e5435c0e86a8181a3d88206d5dd47145f2aa768afcae6d8c2ae449f8601a8724

Analysis

max time kernel
1201s
max time network
1202s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
21/03/2025, 08:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Game.exe
Size

137KB
MD5

bd9ebb7d09f9111a9f0a0ba2238eaf80
SHA1

28c753124d845f61373be87d392ab839914ebdc5
SHA256

e5435c0e86a8181a3d88206d5dd47145f2aa768afcae6d8c2ae449f8601a8724
SHA512

f2dcdc9a1e64af74eeded730112d87d97ca2e5d894f25324b27c5f1b0680c948e3bcc73136615a4822ac6a75ac43c3b21fb8dcd031ae4203c2798bc6f9773231
SSDEEP

3072:fWK+I+/wslzo5lwTU6gixJpLOaHIYsrIjPW4:fWK+xZSixJEaoYsM+4

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
3000	Setup.tmp
4216	Setup.exe
1512	Setup.tmp
4692	Game.exe

Loads dropped DLL 1 IoCs

pid	Process
4692	Game.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Audio\SE\is-95CQ1.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Audio\SE\is-AH0MR.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Audio\SE\is-PP7TL.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Battlebacks1\is-6R0U3.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Battlers\is-M1E5B.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Audio\BGM\is-OKJR5.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Animations\is-2EE1E.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Animations\is-PNTPQ.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Battlers\is-21D9N.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Battlers\is-QPPE3.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Faces\is-IS3SR.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Audio\BGM\is-ISR9N.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Audio\BGM\is-HQ37K.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Audio\ME\is-KFJMN.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Audio\SE\is-R0ASE.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Audio\SE\is-GUQL3.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Battlebacks1\is-5EQR1.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Battlers\is-JS942.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Audio\SE\is-0UU5Q.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Audio\SE\is-UGEIE.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Audio\SE\is-4RQVI.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Audio\SE\is-F8CCI.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Audio\SE\is-MD85D.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Audio\SE\is-D1AKL.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Audio\SE\is-HSAJT.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Animations\is-8BQFR.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Audio\SE\is-V1RH8.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Audio\SE\is-VJBPK.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Audio\SE\is-8G5MM.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Audio\SE\is-VFQKK.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Battlebacks1\is-MATMG.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Battlebacks2\is-ECV83.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Battlers\is-9NBII.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Battlers\is-18F6U.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Audio\BGM\is-SD2UE.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Audio\BGM\is-G3AD6.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Audio\SE\is-G16EG.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Audio\SE\is-0FAT6.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Battlebacks2\is-GF6GC.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Battlers\is-IKEUJ.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Tilesets\is-4C19E.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Titles1\is-L82RI.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Audio\ME\is-VC5SS.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Animations\is-VJRM9.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Animations\is-B39OV.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Characters\is-Q77Q8.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Characters\is-VTFMV.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Characters\is-4IV7Q.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\System\is-5MCVH.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\System\is-130CB.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Audio\ME\is-7RGQK.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Battlebacks2\is-NJOAF.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Battlers\is-O3KPV.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Characters\is-EHJS2.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Tilesets\is-O6V70.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Tilesets\is-H6L5E.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Audio\BGS\is-R5GAQ.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Audio\SE\is-L17I8.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Battlebacks2\is-D7SMB.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Battlers\is-6HQC4.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Characters\is-EQFSL.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Characters\is-PHBL8.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Graphics\Parallaxes\is-19MPH.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\Audio\SE\is-VAMDH.tmp	Setup.tmp

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Game.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Game.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133870184302554406"	chrome.exe

Modifies registry class 7 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	Game.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	Game.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	Game.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
3168	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
3600	chrome.exe
3600	chrome.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe
4544	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4692	Game.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe
Token: SeShutdownPrivilege	2660	chrome.exe
Token: SeCreatePagefilePrivilege	2660	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
2660	chrome.exe
4692	Game.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2660 wrote to memory of 1148	2660	chrome.exe	103
PID 2660 wrote to memory of 1148	2660	chrome.exe	103
PID 2660 wrote to memory of 2540	2660	chrome.exe	104
PID 2660 wrote to memory of 2540	2660	chrome.exe	104
PID 2660 wrote to memory of 2540	2660	chrome.exe	104
PID 2660 wrote to memory of 2540	2660	chrome.exe	104
PID 2660 wrote to memory of 2540	2660	chrome.exe	104
PID 2660 wrote to memory of 2540	2660	chrome.exe	104
PID 2660 wrote to memory of 2540	2660	chrome.exe	104
PID 2660 wrote to memory of 2540	2660	chrome.exe	104
PID 2660 wrote to memory of 2540	2660	chrome.exe	104
PID 2660 wrote to memory of 2540	2660	chrome.exe	104
PID 2660 wrote to memory of 2540	2660	chrome.exe	104
PID 2660 wrote to memory of 2540	2660	chrome.exe	104
PID 2660 wrote to memory of 2540	2660	chrome.exe	104
PID 2660 wrote to memory of 2540	2660	chrome.exe	104
PID 2660 wrote to memory of 2540	2660	chrome.exe	104
PID 2660 wrote to memory of 2540	2660	chrome.exe	104
PID 2660 wrote to memory of 2540	2660	chrome.exe	104
PID 2660 wrote to memory of 2540	2660	chrome.exe	104
PID 2660 wrote to memory of 2540	2660	chrome.exe	104
PID 2660 wrote to memory of 2540	2660	chrome.exe	104
PID 2660 wrote to memory of 2540	2660	chrome.exe	104
PID 2660 wrote to memory of 2540	2660	chrome.exe	104
PID 2660 wrote to memory of 2540	2660	chrome.exe	104
PID 2660 wrote to memory of 2540	2660	chrome.exe	104
PID 2660 wrote to memory of 2540	2660	chrome.exe	104
PID 2660 wrote to memory of 2540	2660	chrome.exe	104
PID 2660 wrote to memory of 2540	2660	chrome.exe	104
PID 2660 wrote to memory of 2540	2660	chrome.exe	104
PID 2660 wrote to memory of 2540	2660	chrome.exe	104
PID 2660 wrote to memory of 2540	2660	chrome.exe	104
PID 2660 wrote to memory of 4056	2660	chrome.exe	105
PID 2660 wrote to memory of 4056	2660	chrome.exe	105
PID 2660 wrote to memory of 3420	2660	chrome.exe	106
PID 2660 wrote to memory of 3420	2660	chrome.exe	106
PID 2660 wrote to memory of 3420	2660	chrome.exe	106
PID 2660 wrote to memory of 3420	2660	chrome.exe	106
PID 2660 wrote to memory of 3420	2660	chrome.exe	106
PID 2660 wrote to memory of 3420	2660	chrome.exe	106
PID 2660 wrote to memory of 3420	2660	chrome.exe	106
PID 2660 wrote to memory of 3420	2660	chrome.exe	106
PID 2660 wrote to memory of 3420	2660	chrome.exe	106
PID 2660 wrote to memory of 3420	2660	chrome.exe	106
PID 2660 wrote to memory of 3420	2660	chrome.exe	106
PID 2660 wrote to memory of 3420	2660	chrome.exe	106
PID 2660 wrote to memory of 3420	2660	chrome.exe	106
PID 2660 wrote to memory of 3420	2660	chrome.exe	106
PID 2660 wrote to memory of 3420	2660	chrome.exe	106
PID 2660 wrote to memory of 3420	2660	chrome.exe	106
PID 2660 wrote to memory of 3420	2660	chrome.exe	106
PID 2660 wrote to memory of 3420	2660	chrome.exe	106
PID 2660 wrote to memory of 3420	2660	chrome.exe	106
PID 2660 wrote to memory of 3420	2660	chrome.exe	106
PID 2660 wrote to memory of 3420	2660	chrome.exe	106
PID 2660 wrote to memory of 3420	2660	chrome.exe	106
PID 2660 wrote to memory of 3420	2660	chrome.exe	106
PID 2660 wrote to memory of 3420	2660	chrome.exe	106
PID 2660 wrote to memory of 3420	2660	chrome.exe	106
PID 2660 wrote to memory of 3420	2660	chrome.exe	106
PID 2660 wrote to memory of 3420	2660	chrome.exe	106
PID 2660 wrote to memory of 3420	2660	chrome.exe	106
PID 2660 wrote to memory of 3420	2660	chrome.exe	106
PID 2660 wrote to memory of 3420	2660	chrome.exe	106

C:\Users\Admin\AppData\Local\Temp\Game.exe
"C:\Users\Admin\AppData\Local\Temp\Game.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffba4d8dcf8,0x7ffba4d8dd04,0x7ffba4d8dd10
  2⤵
  PID:1148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1904,i,11160596403417563170,17180147278250122112,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1900 /prefetch:2
  2⤵
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1236,i,11160596403417563170,17180147278250122112,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  PID:4056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2200,i,11160596403417563170,17180147278250122112,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2564 /prefetch:8
  2⤵
  PID:3420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2388,i,11160596403417563170,17180147278250122112,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:3284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3452,i,11160596403417563170,17180147278250122112,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4512,i,11160596403417563170,17180147278250122112,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3212 /prefetch:2
  2⤵
  PID:3012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4776,i,11160596403417563170,17180147278250122112,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4752 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5308,i,11160596403417563170,17180147278250122112,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5344 /prefetch:8
  2⤵
  PID:3412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5540,i,11160596403417563170,17180147278250122112,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5548 /prefetch:8
  2⤵
  PID:6040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5376,i,11160596403417563170,17180147278250122112,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5568 /prefetch:8
  2⤵
  PID:512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5584,i,11160596403417563170,17180147278250122112,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  PID:1368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5612,i,11160596403417563170,17180147278250122112,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5452 /prefetch:8
  2⤵
  PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=3980,i,11160596403417563170,17180147278250122112,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4972 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5360,i,11160596403417563170,17180147278250122112,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4564 /prefetch:8
  2⤵
  PID:3296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4640,i,11160596403417563170,17180147278250122112,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:5848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4972,i,11160596403417563170,17180147278250122112,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4524 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4868,i,11160596403417563170,17180147278250122112,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3232 /prefetch:8
  2⤵
  PID:6140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=6028,i,11160596403417563170,17180147278250122112,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3688,i,11160596403417563170,17180147278250122112,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5788 /prefetch:8
  2⤵
  PID:5444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6208,i,11160596403417563170,17180147278250122112,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3640 /prefetch:1
  2⤵
  PID:4116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6388,i,11160596403417563170,17180147278250122112,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6344 /prefetch:1
  2⤵
  PID:5568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6600,i,11160596403417563170,17180147278250122112,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3680 /prefetch:1
  2⤵
  PID:5372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6496,i,11160596403417563170,17180147278250122112,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6732 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6488,i,11160596403417563170,17180147278250122112,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6756 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6904,i,11160596403417563170,17180147278250122112,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6888,i,11160596403417563170,17180147278250122112,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6940 /prefetch:8
  2⤵
  PID:2356

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:2364

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5436

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:744

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x51c 0x514
1⤵
PID:4540

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6032

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap13923:84:7zEvent4482
1⤵
PID:3324

C:\Users\Admin\AppData\Local\Temp\Temp1_RPGVXAce_RTP.zip\RTP100\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_RPGVXAce_RTP.zip\RTP100\Setup.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:396
- C:\Users\Admin\AppData\Local\Temp\is-H1P8I.tmp\Setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-H1P8I.tmp\Setup.tmp" /SL5="$D0350,140800,0,C:\Users\Admin\AppData\Local\Temp\Temp1_RPGVXAce_RTP.zip\RTP100\Setup.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3000

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap9729:84:7zEvent14947
1⤵
PID:3016

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap32005:86:7zEvent25835
1⤵
PID:3648

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\RTP100\ReadMe.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:3168

C:\Users\Admin\Downloads\RTP100\Setup.exe
"C:\Users\Admin\Downloads\RTP100\Setup.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4216
- C:\Users\Admin\AppData\Local\Temp\is-BOHKU.tmp\Setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-BOHKU.tmp\Setup.tmp" /SL5="$90292,140800,0,C:\Users\Admin\Downloads\RTP100\Setup.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:1512

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:4544

C:\Users\Admin\Downloads\BLACK SOULS\Game.exe
"C:\Users\Admin\Downloads\BLACK SOULS\Game.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\066979a0-8a25-4cc7-9c6b-5f25cefc57bc.tmp

Filesize
80KB

MD5
fc5b27e7e3ce69df84514f4d888b924c

SHA1
a1ef028556baf3e3436f381bfe2a9299ebcd917f

SHA256
452078cb788d149c9ccaca8fe19cd09b5c3922dc82b37e9dd0d7d1b564996453

SHA512
ed077a24328b01a3028b1e7661f3d6ceef7669ec936d6279ae4d4050711e026e936e541c8160dc76cdef59e1bbb0e3e9c816a96840cfc34a88a36addacf613a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
d56cf9f768092279fa5b9e3247256148

SHA1
05b943e4043cbd5ec65762ffc0359e578c440ee3

SHA256
8cbbc9983b60f07744442f8863f6148ded79f7cd8c654a84df6243ea27037722

SHA512
1cd9641cbcc4dd04326afa94f9373f576a31f26c752747b8554b06ef0ebf16ba78462cbdba859d95e57e0217cd8e2e01904a280327b61f7f3daca292b4d3a663

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\1445ffa9-b8eb-40ed-a9c4-ff082d7e5f61.tmp

Filesize
11KB

MD5
3ba92f6eeb061390eaf72e5ae2484ea3

SHA1
10c0d387da1d9bb6874bfbc7da0948cffbaee151

SHA256
032890d530048e0605e2bb1d5506275a91e64c6c7d620d6ed219be0f1acf29f6

SHA512
2b2be2421107b49bc051dc8328119d5c251dfd526f77a95b66f760c6439048bcb6ae8418281f6f66e3b2bc2e08fcce79dc439e3fdcaf2a6415e2c9712f506524

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
8e61a090e59c3169208523d13639c2c2

SHA1
2741d6744fd98b84ef4dbf76676de26de263a84b

SHA256
b431be23dde0ed9893cde36d5fa1585bdefc1c2ea2d4c556a6b783d9ddc915b8

SHA512
55c33b4b0ac8dd4fb53450335f5c53769804afd1e1dfec41f07a68f1fa092c36e7ccd8bcd99640d6bbfe7fc2b464743b61e5d293d1e542dda8e72f9573fc56be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
2768d8113e5dcf22999f66b09b1e7799

SHA1
a76410997b1f4694147887f86fef39c56f44aa80

SHA256
c09aa7c8c55b9682fdff0dc5e4357bf9777eac07cde4aa470903d80f36c56591

SHA512
0703e2ee60b7607138ab14835a10aba6f848bdd15b4e6d326b609f95264622ee5997da7af07894fc18faf12fbe3d8d074f19de05efae0c005225429f5ba1a005

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
f5c273443197c7fc7d126e8211b7c2dd

SHA1
1396b0068d15e8a7e74c2b737bf5175fa6bb4399

SHA256
b92e1eb564395334377652cae6addecad848f13f3e7e54956752c589c8fc1e22

SHA512
6486e0fabafb68054bc8145792912d2f1f72afb19599eb2d5150c40a82a297fe34d9cbbd99bc304500424ee6055b85628bd54e0bc40f42acaefd4ac68d13da53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\p\00\00000000

Filesize
4.5MB

MD5
a29def2f2f62cf3a0eea2acbdb727ac7

SHA1
0f5634224740d1adcba4be8497cc5ce4f8a11a40

SHA256
cddf0743975e1913c80822275ec509130a0e360242d9e52faf9b91a89f2b70b2

SHA512
840f52493abe5752dee8918d449bf509bdc08874c25160dd972867b898cc61ccbb11bf91341ca4f3b3aca5e2bd3f188d13a9f286db7ad0a6eda7d05badba57e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\p\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\000003.log

Filesize
9KB

MD5
23eb892c1ad67694b0cf423908baaae5

SHA1
a83e950eb3dae41b4f713c5e3e2e4c95731c51d7

SHA256
22b69b54dfaac8ce5eb4bb28b1e40684b2028a2f88017e2996dbdd1d03086a52

SHA512
9d1836770cfe3c7b57028ef29f72d023cfb31a93d34f9dca038abd6061de106498cb52dbd6e6244e9b907930617c54336d6e1e99e38c9b726293b9076a2af96f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG

Filesize
373B

MD5
3edcc667b7ef5ce698da5d5e37a13675

SHA1
573eeb8487bb16db8a2ab1c6aa09922fc3b5e1a2

SHA256
ece6d9aff4bf6e0b3c1818df967c14ab0c00480198ed096032035511fc77b7f3

SHA512
d728ed25bfb72f8caccac5a8a73454647cf1742164a2984e5c6bee1f9fad4f7863ae6fd58717259d9f690b35d33e38e0ea0b306820dac5ed66074ec1308dfe2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG

Filesize
373B

MD5
4beb2f3ba21043cac9b62c0a18583478

SHA1
46eb158955e4d7d16b20d932d6d661bd632b3370

SHA256
8c001735d55cf416cf2b536fb99e29d2a7c711ab630020bc5be0e4d8280e5c33

SHA512
c8fa2250e9a306669b4fa765fbf6f3b95e5a1c38ab83ff52dec1cfa81bb0b1ef85f844631fb29018821547274d770a4066f0dca35c4cfea77a9717513b1717e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG

Filesize
373B

MD5
debf42f41043e14f98d5be829fdac5a7

SHA1
ca6a72e7c1f7c7bd6b99856d517476842226915c

SHA256
e4651447171d6356f459f5c6da55145b90d6ef945402f36396a24fd7adaf685c

SHA512
78194137adc3e3ee8b6e72d4df43540345df87c9037544fdbf24a60fee4098ee33fd59a55fe4320fbefd51efcf166c58e1fd7d293b07ebc2da15c356f8db0579

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG

Filesize
373B

MD5
5cfee0886726eb9b3e4f977c2e8a686b

SHA1
fbb2ae623e161056797696504bd1c8f2351fd242

SHA256
85e6ab3a3591284281b94459611f33129221ee86bb56a2847e306263d9f01119

SHA512
472d46e379ca0dbfe8beb7e64c4f9f10665469ac483adf4622d7ad403edf3643fd1783867489941fc145256d70e94e0434ed23828af924f8d9efd97750bf6218

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG

Filesize
373B

MD5
b429a5fbecead9e135791925e1d0b790

SHA1
49611be1a47ea327c962cf7b50d1147168b8be1e

SHA256
91de31bca2ae3b9d1afdf5f15f6c286e4c9adac28dfa7a856155e42b2eec8ca5

SHA512
56fffe3d8bafd6b71eebb05640ee7cb2fb7b4194ee8796f74596d98a945e574eb3948f613c20761b701f278b57fe4f18c26e406272220ebbcb56c01faf30a4a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG

Filesize
373B

MD5
9c0699bb884b8cc6b43d5641665a141f

SHA1
1f521583b9ea3cc28a69cdc18dad5753cd836a4e

SHA256
ece64f4088f731de9032c943b0d2f70da70c7fb1884480fd2468b3afa08fecc9

SHA512
0c95f33a07f3f4ad717a8f2663f3f7f3991c84bcabb836110f15948ad4ff859c99537e550296d0495afc04fc8c8fce038044407ea48173e8ba1d9d2d615e91cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG

Filesize
373B

MD5
be9d1e03ea315bb62cd4a625add88996

SHA1
d3f67da6811a3574fb0ee92e1a60a317f2f1be45

SHA256
6ab5742d3bf948e7d1002db465fe85413c9d0fac488eb63f06da683387f71b1f

SHA512
23781c21a44f229267fca80ac408ae6616d4b4e489bf6560496d208133f1226c225ca031e061f144b38b66a7a9cd75bb137fc1038a61f4ea4343166a46c2beb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG

Filesize
373B

MD5
f179a17cd4952d38eb79e997df067708

SHA1
e2ac489988f8f4a28c07ae1e3ddfe4a3a6ae0e10

SHA256
29d2425acbe12c872c90c6a87fdfb7a996d7e95f6fa2dd9f64c972652ee0e633

SHA512
64d370e20afad84d17bdb0f82a2e8f26b7c5c195d22d76922111385ae2d9a226e719f629625c9858124b1ddc98c0c950a68d402ed721515c6966a742fc855358

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG

Filesize
373B

MD5
675879d477279a6df43bbb6bc4f6cbc5

SHA1
8e2f8406428db16eb585cf25b0c133a9d4247d55

SHA256
16eeba74a8704727f76123e2058b77aaaf8d84ee1d7eab4f58679bff7bd2894b

SHA512
20c015665765a057cdadc7e17ae7f603e55f077bd253649cb81aac19f6e62af6abff8466d89ed1f50146948690ac3a49a25a3d533577819e1493341d73b402c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
333B

MD5
a9218efb46c6bacf5b3abb8f2a4ccbe7

SHA1
b4e00e07724838b80c2bc6102a4be6a0154f1c02

SHA256
35f729efc14c7e4dbcbc06fd69c833a1b6762236246b6882cec5ad501b947bde

SHA512
c118bfbaff77e36ef420bb3fde2a08ecaa99f5d7b1267b09a86398b4136489dc410764f20455790439d2590c7b3ccc76e27f62140ccb4ea73ddf6049993307ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a7b43b30411ec25b74e146159b0a5ace

SHA1
d814d1ea186fa56173e76fe6676b14064949e6fd

SHA256
3624ad77fbf432a8abd24981aec26f2ca96b103876b3caf2c6c49e247e2e8fce

SHA512
1ad83aec92e7a2d410b3e193025ff1a21061a3558d965844e3ffcc610d61d89c3b5d6f5bfffee1574d2f14bc67fe6d062669d8fa7f33466873538af4199cdb0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
68e7572688356df06ae838083d21b5bb

SHA1
df425212e754afe8efbb4e9d0f01dab1b60d8d42

SHA256
912a69aa0b48209782f9ed8ccf25d5d668a271ed99f059433bea58f239c281ec

SHA512
5c28f8b1c29d73cdc5677bb1269240843da188d901f18df8ff8db6bcc1b9c93ec55527f10fe125f9508e83fe6b03fbc515d1adf41f072c0323517ae6de0512df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
78b6f94c63f71aaaefa3a7b43cc81b71

SHA1
ef7fdb6a19e55a44478e11e7b0a317ea3d56c4bb

SHA256
23b757dd4fa1583bab5582df969bfafbf5482fbef39043735523be456ef15a4a

SHA512
4654fc4d8a8ee93a4a575d62885fd135ae6b40c5b1735dfa5516243907876f32f24456360dd9c18cb02ad33149d8efe2ae9bb979bf826295486dc7e4c59e54b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8a346d0473673976395f9bc0836f6c6e

SHA1
db7b00b5e4231b3ca8d7b5d92d10c5495311d852

SHA256
b10a66ed42bab9803343cd0ea3a8764fe54f430d1ecd12c58183fed3e2464340

SHA512
f5ae2ee439ffe83a6ecee3798ffb407c6081751fa4dabf319b664f80ce98908746c8b5124eab867193f9fc6ba0b39df3d8f7510bd3c7c938c569e786449f934d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
57a2a10ed57d5ea27ac00224ca9cc291

SHA1
561a51ff747660f5eb2580a9beea15ff2922076f

SHA256
ec70cca558ccf0d5d209be4be4ffe5c0574bd82de7c897fd48422313723a88cc

SHA512
b31a684a4c6803f01024133b93d6012162d406792735dfaf61e62e69057087fd9201d528479fb5d45b04a23617d126264a279f3f6e4877b183b0969b495b6b44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
bdc299d48fb5d1db18252b54246fd21c

SHA1
bd4170984e69678a9ef52b70f8e33f6522a2cdb7

SHA256
8e3998d31057bbcd197100a045ecc340215e012189beccde8821baeb429f3696

SHA512
5881b1b3e9be6bcd95a4cf5f255b69d24a1cfaa0728c764aa8b9345f5a939a2375a5a7c141c8599e5c523d14d34a9339260042b372e70fd0ebcd5a440fee5379

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e6f9b634c5f3b0e2cfd6d5119001cf7f

SHA1
cf69d07bfd0e9b57bd2ed794738c7a53e26d67ae

SHA256
8e7505a927f4321b8e168fd48376408d15dbedb142a6c0f0db953e2773fa55e4

SHA512
e94730ca5c32d02260ec22dba540babab9e81ac7bc72218a38a8bcb6ad1d35fc035e738aa95788f0c40ebcef9d4e6f3b3da9139a01028d36e42e4715e6d5c6c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
6ee59aabd1d217a2b51aa918fe6be0e1

SHA1
31e388975ab5b6c9e080c9235cc88263effd5b20

SHA256
c05c9c605212e1e0a63e0f5fead7a3a0f3a03f62bb988763a86f075d9b486ec6

SHA512
131a6d20b3c75557bb3edd98294cb1cc79c61d8bb29e17cd4eabfb4586dc1340561b62e5e83ab9d3a703dd7171e175f997a289ca610d4735bde895d6ef92ea45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c7080121f38e648b46be4a040a234dff

SHA1
94fe0c94bce7a3fcb9adc9207df76e35ecff8b88

SHA256
468d7f2d6eb5ca77d3136a80e445e7a79355d0465276695c27b848a6391c37f6

SHA512
a60a6ecbe14d0a39f03f9d8ee83c88ea44f2444fd58acbe2b790a15f97781039bc029ae39e54dbbe41b360dc5358be21d412eb4c031a7b09a06478d8cf0c679a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
45dcbb56f7d07bbe9892598a372633f8

SHA1
28194f55570323e0fdbdfb6e20fc30002b6ed95d

SHA256
d4ec7f30f5c378444065d5a514b94e919ddb77b0194f47b28357785123c9ba2b

SHA512
6dc7b22dbf50143de22e4bf92d1626d8f0f8779d911a5be4f51b1b1016b96fc964ba0f1dde8b3df18817e17d4db7405a40f0293901f7b28ce2834330db2ebc0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
3c31ff288cb7cadae1a5fcfc64b4f54a

SHA1
9e522d99348480f1953c2ba703dda4f293b22f5e

SHA256
4abe37ad21f3c3bfa1f6dc01bed9562ecebefe3ef50b26560aa3fc4861c1f12a

SHA512
32aeb75e5f3cbbab4b0c24206ac956fff2cbfd2eb5115517328b7d6dab847b057f28c0964e325d07b06573b36d648612c2c10825fbed6d9cba8c3e5369dbd944

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c35dcb2fcf19eea2219c01ba8293d75d

SHA1
a9b2d924432999465fb3318490abe4242ff550db

SHA256
57ebf1447514567f6eab6ce98f34b18427f2eae13ec4d3be267ac8eae3a1e6a6

SHA512
296cd1b06d58d95854b35ade8d4d9aee3ccf545fa3e452a9c8d773d89b08c6d398b7978405b2ce198a44036c36764d3e5fcda7d4da97891c536a32e4ea9b2d2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1200bf8e98805428bb1183397e8cc469

SHA1
68a5f1ea95225d16fa00a2918328c37a21860d56

SHA256
2b1696b0a6d1af207ca041776740340d7818af668ff70e6b9075120f4ed04ada

SHA512
d849d1f869910963f9e574358029e29a35b6ac1fd2e014519afdb3841070a83656fae70da19f338ef4617f514c3ed7953aab66b3f90ec5bfa5802813fae6e60c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
a6b7012ba6579176952fa8ce40d655ac

SHA1
552699bdf6652c6cf9967916bd9600661d8a3b3f

SHA256
a36b7770666826b1df2337f3a57e5fa377e766b42a79da30d738ceea12dabc81

SHA512
1f03af76e3d369a29525ef24e0411cc9a6f05fc74ea5d9fb1f5088a18a59c3a6519f8026601e5521e48a2281c8f14533bb6e9cd60b481bc3252ebb38ddd006bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\ba23d8ecda68de77_0

Filesize
7KB

MD5
cc562208ee6a6dcc2f078b78d62f3d17

SHA1
e5e6bafde63fa9adb965e761d5dc2fd365b44f7e

SHA256
913a51f5d3e4fb967a9245f88a5e4bd4cec825c420d72c8ffd5bc0215cd8f404

SHA512
1879699928a34a99aab5facc6203d42cd7d0841fe68b32bd3e1ca7dbdf251ee7dadbe2abced72194ca570982c912ebc37e74c6bf2b12a87f7fdd8bb53aa4c7be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\ba23d8ecda68de77_1

Filesize
4KB

MD5
59c3e80c147b32e20b08b90310ee3081

SHA1
e1107e6beca2bb03eafd4f0d085baa7dc4dbff8a

SHA256
3497cba324a1a3e569006ef28ecdb01fdeeed89db115623b07ca42b2b80639e6

SHA512
e77e1666601becef78ef503379def1d7fd33969126aa05e56df04ec6de332e6606a0ce4e1f02e61b07e12ef22b022642aab04dc5f885a27e62dbcf6de1f06a7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
241cd207ee5c5c38c262cf4a731a6de3

SHA1
8922ef99936cbbe1ee84d995541a318cd4a4cfc9

SHA256
e7815cccf3b0a360c08fe30c8577f02ffb6b568c23b13884a6e5255a5d5a288f

SHA512
1a3841d1849cfcfdbf67af992bcbe6cd2988c98eaf5bba242e1ba7570bd19e0a836b2cfae3ef060600cc51f26ff7dfb1bf2de5eae0321e02d6a4f0d3b651ef3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
b0a1bae98aa6915763649e20cdb84c95

SHA1
ebdee7e6344b4724ffb0316ed0109409d07beb07

SHA256
13d1c2941cabb64a3ebea2c9466108402fcb326221c4358765e40be9ef77d3e2

SHA512
dbb01d744ac4a0283786845fbf68fe35cac7f8d16442917ad15c61cc675db7256caaa6df238bf4ca71c4f364d409f16fdfe686d7733992977efb52a9011cbbec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5e463e.TMP

Filesize
48B

MD5
79fc537991cb779f5a720da6553fc428

SHA1
051a41a12f63fb568e7e86dd6aaec10bff801062

SHA256
6a65cf02f45abc3910fe7f51f3113fc0ed5e5e2e919b1e2d3585f6ca43e92eb1

SHA512
3b91aa6d6d5fad9ced05428718fd833144020717abf2448bf397547c673d377155463f39bccb4ed5c0a38a63945ed6f2a6d23a00b05bbc73f726668fc7943df9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
95ea6b3a6c36a3d2d18e5ec88bdfdb38

SHA1
372d2bdaf8bf668d94380fd2601de0fdbbad5584

SHA256
b6fae385dbf773d7266c275fedbee2e395f374aca71b81d5b41835c5bdb25b88

SHA512
1a96bf0d349fa567beb2cffcb3b39a45de6e5f21c0e46ec588d75c908126998f0e6fe24632760e35395c2accf8dcc88cf4e609703d54647b703b54eda2d199cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
d9118a5eb0c61fb09a161c1068803b91

SHA1
2d5cf386bc83f536f3b84aa065f52f1ced50473f

SHA256
eb467b2291dc2a873434cd45332dbb62608a1e403bf384c7f9c1eb837d5ee63c

SHA512
d9f42aff49618edabe24c3893be4b2ffcd30b9e7dacb3b08ed03517201e8561c57555f8ed9a8ca5988be9aeb03680011abbb5936f6df7bcb1c349501b59d0506

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
156KB

MD5
2e008ff6eed70a4e81a63f139b5f0d31

SHA1
2adf8604d262cec713634173c4c304e1a3e38cb2

SHA256
a63a02181b49acba27ae250bc8c9b2e9804a7d4b0f99e490f2a384db8549d82b

SHA512
17fb706a1339f12494e5b1f1abbbfe0835854f621560b2c64a4fecdccf7f2ef32503ca0f077ae1c1e2884ea9914175cd750a8745fd91f523623cb789dc075a0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-33R9U.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-H1P8I.tmp\Setup.tmp

Filesize
1.1MB

MD5
394289faec0a43faea574588cb367018

SHA1
b02982a816782c3c16ad5a321dce0a79cab124a2

SHA256
89c8d27247ff86f189ebba01e27c47daa184a04c5f002130f9d336ca80d71202

SHA512
e99977ed9b3ea6607d347fe3e339cff40e70166db6a93443046cb7e0bc2a6f7c598503a55030f7d9ae0e8ede8b706bb4bd682bbdadf215641247b96bae0d09f4

Download Submit
C:\Users\Admin\Downloads\BLACK SOULS\Audio\BGM\Aエンド.mp3

Filesize
5.6MB

MD5
430a9ce3195b431f848112e9fb8dedb5

SHA1
e19f4e6c052fc91a3c2a717bc1324b4b4efff58a

SHA256
8e15804775d311ed92b754bfa4941c5293357ff2246e4c741dc440b0a64efccf

SHA512
14aceebdc1c7ffd27a3737348c1f528ec22ab83d8efad55413aad5968dd7bb4a14a56c1a6e94a9cf9347c0668217882cd2dd84148f4aa0864436c8ad6cad02ba

Download Submit
C:\Users\Admin\Downloads\BLACK SOULS\Audio\BGM\Clock.ogg

Filesize
4KB

MD5
a198eb204d970c398a9db4f09d01aa6b

SHA1
58809d03b40a89d3abe171a1a5589dd8eda81a79

SHA256
9cd9aebfd67d61b412369aa6514b6a540d989b973058e8fd7f08a98d65d80918

SHA512
66d9564a267b69448db5502ffcd4aa1021d4768c252cbbcc11b42fc66609c175405eacbf26d52b1bf068879c28e8f6b9ea40fd2de1db2535f6fd72f033544d1f

Download Submit
C:\Users\Admin\Downloads\BLACK SOULS\Audio\BGM\ED.mp3

Filesize
3.4MB

MD5
7151af2e65fb764cc5e6c665398995fd

SHA1
bc00e2ffd3126249842a539e9729636a693ea093

SHA256
7bf379f1f06400fd5c73d7101aa3ec5924f574a1e04b356e309d199bc2244ec3

SHA512
9a631d1ae8c5a4addaf59fd53ce99f50272a2e55eafc5003f32121022e0581a1b41586c9367ac3272663ff3985d41a24dd293b7a17c89b7ad34ab0992f71d453

Download Submit
C:\Users\Admin\Downloads\BLACK SOULS\Audio\BGM\ED2.mp3

Filesize
2.0MB

MD5
a66480da9cb31200194da99a4e2a49cb

SHA1
cf6e5b29d3e81967ce3512b2600505a82b4b358f

SHA256
f1038d0eca9f306c5af97b36cf3f12d9bfdadd13f510b0cffca5ea428855a566

SHA512
db4b2b50aa9572c8867cb4b9a79a36664caeb6ecf59be2c76859adfb2c73f489f07d13958a7dc835485435f7781cc953ba0eac3eb5c82602cd9073cecf7dcc6a

Download Submit
C:\Users\Admin\Downloads\BLACK SOULS\Audio\BGM\ED3.mp3

Filesize
2.5MB

MD5
614092cb0dd5bf6d30e921033f2977a9

SHA1
dc88181efd2b4f42eafa5f9a198ba2571029ffc5

SHA256
a0aa231b41337783817a3e62de38148456fb36a454ec49ace152bedbdfc01281

SHA512
a708ba945235b0b5e06686cde0d2421ebefc4cb186937ff4094fc772b21f389bf6ed9f00e2b30b9350eabd5a7f1c89355557508cc4f8a5d721567ad387e0ee83

Download Submit
C:\Users\Admin\Downloads\BLACK SOULS\Audio\BGM\Hシーン.mp3

Filesize
2.8MB

MD5
367cf61933d26eecc1f3d0857cf6e1f8

SHA1
00eae9b8cd4ff8f4133d23a60ed118455329801b

SHA256
82bda43669c951a96ac86312bf292d3882cf2c047c753b31308f1ab5ba27be59

SHA512
c23f2dbb9bbbc55bce34197031958abb896714f4556f0b9a1245254dd66ad8dfd2233819fcec7c0d062bf0510d44ffd6fa9c2f80546c1c408b4dd02040f81d89

Download Submit
C:\Users\Admin\Downloads\BLACK SOULS\Audio\BGM\Hシーン2.mp3

Filesize
1.2MB

MD5
a40e1a8e578e686291ba6d9b4f164b74

SHA1
f02257c6735a78175f95a51ae50d502f3d4ccf10

SHA256
e1fe111731965b03f2a537400d29f84e9edff16c7e6f04b13f53ee6edb190b35

SHA512
a67151fdf7b3b8d69651e51d321171154e1419de13a6cb92776bd81ec65881603d50e56f359aa38891e344b611829a5e487636ef12cb2947902c3198e99bb942

