hxxp://appnationwide[.]com

Resubmissions

31/08/2023, 10:43

230831-msq2zaef34 1

31/08/2023, 10:06

230831-l49g1sea7z 8

31/08/2023, 08:29

230831-kdxj4aeb48 1

Analysis

max time kernel
161s
max time network
169s
platform
windows10-1703_x64
resource
win10-20230703-en
resource tags

arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
submitted
31/08/2023, 10:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://appnationwide.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133379522874715370"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\NodeSlot = "3"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 020000000000000001000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 010000000200000000000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\MRUListEx = ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000c04c425f95add9019eef8b9fa1add9019eef8b9fa1add90114000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2 = 14002e8005398e082303024b98265d99428e115f0000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 020000000100000000000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3720	chrome.exe
3720	chrome.exe
5080	chrome.exe
5080	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2212	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3720 wrote to memory of 4140	3720	chrome.exe	70
PID 3720 wrote to memory of 4140	3720	chrome.exe	70
PID 3720 wrote to memory of 5036	3720	chrome.exe	72
PID 3720 wrote to memory of 5036	3720	chrome.exe	72
PID 3720 wrote to memory of 5036	3720	chrome.exe	72
PID 3720 wrote to memory of 5036	3720	chrome.exe	72
PID 3720 wrote to memory of 5036	3720	chrome.exe	72
PID 3720 wrote to memory of 5036	3720	chrome.exe	72
PID 3720 wrote to memory of 5036	3720	chrome.exe	72
PID 3720 wrote to memory of 5036	3720	chrome.exe	72
PID 3720 wrote to memory of 5036	3720	chrome.exe	72
PID 3720 wrote to memory of 5036	3720	chrome.exe	72
PID 3720 wrote to memory of 5036	3720	chrome.exe	72
PID 3720 wrote to memory of 5036	3720	chrome.exe	72
PID 3720 wrote to memory of 5036	3720	chrome.exe	72
PID 3720 wrote to memory of 5036	3720	chrome.exe	72
PID 3720 wrote to memory of 5036	3720	chrome.exe	72
PID 3720 wrote to memory of 5036	3720	chrome.exe	72
PID 3720 wrote to memory of 5036	3720	chrome.exe	72
PID 3720 wrote to memory of 5036	3720	chrome.exe	72
PID 3720 wrote to memory of 5036	3720	chrome.exe	72
PID 3720 wrote to memory of 5036	3720	chrome.exe	72
PID 3720 wrote to memory of 5036	3720	chrome.exe	72
PID 3720 wrote to memory of 5036	3720	chrome.exe	72
PID 3720 wrote to memory of 5036	3720	chrome.exe	72
PID 3720 wrote to memory of 5036	3720	chrome.exe	72
PID 3720 wrote to memory of 5036	3720	chrome.exe	72
PID 3720 wrote to memory of 5036	3720	chrome.exe	72
PID 3720 wrote to memory of 5036	3720	chrome.exe	72
PID 3720 wrote to memory of 5036	3720	chrome.exe	72
PID 3720 wrote to memory of 5036	3720	chrome.exe	72
PID 3720 wrote to memory of 5036	3720	chrome.exe	72
PID 3720 wrote to memory of 5036	3720	chrome.exe	72
PID 3720 wrote to memory of 5036	3720	chrome.exe	72
PID 3720 wrote to memory of 5036	3720	chrome.exe	72
PID 3720 wrote to memory of 5036	3720	chrome.exe	72
PID 3720 wrote to memory of 5036	3720	chrome.exe	72
PID 3720 wrote to memory of 5036	3720	chrome.exe	72
PID 3720 wrote to memory of 5036	3720	chrome.exe	72
PID 3720 wrote to memory of 5036	3720	chrome.exe	72
PID 3720 wrote to memory of 1232	3720	chrome.exe	73
PID 3720 wrote to memory of 1232	3720	chrome.exe	73
PID 3720 wrote to memory of 5064	3720	chrome.exe	74
PID 3720 wrote to memory of 5064	3720	chrome.exe	74
PID 3720 wrote to memory of 5064	3720	chrome.exe	74
PID 3720 wrote to memory of 5064	3720	chrome.exe	74
PID 3720 wrote to memory of 5064	3720	chrome.exe	74
PID 3720 wrote to memory of 5064	3720	chrome.exe	74
PID 3720 wrote to memory of 5064	3720	chrome.exe	74
PID 3720 wrote to memory of 5064	3720	chrome.exe	74
PID 3720 wrote to memory of 5064	3720	chrome.exe	74
PID 3720 wrote to memory of 5064	3720	chrome.exe	74
PID 3720 wrote to memory of 5064	3720	chrome.exe	74
PID 3720 wrote to memory of 5064	3720	chrome.exe	74
PID 3720 wrote to memory of 5064	3720	chrome.exe	74
PID 3720 wrote to memory of 5064	3720	chrome.exe	74
PID 3720 wrote to memory of 5064	3720	chrome.exe	74
PID 3720 wrote to memory of 5064	3720	chrome.exe	74
PID 3720 wrote to memory of 5064	3720	chrome.exe	74
PID 3720 wrote to memory of 5064	3720	chrome.exe	74
PID 3720 wrote to memory of 5064	3720	chrome.exe	74
PID 3720 wrote to memory of 5064	3720	chrome.exe	74
PID 3720 wrote to memory of 5064	3720	chrome.exe	74
PID 3720 wrote to memory of 5064	3720	chrome.exe	74

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://appnationwide.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffeb4079758,0x7ffeb4079768,0x7ffeb4079778
  2⤵
  PID:4140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1720,i,10730069605409445870,193500051150041770,131072 /prefetch:2
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1976 --field-trial-handle=1720,i,10730069605409445870,193500051150041770,131072 /prefetch:8
  2⤵
  PID:1232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2088 --field-trial-handle=1720,i,10730069605409445870,193500051150041770,131072 /prefetch:8
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2656 --field-trial-handle=1720,i,10730069605409445870,193500051150041770,131072 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2644 --field-trial-handle=1720,i,10730069605409445870,193500051150041770,131072 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4420 --field-trial-handle=1720,i,10730069605409445870,193500051150041770,131072 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4844 --field-trial-handle=1720,i,10730069605409445870,193500051150041770,131072 /prefetch:8
  2⤵
  PID:880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 --field-trial-handle=1720,i,10730069605409445870,193500051150041770,131072 /prefetch:8
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 --field-trial-handle=1720,i,10730069605409445870,193500051150041770,131072 /prefetch:8
  2⤵
  PID:4780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4776 --field-trial-handle=1720,i,10730069605409445870,193500051150041770,131072 /prefetch:1
  2⤵
  PID:4052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2004 --field-trial-handle=1720,i,10730069605409445870,193500051150041770,131072 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2476 --field-trial-handle=1720,i,10730069605409445870,193500051150041770,131072 /prefetch:8
  2⤵
  PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4952 --field-trial-handle=1720,i,10730069605409445870,193500051150041770,131072 /prefetch:8
  2⤵
  PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2492 --field-trial-handle=1720,i,10730069605409445870,193500051150041770,131072 /prefetch:1
  2⤵
  PID:3312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=688 --field-trial-handle=1720,i,10730069605409445870,193500051150041770,131072 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4716 --field-trial-handle=1720,i,10730069605409445870,193500051150041770,131072 /prefetch:1
  2⤵
  PID:2588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2900 --field-trial-handle=1720,i,10730069605409445870,193500051150041770,131072 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4564 --field-trial-handle=1720,i,10730069605409445870,193500051150041770,131072 /prefetch:8
  2⤵
  PID:3460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3164 --field-trial-handle=1720,i,10730069605409445870,193500051150041770,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:2212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5352 --field-trial-handle=1720,i,10730069605409445870,193500051150041770,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5080

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2156

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b

Filesize
180KB

MD5
497835d373e12af4cd257487dd5d3612

SHA1
425950e9427926ac0aa7940c4a18a44ab59df47a

SHA256
e11ff08dff0a884b311133e2469146b2a54319cf60094511e098df0c3677c4e0

SHA512
aa05611f56185e02289345f9c286ca98f96d5e1d24c8d152605e866e60013dc2945fc60f826e81459003ca9c2b7d439c0f6fdd173cbee57cd751ee51b18d2bf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
d097eb077a138f76540aec39a46c053d

SHA1
a58260ce184a9685dca92a3806f6e042b945791e

SHA256
79e9b8ce61b98346af2ec0b9b6389b1041308c96ae6a7fb0be865928d7fe7219

SHA512
2fb97d2707f48f283212bfb6d8cdf1808a9139171c8c0fb9b5886dde7c558656d768c4ad4fd63adb29c1aa631af30ccf99e299199f00f206b58245902982e60a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5e44825fd422f84282561453c7361219

SHA1
b240e275cd5f2cfa177dd92e8b971690222b1297

SHA256
5c13ed7d87890a70dd499541cae913e700972ac7c8cedf1f2e931723b784799c

SHA512
70bfe468dc302d36a13b55d4f822118af8072ca8d6721b2a1d2c5e82a1e25c5ba4b8297700b7bfeb6fe3e4dc0c7dfd9e3108a604d6f851c850f3152de9c6816b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
12ffea726c829f519ae6f76c8010fce7

SHA1
d679d5c8577d8c157c5afce3ca95daef2d9ecbf6

SHA256
45ef2c05447b7952a75b73059390098164288462f8907c5526b5e2345d3ce2e5

SHA512
bd0be286cbe98fa198f355b2ab091e0fd5593483a036e567a3c111c412900e9a62331be49f60302772fdddbed6eff1881ee983ebd18307942c2287663a4f0c93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
9c4a6509c498899f49527d0362e6563e

SHA1
008c21f6c54e2346ac67a3aae095fef2388c2d79

SHA256
7016f8af203a5ec18b86b58c7d130676284a95d4cadb96257078b101fe6cd146

SHA512
3a54457e3968dc115b281836a124b3f97607d5d60749cbe5facba5e13d908517a261edc3d2157058599d348033f7a3b34ba3d0eedb85ba0c35c1f138103801ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
704B

MD5
e3aa9fcd964bdf5915f8b026be64724a

SHA1
007ec15610883e1ae60a38aea0da760c94775fdb

SHA256
47d7f7ac039d201da57f519f6fa9f9280485e8ed0a1f2074be7538259dcb318a

SHA512
ef3085922b736bc4aad1535a3a962fd3c32aaa804cf6df7382e2d652b5e3df27989c66fb2f8ad6a5eb8c96e936f822ef1ae5264bd2e1e0e36b8123844dd160c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7a0b7bd63b3272a0103b96dfebe7eddd

SHA1
fea883ea960615dc7a76fd4e8d8c9b760fb87352

SHA256
996c79ca84d41b4143d47438936979617738b3aa49d971028475ebb95989b5c5

SHA512
4d49df58dacbed9676e80b3e642aab0e1c15d3210b77901cdb20ce74fd063646f5237971d589403d036ca824a426045dad42861124410315d534168e1031bf7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1d435f9c1e125c12db0774b68ab6a9a6

SHA1
9628397a58b116034d98a657bf8c621e3f6e4087

SHA256
09bc5f0ef6637961dbe978bb03f141fb5b7347a1722b39a364e365c87cbcf084

SHA512
66faa6d50440f13d61a873770675255e6524b8117537c620fb8b6be88b15e21e77e6d482303341110b0826b77e8bc72d28521e19c6cc8a94a33495b021e96c2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
13e2da63552a102926a80bb31f13cbc3

SHA1
105fa949e845db4ebf96adb2e9711c1e5cc20282

SHA256
88da2ea351df10acf1cb64bd37d281dfa85c2d7b5c1a8cf603397163a79c70ea

SHA512
9f4e24e3869cc0a6044590f6fc5d0e3d99f29b03f909888907ec5ebd57b8e9b1a105918f4e1b93db4248e11c4ea77878e6bbcfba2e4a3f83c11e161aefdac92c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
6670306cab07c9b7d1e2ac5e80f98f53

SHA1
3ccfd2f7c342aeb6e734c936c042de14d737f433

SHA256
e8673c6196a79ad92e60a3df84a97f7b99f387c885e07f76956e0c204d8076f4

SHA512
d27d6feb45660b89592af667db2decb0c4952da0c8b6bcffac44a46ea7125e6914c41d327b3e3b19fe436a9773d4b5ecc623441f938edf80b128fad9d4950b3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
0920c3bdd1ec72ae4085ef7a9f3ea80b

SHA1
50073c3dfad25dce16f042877d31e488749f998a

SHA256
da02ef3608e030f27a0f6df153ac87bbc33b7fd735b0e2d2f11dab98261830d9

SHA512
09a0081a86aa865a4ac087891c50ad8c47e48883e0c6c37685e3ac71e46e897c689009e8ab49bf714219c903c32b604d734f86356a9538bb4d45dcde937f142c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
89d9c60e92044a248e1175419b651630

SHA1
476c43b082a0cd36155c7aabd66ddb1fe7085a04

SHA256
2560218277bba31261d7e0d1367d61f343ab1426f3a578ff085ac78c6e8a515a

SHA512
ec9b76ecb48103d8bc6eacc3ef952013c30a3f97e1240fbe02d64a629a7f67c4ed43bd5608e85eb7390837fce28ef177b428ad4da0b24009a339bf08a1497f0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
ebb0deb0fe81536d3f43fe1087adb047

SHA1
2b1b2d8535d08762fb10420c6aae4325b15abc4a

SHA256
a5639a1fcc4202940871297246c25300c98941191081930de61d38855317555c

SHA512
464d89eb99d2abc0a3f92ee96bbc36ccfc42ba97ea8f4231618eb25bcc7ea9929152e6d99e0cea02b919900e6456f028516dbe4653f17d50dddf0a79ade60d50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5919b8.TMP

Filesize
48B

MD5
94455b46e21233888ddf1c23e5fbf165

SHA1
b9e2aa7d82d305287071fc7585a1dfe959c49985

SHA256
5e992bdea00fe655e1d4ba6b2651246a16fbc62324e818b1ce4c0587027f2c2f

SHA512
f302c24efbf7c4261a238f51f0d514d53327d62d87f3bff008b134f6e9cdd70e29c3f4070dfae4ce9c6c201e554575f34e1a7a6968383d46d358ac698841075e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
46f0f52cca5e7b99321a6f842d7e3b81

SHA1
f8a39f71d3ea0216414da543aca0dfc3d32b667d

SHA256
4cc71005f890d9db87c07dac3f133028ddef26b586bd0a68f7ab363331819365

SHA512
5ff07e669c35d0cf9e1da245dc9f8fc588cde936a5404210124d76623289cf6ea23b953a1e24670ba294052163da564f653795fbb030370f8ea33604856102c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
fcba5ebf79b7290c05d7da31ee3e9f7a

SHA1
5cc78705b74f7234f74259882e58bfe357361285

SHA256
3fd30516b4a0a918dd208e7a10719d6f7a2915855317d17810f7bc594075b60e

SHA512
a8c59675aedbc2ae59048e691d2e74f327ff3e74e10e0b28fe37d77e49858e4606ac81e933880829974782de0e4a2ba39976cef8d761fb9d54acb76049b3a92a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db

Filesize
14KB

MD5
f6b65518119fb6168fefae3bf1d13cf8

SHA1
1fdd99ae4fb77c4c8d79d644e9e7eadcd4fd0aae

SHA256
327043b8b348b7dc06feb235435f541d56e194e8c4f5b8de5cb9e874387b0d25

SHA512
b668f6c412c926aa46a54d6177070027869a87fbe9473689746c21e8d6ede123d32cc0f021f2df56c1cbe98f4218f002c88b29c61c34a1bc9c924a67100a34c4

Download Submit
C:\Users\Admin\Desktop\Nationwide Support.dmg

Filesize
7.5MB

MD5
49eccfcfe871ba58950f015c0101a6b2

SHA1
91acd072595985c872128e233c6232f3bb5d9df3

SHA256
1fda8b7d8189e6c2f62abe2a96174bf0bbb046d9476e64c493e9d423b87d7a79

SHA512
0943869b802ba8fc15c9887916d5f3a2cd0a51be3f6b5a6e0d775fa218fd1bcc559f1483a8039d86d3574696fe380b654c649f7e8fdac9cf973e4e50eded77eb

Download Submit