netsupport | hxxp://geo[.]netsupportsoftware[.]com

Analysis

max time kernel
149s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
02/04/2025, 14:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://geo.netsupportsoftware.com

Score

10^/10

netsupport discovery rat

Malware Config

Signatures

NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
rat netsupport
Netsupport family
netsupport
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133880792144664092"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4196	chrome.exe
4196	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4912 wrote to memory of 3980	4912	chrome.exe	87
PID 4912 wrote to memory of 3980	4912	chrome.exe	87
PID 4912 wrote to memory of 4256	4912	chrome.exe	90
PID 4912 wrote to memory of 4256	4912	chrome.exe	90
PID 4912 wrote to memory of 3116	4912	chrome.exe	91
PID 4912 wrote to memory of 3116	4912	chrome.exe	91
PID 4912 wrote to memory of 4256	4912	chrome.exe	90
PID 4912 wrote to memory of 4256	4912	chrome.exe	90
PID 4912 wrote to memory of 4256	4912	chrome.exe	90
PID 4912 wrote to memory of 4256	4912	chrome.exe	90
PID 4912 wrote to memory of 4256	4912	chrome.exe	90
PID 4912 wrote to memory of 4256	4912	chrome.exe	90
PID 4912 wrote to memory of 4256	4912	chrome.exe	90
PID 4912 wrote to memory of 4256	4912	chrome.exe	90
PID 4912 wrote to memory of 4256	4912	chrome.exe	90
PID 4912 wrote to memory of 4256	4912	chrome.exe	90
PID 4912 wrote to memory of 4256	4912	chrome.exe	90
PID 4912 wrote to memory of 4256	4912	chrome.exe	90
PID 4912 wrote to memory of 4256	4912	chrome.exe	90
PID 4912 wrote to memory of 4256	4912	chrome.exe	90
PID 4912 wrote to memory of 4256	4912	chrome.exe	90
PID 4912 wrote to memory of 4256	4912	chrome.exe	90
PID 4912 wrote to memory of 4256	4912	chrome.exe	90
PID 4912 wrote to memory of 4256	4912	chrome.exe	90
PID 4912 wrote to memory of 4256	4912	chrome.exe	90
PID 4912 wrote to memory of 4256	4912	chrome.exe	90
PID 4912 wrote to memory of 4256	4912	chrome.exe	90
PID 4912 wrote to memory of 4256	4912	chrome.exe	90
PID 4912 wrote to memory of 4256	4912	chrome.exe	90
PID 4912 wrote to memory of 4256	4912	chrome.exe	90
PID 4912 wrote to memory of 4256	4912	chrome.exe	90
PID 4912 wrote to memory of 4256	4912	chrome.exe	90
PID 4912 wrote to memory of 4256	4912	chrome.exe	90
PID 4912 wrote to memory of 4256	4912	chrome.exe	90
PID 4912 wrote to memory of 3644	4912	chrome.exe	92
PID 4912 wrote to memory of 3644	4912	chrome.exe	92
PID 4912 wrote to memory of 3644	4912	chrome.exe	92
PID 4912 wrote to memory of 3644	4912	chrome.exe	92
PID 4912 wrote to memory of 3644	4912	chrome.exe	92
PID 4912 wrote to memory of 3644	4912	chrome.exe	92
PID 4912 wrote to memory of 3644	4912	chrome.exe	92
PID 4912 wrote to memory of 3644	4912	chrome.exe	92
PID 4912 wrote to memory of 3644	4912	chrome.exe	92
PID 4912 wrote to memory of 3644	4912	chrome.exe	92
PID 4912 wrote to memory of 3644	4912	chrome.exe	92
PID 4912 wrote to memory of 3644	4912	chrome.exe	92
PID 4912 wrote to memory of 3644	4912	chrome.exe	92
PID 4912 wrote to memory of 3644	4912	chrome.exe	92
PID 4912 wrote to memory of 3644	4912	chrome.exe	92
PID 4912 wrote to memory of 3644	4912	chrome.exe	92
PID 4912 wrote to memory of 3644	4912	chrome.exe	92
PID 4912 wrote to memory of 3644	4912	chrome.exe	92
PID 4912 wrote to memory of 3644	4912	chrome.exe	92
PID 4912 wrote to memory of 3644	4912	chrome.exe	92
PID 4912 wrote to memory of 3644	4912	chrome.exe	92
PID 4912 wrote to memory of 3644	4912	chrome.exe	92
PID 4912 wrote to memory of 3644	4912	chrome.exe	92
PID 4912 wrote to memory of 3644	4912	chrome.exe	92
PID 4912 wrote to memory of 3644	4912	chrome.exe	92
PID 4912 wrote to memory of 3644	4912	chrome.exe	92
PID 4912 wrote to memory of 3644	4912	chrome.exe	92
PID 4912 wrote to memory of 3644	4912	chrome.exe	92
PID 4912 wrote to memory of 3644	4912	chrome.exe	92
PID 4912 wrote to memory of 3644	4912	chrome.exe	92

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://geo.netsupportsoftware.com
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe38dedcf8,0x7ffe38dedd04,0x7ffe38dedd10
  2⤵
  PID:3980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2028,i,8413576644168380892,489475213987421460,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2020 /prefetch:2
  2⤵
  PID:4256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1548,i,8413576644168380892,489475213987421460,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2060 /prefetch:3
  2⤵
  PID:3116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2376,i,8413576644168380892,489475213987421460,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2528 /prefetch:8
  2⤵
  PID:3644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,8413576644168380892,489475213987421460,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,8413576644168380892,489475213987421460,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4224,i,8413576644168380892,489475213987421460,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4244 /prefetch:2
  2⤵
  PID:620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4548,i,8413576644168380892,489475213987421460,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3112 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5204,i,8413576644168380892,489475213987421460,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5144 /prefetch:8
  2⤵
  PID:2972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5484,i,8413576644168380892,489475213987421460,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5496 /prefetch:8
  2⤵
  PID:1996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5492,i,8413576644168380892,489475213987421460,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5460 /prefetch:8
  2⤵
  PID:532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5144,i,8413576644168380892,489475213987421460,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5500 /prefetch:8
  2⤵
  PID:1484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=4256,i,8413576644168380892,489475213987421460,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5420 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4196

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:4288

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
29218771df311119553d6056d4db84a7

SHA1
ab93be99d4b0d3f2c917458be6d7126f60a4cdb4

SHA256
205c966a2c66dd906c908ec8072131a5d048b54fc0d2def9df62fedc8caad8fb

SHA512
b85a55876e7a90fbf7cfed8862dd4cc05f0f655da6e3966d63cef417316e1a1b6d7a706c95163571a567457991614b2ae241c85730a44faf7acfb6753fa65639

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
51cb965d13ff55185f92a4edd1c3b084

SHA1
6e5973746a2d9321a1ac8cadd5d3d167411ece5c

SHA256
8a235d636bfa2664eb1bd8b8cea286a8543d669ffd17e81bff07b7595b1f44d8

SHA512
ec696ae46321762d324b85085c7027cc8e6019c7419b2ebc89f85d7cd021fe7b69d0604d3a1afd7a3b64ded30dadc93e244245ab7ace44aa12215f5d46e168a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4796722f2d00a24a6f5b4c2609cd0bfc

SHA1
cb8d5cbffe9b73c236c75c00ee008528431576d6

SHA256
6e5fa7375f87b5d2f8f04c2709e27641c3fb84ecbbc366da254c41820fcb716c

SHA512
4aaac56a13d0f5f439d9dd83571236f14d4aaf97997a0fd728ae382f56ce496d716de6ae95b22d6b9367dcf3b36bb7245c8d4d2488ca4e981a433591893fc764

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
5c746a754e21714e874199e17ba66658

SHA1
6230f13fd9d3608d727fe38e7dbddde35c6a479c

SHA256
d0526eaa182b405ffe78ffbae932f0ed9e741eeb93a8889613294755fcbc73f6

SHA512
b5dee15120caaac5954975c4f4bdb2f208cc4b8fff3b04487e2cf3f37f24d436401af2d211e2ac5f47cb9cdf4ff6e5c3fa70579f398ee1fcb62f15220e0cb482

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
32c0690d47e5314e8d2917a0e06e06ba

SHA1
a67a9e0d5fd994c32427f9b9e30f74a68d18c317

SHA256
3688f8bb340bc2bb02fe63e20b4d284031ede399a2496fc6c6c6b67b016bae68

SHA512
980168fa7f254c0a1eeda285218ddb58721f1fca8f271982ed6df3bd641e3906b8686d5c9195b1787ee856956b9f16c21b31af15289eabb0196169b2959a2c47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57facb.TMP

Filesize
48B

MD5
3a7c8700f9a12f006a16aaf0147f7c22

SHA1
5183d8d191c27735d04318e78e1613d053821b11

SHA256
6fbb977a3097dc31725ef4a98bb5e92a3723ad2517c9a06c8ad73cad7b60f0bd

SHA512
bf5bc04d4e221980d610963853c08e17e09e51849e3816650760a583913d7386598dffe827f39d3110d29678ed458145e5abd24a095e6cce9597bb47cf16364f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
6b9cbffa45acdc3bd8ca57e879c6e09a

SHA1
1235b6b6ba1e480b83c0d444f5b6802c9cc1a48d

SHA256
a731731ee51e9cec0908948c1f81eff8066fd99436270e6501e188e9107a8872

SHA512
834e46ee0e81f10e9035962d694c0e22b0de3cbd495c4cb8ee5d1e4646f0b6303af9eabd4546828174bff4808fe2b9929671023fa4b44138ff0aee6bb48d80b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
44a0b589c4e7cff101e56f8d5addbce4

SHA1
a723cee8577da6ea18a9cd739a23b870a613f1d3

SHA256
96a219d031dfd491f19ac298f015114a044362d2e98cfa1a84a7cdc0218cee19

SHA512
0adbb55138c42d517f6419c0c9c61f55253d3953793d5d94438ec490dc6d2fcbcbec6283bab17b41343c9186b1ba011b615640af10b53ee2cfea4e5774261a41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
897237951b0ff1cbc0b4c6e7e4e4835d

SHA1
9a6f64cb41e70715939a309738526b3bd722f3d1

SHA256
4c3b22fa9fa1f11f1961102cf036fba30731169bb81c303d1c920316869e3f3c

SHA512
6565b7f36b8ac7ed84fc16353560760bd9500d6cc8d0c99d9ff720f1d1db64053ec5cfc7a587c14740b250b1a42eae834a6dc14a02a3c63d5d378b4b0cc8f7cb

Download Submit