Download Submit
C:\Users\Admin\Downloads\BLACK SOULS\Audio\BGM\River.ogg

Filesize
124KB

MD5
72772abe4a169a860ef008c4f74a3fde

SHA1
2b04d02e956c82af3160a8efeac7453b81f2d2f0

SHA256
6600308c894a944a63817ff88417f10bd832393a617614d6b6ac1775d3e58c4d

SHA512
1b67584b7a61071fdfb99f09f2af15dcf249468da59764776dfb5f3584696bd0f626b7ead5816f5cd766c6f3e3e68f732d6298895013fd02f3c7d5b586c5869d

Download Submit
C:\Users\Admin\Downloads\BLACK SOULS\Audio\BGM\boss.mp3

Filesize
1.9MB

MD5
26ed286a2c03f3ec5bc9be317ded501f

SHA1
92ed16368e52e7e82895cf39fccdc88e27aeb1f7

SHA256
1a26c25fd683ccd80fc478d924ee9c1ba614e8878d0cdd2ec8fa1997733ba2c7

SHA512
7140b1eedd04b97da5489c0f6323fbb5533035023dfab8a71a376ff98ff4b94d4d7bd6f6008d171ad38d0726e0ecf0edf2e8eb03068661e4debd1cea68324fd9

Download Submit
C:\Users\Admin\Downloads\BLACK SOULS\Audio\BGM\creek1.wav

Filesize
10.9MB

MD5
362d31bf69cba676465802c31755d4ad

SHA1
96c5404887a4f184d84c594b155a97b46009fa8c

SHA256
376dba901c740f27c32a5bea132e8e762656cd93695d924e15aabc5a1599ee97

SHA512
a43496a87476f3d26139913c6b5b299807b7172abb4fff5cdf2bf2605f72454caa60bf7ecba163c94ce722396bea1e47e585a963875cfa45be2b16a72352b0e3

Download Submit
C:\Users\Admin\Downloads\BLACK SOULS\Audio\BGM\kan_ge_kasai01.mp3

Filesize
90KB

MD5
e0281e277502f192f22fa2477d6bc138

SHA1
be0754229b122e9f5d336d80c7f61f0df653da81

SHA256
3c06f434702824dbf872c80e7bf85ad38d04b5276b78559c0c331a29449b326e

SHA512
981d395c45e25a5092a707dbd10d19f69020880cb6f13c5d5421c80730d688accc0be3d7364dce2bd09bf1deb286c395543915b3059d23cf8f8923e3a0ad1cd8

Download Submit
C:\Users\Admin\Downloads\BLACK SOULS\Audio\BGM\エリザベート.mp3

Filesize
3.7MB

MD5
327b0523cc63dcc3cd401fc835f12e13

SHA1
2f945ec5b27a62995bf8f25d96ca1ae000d69832

SHA256
46c595c45868cbbc60cee8c191269fdfb4aad0f3c8dbb95bd53f9f4fd12a087b

SHA512
29f0f0e1dbe1a29497b7bc362961513c4775601b93574ea1a935b4571e81c06345a2326de93608f3e8595d81b235631ab5b1aa5664aebc48444bff93cb899dc1

Download Submit
C:\Users\Admin\Downloads\BLACK SOULS\Audio\BGM\エリザベート２.mp3

Filesize
2.7MB

MD5
ea138d732c67aeeb26bfa4bf1e615d27

SHA1
b40a19971321af74240d0415f4b039d722945c0b

SHA256
42e8dec695ed97eb30582e576845b25b4a23772b199344ae8a40f75c2a221a94

SHA512
9594ec7714aca313f452d0d4053fcce787ed11f94604df3454b45c161f20a55ff46f0e8a59537f51abc0511d69a89ebaa863afeab451e0f1bafc6b460f6ec981

Download Submit
C:\Users\Admin\Downloads\BLACK SOULS\Audio\BGM\エリザベート３.mp3

Filesize
4.5MB

MD5
d0cb01e66c82a661d40ab97f1e23296e

SHA1
da41a915cd9de4a25c4848bc7ed8ef9c238a0806

SHA256
28658691937a4b52dbb71e9a6b5afc88fe5cab1e3a5c40a4221c404c057e6414

SHA512
090c781f991b8e4103665c6a2a91a08133e0fefa1a500f52b27c6757b164098982ca34c302476cd088c53e69c332a4dc88c79011cb09aaa316e4333928e42929

Download Submit
C:\Users\Admin\Downloads\BLACK SOULS\Audio\BGM\カエルのワルツ.mp3

Filesize
1.6MB

MD5
68bd82dabccb5a3419a813856eacc340

SHA1
5785d9b89571156f032f3abd8dc1fa09794ac308

SHA256
c3f05f1fb974c76ecd97d99ad71ca5981ef3ee982e3e668aa31c02f22af9b48f

SHA512
c916acf5dbfbaa546dea10b4d833a316434a1851c5ae45f9b3067b777d58405ef3b515dac91ffe279671ad765b9ae4e03e8b4c998251de143e17628b95703703

Download Submit
C:\Users\Admin\Downloads\BLACK SOULS\Audio\BGM\サティロス.ogg

Filesize
1.6MB

MD5
0a184995ce2541666edbe4d7417a045c

SHA1
245407c0a3c15fb65255d423babda1bc69dd818a

SHA256
d13dca9a01541bd0310e55ecbb2d8a373a7701f441a50102624c27380bcfd7fa

SHA512
4cfc56b4b249b77d67af9329e79e68feb88c4631791ae95edda526c8796cf5fbfa6fe88ba523d18ef3771b4776f3079df94e9a6c7a1361484ae85d31bead3404

Download Submit
C:\Users\Admin\Downloads\BLACK SOULS\Audio\BGM\シンデレラ.wav

Filesize
35.7MB

MD5
c0b685f490d86dc257167bc8065aa8e0

SHA1
27a2c66b947d3d2701d4ffbd467dd9079e811883

SHA256
cfe33f7852d5754e66a2f3cafc1d4afda0245d85196fe6bd52a223ff0204ac09

SHA512
1ece3f4f8f76bcb5819d3ef708728809ac99fe60a1915220a14bec73aa473011b3943bfe4178d8ad513ca35f82ec236c40409d1b672b543e8e809a0fbdcd78c4

Download Submit
C:\Users\Admin\Downloads\BLACK SOULS\Audio\BGM\ジャンヌ.mp3

Filesize
3.9MB

MD5
6a83dfde92bce3d4a8b8f66065a8bd0f

SHA1
58e8e6e9a116358d495716c2ea30355fa59b8a1c

SHA256
6041bc3e65be1674b3c4a4a2a3259f60b901282ea6d63057542f2a449cb4d4b2

SHA512
b8d5eb043398caa58c20860e9c9a0f51b425d13ea73e50d624de200f4b2e77182c3be8e4aa53e3ea04265ba997dea3a26163fcebf824d8d04b5d8863f91a8396

Download Submit
C:\Users\Admin\Downloads\BLACK SOULS\Audio\BGM\タイトル、アリス.mp3

Filesize
1.7MB

MD5
b77ba8ff0e0fc1294ac1073bf904164d

SHA1
58c9438a2f777504a1772348c2f8dd6d15e3c7f9

SHA256
fa2221f60a91578a295b221a78795b60ce8dcd8ee19d5b430485d2482be4a554

SHA512
338678dfdb858c49206c4155565fe0664461a6cbfc9a7a98ba948480db2cb0c9c4dbd734f0729d4e17297318748382b6d51813717c70f7972979ee47976f81b7

Download Submit
C:\Users\Admin\Downloads\BLACK SOULS\Audio\BGM\ドロシー.mp3

Filesize
2.4MB

MD5
f4d2cbc4ba7eb50e2086ac6923f10c2c

SHA1
5f2b5633ba22ff292f95c9c4526f5e2a434c8171

SHA256
d949f88c6583513ee9b41c6c583a0eaf50b4b018423ee6f492eb9518f9774ce3

SHA512
3bb5ab01b5d1ee76470d5b061589c9a5b9a44cd02da2d12ab122b6ffaf58beffbcd7a56afc23e6739bb6e92aa1c2fd3cc3e3adb084c75e361fbd727004ef7bc5

Download Submit
C:\Users\Admin\Downloads\BLACK SOULS\Audio\BGM\ドロシー２.mp3

Filesize
4.4MB

MD5
507058db36f2c86674a4c3587470877d

SHA1
46b778f1eec80094684541969adfdbcfaa7bc38a

SHA256
a29f098cab45c126ff33793d10fe35fb83074d22d767be2500498dd954d78a32

SHA512
3c2ab39715392667dfa745aa3d769fcc2809c9f8c3108b4e5a9a88d8b88330fbcf688932f93b289d8fdbab6cb3e4801c3b5ebf399e48cf9d2a925d07caa1bc21

Download Submit
C:\Users\Admin\Downloads\BLACK SOULS\Audio\BGM\バフォメテーマ.mp3

Filesize
908KB

MD5
298e5b2744ad24e39f6e8c6ef9c0ccbf

SHA1
5e89a7568a9f76a4e861232e8dac82301e12de79

SHA256
4f4c98e4c1654acbd20c02d640a22bd0c1d3908d23bd212a23f41fa091317f5a

SHA512
9741af96077171d395519105dd98d13fe749f4df64d5044e766ee7c3737b86ab60fd9a8e7c8000a8192adb62b08b6197bd6bc1543b3d26162206e0ce59fc123d

Download Submit
C:\Users\Admin\Downloads\BLACK SOULS\Audio\BGM\パトラッシュ.mp3

Filesize
2.4MB

MD5
44e826cea97eb63079979f9de7cdfe7b

SHA1
ee287bcd060f966d42eb384d94c658d30f9f8f48

SHA256
241b22b2352a172be4b855e96dac540cdad2575e26b374e384d66ede1070e2a3

SHA512
008567c9ceb3157162ab02e6c9fe0b82427d5104cc5f44ace58606eddd4fb234e9e009bf43727dbcff9b79d971db3823d536f642f7e87f80d62be155dde76ff5

Download Submit
C:\Users\Admin\Downloads\BLACK SOULS\Audio\BGM\ピノッキオ.mp3

Filesize
2.3MB

MD5
d5fdf2f10760a570d7655c6ec52643a9

SHA1
a9858c0b3ebe7a43172d3bfb516afa89d0f454c5

SHA256
2512e91ab6e513df6af1f990dcd79d49b3ca7afe726e6a09cef13d4e365a1081

SHA512
7ce7249845e2bd322ae32c599c224384d0bd70f067434f1fa50e11a19bea3f8c03b6dac5d9294637b52cc77c4bf851e3fe377e82f30669b54d2ec312e9d91f49

Download Submit
C:\Users\Admin\Downloads\BLACK SOULS\Audio\BGM\ベヒモス.mp3

Filesize
5.2MB

MD5
b5d5f0ed6fb85f90dc7f8382f4c3921b

SHA1
e419f9a9b58f960bdd2435e9c0e275b7653218cb

SHA256
47d9dfa4b86572bdb1f357a976f91b91183779b57b6ddf337e7ce7bf96b87a18

SHA512
eab4d0f2c0626dfa8f36e25d53af137954f9600eab691232cfbf047a4d81fbca338eb6398193840f3ab99e79ac1233a61a46cb7ba788d1fb6a9574edd3ce5664

Download Submit
C:\Users\Admin\Downloads\BLACK SOULS\Audio\BGM\ボス.mp3

Filesize
4.5MB

MD5
32c6bf06cdf2ba6390061c48d59237c9

SHA1
6235718dd1674b200adb96dd3a3b530ac211f424

SHA256
57a1c6d525f5055aea95ad2207799e918281e9792acf3c9605afba82b6c6cebd

SHA512
2b38ff223d2bdf7bd65bef96511ec68198ce1e11c551413151fdbb2caf7c83c07526420853b5a97c0dbddedfe1f2f1a3d488063a3686527b59156c0ffabd5a67

Download Submit
C:\Users\Admin\Downloads\BLACK SOULS\Audio\BGM\リリス.mp3

Filesize
1.3MB

MD5
47dda1d74459f1c068c456cb94f2c746

SHA1
bd9cc7da6680f958f9a9bacaeb5cbeb0f94b278e

SHA256
1929bfa22f205ac8acc6de63e3f0f4f4ead85122bf6e070f5369b565d43d8471

SHA512
53c4e36c517c594d57a8fcab3886f7c9b3ddc405cf2825442739b8eb998967d215fa5bf606df46fabdd2dc78560f05a2cc7e8a4b60780a9565474a7bc58a0ab1

Download Submit
C:\Users\Admin\Downloads\BLACK SOULS\Audio\BGM\ヴィルト.mp3

Filesize
606KB

MD5
0de24137afe802db44a777f96698e962

SHA1
72200042695cee033db25103776ae24ad5ae4a00

SHA256
e29fd8e9d73e156d7aa2df5270b0fa0bf96a079e95e338cfb89cf69a9d547a84

SHA512
af43c121cff7144b8ef7038d8b1d84ec16dab15f399f791b4bd4f453570fb690744d7582c8fa0a0c34cf1bd3018e73dcebcbd5cd5739d09b6e4770047d775a67

Download Submit
C:\Users\Admin\Downloads\BLACK SOULS\Audio\BGM\不思議の国.mp3

Filesize
1.1MB

MD5
f18a28dd116e0db46793fdd4fc390d4c

SHA1
0442d2c02390f9f25a431e971dc13933d28375bc

SHA256
85671a53dcd86ad6bb3c81fb9ce22757cd64f3da4d03fd70c7ce7ff7b57dc403

SHA512
5e85dfb207be7b3aa4314683f61a528676ce7db8ff60ea84bc223b3d26c8f14594cd279475fb930fec51f5ffc8ceefefefbb64682df483002d2de9c18f7b73cd

Download Submit
C:\Users\Admin\Downloads\BLACK SOULS\Audio\BGM\不思議の国の戦い.mp3

Filesize
1.9MB

MD5
10ae2811abb24d6124cbdba2c465a5bc

SHA1
38ddc5e2f1a88f5656d22cfec8d6f0c8026821af

SHA256
ad8227332d118eb022b50121934725d397e35ee2d8bad49b86d64ae5cd5bbbfc

SHA512
2c1ade37db9babd70b5e552d6de4f9a768edcce9dd92dce3faa1816477543d5b5b9b52e73765e5e6463045e7ba4c9235c92c19a63eb00e3dab76da045cc581f9

