hxxp://www[.]hesaitech[.]com/wp-content/plugins/oxyextras/components/assets/vime/@vime/core/dist/vime/vime[.]esm[.]js?ver=4[.]7[.]3

Analysis

max time kernel
299s
max time network
303s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
15/11/2023, 23:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.hesaitech.com/wp-content/plugins/oxyextras/components/assets/vime/@vime/core/dist/vime/vime.esm.js?ver=4.7.3

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133445641946643379"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3708	chrome.exe
3708	chrome.exe
2768	chrome.exe
2768	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3708 wrote to memory of 1692	3708	chrome.exe	71
PID 3708 wrote to memory of 1692	3708	chrome.exe	71
PID 3708 wrote to memory of 492	3708	chrome.exe	88
PID 3708 wrote to memory of 492	3708	chrome.exe	88
PID 3708 wrote to memory of 492	3708	chrome.exe	88
PID 3708 wrote to memory of 492	3708	chrome.exe	88
PID 3708 wrote to memory of 492	3708	chrome.exe	88
PID 3708 wrote to memory of 492	3708	chrome.exe	88
PID 3708 wrote to memory of 492	3708	chrome.exe	88
PID 3708 wrote to memory of 492	3708	chrome.exe	88
PID 3708 wrote to memory of 492	3708	chrome.exe	88
PID 3708 wrote to memory of 492	3708	chrome.exe	88
PID 3708 wrote to memory of 492	3708	chrome.exe	88
PID 3708 wrote to memory of 492	3708	chrome.exe	88
PID 3708 wrote to memory of 492	3708	chrome.exe	88
PID 3708 wrote to memory of 492	3708	chrome.exe	88
PID 3708 wrote to memory of 492	3708	chrome.exe	88
PID 3708 wrote to memory of 492	3708	chrome.exe	88
PID 3708 wrote to memory of 492	3708	chrome.exe	88
PID 3708 wrote to memory of 492	3708	chrome.exe	88
PID 3708 wrote to memory of 492	3708	chrome.exe	88
PID 3708 wrote to memory of 492	3708	chrome.exe	88
PID 3708 wrote to memory of 492	3708	chrome.exe	88
PID 3708 wrote to memory of 492	3708	chrome.exe	88
PID 3708 wrote to memory of 492	3708	chrome.exe	88
PID 3708 wrote to memory of 492	3708	chrome.exe	88
PID 3708 wrote to memory of 492	3708	chrome.exe	88
PID 3708 wrote to memory of 492	3708	chrome.exe	88
PID 3708 wrote to memory of 492	3708	chrome.exe	88
PID 3708 wrote to memory of 492	3708	chrome.exe	88
PID 3708 wrote to memory of 492	3708	chrome.exe	88
PID 3708 wrote to memory of 492	3708	chrome.exe	88
PID 3708 wrote to memory of 492	3708	chrome.exe	88
PID 3708 wrote to memory of 492	3708	chrome.exe	88
PID 3708 wrote to memory of 492	3708	chrome.exe	88
PID 3708 wrote to memory of 492	3708	chrome.exe	88
PID 3708 wrote to memory of 492	3708	chrome.exe	88
PID 3708 wrote to memory of 492	3708	chrome.exe	88
PID 3708 wrote to memory of 492	3708	chrome.exe	88
PID 3708 wrote to memory of 492	3708	chrome.exe	88
PID 3708 wrote to memory of 4776	3708	chrome.exe	89
PID 3708 wrote to memory of 4776	3708	chrome.exe	89
PID 3708 wrote to memory of 4612	3708	chrome.exe	90
PID 3708 wrote to memory of 4612	3708	chrome.exe	90
PID 3708 wrote to memory of 4612	3708	chrome.exe	90
PID 3708 wrote to memory of 4612	3708	chrome.exe	90
PID 3708 wrote to memory of 4612	3708	chrome.exe	90
PID 3708 wrote to memory of 4612	3708	chrome.exe	90
PID 3708 wrote to memory of 4612	3708	chrome.exe	90
PID 3708 wrote to memory of 4612	3708	chrome.exe	90
PID 3708 wrote to memory of 4612	3708	chrome.exe	90
PID 3708 wrote to memory of 4612	3708	chrome.exe	90
PID 3708 wrote to memory of 4612	3708	chrome.exe	90
PID 3708 wrote to memory of 4612	3708	chrome.exe	90
PID 3708 wrote to memory of 4612	3708	chrome.exe	90
PID 3708 wrote to memory of 4612	3708	chrome.exe	90
PID 3708 wrote to memory of 4612	3708	chrome.exe	90
PID 3708 wrote to memory of 4612	3708	chrome.exe	90
PID 3708 wrote to memory of 4612	3708	chrome.exe	90
PID 3708 wrote to memory of 4612	3708	chrome.exe	90
PID 3708 wrote to memory of 4612	3708	chrome.exe	90
PID 3708 wrote to memory of 4612	3708	chrome.exe	90
PID 3708 wrote to memory of 4612	3708	chrome.exe	90
PID 3708 wrote to memory of 4612	3708	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://www.hesaitech.com/wp-content/plugins/oxyextras/components/assets/vime/@vime/core/dist/vime/vime.esm.js?ver=4.7.3
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff71909758,0x7fff71909768,0x7fff71909778
  2⤵
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1868,i,1534184166954576078,16623889443097350465,131072 /prefetch:2
  2⤵
  PID:492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1868,i,1534184166954576078,16623889443097350465,131072 /prefetch:8
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2252 --field-trial-handle=1868,i,1534184166954576078,16623889443097350465,131072 /prefetch:8
  2⤵
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2976 --field-trial-handle=1868,i,1534184166954576078,16623889443097350465,131072 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2960 --field-trial-handle=1868,i,1534184166954576078,16623889443097350465,131072 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 --field-trial-handle=1868,i,1534184166954576078,16623889443097350465,131072 /prefetch:8
  2⤵
  PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4472 --field-trial-handle=1868,i,1534184166954576078,16623889443097350465,131072 /prefetch:8
  2⤵
  PID:3944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4960 --field-trial-handle=1868,i,1534184166954576078,16623889443097350465,131072 /prefetch:1
  2⤵
  PID:3512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 --field-trial-handle=1868,i,1534184166954576078,16623889443097350465,131072 /prefetch:8
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5836 --field-trial-handle=1868,i,1534184166954576078,16623889443097350465,131072 /prefetch:8
  2⤵
  PID:5028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5340 --field-trial-handle=1868,i,1534184166954576078,16623889443097350465,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2768

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2644

C:\Windows\system32\sethc.exe
sethc.exe 231
1⤵
PID:1332
- C:\Windows\system32\EaseOfAccessDialog.exe
  "C:\Windows\system32\EaseOfAccessDialog.exe" 231
  2⤵
  PID:2124

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x240 0x3b8
1⤵
PID:2992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5e1e4cc118199a4e21b86883e13e86ef

SHA1
2d27288b227727f0c059a9a2e3a891e6262e8cae

SHA256
8efed9447abe565cc8c05dbfcf5fb40cc6803324dd0de1df6881ae1559e49d84

SHA512
5dbdc7722e30e2218178b3d883631531855c5e17e3504db4cdb5bf987e44091f18d41a44e77f1e301ef84d712e12ff14909077f0b152e625274b60cc8b35446b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
7541be7609b6ac9778c0edc37decb91f

SHA1
8326a373a631e2019187b1893982a40262b8f438

SHA256
db315d718f61a43a83e71a85c49ba338620e511da5cc85b038cab9be0e73e6ed

SHA512
01ae147e7620e23559cdb0c3c55a8072ff3a58a288ebc68de20e64fa148a899edae0ced907231249c089b43dfb872ef4382c285013b79dd1c5602207cb9dbb7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
a4c5209fd6d14275f2643ad57ced3382

SHA1
4190b5e51ef9d2198587dacdec36a9cce92e94dd

SHA256
d023197353f486cf4a5f2d979e8a0a332b742cc44d63fd619f4177714a854132

SHA512
2a41a88eabb7689f4d75195d8a33b4fae26c80bb943b9a0ee7864e9bb1b52624f89d656f653ae86e961f6309a7d60173923b11cfa6b8f4652cfb8a7ebcaee296

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
aaf33a7b22669c578fdd0e4d433e73b4

SHA1
d02434cae1aedc83309ec3c7508857da66472eae

SHA256
0a4fb647153f35041ed71a04aaeccbec935bc389a07bd3ca23e098af7e006ff4

SHA512
9313e17b67ccfdfc8f8b972452faeaa77938ceb046b1c1c8bca2b9b60e88bbb399b173e532bf07ea48ede2808b05a0df4efbbf37610631a0efb85e6389dc533e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
dcd807d7a1b54dd9d80fed31dbe04ce7

SHA1
11a75ee05335e68f8282bc02629f678cd6ae0744

SHA256
7c745bd1f777247564ec65629b7de27a8058b6d63a77e3e1bca34f286f819d21

SHA512
2b973c3d6c21b9d29606c1181a3865f0b93ab947d465cee671e8ded3d7f1765431fff3e0ade4fcc90e3e150322c80ea035236767ad920dbc65c94d660cb9f66d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5d53b897570d9efbcd705e8a32fc9592

SHA1
379bb4688dff65019d7d1236b6c01103171f0b57

SHA256
07393121f847dd2cbc440872571afd45dce2a34bba70bdb188db4dd3ca9f9582

SHA512
690e8169c8ff681ff271617dd5aae16c446b2eb24970e3b20262621b41ba42530ff1ac9c9f3111f5cebed9bf89e750db7568da81543e83674d2e93ac3f2e793b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fbf4c6ccdc207dc8c772ac520861c8e7

SHA1
4944f07c93106f92c86b5ca92b24e743b676aef3

SHA256
1382e2562611512e8134fd071b2c34033878fc9e06a5298118220e68f69b79ed

SHA512
e3f4cb86a6bea622d00692382912100b294b1322b4a9ac57e80a0bf7b83eb03e8eb26aacad291f81a61527d4e9ef13159a1ef760e831936c95c25208268d0c46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
bcbf1284bf6670454172be19296ab31e

SHA1
348435e5a7c0c1840b3efd3a59b632fb76e24616

SHA256
4b25361830915cb571f07bd2e481e863ff2c624461d9b141ba26ff1745fd99fe

SHA512
43cdf923c1bac1b8bb32e9fd11733656c8c46e80e0ccf7394fda16349307b79eda386bf7759abc09320c29d559575e0270cfa3295f5fe92b975ff4ab419f8709

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
a32dc454f0be5446038e9a6d5138fbf7

SHA1
d8b63c61338d2454f1ea6170afc73e5619d1eec3

SHA256
b614a3cd7d23eace2f8727c9abfbd11be37698599e840e778ebef5fa9bcbe84c

SHA512
ec7c11578e111283b6ee4e614c23ec1b3b095c273aa7a88161d66b15f01c56233ffad0791ab0de11bd08b08e72e70cf1566a88f83823f9ba4d5e528c9d9b4c98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5805e7.TMP

Filesize
97KB

MD5
cc2f80fc0f011098d938c50663da8bee

SHA1
0652223588998ed575b873fa0c0213ffdb31af7e

SHA256
cd94c3b4561c1f57dfdb2127816e28f87bd9891e0d1f0f3ab95bff328191d6df

SHA512
40c94f97413e1f7efe98f172aa36daaf6c48567e8052d8e38d82515c84b89e0563cf84521c7d7aff1a239737f46462cc026d4373120085daf1e17114a19c4418

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit