hxxps://cdn[.]discordapp[.]com/attachments/1172678494233296988/1189388538215661578/NetflEXT[.]rar

Analysis

max time kernel
219s
max time network
222s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
07/01/2024, 02:31

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1172678494233296988/1189388538215661578/NetflEXT.rar

Score

7^/10

pyinstaller

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
528	NetflixEX.exe

Loads dropped DLL 9 IoCs

pid	Process
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe

Detects Pyinstaller 2 IoCs

pyinstaller

resource	yara_rule
behavioral2/files/0x000600000002327a-178.dat	pyinstaller
behavioral2/files/0x000600000002327a-179.dat	pyinstaller

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133490682886597187"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1052	chrome.exe
1052	chrome.exe
4904	chrome.exe
4904	chrome.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe
528	NetflixEX.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4272	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe

Suspicious use of FindShellTrayWindow 40 IoCs

pid	Process
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
4272	7zFM.exe
4272	7zFM.exe
4272	7zFM.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1052 wrote to memory of 3204	1052	chrome.exe	15
PID 1052 wrote to memory of 3204	1052	chrome.exe	15
PID 1052 wrote to memory of 2620	1052	chrome.exe	29
PID 1052 wrote to memory of 2620	1052	chrome.exe	29
PID 1052 wrote to memory of 2620	1052	chrome.exe	29
PID 1052 wrote to memory of 2620	1052	chrome.exe	29
PID 1052 wrote to memory of 2620	1052	chrome.exe	29
PID 1052 wrote to memory of 2620	1052	chrome.exe	29
PID 1052 wrote to memory of 2620	1052	chrome.exe	29
PID 1052 wrote to memory of 2620	1052	chrome.exe	29
PID 1052 wrote to memory of 2620	1052	chrome.exe	29
PID 1052 wrote to memory of 2620	1052	chrome.exe	29
PID 1052 wrote to memory of 2620	1052	chrome.exe	29
PID 1052 wrote to memory of 2620	1052	chrome.exe	29
PID 1052 wrote to memory of 2620	1052	chrome.exe	29
PID 1052 wrote to memory of 2620	1052	chrome.exe	29
PID 1052 wrote to memory of 2620	1052	chrome.exe	29
PID 1052 wrote to memory of 2620	1052	chrome.exe	29
PID 1052 wrote to memory of 2620	1052	chrome.exe	29
PID 1052 wrote to memory of 2620	1052	chrome.exe	29
PID 1052 wrote to memory of 2620	1052	chrome.exe	29
PID 1052 wrote to memory of 2620	1052	chrome.exe	29
PID 1052 wrote to memory of 2620	1052	chrome.exe	29
PID 1052 wrote to memory of 2620	1052	chrome.exe	29
PID 1052 wrote to memory of 2620	1052	chrome.exe	29
PID 1052 wrote to memory of 2620	1052	chrome.exe	29
PID 1052 wrote to memory of 2620	1052	chrome.exe	29
PID 1052 wrote to memory of 2620	1052	chrome.exe	29
PID 1052 wrote to memory of 2620	1052	chrome.exe	29
PID 1052 wrote to memory of 2620	1052	chrome.exe	29
PID 1052 wrote to memory of 2620	1052	chrome.exe	29
PID 1052 wrote to memory of 2620	1052	chrome.exe	29
PID 1052 wrote to memory of 2620	1052	chrome.exe	29
PID 1052 wrote to memory of 2620	1052	chrome.exe	29
PID 1052 wrote to memory of 2620	1052	chrome.exe	29
PID 1052 wrote to memory of 2620	1052	chrome.exe	29
PID 1052 wrote to memory of 2620	1052	chrome.exe	29
PID 1052 wrote to memory of 2620	1052	chrome.exe	29
PID 1052 wrote to memory of 2620	1052	chrome.exe	29
PID 1052 wrote to memory of 2620	1052	chrome.exe	29
PID 1052 wrote to memory of 1596	1052	chrome.exe	24
PID 1052 wrote to memory of 1596	1052	chrome.exe	24
PID 1052 wrote to memory of 2428	1052	chrome.exe	28
PID 1052 wrote to memory of 2428	1052	chrome.exe	28
PID 1052 wrote to memory of 2428	1052	chrome.exe	28
PID 1052 wrote to memory of 2428	1052	chrome.exe	28
PID 1052 wrote to memory of 2428	1052	chrome.exe	28
PID 1052 wrote to memory of 2428	1052	chrome.exe	28
PID 1052 wrote to memory of 2428	1052	chrome.exe	28
PID 1052 wrote to memory of 2428	1052	chrome.exe	28
PID 1052 wrote to memory of 2428	1052	chrome.exe	28
PID 1052 wrote to memory of 2428	1052	chrome.exe	28
PID 1052 wrote to memory of 2428	1052	chrome.exe	28
PID 1052 wrote to memory of 2428	1052	chrome.exe	28
PID 1052 wrote to memory of 2428	1052	chrome.exe	28
PID 1052 wrote to memory of 2428	1052	chrome.exe	28
PID 1052 wrote to memory of 2428	1052	chrome.exe	28
PID 1052 wrote to memory of 2428	1052	chrome.exe	28
PID 1052 wrote to memory of 2428	1052	chrome.exe	28
PID 1052 wrote to memory of 2428	1052	chrome.exe	28
PID 1052 wrote to memory of 2428	1052	chrome.exe	28
PID 1052 wrote to memory of 2428	1052	chrome.exe	28
PID 1052 wrote to memory of 2428	1052	chrome.exe	28
PID 1052 wrote to memory of 2428	1052	chrome.exe	28

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cdn.discordapp.com/attachments/1172678494233296988/1189388538215661578/NetflEXT.rar
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff99719758,0x7fff99719768,0x7fff99719778
  2⤵
  PID:3204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1840,i,14426230985194329565,12557645443212146274,131072 /prefetch:8
  2⤵
  PID:1596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2968 --field-trial-handle=1840,i,14426230985194329565,12557645443212146274,131072 /prefetch:1
  2⤵
  PID:4188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1244 --field-trial-handle=1840,i,14426230985194329565,12557645443212146274,131072 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1840,i,14426230985194329565,12557645443212146274,131072 /prefetch:8
  2⤵
  PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 --field-trial-handle=1840,i,14426230985194329565,12557645443212146274,131072 /prefetch:2
  2⤵
  PID:2620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 --field-trial-handle=1840,i,14426230985194329565,12557645443212146274,131072 /prefetch:8
  2⤵
  PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 --field-trial-handle=1840,i,14426230985194329565,12557645443212146274,131072 /prefetch:8
  2⤵
  PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 --field-trial-handle=1840,i,14426230985194329565,12557645443212146274,131072 /prefetch:8
  2⤵
  PID:4296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1840,i,14426230985194329565,12557645443212146274,131072 /prefetch:8
  2⤵
  PID:3644
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\NetflEXT.rar"
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  PID:4272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5232 --field-trial-handle=1840,i,14426230985194329565,12557645443212146274,131072 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5564 --field-trial-handle=1840,i,14426230985194329565,12557645443212146274,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4904

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4148

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4856

C:\Users\Admin\Desktop\NetflEXT\dist\NetflixEX.exe
"C:\Users\Admin\Desktop\NetflEXT\dist\NetflixEX.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:528

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\NetflEXT\build\inject\warn-inject.txt
1⤵
PID:2912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
00c93fe52f803bf19465154840121e6a

SHA1
6663df4a152341333104feafe781d9a56fe46795

SHA256
542baba3f679a2530a4f71c25ba401594272410acf80933cb71e8080560f1533

SHA512
635d0fec51b19805eb58afe2d82aea90a01335d03a7c142c97ec078a9b3149ccc9fd95e3e8a70d679e46e6236860e4da88964ddf96135de12f7024d15c36536c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6a6913c3676f411f071495f9b45173f4

SHA1
02aa65c98ec13c97ea443c77ab22a43e1e2297f2

SHA256
9d73f4a30c924de4cce163f8de53e570a39307fd3f6fd3c4e31bd05984eb7ddf

SHA512
66ea408dc26c10b6c497d109c5375d1e9eac88807c238fa5956ab58720853666051f2a9aec72000d2f2bfd23034aeefe1c3085108a941718891afd633671a2e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
01a693588b707246ac6b1e85076e731f

SHA1
9984066f90a54f087ab390160bc8306accb7af76

SHA256
18c14d64daeaafcb93cf3e4e7b935130d0f705ba1faf2c9e20d22964f202de3b

SHA512
a57af8b16584483babf9a1c458fd91fc12b54bb8b529f107519cdcd78f762632e4dbd7a6db7e2317d4ce711b7815363a24f4ae1ee4f6e277dd1e4774eb350f5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9ac60055c7598c4afa157ad2b756931d

SHA1
d2d460dd7e98486d309b1f5fbe64e2fcd1cbf2a3

SHA256
7ffeaf2765243718b8b75a95536eb15173979aea1fc3bd241d60c07d6b62d091

SHA512
03a476925d144bad10c9cd624d4c0bfda1a5c5b7016cbb0b9dcae40e9f3c0b1315a91c83e9a1ef00e2a4021f4a0e658a7441c8c35b5c4adf98f57e36ffde9526

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
b8b5ce2d6cbe1403267381559d7901d1

SHA1
c4adab37f877d0062de9f86e0c1ef334a6d5a098

SHA256
8862a079ff47875785fe9a26b480cf9edc2a8e0b15bd7aff36cb82192479214e

SHA512
17c6d009281d9ee3739dd6817e80ae5616815ae9ca442f697c976895d3f14f961749d13c265b17ce0440cb20ab50c0898b4beea39b073c5bb2a15138427da52a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
0a4775f22cf9e23eedd8567057204c3d

SHA1
c1aa3224a72f2edebe88985038ff2c0aea99a5b3

SHA256
7c2a27ea1f5cee60bc61745e9dcef4bde02ed9d411d6c0561f93a23b49c886db

SHA512
53330145bf6df7fc4c085feb538715d35de237d804988fe0403c62f0e572d1110607313f7b92a55528d2e83900756c675d298811d79a18896cd580df5d4ef2ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
114KB

MD5
6c6ed2b6e955a68d305b96243392d371

SHA1
fe737a75b3ded92f6b92de81249cb6ab718915b1

SHA256
e15f0e037b9a0d60779a93aee908bc34985462e704aa3b9550512b1b5548ed96

SHA512
818dbb4d925b1dca51505993bc80e48c20301659db5ae6db7851f6505b56095a0c0138b728f6c2a6f926691b1e7275963486251241d8979177b14f7f84057f93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe593b0b.TMP

Filesize
107KB

MD5
8b636a89ba28b7bd133ec2bae73404f7

SHA1
941ceafc74974e46c608a498a40377fe3ba51b8b

SHA256
76b7b4bfa420ed7a00f73292967052511b53ae1390d30cb1e7f261992d04a19b

SHA512
d0d6e4bb5f85ba9079601348847bd3acfdd113102c937e07e2d5e0770d9d01e87dc0ab353aeae31ceb0ae6b38380d5f2a06e5e2f8cd4b5b05f56c946657e09d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Desktop\NetflEXT\dist\NetflixEX.exe

Filesize
2.4MB

MD5
65a40d17a1ce289842ba2d72ba1ad255

SHA1
f18c93e053713e48f64b52d4dbc6a7a780cca0dd

SHA256
38bc6a7b401c8b7fa9e5c576f2d689c7e4633d14c54440b3d277c33c2b4cef26

SHA512
1927d7b2ba36a072948cc6022f9e88a4e63481376c40139d4582b1c5e6c1b7433cf83231c4f4ea91571e77ba6243059152b49aeed76f92ccdf63eeec02c8dde7

Download Submit
C:\Users\Admin\Desktop\NetflEXT\dist\NetflixEX.exe

Filesize
1.2MB

MD5
f3858fbc969220572fe33ecb183d1b34

SHA1
aae370855aa96826dbfaeeccb1cfbe43e4782048

SHA256
b5dfda121da110678b75f28701ed8d8d1cc587b1cb3b09800b7f83fef935334c

SHA512
1aaf497a5efcf544f3570e8c39b540fce515064451aaf009d84b13e76af44efe54d01e6cc35c3c81848e175f7ba088c0b9b95b9c7779d713da880a4fdb6c0125

Download Submit
C:\Users\Admin\Desktop\NetflEXT\dist\_internal\VCRUNTIME140.dll

Filesize
116KB

MD5
be8dbe2dc77ebe7f88f910c61aec691a

SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40

SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

Download Submit
C:\Users\Admin\Desktop\NetflEXT\dist\_internal\_bz2.pyd

Filesize
82KB

MD5
90f58f625a6655f80c35532a087a0319

SHA1
d4a7834201bd796dc786b0eb923f8ec5d60f719b

SHA256
bd8621fcc901fa1de3961d93184f61ea71068c436794af2a4449738ccf949946

SHA512
b5bb1ecc195700ad7bea5b025503edd3770b1f845f9beee4b067235c4e63496d6e0b19bdd2a42a1b6591d1131a2dc9f627b2ae8036e294300bb6983ecd644dc8

