a11d7078cd220378c3f20a96fdabe5f846b5a0a24b2036

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9494fe6cd834055b1db0044d1732cd80
SHA1 315586b0de77ef8afef54133ed43ba0d5aabd99c
SHA256 68e92c8c3b475179594599ffc2298378b1c9f99697a9187aad117c18bfc6453f
SHA512 b30c2901ee57b0a28b75fdd7fc42f379ab68353f1722729557be52e63dcd3fc6ff2e726b16c611ee918812ce7bfbdf4478242971448e43a8c2f041e9b14a4486

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b1d1a31f2145296688b345c995abd260
SHA1 6db552cc343ea749afe2b578f443709b2166430e
SHA256 1f62b3be0a4ed5f08a1f979ba2a1936d71503d2f13cf9df440007fcc429526b2
SHA512 fa94a90183acd15611581997cdd94b4ffd78b8260df9101d6450afd6a95f84531c7db9f6d37d1010ac8a218ea64346146e44b337f0637ab027a6c6f09e2f4677

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 8b403d4489c9cee9dd27cd75bae62b4c
SHA1 3ac1e0e0c63bbf6d1a520237b9b15c6b8c3b7ea8
SHA256 493e71300543ea7f378eb02bb6d6f7ddec554a77b8e44608da467b726b7f9a0b
SHA512 5b30b5e488ed415591ac0bd0886fac90910ecf9476ef5afe68600adf989b38c10c47d70416296d732660703af3b1157ddc3e2a72392425c4f570f18a031ed63f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 db86a6bf225505cd2298cd473850eedf
SHA1 4302ead354b36a37f7d2644017cefc671787be7f
SHA256 5ebe0601a724af1791a7f575bce53bb4c26985a34bda41107c00061f48e1f816
SHA512 8f5085886223e88d21ef1aee06e9f005975131694ed550f81d12badf6f7ac2e218e51a8c1e9fc426c55cc911474dee613f2a4f8bf946b70af82e9e18184671f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1b75b5d41407999642f32d45317c66ef
SHA1 4dea09f9f8d193a333f6521a497dfb23a3f50e33
SHA256 9e10825de398d0434eca7eeeb3628132f07d1c3d16d2f47b7a70ffd3afdf6ba8
SHA512 baeb9fc6ddaa795ff51ac5b8ab965659e7e65d02c1b33a95cb9d0e087e1a4ea03d37938b5643c1145dc735839f717252e1429478dd811abd4cea348d2b34b26f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 78171e8444df3c55d6b12700a9393e47
SHA1 104a87214273b8e7c922f790af38734aafb65258
SHA256 d98811b4f47d55e30cf2df4823fca2802b3a8b7758cab3826982b6843cc812c2
SHA512 1349504570f5de33336256fa6d246c408fbd7b0997c0ed92634b91c2027bc0bc7f636c3ee73af14b69c27fcf18af4d0f0964585d1d7067895ed7afde706f0a00

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ae34463c5407a617565fb2c2a61e5060
SHA1 818c9a757bf6d12f474f95be268f3cfba934c15e
SHA256 5bd6b32c4fa7a9bc36852a94022800194c425d933909f45bb71507c1959dd34c
SHA512 b8c79c264d7aacf05cda41d328b4ab20e262a83e131e86ac3e272e5a9624c9ec7ba4bb73e72054adb5daa5dd01520754253025fe5193f1f3edbf3bb014338dee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5bfbf5479533e3d5ea24db0d1c0c5808
SHA1 a129746905d099d2e46f6732b05726c06ab286b1
SHA256 3c924f53718b34eb97643f0e5d40f4be9af3484d641758198f08f34ed82b79bf
SHA512 e0cbf968184a4ff77a322bf4538140077cf2bfc6006da20391947f9fa49dcaf4ef712ac1b6b42a550d4a14cb1e78530bb6a8ea3860335f9e33f229b71c892f8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 612bc183790125802d4b32c0921110b6
SHA1 dd20c4534c29998862e4a745707461b5f9696973
SHA256 ef79c1c69eb4e34131071493dbf7626b07527363a57c54fdefd1c82d8fad9046
SHA512 d36c6c40426adcb3a6eb92b65f802732d667c29bbb9f417320c13c8cd1c4b9c8781767625a5a2b1513f0ad607c869ee83f987d731296ca8856dea3100e941b75

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 260d891decd5a878ed34a505066cff5f
SHA1 185644a50eeb7136e1e439c85a59bc4c3e0b0081
SHA256 1b664560bd9857acd62047619391201eaff6a02e6e655fd9dcc46fa23ce9439e
SHA512 14740000e072eab68854e0bff071546b44b0fd647752745b74e51053fd319ce873c883c33789e4b2f01e31dc225dd6d666669c9e7cecd3508286fea2eb3c8275

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\25c1da54-8a95-42c5-9045-71d09677cd03.tmp

MD5 25e24934d95e3afe026e1b10bdf0a8d7
SHA1 ad2fb9474311a7931f412f06f5b0243089c08458
SHA256 ac66434ad8a7235b416b5bd5e0fdc8ed20d43d41392b24bc60a422e28e644b7d
SHA512 7822b1782b921f17870c5c368dc625117a6c4105edd9a85b1cce7b3a06895f0dc04e08c9d2aebcbe05b147ff3ad1889847be00a41421ebf9f97151fe3829c01a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 54b58d5c9c9eb590bab3afbd15507664
SHA1 26d9ca77f8afd631fbf0b4181f6db0da1199fa4a
SHA256 81b140f93a4ffc351d873e4ec6d1de374d01ccef3d1b2c54a5f62185dd536c2f
SHA512 caed85a674e0e4e079a0c8f63f89c5215cfd1b176961e26c3ba754f4d07b644bad9eff72f20117c62ac4c833d69fa9492de317cedee291431530c9cf2c597389

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 97d8f467e936feb4d8c3ebf7137949ca
SHA1 84983e07804efb80e0fc5af5eee414c26e97cd8f
SHA256 75d9ccd097b9ffcf9414a94ace17f9eac86dc70933f24f6a55be7a0c28555169
SHA512 9f164f8fa1e9d32320ce89165014ab1b79f7dfdb347119a33afce65cf2722de3686618406b69032524d03c7032400809cf01a8bca43768bc21bba14131dc545c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 47d6980be8ade0d817a1d9bf803ff621
SHA1 82e7003adf939cb38378a50785c4e03e8963f7ab
SHA256 e787198cc3c196f157c7ee496ff0d9e9b163c014ea8c8d7c01b90552f307fc6c
SHA512 07a426d7df1c1d0c041432759c4a6c9c1cc6de8e6be006839172024d5916922e297a33b054e4cea4454b8d30996a765286589ae2a9cb5dfdf8fabb9128af0734

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 508a7a9afdc85945c8a5c6699b2809e0
SHA1 493159de93885bf924ebf12909b6079c9b296155
SHA256 0001f791dfa6e6e22e2471ecaa396e61caa75ad087d63ca17b586489ecbb1338
SHA512 92704524c881b1279b6b7743b8b9aa5db1050f3234eade28816e2734c6b4cf93a98cd758a1b9b4bfad7974d0c2460ce195fef43b22256af3df1f20a7ede2daa3