e5435c0e86a8181a3d88206d5dd47145f2aa768afcae6d8c2ae449f8601a8724

Analysis

max time kernel
1798s
max time network
1703s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
21/03/2025, 08:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Game.exe
Size

137KB
MD5

bd9ebb7d09f9111a9f0a0ba2238eaf80
SHA1

28c753124d845f61373be87d392ab839914ebdc5
SHA256

e5435c0e86a8181a3d88206d5dd47145f2aa768afcae6d8c2ae449f8601a8724
SHA512

f2dcdc9a1e64af74eeded730112d87d97ca2e5d894f25324b27c5f1b0680c948e3bcc73136615a4822ac6a75ac43c3b21fb8dcd031ae4203c2798bc6f9773231
SSDEEP

3072:fWK+I+/wslzo5lwTU6gixJpLOaHIYsrIjPW4:fWK+xZSixJEaoYsM+4

Score

7^/10

aspackv2 bootkit discovery persistence

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral1/files/0x000400000001d9b9-1184.dat	aspack_v212_v242

Executes dropped EXE 3 IoCs

pid	Process
2124	Game.exe
1740	Game.exe
1824	Game.exe

Loads dropped DLL 3 IoCs

pid	Process
2124	Game.exe
1740	Game.exe
1824	Game.exe

Writes to the Master Boot Record (MBR) 1 TTPs 3 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	Game.exe
File opened for modification	\??\PhysicalDrive0	Game.exe
File opened for modification	\??\PhysicalDrive0	Game.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Game.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Game.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Game.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	Game.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	Game.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_Classes\Local Settings	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	Game.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	Game.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	Game.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	Game.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	Game.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	Game.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	Game.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2352	rundll32.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2640	7zG.exe
2640	7zG.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2192 wrote to memory of 696	2192	chrome.exe	32
PID 2192 wrote to memory of 696	2192	chrome.exe	32
PID 2192 wrote to memory of 696	2192	chrome.exe	32
PID 2192 wrote to memory of 2804	2192	chrome.exe	34
PID 2192 wrote to memory of 2804	2192	chrome.exe	34
PID 2192 wrote to memory of 2804	2192	chrome.exe	34
PID 2192 wrote to memory of 2804	2192	chrome.exe	34
PID 2192 wrote to memory of 2804	2192	chrome.exe	34
PID 2192 wrote to memory of 2804	2192	chrome.exe	34
PID 2192 wrote to memory of 2804	2192	chrome.exe	34
PID 2192 wrote to memory of 2804	2192	chrome.exe	34
PID 2192 wrote to memory of 2804	2192	chrome.exe	34
PID 2192 wrote to memory of 2804	2192	chrome.exe	34
PID 2192 wrote to memory of 2804	2192	chrome.exe	34
PID 2192 wrote to memory of 2804	2192	chrome.exe	34
PID 2192 wrote to memory of 2804	2192	chrome.exe	34
PID 2192 wrote to memory of 2804	2192	chrome.exe	34
PID 2192 wrote to memory of 2804	2192	chrome.exe	34
PID 2192 wrote to memory of 2804	2192	chrome.exe	34
PID 2192 wrote to memory of 2804	2192	chrome.exe	34
PID 2192 wrote to memory of 2804	2192	chrome.exe	34
PID 2192 wrote to memory of 2804	2192	chrome.exe	34
PID 2192 wrote to memory of 2804	2192	chrome.exe	34
PID 2192 wrote to memory of 2804	2192	chrome.exe	34
PID 2192 wrote to memory of 2804	2192	chrome.exe	34
PID 2192 wrote to memory of 2804	2192	chrome.exe	34
PID 2192 wrote to memory of 2804	2192	chrome.exe	34
PID 2192 wrote to memory of 2804	2192	chrome.exe	34
PID 2192 wrote to memory of 2804	2192	chrome.exe	34
PID 2192 wrote to memory of 2804	2192	chrome.exe	34
PID 2192 wrote to memory of 2804	2192	chrome.exe	34
PID 2192 wrote to memory of 2804	2192	chrome.exe	34
PID 2192 wrote to memory of 2804	2192	chrome.exe	34
PID 2192 wrote to memory of 2804	2192	chrome.exe	34
PID 2192 wrote to memory of 2804	2192	chrome.exe	34
PID 2192 wrote to memory of 2804	2192	chrome.exe	34
PID 2192 wrote to memory of 2804	2192	chrome.exe	34
PID 2192 wrote to memory of 2804	2192	chrome.exe	34
PID 2192 wrote to memory of 2804	2192	chrome.exe	34
PID 2192 wrote to memory of 2804	2192	chrome.exe	34
PID 2192 wrote to memory of 2804	2192	chrome.exe	34
PID 2192 wrote to memory of 2804	2192	chrome.exe	34
PID 2192 wrote to memory of 2964	2192	chrome.exe	35
PID 2192 wrote to memory of 2964	2192	chrome.exe	35
PID 2192 wrote to memory of 2964	2192	chrome.exe	35
PID 2192 wrote to memory of 2680	2192	chrome.exe	36
PID 2192 wrote to memory of 2680	2192	chrome.exe	36
PID 2192 wrote to memory of 2680	2192	chrome.exe	36
PID 2192 wrote to memory of 2680	2192	chrome.exe	36
PID 2192 wrote to memory of 2680	2192	chrome.exe	36
PID 2192 wrote to memory of 2680	2192	chrome.exe	36
PID 2192 wrote to memory of 2680	2192	chrome.exe	36
PID 2192 wrote to memory of 2680	2192	chrome.exe	36
PID 2192 wrote to memory of 2680	2192	chrome.exe	36
PID 2192 wrote to memory of 2680	2192	chrome.exe	36
PID 2192 wrote to memory of 2680	2192	chrome.exe	36
PID 2192 wrote to memory of 2680	2192	chrome.exe	36
PID 2192 wrote to memory of 2680	2192	chrome.exe	36
PID 2192 wrote to memory of 2680	2192	chrome.exe	36
PID 2192 wrote to memory of 2680	2192	chrome.exe	36
PID 2192 wrote to memory of 2680	2192	chrome.exe	36
PID 2192 wrote to memory of 2680	2192	chrome.exe	36
PID 2192 wrote to memory of 2680	2192	chrome.exe	36
PID 2192 wrote to memory of 2680	2192	chrome.exe	36

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\Game.exe
"C:\Users\Admin\AppData\Local\Temp\Game.exe"
1⤵
PID:2340

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6cf9758,0x7fef6cf9768,0x7fef6cf9778
  2⤵
  PID:696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1176 --field-trial-handle=1356,i,13893981945732918535,2940429536867568169,131072 /prefetch:2
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1356,i,13893981945732918535,2940429536867568169,131072 /prefetch:8
  2⤵
  PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1588 --field-trial-handle=1356,i,13893981945732918535,2940429536867568169,131072 /prefetch:8
  2⤵
  PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2296 --field-trial-handle=1356,i,13893981945732918535,2940429536867568169,131072 /prefetch:1
  2⤵
  PID:684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2308 --field-trial-handle=1356,i,13893981945732918535,2940429536867568169,131072 /prefetch:1
  2⤵
  PID:596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1468 --field-trial-handle=1356,i,13893981945732918535,2940429536867568169,131072 /prefetch:2
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1380 --field-trial-handle=1356,i,13893981945732918535,2940429536867568169,131072 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1428 --field-trial-handle=1356,i,13893981945732918535,2940429536867568169,131072 /prefetch:8
  2⤵
  PID:1824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3596 --field-trial-handle=1356,i,13893981945732918535,2940429536867568169,131072 /prefetch:8
  2⤵
  PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3624 --field-trial-handle=1356,i,13893981945732918535,2940429536867568169,131072 /prefetch:8
  2⤵
  PID:1816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=908 --field-trial-handle=1356,i,13893981945732918535,2940429536867568169,131072 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 --field-trial-handle=1356,i,13893981945732918535,2940429536867568169,131072 /prefetch:8
  2⤵
  PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2028 --field-trial-handle=1356,i,13893981945732918535,2940429536867568169,131072 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3944 --field-trial-handle=1356,i,13893981945732918535,2940429536867568169,131072 /prefetch:8
  2⤵
  PID:2040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4120 --field-trial-handle=1356,i,13893981945732918535,2940429536867568169,131072 /prefetch:8
  2⤵
  PID:940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1356,i,13893981945732918535,2940429536867568169,131072 /prefetch:8
  2⤵
  PID:1868
- C:\Windows\system32\rundll32.exe
  "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\Downloads\BLACK_SOULS.rar
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4184 --field-trial-handle=1356,i,13893981945732918535,2940429536867568169,131072 /prefetch:8
  2⤵
  PID:2484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2112 --field-trial-handle=1356,i,13893981945732918535,2940429536867568169,131072 /prefetch:1
  2⤵
  PID:544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1860 --field-trial-handle=1356,i,13893981945732918535,2940429536867568169,131072 /prefetch:8
  2⤵
  PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2036 --field-trial-handle=1356,i,13893981945732918535,2940429536867568169,131072 /prefetch:8
  2⤵
  PID:276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=1864 --field-trial-handle=1356,i,13893981945732918535,2940429536867568169,131072 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=1868 --field-trial-handle=1356,i,13893981945732918535,2940429536867568169,131072 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3488 --field-trial-handle=1356,i,13893981945732918535,2940429536867568169,131072 /prefetch:1
  2⤵
  PID:2852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4336 --field-trial-handle=1356,i,13893981945732918535,2940429536867568169,131072 /prefetch:8
  2⤵
  PID:832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4500 --field-trial-handle=1356,i,13893981945732918535,2940429536867568169,131072 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4688 --field-trial-handle=1356,i,13893981945732918535,2940429536867568169,131072 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4740 --field-trial-handle=1356,i,13893981945732918535,2940429536867568169,131072 /prefetch:8
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4724 --field-trial-handle=1356,i,13893981945732918535,2940429536867568169,131072 /prefetch:8
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=4972 --field-trial-handle=1356,i,13893981945732918535,2940429536867568169,131072 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=4672 --field-trial-handle=1356,i,13893981945732918535,2940429536867568169,131072 /prefetch:1
  2⤵
  PID:1120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=3988 --field-trial-handle=1356,i,13893981945732918535,2940429536867568169,131072 /prefetch:1
  2⤵
  PID:1212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4424 --field-trial-handle=1356,i,13893981945732918535,2940429536867568169,131072 /prefetch:8
  2⤵
  PID:3000

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2976

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x500
1⤵
PID:2664

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1812

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap16080:84:7zEvent8735
1⤵
- Suspicious use of FindShellTrayWindow
PID:2640

C:\Users\Admin\Downloads\BLACK SOULS\Game.exe
"C:\Users\Admin\Downloads\BLACK SOULS\Game.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2124

C:\Users\Admin\Downloads\BLACK SOULS\Game.exe
"C:\Users\Admin\Downloads\BLACK SOULS\Game.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:1740

C:\Users\Admin\Downloads\BLACK SOULS\Game.exe
"C:\Users\Admin\Downloads\BLACK SOULS\Game.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:1824

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
71KB

MD5
83142242e97b8953c386f988aa694e4a

SHA1
833ed12fc15b356136dcdd27c61a50f59c5c7d50

SHA256
d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755

SHA512
bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e907d692f9f671d61aae15a715213c63

SHA1
920223b91a7788da530ee5232f4844c759090e18

SHA256
7bda5a38385061920062052f2f22b1d0162d461d1c97cd1422cffca76135c835

SHA512
dcc08a4023ccea1cad75b1a5d85762ef22c1be10896692b521c0a7caa5ddd8a504a564d99bdc091436aa98725b772e552621ee52ecf62fbde75b7bae477bbb6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\5fce9241-080a-414c-a171-efd0752741fa.tmp

Filesize
6KB

MD5
7ace7f6bd0505434a10a44582a31a7af

SHA1
a04e535ac3ada4645807b191cedb26938d5d3750

SHA256
0c8d0bc278044d82f3c20070ded215296962e16857b8db502e6e81a1ebd9af23

SHA512
a5cecb91ab3bee6471073041104ca32a14b3f6643b0c274541b1aab538e40156be0a6551586f1ce6044c7354f8d1b168748c2fa14a79516312503f446377f5b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
63KB

MD5
55df25a7686879a4d246310fd4737a79

SHA1
5933c3ddf1ab92b253d2aaed09b8b04720011ced

SHA256
7fbcff1a8543b5c2e3593434e7762f03fd3fd00fdfdafae0cb8e94720439a15f

SHA512
a912d34b6d24b18e8541053f4158523ff5ddfca2fb8d24dd8a735707dd7355dbbef3dca976f42082d338d8a51b7bb1c2aabe9a6e1f6f5384ca226f8b6c856a68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
38KB

MD5
f53236bc138719b68ccd1c7efb02a276

SHA1
26b7d3eea5d3b12d0b0e173ebf2af50a7d7e56d6

SHA256
787c14f8cc865430c03c96a345044b7c5b8dc8a032511a500d4a42228533acd8

SHA512
5485bc7ccce8ec75f60bca3be846086a4bd4466009c8e22da9cdd16bb1154529af2fb2667cd3a97485cc4f6635fb79ac0fdda4f3e1f39f25f6196f708a92d740

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005a

Filesize
71KB

MD5
a03260f5485123ac0f7201c96a240171

SHA1
a7b1d3ab12dabd835a68144d0042074f7cdd5355

SHA256
da16ef951f60b0fe8e66afc16eac2049c70fa0932b150bdecfcff742188fd70a

SHA512
99c5618c8e443330c79b4b7148d7f48e8d2da0cc1fd30381b9ed394e43d4d2219dfbd295a56c485dc67d5432e8fd23b3d7fb7e999c66af2899ca7b872f0f69cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005b

Filesize
409KB

MD5
38f87a4727d3540261e6e8d51a4c9f17

SHA1
dbc233d941c5f784553ab6202eacccf39ec0345f

SHA256
9cafec757574abbbdc188189501d49b6d936e9fe5160b82e552d132193a2264a

SHA512
82c8e426ac2fc90d93fde3fa808921c0696504a66d3e04c148357c8ed3e921ff132667440dfdef4e95ff377e4be30ad5ff1ab96285c13d9d067c68d7b473b81e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000063

Filesize
197KB

MD5
c8535e48efcced3cc1fe1ff78d28251a

SHA1
962e4d7ff0d8f68e5d8caced19eb636203567784

SHA256
e50247b6afbba4694d5f9e304595922ecff494b237b9a6eac37c2bede5efd964

SHA512
5e4b3ffa9058f3ce4dc4e8c10815f56c221cd8703905c641d6efaeb2a3341478e96bf99b6495759033ce0812d1bfe8cec5a306055fcb0b7b897bb2e1f2319372

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000064

Filesize
326KB

MD5
501a6d4f08de9267914c24b1a309f087

SHA1
0c289eeccd8e7d979654393e16fbaa7535b373aa

SHA256
5b49d494ba814ba2ab40100d6585cb92c5a7cef6c6bc0e982e2703042e9aa43f

SHA512
ade166ae87a97fd3deb2d995530f5b187a788456d52e5751a381c25dd0ec27d8ad04e9d8f3991a5db1e72df2996e4cbb214597baf7dad943beaf193aa5ef5625

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00008c

Filesize
76KB

MD5
9ca8f54dc66857b7c68314fe3036563f

SHA1
1de2e47c2c7ab9aa3d71e47d6783c9940c1fe995

SHA256
06cf7726507ff9500b7491e5dff65d2923988ea3e365e2bba03e16ca606b0085

SHA512
3d7e692a6f36e82605e53870dd00f72ac5b825de4d039222abbcd7c820b33f2219a619e8a3229a3e547306016062678d949b073f5e0bf9636f779b27528f0dad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
d0f7ec6213ffa3c2d7dd07eb83302847

SHA1
61558296dca2319ab246f32f240edf4bcb5acea1

SHA256
347893a19ee04a108f6b37b0856624a398cbb7864d7cf69d978382dc28288e90

SHA512
bce8fc33200270535f73e34555ccc65a9a2f61b9050b7c6b2b0d57b58ac6914a0b56d794502e417fd20dbc240def383f6cd81f6337cc203bc620e67f1d46f0fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
4beb1fbabaa2768dd27fbcbe0b3099fe

SHA1
e7ac86583b23522637de17506b3e47d032f802f2

SHA256
8289f7789e7f3cafb6ce9989f0f9c60203ec8f25e09104e1047e0609dc6590ea

SHA512
006a8b742b42a5ba3d88fc95b6bef0053f67a6f3eba4deba792d90432352b2198d0eaf057ab0fa207f6b36734c08bf6e629d18164e811b6bfb4fd59817089900

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\p\00\00000000

Filesize
1.9MB

MD5
12e8f03579e9223a2327c9913d13489f

SHA1
c8cc395b1b802668a90135c20a9a2e9bcce5f2e8

SHA256
07979c49bfaa098af1256eba362a2c808ee029554e5c1eb7f851f5f96f234924

SHA512
98c4de763f923529ba67430b68462f17aecc9a118633a58ca1d3f897bffaf2ddf37b3f124b201b41d7d7f80fb31e65d41aa653ad1a49dff4a08c44d4cab8bb26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\000005.ldb

Filesize
761B

MD5
910cfac024b54e9d69785965d4f3e678

SHA1
b9d1a46cd895a8735f745caaf0ca7e2be1ad5cfd

SHA256
2f741e45da1f563aa9f4189c93004c9812d378a3e5b6dcdbff4a6f9011c8d4c4

SHA512
87574c88e5af65d6ca56b1286f56b635978a8bc69f8f6108b4805ede243a2a31895a0131a0cf613f33c4a4b11e10da0483eb332cf98b34547a1f3e6aa430083f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\000019.ldb

Filesize
4KB

MD5
13df60d097394225b415713c1070b1b7

SHA1
5cf9e8b156b94ac066425791f652bbf92e66a17b

SHA256
f410f51d9a51d5238f5dc1770e0b5276873af401b62f59e8dff59ff415e13211

SHA512
cbb8dde8e5c527cf5a2da56a8c95d357b11338408be09ac6f433bec4ac1c6b9dc56222a3592db259cee6261d187b749f0f8de04a3ad74a6913bc7a18a2cd17a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\000021.ldb

Filesize
86KB

MD5
43bb5388b9ee06d6527ec0648ce9f39b

SHA1
508fd8d1bdbf4eae58770664d070ac029c824171

SHA256
d3d3a2de6f2e8bbb466a9de8597827ea1d41e366a3140fb7058ac2a35580d431

SHA512
fad5e1d50912b3475122575db5c8d473ae8e5658844913cc7ba7c9922b1aff6a068a0b6096255a0acee95b4688c411fb04220819930e7e248cf4fce0ab36f552

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\000032.ldb

Filesize
11KB

MD5
56c146a75d5314f0bea15288811a13fe

SHA1
4ade091c814e2df93d0326a85e4d7a6d6a15b76e

SHA256
2be7622472f50dbaaccd93783277a15a26c91a54e5eb81330a71a523830fe9ac

SHA512
d54cdbf38c299608ae69db5b20b0c88778a1ce00b03256ae894bd8ad5da3dd9e9d92430084af4215b22222819d9737453d004889ffb654e93db0ccd58737b0a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\000034.ldb

Filesize
122KB

MD5
abfb977ea3d8f43c1e889b8b976eb46f

SHA1
a374a9cec8ed4d635c63a40a7eac807b48ed025c

SHA256
1611ec947be3f1847ebc261672949909ee282013dab33e884c3448c5f6791301

SHA512
b7bcca6f4895b7e5678aa9c405b00340da9e7ebe7c17e066702b5b55396f886c82bbcb2513e271d9513f3cf3de2952733feb4d094e063aad4e7358b84f2b0d34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
a6813b63372959d9440379e29a2b2575

SHA1
394c17d11669e9cb7e2071422a2fd0c80e4cab76

SHA256
e6325e36f681074fccd2b1371dbf6f4535a6630e5b95c9ddff92c48ec11ce312

SHA512
3215a0b16c833b46e6be40fe8e3156e91ec0a5f5d570a5133b65c857237826053bf5d011de1fcc4a13304d7d641bcba931178f8b79ee163f97eb0db08829e711

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
edd71dd3bade6cd69ff623e1ccf7012d

SHA1
ead82c5dd1d2025d4cd81ea0c859414fbd136c8d

SHA256
befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6

SHA512
7fa9b9ef95db0ce461de821f0dec1be8147095680b7879bad3c5752692294f94ebc202b85577b5abac9aeaf48371595dd61792786a43c0bd9b36c9fc3752669d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
2091e7af40368b8a9183a08a62efc8f9

SHA1
c552e8726cfab57eeb03d5e176cedd0771382530

SHA256
368b5cdab2ff128767296bb4f19bfcd39baa627eaaf43cafba54fc223feec47f

SHA512
c4d0d89ab6ca7ed48f10c8bc3211a3a1a8776a54ff58bf79940921d6e1b06fdccb9b593ac8d4b7cc2cb80f320f72cbd3104fe2ed67b1462b9d59356c75b4b4e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
509013020cd5cf3f4edb5ca4560e8300

SHA1
43c9c51700a273d818e7332421203541697cba4c

SHA256
765840776810ca47da891b5f31a5cc323d27d1a41d3a4e32f1cd7126a95c0361

SHA512
25761de615ce7296906f0513fcfaee3d09a76885180b8fe0c0a12d265ab9576ff78cea2e2c36b13dba225b57cedcd82013c844eaab7489cc447f620eff23eb46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
a3d99fa13d5ed116eef9950d4fbe65a1

SHA1
d9ffcf00c3f44e9581a362802c4c3dad47aefa4d

SHA256
5855fa6fb152d4af37b0cf30717521c5f635730152f099d08c3d88b902bb828e

SHA512
e84c165987fb5300ddd60466c6bc18f0906d743073bb9595a2c63945be2fc4a0c433867c7013b2a83ed970a6b37c081ddf861a00a26ec41d34a2e251cc20e89e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
cb463a187656136e5fb785ff1ab39d34

SHA1
e603cc58ec1fe653725edaf34a3a81611a47767b

SHA256
a862e4609828cba8eab134b36f78f426b120fb19b2cc22f9b77b0e03dd121d9a

SHA512
4818ec168c593a60bfd207d12fbe37d800e8ad9a3658d519d3de284331b61f9152361eeef93a99817ded1cc965932213c4303f07169fc513a28a61602c5cf535

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
3bfae29547a46de41409c412f6261bc2

SHA1
3dd8317320e9dfefb0893ec4bcda0998d98f28ed

SHA256
7aa2c6f4da8ee456f65b8594b2ecda649d2f8a0aa921953c3391b4e19417b3ea

SHA512
aa881ce6b507ed5ae18c4b3d017b1ef76b7cc9bcaad2314613b0d5fbd4313084c131c98dac5f7935ce43ed21abd13ccfacf901f020a5011f478752e52a30cc8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
2df295f2f652255d5a53adb3ca7dcf6f

SHA1
b654c2ca25294f93fc0576358d28bbdf6cc6ec5e

SHA256
5ac0419cc8f96e29d6e8e60a241ca7a00e2ca4426bc77452c907f059f48ed699

SHA512
92029589ab35e77182f9b2d2b302114d60b4250738b17b78c10fea4505bf8b01502375519c64f459aafc8945760f263519a5f0c40c5992b22557a9923909c441

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
a874f3e3462932a0c15ed8f780124fc5

SHA1
966f837f42bca5cac2357cff705b83d68245a2c2

SHA256
01bd196d6a114691ec642082ebf6591765c0168d4098a0cd834869bd11c8b87d

SHA512
382716d6fc0791ca0ccfa1efba318cff92532e04038e9b9aa4c27447ac2cac26c79da8ee7dbafae63278df240f0a8cab5efea2ee34eef2e54e884784147e6d00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
249B

MD5
1630a96447c0bf5c724dd2902c4108ec

SHA1
d5f3d99a25950d72530287ea360aab80f894409b

SHA256
84ee04490d69100572d56c69c6dae7509bf6e1795d73d8d819c314563dadfeaa

SHA512
b2a94918dc36ecc75ec2280c6896644d060638b6eccd0da4a65d4e2e7a2a4aaa7152916dd7a0bd18e7413ee8ab7167f5b14b195a4ff078fb07684adaf2f8b435

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
256B

MD5
4131ccf783bed49b440123a887b28e1e

SHA1
94938b2e5be4e83f2f614a63e10748b4ab4dcca4

SHA256
cdced107079322d07fe45569886d6b7f1a635a2ba62a5b4581b3e576814605e0

SHA512
99a780d794631f9ffb0f6a591348e829b45e8a41edd918ace870b688355050f42da9d11f0bd0a9fcb36d57ed8d8bbf7148a1940462bf1e6a12aa5f41577bab0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
247B

MD5
bd060b68290a79d7c3485c44cac219ed

SHA1
3ee4a61542c82d63aabb4ad5dfddfb64413b05b9

SHA256
8dd614434272df5dde741709437433234cfc93e4ad585384436f9827c3f87852

SHA512
8991651c12a1f8105f5b803fa580dc36bb77a7c149128a24c6f9b92e619e3bb51538316fc66a9caaf130d756eb179e6fdc28776fac2f59fad516760a02e978f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
252B

MD5
0f1793d58b30cef76f63597716d2c3a3

SHA1
cad9cb75998edb38d842ce8d1b8f74bb8727e9d0

SHA256
f6db7e15e0441c60e98115cab8ba782bc5be375b9f04d6813abb277837b6589a

SHA512
3db7ab2b165327e279ccfa44cdc33a962991c0fd95b7bc42aee4284eac42d5bf79d114fef0e8fe3b150e44c9f9b2b0647a1ea6e1c512940f486512741da1861e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
256B

MD5
57812e6df3afb8fa951870e36b503943

SHA1
67b07eb2bb597c0f2ccb1f1754ed647011ec3158

SHA256
1a23bd1ea8765160d69bcfd2f950419df3d322946f0f065efdb2cfd86551c3ba

SHA512
d67edc18beeaf0760a83be8f4b751710f8cd9342091d9cb9ef230381b208d4214bb7f01bbbe018dceccc905675c280aa566b14af9f78c85fafdda91383b2aebd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
789B

MD5
a820d5cfa3331b74f01e78c55eec3c2e

SHA1
bbd3195c311d068b63c9b2f952d8cb40c1f2e7c5

SHA256
f62c4c2ade24fd92a54d034895db9d0928d4bfbabf77362686e587371c2fd3b5

SHA512
44572bc7aa76998381a2d06ce88e872b2d8d2a6580c9ec0afe21cfb0865032c627ed4bb6b2747067fe8b6e9f3e86dc686282a64527d61849085f6e80fd873209

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
256B

MD5
58f89238da16be1fcc7ae74b9fcc00d9

SHA1
df3079edac212c0f03f28814d5a55477d10227bf

SHA256
0709f3c61b108ebfc3d2b4da337c42dfad774428a010a09e4030ae5ece6bb8ce

SHA512
ef188ff41bc32e49a8fef505e2987fb5e7241f6433ff560d27f56579415c08617e0a1918168dd63c0415af0ddca00f61d201a8da338fc65297d385e08117bfb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
747B

MD5
b077f7c7c2e05f5833f3b9e7bada9618

SHA1
022926e3146ac1bb4db31a36860cf4482da813a3

SHA256
3b035621061d5c4c88c239b5186846daa283d1c951505b64416fc0b7a6434f48

SHA512
6d370da159467e51ca01dec75bdea3c213a335ba97e80bcaacdcae5008348812acdfe8d00446f0b2937f34a90ef7df8fd321f87cab5cd989c409a9c72fdde74a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
257B

MD5
c7a8da40fc1e15d3061a263e5664a09c

SHA1
3bd1ddc7e73f715034732c40054ee592a4a106bd

SHA256
eccb8e05d0f265f2bf96023510bb4f73ecbc326ce84c3a8b556b6122f2992fa3

SHA512
465d1ab64ff5e0c6034ff6dc5d60faf98185542b71d518be28ffb9b7ae70c4db3877d94cf38cb3a888abd9d77122eea98c2a6660876f2e480f38ece9233608d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
257B

