hxxps://gitvhub[.]com/ee/game/raw/main/SkyBlade[.]zip

Analysis

max time kernel
149s
max time network
150s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
09/06/2023, 22:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gitvhub.com/ee/game/raw/main/SkyBlade.zip

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133308222335335611"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3648	chrome.exe
3648	chrome.exe
4940	chrome.exe
4940	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3648 wrote to memory of 3616	3648	chrome.exe	66
PID 3648 wrote to memory of 3616	3648	chrome.exe	66
PID 3648 wrote to memory of 3516	3648	chrome.exe	69
PID 3648 wrote to memory of 3516	3648	chrome.exe	69
PID 3648 wrote to memory of 3516	3648	chrome.exe	69
PID 3648 wrote to memory of 3516	3648	chrome.exe	69
PID 3648 wrote to memory of 3516	3648	chrome.exe	69
PID 3648 wrote to memory of 3516	3648	chrome.exe	69
PID 3648 wrote to memory of 3516	3648	chrome.exe	69
PID 3648 wrote to memory of 3516	3648	chrome.exe	69
PID 3648 wrote to memory of 3516	3648	chrome.exe	69
PID 3648 wrote to memory of 3516	3648	chrome.exe	69
PID 3648 wrote to memory of 3516	3648	chrome.exe	69
PID 3648 wrote to memory of 3516	3648	chrome.exe	69
PID 3648 wrote to memory of 3516	3648	chrome.exe	69
PID 3648 wrote to memory of 3516	3648	chrome.exe	69
PID 3648 wrote to memory of 3516	3648	chrome.exe	69
PID 3648 wrote to memory of 3516	3648	chrome.exe	69
PID 3648 wrote to memory of 3516	3648	chrome.exe	69
PID 3648 wrote to memory of 3516	3648	chrome.exe	69
PID 3648 wrote to memory of 3516	3648	chrome.exe	69
PID 3648 wrote to memory of 3516	3648	chrome.exe	69
PID 3648 wrote to memory of 3516	3648	chrome.exe	69
PID 3648 wrote to memory of 3516	3648	chrome.exe	69
PID 3648 wrote to memory of 3516	3648	chrome.exe	69
PID 3648 wrote to memory of 3516	3648	chrome.exe	69
PID 3648 wrote to memory of 3516	3648	chrome.exe	69
PID 3648 wrote to memory of 3516	3648	chrome.exe	69
PID 3648 wrote to memory of 3516	3648	chrome.exe	69
PID 3648 wrote to memory of 3516	3648	chrome.exe	69
PID 3648 wrote to memory of 3516	3648	chrome.exe	69
PID 3648 wrote to memory of 3516	3648	chrome.exe	69
PID 3648 wrote to memory of 3516	3648	chrome.exe	69
PID 3648 wrote to memory of 3516	3648	chrome.exe	69
PID 3648 wrote to memory of 3516	3648	chrome.exe	69
PID 3648 wrote to memory of 3516	3648	chrome.exe	69
PID 3648 wrote to memory of 3516	3648	chrome.exe	69
PID 3648 wrote to memory of 3516	3648	chrome.exe	69
PID 3648 wrote to memory of 3516	3648	chrome.exe	69
PID 3648 wrote to memory of 3516	3648	chrome.exe	69
PID 3648 wrote to memory of 4332	3648	chrome.exe	68
PID 3648 wrote to memory of 4332	3648	chrome.exe	68
PID 3648 wrote to memory of 4568	3648	chrome.exe	70
PID 3648 wrote to memory of 4568	3648	chrome.exe	70
PID 3648 wrote to memory of 4568	3648	chrome.exe	70
PID 3648 wrote to memory of 4568	3648	chrome.exe	70
PID 3648 wrote to memory of 4568	3648	chrome.exe	70
PID 3648 wrote to memory of 4568	3648	chrome.exe	70
PID 3648 wrote to memory of 4568	3648	chrome.exe	70
PID 3648 wrote to memory of 4568	3648	chrome.exe	70
PID 3648 wrote to memory of 4568	3648	chrome.exe	70
PID 3648 wrote to memory of 4568	3648	chrome.exe	70
PID 3648 wrote to memory of 4568	3648	chrome.exe	70
PID 3648 wrote to memory of 4568	3648	chrome.exe	70
PID 3648 wrote to memory of 4568	3648	chrome.exe	70
PID 3648 wrote to memory of 4568	3648	chrome.exe	70
PID 3648 wrote to memory of 4568	3648	chrome.exe	70
PID 3648 wrote to memory of 4568	3648	chrome.exe	70
PID 3648 wrote to memory of 4568	3648	chrome.exe	70
PID 3648 wrote to memory of 4568	3648	chrome.exe	70
PID 3648 wrote to memory of 4568	3648	chrome.exe	70
PID 3648 wrote to memory of 4568	3648	chrome.exe	70
PID 3648 wrote to memory of 4568	3648	chrome.exe	70
PID 3648 wrote to memory of 4568	3648	chrome.exe	70

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://gitvhub.com/ee/game/raw/main/SkyBlade.zip
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffd253f9758,0x7ffd253f9768,0x7ffd253f9778
  2⤵
  PID:3616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1924 --field-trial-handle=1752,i,16807721008649831659,7082628816951924840,131072 /prefetch:8
  2⤵
  PID:4332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1752,i,16807721008649831659,7082628816951924840,131072 /prefetch:2
  2⤵
  PID:3516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2092 --field-trial-handle=1752,i,16807721008649831659,7082628816951924840,131072 /prefetch:8
  2⤵
  PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2968 --field-trial-handle=1752,i,16807721008649831659,7082628816951924840,131072 /prefetch:1
  2⤵
  PID:2600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2956 --field-trial-handle=1752,i,16807721008649831659,7082628816951924840,131072 /prefetch:1
  2⤵
  PID:2168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4428 --field-trial-handle=1752,i,16807721008649831659,7082628816951924840,131072 /prefetch:1
  2⤵
  PID:1908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3272 --field-trial-handle=1752,i,16807721008649831659,7082628816951924840,131072 /prefetch:1
  2⤵
  PID:3824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3296 --field-trial-handle=1752,i,16807721008649831659,7082628816951924840,131072 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3112 --field-trial-handle=1752,i,16807721008649831659,7082628816951924840,131072 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 --field-trial-handle=1752,i,16807721008649831659,7082628816951924840,131072 /prefetch:8
  2⤵
  PID:1288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5400 --field-trial-handle=1752,i,16807721008649831659,7082628816951924840,131072 /prefetch:8
  2⤵
  PID:1284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 --field-trial-handle=1752,i,16807721008649831659,7082628816951924840,131072 /prefetch:8
  2⤵
  PID:244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4280 --field-trial-handle=1752,i,16807721008649831659,7082628816951924840,131072 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5440 --field-trial-handle=1752,i,16807721008649831659,7082628816951924840,131072 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5012 --field-trial-handle=1752,i,16807721008649831659,7082628816951924840,131072 /prefetch:8
  2⤵
  PID:4120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5772 --field-trial-handle=1752,i,16807721008649831659,7082628816951924840,131072 /prefetch:8
  2⤵
  PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5072 --field-trial-handle=1752,i,16807721008649831659,7082628816951924840,131072 /prefetch:8
  2⤵
  PID:2532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4424 --field-trial-handle=1752,i,16807721008649831659,7082628816951924840,131072 /prefetch:8
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4512 --field-trial-handle=1752,i,16807721008649831659,7082628816951924840,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4940

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3084

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
6a4d39a019b8b072f3ddaf556c3704bd

SHA1
1115888e20790a03deebe7013f686e4c7e3e8163

SHA256
b3278833b776082331dddafa77dc96cf3f77a346e91f442e194c4d0466164482

SHA512
ca9cb855cd317871608eda20ea1493ef1aaae8e1bcb21929b7cd0762b2c05a915ef49ba6574c4c2afbc25c4b4ff5b35c65be3b19b93f5cd0f6cae2f9814899d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\22033c11-cd30-469a-8827-9e9eb28ee69f.tmp

Filesize
1KB

MD5
226fc3c853c7a6770b63bc0ad90947d5

SHA1
aa1f5c453ea814dde3c84da89de3bad3985ec7cb

SHA256
d036a6fe48e7840df478a593cd795e9bad3072aa0eda6131b7858755555bafe4

SHA512
bf95d199833f8c9e11a925bde4641cfede7ff070045859322e8d5b76b432451dadb07d9e4b9513b39caab7fa7fe16f6c824f37a9df108b79aea51c762a99e673

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
1ab72efea3e20a01864bc8ea00aa922f

SHA1
8f2192e3a186e18eb43a2fdf6b55ab74151f937a

SHA256
eb0db2979a61fd7d5bd4f8e1d4817bd6928e3e185218e4e9d8bb7923099d6fa2

SHA512
74c4586e1ec35217687e28150b4bb34a7e88e4a04fe7b535b46bb109b427098e47125ee4843d55f61feefa145d3aff73b170fc353b332eaf5457dd2363faea74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
3dbcce4412d18b191eb206e2f839d3bc

SHA1
e880247c4cd66e79aa7706e1a26e5c61ed5b3893

SHA256
07076dd8a69eea3ca1407fae682f2d9dd22f4109d219d1a94156976f363efb51

SHA512
4af23340c5971962ddeda422846e6b2f20826a9ceb2150f4bf82dd2f70839793d148fd3c77e6804856340f7966e368b58a9a3810bd1cf9c88899cb55f2139eeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b1b65832983fa4274b7a375443cf991f

SHA1
1edd8fb1816b105d54169ac49d722404c195131f

SHA256
15609ee690b2fae08ce92afd856bcd224316ab1f21f88277618a677edadd69e7

SHA512
67c50bfdbc218bc293b77d2b1b6482d8cce3e37ef5cc7c1177299697f4288fa0b79980253494bfda303c6d1298cc39683fda25ff3f9c8e8e4bf7b2bbb2755488

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
82799f6f0fd52bfb59d8fa75eef5cf00

SHA1
bf12362ee4850c6923c57f462d1e5f69c591b0eb

SHA256
62077f1faa47892b763bcd3c5e3a468c9941931b706d7c866f9080ae127c87d0

SHA512
c7e9fade93d977eeadb744e81d6a241933cb26e56f418034363f8fec3c53e3b997b8428e3ea0d2dd9a350f23bc8f06a4b3c5b22bcfe6e65b6b3e9ff8856c4eb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
767c994b14247af0975cadf52c65d286

SHA1
68e19f588deec17d570d331f4eea380dc4a3c3e9

SHA256
c67af13c705d7255bdbb81b02008d0a03385045aa3fa355eb8542f99c1be3ab8

SHA512
e145edd57de11c33ecb58230be2df29e14f469d9ad5840f5f4966b710b845ecdc19b30e11c92a99ed4ab52eece1738db30d644230294a6c02303f50a729ceb0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
0beef1e714b553da4fd71366277c0d31

SHA1
5c36e69d6a16007ed39d0c72cf77f9cae2c94285

SHA256
0f87b71ee48538ae9d850df38fc4ac4269bb5b5d5eca76827833fffbbd4c0998

SHA512
e162c186239b659f9f1fd5e878f45aa9b9bddff489940a58b1d1b4e787f41d07b18e1714b191fce39d5d5237c76c8ab97ba87be0658473abe39eb2b978543910

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
158KB

MD5
c6910954e05dcd7b6a1fc35af7339dc9

SHA1
799073cb00b05d2c71599a5e58bedd85b2c567a0

SHA256
92f7d833f4e52fd768e27bdd6518d6f29708ec91c7be02593682d24e8b256aeb

SHA512
503208bc582fb61adcfe343c4f1186b06ab552d15b1bd767fd0a923c8e3040e73d1329c5a3aacc206ab28586c7b9c655ca92e1a550ad0a27929b9b9b07c7630b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
158KB

MD5
a24701476e91d77d6b4b85db55fbda3d

SHA1
60a7de7f2ca2d3f60864cb1a41bb94e3f4bc759c

SHA256
036b183c847e9fcdeb486d2732ed4db235f56a5e76e4ea3f025d8ec6c589e51f

SHA512
c029f0202f8c88f46622ec36cd8d3432578be4bef40eee2d7c279a1603d509199af19c98934b67dfac663df5cccd13efafbce3503bee019ad6d53f5e524e91f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit