blackguard | hxxp://we[.]tl/t-y4fuIcYgRT

Resubmissions

23-08-2023 10:57

230823-m2eejada7s 10

23-08-2023 10:41

230823-mq39hsbe82 10

Analysis

max time kernel
652s
max time network
657s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
23-08-2023 10:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://we.tl/t-y4fuIcYgRT

Score

10^/10

blackguard stealer

Malware Config

Signatures

BlackGuard
Infostealer first seen in Late 2021.
stealer blackguard

Executes dropped EXE 1 IoCs

pid	Process
2136	Builder.exe

Loads dropped DLL 4 IoCs

pid	Process
2136	Builder.exe
2136	Builder.exe
2136	Builder.exe
2136	Builder.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133372608911275276"	chrome.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3011986978-2180659500-3669311805-1000\{5F65E3AE-2ECA-40D6-851A-FE0797B7DD15}	msedge.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
3880	vlc.exe
324	vlc.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2756	chrome.exe
2756	chrome.exe
3568	chrome.exe
3568	chrome.exe
1120	msedge.exe
1120	msedge.exe
924	msedge.exe
924	msedge.exe
4476	identity_helper.exe
4476	identity_helper.exe
1708	msedge.exe
1708	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
3880	vlc.exe
324	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: 33	2552	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2552	AUDIODG.EXE
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
456	7zG.exe
3880	vlc.exe
3880	vlc.exe
3880	vlc.exe
3880	vlc.exe
3880	vlc.exe
3880	vlc.exe
3880	vlc.exe
3880	vlc.exe
3880	vlc.exe
3880	vlc.exe
3880	vlc.exe
3880	vlc.exe
3880	vlc.exe
3880	vlc.exe
3880	vlc.exe
3880	vlc.exe
3880	vlc.exe
3880	vlc.exe
3880	vlc.exe
3880	vlc.exe
3880	vlc.exe
3880	vlc.exe
3880	vlc.exe
3880	vlc.exe
3880	vlc.exe
3880	vlc.exe
3880	vlc.exe
3880	vlc.exe
3880	vlc.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
3880	vlc.exe
3880	vlc.exe
3880	vlc.exe
3880	vlc.exe
3880	vlc.exe
3880	vlc.exe
3880	vlc.exe
3880	vlc.exe
324	vlc.exe
324	vlc.exe
324	vlc.exe
324	vlc.exe
324	vlc.exe
324	vlc.exe
324	vlc.exe
324	vlc.exe
324	vlc.exe
324	vlc.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe

Suspicious use of SetWindowsHookEx 31 IoCs

pid	Process
3880	vlc.exe
3880	vlc.exe
3880	vlc.exe
3880	vlc.exe
324	vlc.exe
324	vlc.exe
324	vlc.exe
324	vlc.exe
2428	OpenWith.exe
1920	OpenWith.exe
1920	OpenWith.exe
1920	OpenWith.exe
4660	OpenWith.exe
4660	OpenWith.exe
4660	OpenWith.exe
4660	OpenWith.exe
4660	OpenWith.exe
4660	OpenWith.exe
4660	OpenWith.exe
4660	OpenWith.exe
4660	OpenWith.exe
4660	OpenWith.exe
4660	OpenWith.exe
4660	OpenWith.exe
4660	OpenWith.exe
4660	OpenWith.exe
4660	OpenWith.exe
4660	OpenWith.exe
4660	OpenWith.exe
4660	OpenWith.exe
4660	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2756 wrote to memory of 1040	2756	chrome.exe	80
PID 2756 wrote to memory of 1040	2756	chrome.exe	80
PID 2756 wrote to memory of 4216	2756	chrome.exe	82
PID 2756 wrote to memory of 4216	2756	chrome.exe	82
PID 2756 wrote to memory of 4216	2756	chrome.exe	82
PID 2756 wrote to memory of 4216	2756	chrome.exe	82
PID 2756 wrote to memory of 4216	2756	chrome.exe	82
PID 2756 wrote to memory of 4216	2756	chrome.exe	82
PID 2756 wrote to memory of 4216	2756	chrome.exe	82
PID 2756 wrote to memory of 4216	2756	chrome.exe	82
PID 2756 wrote to memory of 4216	2756	chrome.exe	82
PID 2756 wrote to memory of 4216	2756	chrome.exe	82
PID 2756 wrote to memory of 4216	2756	chrome.exe	82
PID 2756 wrote to memory of 4216	2756	chrome.exe	82
PID 2756 wrote to memory of 4216	2756	chrome.exe	82
PID 2756 wrote to memory of 4216	2756	chrome.exe	82
PID 2756 wrote to memory of 4216	2756	chrome.exe	82
PID 2756 wrote to memory of 4216	2756	chrome.exe	82
PID 2756 wrote to memory of 4216	2756	chrome.exe	82
PID 2756 wrote to memory of 4216	2756	chrome.exe	82
PID 2756 wrote to memory of 4216	2756	chrome.exe	82
PID 2756 wrote to memory of 4216	2756	chrome.exe	82
PID 2756 wrote to memory of 4216	2756	chrome.exe	82
PID 2756 wrote to memory of 4216	2756	chrome.exe	82
PID 2756 wrote to memory of 4216	2756	chrome.exe	82
PID 2756 wrote to memory of 4216	2756	chrome.exe	82
PID 2756 wrote to memory of 4216	2756	chrome.exe	82
PID 2756 wrote to memory of 4216	2756	chrome.exe	82
PID 2756 wrote to memory of 4216	2756	chrome.exe	82
PID 2756 wrote to memory of 4216	2756	chrome.exe	82
PID 2756 wrote to memory of 4216	2756	chrome.exe	82
PID 2756 wrote to memory of 4216	2756	chrome.exe	82
PID 2756 wrote to memory of 4216	2756	chrome.exe	82
PID 2756 wrote to memory of 4216	2756	chrome.exe	82
PID 2756 wrote to memory of 4216	2756	chrome.exe	82
PID 2756 wrote to memory of 4216	2756	chrome.exe	82
PID 2756 wrote to memory of 4216	2756	chrome.exe	82
PID 2756 wrote to memory of 4216	2756	chrome.exe	82
PID 2756 wrote to memory of 4216	2756	chrome.exe	82
PID 2756 wrote to memory of 4216	2756	chrome.exe	82
PID 2756 wrote to memory of 3772	2756	chrome.exe	83
PID 2756 wrote to memory of 3772	2756	chrome.exe	83
PID 2756 wrote to memory of 2008	2756	chrome.exe	84
PID 2756 wrote to memory of 2008	2756	chrome.exe	84
PID 2756 wrote to memory of 2008	2756	chrome.exe	84
PID 2756 wrote to memory of 2008	2756	chrome.exe	84
PID 2756 wrote to memory of 2008	2756	chrome.exe	84
PID 2756 wrote to memory of 2008	2756	chrome.exe	84
PID 2756 wrote to memory of 2008	2756	chrome.exe	84
PID 2756 wrote to memory of 2008	2756	chrome.exe	84
PID 2756 wrote to memory of 2008	2756	chrome.exe	84
PID 2756 wrote to memory of 2008	2756	chrome.exe	84
PID 2756 wrote to memory of 2008	2756	chrome.exe	84
PID 2756 wrote to memory of 2008	2756	chrome.exe	84
PID 2756 wrote to memory of 2008	2756	chrome.exe	84
PID 2756 wrote to memory of 2008	2756	chrome.exe	84
PID 2756 wrote to memory of 2008	2756	chrome.exe	84
PID 2756 wrote to memory of 2008	2756	chrome.exe	84
PID 2756 wrote to memory of 2008	2756	chrome.exe	84
PID 2756 wrote to memory of 2008	2756	chrome.exe	84
PID 2756 wrote to memory of 2008	2756	chrome.exe	84
PID 2756 wrote to memory of 2008	2756	chrome.exe	84
PID 2756 wrote to memory of 2008	2756	chrome.exe	84
PID 2756 wrote to memory of 2008	2756	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://we.tl/t-y4fuIcYgRT
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8352d9758,0x7ff8352d9768,0x7ff8352d9778
  2⤵
  PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1888,i,17843053818390314040,4111390434954983306,131072 /prefetch:2
  2⤵
  PID:4216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1888,i,17843053818390314040,4111390434954983306,131072 /prefetch:8
  2⤵
  PID:3772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1888,i,17843053818390314040,4111390434954983306,131072 /prefetch:8
  2⤵
  PID:2008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2920 --field-trial-handle=1888,i,17843053818390314040,4111390434954983306,131072 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2928 --field-trial-handle=1888,i,17843053818390314040,4111390434954983306,131072 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4636 --field-trial-handle=1888,i,17843053818390314040,4111390434954983306,131072 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3900 --field-trial-handle=1888,i,17843053818390314040,4111390434954983306,131072 /prefetch:1
  2⤵
  PID:4160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4896 --field-trial-handle=1888,i,17843053818390314040,4111390434954983306,131072 /prefetch:1
  2⤵
  PID:1212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 --field-trial-handle=1888,i,17843053818390314040,4111390434954983306,131072 /prefetch:8
  2⤵
  PID:2168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 --field-trial-handle=1888,i,17843053818390314040,4111390434954983306,131072 /prefetch:8
  2⤵
  PID:4624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4988 --field-trial-handle=1888,i,17843053818390314040,4111390434954983306,131072 /prefetch:8
  2⤵
  PID:820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5716 --field-trial-handle=1888,i,17843053818390314040,4111390434954983306,131072 /prefetch:1
  2⤵
  PID:4012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5896 --field-trial-handle=1888,i,17843053818390314040,4111390434954983306,131072 /prefetch:1
  2⤵
  PID:3752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6036 --field-trial-handle=1888,i,17843053818390314040,4111390434954983306,131072 /prefetch:8
  2⤵
  PID:1904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6148 --field-trial-handle=1888,i,17843053818390314040,4111390434954983306,131072 /prefetch:8
  2⤵
  PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6204 --field-trial-handle=1888,i,17843053818390314040,4111390434954983306,131072 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4648 --field-trial-handle=1888,i,17843053818390314040,4111390434954983306,131072 /prefetch:1
  2⤵
  PID:3304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4936 --field-trial-handle=1888,i,17843053818390314040,4111390434954983306,131072 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3352 --field-trial-handle=1888,i,17843053818390314040,4111390434954983306,131072 /prefetch:8
  2⤵
  PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1612 --field-trial-handle=1888,i,17843053818390314040,4111390434954983306,131072 /prefetch:8
  2⤵
  PID:3388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2544 --field-trial-handle=1888,i,17843053818390314040,4111390434954983306,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5932 --field-trial-handle=1888,i,17843053818390314040,4111390434954983306,131072 /prefetch:8
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4744 --field-trial-handle=1888,i,17843053818390314040,4111390434954983306,131072 /prefetch:8
  2⤵
  PID:4780

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5036

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4e4 0x4a8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2552

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1992

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\BlackGuard Stealer Builder\" -ad -an -ai#7zMap26072:112:7zEvent8314
1⤵
- Suspicious use of FindShellTrayWindow
PID:456

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\BlackGuard Stealer Builder\BlackGuard Stealer Builder\bandicam 2022-05-12 17-09-20-649.mp4"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3880

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\BlackGuard Stealer Builder\BlackGuard Stealer Builder\Установка.txt
1⤵
PID:2880

C:\Users\Admin\Downloads\BlackGuard Stealer Builder\BlackGuard Stealer Builder\Builder\Builder.exe
"C:\Users\Admin\Downloads\BlackGuard Stealer Builder\BlackGuard Stealer Builder\Builder\Builder.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2136

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\BlackGuard Stealer Builder\BlackGuard Stealer Builder\bandicam 2022-05-12 17-09-20-649.mp4"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:324

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2428

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\BlackGuard Stealer Builder\BlackGuard Stealer Builder\Panel\bd.sql
1⤵
PID:3596

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\02118409643dbdad9710c6571b02130e\" -ad -an -ai#7zMap186:124:7zEvent879
1⤵
PID:4548

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1920

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4660
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\02118409643dbdad9710c6571b02130e\02118409643dbdad9710c6571b02130e
  2⤵
  PID:888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff82fdc46f8,0x7ff82fdc4708,0x7ff82fdc4718
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,5251528386317689086,17518977219165334410,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,5251528386317689086,17518977219165334410,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,5251528386317689086,17518977219165334410,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5251528386317689086,17518977219165334410,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5251528386317689086,17518977219165334410,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5251528386317689086,17518977219165334410,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:1256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5251528386317689086,17518977219165334410,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,5251528386317689086,17518977219165334410,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3500 /prefetch:8
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,5251528386317689086,17518977219165334410,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3500 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5251528386317689086,17518977219165334410,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3628 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5251528386317689086,17518977219165334410,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5251528386317689086,17518977219165334410,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5251528386317689086,17518977219165334410,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5251528386317689086,17518977219165334410,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2192,5251528386317689086,17518977219165334410,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5352 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2192,5251528386317689086,17518977219165334410,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5324 /prefetch:8
  2⤵
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5251528386317689086,17518977219165334410,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
  2⤵
  PID:5008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:528

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2340

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000030

Filesize
324KB

MD5
ba006bea965c9abbc165eeda0c2b9d46

SHA1
c604ccc9d5579a6257b9a5166fe767c4d7b2ce96

SHA256
f69dc178178c006b812eb0fcd1049a35857343e7efd6b1fa2d5341a401bb03e3

SHA512
72815f755f1fd0efa7ae2eda195acc243989964cdda07d73be9bf2b51f6594204c8c0b68e570fc766c550b62eb605200173950cfa480d4daa484a0780de7b94c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000036

Filesize
84KB

MD5
97d6d55bd3e58e5d7f075cc9a539d939

SHA1
b6ae2c24110673d7a3b19f427deb3aa571b79b8a

SHA256
cfcc7a23bcbda5ac926d84166bafc17495718897f4b56a7c6328f51af971962f

SHA512
5443da0a95c4065cf6052f8b4a5beb9690fa446be1cd621d40892c7da4bc3600179a53276268ab03ea9ea50c1a4ae78b385cf069d0208d58a299e21e91ca7469

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000039

Filesize
70KB

MD5
1aa6150f7bd36648316bbb3d7229f838

SHA1
f03c45d1bfea4357e2407a937d61e6a1573e5291

SHA256
350ddd1b07c20d3aa9cb1a68d5524725c00fd56597aa02894552d085da75fb32

SHA512
5eb1ca5211bda94ba28217a98d76bd1e08817222a49f16c3872d34afb41de23f9c6b959d3ab94219ad844b2bd03ff45d28589d5e568903b64bd6835b69d1ebd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a

Filesize
39KB

MD5
6a3bb9c5ba28ee73af6c1b53e281b0cf

SHA1
d96e403c99c1707f82ea29c2c1f134e792c64097

SHA256
2f5adfc38558162578ffe112229f10417fbc4b3df025d153d4e22a0c95177740

SHA512
6c4844f70969938339cb6716a834a79e1a8379459c87b983c2518b9cbb560cb2f101aff980f682989928523be6cdc99bde3bfd8137f9c54a58191b900b580fbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
aaeb7192743acf91f3c9aa58b9f62b5a

SHA1
45d9ab1fecb3d59c14696cbb13510f7d73e52a78

SHA256
ebe91af74ac8367f808faa4378f73fec5501137907f9cec0fa48fffe8e728e6f

SHA512
2beac5cacd308d450baf36973a643787aed21246fe61c56ad295a258db93999c6d8ca2ecdb8dc587a7465f3f94a27212ec6f356f614c530d7f17afe4f46a8331

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
306c6de63561e556bb656d8510a8b29d

SHA1
4b404d5cc52e395f1ba60961a2e12c8d58f45be2

SHA256
83df83119d4ce610a7b66168c827b5b7561c6c153322bf3e05ddefc11a1bc8b1

SHA512
2a270a2408f5cdf4ccee27a0530d8cc222d08ba15a489d8942d62bdbd49f13bdc4983b19d90f98c17c3cee89f04edc1a539cc17ae688ed3452ec28db03534239

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
24e2919df918ad1a3559dea03d402aad

SHA1
15e4439a1c2f5ef0c8722e25f7fd0f24b3745557

SHA256
7a4cc82660a9eb82e85aec4d9e92d6cdbbada881d52336013628ca65417796dd

SHA512
b261ddd4648b4da3c1abafffbf955d0416c36c954f9cd743397ea70018e8d5939706ddb2b9cd7fc1e4755f06795582e03d96252ecf1f2048609a4b8086ef4a18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
c4cbd3a014ea03402c6c67e236f46b7d

SHA1
9dfdb2a73d95bff35cdb04969c949ae1a394654b

SHA256
d10df21bce82ef39060c75492f601a7566e05abb019eb72d288a99dfee452d14

SHA512
823e4e687a120cc85ff928cbf0bb52cd95b704242083a14c3990ba203a0fd80c0cf714f390c76f952a91a07d7eceeeaa5a63cdff0241bbb329aadc32e809a03f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
5a3169705bfda97ec91f0ecadd185b25

SHA1
b8596789a84eb91ed130e94688942716f80c89fe

SHA256
cdc7500c51c4a2136355eb37d10551a3537216cd3e1564b4c120529c865cc017

SHA512
76642c80aa23bf5ca529ce308f97459c7f167d55de172a51dc9ecc8fc52bde67988513a994066b40b2980e8129f56cd87b95629aed95731a97dcc94f70b61a92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
d77f3ba61bd76eda4af78b4d12b79da1

SHA1
80fad30a429723a951535e61ff310b30d2a1d07a

SHA256
c23a1313883fcfe1895915e187334b80efb2af199ba089a43f03604a9754967e

SHA512
e402c7e7625f5eaf041523d0d490f1b7972d88f29f847db1364210999f8de1b0db5ac512854ff8bdefcd6108343c2a88ac1b27e53dc95a1506510c85b65eaf82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
723f88e656af651cf9cebede9cb709aa

SHA1
4826550c40d9626ce153515ae288ae766339edb8

SHA256
9c4cb6d2f017549776490f04ca36a7061a80e2de434c5e5ba2f666dc309bff23

SHA512
e5925604f0ab19cd2b9491add194bac712e3bf3ce7bfdef51a76ea269292e5150a5501eed8be35d029b714f2439856a5c66c3b5af4ef074c36caf81bdb2a9651

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
5effb07258255b9941530f18ddc35e2f

SHA1
ff494f1fb0149c492c725bc90849128aa32cde19

SHA256
6d3f98282319ee00403fb4ad979f97bf27d425e8b396636d1dcc8c078780ab73

SHA512
e0288b4c925b2907e6cefdd75e7fe2135be8133d316b4a06fd5a8c41f72d32a4d93ac377e7ad83ea463938574af8cbeab839194ab9ca364f6f331c0714aab10b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a288393f8b390e12696f075f664d1198

SHA1
ce89b2577f8c69232c7026ffc5aa8e507ae7d40c

SHA256
dfc4426ecc23b53e46618bb92d54ebebcb75b35d54b53296b9897a85160e87bf

SHA512
17312d53515bb0af16604c27222d202f4da774d9279b8f15678a841db6af38bbfb3455e8d223a34c32525cc4f676a85e965721cd5b8277b158e96f22cfc7a2b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
13d44b7dd7ae9f0b90c22d137168b3be

SHA1
597276d3dd90e9b7871fa1659fcad56006248aa4

SHA256
a3a424e5d29b95edd08e9f42c109b08b4be069c9b3a2989e348c358c042a03ab

SHA512
1ebff7d9b8d776ff83218c5c9be293cea6fbfed97878371c78290f111f8249779081a7c03602c39ec196c7c0f7974c99c4241a24131a652ecb23eae264c5c2bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a353decd4801cb7171dbc69cfa6ed899

SHA1
9fd77935351b8299fb3a85658281e30ca888ac8a

SHA256
e328370580b912a38e7f4eb1aa4f19f5cf9d83e11a1d3b48f963f9e1dfd47582

SHA512
b6be4f449de04d5e25b7ab672bb83436f18242422f1bdb92b5fb6a789807830becfb490eff90db3a4ada358826079cd576d7596bab3b75e2d02af5af744ebc1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
83aa42584dc9fbdb47184d9d4835300b

SHA1
3f6fbc2f8d7f734b1068f8aa38f0992da20fb11e

SHA256
1d261f20a82c9eb70140b96644f618045830de7bd3040441b3a681ae8eb62229

SHA512
eeea2cd560656abf24e186e581c1e717ebbd2257ba55029d4cea8189c1b93983df3f06e8fdd8c9af5cbf91abfb63ef3a3875b84a30d11dff0d4f9b627d7ea6ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
2e14c62770b076743e304336b46c4e78

SHA1
3515ac293f587fdbe6c8e39c4d794b1c73ab1408

SHA256
3e4c99723e5c526f30e595352e5a728e281e553158f260e10bdf0f9c2af128c1

SHA512
10d17bc406e022a026334d968ac7fec96a551446682e916b9d5388850102c323802b14bb1dc9448e416f54a20ab0885198215155581026af1150676de2b73c7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
652ae132f8ba625430d2609644b7efaf

SHA1
22d9f4e84cd31be12c73337f687f6d3630a16a92

SHA256
d3826f270e367a1fc9c9c17f4967745dff715db74ca9c6f2b36a715bb65cf40a

SHA512
2e6d7046f4296bd6337855e36830b8f82f4a32ba1218fe41159b0550c18e5b81d9da307f7fc8a171c800dfe8d3a419bcb928b691e438048214f4602cdd6be426

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
cc435b6871b3e98ca0dddf1ea2b407cd

SHA1
a013743dad5d7031c5ecbd73dc7cd5b0f67a3a59

SHA256
592f7d77a0886a79361d840a4b73a0c85122ea90ab9da0cfe15f16007c4cd402

SHA512
bc2ec90f0ec579fe5b7d4949a8c107b6a8d2d9c4db2b72b3e5142665f44d63caee29dcf87320fb95ddf6436ec1c9529e817c28dd887037a485e8f3cad9958a54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
1b54472f1bec637a11e688c087a6bc0b

SHA1
676662c8fa775fb05229f4f7e65afb4a211a78e9

SHA256
d6bd8906f693184eabef3aac36119b2a6f232f3534ca73472521a024be4340db

SHA512
c22ca9360d388c01efc0f0b60379d89d7e5979ddd45b38375103ea347075e2c2c46d844e168003a25336a04d04747ee7fe3468a15b1bd4a2e2b9338817a3c374

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
7271112ba0230fc30d2fb8f6718d6653

SHA1
aa41a1b4a476e0e18019bb39cf71636bb6234f3c

SHA256
5d7dd780910fc6c693ebbfb3d408d43b8a424206edc5f855349212f34bf2dbb9

SHA512
ffcfecd98c29442e11738f6d8cf5e8737eab03e2d0d40a42c1b4daf775f80be0ede501f614e93dbe99ecffd8d37344e2e7aed580d5447e77c5b27a26f3875eb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
cdf19a0825ffc6572daa8bc93d91da41

SHA1
677015e45e1198a2a41f7de703bb481e418ac7a9

SHA256
9ff46a5ce9fcb32582361522e005ea439098b9c5ca033defb6f3edbde449593f

SHA512
5c0ec42249206e8029577af11822a10dae0fced7282f757a99a5f1c559f5ff7aabafd626976c35e656369e45ecf3c06a9e61d71e3e0ef8791d4df8ae3bdae608

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58aa83.TMP

Filesize
104KB

MD5
45c64ef3222a218ce67432549b605826

SHA1
379fe9308a33d1cacbaeae43d0afc7fa0369c282

SHA256
c6bbc15449fd03a29d5bd04905326a296978f4353daf8d817741acec49a2ec94

SHA512
ac08edb4e4ac6674d648a5ae61ea3345e18d651214a68c95e8868ebee4a438502ce71f8594b4fa8365874e7d355c996ef30b27f5ac6a4a5b997d98f3e2186f1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
a6e676515868dde57838489d4dcb9d20

SHA1
951ea285bea5a76662c81e49d99cd9334300e2d7

SHA256
19050ee7f23c703c019d84e2f09c19375186ea766f757174251157986bb889a9

SHA512
eabdc4c1ec05d6750280c2c08b7a75f17ca8daf1139a1a5dd3a1cd4c3ef236d419ab4fe4748bfae47190c0c3716d89b02e2a3cf3cc99778cedee2fa177ef3766

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b5f5369274e3bfbc449588bbb57bd383

SHA1
58bb46d57bd70c1c0bcbad619353cbe185f34c3b

SHA256
4190bd2ec2c0c65a2b8b97782cd3ae1d6cead80242f3595f06ebc6648c3e3464

SHA512
04a3816af6c5a335cde99d97019a3f68ade65eba70e4667c4d7dd78f78910481549f1dad23a46ccf9efa2e25c6e7a7c78c592b6ace951e1aab106ba06a10fcd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e4f0010520a711165fa6051ebd8c8834

SHA1
d289210f79fabde9099206cc12fc3eba0ea7cfce

SHA256
dca8656c0767598b365daed7feae7810bb10fbefc487f531121e5383d238bf2e

SHA512
a0c2705a6640cd2ea0b20d87143906919f8abf5e82c165e3d8e2def0ad3263c86da1324798565a189be72d7096ca67f7cd2482ad4e65f8b7641fbcde53a846a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
467B

MD5
4c9a568494373345deffe81b662eb10c

SHA1
6e776a47404df468f9b2c2c7657d73129f6bc1c7

SHA256
e8c63b00abde887eda32538df8dc979a491d190583f369afb2ff9fb7be73876c

SHA512
6e8a4040bc6bec917f372a0e6d712231885df8edd7555385d731cec63352862980da209ce146c7fbb9b138947fb0829c04d7f6ebef662282a234961901e46c03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
aa7ba539845f399ee32a01c3438a4f44

SHA1
56b9aacf833dc90cb2b69d3276ff354f8663d516

SHA256
5ab416b52b4cf6d2537bae00e54d395dd7b01a5387d5a4504d17f06def556d90

SHA512
a57d6803ce2c92f0a4e45fe2989c9673e6b0ec8b0fa8fedc5f41e515a8d04d29bb215212a21fb66db67ab4ac94b24362c4901be6d5224b4289edbcd1b0f525a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0438a8c26811ec1b5d288713746b444d

SHA1
0dd70edc273500741f7cb32151d9043bca458624

SHA256
82fe96a0c5dfe3923825aa007d5ce8314517cda53cd65e683843e33480afda50

SHA512
6c73c44244597976a4dc26f3451c70ee8dea35af8d4d2f1514459b70fc2d283ec0a50d4848f9c0f09a7207f820e519731e3fa2f18c3526188dcf5c65209cfc1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b680798806a45e4f175ead1013e44f7c

SHA1
196aa2e6b84af6df220b35f7054e6bcb67aca08d

SHA256
c258b20f4bf34321ecae551aced8ef5a9aadd633ac4a9df10ac38236f88119d4

SHA512
c9e39c8076b19e14f0eea133ed45e86c527686b91b86f35b0376eddfc3cc32314207e599c7bc7966b2eacfe787f23c5d3ffdbe9bf031a0e7595c9d17d5a33686

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
714fa22a96ee9fb44a150fb87d3d8d8d

SHA1
81aa37dedb770f08d0a420f8260856d38040ff00

SHA256
1d3abb171655fc545257b273ca988ae2afabdd5ff40586ec7674b042abf6f812

SHA512
5a098d6f7a51e86c6a0b9cb2bd0070ebd4407d862a80aa9296cd83347fdbf8fdf35a712ec03ff9adeed1f09ba6385935d06abacd354d745ae234b3c8857b60a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
29213338df67d29d6454ee5d61ad3970

SHA1
8c69ca76a2e639060d5ce835a9600e6ea3764a83

SHA256
d29fc0d97fa74d382d0f557ecea4e42b7d50dbce43915bfc0c114c16e532aa51

SHA512
14db25eba8a863d390b97fce4315402ed7c249598ff6c31d5a191b0f71c274eead42ba0658403e744110de072e6ff1cac3bccee1e48875bde6b1fe39a60d2407

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
5e6f7f42fd745e1d7050d46e26a8ad54

SHA1
36b0956bbdda0537d90d425eaef1470d2745fc3b

SHA256
3078508d6f090947c2c11ec22e2a397d66035e3b4b5fd9e3a2ff6354a3efa280

SHA512
9631e193dabcbf5442c9ed01bb13e302cf4a839e84e4b09d2d557917f3af2a76d0ba460bdeeecdef2fe96b7b6108697af6bd0ee7eb545bf5d99b66538155fbdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
99131b8c4c14ec1e6b14a4b2316c417f

SHA1
c12f33ca11fd8a356987c87bd143857b12fc7588

SHA256
66122d40cf0a10ec6f547394bae2696cb26a842604f25f84a946d4203b10ba44

SHA512
7e7e0b5c7c02aa6f9b49737a3d244a4796a87c8676ccab43c64ab65d8c93728a558a66227f34712cd33deafcd95f62d82212ecadd08ad41029dea2b8dfc440aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Protect32.dll

Filesize
634KB

MD5
4a647d989a49725ff6617de8357be484

SHA1
2e8f72c54edfd71ca7e3c7fad545ae73a305ca7e

SHA256
9c86108e34a3d07890551e35bf497da052ce21cab0ba4ec10ccd439001b5892b

SHA512
29f2813ec799d66c4c702b656fd621be0d1a8389d8fb2ae7f3fcbb3dc5e7d1619b75bc92f369200e02a95c02da22223cbf0e520796bd5b5cbd2689e5d382d395

Download Submit
C:\Users\Admin\AppData\Local\Temp\Protect32.dll

Filesize
634KB

MD5
4a647d989a49725ff6617de8357be484

SHA1
2e8f72c54edfd71ca7e3c7fad545ae73a305ca7e

SHA256
9c86108e34a3d07890551e35bf497da052ce21cab0ba4ec10ccd439001b5892b

SHA512
29f2813ec799d66c4c702b656fd621be0d1a8389d8fb2ae7f3fcbb3dc5e7d1619b75bc92f369200e02a95c02da22223cbf0e520796bd5b5cbd2689e5d382d395

Download Submit
C:\Users\Admin\AppData\Local\Temp\VikaRT32.dll

Filesize
580KB

MD5
513e7845d06db10b2d639370d94767ec

SHA1
967df05e9d8bf431962fb28a771667462211672a

SHA256
d67906f22f3ab191f9774a48977c9a765582c948a37c595bd299db3c8f465f13

SHA512
698eb74eab94485371cff4ecb4f31c42ec27490aba25513b85b9d509313617936efaf170e93d40ec40a550076f43340955289bfbd40decc765d5891bb2cd97cc

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\ml.xspf

Filesize
304B

MD5
781602441469750c3219c8c38b515ed4

SHA1
e885acd1cbd0b897ebcedbb145bef1c330f80595

SHA256
81970dbe581373d14fbd451ac4b3f96e5f69b79645f1ee1ca715cff3af0bf20d

SHA512
2b0a1717d96edb47bdf0ffeb250a5ec11f7d0638d3e0a62fbe48c064379b473ca88ffbececb32a72129d06c040b107834f1004ccda5f0f35b8c3588034786461

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\ml.xspf.tmp324

Filesize
304B

MD5
781602441469750c3219c8c38b515ed4

SHA1
e885acd1cbd0b897ebcedbb145bef1c330f80595

SHA256
81970dbe581373d14fbd451ac4b3f96e5f69b79645f1ee1ca715cff3af0bf20d

SHA512
2b0a1717d96edb47bdf0ffeb250a5ec11f7d0638d3e0a62fbe48c064379b473ca88ffbececb32a72129d06c040b107834f1004ccda5f0f35b8c3588034786461

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
632B

MD5
ccbf925f92ddf0b7382e33dfce602d03

SHA1
a9ad04a6b440628b7f8860bbe1284f5361e10e50

SHA256
23d4db3f58a557371c5b155064677b152c347d678be9a03c767a71d512892f23

SHA512
862d375726039680d4e29adbddf14a73d580942965480009a14df731c5bbdf7e49d881c39f2fe88fb13960bbe65643e1bb1784c5345932be0081b6fcb538e42c

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
675B

MD5
48dba9d1d935cc7df681afc217b29b03

SHA1
c07eb557eb59e13fb80a29ba384cc258a6fe3fa2

SHA256
adc8d3269b2fb7634e1c5ec23d74384ac8d6884e2d7aac9a8f28cb542ce7d499

SHA512
467e58f1f463ff1a371203987d68447240157ecfe21c05385ec63f440cfa451fd31d41475cd76ae5c50af3f39930c3a24e611e2f3e8084b0d497a44d8bc31240

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlcrc

Filesize
93KB

MD5
478a4a09f4f74e97335cd4d5e9da7ab5

SHA1
3c4f1dc52a293f079095d0b0370428ec8e8f9315

SHA256
884b59950669842f3c45e6da3480cd9a553538b951fb155b435b48ff38683974

SHA512
e96719663cd264132a8e1ea8c3f8a148c778a0c68caa2468ba47629393605b197dd9e00efad91f389de9fcc77b04981a0cf87f785f3c645cdc9e4ebd98060ca1

Download Submit
C:\Users\Admin\Downloads\02118409643dbdad9710c6571b02130e.7z

Filesize
666KB

MD5
59fb1de343c15aabbcff6dac85596edd

SHA1
54a70205d03ea52d95f8f53b7587130c655c3d7b

SHA256
756fbdd52013f7dfa87169d4162f9d980ffe296201722c97125907cc88266afa

SHA512
ab53824b889562b29e7315b2af10aa5d4f0a4e3996ab6ad2e5677d026772d3859b68f335c72a83eb9a7a98add8e2dc89ab286a77414b422da6825fa98a3fd691

Download Submit
C:\Users\Admin\Downloads\02118409643dbdad9710c6571b02130e.7z.crdownload

Filesize
666KB

MD5
59fb1de343c15aabbcff6dac85596edd

SHA1
54a70205d03ea52d95f8f53b7587130c655c3d7b

SHA256
756fbdd52013f7dfa87169d4162f9d980ffe296201722c97125907cc88266afa

SHA512
ab53824b889562b29e7315b2af10aa5d4f0a4e3996ab6ad2e5677d026772d3859b68f335c72a83eb9a7a98add8e2dc89ab286a77414b422da6825fa98a3fd691

Download Submit
C:\Users\Admin\Downloads\02118409643dbdad9710c6571b02130e\02118409643dbdad9710c6571b02130e

Filesize
753KB

MD5
02118409643dbdad9710c6571b02130e

SHA1
8a5eb3b9980ca91406ba00c926f64a834acc11f8

SHA256
9355d983c76ed660b0c6cb8d1e6583852a07a2c5095e26f84d58bd3569dd71af

SHA512
b004c513707903c4e7f9d39ba932fe621e47413301c3c8cd1d9643d7e192eea50745af848f8a715b59b6db186ac43109a180ef1d513ced733182937eea8e73fc

Download Submit
C:\Users\Admin\Downloads\BlackGuard Stealer Builder.7z

Filesize
31.6MB

MD5
29df20c3ab674d32dbff4ad9d2cae227

SHA1
53b1252248cf35260f31243e7167486a6ceb508f

SHA256
dfea5761c13795a4eac03f0e150f92eae0c7fd2b1be234bc53cf3726f8aacdbd

SHA512
da31410916079c47fdc55cf66e7a98240a85fc785ece94c252c81a11814756af7ca1b8900065d62559a912ddb554a76e79447ca7ffdf6ac6ddc54a694c3f35e1

Download Submit
C:\Users\Admin\Downloads\BlackGuard Stealer Builder\BlackGuard Stealer Builder\Builder\Builder.exe

Filesize
9.7MB

MD5
11ee415ffe942a18f5429802a56b5a08

SHA1
1536b8d10f827c2a483d9b4c7423b3ae9b35772a

SHA256
8556a420ce8441261c575e1f030ad2d90a69d08bae576f7db921dd727925a291

SHA512
0c984827933e8e6fcc2ac4f64bef598cab884c9cbb8da4376e9beb9c030dc57c54e72f25a6ec25acbb07472f19fe4639ceefa20627775ad828b23740411737b7

Download Submit
C:\Users\Admin\Downloads\BlackGuard Stealer Builder\BlackGuard Stealer Builder\Builder\Builder.exe

Filesize
9.7MB

MD5
11ee415ffe942a18f5429802a56b5a08

SHA1
1536b8d10f827c2a483d9b4c7423b3ae9b35772a

SHA256
8556a420ce8441261c575e1f030ad2d90a69d08bae576f7db921dd727925a291

SHA512
0c984827933e8e6fcc2ac4f64bef598cab884c9cbb8da4376e9beb9c030dc57c54e72f25a6ec25acbb07472f19fe4639ceefa20627775ad828b23740411737b7

Download Submit
C:\Users\Admin\Downloads\BlackGuard Stealer Builder\BlackGuard Stealer Builder\Builder\dnlib.dll

Filesize
1.1MB

MD5
de0069c4097c987bd30ebe8155a8af35

SHA1
aced007f4d852d7b84c689a92d9c36e24381d375

SHA256
83445595d38a8e33513b33dfc201983af4746e5327c9bed470a6282d91d539b6

SHA512
66c45818e5c555e5250f8250ea704bc4ca32ddb4d5824c852ae5dc0f264b009af73c7c1e0db1b74c14ee6b612608d939386da23b56520cac415cd5a8f60a5502

Download Submit
C:\Users\Admin\Downloads\BlackGuard Stealer Builder\BlackGuard Stealer Builder\Builder\dnlib.dll

Filesize
1.1MB

MD5
de0069c4097c987bd30ebe8155a8af35

SHA1
aced007f4d852d7b84c689a92d9c36e24381d375

SHA256
83445595d38a8e33513b33dfc201983af4746e5327c9bed470a6282d91d539b6

SHA512
66c45818e5c555e5250f8250ea704bc4ca32ddb4d5824c852ae5dc0f264b009af73c7c1e0db1b74c14ee6b612608d939386da23b56520cac415cd5a8f60a5502

Download Submit
C:\Users\Admin\Downloads\BlackGuard Stealer Builder\BlackGuard Stealer Builder\Builder\dnlib.dll

Filesize
1.1MB

MD5
de0069c4097c987bd30ebe8155a8af35

SHA1
aced007f4d852d7b84c689a92d9c36e24381d375

SHA256
83445595d38a8e33513b33dfc201983af4746e5327c9bed470a6282d91d539b6

SHA512
66c45818e5c555e5250f8250ea704bc4ca32ddb4d5824c852ae5dc0f264b009af73c7c1e0db1b74c14ee6b612608d939386da23b56520cac415cd5a8f60a5502

Download Submit
C:\Users\Admin\Downloads\BlackGuard Stealer Builder\BlackGuard Stealer Builder\Panel\bd.sql

Filesize
3KB

MD5
d279d358ffefbd4f69c5a4a1edebc0af

SHA1
c74a76c05face92f482cec09e49b63274d0d04f0

SHA256
b06ef22393a300ea18084439397529d6f8952105688621490bb0c2dc6d2eb5f5

SHA512
a1ab3cfd24f10ede2b85d738f852f0d0ce6089f6c105c2965d3cb62a7ee34a50a56536f730a34db3bb677dc01275f3bb31e26f18b1399d9ffd76f04d14dd7765

Download Submit
C:\Users\Admin\Downloads\BlackGuard Stealer Builder\BlackGuard Stealer Builder\Panel\www\img\famfamfam-countryflags\re.gif

Filesize
366B

MD5
0a4673b07b377d1f58230f40f256d890

SHA1
7e36554ade83e484899a73946ce5e59a4b9fb6e6

SHA256
e2016ab933817845c6bca46de5c80793c2e3baa94fdd467589a0ca47ebdb9676

SHA512
1724e9e368bf09377878b4674cddf56e1cb7d31a6e86d8be747480365d6bd10b0ff118e6a525090f196c1113c4344792725b79f6ba3dcc10e66a84fbf726da1f

Download Submit
C:\Users\Admin\Downloads\BlackGuard Stealer Builder\BlackGuard Stealer Builder\Panel\www\img\famfamfam-countryflags\sj.gif

Filesize
376B

MD5
bbc9011e876a122ea89923e6b730ec50

SHA1
7398e4ba0fd8d122eaa2e4c807345f611d6a7594

SHA256
019bdfaed643674542f71514948050b099901534673a2b5d80a472f1f1a88dfd

SHA512
141810a6dcc436864b41667064f06dc188e6847fe745f85a65003430ec2608490a43fb6f6adca68994c21da90ffef2d08c0890d4f2b3b527246c6270559563d2

Download Submit
C:\Users\Admin\Downloads\BlackGuard Stealer Builder\BlackGuard Stealer Builder\Panel\www\panel\font-awesome.css

Filesize
36KB

MD5
c495654869785bc3df60216616814ad1

SHA1
0140952c64e3f2b74ef64e050f2fe86eab6624c8

SHA256
36e0a7e08bee65774168528938072c536437669c1b7458ac77976ec788e4439c

SHA512
e40f27c1d30e5ab4b3db47c3b2373381489d50147c9623d853e5b299364fd65998f46e8e73b1e566fd79e97aa7b20354cd3c8c79f15372c147fed9c913ffb106

Download Submit
C:\Users\Admin\Downloads\BlackGuard Stealer Builder\BlackGuard Stealer Builder\Panel\www\panel\img\famfamfam-countryflags\au.gif

Filesize
378B

MD5
1fe85ab1104e05f5a26efa5bbcd1cf18

SHA1
3dc73195ca141c933931a6447468dd1b6fb73301

SHA256
6a86e7a3e4bda011deb945b4168e01c5435efcb9cc41c00efbd5fe464dbb65db

SHA512
e9a86a9d745fbf255360af58785166174ceb54b7f9d91ba4d9085c7f7d3173723d0b8846146a85668bc88c36f82a3d1ee0ab1c067bcad4cb9bccb8a46306861d

Download Submit
C:\Users\Admin\Downloads\BlackGuard Stealer Builder\BlackGuard Stealer Builder\bandicam 2022-05-12 17-09-20-649.mp4

Filesize
43.0MB

MD5
b00d387b39cf7ac870e38db2e3e8f378

SHA1
62daf2dbdd2235c8018046f493fbc09476338fb1

SHA256
ea711ccefa4b4167e8260688ee347810787608e868bb2da7c2bb9b36398b390b

SHA512
e556ff9cce0ca366ce6fb4ec60e26170e8556964a715646d019332496959bc0997b6fcf35597b5cd3cb5e59ef7fc31cde594cddf44c26c7d73ff542c95a57411

Download Submit
C:\Users\Admin\Downloads\BlackGuard Stealer Builder\BlackGuard Stealer Builder\Установка.txt

Filesize
1KB

MD5
0b401932b6cb4342013c3460eea5b519

SHA1
46740479a2b089e487145110ef917935e27e6549

SHA256
542dafeeb22e16e5123cd8aeeb40b998f6feeee30246aeffb6e7159f6733c648

SHA512
41058bc1630a9c689f72beebcad19cc97c2d95ed18347e67adfe1249d1d386338b613494ad550beb9d7ce0b0ec2668aaf8a11255445a7d77cc5913c0a0cb3d1e

Download Submit
memory/2136-2150-0x0000000005F60000-0x0000000005F70000-memory.dmp

Filesize
64KB

Download
memory/2136-2137-0x0000000005F60000-0x0000000005F70000-memory.dmp

Filesize
64KB

Download
memory/2136-2151-0x0000000005F60000-0x0000000005F70000-memory.dmp

Filesize
64KB

Download
memory/2136-2152-0x0000000005F60000-0x0000000005F70000-memory.dmp

Filesize
64KB

Download
memory/2136-2153-0x0000000005F60000-0x0000000005F70000-memory.dmp

Filesize
64KB

Download
memory/2136-2148-0x0000000006260000-0x000000000637E000-memory.dmp

Filesize
1.1MB

Download
memory/2136-2149-0x0000000005F70000-0x0000000006070000-memory.dmp

Filesize
1024KB

Download
memory/2136-2140-0x0000000005F60000-0x0000000005F70000-memory.dmp

Filesize
64KB

Download
memory/2136-2154-0x0000000005F60000-0x0000000005F70000-memory.dmp

Filesize
64KB

Download
memory/2136-2139-0x0000000005F60000-0x0000000005F70000-memory.dmp

Filesize
64KB

Download
memory/2136-2138-0x00000000752E0000-0x0000000075A90000-memory.dmp

Filesize
7.7MB

Download
memory/2136-3748-0x00000000752E0000-0x0000000075A90000-memory.dmp

Filesize
7.7MB

Download
memory/2136-2136-0x0000000005F60000-0x0000000005F70000-memory.dmp

Filesize
64KB

Download
memory/2136-2135-0x0000000005F60000-0x0000000005F70000-memory.dmp

Filesize
64KB

Download
memory/2136-2134-0x0000000005F60000-0x0000000005F70000-memory.dmp

Filesize
64KB

Download
memory/2136-2155-0x0000000005F60000-0x0000000005F70000-memory.dmp

Filesize
64KB

Download
memory/2136-2156-0x0000000005F60000-0x0000000005F70000-memory.dmp

Filesize
64KB

Download
memory/2136-2118-0x0000000000AA0000-0x0000000001456000-memory.dmp

Filesize
9.7MB

Download
memory/2136-2117-0x00000000752E0000-0x0000000075A90000-memory.dmp

Filesize
7.7MB

Download
memory/2136-2157-0x0000000005F60000-0x0000000005F70000-memory.dmp

Filesize
64KB

Download
memory/2136-2158-0x0000000005F70000-0x0000000006070000-memory.dmp

Filesize
1024KB

Download
memory/3880-1646-0x00007FF835190000-0x00007FF8351A7000-memory.dmp

Filesize
92KB

Download
memory/3880-1700-0x00007FF81FB20000-0x00007FF81FB4A000-memory.dmp

Filesize
168KB

Download
memory/3880-1697-0x00007FF81FC70000-0x00007FF81FC93000-memory.dmp

Filesize
140KB

Download
memory/3880-1695-0x00007FF81FCC0000-0x00007FF81FE3A000-memory.dmp

Filesize
1.5MB

Download
memory/3880-1690-0x00007FF8200E0000-0x00007FF820130000-memory.dmp

Filesize
320KB

Download
memory/3880-1682-0x00007FF83C560000-0x00007FF83C571000-memory.dmp

Filesize
68KB

Download
memory/3880-1684-0x00007FF8202B0000-0x00007FF820375000-memory.dmp

Filesize
788KB

Download
memory/3880-1681-0x00007FF83ACB0000-0x00007FF83ACDF000-memory.dmp

Filesize
188KB

Download
memory/3880-1701-0x00007FF81FB00000-0x00007FF81FB13000-memory.dmp

Filesize
76KB

Download
memory/3880-1703-0x00007FF81FAC0000-0x00007FF81FAD2000-memory.dmp

Filesize
72KB

Download
memory/3880-1705-0x00007FF81FA80000-0x00007FF81FA93000-memory.dmp

Filesize
76KB

Download
memory/3880-1707-0x00007FF81FA40000-0x00007FF81FA52000-memory.dmp

Filesize
72KB

Download
memory/3880-1706-0x00007FF81FA60000-0x00007FF81FA74000-memory.dmp

Filesize
80KB

Download
memory/3880-1704-0x00007FF81FAA0000-0x00007FF81FAB5000-memory.dmp

Filesize
84KB

Download
memory/3880-1702-0x00007FF81FAE0000-0x00007FF81FAFB000-memory.dmp

Filesize
108KB

Download
memory/3880-1699-0x00007FF81FB50000-0x00007FF81FC44000-memory.dmp

Filesize
976KB

Download
memory/3880-1698-0x00007FF81FC50000-0x00007FF81FC63000-memory.dmp

Filesize
76KB

Download
memory/3880-1696-0x00007FF81FCA0000-0x00007FF81FCB5000-memory.dmp

Filesize
84KB

Download
memory/3880-1692-0x00007FF81FEA0000-0x00007FF8200BD000-memory.dmp

Filesize
2.1MB

Download
memory/3880-1693-0x00007FF81FE60000-0x00007FF81FE71000-memory.dmp

Filesize
68KB

Download
memory/3880-1694-0x00007FF81FE40000-0x00007FF81FE52000-memory.dmp

Filesize
72KB

Download
memory/3880-1691-0x00007FF8200C0000-0x00007FF8200D5000-memory.dmp

Filesize
84KB

Download
memory/3880-1688-0x00007FF824150000-0x00007FF824163000-memory.dmp

Filesize
76KB

Download
memory/3880-1689-0x00007FF820130000-0x00007FF820144000-memory.dmp

Filesize
80KB

Download
memory/3880-1686-0x00007FF8201C0000-0x00007FF820222000-memory.dmp

Filesize
392KB

Download
memory/3880-1687-0x00007FF820150000-0x00007FF8201BD000-memory.dmp

Filesize
436KB

Download
memory/3880-1683-0x00007FF826620000-0x00007FF826636000-memory.dmp

Filesize
88KB

Download
memory/3880-1685-0x00007FF820230000-0x00007FF8202A5000-memory.dmp

Filesize
468KB

Download
memory/3880-1680-0x00007FF83C580000-0x00007FF83C590000-memory.dmp

Filesize
64KB

Download
memory/3880-1679-0x00007FF816A50000-0x00007FF818200000-memory.dmp

Filesize
23.7MB

Download
memory/3880-1657-0x00007FF82FC80000-0x00007FF82FCA1000-memory.dmp

Filesize
132KB

Download
memory/3880-1659-0x00007FF82FC60000-0x00007FF82FC71000-memory.dmp

Filesize
68KB

Download
memory/3880-1678-0x000002A7B9750000-0x000002A7B999B000-memory.dmp

Filesize
2.3MB

Download
memory/3880-1660-0x00007FF82FB00000-0x00007FF82FB11000-memory.dmp

Filesize
68KB

Download
memory/3880-1661-0x00007FF82E3D0000-0x00007FF82E3E1000-memory.dmp

Filesize
68KB

Download
memory/3880-1674-0x00007FF83C640000-0x00007FF83C682000-memory.dmp

Filesize
264KB

Download
memory/3880-1672-0x00007FF820740000-0x00007FF8208B0000-memory.dmp

Filesize
1.4MB

Download
memory/3880-1677-0x00007FF83C590000-0x00007FF83C5E7000-memory.dmp

Filesize
348KB

Download
memory/3880-1673-0x00007FF83C690000-0x00007FF83C6A2000-memory.dmp

Filesize
72KB

Download
memory/3880-1676-0x00007FF8205D0000-0x00007FF82073B000-memory.dmp

Filesize
1.4MB

Download
memory/3880-1675-0x00007FF83C5F0000-0x00007FF83C63C000-memory.dmp

Filesize
304KB

Download
memory/3880-1662-0x00007FF82C320000-0x00007FF82C33B000-memory.dmp

Filesize
108KB

Download
memory/3880-1663-0x00007FF82BCC0000-0x00007FF82BCD1000-memory.dmp

Filesize
68KB

Download
memory/3880-1667-0x00007FF820A90000-0x00007FF820AFF000-memory.dmp

Filesize
444KB

Download
memory/3880-1671-0x00007FF826780000-0x00007FF826797000-memory.dmp

Filesize
92KB

Download
memory/3880-1670-0x00007FF8208B0000-0x00007FF820A28000-memory.dmp

Filesize
1.5MB

Download
memory/3880-1668-0x00007FF82B900000-0x00007FF82B911000-memory.dmp

Filesize
68KB

Download
memory/3880-1669-0x00007FF820A30000-0x00007FF820A86000-memory.dmp

Filesize
344KB

Download
memory/3880-1666-0x00007FF820B00000-0x00007FF820B67000-memory.dmp

Filesize
412KB

Download
memory/3880-1664-0x00007FF82BCA0000-0x00007FF82BCB8000-memory.dmp

Filesize
96KB

Download
memory/3880-1665-0x00007FF82BC70000-0x00007FF82BCA0000-memory.dmp

Filesize
192KB

Download
memory/3880-1658-0x00007FF834570000-0x00007FF834588000-memory.dmp

Filesize
96KB

Download
memory/3880-1656-0x00007FF834850000-0x00007FF83488F000-memory.dmp

Filesize
252KB

Download
memory/3880-1653-0x00007FF820B70000-0x00007FF821C1B000-memory.dmp

Filesize
16.7MB

Download
memory/3880-1645-0x00007FF835450000-0x00007FF835468000-memory.dmp

Filesize
96KB

Download
memory/3880-1647-0x00007FF835050000-0x00007FF835061000-memory.dmp

Filesize
68KB

Download
memory/3880-1648-0x00007FF834B00000-0x00007FF834B17000-memory.dmp

Filesize
92KB

Download
memory/3880-1649-0x00007FF834AE0000-0x00007FF834AF1000-memory.dmp

Filesize
68KB

Download
memory/3880-1652-0x00007FF821C20000-0x00007FF821E20000-memory.dmp

Filesize
2.0MB

Download
memory/3880-1650-0x00007FF834AC0000-0x00007FF834ADD000-memory.dmp

Filesize
116KB

Download
memory/3880-1651-0x00007FF834AA0000-0x00007FF834AB1000-memory.dmp

Filesize
68KB

Download
memory/3880-1644-0x00007FF822580000-0x00007FF822834000-memory.dmp

Filesize
2.7MB

Download
memory/3880-1643-0x00007FF834B80000-0x00007FF834BB4000-memory.dmp

Filesize
208KB

Download
memory/3880-1642-0x00007FF66CDC0000-0x00007FF66CEB8000-memory.dmp

Filesize
992KB

Download