hxxps://ipv6[.]35-183-85-67[.]cprapid[.]com/redirect[.]zip

Analysis

max time kernel
71s
max time network
72s
platform
windows10-2004_x64
resource
win10v2004-20240910-en
resource tags

arch:x64arch:x86image:win10v2004-20240910-enlocale:en-usos:windows10-2004-x64system
submitted
02-10-2024 01:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ipv6.35-183-85-67.cprapid.com/redirect.zip

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133723068212336991"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3404	chrome.exe
Token: SeCreatePagefilePrivilege	3404	chrome.exe
Token: SeShutdownPrivilege	3404	chrome.exe
Token: SeCreatePagefilePrivilege	3404	chrome.exe
Token: SeShutdownPrivilege	3404	chrome.exe
Token: SeCreatePagefilePrivilege	3404	chrome.exe
Token: SeShutdownPrivilege	3404	chrome.exe
Token: SeCreatePagefilePrivilege	3404	chrome.exe
Token: SeShutdownPrivilege	3404	chrome.exe
Token: SeCreatePagefilePrivilege	3404	chrome.exe
Token: SeShutdownPrivilege	3404	chrome.exe
Token: SeCreatePagefilePrivilege	3404	chrome.exe
Token: SeShutdownPrivilege	3404	chrome.exe
Token: SeCreatePagefilePrivilege	3404	chrome.exe
Token: SeShutdownPrivilege	3404	chrome.exe
Token: SeCreatePagefilePrivilege	3404	chrome.exe
Token: SeShutdownPrivilege	3404	chrome.exe
Token: SeCreatePagefilePrivilege	3404	chrome.exe
Token: SeShutdownPrivilege	3404	chrome.exe
Token: SeCreatePagefilePrivilege	3404	chrome.exe
Token: SeShutdownPrivilege	3404	chrome.exe
Token: SeCreatePagefilePrivilege	3404	chrome.exe
Token: SeShutdownPrivilege	3404	chrome.exe
Token: SeCreatePagefilePrivilege	3404	chrome.exe
Token: SeShutdownPrivilege	3404	chrome.exe
Token: SeCreatePagefilePrivilege	3404	chrome.exe
Token: SeShutdownPrivilege	3404	chrome.exe
Token: SeCreatePagefilePrivilege	3404	chrome.exe
Token: SeShutdownPrivilege	3404	chrome.exe
Token: SeCreatePagefilePrivilege	3404	chrome.exe
Token: SeShutdownPrivilege	3404	chrome.exe
Token: SeCreatePagefilePrivilege	3404	chrome.exe
Token: SeShutdownPrivilege	3404	chrome.exe
Token: SeCreatePagefilePrivilege	3404	chrome.exe
Token: SeShutdownPrivilege	3404	chrome.exe
Token: SeCreatePagefilePrivilege	3404	chrome.exe
Token: SeShutdownPrivilege	3404	chrome.exe
Token: SeCreatePagefilePrivilege	3404	chrome.exe
Token: SeShutdownPrivilege	3404	chrome.exe
Token: SeCreatePagefilePrivilege	3404	chrome.exe
Token: SeShutdownPrivilege	3404	chrome.exe
Token: SeCreatePagefilePrivilege	3404	chrome.exe
Token: SeShutdownPrivilege	3404	chrome.exe
Token: SeCreatePagefilePrivilege	3404	chrome.exe
Token: SeShutdownPrivilege	3404	chrome.exe
Token: SeCreatePagefilePrivilege	3404	chrome.exe
Token: SeShutdownPrivilege	3404	chrome.exe
Token: SeCreatePagefilePrivilege	3404	chrome.exe
Token: SeRestorePrivilege	3284	7zG.exe
Token: 35	3284	7zG.exe
Token: SeSecurityPrivilege	3284	7zG.exe
Token: SeSecurityPrivilege	3284	7zG.exe
Token: SeShutdownPrivilege	3404	chrome.exe
Token: SeCreatePagefilePrivilege	3404	chrome.exe
Token: SeShutdownPrivilege	3404	chrome.exe
Token: SeCreatePagefilePrivilege	3404	chrome.exe
Token: SeShutdownPrivilege	3404	chrome.exe
Token: SeCreatePagefilePrivilege	3404	chrome.exe
Token: SeShutdownPrivilege	3404	chrome.exe
Token: SeCreatePagefilePrivilege	3404	chrome.exe
Token: SeShutdownPrivilege	3404	chrome.exe
Token: SeCreatePagefilePrivilege	3404	chrome.exe
Token: SeShutdownPrivilege	3404	chrome.exe
Token: SeCreatePagefilePrivilege	3404	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3284	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4492	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3404 wrote to memory of 3588	3404	chrome.exe	84
PID 3404 wrote to memory of 3588	3404	chrome.exe	84
PID 3404 wrote to memory of 652	3404	chrome.exe	85
PID 3404 wrote to memory of 652	3404	chrome.exe	85
PID 3404 wrote to memory of 652	3404	chrome.exe	85
PID 3404 wrote to memory of 652	3404	chrome.exe	85
PID 3404 wrote to memory of 652	3404	chrome.exe	85
PID 3404 wrote to memory of 652	3404	chrome.exe	85
PID 3404 wrote to memory of 652	3404	chrome.exe	85
PID 3404 wrote to memory of 652	3404	chrome.exe	85
PID 3404 wrote to memory of 652	3404	chrome.exe	85
PID 3404 wrote to memory of 652	3404	chrome.exe	85
PID 3404 wrote to memory of 652	3404	chrome.exe	85
PID 3404 wrote to memory of 652	3404	chrome.exe	85
PID 3404 wrote to memory of 652	3404	chrome.exe	85
PID 3404 wrote to memory of 652	3404	chrome.exe	85
PID 3404 wrote to memory of 652	3404	chrome.exe	85
PID 3404 wrote to memory of 652	3404	chrome.exe	85
PID 3404 wrote to memory of 652	3404	chrome.exe	85
PID 3404 wrote to memory of 652	3404	chrome.exe	85
PID 3404 wrote to memory of 652	3404	chrome.exe	85
PID 3404 wrote to memory of 652	3404	chrome.exe	85
PID 3404 wrote to memory of 652	3404	chrome.exe	85
PID 3404 wrote to memory of 652	3404	chrome.exe	85
PID 3404 wrote to memory of 652	3404	chrome.exe	85
PID 3404 wrote to memory of 652	3404	chrome.exe	85
PID 3404 wrote to memory of 652	3404	chrome.exe	85
PID 3404 wrote to memory of 652	3404	chrome.exe	85
PID 3404 wrote to memory of 652	3404	chrome.exe	85
PID 3404 wrote to memory of 652	3404	chrome.exe	85
PID 3404 wrote to memory of 652	3404	chrome.exe	85
PID 3404 wrote to memory of 652	3404	chrome.exe	85
PID 3404 wrote to memory of 2788	3404	chrome.exe	86
PID 3404 wrote to memory of 2788	3404	chrome.exe	86
PID 3404 wrote to memory of 2856	3404	chrome.exe	87
PID 3404 wrote to memory of 2856	3404	chrome.exe	87
PID 3404 wrote to memory of 2856	3404	chrome.exe	87
PID 3404 wrote to memory of 2856	3404	chrome.exe	87
PID 3404 wrote to memory of 2856	3404	chrome.exe	87
PID 3404 wrote to memory of 2856	3404	chrome.exe	87
PID 3404 wrote to memory of 2856	3404	chrome.exe	87
PID 3404 wrote to memory of 2856	3404	chrome.exe	87
PID 3404 wrote to memory of 2856	3404	chrome.exe	87
PID 3404 wrote to memory of 2856	3404	chrome.exe	87
PID 3404 wrote to memory of 2856	3404	chrome.exe	87
PID 3404 wrote to memory of 2856	3404	chrome.exe	87
PID 3404 wrote to memory of 2856	3404	chrome.exe	87
PID 3404 wrote to memory of 2856	3404	chrome.exe	87
PID 3404 wrote to memory of 2856	3404	chrome.exe	87
PID 3404 wrote to memory of 2856	3404	chrome.exe	87
PID 3404 wrote to memory of 2856	3404	chrome.exe	87
PID 3404 wrote to memory of 2856	3404	chrome.exe	87
PID 3404 wrote to memory of 2856	3404	chrome.exe	87
PID 3404 wrote to memory of 2856	3404	chrome.exe	87
PID 3404 wrote to memory of 2856	3404	chrome.exe	87
PID 3404 wrote to memory of 2856	3404	chrome.exe	87
PID 3404 wrote to memory of 2856	3404	chrome.exe	87
PID 3404 wrote to memory of 2856	3404	chrome.exe	87
PID 3404 wrote to memory of 2856	3404	chrome.exe	87
PID 3404 wrote to memory of 2856	3404	chrome.exe	87
PID 3404 wrote to memory of 2856	3404	chrome.exe	87
PID 3404 wrote to memory of 2856	3404	chrome.exe	87
PID 3404 wrote to memory of 2856	3404	chrome.exe	87
PID 3404 wrote to memory of 2856	3404	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://ipv6.35-183-85-67.cprapid.com/redirect.zip
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe9a58cc40,0x7ffe9a58cc4c,0x7ffe9a58cc58
  2⤵
  PID:3588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2052,i,12760872506969584207,11942452345479222080,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=1952 /prefetch:2
  2⤵
  PID:652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1948,i,12760872506969584207,11942452345479222080,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2268,i,12760872506969584207,11942452345479222080,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=2424 /prefetch:8
  2⤵
  PID:2856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,12760872506969584207,11942452345479222080,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,12760872506969584207,11942452345479222080,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4336,i,12760872506969584207,11942452345479222080,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=4120 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4024,i,12760872506969584207,11942452345479222080,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=4612 /prefetch:8
  2⤵
  PID:1860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4860,i,12760872506969584207,11942452345479222080,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5016,i,12760872506969584207,11942452345479222080,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=5044 /prefetch:8
  2⤵
  PID:4652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5412,i,12760872506969584207,11942452345479222080,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=5164 /prefetch:8
  2⤵
  PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5272,i,12760872506969584207,11942452345479222080,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=5044 /prefetch:8
  2⤵
  PID:1500

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3000

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4880

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:432

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\redirect\" -spe -an -ai#7zMap2531:78:7zEvent11327
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3284

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\redirect\DONT OPEN THIS.txt
1⤵
PID:3304

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4492

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\redirect\DONT OPEN THIS.txt
1⤵
PID:2344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
ad69ac1e71487772c68797d16025953f

SHA1
7a61ec8d4fbc754014b57a917bf3c9800ffb1624

SHA256
8c73ccee1df7a4c17bc69e6f559407fb66a225c345e2b63ff32a5873d3c635b2

SHA512
9fb775905eecc8078e0050ac540d0875240e62a698f20441453d602c76b3f3af17d9c81b0e94561ef7689ef907f36dfb5e65ad0e979a78c817fe76d4b2a9c9d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d21da679abf36d1760ff34e1139d4d2b

SHA1
5dc4e97b9cde956f97bc8770950a3fb5708a467d

SHA256
6f90b931384992c01d1d0deeaea434e1c463b02b3c12baa1403400711b998f67

SHA512
df66f00a67074fd3d799f30c214ac6d8072ae3c2dca950783edc2a16fd5199e560b1e66d0414251eaf9e2d584366229b0560d6d92ab753846c786547247e0349

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
20468bfa698bf5f572ee6cde971bf352

SHA1
78b6214884aaada079f3eadf50be48e88fffac92

SHA256
cda91420cab20d25781bd0f5338e9e0883cfbf9aed9e2c129bc19fe8da22f15e

SHA512
8687897566453ac301c9ecea362db3b7d7a695b667acedb9116962ccfcdb76eb85f2487d8c955a06331ff4b899d6321b6a2c4e34a0e3d8e38bb503bc0532f14a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4d92d5a6ac1929952ad26753c92e29c0

SHA1
14736604e67ab5fce65da71c06c143ce48e5fbd4

SHA256
bfbeb8cf3592da029c0061fba01b38f0c7b499278bf1e77fb62dce34e7a26d83

SHA512
77c65c582fbaf22887b3de44a2f9b0f3984ad7277e985d76b2f4639e83684a07065a559735b5140f188764b9c4e5ef7f685725c9ab1200568eccdc250a58a5c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c06430d5c9b6847833d236ee045c1ebb

SHA1
0defc02b39dc00650151abc63c9c2c1ae53703fa

SHA256
f06ff414843da6ec1e476c73a3697fdc3c4e051a4a61c5f94b38fe9a64f75282

SHA512
5e5f8980729a8287d7e6f9fec4bedcce1dcf7343b1ad5277f143aef8eb9a58581990f9130d31191b95dcf6f1addbf2c3a5c600e983f6a5f2f4f54e2573f9c569

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0c76027c7ed5a8e98e4f1385c1f0ce8f

SHA1
3e6abcff7bd50ded69eeb1e3d780e58fb98245db

SHA256
bb952cba1f108e28ed891bf75d3e86afc355548b02eb51156761fccfb84dcb19

SHA512
c32ab1aa543ecfcb7ed9a9e6a45b1e4127db0674feb1ff23d3ed03630b1c259d095a3e51b80b821b2167adb85e14964ca00d50e287c7514e91948f98e58b51d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
113KB

MD5
72beaba50a0d32ab3eb60df009439fa2

SHA1
2d48102c9d1c05e88d99b1eced9b23343e5772a0

SHA256
988061c67df5e1d44a8ab2a04f79a453fe3c844bf17d06a8d2b14abe08eeea52

SHA512
a6eee386567a8d6966d579f78c269f3a89e98500bcce7f38e20a2f04d94b08d586fdcb00ae9e738b460c0197fe2afce716dcead3eaea003980e472a990d20de2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
142KB

MD5
fe4bb418db18646f9206b6c5e499ff2b

SHA1
277ae6fd79bcbd414b5dfdbda47e35766f6ac452

SHA256
9562e9c2e29949a55488bfc42ffd566b2bda86123ddaf08a4bed0b2a18d9ac9e

SHA512
4e99fcccdd724ad8b3a8f9e23544a672fa963c889ed5aff2dbd06476dea1d5432404d334a5425ac59a4e6c755d982f4d3f969c8e6ffacbc705890d12f475007e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
112KB

MD5
2a8aa8c7dcbf2435068cd3ae45c17fa2

SHA1
c9492740ce6fcff1bce42c77b715ee355d78c880

SHA256
605389c73044fa1b557389197a8babf59d6560513c4c551653d1d7fe42582f4f

SHA512
4b3b0f7358781f20dc55cead05885b00621ce2b94335e7c7ebecca5d342abfdd6d182798b412c14f1991d4fc6671a2939f90c85e3a1187f95f2ac77728d4a93b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\c7b7af49-0517-4ca9-99ec-3c8e5cfebb1b.tmp

Filesize
113KB

MD5
af7f7e962a47bb69240be24a02189b92

SHA1
8cab19a2560fe650a5e60e3de4773a571f8c203e

SHA256
d2ff963106bb0ba1e7e363521452be620fb946bfa445ab2b9df3d919d3430f16

SHA512
a20a50a4667c9ffe8c47f7f8190a458ce05049879a309eb4aa044347d1da04dc8e2496a1302aaf37b8d8346602044f44a081cf79810096b4290b7c7f89d9ff85

Download Submit
C:\Users\Admin\Downloads\redirect.zip

Filesize
42KB

MD5
64ea74390ad705e02e58ab1214bc58eb

SHA1
38f2f4ca166c942feea43eb47cf8cae9c188aad2

SHA256
2a717dd1c8b6b8f296fc2a62b997c9dc28a11de7627429a9208818cd76fc5af2

SHA512
19a099802f9c7267701f0bc649b328a89acadd202241048ce4f46a7fd8b7359819bf0ac326be64cf74c4d7044c1c6b8b64c812585bbd2081e82ac7beb14be07e

Download Submit
C:\Users\Admin\Downloads\redirect\DONT OPEN THIS.txt

Filesize
802B

MD5
c3c44e502d6e984aa91c7d996bdc33a9

SHA1
37abffec95e35df115d0d95bd3ab9e709cbe2af5

SHA256
0b8ff6592acde002a3aab56e37d41763c819a0353b7177448b9768885b32ac6e

SHA512
e90d98b83480fe5b8882718343c933f6b2dc493d3afc086328c9bf5851c8b650cadddcf32491bd3b033072c7ad0a7958a6492f57dd37b0431138f102850715cc

Download Submit