hxxp://Fortnitetracker[.]com

Analysis

max time kernel
1799s
max time network
1767s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
18/03/2024, 23:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://Fortnitetracker.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133552785858360031"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2496	chrome.exe
2496	chrome.exe
248	chrome.exe
248	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2496 wrote to memory of 3628	2496	chrome.exe	81
PID 2496 wrote to memory of 3628	2496	chrome.exe	81
PID 2496 wrote to memory of 4120	2496	chrome.exe	84
PID 2496 wrote to memory of 4120	2496	chrome.exe	84
PID 2496 wrote to memory of 4120	2496	chrome.exe	84
PID 2496 wrote to memory of 4120	2496	chrome.exe	84
PID 2496 wrote to memory of 4120	2496	chrome.exe	84
PID 2496 wrote to memory of 4120	2496	chrome.exe	84
PID 2496 wrote to memory of 4120	2496	chrome.exe	84
PID 2496 wrote to memory of 4120	2496	chrome.exe	84
PID 2496 wrote to memory of 4120	2496	chrome.exe	84
PID 2496 wrote to memory of 4120	2496	chrome.exe	84
PID 2496 wrote to memory of 4120	2496	chrome.exe	84
PID 2496 wrote to memory of 4120	2496	chrome.exe	84
PID 2496 wrote to memory of 4120	2496	chrome.exe	84
PID 2496 wrote to memory of 4120	2496	chrome.exe	84
PID 2496 wrote to memory of 4120	2496	chrome.exe	84
PID 2496 wrote to memory of 4120	2496	chrome.exe	84
PID 2496 wrote to memory of 4120	2496	chrome.exe	84
PID 2496 wrote to memory of 4120	2496	chrome.exe	84
PID 2496 wrote to memory of 4120	2496	chrome.exe	84
PID 2496 wrote to memory of 4120	2496	chrome.exe	84
PID 2496 wrote to memory of 4120	2496	chrome.exe	84
PID 2496 wrote to memory of 4120	2496	chrome.exe	84
PID 2496 wrote to memory of 4120	2496	chrome.exe	84
PID 2496 wrote to memory of 4120	2496	chrome.exe	84
PID 2496 wrote to memory of 4120	2496	chrome.exe	84
PID 2496 wrote to memory of 4120	2496	chrome.exe	84
PID 2496 wrote to memory of 4120	2496	chrome.exe	84
PID 2496 wrote to memory of 4120	2496	chrome.exe	84
PID 2496 wrote to memory of 4120	2496	chrome.exe	84
PID 2496 wrote to memory of 4120	2496	chrome.exe	84
PID 2496 wrote to memory of 4120	2496	chrome.exe	84
PID 2496 wrote to memory of 4120	2496	chrome.exe	84
PID 2496 wrote to memory of 4120	2496	chrome.exe	84
PID 2496 wrote to memory of 4120	2496	chrome.exe	84
PID 2496 wrote to memory of 4120	2496	chrome.exe	84
PID 2496 wrote to memory of 4120	2496	chrome.exe	84
PID 2496 wrote to memory of 4120	2496	chrome.exe	84
PID 2496 wrote to memory of 4120	2496	chrome.exe	84
PID 2496 wrote to memory of 4956	2496	chrome.exe	85
PID 2496 wrote to memory of 4956	2496	chrome.exe	85
PID 2496 wrote to memory of 872	2496	chrome.exe	86
PID 2496 wrote to memory of 872	2496	chrome.exe	86
PID 2496 wrote to memory of 872	2496	chrome.exe	86
PID 2496 wrote to memory of 872	2496	chrome.exe	86
PID 2496 wrote to memory of 872	2496	chrome.exe	86
PID 2496 wrote to memory of 872	2496	chrome.exe	86
PID 2496 wrote to memory of 872	2496	chrome.exe	86
PID 2496 wrote to memory of 872	2496	chrome.exe	86
PID 2496 wrote to memory of 872	2496	chrome.exe	86
PID 2496 wrote to memory of 872	2496	chrome.exe	86
PID 2496 wrote to memory of 872	2496	chrome.exe	86
PID 2496 wrote to memory of 872	2496	chrome.exe	86
PID 2496 wrote to memory of 872	2496	chrome.exe	86
PID 2496 wrote to memory of 872	2496	chrome.exe	86
PID 2496 wrote to memory of 872	2496	chrome.exe	86
PID 2496 wrote to memory of 872	2496	chrome.exe	86
PID 2496 wrote to memory of 872	2496	chrome.exe	86
PID 2496 wrote to memory of 872	2496	chrome.exe	86
PID 2496 wrote to memory of 872	2496	chrome.exe	86
PID 2496 wrote to memory of 872	2496	chrome.exe	86
PID 2496 wrote to memory of 872	2496	chrome.exe	86
PID 2496 wrote to memory of 872	2496	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://Fortnitetracker.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcac499758,0x7ffcac499768,0x7ffcac499778
  2⤵
  PID:3628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1552 --field-trial-handle=1840,i,6012257101696233870,15152410765944103899,131072 /prefetch:2
  2⤵
  PID:4120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1840,i,6012257101696233870,15152410765944103899,131072 /prefetch:8
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2176 --field-trial-handle=1840,i,6012257101696233870,15152410765944103899,131072 /prefetch:8
  2⤵
  PID:872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2888 --field-trial-handle=1840,i,6012257101696233870,15152410765944103899,131072 /prefetch:1
  2⤵
  PID:332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2896 --field-trial-handle=1840,i,6012257101696233870,15152410765944103899,131072 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4724 --field-trial-handle=1840,i,6012257101696233870,15152410765944103899,131072 /prefetch:8
  2⤵
  PID:3776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4716 --field-trial-handle=1840,i,6012257101696233870,15152410765944103899,131072 /prefetch:8
  2⤵
  PID:3236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4532 --field-trial-handle=1840,i,6012257101696233870,15152410765944103899,131072 /prefetch:1
  2⤵
  PID:1456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5376 --field-trial-handle=1840,i,6012257101696233870,15152410765944103899,131072 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5764 --field-trial-handle=1840,i,6012257101696233870,15152410765944103899,131072 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5772 --field-trial-handle=1840,i,6012257101696233870,15152410765944103899,131072 /prefetch:1
  2⤵
  PID:1328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5924 --field-trial-handle=1840,i,6012257101696233870,15152410765944103899,131072 /prefetch:1
  2⤵
  PID:132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5932 --field-trial-handle=1840,i,6012257101696233870,15152410765944103899,131072 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6060 --field-trial-handle=1840,i,6012257101696233870,15152410765944103899,131072 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2828 --field-trial-handle=1840,i,6012257101696233870,15152410765944103899,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:248

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
816B

MD5
8e33f1f2c4d9de7fc8a5cd906ac821e9

SHA1
005f190484e9b449e0b4cff0657f8448b33196c5

SHA256
3e011f3bf501029b77e11da727d4ae64d510182688debe13c78e5e6fee4b4fe2

SHA512
eae3009f417beca89fa474b9172124305056ceb697dc47bd4f1e34233e7af2336789abde19fbe59c82d8218fa011872b124f9af1e113f866c475aea127e9db96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\51c86590-fdc6-4a61-a2f0-4a81ffa8b3ad.tmp

Filesize
8KB

MD5
b47bf792ecbaf2d7fe26152723582f64

SHA1
2dc3c3781980a1136fe9621e7b250582ce32d39e

SHA256
6071c16b3473e5f7c921c33768680ee6afce8263ce06c0941a78468e67ee41d3

SHA512
deee9b8a5fdaeae36597ab48127f19bc5dc135160d1606ecb5efe3d9b2d96607d85efc3f55669c90883570e4feee6164f697959f432e0de08dc069b2bad5f817

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
9983b1a69aa8929c026a8f5fe941e20b

SHA1
51ab699906f9615bfa2e2148f276336bd8a22823

SHA256
11362750937a3cf2172397a930dcb821f0d92d2c58b8a81a491f87b8845f5ba3

SHA512
759525ef073ba1045dda1d889b5d91f560e844bc88c70a7417dbe7cf9923f00c97a0204a16f60a6b28c3ed1d68f2da23fa79a8b3f95634eace1272f46516802d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bdd8bd6dffd264c914059b86a70c5869

SHA1
c9b6699d88db27af2ec59d9db3ea3e8df40a582e

SHA256
05569ba621c5bbc0a75fb97cbe4a74d9968cdcbb0ab31e86ba1c6bc5eb90e747

SHA512
9b2536aab1d286b9e597b3fe4e3870727a305c5ded1c3352ebdf35c6f46af29467cf8c8bd01710bc26ef7092c71c652ffe0cf76a062665ca77517b3cb60d3320

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
446cb980971a1c48845e894dc74c5da4

SHA1
1d5fd5d07e41830d2fb135d89a49a3ab55bcf316

SHA256
805c228ef2092f9d57cb67b0585d061909a1f26e95e90937d0b03304266144cc

SHA512
15f1ce047f44a2000d6538195b7da0d6b964367d96c5f7ff6477b9ca0479386b44cf49ec3cf93518da025b952affa5750ab9f8c420cfa4d2108f0b7b96dcd279

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3eea094edb9110682e07e627319e9ce8

SHA1
b35c5f8480e26051565dc8d8ea9ef209bd7f41b4

SHA256
d62a3423675ef436fb7c387b3633df9d6f400dae31778cc8f0c63845204a1034

SHA512
cdcb854ee576225086cee6973d4abdf96ad41d2031849383404da4a2f595c24fd4f1c1e32919f44ff5ef502b2a9b0715f0037a47000b8302975920babb9239c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
fd08059fafe2c5999d6ff932d328c967

SHA1
cbd5e0e2943df924b6387f779e842a64bf100383

SHA256
1687c5ca2112cea824476e9e7906c6f381437710a680a82085d0734652e2b36f

SHA512
1b91ad1f1531500e90a5e4df4296fa374b60ab9f200bcb0b8d2091b1a751f6ae69b6fe1743e6e2e4b8c1b9df2c646bcd868be0ed4ecfe21588fb5a6b06f88a43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit