Overview

overview

10

Static

static

SkyBlade.zip

windows10-2004_x64

10

Resubmissions

14-04-2022 13:46

220414-q27ymaeea4 10

Analysis

  • max time kernel
    704s
  • max time network
    713s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220331-en
  • submitted
    14-04-2022 13:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SkyBlade.zip

  • Size

    3.3MB

  • MD5

    05db414a0e7a3cc7e576bc00af2c7f18

  • SHA1

    dc898d3d96066ca8ef27f9673dcfe212b61bb9e8

  • SHA256

    63a37203d598350b284c05833662fbdc89d9d46142120bb035609216f1a3ee77

  • SHA512

    1e218ed7efe1a49732336f8d156613e738e0b7f6cc6a65f54544051639df094b64cb5b3cd3013329e92dfb77f47a5c7dce08acf9a317809cc9c245f3db3ba8de

Score
10/10
metastealerredline1infostealerpersistencespywarestealer

Malware Config

Extracted

Family

redline

Botnet

1

C2

65.108.41.163:38151

Attributes
  • auth_value

    95517c2a2f56575288c35d9dfde4a6aa

Signatures

  • Meta Stealer Stealer

    Meta Stealer steals passwords stored in browsers, written in C++.

    stealermetastealer
  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 1 IoCs
  • Executes dropped EXE 3 IoCs
  • Modifies Installed Components in the registry 2 TTPs
    persistence
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of SetThreadContext 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Checks SCSI registry key(s) 3 TTPs 28 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 8 IoCs
  • Modifies Internet Explorer settings 1 TTPs 8 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 25 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 34 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\SkyBlade.zip
    1⤵
      PID:3964
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe"
      1⤵
      • Enumerates system info in registry
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:4564
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbe7ee4f50,0x7ffbe7ee4f60,0x7ffbe7ee4f70
        2⤵
          PID:4320
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1632,8248019958999290133,5775420363783492691,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1724 /prefetch:2
          2⤵
            PID:2044
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1632,8248019958999290133,5775420363783492691,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1952 /prefetch:8
            2⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:1856
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1632,8248019958999290133,5775420363783492691,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2180 /prefetch:8
            2⤵
              PID:1084
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,8248019958999290133,5775420363783492691,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2848 /prefetch:1
              2⤵
                PID:2888
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,8248019958999290133,5775420363783492691,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2864 /prefetch:1
                2⤵
                  PID:2600
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,8248019958999290133,5775420363783492691,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4476 /prefetch:1
                  2⤵
                    PID:780
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,8248019958999290133,5775420363783492691,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4472 /prefetch:8
                    2⤵
                      PID:620
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,8248019958999290133,5775420363783492691,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4928 /prefetch:8
                      2⤵
                        PID:848
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,8248019958999290133,5775420363783492691,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5060 /prefetch:8
                        2⤵
                          PID:3408
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1632,8248019958999290133,5775420363783492691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 /prefetch:8
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:4736
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,8248019958999290133,5775420363783492691,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4568 /prefetch:8
                          2⤵
                            PID:2780
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1632,8248019958999290133,5775420363783492691,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4900 /prefetch:2
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:5024
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,8248019958999290133,5775420363783492691,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2060 /prefetch:1
                            2⤵
                              PID:2368
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1632,8248019958999290133,5775420363783492691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4292 /prefetch:8
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:1512
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,8248019958999290133,5775420363783492691,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4356 /prefetch:8
                              2⤵
                                PID:4000
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,8248019958999290133,5775420363783492691,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
                                2⤵
                                  PID:3736
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,8248019958999290133,5775420363783492691,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
                                  2⤵
                                    PID:2164
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,8248019958999290133,5775420363783492691,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
                                    2⤵
                                      PID:432
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1632,8248019958999290133,5775420363783492691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:8
                                      2⤵
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:5064
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,8248019958999290133,5775420363783492691,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5588 /prefetch:8
                                      2⤵
                                        PID:3924
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1632,8248019958999290133,5775420363783492691,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5532 /prefetch:8
                                        2⤵
                                          PID:1800
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,8248019958999290133,5775420363783492691,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6092 /prefetch:8
                                          2⤵
                                            PID:4792
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,8248019958999290133,5775420363783492691,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2964 /prefetch:8
                                            2⤵
                                              PID:2936
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,8248019958999290133,5775420363783492691,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4372 /prefetch:8
                                              2⤵
                                                PID:3376
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,8248019958999290133,5775420363783492691,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3080 /prefetch:8
                                                2⤵
                                                  PID:4572
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1632,8248019958999290133,5775420363783492691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6068 /prefetch:8
                                                  2⤵
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:620
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,8248019958999290133,5775420363783492691,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4320 /prefetch:8
                                                  2⤵
                                                    PID:3832
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,8248019958999290133,5775420363783492691,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4308 /prefetch:8
                                                    2⤵
                                                      PID:1260
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe"
                                                    1⤵
                                                    • Suspicious use of WriteProcessMemory
                                                    PID:4996
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbe7ee4f50,0x7ffbe7ee4f60,0x7ffbe7ee4f70
                                                      2⤵
                                                        PID:4832
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1620,2149474276870291899,10988344055125303712,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1628 /prefetch:2
                                                        2⤵
                                                          PID:1852
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1620,2149474276870291899,10988344055125303712,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2008 /prefetch:8
                                                          2⤵
                                                          • Suspicious behavior: EnumeratesProcesses
                                                          PID:1320
                                                      • C:\Windows\system32\svchost.exe
                                                        C:\Windows\system32\svchost.exe -k appmodel -p -s camsvc
                                                        1⤵
                                                          PID:3628
                                                        • C:\Windows\System32\CompPkgSrv.exe
                                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                          1⤵
                                                            PID:620
                                                          • C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
                                                            "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
                                                            1⤵
                                                            • Suspicious use of SetWindowsHookEx
                                                            PID:3256
                                                          • C:\Windows\System32\rundll32.exe
                                                            C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                            1⤵
                                                              PID:3396
                                                            • C:\Program Files\7-Zip\7zG.exe
                                                              "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap22665:74:7zEvent9280
                                                              1⤵
                                                              • Suspicious use of AdjustPrivilegeToken
                                                              PID:3172
                                                            • C:\Windows\system32\werfault.exe
                                                              werfault.exe /h /shared Global\b44949214d974025841e59e8178d1f13 /t 3112 /p 3108
                                                              1⤵
                                                                PID:4812
                                                              • C:\Windows\explorer.exe
                                                                explorer.exe
                                                                1⤵
                                                                • Enumerates connected drives
                                                                • Checks SCSI registry key(s)
                                                                • Modifies Internet Explorer settings
                                                                • Modifies registry class
                                                                • Suspicious behavior: AddClipboardFormatListener
                                                                • Suspicious behavior: GetForegroundWindowSpam
                                                                • Suspicious use of AdjustPrivilegeToken
                                                                • Suspicious use of SetWindowsHookEx
                                                                PID:4572
                                                                • C:\Users\Admin\Desktop\SkyBlade\StartGame.exe
                                                                  "C:\Users\Admin\Desktop\SkyBlade\StartGame.exe"
                                                                  2⤵
                                                                  • Executes dropped EXE
                                                                  • Suspicious use of SetThreadContext
                                                                  PID:320
                                                                  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
                                                                    3⤵
                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                    PID:4172
                                                                • C:\Users\Admin\Desktop\SkyBlade\StartGame.exe
                                                                  "C:\Users\Admin\Desktop\SkyBlade\StartGame.exe"
                                                                  2⤵
                                                                  • Executes dropped EXE
                                                                  • Suspicious use of SetThreadContext
                                                                  PID:1516
                                                                  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
                                                                    3⤵
                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                    PID:3116
                                                                • C:\Users\Admin\Desktop\SkyBlade\StartGame.exe
                                                                  "C:\Users\Admin\Desktop\SkyBlade\StartGame.exe"
                                                                  2⤵
                                                                  • Executes dropped EXE
                                                                  • Suspicious use of SetThreadContext
                                                                  PID:3132
                                                                  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
                                                                    3⤵
                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                    PID:4688
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\SkyBlade\ModTools\Scripts\TechnicalDocumentation\index.html
                                                                  2⤵
                                                                  • Enumerates system info in registry
                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                  PID:4876
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffbe85b46f8,0x7ffbe85b4708,0x7ffbe85b4718
                                                                    3⤵
                                                                      PID:3112
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,10409512450836586314,4350290806493813577,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
                                                                      3⤵
                                                                        PID:4044
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,10409512450836586314,4350290806493813577,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
                                                                        3⤵
                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                        PID:3816
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,10409512450836586314,4350290806493813577,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
                                                                        3⤵
                                                                          PID:1652
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10409512450836586314,4350290806493813577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1
                                                                          3⤵
                                                                            PID:4736
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10409512450836586314,4350290806493813577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1
                                                                            3⤵
                                                                              PID:4660
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2128,10409512450836586314,4350290806493813577,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5420 /prefetch:8
                                                                              3⤵
                                                                                PID:2528
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                            1⤵
                                                                            • Suspicious use of SetWindowsHookEx
                                                                            PID:1512
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                            1⤵
                                                                            • Enumerates system info in registry
                                                                            • Modifies registry class
                                                                            • Suspicious use of SetWindowsHookEx
                                                                            PID:2672
                                                                          • C:\Windows\system32\svchost.exe
                                                                            C:\Windows\system32\svchost.exe -k appmodel -p -s camsvc
                                                                            1⤵
                                                                              PID:112
                                                                            • C:\Windows\System32\CompPkgSrv.exe
                                                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                              1⤵
                                                                                PID:3952

                                                                              Network

                                                                              MITRE ATT&CK Matrix ATT&CK v6

                                                                              Initial Access

                                                                              Execution

                                                                              Persistence

                                                                              Registry Run Keys / Startup Folder

                                                                              1
                                                                              T1060

                                                                              Privilege Escalation

                                                                              Defense Evasion

                                                                              Modify Registry

                                                                              2
                                                                              T1112

                                                                              Credential Access

                                                                              Credentials in Files

                                                                              1
                                                                              T1081

                                                                              Discovery

                                                                              Query Registry

                                                                              3
                                                                              T1012

                                                                              Peripheral Device Discovery

                                                                              2
                                                                              T1120

                                                                              System Information Discovery

                                                                              4
                                                                              T1082

                                                                              Lateral Movement

                                                                              Collection

                                                                              Data from Local System

                                                                              1
                                                                              T1005

                                                                              Exfiltration

                                                                              Command and Control

                                                                              Impact

                                                                              Replay Monitor

                                                                              Loading Replay Monitor...

                                                                              Downloads

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
                                                                                Filesize

                                                                                40B

                                                                                MD5

                                                                                a362c0bb1c8e54989969af2b4a937bbe

                                                                                SHA1

                                                                                568f3c49d0d4eff76eba6632304bd4a7a006b2d7

                                                                                SHA256

                                                                                e1af69d526c73de64ae23989183fd93b1fd0f33e19c0d9c05676c9f42b578782

                                                                                SHA512

                                                                                2c22658c4e75244acedf88da5c4bba5f0d05678045aafb1b215f301f63c23d0c133d1e7454f5bd0d11cc0e7f8ed2db6342ca67c93802c0f0cf28780a360ffca5

                                                                                Download Submit
                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
                                                                                Filesize

                                                                                40B

                                                                                MD5

                                                                                a362c0bb1c8e54989969af2b4a937bbe

                                                                                SHA1

                                                                                568f3c49d0d4eff76eba6632304bd4a7a006b2d7

                                                                                SHA256

                                                                                e1af69d526c73de64ae23989183fd93b1fd0f33e19c0d9c05676c9f42b578782

                                                                                SHA512

                                                                                2c22658c4e75244acedf88da5c4bba5f0d05678045aafb1b215f301f63c23d0c133d1e7454f5bd0d11cc0e7f8ed2db6342ca67c93802c0f0cf28780a360ffca5

                                                                                Download Submit
                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies
                                                                                Filesize

                                                                                20KB

                                                                                MD5

                                                                                8129776ace56d5b3a6b0a03c4fd7cf37

                                                                                SHA1

                                                                                d716ab65d0947d7cbd3046acf9a95a1518d982dc

                                                                                SHA256

                                                                                a31a0d3a4b15f3e050e099bcd786663ad3eff5ead52f9653348b404b5be653fa

                                                                                SHA512

                                                                                21ff819e42d3b367f824dda39573bb701988d93a5c965c4026d116160df772e49fc7f5516031874be18dce467f2cecc9d4429e30ebf0950eed257a6360408be9

                                                                                Download Submit
                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                                Filesize

                                                                                68KB

                                                                                MD5

                                                                                ac53d9f83f6f125f715e2c517a9a2859

                                                                                SHA1

                                                                                e5b9d0dc891b0d95db6c0162a537d418da2715a6

                                                                                SHA256

                                                                                af1ff094a6c51d94efb8827fe435d9937cc49be4dc328f9eb0aeb6c958e9bf5c

                                                                                SHA512

                                                                                f033377c35c6514708868abd08aa64a90e322177c2abfb6c804188a6052c619e39bb4030e874679fd359fdf008aa562dafceb1af2c4ad1407ab15f0c16b388d7

                                                                                Download Submit
                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                                Filesize

                                                                                68KB

                                                                                MD5

                                                                                dc7572c041d6df74b2a55930b18d4252

                                                                                SHA1

                                                                                af475c0d4704bf289244fa00ccf7129939e32266

                                                                                SHA256

                                                                                de614396bc22053ad1677b8f5e6911d6e72abd2c47897299a7a2459243b5b14b

                                                                                SHA512

                                                                                12e9d4f18b4917faa56b8eb0ae5220f7c7eea93bea32c7955ba1501aa14e9d52985bf69ac071388d2028ac0d1b408eff02a163e7387ac7ea80fc9cb7c6bf080d

                                                                                Download Submit
                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                                Filesize

                                                                                72KB

                                                                                MD5

                                                                                73fab257dd52ad555745f21e1057a1b3

                                                                                SHA1

                                                                                ac2150b3d422e50b507f0d84fcbb32adb8d6038f

                                                                                SHA256

                                                                                641e68476842b7ef9d1f7b3ba7d494986de857806bcef6396bd39e8bab2185d0

                                                                                SHA512

                                                                                98dcefbb1e9d8f01fba2cafc084c0e0d13e3525b871f128795deb28ecd6178d78801e90b767e9c854dbdd7d81a00b31fe21b98993ee808c33620097703f8428c

                                                                                Download Submit
                                                                              • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\AppLaunch.exe.log
                                                                                Filesize

                                                                                2KB

                                                                                MD5

                                                                                9c49939c6bad2727502a6d536f8a3516

                                                                                SHA1

                                                                                b5eefe41d4e8fe019da07c5ca0f18651fa23934e

                                                                                SHA256

                                                                                64ba592b4ea398f8525140a1b5693a3e9a0e899d9afae5b6d8b150190c2c4f3a

                                                                                SHA512

                                                                                40cd10bebcc4a71f3038f8cdd6c06e9ea7b61e4758f70f80f48f31ec57b5e4e64b169a8f70cf6ed35a60e4368191e0f5dea29c049d49898334230cc148ebb477

                                                                                Download Submit
                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Windows\Caches
                                                                                MD5

                                                                                d41d8cd98f00b204e9800998ecf8427e

                                                                                SHA1

                                                                                da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                SHA256

                                                                                e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                SHA512

                                                                                cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                                Download Submit
                                                                              • C:\Users\Admin\Desktop\SkyBlade\ModTools\Resources\FrameData.xml
                                                                                Filesize

                                                                                7KB

                                                                                MD5

                                                                                6a46983efba304c1dbac261200d86b7d

                                                                                SHA1

                                                                                b7451858541ea84b7fd1dfb3c238866c414d284a

                                                                                SHA256

                                                                                0bd87e5051ceac8c90daa090c581110990121a501fb336976dff6dba3e77491a

                                                                                SHA512

                                                                                f3483ed3abc628923e5899b9d1acc1a4b2573c3e73be91f09788a65dfba83d4f794c659dfe93bcc6a78d94bed40831047fb9f6ba26879db07dbc7b8806da1b62

                                                                                Download Submit
                                                                              • C:\Users\Admin\Desktop\SkyBlade\ModTools\Scripts\TechnicalDocumentation\bootstrap\css\bootstrap-responsive.min.css
                                                                                Filesize

                                                                                16KB

                                                                                MD5

                                                                                1148a4544b2d1d2c2a9bc42e4159aa4e

                                                                                SHA1

                                                                                4d14176ac3ac071cf2fa8848e05f33afab6bac08

                                                                                SHA256

                                                                                6d8068f53c69e0f02aaf8544fdba07d23446fcc9eba1d178d14398544c6a8da0

                                                                                SHA512

                                                                                9a780351af03567ed40f45e8c17a32b59ef02dbcbaf37650bcc8a1b8d6feba39a4e72cbdf793fea69b213df8cec8b612184db483b8cf7f400f2cc44df5d36b7e

                                                                                Download Submit
                                                                              • C:\Users\Admin\Desktop\SkyBlade\ModTools\Scripts\TechnicalDocumentation\bootstrap\css\bootstrap-select.min.css
                                                                                Filesize

                                                                                5KB

                                                                                MD5

                                                                                6402ae87bdd5777300e3ea80512879a8

                                                                                SHA1

                                                                                21038dfbf1a31ed7153597899796d86d37727eb6

                                                                                SHA256

                                                                                3edb8f4818e5cc987fdcb63445ac1e6a20d8a9321603f8b73ae485869d48cb7e

                                                                                SHA512

                                                                                9701d0f8157f700bc43c66660be2a9e76b0ae031d9a5d1d06313be3136784647165fa399d86370b9368b5f79e322830097dccd4535a5b6c7cb2ca4552a6c68ad

                                                                                Download Submit
                                                                              • C:\Users\Admin\Desktop\SkyBlade\ModTools\Scripts\TechnicalDocumentation\bootstrap\css\bootstrap.min.css
                                                                                Filesize

                                                                                103KB

                                                                                MD5

                                                                                1421570482287074e5761834f385300f

                                                                                SHA1

                                                                                c3b432e82c5dc1efc88c4f678eec4c242e478c07

                                                                                SHA256

                                                                                66b9783eb8951a12f84816ebc070c3d4e5f67647ca7db8e14f61ce4c5a853254

                                                                                SHA512

                                                                                fb2866d51fe0845cfbf25cdf2b4474f2f16ce70713ab926c6b3fcc9ec4ac90ed3f363c7d144e5ed319c3de59f5a8c2faf61690807fe4d7d4baedb979e30b9a38

                                                                                Download Submit
                                                                              • C:\Users\Admin\Desktop\SkyBlade\ModTools\Scripts\TechnicalDocumentation\bootstrap\js\bootstrap-select.min.js
                                                                                Filesize

                                                                                22KB

                                                                                MD5

                                                                                bda9f7831f7b9dbacb36990b27c8161b

                                                                                SHA1

                                                                                44da65f0bd2a08af2ba5cf9a8bea8089d65df437

                                                                                SHA256

                                                                                12094919363142504305742b67d48ec43fa9e9a49d70b6cb8f0dcf73efbb85f8

                                                                                SHA512

                                                                                fe831003b21723af16b7bee0e4925d3823a195c09ed32d9ee5a5f910c2a31b79c20b3f3fe74f30e0b5a623a4f64f12fe57d52a82bfd8f92d021a688e34b829da

                                                                                Download Submit
                                                                              • C:\Users\Admin\Desktop\SkyBlade\ModTools\Scripts\TechnicalDocumentation\bootstrap\js\bootstrap.min.js
                                                                                Filesize

                                                                                27KB

                                                                                MD5

                                                                                47d7deee36d6699afccf40741f45b228

                                                                                SHA1

                                                                                4d3e1a615349c7a0dea8e057b20db271a1afc5d4

                                                                                SHA256

                                                                                e530c947198bbfe4980daa799e9f23f94b2d46bd7a9163422a19be30a76ad4bf

                                                                                SHA512

                                                                                7392becfc608e3c0608b42956a0c17bb27c6fade0fb69dd44ac0207e0e27e37fd9869c22a5d050a9c5d212244eff2995bbbf6fb7055f1c964bfd43e45506a287

                                                                                Download Submit
                                                                              • C:\Users\Admin\Desktop\SkyBlade\ModTools\Scripts\TechnicalDocumentation\favicon.ico
                                                                                Filesize

                                                                                1KB

                                                                                MD5

                                                                                531c28453ca67d0744c65d5019e015ff

                                                                                SHA1

                                                                                b34b909cc17cd1f7f7ac35b62a3dcfcd00f23c10

                                                                                SHA256

                                                                                bcda7bb353a47f0ef79e6deda52a2a2e65633587a9849838a3152559b34db869

                                                                                SHA512

                                                                                fe84a1a180cbc3c468639a829fba0440276d475668f5a6f33f4c8b455f69cfba38c17d5fd48ab76fafea1f5f29cc3567058ca106eff505f5f7713020965a1c8a

                                                                                Download Submit
                                                                              • C:\Users\Admin\Desktop\SkyBlade\ModTools\Scripts\TechnicalDocumentation\haxe-nav.css
                                                                                Filesize

                                                                                3KB

                                                                                MD5

                                                                                3ee1fd2936ff763f824efeffdbfa6ddb

                                                                                SHA1

                                                                                80793461bc3d150e66d5cf8750c96e7b70c9492b

                                                                                SHA256

                                                                                7aeaab10b6adcb218d59eeb5cd543ce685e95bfc47f2e0f52e49c91ea42a0bad

                                                                                SHA512

                                                                                d9b79d999ccfcde4e6f856c0b2d1b20b557c469833741022c667836ef0a28d4cf87b145d6f15f9fbe8123f17c7be69880e9def811894ec3938e6f070cc7b4b74

                                                                                Download Submit
                                                                              • C:\Users\Admin\Desktop\SkyBlade\ModTools\Scripts\TechnicalDocumentation\index.html
                                                                                Filesize

                                                                                3KB

                                                                                MD5

                                                                                f588e93768556e1043c11f1385056395

                                                                                SHA1

                                                                                604cd2cc502d4d3e3d4fcd802e3f1b777b3f9294

                                                                                SHA256

                                                                                35ecc9bc5fc2316732cfc2d53af352e150d39ec6f09ff575f1dec1aa23c48765

                                                                                SHA512

                                                                                4b43e5e1171762caec221e21cda6a9001a96709dad23825f6bc07e3ae4204d964a6017f1ea15269f6e8772b1becd0a3cac37b7cc9d5e5cd4217ac721ee418827

                                                                                Download Submit
                                                                              • C:\Users\Admin\Desktop\SkyBlade\ModTools\Scripts\TechnicalDocumentation\jquery-1.9.1.min.js
                                                                                Filesize

                                                                                90KB

                                                                                MD5

                                                                                383771ef1692bfcc3f2b6917ca985778

                                                                                SHA1

                                                                                a1ce0bfa507f23cc414a9a7634bd73b994bb3b35

                                                                                SHA256

                                                                                20638e363fcc5152155f24b281303e17da62da62d24ef5dcf863b184d9a25734

                                                                                SHA512

                                                                                6101012d233c92dcc531e27ed33573d5b637a085e9f00e0658a1b6d6d9f64bcd69bd38717e4354b0c49c30607252295df8bf9477629cc366456f2ce3c9222538

                                                                                Download Submit
                                                                              • C:\Users\Admin\Desktop\SkyBlade\ModTools\Scripts\TechnicalDocumentation\nav.js
                                                                                Filesize

                                                                                1KB

                                                                                MD5

                                                                                147f45c1c097b4c2305dd632a5bc0ef9

                                                                                SHA1

                                                                                94f823225ab8aab6651a760b69d38324b97fac07

                                                                                SHA256

                                                                                0cfdb74a06621f4305915e42d93715deba1cd8ef573380019ae677e24d624f43

                                                                                SHA512

                                                                                8dc092af47c797cbf3898a1ead622d399446538872c07272d92c113fc42fab13bacb91dc62a938ad711532297cb7631d53ff365857cab6312b2e3f5967763425

                                                                                Download Submit
                                                                              • C:\Users\Admin\Desktop\SkyBlade\ModTools\Scripts\TechnicalDocumentation\styles.css
                                                                                Filesize

                                                                                6KB

                                                                                MD5

                                                                                ab06e936cee7dc2bf4effb40fcbe01b5

                                                                                SHA1

                                                                                86f33cc9838a8b9d6be88a791a3b002c55288072

                                                                                SHA256

                                                                                f4c1ca97a3aa7f628344e9a1c3490d0aa190cfa70a4fcf108246591d3a056eb6

                                                                                SHA512

                                                                                30768007260f1f5c2c1c29df35fb392e17bee1dedc365ecb5b69eaf66224e533f8631e00d3017d290cf0c91515691b222485db05bfb487fb4ee5a11be4c8884d

                                                                                Download Submit
                                                                              • C:\Users\Admin\Desktop\SkyBlade\Resources\cardIcons.png
                                                                                Filesize

                                                                                687KB

                                                                                MD5

                                                                                68996a0f13bf6034cbd21114359a3e26

                                                                                SHA1

                                                                                78c30ce831f26a5f3eeae5aac285c1e1ac9ea388

                                                                                SHA256

                                                                                3de1ca0ddcad89ed87ad352594ac6df366592c657992b33083a1b945ef8e2329

                                                                                SHA512

                                                                                cf3e761d6bb7a9015ec0c3d2847c37589121b5d10dd13a9d51106fbfb82125e6710a87a660151ee5d72ba0d4a76470337c22facb06d8455f3183d82c898b8853

                                                                                Download Submit
                                                                              • C:\Users\Admin\Desktop\SkyBlade\Resources\cols.png
                                                                                Filesize

                                                                                2KB

                                                                                MD5

                                                                                ed341a2068faf9b2c280c4caebeeecbb

                                                                                SHA1

                                                                                5a6834afb0426395b284b24313e89eb8ab51727c

                                                                                SHA256

                                                                                dcd815347e0a7e37a9c8168da417fd7f5db14d7aca04ba1bafc14d6ec786bc5f

                                                                                SHA512

                                                                                7baed77112e678b2f81b101bcc5eb5ded887e40bd5049ea90d8a4eb4eafe05b6fbf7b327f37545f2786e268824d370fde753bd21057ba9b72a7f8bf85f818c35

                                                                                Download Submit
                                                                              • C:\Users\Admin\Desktop\SkyBlade\Resources\links.png
                                                                                Filesize

                                                                                3KB

                                                                                MD5

                                                                                3da8249fbb761a08e69f90b8e2f24730

                                                                                SHA1

                                                                                3cb8417f2393dc7187cfc6744710a385a965cc3a

                                                                                SHA256

                                                                                a6c7ee0c0d1cb0cb511b3a0aeb618400e370b75ad59965c45002d9778b9e97d8

                                                                                SHA512

                                                                                4caa46942b4247baefa90bf4fed5ce17c36ed2ee285f892cf4c479f2bc0db920e158f4845ef7bfb59bffb8230b8e806868cfc0e586f669aec4255521bc93776d

                                                                                Download Submit
                                                                              • C:\Users\Admin\Desktop\SkyBlade\StartGame.exe
                                                                                Filesize

                                                                                1.8MB

                                                                                MD5

                                                                                22e9a832c4c9bb705d65ff11b31daab4

                                                                                SHA1

                                                                                e03118acc0918d828a5e41c2467642758148a09d

                                                                                SHA256

                                                                                ca88d5e1d164070489ab499916a5327b369c1f919c5ace2629f2fd33f89c6d49

                                                                                SHA512

                                                                                a22112ea127df4349984bf3ef69426e10853b744ecf9ee20206a1c9b6bf2fa54bce96f614d797d165d0e32f105a8972096fb3ec3efe32915029cf6c12024aa89

                                                                                Download Submit
                                                                              • C:\Users\Admin\Desktop\SkyBlade\StartGame.exe
                                                                                Filesize

                                                                                1.8MB

                                                                                MD5

                                                                                22e9a832c4c9bb705d65ff11b31daab4

                                                                                SHA1

                                                                                e03118acc0918d828a5e41c2467642758148a09d

                                                                                SHA256

                                                                                ca88d5e1d164070489ab499916a5327b369c1f919c5ace2629f2fd33f89c6d49

                                                                                SHA512

                                                                                a22112ea127df4349984bf3ef69426e10853b744ecf9ee20206a1c9b6bf2fa54bce96f614d797d165d0e32f105a8972096fb3ec3efe32915029cf6c12024aa89

                                                                                Download Submit
                                                                              • C:\Users\Admin\Desktop\SkyBlade\StartGame.exe
                                                                                Filesize

                                                                                1.8MB

                                                                                MD5

                                                                                22e9a832c4c9bb705d65ff11b31daab4

                                                                                SHA1

                                                                                e03118acc0918d828a5e41c2467642758148a09d

                                                                                SHA256

                                                                                ca88d5e1d164070489ab499916a5327b369c1f919c5ace2629f2fd33f89c6d49

                                                                                SHA512

                                                                                a22112ea127df4349984bf3ef69426e10853b744ecf9ee20206a1c9b6bf2fa54bce96f614d797d165d0e32f105a8972096fb3ec3efe32915029cf6c12024aa89

                                                                                Download Submit
                                                                              • C:\Users\Admin\Desktop\SkyBlade\StartGame.exe
                                                                                Filesize

                                                                                1.8MB

                                                                                MD5

                                                                                22e9a832c4c9bb705d65ff11b31daab4

                                                                                SHA1

                                                                                e03118acc0918d828a5e41c2467642758148a09d

                                                                                SHA256

                                                                                ca88d5e1d164070489ab499916a5327b369c1f919c5ace2629f2fd33f89c6d49

                                                                                SHA512

                                                                                a22112ea127df4349984bf3ef69426e10853b744ecf9ee20206a1c9b6bf2fa54bce96f614d797d165d0e32f105a8972096fb3ec3efe32915029cf6c12024aa89

                                                                                Download Submit
                                                                              • \??\pipe\LOCAL\crashpad_4876_IGPCXKYDTBBVTNOG
                                                                                MD5

                                                                                d41d8cd98f00b204e9800998ecf8427e

                                                                                SHA1

                                                                                da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                SHA256

                                                                                e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                SHA512

                                                                                cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                                Download Submit
                                                                              • \??\pipe\crashpad_4564_PTLVTGOXQCFSOOCE
                                                                                MD5

                                                                                d41d8cd98f00b204e9800998ecf8427e

                                                                                SHA1

                                                                                da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                SHA256

                                                                                e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                SHA512

                                                                                cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                                Download Submit
                                                                              • \??\pipe\crashpad_4996_KCDEMPKHWXUFHYHU
                                                                                MD5

                                                                                d41d8cd98f00b204e9800998ecf8427e

                                                                                SHA1

                                                                                da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                SHA256

                                                                                e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                SHA512

                                                                                cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                                Download Submit
                                                                              • memory/320-140-0x0000000000E80000-0x0000000001048000-memory.dmp
                                                                                Filesize

                                                                                1.8MB

                                                                                Download
                                                                              • memory/320-138-0x0000000000000000-mapping.dmp
                                                                                Download
                                                                              • memory/1516-155-0x0000000000E80000-0x0000000001048000-memory.dmp
                                                                                Filesize

                                                                                1.8MB

                                                                                Download
                                                                              • memory/1516-152-0x0000000000000000-mapping.dmp
                                                                                Download
                                                                              • memory/1652-197-0x0000000000000000-mapping.dmp
                                                                                Download
                                                                              • memory/2528-215-0x0000000000000000-mapping.dmp
                                                                                Download
                                                                              • memory/3112-190-0x0000000000000000-mapping.dmp
                                                                                Download
                                                                              • memory/3116-156-0x0000000000000000-mapping.dmp
                                                                                Download
                                                                              • memory/3132-175-0x0000000000E80000-0x0000000001048000-memory.dmp
                                                                                Filesize

                                                                                1.8MB

                                                                                Download
                                                                              • memory/3132-165-0x0000000000000000-mapping.dmp
                                                                                Download
                                                                              • memory/3816-193-0x0000000000000000-mapping.dmp
                                                                                Download
                                                                              • memory/4044-192-0x0000000000000000-mapping.dmp
                                                                                Download
                                                                              • memory/4044-194-0x00007FFC04820000-0x00007FFC04821000-memory.dmp
                                                                                Filesize

                                                                                4KB

                                                                                Download
                                                                              • memory/4172-162-0x00000000055A0000-0x0000000005616000-memory.dmp
                                                                                Filesize

                                                                                472KB

                                                                                Download
                                                                              • memory/4172-150-0x00000000052D0000-0x00000000053DA000-memory.dmp
                                                                                Filesize

                                                                                1.0MB

                                                                                Download
                                                                              • memory/4172-164-0x0000000006330000-0x00000000068D4000-memory.dmp
                                                                                Filesize

                                                                                5.6MB

                                                                                Download
                                                                              • memory/4172-163-0x00000000056C0000-0x0000000005752000-memory.dmp
                                                                                Filesize

                                                                                584KB

                                                                                Download
                                                                              • memory/4172-176-0x0000000006180000-0x00000000061E6000-memory.dmp
                                                                                Filesize

                                                                                408KB

                                                                                Download
                                                                              • memory/4172-168-0x00000000056A0000-0x00000000056BE000-memory.dmp
                                                                                Filesize

                                                                                120KB

                                                                                Download
                                                                              • memory/4172-143-0x0000000000400000-0x0000000000420000-memory.dmp
                                                                                Filesize

                                                                                128KB

                                                                                Download
                                                                              • memory/4172-148-0x0000000005760000-0x0000000005D78000-memory.dmp
                                                                                Filesize

                                                                                6.1MB

                                                                                Download
                                                                              • memory/4172-142-0x0000000000000000-mapping.dmp
                                                                                Download
                                                                              • memory/4172-181-0x0000000006CF0000-0x0000000006EB2000-memory.dmp
                                                                                Filesize

                                                                                1.8MB

                                                                                Download
                                                                              • memory/4172-184-0x0000000006C80000-0x0000000006CD0000-memory.dmp
                                                                                Filesize

                                                                                320KB

                                                                                Download
                                                                              • memory/4172-149-0x00000000051A0000-0x00000000051B2000-memory.dmp
                                                                                Filesize

                                                                                72KB

                                                                                Download
                                                                              • memory/4172-151-0x0000000005200000-0x000000000523C000-memory.dmp
                                                                                Filesize

                                                                                240KB

                                                                                Download
                                                                              • memory/4172-182-0x00000000073F0000-0x000000000791C000-memory.dmp
                                                                                Filesize

                                                                                5.2MB

                                                                                Download
                                                                              • memory/4660-203-0x0000000000000000-mapping.dmp
                                                                                Download
                                                                              • memory/4688-169-0x0000000000000000-mapping.dmp
                                                                                Download
                                                                              • memory/4736-200-0x0000000000000000-mapping.dmp
                                                                                Download
                                                                              • memory/4876-189-0x0000000000000000-mapping.dmp
                                                                                Download