Analysis Overview
SHA256
55bb67ac55ddcf9de96fd17f50506d9f8a9b16895c8299ce91f8f226fa3eb18e
Threat Level: Known bad
The file BlackLoader Setup 9.8.0.exe was found to be: Known bad.
Malicious Activity Summary
Rhadamanthys
Suspicious use of NtCreateUserProcessOtherParentProcess
Executes dropped EXE
Loads dropped DLL
Checks installed software on the system
Suspicious use of SetThreadContext
Enumerates physical storage devices
Program crash
Unsigned PE
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Modifies system certificate store
Enumerates processes with tasklist
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-10 22:26
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-10 22:24
Reported
2024-02-10 22:34
Platform
win11-20231215-en
Max time kernel
455s
Max time network
448s
Command Line
Signatures
Rhadamanthys
Suspicious use of NtCreateUserProcessOtherParentProcess
| Description | Indicator | Process | Target |
| PID 672 created 2564 | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | C:\Windows\system32\sihost.exe |
| PID 3944 created 2564 | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | C:\Windows\system32\sihost.exe |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader6.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\BlackLoader110.exe | N/A |
Loads dropped DLL
Checks installed software on the system
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 1788 set thread context of 672 | N/A | C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader6.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| PID 3112 set thread context of 3944 | N/A | C:\Users\Admin\AppData\Local\Temp\BlackLoader110.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Enumerates physical storage devices
Program crash
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 | C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 5c0000000100000004000000000800001900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d040000000100000010000000410352dc0ff7501b16f0028eba6f45c520000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 | C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\sihost.exe
sihost.exe
C:\Users\Admin\AppData\Local\Temp\BlackLoader Setup 9.8.0.exe
"C:\Users\Admin\AppData\Local\Temp\BlackLoader Setup 9.8.0.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq BlackLoader.exe" | %SYSTEMROOT%\System32\find.exe "BlackLoader.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq BlackLoader.exe"
C:\Windows\SysWOW64\find.exe
C:\Windows\System32\find.exe "BlackLoader.exe"
C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe
"C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe"
C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe
"C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\BlackLoader" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1472 --field-trial-handle=1716,i,4567132502202351418,3498143384547615895,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe
"C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\BlackLoader" --app-path="C:\Users\Admin\AppData\Local\Programs\BlackLoader\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2268 --field-trial-handle=1716,i,4567132502202351418,3498143384547615895,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe
"C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\BlackLoader" --mojo-platform-channel-handle=1724 --field-trial-handle=1716,i,4567132502202351418,3498143384547615895,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "BlackLoader6.exe"
C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader6.exe
BlackLoader6.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Users\Admin\AppData\Local\Temp\BlackLoader110.exe"
C:\Users\Admin\AppData\Local\Temp\BlackLoader110.exe
C:\Users\Admin\AppData\Local\Temp\BlackLoader110.exe
C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe
"C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-data-dir="C:\Users\Admin\AppData\Roaming\BlackLoader" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=892 --field-trial-handle=1716,i,4567132502202351418,3498143384547615895,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\dialer.exe
"C:\Windows\system32\dialer.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 672 -ip 672
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 672 -s 524
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 672 -ip 672
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 672 -s 548
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\dialer.exe
"C:\Windows\system32\dialer.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 3944 -ip 3944
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 524
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 3944 -ip 3944
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 520
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | swapinclick.com | udp |
| FR | 195.35.49.154:443 | swapinclick.com | tcp |
| US | 8.8.8.8:53 | 154.49.35.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 96.17.179.184:80 | apps.identrust.com | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 35.173.69.207:443 | tcp | |
| FR | 195.35.49.154:443 | swapinclick.com | udp |
| US | 35.173.69.207:443 | tcp | |
| FR | 195.35.49.154:443 | swapinclick.com | udp |
Files
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\SpiderBanner.dll
| MD5 | 17309e33b596ba3a5693b4d3e85cf8d7 |
| SHA1 | 7d361836cf53df42021c7f2b148aec9458818c01 |
| SHA256 | 996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93 |
| SHA512 | 1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298 |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\nsExec.dll
| MD5 | ec0504e6b8a11d5aad43b296beeb84b2 |
| SHA1 | 91b5ce085130c8c7194d66b2439ec9e1c206497c |
| SHA256 | 5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962 |
| SHA512 | 3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57 |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe
| MD5 | 4e40b9548d950396700efe37c07f70cf |
| SHA1 | 7795250fa417222a0d4acf7f8ca55ad8736d7b99 |
| SHA256 | cff4260500989c91cc66277e75da16b8a99fdc274f07c349de154b712f2afebf |
| SHA512 | f670ccb2449344e9b57515429f5de6406cddfb47406f20fd9c8cd642687b02756e13bb4955a71e92342d42f2dd62bf062730c87899cc1cfac7c17fd93542efff |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\chrome_100_percent.pak
| MD5 | d31f3439e2a3f7bee4ddd26f46a2b83f |
| SHA1 | c5a26f86eb119ae364c5bf707bebed7e871fc214 |
| SHA256 | 9f79f46ca911543ead096a5ee28a34bf1fbe56ec9ba956032a6a2892b254857e |
| SHA512 | aa27c97bf5581eb3f5e88f112df8bfb6a5283ce44eb13fbc41855008f84fb5b111dfe0616c310c3642b7f8ac99623d7c217aecc353f54f4d8f7042840099abc5 |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\ffmpeg.dll
| MD5 | 4396b172a55f389ad77f744d019a1f02 |
| SHA1 | 813dc27cc325c5200d96d8a473b10081e40b5109 |
| SHA256 | 33ae931547b680bf6b26bad3e4ff379becff47df63a178d6d37974c3a70bb320 |
| SHA512 | 9e44a67fd31f77a98833b175bfa5f884c326b6f96a24c0932dcca502a2aadbfdf599ca15174984ea19a0bebf94b5bf72c9abd35f316a06fad929dd4350582d53 |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\d3dcompiler_47.dll
| MD5 | b71bff197406bd414ffbafb081f03ad5 |
| SHA1 | 13a8e3b76cbebc051a0360a06bc15c909e062b6e |
| SHA256 | e89d41444c76618966b2bfe8f0b65a818f1681221c9179372705cccc82eb467a |
| SHA512 | c76678dfff38151fafc22f6e94298c32dbf7f24055d620f39435e36cacf762a9e9e45c555ed02038bbf1ac98d0f535a20c5e755b45fa91d06c90af9ae6b0ca32 |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\chrome_200_percent.pak
| MD5 | 5604b67e3f03ab2741f910a250c91137 |
| SHA1 | a4bb15ac7914c22575f1051a29c448f215fe027f |
| SHA256 | 1408387e87cb5308530def6ce57bdc4e0abbbaa9e70f687fd6c3a02a56a0536c |
| SHA512 | 5e6f875068792e862b1fc8bb7b340ac0f1f4c51e53e50be81a5af8575ca3591f4e7eb9239890178b17c5a8ff4ebb23719190d7db0bd8a9aa6dcb4308ffa9a34d |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\icudtl.dat
| MD5 | 7153389eab63afaaf0ade10152d5bf4c |
| SHA1 | 639fa4b31f73e5d0c10ceb5ac7dcd7e998e5bd8a |
| SHA256 | 63f60c6a0d7395f3c2444e97bcebfc3fe893091e7f0a5861dcc6a8221b6856fe |
| SHA512 | 95583baeb565aea8ac940a2e3dd72882a3fac840498f2c2c043407396a099ff7ddb0eef88772706acdd5e7e64c51bfcc43f84db75ceb96fb7a2622aa8f1cea8d |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\libEGL.dll
| MD5 | 637eeb39ddbeb3ff518ff1988604505f |
| SHA1 | 8b3d9a0d542718fb906f8fafb2583d7bb53176ef |
| SHA256 | 3c51a8e53ef7473e9a335673e909dc9c67bf962997e6e2a319c3bd70fd52b4ed |
| SHA512 | 3257f9c96665f1bc8bb39acd0d98015b7d5e32f3cf3f84e795df4d19f6bd3bcc14a4e89759cc0de83289b79cd290fd5f4b176c3e9a4cb2eca3acfba0c9e232df |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\libGLESv2.dll
| MD5 | 6e9fce1423137e231da0cfa1ce46fc81 |
| SHA1 | 1fa6626f52c8c716ab277d6d555fa208c96a92ea |
| SHA256 | 1972128ccc6211c949a141e0c44b3cd41b07834be2ecfeaa2321f89d56e71049 |
| SHA512 | 55b4b81e8dd2ce6632a4c4874216f51017f01734f6aea1df47cb4f0ef3d5cb318789c82b7b73392e54fc7447dfa0e32b1c499e5d468c8bd40eb0e2b4bfc6755e |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\LICENSE.electron.txt
| MD5 | 4d42118d35941e0f664dddbd83f633c5 |
| SHA1 | 2b21ec5f20fe961d15f2b58efb1368e66d202e5c |
| SHA256 | 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d |
| SHA512 | 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63 |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\LICENSES.chromium.html
| MD5 | 48876275bf08cc1fdd65ba85ee2f1d05 |
| SHA1 | 2636925db981085d03dcfefc0059b0b30d6ccdb1 |
| SHA256 | dd368babcf98300e7d0524acf151950cc2006783370897b7872aa37ffce89b23 |
| SHA512 | 93eab31f1aa499d7513222b987430913bf842fe627523b7a70713b63e359d372519dff4edf4303cd3cd5a93534e3f4688c8955826609702b740a1a48795e5f55 |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\resources.pak
| MD5 | cc552bf86ea8c33d5164fbcd66ff3396 |
| SHA1 | 2ff4bae55520f8719f3d6181f364b2793bb48eeb |
| SHA256 | cd27d0a67c1d73ea67c51af402c1195f65dc626edc704223890d3aea2f4310e1 |
| SHA512 | 83b71ecd19c6245c745702489c4f1428ed7f9726eb88c1459295f3957048304d250a68f4c23da8c2be2235540024153be2dbaa810c25cab7a6cda1ac955393a4 |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\v8_context_snapshot.bin
| MD5 | 031ea03da08fe1247280cfe781658791 |
| SHA1 | e91db50ad16b5a5fbbaf4118672d60b347ea6161 |
| SHA256 | c16dcec41919a6d2850214f2275824be8a97d8c5e694e2ec8dd7d16ab2d5015c |
| SHA512 | b3d6f282761f8ab8760728ecb108f64741f6f3cd2a143813042ff63a3b6604fcfe7c1feabafb65f9f67906217edb5851f44605a34f7a50ed2058c25ce5efb30a |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\snapshot_blob.bin
| MD5 | b82ff216a0babf602940759b9a3af870 |
| SHA1 | 07e8a22dcf8d7be04a6ddbcab3098e040494bb0e |
| SHA256 | 943b27009d41801c5a649caf680e32d4dd25de002787a4ccd86b0925b3aac3a5 |
| SHA512 | da157570afbab7be135f7749df7f4518df1452ea24f98d8f5189430e732ad06ed438afc701cb70451bbc7137b5f35a0c5957df92ecb40d47d54c1071ea79fba1 |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\af.pak
| MD5 | 198092a7a82efced4d59715bd3e41703 |
| SHA1 | ac3cdfba133330fce825816b2f9579ac240dc176 |
| SHA256 | d63222c4a20fa9741f5262634cf9751f22fbb4fcd9d3138d7c8d49e0efb57fba |
| SHA512 | 590dcc02bc3411fa585321a09f2033ca1839dd67b083622be412d60683c2c086aac81a27bc56029101f6158515cc6ae4def39d3f246b7499b30d02690904af0d |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\vulkan-1.dll
| MD5 | 8bc92d032251f1283372dd34bfbc3e1f |
| SHA1 | af24bc9609c601f519032372e082967acae3d12f |
| SHA256 | 6858691564c26c6db61c2a9bc7f5176d32fef933f722a8d658c83252be9e6295 |
| SHA512 | 5cdbbff2095aea58a1b1fd66e5ca094e06ba574783f51e1365e7f48e325fc7e696c384950cb233d6441a3418adb2761c420f40fba5e969657a5dac93348e1b86 |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\bn.pak
| MD5 | 4ca41a2a019e5c1b0b218a25a36d9e73 |
| SHA1 | 873bcef920f23ed5cddc794bd55bc72d4d988afb |
| SHA256 | 10bcc70b045d51266fe6c2a04b8369e4c0ab170bd6d38a3c8f368d275ac66b5a |
| SHA512 | d99a455369918db452e0dc79c8202d78568244c67c5460f01b7a14250817f8e8487bb1b6b0cd75a1098fb5120be98e3f5412f63899685fbe230da4999014e06f |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\bg.pak
| MD5 | 9dc95c3b9b47cc9fe5a34b2aab2d4d01 |
| SHA1 | bc19494d160e4af6abd0a10c5adbc8114d50a714 |
| SHA256 | fc4a59ea60d04b224765be4916090e97ed8ddda6b136a92a3827ed0fcc64bb0e |
| SHA512 | a05a506a13ac4566ecbfe7961ace091295967ea4e72a2865e647b5fa9adac9f7cf5e80b53fae0e3917dfb0b9a3f469189cd595cc4ae9239d3a849f5cedd60e46 |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\ar.pak
| MD5 | 71f99d68dab1dabb847137093e05bda7 |
| SHA1 | 23f616bafcdf20b37647b9bfe9bb8bbe170f771f |
| SHA256 | b023f0f02580bbff1b4333b9ac68149e45cd109afc5e2cfc93ccf2f6d70a7be6 |
| SHA512 | 623eefd28cc084f20d582a86367b5c7e6a2ba7c719941097789b3b24397d32e4b776f59920829bb9c8033cac87fe204ddab93b884a465939ce6d6f85d7b667a6 |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\am.pak
| MD5 | e8989d501159bd2e98edc5e4dbc5a0aa |
| SHA1 | 62ec21328148054c26399b305a4edd75d65be64b |
| SHA256 | 6264f9a85609b09ef8c9ae1288a5f5dc0a131bb61a3c239b2cb7c90e1e4e96c4 |
| SHA512 | ce196727d1c91d3a39b3198d8d5eec1619aeffe3e68e6157d2d8f39dae810ed1930d4b40d292b0cc122d1e7f94a7415b8ce3f1590189fc497f4bb2431ca35f5c |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\vk_swiftshader.dll
| MD5 | ca20eb92f10f2503991e209ef5162ae7 |
| SHA1 | 5fe42f6c415c31d286f05adbdb4bf365c26fa834 |
| SHA256 | 901befbd4befe70340de2d585a430d4e643c2ecbec397dcab4d287fd292048f6 |
| SHA512 | 153a6f0be3ce6072b497a8ba3b245134c9e3a6aba2f3d32781dd2cc451b99e4d16946a99736bba0506dacc7bb324ab8418d9610fbfbdcd9224098b69143aa325 |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\cs.pak
| MD5 | ff919631102a3a9ec635b3080b63e305 |
| SHA1 | e43b117ad5b2d5b373321ab0ae63dd4bc1352a89 |
| SHA256 | 1b8c3add009028eb567b0094759daff29b7861e11d5a9d864071012200e9735a |
| SHA512 | 21833774413cc71ba9c0c592504ae6288e3c8ac4e5d1d62768f4b3eca09e90009abec5e8fadcb4e7d63b99a522ae48fd608aad432eb4165ec7021c8888ad7df1 |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\el.pak
| MD5 | 1dda55275041b09101fa6c2c8b114fe4 |
| SHA1 | 38c9e4c011bc1d6e7e000edbceacccd1c1cef69a |
| SHA256 | 6948ea52cd503318e6ace20bcddf8f0a58b54124a261c374fc84fb2e53ea519d |
| SHA512 | 08f1db516d4174de2aea2dc3259d325b27c5c112f60a9e9a41b197e757af24933b106ccde4b2f5f8d05bf1c25fa13f701cd3d0c5bd521796c6dc4d8c0560519c |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\en-GB.pak
| MD5 | 1d55fab4db736ff9b535fbd89c04439f |
| SHA1 | 78c926c43a213a7ab9f87b7feb2df740b12977b7 |
| SHA256 | 88a6dc2693c6ded9d162a9999b74922cba3c80c5f82c02e3eeef950e33998245 |
| SHA512 | 5496418e908efc4aacb956465083d33f7b8988260422e3e609f986860ef35749448aecbf149dce9018f7e7137b066d9706080e67e4cb71aee8e01a7d1c8fb332 |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\de.pak
| MD5 | de6e989070283dce390ab612a01226fe |
| SHA1 | b57d5ca62bdade8a110b17720048f20603bf5780 |
| SHA256 | 04ee1580ca680a9af658f955dbdf790d30d04a2dde6fe72c926140223da2624e |
| SHA512 | 8f8da5eb044804e2b7f46ae64a834b5c32be549ef02385023276cf3b465edb1b0418c115b40635f543bfda1dd0bc54911a24ab695aa9def6e2dd6d9733808ed5 |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\da.pak
| MD5 | 4bccba46add5ebaf6efd4ade3c42aed9 |
| SHA1 | e48dcc2de930bbf0ea8ee7b735ead321dadb5be8 |
| SHA256 | 2497368658a988e4eb3f64cd17423ea04e7555b104d43c8996c0ecbbfed5f74d |
| SHA512 | e2059e2a7f80353981eef6982a7da006fa3753aeba9aca5279eef71aa2fa4b7adbf9cbb17c85b8060359f9e871b1a5c665226f8d3b8a6fe49f908fd44e1b46bd |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\ca.pak
| MD5 | 0312c87b6436e733a037bfb3084f7550 |
| SHA1 | e3f30b8f3bfc8ddbf4b8f85f845733ed5ac8c632 |
| SHA256 | b6c895fbca90c36ae2cfefefda989922162a2cc259603fbca066f0cfbf43c4ff |
| SHA512 | 24b7780211b9dcaf7cbe3915851c7b873562e0cff022c29ca1b4e159b9da152b517305f81dd33712a0224fc3b77e594405e432fe5eecf29b7a4f83f441d6905e |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\es-419.pak
| MD5 | 62ebc8482d26d061f25c306b34931cdb |
| SHA1 | a5c3987a37a2ba849eb6dbeba9d4068e4f0c1d1d |
| SHA256 | 273745efc5af623c74cf84b50a5cf961ab313fff78f4090a55047c7be04110ff |
| SHA512 | 117c934c83e84cdcf483ab4f15e278bd54f9e3b55a443d40d542d26a04951d09fde4c38fe483f540aea48eb195722a883ca9e95f4dc710199f0b7671881ef338 |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\en-US.pak
| MD5 | 3f6f4b2c2f24e3893882cdaa1ccfe1a3 |
| SHA1 | b021cca30e774e0b91ee21b5beb030fea646098f |
| SHA256 | bb165eaa51456b52fcbdf7639ee727280e335a1f6b4cfb91afc45222895b564f |
| SHA512 | bd80ddaa87f41cde20527ff34817d98605f11b30a291e129478712ebebe47956dbd49a317d3eeb223adf736c34750b59b68ad9d646c661474ad69866d5a53c5c |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\et.pak
| MD5 | b746948aa7ef401cb2991ebdc946493e |
| SHA1 | 59d33d1cfff2d7789966f7d9d32d5a1471d9d75b |
| SHA256 | 22a7aca88eaadc24e3fe74c49810f97b426878bf2b54ae92f98e0ccdb02ff3bf |
| SHA512 | dcff275bb04f11a6690db63b54f6f3687ba8391d32d9f2bc869db3208ef41952ad8671a3fa6c040a62ec4df3977ea9b29e01cc799774ba76d22f79ac154a75ca |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\pl.pak
| MD5 | c0183314be5b379eea92d299dbefd53b |
| SHA1 | c9eb00978769d75c3ac71255fbec35207c3df0c0 |
| SHA256 | 29cd712ac9c09ec4189ce14cccc9eea9c35dfb6810b129a51723da0c1aa5c8d4 |
| SHA512 | d5be41d88be142040d510ed7a8581f70fa7db006fa962ec8d4682b06f949e13e7b3f5aa05b10d262e2afb5c5b27d5d62b624791d289e842aa810f9f8eca451b4 |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\sk.pak
| MD5 | 626fa9cc0e3de6a184bce3a4ac2b96b8 |
| SHA1 | db5126f10d14ae753e5f5d273566ddbc0a82e601 |
| SHA256 | dee84da5612a1eb7ef25e9203f90c5c7095b005dd20826f9ebae6a839bbc5d41 |
| SHA512 | 5a3f4596a80571beac4ed4186e984559523973ed6532a7d0a9f05867ec61513a1771d09df39786e1f609c5c194b842abe59fc312622d2523a9081bc3a0c3448a |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\ru.pak
| MD5 | 8a7de5803a3748c9283c9aeb7eca2155 |
| SHA1 | 6c74654716155ff480bfbbfce2cb692e72200297 |
| SHA256 | d2e005199518d68463e91ba33a52541846ed4374a6e7e770af94d51b82703031 |
| SHA512 | dab725d39da3ae25c1e783f19c2339f342c9ca950c8ee2ae5584dc5f2b86e058956d112872bf1dd5f4d5249788d39cc0167ffcd0df9bb52e3305866280e181b0 |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\zh-TW.pak
| MD5 | 44fa91feb49bfabb1b25e1887df03fbc |
| SHA1 | 164a53c4c44a5f377bc89d2260009deb121756b2 |
| SHA256 | 8367390d140ed96155910248b248824a4d6f0b9c19b47a9be2e5de148350fc26 |
| SHA512 | f2796f6d2cf91eb29a2b5a68141e989230c24a24f5431d4b57e44499e091adb94c9d620f48949ac59e6f0737d8ecd87426855419ddb416855692f6d344622a27 |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\resources\elevate.exe
| MD5 | 792b92c8ad13c46f27c7ced0810694df |
| SHA1 | d8d449b92de20a57df722df46435ba4553ecc802 |
| SHA256 | 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37 |
| SHA512 | 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40 |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\resources\app.asar
| MD5 | ba5385eed7d388e17b3e6f99c0307fda |
| SHA1 | 15315525f237cbce596cf03d6b2f7f583bde6f91 |
| SHA256 | e13bcb5422dd0d314b65801591d01de3e77c58ac38f5eb2f129e0c114ba91166 |
| SHA512 | 8511d08a95038f3ed957bd44327e1adf1417461e11ab89e5a25fe3f7b97f3ff2093875d49c8d6549aafafe69466cf01f3055ecde1134efae0ffa502efa2b51a9 |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\zh-CN.pak
| MD5 | f43466c19804439caf87092ae672f25e |
| SHA1 | 711035e5048a8971342c0e42fe7af6dc6e6b0cb5 |
| SHA256 | b1c989fc65aab77ac1a3353e2a7bed98605a534a1fd9bdf5bd358ad603d28415 |
| SHA512 | ae201b527ba547e40c5878473865304c1ca1738cea8c7d6054878ad2d375bd53dc695177038884d03dfebf1410d7cd4832e686fc132ae23ac91a04eb7bbe78f4 |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\vi.pak
| MD5 | 98925a2bb68e74fee002c077971e694c |
| SHA1 | 90cb050d839f210d945baf473fc903e30dd1bb87 |
| SHA256 | 18eaf4dd2aceb602789ceeb1d4757a3c7e552c226882696a59c6b592ecb4eba8 |
| SHA512 | 16b0ed12a1c5b2221ff84bf053ceeb1d5a3c0023a54eeaa49d8b907ae8dfd645573e2b655c421c689238c8cb4ab9ae8c3f9f67e6074f1a8e09d593135f2e8294 |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\ur.pak
| MD5 | 79b13441ad72298e148e4445debede7c |
| SHA1 | 54f72b4c7ea2738f3868746fa779a12bb7347a21 |
| SHA256 | 68c9dd85b70b56567ed1081ed08f4775a85ad12d6b65b989ee52f717a290a7b1 |
| SHA512 | 0b4e1e630ed630e61e458bd3947db95be55d5d592a47b81158a71658bdedf1c5a69cbd3ce86a817c18b2aca583aaac5e5d10ce53ad5be1f8e392d8d9f5b2ccba |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\uk.pak
| MD5 | 730e82c9d41358234f5c5b07853369c3 |
| SHA1 | 2eca732b8b7b116f03a45b98dafd1d5ae5fd9391 |
| SHA256 | 21bdb8b2889d86dbad4695ae2a5a706c71ad52230fd287199c9009a0a2aa23a8 |
| SHA512 | e81269f0ce8aa7b5589a2c18729e987185f4b4f796856684445b61841bf8d15ce4c751c88e1aba55f56ca3609ca66b46d6ef185a2ed8cf08b024f225ae02fefd |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\tr.pak
| MD5 | 9883f9005c6d40b71201985c14a406fe |
| SHA1 | 015c008ee69a62d421c3d09bbf17bd46f2b79b3a |
| SHA256 | c397f6b331132059344e5c0ac7f26dcda30d9e5496b4e58cfcafad07e147fa47 |
| SHA512 | c4d74e254eaf0255f864f8b67f8be43c5106ed91fe44f40add145af4e6aa660b359a4fda9c75e650cfbaeb097155027dc00fb989b74cdf1d68b1cddd2cbe02ec |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\th.pak
| MD5 | 5f0dac36df62a7fa9fc448a878b8e70c |
| SHA1 | 45f92a611333999b6457b0f619c8c7d4a0e1aeb4 |
| SHA256 | 6abfee4b054c8d54df3daa98de70002b835868407ed33ffa051c6f9ac80da89e |
| SHA512 | b7b8e0e3732059b06f0e197982b62c7a0c5bf208300c9422557b9d9eeab0fa4de4d308c7a457ff888e102b28c12a2c1575029aaf9b184c387f04d812ecb38c0a |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\te.pak
| MD5 | c74594f9382f23e51edc47ff7685a241 |
| SHA1 | a15d664336d50464f771b49780bbd0f48e4eec35 |
| SHA256 | 20a35aeba829f1c4de29079575eb0df09f0fec00782ac49fb132834be7967216 |
| SHA512 | 3f7ead875a84a411eb1c96ed203546cf18d4d37ce73e467f3810a76c69246c0d83a34aa080853606762e7bb62c43162017fc36512f5302ea1295372109235387 |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\ta.pak
| MD5 | 8deed50aa8d7b3e0fda6242322136f16 |
| SHA1 | 4430643aae3d755c9c03e1118a9af677a47a9fed |
| SHA256 | 41a06fbf1638ed477ca86c1379552790db82cf8d0e55a9e926e1ff83263b987e |
| SHA512 | b42c4bfe91b8db02f9f7dc74b6c61fb1561d58af142d50684c913b70a6dec8042243ef7a185b97ba3259ca948e1ee79ccf610f479df8189c58a7e25f0467e55c |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\sw.pak
| MD5 | 7a083ff726353cf124d66473e02dd3e0 |
| SHA1 | 718682e4b14f736ed0f49456d68650292e2889ff |
| SHA256 | f7efb9973068b970169ab0070d14642b75618b5be1f26f4096d74baaab4c18ed |
| SHA512 | 315734b744f1912e4d995411e52538f9ab70952ef18050d50038ac7e4f1ae29cce7e8fc97dc60b1ffbd2663786743a7b4888f892101d1c26f6a9ac3717a40c15 |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\sv.pak
| MD5 | 87820411509e40825754fa732072f93e |
| SHA1 | 22424e932c45f72e70a401ec91fb0ed6804abbf4 |
| SHA256 | b31a5154f8180f9ca7ac8cbaf33618fa9ab516fe1b619c3f71b047d93e05e154 |
| SHA512 | 1b6634010675b89c54576411a6d1a9d16c97f8af796cd4a57f02d36083678fd8462ed19f7e4d8f2149e35328ffb97e1c527f6742123ed6a0ad0f1bcf2785aa0f |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\sr.pak
| MD5 | 51324c9289bf9bf68a6057bf49c8fb9a |
| SHA1 | 30dfe023e839daea4dd8a7f116fef24a27d053d0 |
| SHA256 | 3afe97b04f455e2670b4f3649d64284520dfb197a67f58baab42b04e7d71de30 |
| SHA512 | e1dcbe20547a7bc1b5428846feb90bd7996fa471dc185863679b48ccdd4bcb18bda002f680a2efadf4ca004434753a3b68e524cab9a87c6f84f4c3fac607a339 |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\sl.pak
| MD5 | d64a9b98b0227903600a286a3e4432f5 |
| SHA1 | 187513017c3401aefccc99c546506bdbc3fe8902 |
| SHA256 | 1b9a71bf126adcfc36c9cac372992c248a1e95ba778e182bafea6820cd0adf46 |
| SHA512 | 8eba4f9d6d87217f36b7f500bc7f3a1172db72fde423453f360aa6b02733beff1d3b7163265d2b98b75ebab9bdaee0f5fa7ffe6d436a2dd99e2f8b659fcede51 |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\ro.pak
| MD5 | b72fe90a476e027e9b05f4444a4841cd |
| SHA1 | ca3bad88b9dd726b21e84d6533fed9352b8bdc14 |
| SHA256 | 034d37ba07687ac375d577ec4494c1c9e5a77d291c7db4bd888742dfa2947591 |
| SHA512 | aeea9d997498830f0aea0ac382e0b654c4f46a2cd3f2fd70d80c7e624381d3c4c688373acaa2ae79ca2d61b3b63a144cd01844df808f3c4855ee8cf41f580d6d |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\pt-PT.pak
| MD5 | 80c6b7e5cb50fd41302643ffc4d37aaa |
| SHA1 | 7c8c9575f9651a18f7e63a9201b631ad4c66ffa9 |
| SHA256 | 63807f1f1ffbb8650badf326a124de166215127cc3a383435edc0cd0099d99ee |
| SHA512 | f60ad21b8360e17683226571cb40c531ccf7e0d334446739c0fc5841ef3b2e24e4247a53df8964fc14a4803108ad54a1cd850554d1f03693c068b3d48bbeca89 |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\pt-BR.pak
| MD5 | 9f63528f60513410d05e43bcae2f9697 |
| SHA1 | da2be5114a77f899ce4c85059e26bd9e2b1f2754 |
| SHA256 | 40f7d9c66300fbc035971700a65f4420cfa9011884af7fc64baf9a45de4f1696 |
| SHA512 | 44f7be9bffbe64325937d35eaef250988ecf149c4ebc25307f6db7be9a9b4f28e4a4018745964bc8019f052feba7791cd8520e35d332095d40b3591a9151d455 |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\nl.pak
| MD5 | 2c4b6a61a2bc51caf8b0a63ea17e26c6 |
| SHA1 | 2ce191f9379354621d072045e3cf699e33c1c653 |
| SHA256 | 4645743b0430658d1f0703359615d3820d184b7fc3ee1994b6240016c4bc8f20 |
| SHA512 | 1d7dcdd57863728bd38a711054bd02c562788a81bb6533732bb39ac486f01ba6f0d1e718249bac6f682bcb9b2e45de8c287093f3642553c4dda9c5f6d56b02a7 |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\nb.pak
| MD5 | 6387dcc7240c4774342d4eae86a366e2 |
| SHA1 | ecd8d212520ed6b9f4f8cbda117699c24cf9514d |
| SHA256 | ae7c32a5ce908b9be1d587b88f65b1e3f1e9e0c78a6d27444b6ba65f228d7b82 |
| SHA512 | 29e6be46e2a8153e940a519831302c698deb3b403717117c023a2d6d5329b920078b887c85a801ebb0326bf7f00f90f4bb51122b8063357262be6e8080117adc |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\ms.pak
| MD5 | 5be988c3bef366af99f228a3d79285d5 |
| SHA1 | 5c06f6567379b2a41d8752b736a64c86124c5cf8 |
| SHA256 | 966247f48f891fba8184121f264fdb4befc31f736f693b23a5a6762f92d25380 |
| SHA512 | 6b07e8d42eed02fc722a272f791af2ba287af3c8372f786ebcf8fc4d0d2d4232acb954390106eea61f514152a89d2c79d0afd5db6ef2582aab25f0f9b3f01fd1 |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\mr.pak
| MD5 | 182aa89978663c10d670af50c471826b |
| SHA1 | 47d2b13b272690252b471406d5eb50d294927f35 |
| SHA256 | a8ac84cf199a35ec75a178f6c8fa975a0fac7a089fbcc1b5763f15a66ca42cfc |
| SHA512 | 2a615da237f32b33b4c35b014b2305f842d6e47d74df4233ae75cd8a4972c538af1ea5ef243de4cc0597b2233021caf361c10d2a78360198e98386ff0beecc77 |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\ml.pak
| MD5 | ab5d0360b710870fe09a0e3059470d2e |
| SHA1 | d6fc4a54744656750982fb433d91463c1611cfbe |
| SHA256 | 78e652080cb2f52981d4dd1a984f63739f9483d5d34e3194a77d19dc728a734a |
| SHA512 | 8ad381eee90250844dd4c58b19963d79a71a53afd2e3cd0665d63db4bc1adde451637cc1632d392d98b8fe57d0416be738756e93ee9115ab6b018dbc705b76bb |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\lv.pak
| MD5 | 528046058386c6beda612a2bb6055273 |
| SHA1 | 34d782fe60fbdf07b829aaaf59f30efe2aa99c30 |
| SHA256 | 53bc1ef268c120a9f81da7bfaa63842ab320719c68ac8b46fd67308d82983b53 |
| SHA512 | 112abce7d7ad726c50fe5f730add9b49c295c2c318fbc3ac2c994d66f02b767ebb5990ff5f5ffe8ebbd54766193f42bd45505d37c26e0508bf08cc4eab64a904 |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\lt.pak
| MD5 | 4a45237866ba7bfbcdda5ff700dbfaf8 |
| SHA1 | 173d8f236e41340e25bbe3405523a855a6258873 |
| SHA256 | 9995ce0a5c444464db40c085c5b58495b087789815a8d86ccb788586fe1391b8 |
| SHA512 | c1dbca6ddb75bdafdc9ed5a8d24d251a89748e1790819910dfcc1a2927f2e5f7e618ed154d9856fae1f406ec5217ab50358abb376d2ea5eef4e52b4b9c973228 |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\ko.pak
| MD5 | 96923c7fad1c9c8647a8ae14babbad10 |
| SHA1 | a088fdc32a749bfede7b4c4e2cb00c1fab96abd2 |
| SHA256 | 7a90cb3e17599da73c4908cfca277907ab9d1d88ca315f72b14351dd9aa59e99 |
| SHA512 | 18ca475128c175a814f61b7570f924a998d1e912b6ca4621b3b6a26e1724931703827788da9ce495a8802cb507ec635acdcd4489b4254fa0c55bf6c88d4cd94f |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\kn.pak
| MD5 | 86f847a3c3695686db88359a13b62a13 |
| SHA1 | a86a2a83b720bd7f9887b5a9f7fb51b01f753ddc |
| SHA256 | 6e62b16a200bdde17d16167f3b24efb110e8c0a1f1a2920b7d626229a0f3083b |
| SHA512 | 8880988d969d0f125fc235e29dd93036cabd1d59822687dbd5e6879624f397a4eec445675b83f09d7c1d9b2b9b8961430118247c930e547f8a7cb00ebec64d38 |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\ja.pak
| MD5 | ed2a24fc6d026f987a1b343bb16e8bcf |
| SHA1 | c09bce228d886278f082fe52c6f560e5808011ce |
| SHA256 | cfa65c38f65d7d0da76cd619929cc73bc061f91e7835bda0f74d43f00994cb05 |
| SHA512 | 135d2e0054b63ffaad5e27a30568f7d42506b7e62d8011f63a5f963a93fd826b3bd274d2e64fa79b87eaff744f04fd47229d37e6c2454809f61f0d8d2d5983e4 |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\it.pak
| MD5 | ca86e368944a904622c50a4ad7141dbf |
| SHA1 | cafaf5adee0616211869f3807120e299b804f3df |
| SHA256 | 37ba98cf033b9ae162bd381d52db4c9a506bcb316160e8fc383f7fd7b6094e8f |
| SHA512 | 7f743e60abd12632179fa9fe35a6acad6f6c47c54c2c2d3f3577ee4b0aaa3cd984e21b6b0a2ea2a95cbc1471e03bdc33c857849496896c138afe22267bfb990b |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\id.pak
| MD5 | 52c015be5bd65b54ee69cd920cea9366 |
| SHA1 | e2bcc1e453035acbfe806067e855308dccd38b2d |
| SHA256 | 11fe8bdfc3c24e4ce7173a572bf9a7aa10a3e99bff4d0ffeb9c169f55fb24d3f |
| SHA512 | afca1f4b72950f6165e52270e859e36b5428d60971369635608bfdc36ee7855abe463e261d9be7df1deca1accc29f36671ecb602910b759da62a3d9702121caf |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\hu.pak
| MD5 | 6cb047d9656d1fc1be010709098bfb41 |
| SHA1 | 6d9251c35ef3b1c959f6b9970dc3b744a1820570 |
| SHA256 | 4bec285384f07d9bf7fa5b6bbd7cf9f42c53cc41c921b76c1ec3dc79b54b72ea |
| SHA512 | 63d114e20ea62cf3db841d54806d9bdd2590df851f84c321e3bfc751339403db813f00c914cd11cd836884074fb973d5ebcfb4d4b0ae9cd0ee2ba903eb68ecd1 |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\hr.pak
| MD5 | e068728df69df51c32929b5d821666fa |
| SHA1 | 388dcb41d6401c5a16e44733ef32f0504fc01539 |
| SHA256 | 9d80d476f8fea34384658cf9e11506b0429c3db316b89be8fc1c9ae6c65cd670 |
| SHA512 | 0f018c206de0751dc6c5796fa5f036fcff08775bdf617d0041aed4a83069e031d122eb919b13ba5459cdac8d7dca71f02ea4df02daea84bbe9ecaee6f3c0cd2f |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\hi.pak
| MD5 | a820f2bf9983e13d20453aab70b379f3 |
| SHA1 | 9f33246d7b81d5129c2ce28a3988c360ef241c0b |
| SHA256 | aec0834aa0ca75e9ed0322dd173da1507ec1b05180701d981b93dc407107077e |
| SHA512 | 2676fd2e34421cd2e4fafc9585a8886c27dd3ed20896dbfc4c69b7418b59283cc7b4ecac8a86d96cb3e480276af704fe5f7bd9ee3f320d08550319eb494f5aac |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\he.pak
| MD5 | f7961a4ec67556114f60d07b337a1caf |
| SHA1 | e2cd548f8ab4e68a7b9bf20fdaddca6fe5c3b47b |
| SHA256 | b4a7c91e0f7451c2e104932097fb4c683d06bd9fc0ab084b9a20fbeef90be412 |
| SHA512 | f9f9a7871b4a49d5f562437252838010af22f603b829d8dc18176b5be4ab14ec74ae7419488e5af2bc971c417e9882014485a2777074d48e04c12a4afeb95818 |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\gu.pak
| MD5 | 5d9645fb5800d2c452762f448b79d239 |
| SHA1 | fa439baeab5563fb79f11dcf4fb1cc3e76cfda56 |
| SHA256 | 2f0231cb275a2d1f0e2cd48bfd47140e89373c8337368e38b8b7f4af83fdc2c5 |
| SHA512 | 4a9cdf86f1c4b411de23e06e3b7be027ae1e1e5da2444938be4e1887fa553f7948c2e429ac1fd205e6eb44e827c19badf15f6a976a3fe55d5227091364213eca |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\fr.pak
| MD5 | c0f801f92e41aab9d7c72c457ca06947 |
| SHA1 | 5e9a2874947305f982ae16f50de794e221632faa |
| SHA256 | 78e77fbde19fb4dd4d11619ceaaa2367dee94102113144cc82fde5d0dadb75dc |
| SHA512 | b5bb1782f053a7f9f48ff0f4aac0613f785df39ef6e72eab5ded6c5d8161c647ce2ef4490b1a681b5a25a5dc8421363c2e0af5a297a30ad8c142004090a5788c |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\fil.pak
| MD5 | 364027b8f16e3e63e3f71ec65e981dcf |
| SHA1 | 576db6232cabc770856017a43f023e9355963294 |
| SHA256 | b07f16a15c6ae5cebc9434f05e950b515dda9e5ba832ca60c469d1afdfece94d |
| SHA512 | 54bf150a888a0b8fce515e1a8f8176979ad79d7ba4470b0f8b94ebb402022bcc0ff2ea12d9dcb6adeca17738a981c83147563389fa336d4d5640c48a11dcbc3a |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\fi.pak
| MD5 | eab99437c623151bdc3e9da54fd79f6b |
| SHA1 | b9709f1fcd7ba8f1da7d9aee28e23294edc237eb |
| SHA256 | 7dce994aaa24ebb09e35e53869f98c073676b50586e96495964613048e0367a2 |
| SHA512 | 2a370e52730d228750a8b240fef57e7b15d00c7c51ee9db640df5295cf2530b2075c08e563e249332f5108f4435d2f7ae7a2f61cbc00f45909c6bd397f6caf7d |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\fa.pak
| MD5 | 1f72920662981d8836c29046ec5ff291 |
| SHA1 | a8a230eb19ae8acaae48e09ef900e4a916cc90cb |
| SHA256 | 08518e6462e15d8c0cdd02b9ec8fdd7d2f20c407e3ad3005a343e38e6d3ef088 |
| SHA512 | 0d626fb534943357b0c4cda1e59d00495fcafa28a44d2103036e925af7518526ce5f6d60f760946caa7bc9ca748b7e80615310797514c1293063c9b38a74f1f9 |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\es.pak
| MD5 | fd85e9bb827d4c8f9d80c62d5b84704d |
| SHA1 | fae741adf6e710dec4408feafe51dd3bf6e2a59b |
| SHA256 | f959250aec749e407917e321a94ac30a9b06d32d22aaa5a591cec7c08f36597b |
| SHA512 | 7b148aa79ccff5ebb87b39ea2ed288779420e39dc6120e1e40d9155837d93815a0b2738d4164ec7c97cde7e2ae3a12f2ac1cdeacee93045f49feac76984f336b |
C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\WinShell.dll
| MD5 | 1cc7c37b7e0c8cd8bf04b6cc283e1e56 |
| SHA1 | 0b9519763be6625bd5abce175dcc59c96d100d4c |
| SHA256 | 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6 |
| SHA512 | 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f |
C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe
| MD5 | 7a7f8aa4d118d1243a0ed6144c884cf5 |
| SHA1 | 1fb78c7c21a46bebd77d1c08fc16a84849762f68 |
| SHA256 | 95174d8eeb4bbd08525660855ca2627176eeb5322867d9490aaae30bfe139bfc |
| SHA512 | 7c1ec0485861fe76ef12d16662f9349efacffa13847e5e505ddf0f7c39414c0427a5e2ddfe7ef2c062bf3f6108f94b1555b5225e1974cc7c2ae9a1b95c51fda9 |
C:\Users\Admin\AppData\Local\Programs\BlackLoader\v8_context_snapshot.bin
| MD5 | fdeefa86c76c3bf0cbc1d58f9709c785 |
| SHA1 | 4bf102f78fd0e488ea29ce4140d54352a26bbea3 |
| SHA256 | 3bc16c9d2dcf50e480c26580637ced838b6de76447eed106b297e42537e61650 |
| SHA512 | 8d95e966c127443935bbacf33363bfe6669d20ee3ba74ba2da19434ce805c1f0bfd29f3563091bb8b9e0075f3ac9df3d7c7387c8acf2fe28da29f2d7e950ff6c |
C:\Users\Admin\AppData\Local\Programs\BlackLoader\icudtl.dat
| MD5 | a20bf88698e91504ed5d2165b32b12dd |
| SHA1 | 928b3c6ef18c93e34db119213d5bf9778baf2504 |
| SHA256 | 659cf32725d5cb7598da480ff82e64d35232a3523107ff7d84be5671ac14cabb |
| SHA512 | 40f7ba24fbe52d867eff3384d17bf03cfa4d900257cb5510b1775163ce9003db289f620970f3d86526f057ddb61137a4ce713deaad434602b5afaa3997d53fde |
C:\Users\Admin\AppData\Local\Programs\BlackLoader\ffmpeg.dll
| MD5 | f24c6d3020aca1be41e1deb799b6a546 |
| SHA1 | 92f10b9819710d8f6417891604b97c53b4e56a80 |
| SHA256 | 0d68b6472449d9a66bf9475586f5222546694d3ed9f73143df9425d8f2b76948 |
| SHA512 | f830f3315a2802efeef41f5256bd9a0bde586f84e4fc1f593e3150944fb0188601ad941d0430d4d660e6e51a39d2a97e00446ca5a24b1c5b0bc60c4777fe9626 |
C:\Users\Admin\AppData\Local\Programs\BlackLoader\ffmpeg.dll
| MD5 | e9640c4538b2e04464eb32d8e59e0461 |
| SHA1 | 1745612006064807281df2f359bddf2b5e4bac3c |
| SHA256 | 4ae013f021b6f7914d437ef07274536c530652749cf38b31494f3ff4fc81b6e3 |
| SHA512 | e58212ca94a57dd71cc0e9294b9ff97532625c80d3fc32f020d18544ee99e0418ff74281deb4255a917f3ac91155f90661bd45f31ee822626227d2b68b8640e1 |
C:\Users\Admin\AppData\Local\Programs\BlackLoader\resources\app.asar
| MD5 | 681e2f3ddcba43fc27ac19ea25883b88 |
| SHA1 | 3bb5f8783cdbbc0865707273077923071b618c34 |
| SHA256 | bcf3f23d526d639edaf36f9a2f9c77352fdbd340b4faa0284d1065b92ad89cf3 |
| SHA512 | 714f02616f07bf47f858b63d3d5497b3682183666167779d0f16e91404f43df8b733cc6f3f2be0e7f92ef4bc2c756fbed28105c85f35d417376b714be367dd18 |
C:\Users\Admin\AppData\Local\Programs\BlackLoader\resources.pak
| MD5 | 193837c95b6ea4d73f354d2d83021b0d |
| SHA1 | 51b54204dfba9e433a12fc96e13c4c5020de6328 |
| SHA256 | 4b5e913f16d9f84729cb68a5e7120f2ff089a39770e605c4026ab4b6ec0a161e |
| SHA512 | 768b5645af8053fb7b288cb7f27305913d6b1d714e7170289a3167612effcc5ea92d165f8ff155015497c7be0048edba1e5ca4e913836bc75e0ffcad24414cf2 |
C:\Users\Admin\AppData\Local\Programs\BlackLoader\ffmpeg.dll
| MD5 | b93f5243070c50e7156c48d15ac956c1 |
| SHA1 | 7ae7d0113aed530161ccc65bcbe2914c73e0a544 |
| SHA256 | 18d9d82a5f71dd5c907b5e37801ba3dcda3716cf059f9634e5f0ca70363f4d56 |
| SHA512 | afa82da0480d698f4ca5f449526d16c65e52eb1fad0cb81812d6c840190f8653aedc21a864d7e24c640399b6e893353e17c528a2a8e86609054e4dc471077081 |
C:\Users\Admin\AppData\Local\Programs\BlackLoader\ffmpeg.dll
| MD5 | 1190e2747b3ef20d9a27bf406576a212 |
| SHA1 | ff72c6b26737bda66a5237e41f7792e967474369 |
| SHA256 | bcec7d8616646c0be6301cef03c55306ea0f7e3eea04463f6a74ea4fe72e3a8b |
| SHA512 | 7d203f278f22d3f17e71683d1dce7d29ea12bea97106faf0bc389d399caf5cbf062215f2593ea2d380d560b8a096e959484552dc893913b2ac565aaf4f4e8b4a |
C:\Users\Admin\AppData\Local\Programs\BlackLoader\ffmpeg.dll
| MD5 | 658a6218fb584bf1e7de5df305256024 |
| SHA1 | 570e104d40eaf59c8ed5589ae9142b2b200f0691 |
| SHA256 | 2cff17ddfe491c1e2617070d6d38d3270e2272f9a84cd5f4686e4d1f41e017ad |
| SHA512 | 910daf67c35a6c20a27f5411c42cdfdf8274a836dd5c282d2f9b4ed3d2376a3ec983aca26651a58c0cae48cf9a0a7422b500bcbf0e253032176e2aa598e2c729 |
C:\Users\Admin\AppData\Local\Programs\BlackLoader\vk_swiftshader.dll
| MD5 | 2425a4635394646e49559f830c444bba |
| SHA1 | b573b83c0ed539268a81fab7b610985844e7254f |
| SHA256 | 36d5e8ec004b1fee728f89237e7043f6113faf7c270d5551689e12686f90a52d |
| SHA512 | 634bfc045338302d5e24fda1b458f669de414c21168f392c477e91a93b48195b540d9cad70bce57d137c0fa488cd715c222a8f2f6dab098a5699cff5c29ce651 |
C:\Users\Admin\AppData\Local\Programs\BlackLoader\vk_swiftshader.dll
| MD5 | 58ae49f437885ce6054fe73874df886f |
| SHA1 | d1d6d3132fb57d0f238c1056f6cf031618269616 |
| SHA256 | d5c67e4a550edf470b8dc00ecb3ec4730a8c1cc348ef1579d8cda8bf8316e7c4 |
| SHA512 | 50c90d0ef33837cc87f79055354a6aad360b2956420a3a4fc35c26ae242632ca8338af7d5f7bbe0c7207fc7cd61b04546fb651eaab022012a63346b3166e5859 |
C:\Users\Admin\AppData\Local\Programs\BlackLoader\libGLESv2.dll
| MD5 | 71927cd1ed4b1663855ef967045ecb74 |
| SHA1 | 5fc228cc65041e0c049998bf457d34541c420787 |
| SHA256 | f52e70c426c975daedb50528d54e834ef9a954931d78a797b7e25396dc3f96fb |
| SHA512 | 2535fb62f498a26b2bf27a6d722943d058994fe7c82ce1848737ca7afa3d0d8d169c4ba415f1ccb3783f58f9833b1a1e46270a05daac5490c783ff3238b816a2 |
C:\Users\Admin\AppData\Local\Programs\BlackLoader\libglesv2.dll
| MD5 | 0e531709bc6a8a16764562ff6acf8c52 |
| SHA1 | 34c48debf71fa1d0977f2e1d476a20aea37b2ce2 |
| SHA256 | b0f30c32207a0eae4937926e98572155a1d59ad518cf1f459e365c72aef1df3e |
| SHA512 | 205fe03ac958a0cb0bcd9375acfdba9b776b09a2a36fae5c56e6b2f261862cf99e2996b4a4aa2f108f507e713494f1a00b7961fc6a195cf3912aa470d953de86 |
C:\Users\Admin\AppData\Local\Programs\BlackLoader\d3dcompiler_47.dll
| MD5 | c0f2419ae612480a938e6480c0aa4059 |
| SHA1 | d37dfbf5df8ec03164b78d547354be937402f479 |
| SHA256 | 96e36ccc75bd8572c24bc11b802d3ab5588dc9d6c7087b26df1cf5b3f7589c8e |
| SHA512 | d38c1d26e3a58486ae7bced8eb556949c7508e364a7a3384ad698df13f7c14bf2edf1cb0dc1e26792b5ba25584ffddcf60a6ecf865298fddc2552d7dd73ca1c6 |
C:\Users\Admin\AppData\Local\Programs\BlackLoader\D3DCompiler_47.dll
| MD5 | 7f1d05c28cfa44907c9abbb2c1aa3c6a |
| SHA1 | f0ca57da2e316b7f4b063ec515eac04fcb405064 |
| SHA256 | f0bfea2a913bac9e334baa98ae0c08c55443fd4b5d3f75c24165fbb837be22d1 |
| SHA512 | eab342c936cebd6e1f4e555b5a9878435679132d2ba675ea1932bbdd2a2b63c439731143af116507fcaa830717363fc8c4bcd36ad775ee62ac599372027acae4 |
C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe
| MD5 | 5aa161538e58d87d54ab550af2101c10 |
| SHA1 | 36cd0c27d11ed3ecc70dd8e5e464fc8d5f83df24 |
| SHA256 | 13644750454502497d57de91fa90fc5e3457eb5f8b1e0cad26b1f2adecb3a3cd |
| SHA512 | aec4ea137ced7181667d7e0f00b9f6db4e38ae2ee48908ee4b067ff45d240490702d257961893ebac8bf4e91ec24a4cd198fb907e83d85217fe5ab53867707fc |
C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe
| MD5 | 1ba978fe5e7285116b43a85b0429e850 |
| SHA1 | 27845e708c6f4a0320b9e4bcc256bc528a01b845 |
| SHA256 | 3ffd57404d7eadd769d706d52e4272fd4dee6a24a85587769895ff6063f1e485 |
| SHA512 | bff8b9809eeb313fa137765c03de3547578495e439f256ee3e1cb808e3552797f188ea65c815ca8e059af726451296f5795cc24ca3fb3d2fc34f3cc304599641 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe
| MD5 | 6961bae67beb78e3fd8d6906ef60dbd7 |
| SHA1 | 2631ac63d9dd7765c37c606c32040a3e7552d597 |
| SHA256 | 7b3d2e6545b3123d780a541583433854bd7ec4a68de5ca6a5e1e50f636efe026 |
| SHA512 | 9d2b9dd1a1487693e90ebc214643c38f578e48cc3644ac537e2a79f73acef88f87a800a62fdfd2be6a15918c8347b50e2860fc01d7f839e730d22079eb3ddcd4 |
memory/4344-574-0x00007FFB7A4F0000-0x00007FFB7A4F1000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe
| MD5 | 13ab2a981ae0a407bb4742ea3cdeb298 |
| SHA1 | c8c02aa9642b7828106d1a6df5403f83073dd134 |
| SHA256 | 3e4d0f67ee37f3db539214060d93339dbd5313a7b66777e06557cbe9a1701402 |
| SHA512 | 9af03fcb3d4c15dc256e05d10ab0aa363849036c45e1e14135dc794cbbb4f013ffacedf4c93537e80a074b49374198ce3e17dce800a1b51274d6bfacb5921fec |
memory/4344-813-0x0000013F563D0000-0x0000013F5657C000-memory.dmp
C:\Users\Admin\AppData\Roaming\BlackLoader\Network\TransportSecurity
| MD5 | 1719ba0c0593a648e58aba302be4a088 |
| SHA1 | 031c3520b609debd94d0f1ee5eded4493cf8450e |
| SHA256 | aae297ceed6ad96edcffcbdb620ea8861754c1e09c70d8051abca7277cf2ee3c |
| SHA512 | d4adbab4abba4e2826af38b8dfe7b45509c38bd34ea461fede98d67ca3f1e54a77d01e223101c5a7056237d80655039ade1828ffe780560e65ae3ba78605cae8 |
