654c0416649e9f18d4f9e300f6dbab68408368c44a68982349d9b521b2a6c4bb

Analysis

max time kernel
93s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11-09-2024 17:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Netflix-Checker-main/netflix.py
Size

6KB
MD5

127895f86d48a76e45d4a56a891ab32e
SHA1

1ecb074b8a8b31eba4861c2ce32f00cf180ceea7
SHA256

32a82618ec824ef022b851c4c1ebaf51dbe47862f0ab0e6858b21b9676a42db4
SHA512

632133f6573c747f19bfa1c3c7abeb66fdf0a41442495d67e0f23aadee87bb73e663c8371e433c19065b3cd3fdeae7fd3b394e54e0d6db8624b9e09a5c760a35
SSDEEP

48:AV0JS4zxW5Rzgr7P5I2c/h13BZ12cDtTuj9T3v39zoY4Nlqb90fdIa9PYVLK2cuy:AmbWbulcfscelv9fefG/9cb6023+h

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133705485744157472"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4120	chrome.exe
4120	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4008	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4120 wrote to memory of 4776	4120	chrome.exe	91
PID 4120 wrote to memory of 4776	4120	chrome.exe	91
PID 4120 wrote to memory of 3964	4120	chrome.exe	92
PID 4120 wrote to memory of 3964	4120	chrome.exe	92
PID 4120 wrote to memory of 3964	4120	chrome.exe	92
PID 4120 wrote to memory of 3964	4120	chrome.exe	92
PID 4120 wrote to memory of 3964	4120	chrome.exe	92
PID 4120 wrote to memory of 3964	4120	chrome.exe	92
PID 4120 wrote to memory of 3964	4120	chrome.exe	92
PID 4120 wrote to memory of 3964	4120	chrome.exe	92
PID 4120 wrote to memory of 3964	4120	chrome.exe	92
PID 4120 wrote to memory of 3964	4120	chrome.exe	92
PID 4120 wrote to memory of 3964	4120	chrome.exe	92
PID 4120 wrote to memory of 3964	4120	chrome.exe	92
PID 4120 wrote to memory of 3964	4120	chrome.exe	92
PID 4120 wrote to memory of 3964	4120	chrome.exe	92
PID 4120 wrote to memory of 3964	4120	chrome.exe	92
PID 4120 wrote to memory of 3964	4120	chrome.exe	92
PID 4120 wrote to memory of 3964	4120	chrome.exe	92
PID 4120 wrote to memory of 3964	4120	chrome.exe	92
PID 4120 wrote to memory of 3964	4120	chrome.exe	92
PID 4120 wrote to memory of 3964	4120	chrome.exe	92
PID 4120 wrote to memory of 3964	4120	chrome.exe	92
PID 4120 wrote to memory of 3964	4120	chrome.exe	92
PID 4120 wrote to memory of 3964	4120	chrome.exe	92
PID 4120 wrote to memory of 3964	4120	chrome.exe	92
PID 4120 wrote to memory of 3964	4120	chrome.exe	92
PID 4120 wrote to memory of 3964	4120	chrome.exe	92
PID 4120 wrote to memory of 3964	4120	chrome.exe	92
PID 4120 wrote to memory of 3964	4120	chrome.exe	92
PID 4120 wrote to memory of 3964	4120	chrome.exe	92
PID 4120 wrote to memory of 3964	4120	chrome.exe	92
PID 4120 wrote to memory of 1408	4120	chrome.exe	93
PID 4120 wrote to memory of 1408	4120	chrome.exe	93
PID 4120 wrote to memory of 740	4120	chrome.exe	94
PID 4120 wrote to memory of 740	4120	chrome.exe	94
PID 4120 wrote to memory of 740	4120	chrome.exe	94
PID 4120 wrote to memory of 740	4120	chrome.exe	94
PID 4120 wrote to memory of 740	4120	chrome.exe	94
PID 4120 wrote to memory of 740	4120	chrome.exe	94
PID 4120 wrote to memory of 740	4120	chrome.exe	94
PID 4120 wrote to memory of 740	4120	chrome.exe	94
PID 4120 wrote to memory of 740	4120	chrome.exe	94
PID 4120 wrote to memory of 740	4120	chrome.exe	94
PID 4120 wrote to memory of 740	4120	chrome.exe	94
PID 4120 wrote to memory of 740	4120	chrome.exe	94
PID 4120 wrote to memory of 740	4120	chrome.exe	94
PID 4120 wrote to memory of 740	4120	chrome.exe	94
PID 4120 wrote to memory of 740	4120	chrome.exe	94
PID 4120 wrote to memory of 740	4120	chrome.exe	94
PID 4120 wrote to memory of 740	4120	chrome.exe	94
PID 4120 wrote to memory of 740	4120	chrome.exe	94
PID 4120 wrote to memory of 740	4120	chrome.exe	94
PID 4120 wrote to memory of 740	4120	chrome.exe	94
PID 4120 wrote to memory of 740	4120	chrome.exe	94
PID 4120 wrote to memory of 740	4120	chrome.exe	94
PID 4120 wrote to memory of 740	4120	chrome.exe	94
PID 4120 wrote to memory of 740	4120	chrome.exe	94
PID 4120 wrote to memory of 740	4120	chrome.exe	94
PID 4120 wrote to memory of 740	4120	chrome.exe	94
PID 4120 wrote to memory of 740	4120	chrome.exe	94
PID 4120 wrote to memory of 740	4120	chrome.exe	94
PID 4120 wrote to memory of 740	4120	chrome.exe	94
PID 4120 wrote to memory of 740	4120	chrome.exe	94

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Netflix-Checker-main\netflix.py
1⤵
- Modifies registry class
PID:1928

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff9d43fcc40,0x7ff9d43fcc4c,0x7ff9d43fcc58
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1940,i,18400836851283150022,15103725236548424376,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:3964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1960,i,18400836851283150022,15103725236548424376,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2028 /prefetch:3
  2⤵
  PID:1408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2300,i,18400836851283150022,15103725236548424376,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2504 /prefetch:8
  2⤵
  PID:740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,18400836851283150022,15103725236548424376,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3220,i,18400836851283150022,15103725236548424376,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4592,i,18400836851283150022,15103725236548424376,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3764 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4888,i,18400836851283150022,15103725236548424376,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4756 /prefetch:8
  2⤵
  PID:4652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4852,i,18400836851283150022,15103725236548424376,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4952 /prefetch:8
  2⤵
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3700,i,18400836851283150022,15103725236548424376,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4576 /prefetch:1
  2⤵
  PID:3040

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2748

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
ff07c4b2c1c8eb3b8f8ec64201a54afe

SHA1
71f94ba73b057648a068152f0d6fcd2403af715a

SHA256
f77464fea68eaca4a946e4a5b011986db94b14eb0322c7e7625c004017a0f7e4

SHA512
d69c1467cc86fa2787424b1d5a13e1ec7d85ec396ba89bb288f44d9771173f4c36400b1ef8594b81b2b832f418af80e8abcbb9a11785138b9327cf52cea6c52c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
40a2b6bf0793d2c19991cd77278aec28

SHA1
90cac3c9e7420b9da9936171ab0a2ffddfc8fd57

SHA256
3b7c39db15f7b8b28fece1ef4beade6b7578e96a9d4f3c2517eab339736a2c96

SHA512
d45e93d485afa2226ae54b480ccde700f6a25e1e8e97fec3574b2f1a0f087c9a0f7b3ed0f3e47d0c8019c35dd8350bff5dbc69b24307a23f1b836b159ed040dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e60a4f4c21606257ee20b81e951cb919

SHA1
186714a301a1c10db4f74f34fc7dc8cbf07efb68

SHA256
dc2bd0b0f5a1f3ab85ee6a373f3f4f8724e386f3aca1a56cc7cf7d1e00d227ed

SHA512
a48f5a36e7f50e256a0ccde74437994a249071c7abda8bff2badc453d89759779582009f86516a37f2a1281206519e234a1d67596f42aa3babe3573d78d12c43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
3847934dc8d51bbc9c937eeea08aae31

SHA1
e2dfec110bc719d63ac13440e5e7ff346779bbe7

SHA256
78263d97fa9db856188d5265b71fbc99d0448a9700c83de0e38de6b1ab3aae9d

SHA512
69edf4fd6143edc6d43a45626476316dbcef649cfca329f4e1eee732c9cfe1a07a911a2b687504bb7b02726eea56fa695d331dbe26d6593e21ed3963e6162dd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
7c33e44117f101bcc4048eb3992136bd

SHA1
a44105fb016a65b9fa9e56e37fe550130166dffe

SHA256
36bbbbbb11f0072e2451c80063af587ba246574511a296ef9d059330a6659fcc

SHA512
cfa36734c6e617a015d3d24812fe2f935cc99773719723c634e117126aa1a5aec89997d8ff874b0042d2da6f75965ea97568ccb5c8b88e606f55b3dbb0bf5493

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3bd663be7ea9acd365937f67864cb593

SHA1
3b7b5b01d3155d14e2fad3146343d6edb3a72f63

SHA256
81589af4e47a7e7e0ee8389d3236ef5f296af97a579b450e2798db69b4e12f18

SHA512
cb60b0ae1d40d325945eea444cee26d05d2279426e9201b3255aeeaf42a8cbddd599a14ccd0f9f1af29e83ff7ea135f02027cc3e9a3161fa6e4d30c3dc3c294b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8d4f11a81b549a1e174798bc4a90a94e

SHA1
f84451adead3f9ee7e2babab352eb21fb69658bf

SHA256
ee6823c26b7e379812ab4fbeff93f6469f3d5281ffbbdcacac9d556c0a2340c5

SHA512
b1d2f118cc79c2266915b2fe232e52376f8aa971dcb4415356cba7ec8f156a76ec7db39655172a72859f74d4850af6c4de1ce9242b1bd7fe3bf458bfe508b275

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
75250a2dafd1c76f5dfcb4166722112f

SHA1
bbafb9707090f4db51d2e7c3ed3255cb9f6d05c9

SHA256
bff84b0143bf4a648e6e1914cc95f63307fa92b65b5ca9c2358c50225f4f6ad9

SHA512
b4c25a7b64c6df8f639a2b2cd5eaf59116b55b09fce70bce71845ae10b03fd663c80c68798e54eb7503a565090e4505adac1bc79e5e71889593c8a793dc898c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
78498f865de2d73af1012330bd2d7482

SHA1
2a3b2db4dfec0c98d2731ff8c471b8d9f2eeb931

SHA256
9f8fad341a61e9b9027765ad3eb9fd0313a62562ad1c6090ccda6cef4ac1362c

SHA512
9d1511a3a3d7fc8e1f9347e3bfe87ebbe9df2bb71b5ec3ae654d7b82f6c1081e498d2e221407a090458502f3a7b8e4b5dd3e61a2e408d4fe665adf080531f40c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
f192042a0d1d77fc2df031e71f0dff35

SHA1
c207d7a89ded275111eed639abecc4d0ad6a76fb

SHA256
ed54b49ba611da6bcbe16180822b1f47330ec49e44e491e7e057dc8434803443

SHA512
8cdff9646d60be1b1dd24cb688d816e4f996e54e327ba93831a58f78867211b4a6f9ff08c19d206db050705af64ee8b96ed12a493e385d7e9f7be849ca2e2605

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
206KB

MD5
07572c6d7ccd8dd8f4c76060fb9b7091

SHA1
cbad8d160519052fb80b0b1705d55ad6a245cd7e

SHA256
6a49db3b8a6fc70911dd87ff2323694e26e591103575a543c0ffa9645240bd8e

SHA512
4f50e974df5d9d8d80851a767e88dc01387d153c3ea8bf59e5f63c6b17576c892843a89474260dcd98e4bafb5f8b80999a1fa51d40d3b10f5560604ae5800a9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
207KB

MD5
70a4e57a989b36c3c5f04e3dbd44ff5c

SHA1
7b290bd6c214b68af6d91cdb8f663626a30470cd

SHA256
9415c60972cd03d2be4ecb07433f59ae5c91c59a9a0105c0e5f1fedc6b58fdd3

SHA512
ec540dedfcc626a63958ff8221ffe563b23196032c51bc98bcb4cf8a92e3bf8166daa0e34aa2f3f1f15ea0d466191387dc15995935099a511dc664a5fba533e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
206KB

MD5
7cc56af619704ecf6a1e45b4e3ada67e

SHA1
7babc81f7a620c1f4e21d515dbbafaf2283477ee

SHA256
38510e2d2c13badd0e3b441882019174e565ecd3f9f8b47d764470d4e410a231

SHA512
167bec4d8353f9b69797d9c6d58090a24bd5b4e7d12f188236c290e7053d10cd5a8ebe419503511ad02750a73f3b6ac5a32533c837d0f623c1dc672ff4950492

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
8fa99f49f4d9caa6e7bc188a19530393

SHA1
00c4930599a9e273d5eed80a460f1dec60884b90

SHA256
6403879694393a51e7b68172b53dc005e2394a545cbbd4734a90fde0532d0e28

SHA512
ba9507712313fb0cd908034720087bb78bec213b07b3f23ccd9ca88907f333d8033c3041f5c73d9862fa1c43c0582e5ec26964498be9dc89d04cab9e26211960

Download Submit