MD5
0dd09d993a0416cb600a84116c867af8

SHA1
b4616d0b5abecb7659c10c0e15f7f6f0c6eec44d

SHA256
a7520ab371e17a5e68a8a5fb1fab17da7f07b81b6beee04f1eb39b85373e26a4

SHA512
af06d8ea1645d69557dfd5e39c13f245b9482b36da31f736cf575c4f55b4c3e5b985cb785fdd2091839fcedf8e20b7274fd8a8783a619bf6557c380201f7b0f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
256B

MD5
8169df4498f0b162c6c436bd7489384e

SHA1
1d031a1a2ed4b982f0de4898cf707ad0015e1212

SHA256
f670f7f2351d189ba65c04d160743d7b8a143921dc11895f24fa055ad6f5edd6

SHA512
20985786b4b4667e6bdb3b37831f7f5a2d88ea928ba5e044de6eff5cfa99eb070402eada0e510a2d15e36afe25f28f0743835170f9aab1a06814f280e4907e2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\4708bf2b-4093-487d-bc46-6f41e7ba9525.tmp

Filesize
6KB

MD5
ba3fc763fe16f2131fbb18cb8e44e9b6

SHA1
59defe8dfbc979ffcf09c8b5acdf26d7ad7e0ec0

SHA256
6faa6a6d0c3acdc861420da1482fef80f04990bf359330daafa84960f3068d53

SHA512
064c57b6d9a0ec0a2457c559f84d9f4c13614d73654979f19b8985d3f6c61a9897f9cb26f24a6222c5f00c88ce810f5d04b0d98035125c0b16407a9d16fbb54b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
a16a0b7ad8112ba4f50f846d044b6f54

SHA1
dbcc1816ec0fa071edf7ecaaf7c13174b21fa498

SHA256
229025b0f31b1d600b8b68ea1c6f9ef6156c46b9154e48c105a596121ce97633

SHA512
8e832aca889cadc006fa95d5fd9937984a309f7a6d50ff16cbfbe706bd14681dd188ae1afd06c2d0ca8e4d2b17f6d89f34d003384f501c7f088d3d512636fb6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
8a092dc4eb2e66e9cf3a387b267591ad

SHA1
9a1940ff1f5acfdc7cf833d747db27ca37061b4a

SHA256
600e06b2b59dafbfc6de7fc11e6855f3a3183c6debdfca3d323cf1a5b5310867

SHA512
f748c1f12c398eaf98f84d48a5927cc2726818d973a91e2b11870356d550eb740ba544dc30819f9a40d059199d569cdf305b824d37ae444729c4ade01be936da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
2235cbcff0ff70d71924c6e1205a093e

SHA1
ab30bc448f56588c956ce04007d10ebed1a2f059

SHA256
fc67c690fea0570533f3e50accb94857b843a4903948c46984c8f60beb00c5c5

SHA512
df6434e771e98aa3c94871486d328440151ed0cdd7399357dfaa77c66153a0623ae2dfaeccfb26d8dac2ac4209095ed2cacad10756935ebc72154605f7131e57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
5b1b2d82911833f53dda91b5966b204e

SHA1
50bb827ee744850741b86fd56875e1b9b8144ac2

SHA256
72ae8b82988d40c66b1c727c776ba808ea54fbe35c1c833fc41f8ae048d8e014

SHA512
ed2ac19997124c37853247b825ec6909862c9a2afdb2c2a39c053e2bc33a9a73aa45ffb86e47eb6f5a085e598204a9ab4179c37319e47ad7ee34b76ccb794346

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b12d8ae733be0db91d510a9c79725323

SHA1
8b956bf0b9f3cbbb49529fbbe4a7a3fe454359f7

SHA256
e6c8dec877eb5840489a3f440562d33e45c5c3f85f44ea926b982e93c5619ae0

SHA512
1897909bbd02b44674b4d3d759191471e73f6b746453e356c6a31224d784af0b3a614c02cc57f024e906d44a9c3fdd89170b20162fe1337c3fcd980e727dc13a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
42d0e6f3f0e4200b98af4d59d06233df

SHA1
52b15219fa8aca613599b4db5a94d56e1bbb448c

SHA256
4cea6ec2735e6d86a9c8ad14dfec79397aa47540937d64dd7a852077a8875ccb

SHA512
5a3179659d33fb44502a12770c15a9c0da50562c2c8521666211fda9afda63d014fe3340f7bda9c311d822d77f0970aed6bb218927fce3d08f6427dfb12b35db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1017B

MD5
877fcfbd7fa84282310213825fb9356e

SHA1
2ff8a45f4c0c6016f85d6d7f2ed2c4c85498e52a

SHA256
57775d3c432d39b987f7176f7c0b756b3c432603658a5f346ac91b3abcdbe3f7

SHA512
76e195fbccc18c593c9a7efd2d75dcfee52f3d977281ccc57d483cf1e01af237497fe9bae9862e6479f6639db79aac65851a2ba2f271721aa3178e9a603e7f29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e38c84abfefde5e0a465cdf1422e0d25

SHA1
2ea7c8355b1d0376fba85a0f7e09b4ed7cb93d85

SHA256
18b94ff09dc850fd213a0bf032b25bf9ae51744f778caa45f8532df2399f3e0f

SHA512
68169da0565bcb392df084bc2fbafbe09eee7d552c447c5743a2157ccd3aefb1c749c56d4007b80e33be5c305994fd9074648f436894bad1ddcba1b6e8c9f2b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
022137824637c0d0278e5b3e81729608

SHA1
574658cc01ade9dfee0cc41269c45a44e2fed68b

SHA256
01439d5e2b4da46e4d84a8d7bfa24edbae15f356917fb1d5440b9b5aa7beadc3

SHA512
e2de22fbf1ebbdeed78d8471d66e43a84ef3eeb96952af7399b87c7e3f0504359ebdbeddbd6b94b3a3c97db3b15541d0b8cc2ff7ea2bf560259d9646fa7d8188

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
526B

MD5
31fc8ce9462b17b53054cd044a8c6594

SHA1
80dd481e4137a4ccf250408b722b8594d2152fac

SHA256
c7349027b424817ca05fc304cbcdb7514a7587460ddfada31b8b067079cdab8b

SHA512
8c936eb0adf2df0219867d1db7d32e1896f1aa7aba620fae9e9be9d410afead29565b2ba153acd9d8110b09c203b56f1144de560bae01d3ca923c90de1f0405f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
662bb9595bb277f95dbac6c56d1d94cc

SHA1
8a896601f25459b3a791904948705d60fa60f8e1

SHA256
ff5e4f8d5544074e9468c0dd63ce31948beb075304b13773e71afb691af69bca

SHA512
ad6bd0dc09b7bc4bb6578fb95192bd92859222e8db37fcbbece6253a88f08412d645baed2fe40e6404128513f64bd4a763eb3e987c91c971a072678357043428

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\c4e5615a-f997-4d85-b827-d71950e1789c.tmp

Filesize
6KB

MD5
252cfc1dc69fe37a759e65cc76c39465

SHA1
b29249fdfbc0445497064b3f4539b3c9c31aa155

SHA256
108e66eec57159a89462ba150595a40e213ee73ee79d49d7e40d91102201bf46

SHA512
bd603a578d94b3ff202bfa6e3dd0400b66bbcc701020f3bb35e2211e712704a53037358f8ae3af860b675e80c70feca9618bc2fa9e5a9c872cfc0029ab47ef5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
cc741f75bf23ccd42db7842a4a12038a

SHA1
104c3a78a3deae039540a8ec6059a3adc0797d6b

SHA256
2b517d444dd5ba22132cb9c94a529b5d40502c04a6eb14e84baa9d73b20b023e

SHA512
974c570c6f825aae0793c2ead5980e0bea4c8da4f6a43ddc0274a1ba7021bf3b6d5cbcd16c6dc310bc428d223d2785d46805ad24b162d83014f2d044332b6c8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
aac0505168ab04c2c7525a502f7ebdc4

SHA1
3f6a541c458f273e64d4641f59f8608a3c0c078c

SHA256
4c1e88ad356c72df9aab3f4791e54c527ee772f3aac755411d600ef446f80d70

SHA512
910851fdcb7bf2c72d4a520e0b4b928e5f0108427cc6069448b9be41648f34b2895caca22869294ac3af3f0990a0383a58bea7558b93c81b4b465a42895bc15b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
485eab43c2a5e439f5d29aa8d6ab8d7e

SHA1
4461d8e98751d7152a905950a874d0e9b2381cbd

SHA256
305c6f8e1b1f1427ac8c744fec7b4b1f5323cfb132d59cecc51154702211d82a

SHA512
27a161c48441a761155376e35a7d0d2cc710227b7c7bfcf66ec53a38f781c079465786bcfd04e5b96c67812ef19d685d38ab8ff2dcd2cf2fb633a154f18b9cb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
6faa0b8bd08a21b20b915654dac91453

SHA1
dff5b2dac225b1c9bb69d276fcfe685ef2348d7b

SHA256
06ec4cfc16f472b614db1a02e2cced17e8a700b271675ee4dfda30cd02650df4

SHA512
48509768b4d3cc724056ca8aa85f0bb5355ccd27da2bd29a57207224c2f28b74d83e21739a04cdfdc4b00a0cb740eb617b6f978264925bab3643713142238329

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
337f6c77d7e4cb85f1ca77d7df57e69d

SHA1
3a41eaf715656dd10276b3dd19919aff7fab096c

SHA256
85260c2fea751872f623c95ef9a463b44e3b132c4aefc7baf2776cfd86ddfbcd

SHA512
4a69f2454a95d9cb59b506d7aecb54ebc64d442e994a5a0b805c5920977340c6f42e64329dfff6d6a00ba8bc37dd0f98527138482b1c1906423ef8bec1366dc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d7966e80cf99458d504a329da169bf47

SHA1
2c77cb2af8f3a4ef470f97e9c34438290c92d18d

SHA256
6326e831e205f8258b331ec34cde4158777a1c7ae6685f779b55af4a38a4a191

SHA512
abdcff01efcbdb42b472563f1846b915fe3d71e51d5b8a0180d0d2a2442def9fe9207585fbcb4dff4685ec594cdda7aa35da945cc8a6600e369dfa8360407217

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\f3eb6f08-742e-41b1-afe9-a22d6905714c.tmp

Filesize
6KB

MD5
0a556b03322a21d7fe737a3f6e963220

SHA1
f3fde8ec2fa1f9ebfb9de7fe33c47bd7cb318161

SHA256
7052f103452f26fa33e5b5ca47fe3a9e6d3deb174b67cfa33b37fffd275f83d4

SHA512
e94b98be1627febb7ef1279b06cf1b4f53cdc2e1d58e2008e140aab2fb6fca6f5d79cdafbe557f0b2b507ddfd8f5d8a54e92d0ac291cdb4a8c73a29a3e81b2ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
343KB

MD5
59dbd8193d5a0c1891661aae2b1b5b17

SHA1
ae6a4d3110388993cc2e868718a7d78c975be2d3

SHA256
0ba1bac6c21cfdd26eb84c445412fa8bb5d8edf927a41bf19f8e2cbc2614b1b5

SHA512
ea2bb2145aafa451889b6508ae1a1ea6bbe0c1ce123ff091892916a3093f975389625338551162942f49bd742c711f0a93882bc985f3e7d5c83a282142f7d739

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
343KB

MD5
2bc4f296c52e584670d5d0838f724a97

SHA1
186656204d997635e80fce4d38a744a0207f29ff

SHA256
96e2a34589a643296b25db5bd3a50925400c90198909272532e3510404d7ce18

SHA512
f151bb0cf942e557f78ddd030f8a100c9a378aef07081508a65884e157e571acc7062ac4c0dc67a08b41cf855398e5256e44c60d449331ed4b53cda32e75aa8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
343KB

MD5
075abe6db2f323682b405115faba68e8

SHA1
b9e3d04b7e09a113877a688ac27e13ce946ce911

SHA256
cb67be1a8b22c2c36b238b2437fa7172f44933836ac13141e7d9ff6aec996c8d

SHA512
a824692d9f33b6f74278aee4a7d44f97ce9ee7d55a02bf2acaba691b0a5fe627e82eed1e0fd333a9eb96680960526679cb9902133443c923f6ab23692449f7a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
74KB

MD5
3f79d2780536d945623532e0c235be28

SHA1
a0588903a944ace3086f444ea8e174322ac0e356

SHA256
dfca2e6c0ada727edb11b93970ce7d00fd0f5f9f7a35df55583efe1eee5e57da

SHA512
0675dd9ccc3035eed737791f14f251d98abe0bd01334cf3d9cb49ed3ca95361423676d6f664cab1f10a9322f83df95f4d4447816c43b692dcc38c150bf398623

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
82KB

MD5
42d344b17470d2a51c63691c6dbae055

SHA1
5c2ef532fee981cb02a05b257194e7e972326bf5

SHA256
3097b1b46b44e986dd8f63f35efd098c9e87f266faf761e2737098cd03e9943c

SHA512
b3f2be0682baa1d83d5113b078a6cd60dfe9174bb58af55a2f4e7aaa8c541ae9a4302501acb9b0bfec864eb7151070967a963df4b138a3177234a928c8c02ecc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
81KB

MD5
cd34a16d19a933d98c81144ad28ac7ce

SHA1
5940c35a6ff2806e818738ab132fe4de4cdc6916

SHA256
ca2c14dbacd9da5296d77950eb2ebb588d29303d1a161a6d7d205daf34a5245a

SHA512
1f376d6ad716351191d3d4af9c362e1029a681e3a4bad58f8be7be579240374dcd59ea7629db4660be3f3aa83bba7498aa26a0678ab294a86f697d8893d5c0a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2F13.tmp

Filesize
183KB

MD5
109cab5505f5e065b63d01361467a83b

SHA1
4ed78955b9272a9ed689b51bf2bf4a86a25e53fc

SHA256
ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673

SHA512
753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc

Download Submit
C:\Users\Admin\Downloads\BLACK SOULS\Game.exe

Filesize
137KB

MD5
bd9ebb7d09f9111a9f0a0ba2238eaf80

SHA1
28c753124d845f61373be87d392ab839914ebdc5

SHA256
e5435c0e86a8181a3d88206d5dd47145f2aa768afcae6d8c2ae449f8601a8724

SHA512
f2dcdc9a1e64af74eeded730112d87d97ca2e5d894f25324b27c5f1b0680c948e3bcc73136615a4822ac6a75ac43c3b21fb8dcd031ae4203c2798bc6f9773231

Download Submit
C:\Users\Admin\Downloads\BLACK SOULS\Game.ini

Filesize
105B

MD5
d89aa695ac7a6400198ce58d0db1ee4e

SHA1
9db7eb4fa57b42bb9b161a9b14518e5d53d8f269

SHA256
f5e57a73bce60d6d8836945caff9343d6c37a3c093c313aa297f8cc46fe1f9fd

SHA512
0e35a71ca00ea41291f2ad7541c62287b5639f5ce57663399ed93bd79a099424248bb53b76cf9abe88c423dfe647c453773af5ad34aab955745ec13e530f6f1d

Download Submit
C:\Users\Admin\Downloads\BLACK SOULS\System\RGSS301.dll

Filesize
1.0MB

MD5
dd25855ac39d32da033902fc58fa210b

SHA1
0ffa23a4d0b81438a329258f5c8d3b3403f4aa94

SHA256
27647690ed16218cd988dd71069fdca67207515b2a2df775be361f0198ab6876

SHA512
07f7f7cb4eda2165b4b28456fb01d4edea6e3d5f305dde19256865777905a0d0bb1d13ce1194a8639d740f633ccf1507a1b87530644d5e2d512a86829195ae60

Download Submit
C:\Users\Admin\Downloads\RPGVXAce_RTP.zip.crdownload

Filesize
10.2MB

MD5
6ef9bad6c023c943c4e770d6d6a11062

SHA1
17a0a85bd2a75664f93ab40acf664212e8967cbf

SHA256
fc9a398040ff210c1a4b0731b97cbfad61c55a9b66672d4f43df4c21ff34090c

SHA512
8439c7c89ffa697e99afd3df1ce64f237b1568b639a230b12b2d90d73cafcad21473f1e3323baf03615d177c2cb95d9c6fd5eeae2744830d635f612a7a23b191

Download Submit
memory/1740-1529-0x0000000010000000-0x0000000010324000-memory.dmp

Filesize
3.1MB

Download
memory/1740-1530-0x0000000010000000-0x0000000010324000-memory.dmp

Filesize
3.1MB

Download
memory/1824-1554-0x0000000010000000-0x0000000010324000-memory.dmp

Filesize
3.1MB

Download
memory/1824-1556-0x0000000010000000-0x0000000010324000-memory.dmp

Filesize
3.1MB

Download
memory/2124-1195-0x0000000010000000-0x0000000010324000-memory.dmp

Filesize
3.1MB

Download
memory/2124-1186-0x0000000010000000-0x0000000010324000-memory.dmp

Filesize
3.1MB

Download