Analysis Overview
SHA256
99232a515ecf97e955c7670fc968197b580a4c9da436af31e3cea5f0455cef7d
Threat Level: Known bad
The file WizClient.exe was found to be: Known bad.
Malicious Activity Summary
Detect Xworm Payload
Xworm family
Xworm
Downloads MZ/PE file
Command and Scripting Interpreter: PowerShell
Drops startup file
Executes dropped EXE
Checks computer location settings
Adds Run key to start application
Looks up external IP address via web service
Unsigned PE
Enumerates physical storage devices
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Modifies data under HKEY_USERS
Creates scheduled task(s)
Suspicious use of FindShellTrayWindow
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-15 05:30
Signatures
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Xworm family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-15 05:30
Reported
2024-06-15 05:36
Platform
win10v2004-20240611-en
Max time kernel
303s
Max time network
305s
Command Line
Signatures
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Xworm
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\WizClient.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WizClient.lnk | C:\Users\Admin\AppData\Local\Temp\WizClient.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WizClient.lnk | C:\Users\Admin\AppData\Local\Temp\WizClient.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\ProgramData\WizClient.exe | N/A |
| N/A | N/A | C:\ProgramData\WizClient.exe | N/A |
| N/A | N/A | C:\ProgramData\WizClient.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\WizClient.exe | N/A |
| N/A | N/A | C:\ProgramData\WizClient.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\WizClient.exe | N/A |
| N/A | N/A | C:\ProgramData\WizClient.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WizClient = "C:\\ProgramData\\WizClient.exe" | C:\Users\Admin\AppData\Local\Temp\WizClient.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
Enumerates physical storage devices
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\schtasks.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133629031078028524" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\WizClient.exe
"C:\Users\Admin\AppData\Local\Temp\WizClient.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\WizClient.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'WizClient.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\ProgramData\WizClient.exe'
C:\Windows\System32\schtasks.exe
"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "WizClient" /tr "C:\ProgramData\WizClient.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa6c16ab58,0x7ffa6c16ab68,0x7ffa6c16ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1948,i,17427525679705279056,13859810521719506605,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1880 --field-trial-handle=1948,i,17427525679705279056,13859810521719506605,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2272 --field-trial-handle=1948,i,17427525679705279056,13859810521719506605,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2928 --field-trial-handle=1948,i,17427525679705279056,13859810521719506605,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2936 --field-trial-handle=1948,i,17427525679705279056,13859810521719506605,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4356 --field-trial-handle=1948,i,17427525679705279056,13859810521719506605,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4504 --field-trial-handle=1948,i,17427525679705279056,13859810521719506605,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4392 --field-trial-handle=1948,i,17427525679705279056,13859810521719506605,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 --field-trial-handle=1948,i,17427525679705279056,13859810521719506605,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4556 --field-trial-handle=1948,i,17427525679705279056,13859810521719506605,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4932 --field-trial-handle=1948,i,17427525679705279056,13859810521719506605,131072 /prefetch:8
C:\ProgramData\WizClient.exe
C:\ProgramData\WizClient.exe
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff65301ae48,0x7ff65301ae58,0x7ff65301ae68
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4836 --field-trial-handle=1948,i,17427525679705279056,13859810521719506605,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4848 --field-trial-handle=1948,i,17427525679705279056,13859810521719506605,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3036 --field-trial-handle=1948,i,17427525679705279056,13859810521719506605,131072 /prefetch:8
C:\ProgramData\WizClient.exe
C:\ProgramData\WizClient.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4544 --field-trial-handle=1948,i,17427525679705279056,13859810521719506605,131072 /prefetch:2
C:\ProgramData\WizClient.exe
C:\ProgramData\WizClient.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4260 --field-trial-handle=1948,i,17427525679705279056,13859810521719506605,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4748 --field-trial-handle=1948,i,17427525679705279056,13859810521719506605,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5076 --field-trial-handle=1948,i,17427525679705279056,13859810521719506605,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=1128 --field-trial-handle=1948,i,17427525679705279056,13859810521719506605,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3976 --field-trial-handle=1948,i,17427525679705279056,13859810521719506605,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 --field-trial-handle=1948,i,17427525679705279056,13859810521719506605,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5572 --field-trial-handle=1948,i,17427525679705279056,13859810521719506605,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5744 --field-trial-handle=1948,i,17427525679705279056,13859810521719506605,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5704 --field-trial-handle=1948,i,17427525679705279056,13859810521719506605,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5840 --field-trial-handle=1948,i,17427525679705279056,13859810521719506605,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5776 --field-trial-handle=1948,i,17427525679705279056,13859810521719506605,131072 /prefetch:8
C:\Users\Admin\Downloads\WizClient.exe
"C:\Users\Admin\Downloads\WizClient.exe"
C:\ProgramData\WizClient.exe
C:\ProgramData\WizClient.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\WizClient.exe
"C:\Users\Admin\Downloads\WizClient.exe"
C:\ProgramData\WizClient.exe
C:\ProgramData\WizClient.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| BE | 88.221.83.192:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 8.8.8.8:53 | 192.83.221.88.in-addr.arpa | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | 1.112.95.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.ibb.co | udp |
| FR | 162.19.58.159:443 | i.ibb.co | tcp |
| US | 8.8.8.8:53 | 159.58.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | programme-garden.gl.at.ply.gg | udp |
| US | 147.185.221.19:42957 | programme-garden.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | wiznon.000webhostapp.com | udp |
| US | 145.14.145.120:443 | wiznon.000webhostapp.com | tcp |
| US | 8.8.8.8:53 | wiz.bounceme.net | udp |
| US | 65.191.34.109:6000 | wiz.bounceme.net | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 145.14.145.120:443 | wiznon.000webhostapp.com | tcp |
| US | 147.185.221.19:42957 | programme-garden.gl.at.ply.gg | tcp |
| US | 65.191.34.109:6000 | wiz.bounceme.net | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 145.14.145.120:443 | wiznon.000webhostapp.com | tcp |
| US | 147.185.221.19:42957 | programme-garden.gl.at.ply.gg | tcp |
| US | 65.191.34.109:6000 | wiz.bounceme.net | tcp |
| US | 145.14.145.120:443 | wiznon.000webhostapp.com | tcp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 147.185.221.19:42957 | programme-garden.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | anonymfile.com | udp |
| DE | 88.198.63.72:443 | anonymfile.com | tcp |
| DE | 88.198.63.72:443 | anonymfile.com | tcp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | unpkg.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 151.101.129.229:443 | cdn.jsdelivr.net | tcp |
| US | 104.17.246.203:443 | unpkg.com | tcp |
| US | 104.17.246.203:443 | unpkg.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | waisheph.com | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| NL | 139.45.197.245:443 | waisheph.com | tcp |
| NL | 139.45.197.245:443 | waisheph.com | tcp |
| US | 8.8.8.8:53 | 72.63.198.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.24.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.129.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.246.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.197.45.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | my.rtmark.net | udp |
| US | 8.8.8.8:53 | yonmewon.com | udp |
| US | 8.8.8.8:53 | sr7pv7n5x.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| NL | 139.45.195.8:443 | my.rtmark.net | tcp |
| NL | 139.45.197.236:443 | yonmewon.com | tcp |
| NL | 212.117.190.201:443 | sr7pv7n5x.com | tcp |
| GB | 142.250.178.10:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 8.195.45.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.197.45.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.190.117.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wiz.bounceme.net | udp |
| US | 65.191.34.109:6000 | wiz.bounceme.net | tcp |
| US | 145.14.145.120:443 | wiznon.000webhostapp.com | tcp |
| US | 147.185.221.19:42957 | programme-garden.gl.at.ply.gg | tcp |
| US | 65.191.34.109:6000 | wiz.bounceme.net | tcp |
| US | 145.14.145.120:443 | wiznon.000webhostapp.com | tcp |
| US | 147.185.221.19:42957 | programme-garden.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | wiznon.000webhostapp.com | udp |
| US | 145.14.145.198:443 | wiznon.000webhostapp.com | tcp |
| US | 65.191.34.109:6000 | wiz.bounceme.net | tcp |
| US | 8.8.8.8:53 | 198.145.14.145.in-addr.arpa | udp |
| US | 147.185.221.19:42957 | programme-garden.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | wiz.bounceme.net | udp |
| US | 65.191.34.109:6000 | wiz.bounceme.net | tcp |
| US | 8.8.8.8:53 | tzegilo.com | udp |
| US | 8.8.8.8:53 | waisheph.com | udp |
| US | 104.21.11.245:443 | tzegilo.com | tcp |
| NL | 139.45.197.245:443 | waisheph.com | tcp |
| NL | 139.45.197.245:443 | waisheph.com | tcp |
| US | 8.8.8.8:53 | flerap.com | udp |
| US | 8.8.8.8:53 | fleraprt.com | udp |
| NL | 139.45.195.254:443 | fleraprt.com | tcp |
| NL | 139.45.195.254:443 | fleraprt.com | tcp |
| US | 8.8.8.8:53 | datatechonert.com | udp |
| NL | 37.48.68.71:443 | datatechonert.com | tcp |
| US | 8.8.8.8:53 | 245.11.21.104.in-addr.arpa | udp |
| NL | 139.45.197.236:443 | yonmewon.com | tcp |
| NL | 212.117.190.201:443 | sr7pv7n5x.com | tcp |
| NL | 139.45.195.8:443 | my.rtmark.net | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 71.68.48.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.195.45.139.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| DE | 88.198.63.72:443 | anonymfile.com | tcp |
| US | 147.185.221.19:42957 | programme-garden.gl.at.ply.gg | tcp |
| US | 65.191.34.109:6000 | wiz.bounceme.net | tcp |
| US | 147.185.221.19:42957 | programme-garden.gl.at.ply.gg | tcp |
| US | 65.191.34.109:6000 | wiz.bounceme.net | tcp |
| US | 147.185.221.19:42957 | programme-garden.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| GB | 216.58.212.241:443 | csp.withgoogle.com | tcp |
| GB | 216.58.212.241:443 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | 241.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wiz.bounceme.net | udp |
| US | 65.191.34.109:6000 | wiz.bounceme.net | tcp |
| US | 147.185.221.19:42957 | programme-garden.gl.at.ply.gg | tcp |
| US | 65.191.34.109:6000 | wiz.bounceme.net | tcp |
Files
memory/1880-0-0x00007FFA6FAD3000-0x00007FFA6FAD5000-memory.dmp
memory/1880-1-0x0000000000990000-0x00000000009A8000-memory.dmp
memory/1880-2-0x00007FFA6FAD0000-0x00007FFA70591000-memory.dmp
memory/4852-3-0x00007FFA6FAD0000-0x00007FFA70591000-memory.dmp
memory/4852-4-0x00007FFA6FAD0000-0x00007FFA70591000-memory.dmp
memory/4852-5-0x00007FFA6FAD0000-0x00007FFA70591000-memory.dmp
memory/4852-15-0x000001DD89000000-0x000001DD89022000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_hkts4k4g.jvu.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/4852-18-0x00007FFA6FAD0000-0x00007FFA70591000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | d85ba6ff808d9e5444a4b369f5bc2730 |
| SHA1 | 31aa9d96590fff6981b315e0b391b575e4c0804a |
| SHA256 | 84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f |
| SHA512 | 8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 77d622bb1a5b250869a3238b9bc1402b |
| SHA1 | d47f4003c2554b9dfc4c16f22460b331886b191b |
| SHA256 | f97ff12a8abf4bf88bb6497bd2ac2da12628c8847a8ba5a9026bdbb76507cdfb |
| SHA512 | d6789b5499f23c9035375a102271e17a8a82e57d6f5312fa24242e08a83efdeb8becb7622f55c4cf1b89c7d864b445df11f4d994cf7e2f87a900535bcca12fd9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 98baf5117c4fcec1692067d200c58ab3 |
| SHA1 | 5b33a57b72141e7508b615e17fb621612cb8e390 |
| SHA256 | 30bf8496e9a08f4fdfe4767abcd565f92b6da06ca1c7823a70cb7cab16262e51 |
| SHA512 | 344a70bfc037d54176f12db91f05bf4295bb587a5062fd1febe6f52853571170bd8ef6042cb87b893185bbae1937cf77b679d7970f8cc1c2666b0b7c1b32987d |
C:\ProgramData\WizClient.exe
| MD5 | 6e9da280e2aebeb8224a0d717ec0cade |
| SHA1 | 9899b0a07ee7d77058a6ea10d0175da91a7c108c |
| SHA256 | 99232a515ecf97e955c7670fc968197b580a4c9da436af31e3cea5f0455cef7d |
| SHA512 | 0c079f8f00a87830bd57b0a0484c9667b1c058baeb120ac3fd2b47cd0f46efd5af77b2c99ec49eed820239105c73d93eab13f70ce37684d4a72d777a0c8eb25c |
memory/1880-50-0x000000001C630000-0x000000001C63E000-memory.dmp
memory/1880-51-0x00007FFA6FAD3000-0x00007FFA6FAD5000-memory.dmp
memory/1880-52-0x00007FFA6FAD0000-0x00007FFA70591000-memory.dmp
\??\pipe\crashpad_2460_MFKFUGJQECEDFTYM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | dec1326b3631f2f9bf94ee7fa0457bd3 |
| SHA1 | b2c71d665160c44272a3bb9602c4c128b85696d7 |
| SHA256 | c12b9c8b7fc794a9297ab889d8f2d5ca255a7ceeff7c212756388165c1cd82b8 |
| SHA512 | fe5a4984d81834f790ffc368887ded24b58ffa0a9bc30f3dbbae133142b277d4f49beee99b27648329caeae3594cc5bcee48a8ff83901e6dced7863d234bd7c3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ea9574c7eab199e8bf6bcc9649543207 |
| SHA1 | b9cc0f9d85bbeac637f1b9590a0fe9a39d0c06e6 |
| SHA256 | 6daed485ffd311b37f1bf5425d912788d6b50c3524ede0a88276b5d2ed8bfb8b |
| SHA512 | 0cf6ed4410953ef63bf6c1d37565d16a95c45641cd6f72e220e78e9377a127f171e5e968ae9b0d096097db839f85016f0d515f964935c160e501b0ce6aca522c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 77820d4d6262a923300d61b4f651116f |
| SHA1 | cf1cc84aa65bb05e839aaf59752ad766ea6c23a3 |
| SHA256 | d4fc9c60e59ad798f7c75338442a0010942ca18cbcf67af8dc88a867dc77e709 |
| SHA512 | e6000359af7a56542b0d1722f2ab1719fe49c8d68b2fc32fc7bb4a609aae5ed3083e73fa8676d98d16f6b142df21d650c1efd32f5ca784b27ea242ecea3722fa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 10788cb06d45ba536b1ebc389099e44a |
| SHA1 | 86825a0a524dcb16aaaef4e8ff4ddbb0a997924f |
| SHA256 | 8f4768ac9c152254a89e7f0fdd0bec7d98bcd0a70cb0e2cf89393b6273d541f3 |
| SHA512 | 8cb780987c1851c396af95e5256e18e8f473084ff27cf6fed170b7fb855c696f065046e041829aa86b28fd57154b7238faf35f89aa245e2c1ef16dd7730f39c2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 86eeafa5d16751a9a2e5368a3d5d09e4 |
| SHA1 | ad918b61d9cc83440ac37c1d7423cbfcd093478d |
| SHA256 | 2982fc1c380b83247ae15c17d2cd9dae19cc8bb6a6dce8bdeeed5797f11f0d0e |
| SHA512 | a5b15998ecba51e46686ace7346b57fd00c91db8841addd764dc4e3f56c77c506a012bb16e0acad7ffef74a7fb89634be10d4b5dde621fd0e808ed07c644b85d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 456d548a2ea6b25749f2b57bea745d1a |
| SHA1 | ac8dd3113864a1aa40db2ca954d70717eaf7b2f3 |
| SHA256 | d15efffac34454b2777f4742a1322ecbacd823f93cac66f12080b645888dc76f |
| SHA512 | 62992a6031b9eafaf8b552415cd2663223d809bc7edd1c367fef9dd9813f702df1dd6f8bb6eb4c4ceecd9aabb52a13ac7df26fff5f3236e35f5ba58205748b67 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | d75145b0d33afacd18efe64890dd3f00 |
| SHA1 | 4267d841ff6195859ab576204ac7d7bb3c5c6c87 |
| SHA256 | bda8ee034925162ebed26fafc00dfac2573c1ed500bfcabfa5187552b91fc5c1 |
| SHA512 | 0fcabf8bf298f377b8f8d9df5a90b45dc88ef95c5de7e0d29fbaf8cc8bb2a5dd9ad5fe22764485e6403de88c9cdfe8c3f1d2ff992c25960f999c027a352aa10b |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\WizClient.exe.log
| MD5 | 2ff39f6c7249774be85fd60a8f9a245e |
| SHA1 | 684ff36b31aedc1e587c8496c02722c6698c1c4e |
| SHA256 | e1b91642d85d98124a6a31f710e137ab7fd90dec30e74a05ab7fcf3b7887dced |
| SHA512 | 1d7e8b92ef4afd463d62cfa7e8b9d1799db5bf2a263d3cd7840df2e0a1323d24eb595b5f8eb615c6cb15f9e3a7b4fc99f8dd6a3d34479222e966ec708998aed1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d9ec9711b02a36fbe712d0ba3f9f4c9e |
| SHA1 | d697ec68731f5338596bca7727a88a69a280c33b |
| SHA256 | 34d75dfa3fef414ca91d3cc444fbc487d6507ed833fbb687b7ac8d3c5b21b5c8 |
| SHA512 | be2a45506285851171bfe84c637ee252c6e053e5ca25dd1b0b13b346867966af70d6f4cde67f383329e722ee37d9980f0cc9472f192e0fff18018b6ae2f38681 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58dc13.TMP
| MD5 | 90167883fa519213714ac273c733aa9c |
| SHA1 | ebf7de6ca420a9d1033fff67682c6137e0b892fe |
| SHA256 | b145e04cc2ba55dddf72e7d93419c205dc39f5ebacbeaefb4499ef11f9ef09a0 |
| SHA512 | 1154668dc0d77dfa687f5d1a8d2ad4897ff012e3e1a8d5664d5577b5aa4e868c1c0d402b16f7df2ad8d697e51c911c9df6d5a116df9149d9f38c818fbbb6a830 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 8ac21a42a2363f3969ba2f6c5d34c47c |
| SHA1 | 26b82396d2c69242b45167b01c52fd9d6929270f |
| SHA256 | 8329c0a63597b503c57d1146ffff364ef3cb64a3b69466aca077143aa83188b1 |
| SHA512 | 75705f8d7f2be1584b441f44d66c5e6e06d2f1837d497ec24ff06a039c03cab59309466170a80ed837d54dff75ce7f655f4b676eeb34da182ea8b7051c2e9b27 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1b23b6dd8a2834a01e5db7181b5d7843 |
| SHA1 | 8858ccdffb8785a755bf3716616a93994a788c0f |
| SHA256 | cfa7e77cc4eeb3dbc9fb54198b95209a9a40a546d68a3962f4e97501b116b304 |
| SHA512 | 4bc6b3945d37c370ef7369ca0a8d55f4adf0fe9ac32fc4a9431f76c89bc84ae4b6c0291d6ce0a4bd6328d12ff174ce45c77f7ceff47b8e9f3f8fa8a7b74963e5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 5d5853d39f319cc592573420458c3bd8 |
| SHA1 | 7e042758d0c5eb1288eca898c94963b73490fd34 |
| SHA256 | b558295071bfacb8346a447372ef5eea86f99c68901a9e1594b058fd10db606e |
| SHA512 | d5ca906d941fc303e38e9caa91377414f7dfb849113e42d06dac5907dd9a4a90a601f16511b4d2d468edd002bdb3494d0f4c2fc0fa6cc2eec102b8ab474c938c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 07b075037f776c1b0e43c0a3b80da6be |
| SHA1 | cfdb8e6f0ad8d2467d2930bc4d6d7731bae8d796 |
| SHA256 | ed6581600b751eb39c781c8c1ed2f9dd3636271d7f20a2bd239d3d039bf5271e |
| SHA512 | 60837ad051209b4ab98f0e62c6ee7bb8bee6366688940aff29539e422da86f077a5e1b961acf7c3e96b1f598d22065da43274fc8b32c216819abbf4eadec4bf4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | e68d825b74f54a1d275a015143b34ce1 |
| SHA1 | 97820f3ca55be8451123a79c7bccd2367d70bf5c |
| SHA256 | 184f101a1decb0c1986d4b7837b58af6206f65daa459ec9333379c4908ba4dea |
| SHA512 | ef1b288e14b43fd0e8ca01d96370c632e2254a6da1e3964c41438473906d16ca1f3af6cc15408f0ec25fa83c516af0075eae60747b911431b992c4ef208d2865 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 15e715bbfbf7bdd3497ca1a3b1f2be2c |
| SHA1 | 08bfb55d8739473265273d465a2d6863834dddce |
| SHA256 | 38f74bce384b444c02f5540fddf887601393b4bffc8ef4449572f4f745f37b3e |
| SHA512 | 08d7848b9c0d114e1147af349f7cc6a1afd8e27213a0274bde9a9afef9822c56f0e7aa5dbc218be49ce44bc5ebf5534841ee54d3392f98a62c733890743a8431 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3d47b83edf8a111581480eab23800133 |
| SHA1 | f9188f48db05d5a35801f97aead02e85e5bbe3d4 |
| SHA256 | 3432581babe6a0743239ef0875153dd94daea411e2a4281cb27fc2d0f27e2660 |
| SHA512 | 00dd44a84883ccf358680f265d10f84ab54e1e2ec9cba08e32d213a5e85dc65685bfdec64ab3c994fac3f008c7b3e407c36e3eaf35248c8b44f3f0e426215ab0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | c4e13c5f1cf137b6d4303cdbf0c21a3c |
| SHA1 | 1d0bd0c8717e9d6c9a67f865c009180d6e910dbc |
| SHA256 | 49f8c28c4a1f2e849a735658a7a13e5da991bad17c9fc4462930b7bc7bbd88f7 |
| SHA512 | 3a16d38089291e0990e6f28d75b8bd2b9debe3320202876441dd6a0c83aa45fc26e9a1ba8f9ee4ad19d349dc878e0db1656de3cca41af4c1b67c02fe672eebbb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b216141c1e0ac057a6bff1d61e5a7eff |
| SHA1 | a5c52b1dfeb1817bf309308aa99554611430eec2 |
| SHA256 | 9d2a71a4c5b416dad7053cf6b24a1e144be8310a1b10fe568e5a42a20be4d9c6 |
| SHA512 | 7ab5110f3dc743eebfc78482c862f77e1520a5da4602888077001b7aaa673a9589f1f3c3f9a3e87ad38a44b6bf4ab93f672e1eb6f0e6f7ef7d321ab0adadc9f2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 1c40d502054b195f9f9721ab72d534fe |
| SHA1 | 93bf883d7136a2135310812ee7e860f47d439242 |
| SHA256 | def18f306131030eb54ba812eeb95683cec78c3a9156591e07810a2b2cb5d22f |
| SHA512 | 5220e011217dbb4f6b332346984b997eece701e42b15338371dc01442d0cf8af7fc280fd9e3a3d3b088b97f9c73c5e6b24e467280f5ce4524334b363dae9486e |