Analysis Overview
Threat Level: Likely malicious
The file https://kso.page.link/wps was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Checks computer location settings
Executes dropped EXE
Writes to the Master Boot Record (MBR)
Suspicious use of AdjustPrivilegeToken
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Modifies data under HKEY_USERS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-07 04:45
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-07 04:45
Reported
2024-05-07 04:47
Platform
win7-20231129-en
Max time kernel
52s
Max time network
144s
Command Line
Signatures
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\wps_office_inst.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\wps_office_inst.exe | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\Downloads\wps_office_inst.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\wps_office_inst.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://kso.page.link/wps
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef65d9758,0x7fef65d9768,0x7fef65d9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1152 --field-trial-handle=1364,i,2020237105221176438,4434355891157593492,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1376 --field-trial-handle=1364,i,2020237105221176438,4434355891157593492,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1596 --field-trial-handle=1364,i,2020237105221176438,4434355891157593492,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2232 --field-trial-handle=1364,i,2020237105221176438,4434355891157593492,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2240 --field-trial-handle=1364,i,2020237105221176438,4434355891157593492,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1560 --field-trial-handle=1364,i,2020237105221176438,4434355891157593492,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3244 --field-trial-handle=1364,i,2020237105221176438,4434355891157593492,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3480 --field-trial-handle=1364,i,2020237105221176438,4434355891157593492,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3520 --field-trial-handle=1364,i,2020237105221176438,4434355891157593492,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4228 --field-trial-handle=1364,i,2020237105221176438,4434355891157593492,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4240 --field-trial-handle=1364,i,2020237105221176438,4434355891157593492,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4012 --field-trial-handle=1364,i,2020237105221176438,4434355891157593492,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3964 --field-trial-handle=1364,i,2020237105221176438,4434355891157593492,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3956 --field-trial-handle=1364,i,2020237105221176438,4434355891157593492,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4000 --field-trial-handle=1364,i,2020237105221176438,4434355891157593492,131072 /prefetch:8
C:\Users\Admin\Downloads\wps_office_inst.exe
"C:\Users\Admin\Downloads\wps_office_inst.exe"
C:\Users\Admin\Downloads\wps_download\ca53b1e390dcdc2ae376a28532674862-14_setup_XA_mui_Free.exe.601.1052.exe
"C:\Users\Admin\Downloads\wps_download\ca53b1e390dcdc2ae376a28532674862-14_setup_XA_mui_Free.exe.601.1052.exe" -installCallByOnlineSetup -defaultOpen -defaultOpenPdf -asso_pic_setup -createIcons -curlangofinstalledproduct=en_US -D="C:\Users\Admin\AppData\Local\Kingsoft\WPS Office" -notautostartwps
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | kso.page.link | udp |
| GB | 142.250.179.225:443 | kso.page.link | tcp |
| GB | 142.250.179.225:443 | kso.page.link | tcp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.wps.com | udp |
| GB | 18.244.179.33:443 | www.wps.com | tcp |
| US | 8.8.8.8:53 | wdl1.pcfg.cache.wpscdn.com | udp |
| US | 8.8.8.8:53 | website-prod.cache.wpscdn.com | udp |
| GB | 216.137.44.38:443 | website-prod.cache.wpscdn.com | tcp |
| GB | 216.137.44.38:443 | website-prod.cache.wpscdn.com | tcp |
| GB | 216.137.44.38:443 | website-prod.cache.wpscdn.com | tcp |
| GB | 216.137.44.38:443 | website-prod.cache.wpscdn.com | tcp |
| GB | 216.137.44.38:443 | website-prod.cache.wpscdn.com | tcp |
| GB | 216.137.44.38:443 | website-prod.cache.wpscdn.com | tcp |
| US | 8.8.8.8:53 | dev.visualwebsiteoptimizer.com | udp |
| US | 8.8.8.8:53 | conn.webpush.theengagelab.com | udp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | tcp |
| SG | 114.119.189.26:443 | conn.webpush.theengagelab.com | tcp |
| US | 8.8.8.8:53 | firebase.googleapis.com | udp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| GB | 142.250.178.10:443 | firebase.googleapis.com | tcp |
| GB | 142.250.178.14:443 | analytics.google.com | tcp |
| US | 104.16.84.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| GB | 142.250.178.10:443 | firebase.googleapis.com | tcp |
| US | 8.8.8.8:53 | abtest-api-v2.wps.com | udp |
| FR | 90.84.175.86:443 | abtest-api-v2.wps.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 104.16.84.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| US | 8.8.8.8:53 | api-ad-adapter.wps.com | udp |
| US | 8.8.8.8:53 | params.wps.com | udp |
| FR | 90.84.189.232:443 | api-ad-adapter.wps.com | tcp |
| FR | 90.84.175.86:443 | params.wps.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| FR | 90.84.189.232:443 | api-ad-adapter.wps.com | tcp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 8.8.8.8:53 | abroadad.cache.wpscdn.com | udp |
| GB | 18.245.162.126:443 | abroadad.cache.wpscdn.com | tcp |
| GB | 18.245.162.126:443 | abroadad.cache.wpscdn.com | tcp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| IE | 68.219.88.97:443 | c.clarity.ms | tcp |
| US | 8.8.8.8:53 | x.clarity.ms | udp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | wdl1.pcfg.cache.wpscdn.com | udp |
| US | 104.16.84.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| US | 8.8.8.8:53 | api.wps.com | udp |
| FR | 90.84.175.86:443 | api.wps.com | tcp |
| FR | 90.84.175.86:443 | api.wps.com | tcp |
| US | 8.8.8.8:53 | wdl1.pcfg.cache.wpscdn.com | udp |
| US | 104.16.84.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| FR | 90.84.175.86:443 | api.wps.com | tcp |
| FR | 90.84.175.86:443 | api.wps.com | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.200.35:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | params.wps.com | udp |
| FR | 90.84.175.86:443 | params.wps.com | tcp |
| US | 8.8.8.8:53 | wdl1.pcfg.cache.wpscdn.com | udp |
| US | 104.16.83.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
Files
\??\pipe\crashpad_2468_VOFITYCHBERFHMTQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar591.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8d5b38828040021beba0fc8175f08297 |
| SHA1 | 478b6013898b76cb2f35ae90b85aea91bc58dc2c |
| SHA256 | 88dbfbff59d66ecc2a2f7ecbc43ed09dfad67e28549f777717a674f21922d177 |
| SHA512 | 7eb8c8026c0163e8bb52c8303e4084cf587d63796208c2730bed40056dd5fec452b7045d90f65f1be617d28e4f28d995075211f3c11fdb161fd1ded17b5cf85e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 83f467766db5c51f55f300943aca901a |
| SHA1 | d1f89f0af129e3d5afe6e7423c5fc83ec904c8fc |
| SHA256 | 6d9fecef28505965a844baf9d12d3586fd11567fd143b1b344d66f3af2ad6905 |
| SHA512 | 59d872a39a7c7991796bb012a1b50a056d000de11ee7a7aed3b47ff60b385e7cbb5151e1e72a05acdd0c732f732a4554a7bbe6245596e29a00a651cbb562c55f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.wps.com_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\Downloads\Unconfirmed 838979.crdownload
| MD5 | b91d53742f7ac31b5f33bcbf9c4ed1db |
| SHA1 | 9ab77c5a937117658f081abea51a7147dfea02df |
| SHA256 | 8365a2027aecd86c18cd55405596d59df61e140c508614c036daff8175dd53e8 |
| SHA512 | daad0d0b41092a34b0dfc0a97f53d48e11bf7fa4cc648fde8d02a4e46a83eb521382c2c3d9887f07ab98092c301db754b5dfa2e2536639b6cc7a0784caf1b570 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7531550820f235560380088f1acf442d |
| SHA1 | bfbedcf6898697edc17a4c7bdbbffca1dedfa425 |
| SHA256 | a8a0a2f8799a4d07c9ab2e73687057863854f64e8e36309cbc55af2688cec6e9 |
| SHA512 | 0a3cb17764e5d281d242f92469c52881fba953cc49b71d6f3ee84106c43d812ca3d5df36bd0a7f452e462c8a9ba9dbfc55e3680ec9523eb9a9467648bde6e4cb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 765321462fe9a4684553d2372863ba6f |
| SHA1 | f49490a2f6197e40ba2f7f60c2b46fdd28d73df7 |
| SHA256 | 30db3937fccb7bf04a9fe54dcfd70539c920708b0f6b7b891350b55c302996fc |
| SHA512 | 294e19973c44eab13bc57cc2350fb8ec2a519c698583f5ae8643b95ff0c058691477698483e563c81dab5dc0923f66d463a59f95dd1294051b4609947b1bfb34 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | eb6dd7ba0bde77711b4ce6b1b7b1814c |
| SHA1 | 73d92ef3a3f49204d1da5c2202488467ad9097ab |
| SHA256 | b7426c8fc28fb4125dee93fb82c976bcb0c24c0cef572049be4a705178d30a9c |
| SHA512 | 58e229d1b311727d6261b73fc75011b9902dfb6c0b3327e2450452154e40624989be53b7ad85c9d9944d057f659070b9e7fb716c44407758f288c735a5788a33 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 43974646f3d7bc35ee25f64a57827226 |
| SHA1 | 925d1f66fd1fa0852736b83982d6ca5f1e1c8436 |
| SHA256 | 088e6b7a1b7397dc9181b20eb7f71731e3ac2dd1871680d8194aef37f7759324 |
| SHA512 | b330e9b8816085b32aba69b9b7270eb054fee32eace39c932d7760b3b99f99e7e0e7214143dd56079e938087f408db62530f2368b0dc42f4e2848cba25f4090c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 27b510ab7a398f30c5fdd79ed75464c0 |
| SHA1 | a5d57581371b0261b0818cbcf7d581e186d7a8f0 |
| SHA256 | 56646e657a8bc7168b2358c2d8d0a0ffdd3728e1fb36561631b497f14f083853 |
| SHA512 | 3ad989fbb51eca8a7fb0df5604f2860f138573b07aee291001945ac8e5bca32a988b46a02e32584c1c069c0de34213020dab9d5f2cedf1b33339ad4a5137f295 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 5a7a2470cbb81a43c9e8123b17c7e409 |
| SHA1 | 5718d23544f19d2bde250970a562306eaf86cf7a |
| SHA256 | da695d9ade517282866258d315584c43957f9b5c8d258b597fec133a4bc1b795 |
| SHA512 | 72e1f45c0625762c1768434f3135f4b95ec03ecc735980a355c63dd9010fab30c3296ae458d22c6e8bde78fcfbae287ef3d96be6fc84ab45518daa06c5cee433 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-07 04:45
Reported
2024-05-07 04:47
Platform
win10-20240404-en
Max time kernel
149s
Max time network
142s
Command Line
Signatures
Downloads MZ/PE file
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133595307337139783" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://kso.page.link/wps
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fff41bd9758,0x7fff41bd9768,0x7fff41bd9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=256 --field-trial-handle=1776,i,1730844021833466684,14570546752171001457,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1840 --field-trial-handle=1776,i,1730844021833466684,14570546752171001457,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2084 --field-trial-handle=1776,i,1730844021833466684,14570546752171001457,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2908 --field-trial-handle=1776,i,1730844021833466684,14570546752171001457,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2916 --field-trial-handle=1776,i,1730844021833466684,14570546752171001457,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2652 --field-trial-handle=1776,i,1730844021833466684,14570546752171001457,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4752 --field-trial-handle=1776,i,1730844021833466684,14570546752171001457,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4804 --field-trial-handle=1776,i,1730844021833466684,14570546752171001457,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5384 --field-trial-handle=1776,i,1730844021833466684,14570546752171001457,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5404 --field-trial-handle=1776,i,1730844021833466684,14570546752171001457,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5544 --field-trial-handle=1776,i,1730844021833466684,14570546752171001457,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5740 --field-trial-handle=1776,i,1730844021833466684,14570546752171001457,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5836 --field-trial-handle=1776,i,1730844021833466684,14570546752171001457,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4636 --field-trial-handle=1776,i,1730844021833466684,14570546752171001457,131072 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | kso.page.link | udp |
| GB | 142.250.179.225:443 | kso.page.link | tcp |
| GB | 142.250.179.225:443 | kso.page.link | tcp |
| US | 8.8.8.8:53 | www.wps.com | udp |
| GB | 18.244.179.117:443 | www.wps.com | tcp |
| US | 8.8.8.8:53 | 225.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.179.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wdl1.pcfg.cache.wpscdn.com | udp |
| US | 8.8.8.8:53 | website-prod.cache.wpscdn.com | udp |
| US | 8.8.8.8:53 | dev.visualwebsiteoptimizer.com | udp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | tcp |
| US | 8.8.8.8:53 | conn.webpush.theengagelab.com | udp |
| US | 104.16.83.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| US | 8.8.8.8:53 | firebase.googleapis.com | udp |
| GB | 216.137.44.129:443 | website-prod.cache.wpscdn.com | tcp |
| GB | 216.137.44.129:443 | website-prod.cache.wpscdn.com | tcp |
| GB | 216.137.44.129:443 | website-prod.cache.wpscdn.com | tcp |
| GB | 216.137.44.129:443 | website-prod.cache.wpscdn.com | tcp |
| GB | 216.137.44.129:443 | website-prod.cache.wpscdn.com | tcp |
| GB | 216.137.44.129:443 | website-prod.cache.wpscdn.com | tcp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| SG | 114.119.189.26:443 | conn.webpush.theengagelab.com | tcp |
| GB | 172.217.169.42:443 | firebase.googleapis.com | tcp |
| GB | 142.250.178.14:443 | analytics.google.com | tcp |
| US | 8.8.8.8:53 | 72.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.102.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.83.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.44.137.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.189.119.114.in-addr.arpa | udp |
| US | 8.8.8.8:53 | abtest-api-v2.wps.com | udp |
| GB | 172.217.169.42:443 | firebase.googleapis.com | tcp |
| FR | 90.84.175.86:443 | abtest-api-v2.wps.com | tcp |
| GB | 172.217.169.42:443 | firebase.googleapis.com | udp |
| US | 8.8.8.8:53 | api-ad-adapter.wps.com | udp |
| US | 104.16.83.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| US | 8.8.8.8:53 | params.wps.com | udp |
| FR | 90.84.189.232:443 | api-ad-adapter.wps.com | tcp |
| FR | 90.84.175.86:443 | params.wps.com | tcp |
| FR | 90.84.189.232:443 | api-ad-adapter.wps.com | tcp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 8.8.8.8:53 | 86.175.84.90.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.189.84.90.in-addr.arpa | udp |
| FR | 90.84.175.86:443 | params.wps.com | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| FR | 90.84.189.232:443 | api-ad-adapter.wps.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | abroadad.cache.wpscdn.com | udp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| IE | 68.219.88.97:443 | c.clarity.ms | tcp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 8.8.8.8:53 | x.clarity.ms | udp |
| US | 204.79.197.237:443 | c.bing.com | tcp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| GB | 18.245.162.2:443 | abroadad.cache.wpscdn.com | tcp |
| GB | 18.245.162.2:443 | abroadad.cache.wpscdn.com | tcp |
| US | 8.8.8.8:53 | 97.88.219.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.190.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.162.245.18.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | x.clarity.ms | udp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | x.clarity.ms | udp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 8.8.8.8:53 | 27.173.189.20.in-addr.arpa | udp |
Files
\??\pipe\crashpad_4188_QXLVMKTETUXUFZQG
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.wps.com_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 8587ca73215cb8adaf880f31b022e98f |
| SHA1 | 2825d9753ffb29c074b9c2548282af21b3ccab49 |
| SHA256 | 9abf6a9f825db5c9d0633c71297f059faab3529f9fcd2ac3f491307517956baf |
| SHA512 | 6779c8f9fa32aa8e4eaea8dc6d3e981519945f56fcfe16e52534e9744be577f4f30b831d513ac6297a3736d50a6c152c5bc95ad90a8133b9eac181b4bf2e5792 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d209b4c99dcf022ef3641f32152f080a |
| SHA1 | ed6955eca47442bb7af7c1eb72e5c484badfdeab |
| SHA256 | 5ccbb0fb35e67ba81b44fce95336f134e51ec6db0ec94105ffd148a260930bbf |
| SHA512 | 47a9628bf45522a848464f67e487c60b1e98566969825215b7a2b0771eeb8e7aec82f2bf734e3f52eb6561e33f019782d37ad4353140e5114a41e88d2a540490 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 27f03bc04bd518227ceed489ca7107a9 |
| SHA1 | 72cb1e4acdfbd352593a3ed45be826f45700a8c3 |
| SHA256 | 99cd3780cdf18db78bb836e4aa56ec9b73e29298629ecb7f6d53bcdb94be8bdc |
| SHA512 | cc301d74952b9e77b5cc49f2d0f2add21e2c22111894fafcceb305c30bd68e05de75ebc0c29ad04f254d874779f40c2fb974c83e4a6a972526e78fbd0cad158e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57bcb8.TMP
| MD5 | 2e069c847498e6fa8d82ac398fae1169 |
| SHA1 | 52c7e6e139cbf8d386afe72124e9418e1c86a9e5 |
| SHA256 | e08cb6a299a75178bb6e6450813a3c8ce5a34cbb640b58127a17b88947509e01 |
| SHA512 | 6a0bbd41b3e00b8bc7d42090b95c8a1feb4496680511bd3297b91ca672ebff9deaa7a5be37c604a3e9680f0cf6986a33b0604ed70c61a3ff96c449c5c2dece04 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 6e177a94604232c09f1034df649aac6f |
| SHA1 | de4e635fab8e0247f8a7df9006e03cf15042b5a5 |
| SHA256 | 533c8d30c9ff5ca8c94f35fc33f36f04ca425f99cd8f2f19acac7f778abab20f |
| SHA512 | 14579021371a5521635a9043b42f6c0dfd24a0f17b5b350bfb2c18f9eb2b29c402cf29d2daea447cb11b6afa835ff62c937bd15eaffd64dfb3785e30d4662ac7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\b98637bb7ae2171a737905d5907291f63b4218a2\4a5c31ff-c3bb-48b7-9c04-fca704d49b00\index-dir\the-real-index~RFe57bd45.TMP
| MD5 | 2897bb9c06ecae682475a5c47b847899 |
| SHA1 | bdb460c25f95629d98a3dfcbe3efddf8cfdde5e6 |
| SHA256 | b713a6492887abc02f7e04dbad7e8c513b42f70d535bea09855a83d0c6a401a6 |
| SHA512 | 8a1db2ead2e8747adeb949161cf2a062a9728172f6e4272551a2b1fef05958a0ab5154068490fc836b752ccdb3a15c38e51116e6dc9b47c9ba7b36ab250cec95 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\b98637bb7ae2171a737905d5907291f63b4218a2\4a5c31ff-c3bb-48b7-9c04-fca704d49b00\index-dir\the-real-index
| MD5 | 592b071bd8b5144957a9671f9c70010f |
| SHA1 | c4245a7a5db3f559f30b225077822c97eb5e6886 |
| SHA256 | fd818f023fae8de4a1d2b7f1eeae85e569a6330880bf51a74506437f3f871f88 |
| SHA512 | 26c50ae72392f35f5b95f6b50d020a2e44228fc2322e049cc31bd4f28bde4919eef52cd4dbe15a8f57d9edb0f1a80bf5a9f397db2f769d963ddf1877d34d7013 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\b98637bb7ae2171a737905d5907291f63b4218a2\index.txt~RFe57bd74.TMP
| MD5 | 15372660e78db9127873600c6ac75461 |
| SHA1 | 42141a7c8e46ee14f62d7b9a8b185e38d91814f8 |
| SHA256 | 6ad64efe7d1bb59d6cdb8ef47ea334369855a96efc5cdcb1c050c9f7c4d70c2d |
| SHA512 | f2ecc4d0d7b39c3a36fdc1ce330e7555dc1fa1669a0db31c70d5d8c4713c7776df84d2c2299d70c30d8ef42f13a47e4894e5f281087867f3688b5dfe371c610c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\b98637bb7ae2171a737905d5907291f63b4218a2\index.txt
| MD5 | 067c7afd372ead7b4b8366fb6ad8a632 |
| SHA1 | f067995b7112a44a00008889dc6cb49d9683f144 |
| SHA256 | 5eeab9094711286bcc0f21ed8a9ce290e4b7e43d7061e1eefc72c5492fddba52 |
| SHA512 | fd66425eb7e079929f1483cdba6976dba72f912ee4bda25bb14e7dc6db775d3f06f97e645cb9639dcacfcea8f006efdc760ecf72a217df469701c2f28dbc6dde |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a8fe43d078f7ccc256fa72b2dd2141bd |
| SHA1 | 053cf6b232a232994045aacce0a8786db5c4e280 |
| SHA256 | 7b5f35463d33e5708026ed9ff664218fec3908cbc4b6a759745002c1f31adc75 |
| SHA512 | ab41748739d50e0e627bf5372e7b1143dab79713750af814cb2351cb242b1af8a5ee3ae62aa7f6c491e8fef9c0cfb39d22e373d6d23dc0bf19b89a76e99a29fc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3da0bc42a57107073abad759b3b69897 |
| SHA1 | 0b26e710b89703d251662e1d7690f12739d2dff2 |
| SHA256 | 98c57a1bfd316d24399192d4a0b80f42e7ae3fb30bba145d372c308ecd5f9cdf |
| SHA512 | 94ade042f9a422b60004ac5ca5e0ba0e6eedd3c04773960b7353225e96da4d6a89641b8d25ffe9e5fc8f7d325c4c108b93fcf9812494f1f4ce1634182548ac87 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6bebf943daf62bb5d1ac04c477b8a955 |
| SHA1 | a1a414b935752b4d0cff61b3a125b75a86f205f9 |
| SHA256 | 6529d00d271359e9108f0b8571f4e9af87970ba0669d9c726eab86a8a757a8ed |
| SHA512 | e058c7ec24a8e063716f4a5c11607edcb165b063fd8b08ced9d37e52df876ee87dd78911a9f6990364e7f15fd31e2cdd77213f5eb32c3f86a6dc80da3a9d59bf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 4f7664f5019d647bd3f9041a57db2aa2 |
| SHA1 | 5d245f4149ec6e1e0bc09d71d3463ae9499cd5d7 |
| SHA256 | d1fd9507dda2082284fb69a01974cc981f991fb66ecc3f2eb8741c2684297dda |
| SHA512 | 49c0dacf8bf4049da123886676527b0a257fe680782c7e3f915c395a8a1f50b7801c81c66adb9500397e3a297eea7fcc46aa4ebe6d14aa7b3745f6bd7024a664 |