hxxp://theroyalsolitaire[.]com

General

Target

http://theroyalsolitaire.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133295820203191042"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

5032 chrome.exe
5032 chrome.exe
444 chrome.exe
444 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

chrome.exe

pid process

5032 chrome.exe
5032 chrome.exe
5032 chrome.exe
5032 chrome.exe
5032 chrome.exe
5032 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 5032 wrote to memory of 1128	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 1128	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 3756	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 3756	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 3756	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 3756	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 3756	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 3756	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 3756	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 3756	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 3756	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 3756	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 3756	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 3756	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 3756	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 3756	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 3756	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 3756	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 3756	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 3756	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 3756	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 3756	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 3756	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 3756	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 3756	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 3756	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 3756	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 3756	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 3756	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 3756	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 3756	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 3756	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 3756	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 3756	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 3756	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 3756	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 3756	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 3756	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 3756	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 3756	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 1716	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 1716	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 4228	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 4228	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 4228	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 4228	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 4228	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 4228	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 4228	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 4228	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 4228	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 4228	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 4228	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 4228	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 4228	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 4228	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 4228	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 4228	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 4228	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 4228	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 4228	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 4228	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 4228	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 4228	5032	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://theroyalsolitaire.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffea8ce9758,0x7ffea8ce9768,0x7ffea8ce9778
2⤵
PID:1128

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 --field-trial-handle=1824,i,8728469809273214956,6250054465139654959,131072 /prefetch:2
2⤵
PID:3756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1824,i,8728469809273214956,6250054465139654959,131072 /prefetch:8
2⤵
PID:1716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2168 --field-trial-handle=1824,i,8728469809273214956,6250054465139654959,131072 /prefetch:8
2⤵
PID:4228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3000 --field-trial-handle=1824,i,8728469809273214956,6250054465139654959,131072 /prefetch:1
2⤵
PID:2764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2992 --field-trial-handle=1824,i,8728469809273214956,6250054465139654959,131072 /prefetch:1
2⤵
PID:4936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4744 --field-trial-handle=1824,i,8728469809273214956,6250054465139654959,131072 /prefetch:8
2⤵
PID:2148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3640 --field-trial-handle=1824,i,8728469809273214956,6250054465139654959,131072 /prefetch:8
2⤵
PID:2280

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5036 --field-trial-handle=1824,i,8728469809273214956,6250054465139654959,131072 /prefetch:8
2⤵
PID:2236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5024 --field-trial-handle=1824,i,8728469809273214956,6250054465139654959,131072 /prefetch:1
2⤵
PID:4852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3140 --field-trial-handle=1824,i,8728469809273214956,6250054465139654959,131072 /prefetch:1
2⤵
PID:2464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4832 --field-trial-handle=1824,i,8728469809273214956,6250054465139654959,131072 /prefetch:1
2⤵
PID:2584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1752 --field-trial-handle=1824,i,8728469809273214956,6250054465139654959,131072 /prefetch:1
2⤵
PID:4124

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4480 --field-trial-handle=1824,i,8728469809273214956,6250054465139654959,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:444

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3380

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
882B

MD5
d87ebe82df7473cb087700bf2c64351b

SHA1
def521ddaf011ced3f463b55489b23b44515e1e5

SHA256
b9c89e6b3c44e0ca8526a8fe027e59ac8db6c52f265bc42b4a2b7c6c851b8032

SHA512
0ef5402a07ef33c0853859390749e0cb6b7f1904405a8c695b996291058aad57c2af64ee09732700b9106ccee886a79b035248c5a37025343bb9a21e2d176e21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
659cfdfa2fbb1c00b9883b51033bb8e4

SHA1
acf5a016167d324496f727962178fd89eaddf307

SHA256
f93f37d9d83b799c68a14f5095d4efaf02e637afbdafe510fe4a9cfa2da1e5a9

SHA512
c4fb6abaa00062e8ef3fb793806c31baebcdcdebde6d2086b77b39a0ba672c4d82ba6a50c5cf331d62d95cab4cf011778250634cd4f45facce57c622b6967caf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
4d62ac4740910eab8ab6695db75d450e

SHA1
7b1a50d814af32953565ce8ed6c525591d5bbbeb

SHA256
f3750e681d60831213a9189696f5cebea34e7a0a1f6108ea67f212796cc96312

SHA512
4e90d1fde2595d9816bfdf3e007e67b7874d43b029f6c28be402c009791f00925c13ae9ecf8d1db51b27340c1cc42d914b640a1d6479c12c004562cb84d5f712

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
96a860d8e23bf7b86deaedc7571e9834

SHA1
a40a8a6b7ef1605cf6ccb54d3b2859485e944841

SHA256
45a4709b7b912107eed6ffc3ed4a1348569385e476d881f82c41357e86d73170

SHA512
2fc562dd60f84f3766135dbafde437164f8eacd0232f3a3cc2cf9ee606454a3d177383cad6c5be67ca27aa886844cf229123192015a1b2ce248458d851e7180b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
153KB

MD5
40221417a14ead477fe4870fd9ae39b1

SHA1
b08904bdec28a3d6b7754910f6fb92e343153a22

SHA256
405c5deac43b6a70eecde377981213eae4b5f0433425a7a52e0b86fa86c17be9

SHA512
ca513e11bcb73c7f81a665dd06e33ac43b40469dab5c98690d1d6597938f216ba0cd6dc9799e8c476aac25772a7a257164c54ad32bf66b5b4dd655ca893966f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_5032_LZTEYCTNMVNETFDM
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads