hxxps://crawdad105[.]itch[.]io/terraria-auto-fisher

Resubmissions

03-05-2024 09:35

240503-lkgmwsdf68 1

03-05-2024 09:32

240503-lhwc9sbf7x 1

Analysis

max time kernel
599s
max time network
485s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
03-05-2024 09:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://crawdad105.itch.io/terraria-auto-fisher

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133592025471746919"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4672	chrome.exe
4672	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4068	chrome.exe
4068	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4068 wrote to memory of 3948	4068	chrome.exe	82
PID 4068 wrote to memory of 3948	4068	chrome.exe	82
PID 4068 wrote to memory of 1184	4068	chrome.exe	84
PID 4068 wrote to memory of 1184	4068	chrome.exe	84
PID 4068 wrote to memory of 1184	4068	chrome.exe	84
PID 4068 wrote to memory of 1184	4068	chrome.exe	84
PID 4068 wrote to memory of 1184	4068	chrome.exe	84
PID 4068 wrote to memory of 1184	4068	chrome.exe	84
PID 4068 wrote to memory of 1184	4068	chrome.exe	84
PID 4068 wrote to memory of 1184	4068	chrome.exe	84
PID 4068 wrote to memory of 1184	4068	chrome.exe	84
PID 4068 wrote to memory of 1184	4068	chrome.exe	84
PID 4068 wrote to memory of 1184	4068	chrome.exe	84
PID 4068 wrote to memory of 1184	4068	chrome.exe	84
PID 4068 wrote to memory of 1184	4068	chrome.exe	84
PID 4068 wrote to memory of 1184	4068	chrome.exe	84
PID 4068 wrote to memory of 1184	4068	chrome.exe	84
PID 4068 wrote to memory of 1184	4068	chrome.exe	84
PID 4068 wrote to memory of 1184	4068	chrome.exe	84
PID 4068 wrote to memory of 1184	4068	chrome.exe	84
PID 4068 wrote to memory of 1184	4068	chrome.exe	84
PID 4068 wrote to memory of 1184	4068	chrome.exe	84
PID 4068 wrote to memory of 1184	4068	chrome.exe	84
PID 4068 wrote to memory of 1184	4068	chrome.exe	84
PID 4068 wrote to memory of 1184	4068	chrome.exe	84
PID 4068 wrote to memory of 1184	4068	chrome.exe	84
PID 4068 wrote to memory of 1184	4068	chrome.exe	84
PID 4068 wrote to memory of 1184	4068	chrome.exe	84
PID 4068 wrote to memory of 1184	4068	chrome.exe	84
PID 4068 wrote to memory of 1184	4068	chrome.exe	84
PID 4068 wrote to memory of 1184	4068	chrome.exe	84
PID 4068 wrote to memory of 1184	4068	chrome.exe	84
PID 4068 wrote to memory of 1184	4068	chrome.exe	84
PID 4068 wrote to memory of 4836	4068	chrome.exe	85
PID 4068 wrote to memory of 4836	4068	chrome.exe	85
PID 4068 wrote to memory of 5024	4068	chrome.exe	86
PID 4068 wrote to memory of 5024	4068	chrome.exe	86
PID 4068 wrote to memory of 5024	4068	chrome.exe	86
PID 4068 wrote to memory of 5024	4068	chrome.exe	86
PID 4068 wrote to memory of 5024	4068	chrome.exe	86
PID 4068 wrote to memory of 5024	4068	chrome.exe	86
PID 4068 wrote to memory of 5024	4068	chrome.exe	86
PID 4068 wrote to memory of 5024	4068	chrome.exe	86
PID 4068 wrote to memory of 5024	4068	chrome.exe	86
PID 4068 wrote to memory of 5024	4068	chrome.exe	86
PID 4068 wrote to memory of 5024	4068	chrome.exe	86
PID 4068 wrote to memory of 5024	4068	chrome.exe	86
PID 4068 wrote to memory of 5024	4068	chrome.exe	86
PID 4068 wrote to memory of 5024	4068	chrome.exe	86
PID 4068 wrote to memory of 5024	4068	chrome.exe	86
PID 4068 wrote to memory of 5024	4068	chrome.exe	86
PID 4068 wrote to memory of 5024	4068	chrome.exe	86
PID 4068 wrote to memory of 5024	4068	chrome.exe	86
PID 4068 wrote to memory of 5024	4068	chrome.exe	86
PID 4068 wrote to memory of 5024	4068	chrome.exe	86
PID 4068 wrote to memory of 5024	4068	chrome.exe	86
PID 4068 wrote to memory of 5024	4068	chrome.exe	86
PID 4068 wrote to memory of 5024	4068	chrome.exe	86
PID 4068 wrote to memory of 5024	4068	chrome.exe	86
PID 4068 wrote to memory of 5024	4068	chrome.exe	86
PID 4068 wrote to memory of 5024	4068	chrome.exe	86
PID 4068 wrote to memory of 5024	4068	chrome.exe	86
PID 4068 wrote to memory of 5024	4068	chrome.exe	86
PID 4068 wrote to memory of 5024	4068	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://crawdad105.itch.io/terraria-auto-fisher
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff84231ab58,0x7ff84231ab68,0x7ff84231ab78
  2⤵
  PID:3948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=2088,i,16761567528194277474,608195728365702418,131072 /prefetch:2
  2⤵
  PID:1184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1832 --field-trial-handle=2088,i,16761567528194277474,608195728365702418,131072 /prefetch:8
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2252 --field-trial-handle=2088,i,16761567528194277474,608195728365702418,131072 /prefetch:8
  2⤵
  PID:5024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3028 --field-trial-handle=2088,i,16761567528194277474,608195728365702418,131072 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3036 --field-trial-handle=2088,i,16761567528194277474,608195728365702418,131072 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4696 --field-trial-handle=2088,i,16761567528194277474,608195728365702418,131072 /prefetch:8
  2⤵
  PID:1204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4436 --field-trial-handle=2088,i,16761567528194277474,608195728365702418,131072 /prefetch:8
  2⤵
  PID:3156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4492 --field-trial-handle=2088,i,16761567528194277474,608195728365702418,131072 /prefetch:8
  2⤵
  PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4392 --field-trial-handle=2088,i,16761567528194277474,608195728365702418,131072 /prefetch:8
  2⤵
  PID:3896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4360 --field-trial-handle=2088,i,16761567528194277474,608195728365702418,131072 /prefetch:8
  2⤵
  PID:4848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=988 --field-trial-handle=2088,i,16761567528194277474,608195728365702418,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4672

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
9ed2d5839d4dac82bea58a8e7f13678c

SHA1
7a264153ff03f19c6330dcb9256984563f9a6e6e

SHA256
4622f4c3ca19fba4d04e8e9996239ebc0b6eeb02bfcc8448d96dffe19af84744

SHA512
703b319363e6d173142cba9bf36449dfb7092c283fff70e4b64399658b3b6b6a8cd611cc64318ca922e247d9de711fad9894904a5c05ebf887800e437dba5d29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d8560b90bf2958f8924941be8a587195

SHA1
9ad14f200d869095feb7fc031cf7e3bda3bdc904

SHA256
ba526b8c246742ed4e26a67e98777a2b0882e24754041a4971ad654ab9bb9518

SHA512
fcc3557e740ef59522353a71032625cd83547f3182e822f9bc9d07345b70a6480de8c05b3d5171175f823c5d2ab5147f11b9c1b062f806580322f0b3c45dd165

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
521B

MD5
3c0b784b3d8f48796dda794d9d649d62

SHA1
367bee08312a1435475cba8a5ca2584e48dfeabe

SHA256
393f548bcebad885d191d71e82abd689e976fed8a5340d0d29c2558c0dd5a03f

SHA512
0391c03de591c7627db3479a94768cb70d437b7b890d554e80898921f657e5614cce56f9b5753e218d20b0205f565ab2e91f914de53aaf43d9ab433d33f0db80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
190a58b17b4391f617eaf51922f5151d

SHA1
42106e368473f2d4cc85c01ffcedc1801c93ca6e

SHA256
08ffa300b3118f1054cbe30a50e5df21fa5fbf1cf46215135bafe0f103af3c62

SHA512
e40673771e18ea5575e11c5afb68a01cd734f3ba37f2971dd6fa955581c948059b63422b9de939efb29d2b434fc831e00fdfe091daf5814c196b0af8c2f0b1f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
132KB

MD5
04e3fadca89a584189bff07c6426715e

SHA1
546d5e807cdd8814a8096faf5410eac88b887ae6

SHA256
23dd01b54ec7640522399660c9852a6fe2a497fb77370993afb2695d687953e0

SHA512
60dc93fe457165c0b713413dced411c04d64ce9e751d35ce776404e3615e7da9519bae8ea63fa61b6954f537363c7548e6afd8715c37478737bc5ac60e419d7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
131KB

MD5
a815322964eb33dc0f33bc2341cb4708

SHA1
f985af8da8d327b635ea919924749d3c608c8de1

SHA256
c91f5d47c517cf9f3e824cc8e376e21d79f5bcfc0aa18aca1f62d428f1383be5

SHA512
d64b4955cb6e8f20b5902e08099dea8f82edfe77cf508bab66a9225dbe49cafbd7f2413bd0628e316e9392c615db01da7e597a16a15105d8513129e0df1ef49f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
131KB

MD5
940dafff62cb647c41449c80bba74541

SHA1
791f6144d83aa56414f550bab8ed60dc73f68873

SHA256
ee55d3586ca510c35c59849a5916932d5a189cd26ecb50b0d3d6049954468a0a

SHA512
f53a54b3feed36c0d10c7ae2724d676740bdbbbfc0e67f0207ec8fc980422fb0f1cacbff3d836aebe0b8bb7412152d118c03e092d8facd440555dca3d80139db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
152KB

MD5
0ce624f1417704a0bc62e45b75158908

SHA1
3d546c1a94296bece3a972e6ddad952bec284899

SHA256
9a338fe6f160d43a809395411215c41bf5aa09bd994c91b16b4605603b840129

SHA512
d2d8ef724a4e893f84d5638ebaacf8e1c7b7b2134e86d35a82e0a7ef647b8ad06df0676c9a0e2def5f032f46b015a8c8900cae677c5b1f4d748cc5e79e9a1026

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
91KB

MD5
d369492e824802f075903e38fcc1ef6b

SHA1
dd42130eb2dba1f0338bb87fb8d70f9147e8a68d

SHA256
efa572dca1e3b6146b3ebc544f20f67c2e5467c441fd852569fcced01e16c59e

SHA512
10f0707ec4d0d06b94305624e1e7ec2c73342990cb36ce68e2fbf3088a8885938ce3dcd754e91ee11ed935a7d75db7f3dc40d262fd5bf9e5ec80239bafdbf378

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57da81.TMP

Filesize
88KB

MD5
c31eee77f585ff14c90ad99043fea998

SHA1
079ba5f0b2b0d0ea8f8a0ddaf907125214a9aea6

SHA256
b04a922dcf9630eae96052affd1f639498e2b31683ff6e2d39b4dc0a6af2dcb7

SHA512
b12054e5a823a6e63178eec2a5aa40cc8a47a919cc190161958a2b4351f58b3dddfeb26d839dc3337ff676c2909aeeb406848c9a6903a352a4717f10fd1c7ea6

Download Submit