Download Submit
C:\Users\Admin\Desktop\NetflEXT\dist\_internal\_ctypes.pyd

Filesize
122KB

MD5
452305c8c5fda12f082834c3120db10a

SHA1
9bab7b3fd85b3c0f2bedc3c5adb68b2579daa6e7

SHA256
543ce9d6dc3693362271a2c6e7d7fc07ad75327e0b0322301dd29886467b0b0e

SHA512
3d52afdbc8da74262475abc8f81415a0c368be70dbf5b2bd87c9c29ca3d14c44770a5b8b2e7c082f3ece0fd2ba1f98348a04b106a48d479fa6bd062712be8f7c

Download Submit
C:\Users\Admin\Desktop\NetflEXT\dist\_internal\_lzma.pyd

Filesize
92KB

MD5
78a85ba7eacb60a71c8953b97a1fd51b

SHA1
8a7553ca4d8a67c5cc751fabb85cbf17ace44977

SHA256
182e0b43180b444362de2d65f3a45134e2b64b1b662196ef7cf004d2bfb17eaf

SHA512
5a0005ac7a7b443d2cb9429bc3d2ec0db0a11c38b3112777db936bcad96298665208bdfdde7b5427bb68837d85c509ff8922e9e4cbbfd01460060e917cba65b5

Download Submit
C:\Users\Admin\Desktop\NetflEXT\dist\_internal\base_library.zip

Filesize
1.3MB

MD5
ccee0ea5ba04aa4fcb1d5a19e976b54f

SHA1
f7a31b2223f1579da1418f8bfe679ad5cb8a58f5

SHA256
eeb7f0b3e56b03454868411d5f62f23c1832c27270cee551b9ca7d9d10106b29

SHA512
4f29ac5df211fef941bd953c2d34cb0c769fb78475494746cb584790d9497c02be35322b0c8f5c14fe88d4dd722733eda12496db7a1200224a014043f7d59166

Download Submit
C:\Users\Admin\Desktop\NetflEXT\dist\_internal\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\Desktop\NetflEXT\dist\_internal\python312.dll

Filesize
1.6MB

MD5
bfef0b90155fad7adeb05edfc5d5cc84

SHA1
e139a238f143ae66823f1e502ee03419b39e901d

SHA256
724e4e3c69be7594d9782830d8422c141a4bb67ee9c48285d6e6007def78abe0

SHA512
ee14b3c015cc78cb603c411d52bb5751b36730559d54ba8dfcca6bf49adb14268ff969e36a08eaffd4e0b28164355df5a22304654c191c80ead068152c8c62e7

Download Submit
C:\Users\Admin\Desktop\NetflEXT\dist\_internal\python312.dll

Filesize
1.1MB

MD5
ad5308585f2c9e0bdb4a065b181f755d

SHA1
538e78d44618b28fc48da6c2003fdb4e2e377b90

SHA256
bc269b6cc618717aba0ba9183c2f70837b45a88e7bcafb0110ae2fb099840ca5

SHA512
7e51e7aa8b2857097c10cbc17e5b22af590ff33bd0a34fee95672d7920b8fd8fae75405a3c2089151173f65cc599f038ee6a8b9e6d3533d2f0688e3d04758faa

Download Submit
C:\Users\Admin\Downloads\NetflEXT.rar

Filesize
10.2MB

MD5
ccb60cb5d645c48b34a84f8c3af63d32

SHA1
3d19c73f166bbf11d35e823d236238ceb522ceb9

SHA256
0109d7177a1c50a9d14a58515f36a67a810a0d00aded0f6d4a936a658145283c

SHA512
20289971ce2535faa29a67b4d1026c560ab47d41236cfad1fb844e8c573c2c6f1711fe9689ec5394ae45f0b52b8feba62f41479b7db6f289da0b262990655d2b

Download Submit
C:\Users\Admin\Downloads\NetflEXT.rar.crdownload

Filesize
381KB

MD5
b7f02d974db3e1c28acddca3f724b1ea

SHA1
c73153786c6adbc44079527d9e87e27d11c6fb89

SHA256
f57e60440bc3e6689181f8f1cac5265e32af8b47197f34064b3d42c7f7afde82

SHA512
b63b521eb593a5758c0f79d4a46536af5d3a20e5adcce4281c5ff95d2e73d67d266acf24c369a585e686a60b874bd1407d9ee96681cf8f29de16bec46c5f9190

Download Submit