Download Submit
C:\Users\Admin\Downloads\BLACK SOULS\Audio\BGM\五魔姫.mp3

Filesize
1.7MB

MD5
74133617c033629ffa73d4a8f6c243f2

SHA1
34702f5d7801e4ffcda3186ffbd624ed18044305

SHA256
de6d925f3a79cb6f80d6100749503462adf98f8488c79ee8f8e0a738949da324

SHA512
7e29be80b764973ecc8e8bc315268fe0574869eb213e0244d048ff7307cf6c9b824f957f81ab58697957e63e2c0620c53f29319466197d3dd8c6401a60d72ee6

Download Submit
C:\Users\Admin\Downloads\BLACK SOULS\Audio\BGM\人魚姫のピアノ.mp3

Filesize
1.6MB

MD5
fa24b3a28849f89c751d23947c9c8be8

SHA1
f8828e60ebf8ab874ed45d0ea6746dfdde920213

SHA256
f9c931a587bd79938651d3b59e23165eddf3b6bcf8d9205e7ea0f2c8da7a6d7a

SHA512
31416fe6bdb38f09cc007c9b249603bdf09971308c982d5b01c07b3588cea929dad4f632d1e572cf86ac7546f5d1af9f9a3cdc113019001d02e638e1b8352b9c

Download Submit
C:\Users\Admin\Downloads\BLACK SOULS\Audio\BGM\個別bad.mp3

Filesize
2.4MB

MD5
c974d1955f57553a95c1c71534bcf6a5

SHA1
9629f8114e3495d15ed7135b1432ae16b8c0e439

SHA256
193fc01ee8ec2d8ed079d3fb1f662e8860d2dab11cb166fa85b78720a4465a88

SHA512
29558ad02caef7b305bdc3bfc57a249a979439a860a6f632c001b6987c9f792a35aa1a0b6d1686a7c1f96fcb4ede58030f0bb4bef71e0cfe35c7586ec2f1d41c

Download Submit
C:\Users\Admin\Downloads\BLACK SOULS\Audio\BGM\個別good.mp3

Filesize
2.5MB

MD5
de59176cc2597a9a6ef6bf5619803307

SHA1
95d3c2b1808fea167c6ac05feec39ade34f55197

SHA256
71d22279653cce9bf227894ea35623c71fdd6e1b7a0db8a03ab142d0fb9a7d19

SHA512
2fe97ad5e238a15e6aeabfdd550928f03c1cbe3e6d7ea1b827094d2235cd7c23650eea9140b8ddc9ea7bc0c4e17bb0c488c9b2085d24fad9bad62bb31bc377a3

Download Submit
C:\Users\Admin\Downloads\BLACK SOULS\Audio\BGM\名無しのデーモン.wav

Filesize
21.5MB

MD5
23d09192ae2c9b26528e633b555f7da8

SHA1
68716a2bffcf762d0246bbb88afdd53941d16bad

SHA256
5b4eccba53653a37f100608c8da5e87e10a833d852a59cdea9041c4112b70ead

SHA512
c8c7ba8f107263ca9492e585bc8b32bdc99b3e7acf5c9a39dab7faafbca1ee91b5e33f3f42acc189c3292e97b6f191d247a761bea068bcccbee58620ad63525b

Download Submit
C:\Users\Admin\Downloads\BLACK SOULS\Audio\BGM\大聖堂.mp3

Filesize
2.8MB

MD5
330f5d71d427b579ebed1aebd0eb453b

SHA1
f02aa8f6164fa66433d4f393dd92fa9f737f3f86

SHA256
b059b6c7890f1981b3b84ca57284c522363acc3be70856bada8f54cc602aa25d

SHA512
b0d9addb0c006706e7de37183cdf63082081dfd7bfc7956adadac870252b16ebe0b83b7cc722df3deeac07733c0f053562409019f0804f951aec65fae68fe9f9

Download Submit
memory/396-1451-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/396-1390-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/1512-3416-0x0000000000400000-0x0000000000526000-memory.dmp

Filesize
1.1MB

Download
memory/1512-2599-0x0000000000400000-0x0000000000526000-memory.dmp

Filesize
1.1MB

Download
memory/3000-1452-0x0000000000400000-0x0000000000526000-memory.dmp

Filesize
1.1MB

Download
memory/4216-2598-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/4216-1823-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/4216-3417-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/4544-2560-0x0000017689D20000-0x0000017689D21000-memory.dmp

Filesize
4KB

Download
memory/4544-2569-0x0000017689D20000-0x0000017689D21000-memory.dmp

Filesize
4KB

Download
memory/4544-2568-0x0000017689D20000-0x0000017689D21000-memory.dmp

Filesize
4KB

Download
memory/4544-2567-0x0000017689D20000-0x0000017689D21000-memory.dmp

Filesize
4KB

Download
memory/4544-2566-0x0000017689D20000-0x0000017689D21000-memory.dmp

Filesize
4KB

Download
memory/4544-2570-0x0000017689D20000-0x0000017689D21000-memory.dmp

Filesize
4KB

Download
memory/4544-2571-0x0000017689D20000-0x0000017689D21000-memory.dmp

Filesize
4KB

Download
memory/4544-2565-0x0000017689D20000-0x0000017689D21000-memory.dmp

Filesize
4KB

Download
memory/4544-2559-0x0000017689D20000-0x0000017689D21000-memory.dmp

Filesize
4KB

Download
memory/4544-2561-0x0000017689D20000-0x0000017689D21000-memory.dmp

Filesize
4KB

Download
memory/4692-3423-0x000000000A080000-0x000000000A090000-memory.dmp

Filesize
64KB

Download
memory/4692-3432-0x000000000A080000-0x000000000A090000-memory.dmp

Filesize
64KB

Download
memory/4692-3422-0x000000000A080000-0x000000000A090000-memory.dmp

Filesize
64KB

Download
memory/4692-3420-0x000000000A080000-0x000000000A090000-memory.dmp

Filesize
64KB

Download
memory/4692-3424-0x000000000A080000-0x000000000A090000-memory.dmp

Filesize
64KB

Download
memory/4692-3427-0x0000000010000000-0x0000000010324000-memory.dmp

Filesize
3.1MB

Download
memory/4692-3428-0x0000000010000000-0x0000000010324000-memory.dmp

Filesize
3.1MB

Download
memory/4692-3429-0x000000000A080000-0x000000000A090000-memory.dmp

Filesize
64KB

Download
memory/4692-3430-0x000000000A080000-0x000000000A090000-memory.dmp

Filesize
64KB

Download
memory/4692-3421-0x000000000A080000-0x000000000A090000-memory.dmp

Filesize
64KB

Download
memory/4692-3433-0x000000000A080000-0x000000000A090000-memory.dmp

Filesize
64KB

Download
memory/4692-3431-0x000000000A080000-0x000000000A090000-memory.dmp

Filesize
64KB

Download
memory/4692-3436-0x0000000010000000-0x0000000010324000-memory.dmp

Filesize
3.1MB

Download
memory/4692-3439-0x0000000010000000-0x0000000010324000-memory.dmp

Filesize
3.1MB

Download
memory/4692-3442-0x0000000010000000-0x0000000010324000-memory.dmp

Filesize
3.1MB

Download
memory/4692-3419-0x0000000010000000-0x0000000010324000-memory.dmp

Filesize
3.1MB

Download
memory/4692-3450-0x0000000010000000-0x0000000010324000-memory.dmp

Filesize
3.1MB

Download
memory/4692-3453-0x0000000010000000-0x0000000010324000-memory.dmp

Filesize
3.1MB

Download