blacknet | hxxp://92[.]18[.]218[.]116

Resubmissions

14/06/2023, 17:56

230614-wh19macb9t 10

14/06/2023, 17:55

230614-whq4nacb28 7

14/06/2023, 17:15

230614-vsxthsbg45 10

Analysis

max time kernel
150s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
14/06/2023, 17:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://92.18.218.116

Score

10^/10

blacknet [id]trojan

Malware Config

Extracted

Family

blacknet

Version

v3.7.0 Public

Botnet

[ID]

[HOST]

Mutex

[MUTEX]

Attributes

antivm
false
elevate_uac
false
install_name
[Install_Name]
splitter
[Splitter]
start_name
[StartupName]
startup
false
usb_spread
false

aes.plain

Signatures

BlackNET
BlackNET is an open source remote access tool written in VB.NET.
trojan blacknet

BlackNET payload 18 IoCs

resource	yara_rule
behavioral1/files/0x0004000000022ee9-647.dat	family_blacknet
behavioral1/files/0x0004000000022ee9-688.dat	family_blacknet
behavioral1/files/0x0004000000022ee9-689.dat	family_blacknet
behavioral1/memory/4836-690-0x00000000007D0000-0x00000000007F0000-memory.dmp	family_blacknet
behavioral1/files/0x0004000000022ee9-710.dat	family_blacknet
behavioral1/files/0x0004000000022ee9-720.dat	family_blacknet
behavioral1/files/0x0004000000022ee9-722.dat	family_blacknet
behavioral1/files/0x0004000000022ee9-724.dat	family_blacknet
behavioral1/files/0x0004000000022ee9-725.dat	family_blacknet
behavioral1/files/0x0004000000022ee9-731.dat	family_blacknet
behavioral1/files/0x0004000000022ee9-732.dat	family_blacknet
behavioral1/files/0x0004000000022ee9-733.dat	family_blacknet
behavioral1/files/0x0004000000022ee9-734.dat	family_blacknet
behavioral1/files/0x0004000000022ee9-735.dat	family_blacknet
behavioral1/files/0x0004000000022ee9-745.dat	family_blacknet
behavioral1/files/0x0004000000022ee9-747.dat	family_blacknet
behavioral1/files/0x0004000000022ee9-748.dat	family_blacknet
behavioral1/files/0x0004000000022ee9-749.dat	family_blacknet

Contains code to disable Windows Defender 18 IoCs

A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

resource	yara_rule
behavioral1/files/0x0004000000022ee9-647.dat	disable_win_def
behavioral1/files/0x0004000000022ee9-688.dat	disable_win_def
behavioral1/files/0x0004000000022ee9-689.dat	disable_win_def
behavioral1/memory/4836-690-0x00000000007D0000-0x00000000007F0000-memory.dmp	disable_win_def
behavioral1/files/0x0004000000022ee9-710.dat	disable_win_def
behavioral1/files/0x0004000000022ee9-720.dat	disable_win_def
behavioral1/files/0x0004000000022ee9-722.dat	disable_win_def
behavioral1/files/0x0004000000022ee9-724.dat	disable_win_def
behavioral1/files/0x0004000000022ee9-725.dat	disable_win_def
behavioral1/files/0x0004000000022ee9-731.dat	disable_win_def
behavioral1/files/0x0004000000022ee9-732.dat	disable_win_def
behavioral1/files/0x0004000000022ee9-733.dat	disable_win_def
behavioral1/files/0x0004000000022ee9-734.dat	disable_win_def
behavioral1/files/0x0004000000022ee9-735.dat	disable_win_def
behavioral1/files/0x0004000000022ee9-745.dat	disable_win_def
behavioral1/files/0x0004000000022ee9-747.dat	disable_win_def
behavioral1/files/0x0004000000022ee9-748.dat	disable_win_def
behavioral1/files/0x0004000000022ee9-749.dat	disable_win_def

Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	watcher.exe

Executes dropped EXE 17 IoCs

pid	Process
1488	BlackNET Builder.exe
4836	stub.exe
632	watcher.exe
4292	stub.exe
4828	stub.exe
4968	stub.exe
2296	stub.exe
1884	stub.exe
1684	stub.exe
1448	stub.exe
4820	stub.exe
1796	stub.exe
4092	stub.exe
4592	stub.exe
5052	stub.exe
1512	stub.exe
5040	stub.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 16 IoCs

pid	pid_target	Process	procid_target
4192	1488	WerFault.exe	115
2240	4836	WerFault.exe	129
5032	4292	WerFault.exe	133
2232	4828	WerFault.exe	136
3728	4968	WerFault.exe	139
4668	2296	WerFault.exe	142
4532	1884	WerFault.exe	145
4544	1684	WerFault.exe	149
4768	1448	WerFault.exe	152
1820	4820	WerFault.exe	155
3332	1796	WerFault.exe	158
3420	4092	WerFault.exe	161
5112	4592	WerFault.exe	164
492	5052	WerFault.exe	167
1736	1512	WerFault.exe	170
5032	5040	WerFault.exe	173

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133312389807252992"	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4908	chrome.exe
4908	chrome.exe
632	watcher.exe
632	watcher.exe
632	watcher.exe
632	watcher.exe
632	watcher.exe
632	watcher.exe
632	watcher.exe
632	watcher.exe
632	watcher.exe
632	watcher.exe
632	watcher.exe
632	watcher.exe
632	watcher.exe
632	watcher.exe
632	watcher.exe
632	watcher.exe
632	watcher.exe
632	watcher.exe
632	watcher.exe
632	watcher.exe
632	watcher.exe
632	watcher.exe
632	watcher.exe
632	watcher.exe
632	watcher.exe
632	watcher.exe
632	watcher.exe
632	watcher.exe
632	watcher.exe
632	watcher.exe
632	watcher.exe
632	watcher.exe
632	watcher.exe
632	watcher.exe
632	watcher.exe
632	watcher.exe
632	watcher.exe
632	watcher.exe
632	watcher.exe
632	watcher.exe
632	watcher.exe
632	watcher.exe
632	watcher.exe
632	watcher.exe
632	watcher.exe
632	watcher.exe
632	watcher.exe
632	watcher.exe
632	watcher.exe
632	watcher.exe
632	watcher.exe
632	watcher.exe
632	watcher.exe
632	watcher.exe
632	watcher.exe
632	watcher.exe
632	watcher.exe
632	watcher.exe
632	watcher.exe
632	watcher.exe
632	watcher.exe
632	watcher.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe

Suspicious use of FindShellTrayWindow 50 IoCs

pid	Process
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4908 wrote to memory of 3436	4908	chrome.exe	87
PID 4908 wrote to memory of 3436	4908	chrome.exe	87
PID 4908 wrote to memory of 2720	4908	chrome.exe	88
PID 4908 wrote to memory of 2720	4908	chrome.exe	88
PID 4908 wrote to memory of 2720	4908	chrome.exe	88
PID 4908 wrote to memory of 2720	4908	chrome.exe	88
PID 4908 wrote to memory of 2720	4908	chrome.exe	88
PID 4908 wrote to memory of 2720	4908	chrome.exe	88
PID 4908 wrote to memory of 2720	4908	chrome.exe	88
PID 4908 wrote to memory of 2720	4908	chrome.exe	88
PID 4908 wrote to memory of 2720	4908	chrome.exe	88
PID 4908 wrote to memory of 2720	4908	chrome.exe	88
PID 4908 wrote to memory of 2720	4908	chrome.exe	88
PID 4908 wrote to memory of 2720	4908	chrome.exe	88
PID 4908 wrote to memory of 2720	4908	chrome.exe	88
PID 4908 wrote to memory of 2720	4908	chrome.exe	88
PID 4908 wrote to memory of 2720	4908	chrome.exe	88
PID 4908 wrote to memory of 2720	4908	chrome.exe	88
PID 4908 wrote to memory of 2720	4908	chrome.exe	88
PID 4908 wrote to memory of 2720	4908	chrome.exe	88
PID 4908 wrote to memory of 2720	4908	chrome.exe	88
PID 4908 wrote to memory of 2720	4908	chrome.exe	88
PID 4908 wrote to memory of 2720	4908	chrome.exe	88
PID 4908 wrote to memory of 2720	4908	chrome.exe	88
PID 4908 wrote to memory of 2720	4908	chrome.exe	88
PID 4908 wrote to memory of 2720	4908	chrome.exe	88
PID 4908 wrote to memory of 2720	4908	chrome.exe	88
PID 4908 wrote to memory of 2720	4908	chrome.exe	88
PID 4908 wrote to memory of 2720	4908	chrome.exe	88
PID 4908 wrote to memory of 2720	4908	chrome.exe	88
PID 4908 wrote to memory of 2720	4908	chrome.exe	88
PID 4908 wrote to memory of 2720	4908	chrome.exe	88
PID 4908 wrote to memory of 2720	4908	chrome.exe	88
PID 4908 wrote to memory of 2720	4908	chrome.exe	88
PID 4908 wrote to memory of 2720	4908	chrome.exe	88
PID 4908 wrote to memory of 2720	4908	chrome.exe	88
PID 4908 wrote to memory of 2720	4908	chrome.exe	88
PID 4908 wrote to memory of 2720	4908	chrome.exe	88
PID 4908 wrote to memory of 2720	4908	chrome.exe	88
PID 4908 wrote to memory of 2720	4908	chrome.exe	88
PID 4908 wrote to memory of 4484	4908	chrome.exe	89
PID 4908 wrote to memory of 4484	4908	chrome.exe	89
PID 4908 wrote to memory of 3640	4908	chrome.exe	90
PID 4908 wrote to memory of 3640	4908	chrome.exe	90
PID 4908 wrote to memory of 3640	4908	chrome.exe	90
PID 4908 wrote to memory of 3640	4908	chrome.exe	90
PID 4908 wrote to memory of 3640	4908	chrome.exe	90
PID 4908 wrote to memory of 3640	4908	chrome.exe	90
PID 4908 wrote to memory of 3640	4908	chrome.exe	90
PID 4908 wrote to memory of 3640	4908	chrome.exe	90
PID 4908 wrote to memory of 3640	4908	chrome.exe	90
PID 4908 wrote to memory of 3640	4908	chrome.exe	90
PID 4908 wrote to memory of 3640	4908	chrome.exe	90
PID 4908 wrote to memory of 3640	4908	chrome.exe	90
PID 4908 wrote to memory of 3640	4908	chrome.exe	90
PID 4908 wrote to memory of 3640	4908	chrome.exe	90
PID 4908 wrote to memory of 3640	4908	chrome.exe	90
PID 4908 wrote to memory of 3640	4908	chrome.exe	90
PID 4908 wrote to memory of 3640	4908	chrome.exe	90
PID 4908 wrote to memory of 3640	4908	chrome.exe	90
PID 4908 wrote to memory of 3640	4908	chrome.exe	90
PID 4908 wrote to memory of 3640	4908	chrome.exe	90
PID 4908 wrote to memory of 3640	4908	chrome.exe	90
PID 4908 wrote to memory of 3640	4908	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://92.18.218.116
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdcdc69758,0x7ffdcdc69768,0x7ffdcdc69778
  2⤵
  PID:3436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 --field-trial-handle=1812,i,6840048221120114708,10335649922288748779,131072 /prefetch:2
  2⤵
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1812,i,6840048221120114708,10335649922288748779,131072 /prefetch:8
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1812,i,6840048221120114708,10335649922288748779,131072 /prefetch:8
  2⤵
  PID:3640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3132 --field-trial-handle=1812,i,6840048221120114708,10335649922288748779,131072 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3148 --field-trial-handle=1812,i,6840048221120114708,10335649922288748779,131072 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 --field-trial-handle=1812,i,6840048221120114708,10335649922288748779,131072 /prefetch:8
  2⤵
  PID:3584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4888 --field-trial-handle=1812,i,6840048221120114708,10335649922288748779,131072 /prefetch:8
  2⤵
  PID:2684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4796 --field-trial-handle=1812,i,6840048221120114708,10335649922288748779,131072 /prefetch:8
  2⤵
  PID:2632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4812 --field-trial-handle=1812,i,6840048221120114708,10335649922288748779,131072 /prefetch:8
  2⤵
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4820 --field-trial-handle=1812,i,6840048221120114708,10335649922288748779,131072 /prefetch:8
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5020 --field-trial-handle=1812,i,6840048221120114708,10335649922288748779,131072 /prefetch:8
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4964 --field-trial-handle=1812,i,6840048221120114708,10335649922288748779,131072 /prefetch:8
  2⤵
  PID:1264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5244 --field-trial-handle=1812,i,6840048221120114708,10335649922288748779,131072 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 --field-trial-handle=1812,i,6840048221120114708,10335649922288748779,131072 /prefetch:8
  2⤵
  PID:2816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5308 --field-trial-handle=1812,i,6840048221120114708,10335649922288748779,131072 /prefetch:8
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5312 --field-trial-handle=1812,i,6840048221120114708,10335649922288748779,131072 /prefetch:8
  2⤵
  PID:3032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 --field-trial-handle=1812,i,6840048221120114708,10335649922288748779,131072 /prefetch:8
  2⤵
  PID:4296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4988 --field-trial-handle=1812,i,6840048221120114708,10335649922288748779,131072 /prefetch:8
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4804 --field-trial-handle=1812,i,6840048221120114708,10335649922288748779,131072 /prefetch:8
  2⤵
  PID:2628
- C:\Users\Admin\Downloads\BlackNET Builder.exe
  "C:\Users\Admin\Downloads\BlackNET Builder.exe"
  2⤵
  - Executes dropped EXE
  PID:1488
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 1488 -s 980
    3⤵
    - Program crash
    PID:4192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3980 --field-trial-handle=1812,i,6840048221120114708,10335649922288748779,131072 /prefetch:8
  2⤵
  PID:4112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5288 --field-trial-handle=1812,i,6840048221120114708,10335649922288748779,131072 /prefetch:8
  2⤵
  PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5332 --field-trial-handle=1812,i,6840048221120114708,10335649922288748779,131072 /prefetch:8
  2⤵
  PID:400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5564 --field-trial-handle=1812,i,6840048221120114708,10335649922288748779,131072 /prefetch:8
  2⤵
  PID:3648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 --field-trial-handle=1812,i,6840048221120114708,10335649922288748779,131072 /prefetch:8
  2⤵
  PID:872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5272 --field-trial-handle=1812,i,6840048221120114708,10335649922288748779,131072 /prefetch:8
  2⤵
  PID:3736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4468 --field-trial-handle=1812,i,6840048221120114708,10335649922288748779,131072 /prefetch:8
  2⤵
  PID:4824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 --field-trial-handle=1812,i,6840048221120114708,10335649922288748779,131072 /prefetch:8
  2⤵
  PID:3660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5616 --field-trial-handle=1812,i,6840048221120114708,10335649922288748779,131072 /prefetch:8
  2⤵
  PID:2632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4460 --field-trial-handle=1812,i,6840048221120114708,10335649922288748779,131072 /prefetch:8
  2⤵
  PID:3064
- C:\Users\Admin\Downloads\stub.exe
  "C:\Users\Admin\Downloads\stub.exe"
  2⤵
  - Executes dropped EXE
  PID:4836
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 4836 -s 980
    3⤵
    - Program crash
    PID:2240
- C:\Users\Admin\Downloads\watcher.exe
  "C:\Users\Admin\Downloads\watcher.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:632
- - C:\Users\Admin\Downloads\stub.exe
    "C:\Users\Admin\Downloads\stub.exe"
    3⤵
    - Executes dropped EXE
    PID:4292
  - - C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 4292 -s 980
      4⤵
      Program crash
      PID:5032
- - C:\Users\Admin\Downloads\stub.exe
    "C:\Users\Admin\Downloads\stub.exe"
    3⤵
    - Executes dropped EXE
    PID:4828
  - - C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 4828 -s 980
      4⤵
      Program crash
      PID:2232
- - C:\Users\Admin\Downloads\stub.exe
    "C:\Users\Admin\Downloads\stub.exe"
    3⤵
    - Executes dropped EXE
    PID:4968
  - - C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 4968 -s 984
      4⤵
      Program crash
      PID:3728
- - C:\Users\Admin\Downloads\stub.exe
    "C:\Users\Admin\Downloads\stub.exe"
    3⤵
    - Executes dropped EXE
    PID:2296
  - - C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 2296 -s 980
      4⤵
      Program crash
      PID:4668
- - C:\Users\Admin\Downloads\stub.exe
    "C:\Users\Admin\Downloads\stub.exe"
    3⤵
    - Executes dropped EXE
    PID:1884
  - - C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 1884 -s 980
      4⤵
      Program crash
      PID:4532
- - C:\Users\Admin\Downloads\stub.exe
    "C:\Users\Admin\Downloads\stub.exe"
    3⤵
    - Executes dropped EXE
    PID:1684
  - - C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 1684 -s 980
      4⤵
      Program crash
      PID:4544
- - C:\Users\Admin\Downloads\stub.exe
    "C:\Users\Admin\Downloads\stub.exe"
    3⤵
    - Executes dropped EXE
    PID:1448
  - - C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 1448 -s 980
      4⤵
      Program crash
      PID:4768
- - C:\Users\Admin\Downloads\stub.exe
    "C:\Users\Admin\Downloads\stub.exe"
    3⤵
    - Executes dropped EXE
    PID:4820
  - - C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 4820 -s 980
      4⤵
      Program crash
      PID:1820
- - C:\Users\Admin\Downloads\stub.exe
    "C:\Users\Admin\Downloads\stub.exe"
    3⤵
    - Executes dropped EXE
    PID:1796
  - - C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 1796 -s 980
      4⤵
      Program crash
      PID:3332
- - C:\Users\Admin\Downloads\stub.exe
    "C:\Users\Admin\Downloads\stub.exe"
    3⤵
    - Executes dropped EXE
    PID:4092
  - - C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 4092 -s 992
      4⤵
      Program crash
      PID:3420
- - C:\Users\Admin\Downloads\stub.exe
    "C:\Users\Admin\Downloads\stub.exe"
    3⤵
    - Executes dropped EXE
    PID:4592
  - - C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 4592 -s 980
      4⤵
      Program crash
      PID:5112
- - C:\Users\Admin\Downloads\stub.exe
    "C:\Users\Admin\Downloads\stub.exe"
    3⤵
    - Executes dropped EXE
    PID:5052
  - - C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 5052 -s 980
      4⤵
      Program crash
      PID:492
- - C:\Users\Admin\Downloads\stub.exe
    "C:\Users\Admin\Downloads\stub.exe"
    3⤵
    - Executes dropped EXE
    PID:1512
  - - C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 1512 -s 980
      4⤵
      Program crash
      PID:1736
- - C:\Users\Admin\Downloads\stub.exe
    "C:\Users\Admin\Downloads\stub.exe"
    3⤵
    - Executes dropped EXE
    PID:5040
  - - C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 5040 -s 980
      4⤵
      Program crash
      PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=836 --field-trial-handle=1812,i,6840048221120114708,10335649922288748779,131072 /prefetch:2
  2⤵
  PID:3304

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2040

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 452 -p 1488 -ip 1488
1⤵
PID:316

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 520 -p 4836 -ip 4836
1⤵
PID:1316

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 460 -p 4292 -ip 4292
1⤵
PID:524

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 512 -p 4828 -ip 4828
1⤵
PID:4956

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 500 -p 4968 -ip 4968
1⤵
PID:1224

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 500 -p 2296 -ip 2296
1⤵
PID:3676

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 544 -p 1884 -ip 1884
1⤵
PID:4112

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 504 -p 1684 -ip 1684
1⤵
PID:3396

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 516 -p 1448 -ip 1448
1⤵
PID:2792

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 472 -p 4820 -ip 4820
1⤵
PID:4256

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 468 -p 1796 -ip 1796
1⤵
PID:4640

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 384 -p 4092 -ip 4092
1⤵
PID:2540

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 472 -p 4592 -ip 4592
1⤵
PID:4848

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 384 -p 5052 -ip 5052
1⤵
PID:1240

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 460 -p 1512 -ip 1512
1⤵
PID:4836

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 384 -p 5040 -ip 5040
1⤵
PID:752

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.62.0_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.62.0_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1000B

MD5
fac9cbae742b2870dcbb75f7c6ffff0b

SHA1
38171d411a002c640040a67712b754e072164a26

SHA256
58ca7d08d16c8705d06d080c6d3cc03ade9a9d7eb626b6cc46c2b7697bd45075

SHA512
e2dd122e485d0dc53be9569abef2d1fdb370f509a02f7e433e2a584de087afa997a97a9b6d5d6db0d0dd203cfdb70efc816e5b2757739a5d05ae83b3860c0a57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
d510ec37d61229f0d79dd066be83d557

SHA1
f6aa19cf51991ff4789987730279d650d26829ca

SHA256
84532ad4965cc74ae5a938e37cbd46bafb902f57c6aeed512f7e72e873d96c9e

SHA512
31a5a7078630f33fda2f2cd1385e453fc3b1404a6d38cf58941ebb225c984ecdb6c5658c092438647c5b9042fa1289de3a49d1407aa2594b9506c6e29f40deb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e222f9899dd9a4271fd552f393e3df31

SHA1
250ff3901d6e8bdacce6be167e7676a82bb556d0

SHA256
2900785dc0333e327b8b415a42631c97d69cf8b9d649d521d80f5db6fb21bf75

SHA512
79722bcf8f91003fb073c91140c29718ef12cdc4daa742166f152e4418033fdb2464f4ae202d8600a3f2be8002238e5c3157c89ceee2deac68d370e1a98baf2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7d55677a6f995b85d13c8d7c3b2b7834

SHA1
bd5ee8abc5295a1322d6f66881dfde3f51bcc82a

SHA256
d01ed32111dbd27ff5f5e71df51cf794fd361e8a8a01243f454220d4a6a0c735

SHA512
2011ecb584b680b1a1b0fa1a232bd1400c1c88e010d046c4522d3e5b2ebecaf840f96fe880ae401a3c249a78c6865762563b4d5554e69d6d586cc67f21e602e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3da3a7255de06490c9c74d0e16e5008f

SHA1
a28e7663e447f3a426174e2a5fab6b9ed3367420

SHA256
c1f91444b117ab94089fc5496fa71911bbebfdebaf30480d4b2886dee8de34b6

SHA512
53519b805548ca591baf4ebaad6a35abb6cbe28193ad33a7419b137a1d2499f6edb26f9a3f5be3de69f966d7a70d6657d2bd48f66c29b54a20b15d0ab2dd434e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
cefd75473305bacda6fe7b5a943cb687

SHA1
52e0952599b4e080e87f8a12e62f21760ef7d18a

SHA256
8d7787acddf2b823d11a1e8e31d1c81d1b93d1f751791675be694ea3c601d1ce

SHA512
4575f408aa25094153e73fc54daab1cfdbb694e49f41df36cb69d2eb13f09b1a9d9f6243f82454542f8d6b7f09864ec303d264aadfb6e076374dd5992d79912f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
dbc03a16db9254c6f39de845a31c86c4

SHA1
7bf5421949273f7b23ae90354d917aa47e8e8cf9

SHA256
8d609ccdd464337e5f686962689fa0a2547a49f3f0bf76fbdc94187a83d70fd4

SHA512
fc442a38e841a08f38097dbb66f9b7a99d268ca1c4897716f9797507f89ddc398aa08be675f08ddfe513e40b6a44c1dfe2399e77414ad37cf21b59788afcecd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f3264a039f1ae06d59a1ded04a6faf75

SHA1
a4101ae1758607c6556b89e7cd2251a730fc461f

SHA256
31730145fb2f603c7ac2b1bc66dd8ef95a4b79feba6022c3fb407e35144526ca

SHA512
7553c2b0f58b6fe0dd442130d3e4bd9d2056fd4d9d3f23bcd569cd6e2b106522e9d45416c8c877ae994a1d6ae3e508d2d70b41c2891fe126e1575ebfcd381216

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
e6ad99e8e39886aa909835210282b255

SHA1
f65d4df07d9dc8b26a025c2d247a1d392f3e1ad0

SHA256
c50de0f5957fbcb8b319db1f968ca039371a2d610eb9950bb047fdf70d11d8ff

SHA512
2f589510de719a42dca2e5e34a273592d597e4a52300f04ac3dce2d0840220f95bd019f93955de9534e66c2aff6c028d9a9c3b97c4ed84b0c3819a8fad1efe6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
159KB

MD5
0189e34fb4c59588d88df10d4fbb42be

SHA1
e8c19202569ac2bd6f6751dfa1a25e04e2911031

SHA256
e767fb7268f9ba3594ef60977bca473ec4d32f1786d24dec6cc695721edb5246

SHA512
e9337473da5a83752fb752e19d414b90d36a96530dd55bb12edd08b93c1c4bceb8d046d271d2a1408161c9fb33cff8c780155370a17addb46e6ce8579259041b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
928b305c9fbe7aaf03d636e3cc665cf9

SHA1
cc8211dfd906badcd2026187be5354ebcb41b0dc

SHA256
ccbb9eaea7d108a46441c505c56badc29d462a87355822f2392b54d6bdbf84be

SHA512
be137ef87f86b45a0a5bc9620e13faa0800a3a6ca20031bfbb75310c8402502cee5a6f5b66454f53d7f1249e7e5167e2842b80fbbeb160a69c2d3c41dfb0a376

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57c3cd.TMP

Filesize
96KB

MD5
7b4f75df6e73f46dee165f59c40471fa

SHA1
c564f2459df1bcf7d0b3f239ce379b7db8bbfe9e

SHA256
39dac6f708609502deefde8da104bf116208d102bb5c3f2060e64a1110c1b027

SHA512
dde6b1c77e36ae65624881715da39469ae5657dac0dc542bcbdb00a48802e5b00cff36639936a745adb1f99dddb6a85e6b7ef3ac25fc69e4d07fae4fb5247f15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4908_1902464736\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4908_1902464736\e0d4da09-a281-40e3-b037-8638c6ccd115.tmp

Filesize
88KB

MD5
2cc86b681f2cd1d9f095584fd3153a61

SHA1
2a0ac7262fb88908a453bc125c5c3fc72b8d490e

SHA256
d412fbbeb84e2a6882b2f0267b058f2ceb97f501e440fe3f9f70fac5c2277b9c

SHA512
14ba32c3cd5b1faf100d06f78981deebbbb673299a355b6eaec88e6cb5543725242c850235a541afa8abba4a609bb2ec26e4a0526c6b198016b08d8af868b986

Download Submit
C:\Users\Admin\Downloads\BlackNET Builder.exe

Filesize
367KB

MD5
e426c21445dae36d36bb5d1cfe9d383b

SHA1
bfc79210d073fdb6511bdf6a0b519cc29cebbc3b

SHA256
f4461e8b0f3831b6ee77d57f52dd74f28e79114bc5bb29d6b7ab5ca3adbf27f6

SHA512
096d36231581a894d5e9a07bb8fbe6ba483b92545a32040d448519c7b0de417bce836a1c817dd0ddf5bb98483a4c17dd3013674b6275ffacdfa2155ab32ef3a0

Download Submit
C:\Users\Admin\Downloads\BlackNET Builder.exe

Filesize
367KB

MD5
e426c21445dae36d36bb5d1cfe9d383b

SHA1
bfc79210d073fdb6511bdf6a0b519cc29cebbc3b

SHA256
f4461e8b0f3831b6ee77d57f52dd74f28e79114bc5bb29d6b7ab5ca3adbf27f6

SHA512
096d36231581a894d5e9a07bb8fbe6ba483b92545a32040d448519c7b0de417bce836a1c817dd0ddf5bb98483a4c17dd3013674b6275ffacdfa2155ab32ef3a0

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 269322.crdownload

Filesize
102KB

MD5
e162b1333458a713bc6916cc8ac4110c

SHA1
7053e1ae3e60b42f9fb8850f8a727099530c8fcd

SHA256
2b3b8c1083bb3e4524b758a755cf17fbb352aa92d272912997bd0674365d6d02

SHA512
9a508117a757e4fcf192916641c77e26769e5939b6c3fa078fedad9a2821e24e69de0da74dd0cbff0309aa28cd813599dc261ded932a711dfdbb80c7ea3b353a

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 657062.crdownload

Filesize
367KB

MD5
e426c21445dae36d36bb5d1cfe9d383b

SHA1
bfc79210d073fdb6511bdf6a0b519cc29cebbc3b

SHA256
f4461e8b0f3831b6ee77d57f52dd74f28e79114bc5bb29d6b7ab5ca3adbf27f6

SHA512
096d36231581a894d5e9a07bb8fbe6ba483b92545a32040d448519c7b0de417bce836a1c817dd0ddf5bb98483a4c17dd3013674b6275ffacdfa2155ab32ef3a0

Download Submit
C:\Users\Admin\Downloads\stub.exe

Filesize
102KB

MD5
e162b1333458a713bc6916cc8ac4110c

SHA1
7053e1ae3e60b42f9fb8850f8a727099530c8fcd

SHA256
2b3b8c1083bb3e4524b758a755cf17fbb352aa92d272912997bd0674365d6d02

SHA512
9a508117a757e4fcf192916641c77e26769e5939b6c3fa078fedad9a2821e24e69de0da74dd0cbff0309aa28cd813599dc261ded932a711dfdbb80c7ea3b353a

Download Submit
C:\Users\Admin\Downloads\stub.exe

Filesize
102KB

MD5
e162b1333458a713bc6916cc8ac4110c

SHA1
7053e1ae3e60b42f9fb8850f8a727099530c8fcd

SHA256
2b3b8c1083bb3e4524b758a755cf17fbb352aa92d272912997bd0674365d6d02

SHA512
9a508117a757e4fcf192916641c77e26769e5939b6c3fa078fedad9a2821e24e69de0da74dd0cbff0309aa28cd813599dc261ded932a711dfdbb80c7ea3b353a

Download Submit
C:\Users\Admin\Downloads\stub.exe

Filesize
102KB

MD5
e162b1333458a713bc6916cc8ac4110c

SHA1
7053e1ae3e60b42f9fb8850f8a727099530c8fcd

SHA256
2b3b8c1083bb3e4524b758a755cf17fbb352aa92d272912997bd0674365d6d02

SHA512
9a508117a757e4fcf192916641c77e26769e5939b6c3fa078fedad9a2821e24e69de0da74dd0cbff0309aa28cd813599dc261ded932a711dfdbb80c7ea3b353a

Download Submit
C:\Users\Admin\Downloads\stub.exe

Filesize
102KB

MD5
e162b1333458a713bc6916cc8ac4110c

SHA1
7053e1ae3e60b42f9fb8850f8a727099530c8fcd

SHA256
2b3b8c1083bb3e4524b758a755cf17fbb352aa92d272912997bd0674365d6d02

SHA512
9a508117a757e4fcf192916641c77e26769e5939b6c3fa078fedad9a2821e24e69de0da74dd0cbff0309aa28cd813599dc261ded932a711dfdbb80c7ea3b353a

Download Submit
C:\Users\Admin\Downloads\stub.exe

Filesize
102KB

MD5
e162b1333458a713bc6916cc8ac4110c

SHA1
7053e1ae3e60b42f9fb8850f8a727099530c8fcd

SHA256
2b3b8c1083bb3e4524b758a755cf17fbb352aa92d272912997bd0674365d6d02

SHA512
9a508117a757e4fcf192916641c77e26769e5939b6c3fa078fedad9a2821e24e69de0da74dd0cbff0309aa28cd813599dc261ded932a711dfdbb80c7ea3b353a

Download Submit
C:\Users\Admin\Downloads\stub.exe

Filesize
102KB

MD5
e162b1333458a713bc6916cc8ac4110c

SHA1
7053e1ae3e60b42f9fb8850f8a727099530c8fcd

SHA256
2b3b8c1083bb3e4524b758a755cf17fbb352aa92d272912997bd0674365d6d02

SHA512
9a508117a757e4fcf192916641c77e26769e5939b6c3fa078fedad9a2821e24e69de0da74dd0cbff0309aa28cd813599dc261ded932a711dfdbb80c7ea3b353a

Download Submit
C:\Users\Admin\Downloads\stub.exe

Filesize
102KB

MD5
e162b1333458a713bc6916cc8ac4110c

SHA1
7053e1ae3e60b42f9fb8850f8a727099530c8fcd

SHA256
2b3b8c1083bb3e4524b758a755cf17fbb352aa92d272912997bd0674365d6d02

SHA512
9a508117a757e4fcf192916641c77e26769e5939b6c3fa078fedad9a2821e24e69de0da74dd0cbff0309aa28cd813599dc261ded932a711dfdbb80c7ea3b353a

Download Submit
C:\Users\Admin\Downloads\stub.exe

Filesize
102KB

MD5
e162b1333458a713bc6916cc8ac4110c

SHA1
7053e1ae3e60b42f9fb8850f8a727099530c8fcd

SHA256
2b3b8c1083bb3e4524b758a755cf17fbb352aa92d272912997bd0674365d6d02

SHA512
9a508117a757e4fcf192916641c77e26769e5939b6c3fa078fedad9a2821e24e69de0da74dd0cbff0309aa28cd813599dc261ded932a711dfdbb80c7ea3b353a

Download Submit
C:\Users\Admin\Downloads\stub.exe

Filesize
102KB

MD5
e162b1333458a713bc6916cc8ac4110c

SHA1
7053e1ae3e60b42f9fb8850f8a727099530c8fcd

SHA256
2b3b8c1083bb3e4524b758a755cf17fbb352aa92d272912997bd0674365d6d02

SHA512
9a508117a757e4fcf192916641c77e26769e5939b6c3fa078fedad9a2821e24e69de0da74dd0cbff0309aa28cd813599dc261ded932a711dfdbb80c7ea3b353a

Download Submit
C:\Users\Admin\Downloads\stub.exe

Filesize
102KB

MD5
e162b1333458a713bc6916cc8ac4110c

SHA1
7053e1ae3e60b42f9fb8850f8a727099530c8fcd

SHA256
2b3b8c1083bb3e4524b758a755cf17fbb352aa92d272912997bd0674365d6d02

SHA512
9a508117a757e4fcf192916641c77e26769e5939b6c3fa078fedad9a2821e24e69de0da74dd0cbff0309aa28cd813599dc261ded932a711dfdbb80c7ea3b353a

Download Submit
C:\Users\Admin\Downloads\stub.exe

Filesize
102KB

MD5
e162b1333458a713bc6916cc8ac4110c

SHA1
7053e1ae3e60b42f9fb8850f8a727099530c8fcd

SHA256
2b3b8c1083bb3e4524b758a755cf17fbb352aa92d272912997bd0674365d6d02

SHA512
9a508117a757e4fcf192916641c77e26769e5939b6c3fa078fedad9a2821e24e69de0da74dd0cbff0309aa28cd813599dc261ded932a711dfdbb80c7ea3b353a

Download Submit
C:\Users\Admin\Downloads\stub.exe

Filesize
102KB

MD5
e162b1333458a713bc6916cc8ac4110c

SHA1
7053e1ae3e60b42f9fb8850f8a727099530c8fcd

SHA256
2b3b8c1083bb3e4524b758a755cf17fbb352aa92d272912997bd0674365d6d02

SHA512
9a508117a757e4fcf192916641c77e26769e5939b6c3fa078fedad9a2821e24e69de0da74dd0cbff0309aa28cd813599dc261ded932a711dfdbb80c7ea3b353a

Download Submit
C:\Users\Admin\Downloads\stub.exe

Filesize
102KB

MD5
e162b1333458a713bc6916cc8ac4110c

SHA1
7053e1ae3e60b42f9fb8850f8a727099530c8fcd

SHA256
2b3b8c1083bb3e4524b758a755cf17fbb352aa92d272912997bd0674365d6d02

SHA512
9a508117a757e4fcf192916641c77e26769e5939b6c3fa078fedad9a2821e24e69de0da74dd0cbff0309aa28cd813599dc261ded932a711dfdbb80c7ea3b353a

Download Submit
C:\Users\Admin\Downloads\stub.exe

Filesize
102KB

MD5
e162b1333458a713bc6916cc8ac4110c

SHA1
7053e1ae3e60b42f9fb8850f8a727099530c8fcd

SHA256
2b3b8c1083bb3e4524b758a755cf17fbb352aa92d272912997bd0674365d6d02

SHA512
9a508117a757e4fcf192916641c77e26769e5939b6c3fa078fedad9a2821e24e69de0da74dd0cbff0309aa28cd813599dc261ded932a711dfdbb80c7ea3b353a

Download Submit
C:\Users\Admin\Downloads\stub.exe

Filesize
102KB

MD5
e162b1333458a713bc6916cc8ac4110c

SHA1
7053e1ae3e60b42f9fb8850f8a727099530c8fcd

SHA256
2b3b8c1083bb3e4524b758a755cf17fbb352aa92d272912997bd0674365d6d02

SHA512
9a508117a757e4fcf192916641c77e26769e5939b6c3fa078fedad9a2821e24e69de0da74dd0cbff0309aa28cd813599dc261ded932a711dfdbb80c7ea3b353a

Download Submit
C:\Users\Admin\Downloads\stub.exe

Filesize
102KB

MD5
e162b1333458a713bc6916cc8ac4110c

SHA1
7053e1ae3e60b42f9fb8850f8a727099530c8fcd

SHA256
2b3b8c1083bb3e4524b758a755cf17fbb352aa92d272912997bd0674365d6d02

SHA512
9a508117a757e4fcf192916641c77e26769e5939b6c3fa078fedad9a2821e24e69de0da74dd0cbff0309aa28cd813599dc261ded932a711dfdbb80c7ea3b353a

Download Submit
C:\Users\Admin\Downloads\watcher.exe

Filesize
17KB

MD5
89dd6e72358a669b7d6e2348307a7af7

SHA1
0db348f3c6114a45d71f4d218e0e088b71c7bb0a

SHA256
ad34794058212006ae974fcc6a0242598e6d020f08044439e3512773cd402b7e

SHA512
93b8a47686d7491281a0809b138a6244a535302ba0d6b2146849e9888632c72b6223ae8eb7a24f1006aaf57ab947a8f43719cff4837df559e7bf42f52c63856b

Download Submit
C:\Users\Admin\Downloads\watcher.exe

Filesize
17KB

MD5
89dd6e72358a669b7d6e2348307a7af7

SHA1
0db348f3c6114a45d71f4d218e0e088b71c7bb0a

SHA256
ad34794058212006ae974fcc6a0242598e6d020f08044439e3512773cd402b7e

SHA512
93b8a47686d7491281a0809b138a6244a535302ba0d6b2146849e9888632c72b6223ae8eb7a24f1006aaf57ab947a8f43719cff4837df559e7bf42f52c63856b

Download Submit
C:\Users\Admin\Downloads\watcher.exe

Filesize
17KB

MD5
89dd6e72358a669b7d6e2348307a7af7

SHA1
0db348f3c6114a45d71f4d218e0e088b71c7bb0a

SHA256
ad34794058212006ae974fcc6a0242598e6d020f08044439e3512773cd402b7e

SHA512
93b8a47686d7491281a0809b138a6244a535302ba0d6b2146849e9888632c72b6223ae8eb7a24f1006aaf57ab947a8f43719cff4837df559e7bf42f52c63856b

Download Submit
memory/632-706-0x000000001C390000-0x000000001C42C000-memory.dmp

Filesize
624KB

Download
memory/632-703-0x000000001B7A0000-0x000000001B846000-memory.dmp

Filesize
664KB

Download
memory/632-702-0x0000000000970000-0x000000000097C000-memory.dmp

Filesize
48KB

Download
memory/632-705-0x0000000000FB0000-0x0000000000FC0000-memory.dmp

Filesize
64KB

Download
memory/632-709-0x0000000000FB0000-0x0000000000FC0000-memory.dmp

Filesize
64KB

Download
memory/632-708-0x000000001C520000-0x000000001C56C000-memory.dmp

Filesize
304KB

Download
memory/632-704-0x000000001BE20000-0x000000001C2EE000-memory.dmp

Filesize
4.8MB

Download
memory/632-707-0x000000001B850000-0x000000001B858000-memory.dmp

Filesize
32KB

Download
memory/632-721-0x0000000000FB0000-0x0000000000FC0000-memory.dmp

Filesize
64KB

Download
memory/632-723-0x0000000000FB0000-0x0000000000FC0000-memory.dmp

Filesize
64KB

Download
memory/1488-614-0x000001FBBB020000-0x000001FBBB084000-memory.dmp

Filesize
400KB

Download
memory/1488-615-0x000001FBD5630000-0x000001FBD5640000-memory.dmp

Filesize
64KB

Download
memory/4592-746-0x0000000003000000-0x0000000003010000-memory.dmp

Filesize
64KB

Download
memory/4836-690-0x00000000007D0000-0x00000000007F0000-memory.dmp

Filesize
128KB

Download