C:\Users\Admin\AppData\Roaming\BlackLoader\Network\TransportSecurity~RFe583738.TMP
| MD5 | 295246f04b132ba5f1b1a5bb14d69bdf |
| SHA1 | 28df90265344b2975aee20a66ac191bef0563530 |
| SHA256 | 13929867ab0005c9e19d845c0edd1648a85f9e3ac6d39c1d1fac0618cd92bcab |
| SHA512 | efdf0ebc0b21290860a84d912379f54f63f5257ea96a423d5dee7e5ba25528330330263421f294fc5d3c81ab91818beeb2beeae1dde5bf7946ef3ed48c18febc |
C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader6.exe
| MD5 | e8ad958c0268f69125ab584d4a6e9382 |
| SHA1 | 95c612fe683dfa9d2e4ef7629616f0a17677e121 |
| SHA256 | 1b3d424d76406039f9e1b5f0aaaf699613dca62a32587ba873c5fe1fd0cdbfa7 |
| SHA512 | 6657621ae6f0204e9ade9921bc147ffc4aef0e30e493c9fe7fe93d2a6bda20ba96644a71b89ec518732751f837faad306b0202fa6a7d39f6c8564b06ac17227f |
C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader6.exe
| MD5 | 94400899eb2cd99283fd0075734a4c61 |
| SHA1 | 724d1fbd05f86d9f7e09d84793f2112918cb4c05 |
| SHA256 | c91efff255016c7ea91cc01b3c2927ee6630eb52d4450f7fabd22b9103f12b22 |
| SHA512 | aa7abb15c22b65349a89dad1b18245ad24d4c6a056ef9d8bfe28e809598eb926dff293c1fb238db1f1879a7c8175d4b5d9d6f6fa4ca34b6b6ab158d8942e6746 |
memory/1788-836-0x0000000074DD0000-0x0000000075581000-memory.dmp
memory/1788-837-0x0000000004D90000-0x0000000004E0E000-memory.dmp
memory/1788-838-0x0000000004EB0000-0x0000000005456000-memory.dmp
memory/1788-839-0x0000000005460000-0x00000000054DC000-memory.dmp
memory/1788-840-0x0000000004EA0000-0x0000000004EB0000-memory.dmp
memory/1788-841-0x0000000004EA0000-0x0000000004EB0000-memory.dmp
memory/1788-842-0x0000000004EA0000-0x0000000004EB0000-memory.dmp
memory/1788-844-0x0000000004EA0000-0x0000000004EB0000-memory.dmp
C:\Users\Admin\AppData\Roaming\BlackLoader\Network\Network Persistent State
| MD5 | 5598490dc192b210a783ab9d48f338d4 |
| SHA1 | 399c8c6b76fad74bb047d8b00631e084794880a6 |
| SHA256 | 39828c2e2b4a90de8f0d928acd67826d3bea9a98e36956b2edcbad1141dd7c5e |
| SHA512 | 3899188c28f26d7d276cefd6253723430e69299fcd3ebcfd7eeb80e5d6baf896f16c4dc5d0484f09037c00fbd99933093748cc8cadedad5b5994271f68b12ab5 |
C:\Users\Admin\AppData\Roaming\BlackLoader\Network\Network Persistent State~RFe58d80c.TMP
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Users\Admin\AppData\Local\Temp\BlackLoader110.exe
| MD5 | 55cd55536b2735766b664ac6bdcf5e8e |
| SHA1 | 6744503b2389b4d456424f58b37b5dc46b79fece |
| SHA256 | d7848c9a141cc13b7144b29be35e1a7fd12a1049663057c2b496eee11f530c09 |
| SHA512 | 15f1213a9d0cc3d49b6c152a50af2707ecd1ae2110c3a674bc7ee9651fc2b09e7e898ccc7c4f916be02e6e44d854aef8875d778c2dafcfd3d5f4449b6ebb55af |
memory/1788-862-0x0000000074DD0000-0x0000000075581000-memory.dmp
memory/1788-863-0x0000000004EA0000-0x0000000004EB0000-memory.dmp
memory/1788-865-0x0000000004EA0000-0x0000000004EB0000-memory.dmp
memory/1788-866-0x0000000004EA0000-0x0000000004EB0000-memory.dmp
memory/1788-867-0x0000000004EA0000-0x0000000004EB0000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe
| MD5 | eb30f56d8e2474724e33a9b90a050db6 |
| SHA1 | ac74e36a24561097fec2ef5f6b3d779c6a90e894 |
| SHA256 | 28b8361d1fcfda8dc499fb54d5260c4f9c60c35e47bee80294b0cbe05e613924 |
| SHA512 | 7de5e0905e82fe1d042aaaad3910af3e56489e2af7a136814b1d14d46add51e865eb043c9d7d091023e8707ddf4bc3cc8b4f93f078cb2b2202e784a9143eb92f |
C:\Users\Admin\AppData\Local\Programs\BlackLoader\ffmpeg.dll
| MD5 | 8397852bbbdcd3b058fa8db7ac16cc42 |
| SHA1 | 752bfa86d8d20ecfdc2611bf2e1bbc8a0b4f612d |
| SHA256 | 316acffdd8b65b268b0cf2cf304b508304ac8b0c204a18c88afcc8b9eff136ce |
| SHA512 | 9e704f7624a0e8b8d2a5277dbc69cd5a312dd0397fb64704084a79e6f8f812c84a31ed02b9cf84c3cc82e51686a5d1b73f72831f9180ce8e60083b6f3658134a |
memory/4660-875-0x00000260761D0000-0x00000260761D1000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\BlackLoader\vk_swiftshader.dll
| MD5 | 2652ca381b7770709282b2d9a12d9220 |
| SHA1 | 1451ff0c95d384a7a0ed1e243b5732535981634b |
| SHA256 | 020dc12ba9ab30a8d1c28c244f4a930d189afb8624aaafc378f397f96c55e56d |
| SHA512 | 0d2a63876423a656fd3b78007788fd03c7df4bf44f387d0295ce23ce698cbc0aa7b0f65babf6d3472f024c9a26f1e769d8d4f7dc2d490f21e98ae4370df5981a |
memory/4660-876-0x00000260761D0000-0x00000260761D1000-memory.dmp
memory/4660-877-0x00000260761D0000-0x00000260761D1000-memory.dmp
memory/4660-881-0x00000260761D0000-0x00000260761D1000-memory.dmp
memory/4660-882-0x00000260761D0000-0x00000260761D1000-memory.dmp
memory/4660-883-0x00000260761D0000-0x00000260761D1000-memory.dmp
memory/4660-884-0x00000260761D0000-0x00000260761D1000-memory.dmp
memory/4660-885-0x00000260761D0000-0x00000260761D1000-memory.dmp
memory/4660-886-0x00000260761D0000-0x00000260761D1000-memory.dmp
memory/4660-887-0x00000260761D0000-0x00000260761D1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\BlackLoader110.exe
| MD5 | 483e810e01f5d980eb061a51f9779037 |
| SHA1 | 67cf1a269fdecc01f4a7f8594d5dd82476bdb072 |
| SHA256 | caa0bbaa7a8e991e3eb016ee38a82c71271780c270ac62d343486832d44f016a |
| SHA512 | edf6b8673241ee22eb55562f58addec015c0453468ac1a38cb968d1676f30558d8ac8108f06b7c749f55086be573651cdf2f7b63f8bf1c24f67bdfa42e48f465 |
C:\Users\Admin\AppData\Local\Temp\BlackLoader110.exe
| MD5 | 549d4e4d200081f29e645fd5be511db7 |
| SHA1 | 911612a4819f69d5d8d981ff10e257b217341979 |
| SHA256 | 442c07575779924fa249ea62c088290f1d56a1099944d1f15ac0305803bcd648 |
| SHA512 | fe47f8d70b5ad7da8f1c3a408ab63e906e2296de43a227eb04a8b535c780d04ae5fe35feacd4a39d30f4e1fbd9d323c27ddca5eb0b32ca9f6afd9ec8fa70f728 |
memory/3112-895-0x0000000074DD0000-0x0000000075581000-memory.dmp
memory/3112-897-0x0000000004D50000-0x0000000004D60000-memory.dmp
memory/3112-898-0x0000000004D50000-0x0000000004D60000-memory.dmp
memory/3112-899-0x0000000004D50000-0x0000000004D60000-memory.dmp
memory/3112-903-0x0000000074DD0000-0x0000000075581000-memory.dmp
memory/3112-905-0x0000000004D50000-0x0000000004D60000-memory.dmp
memory/3112-906-0x0000000004D50000-0x0000000004D60000-memory.dmp
memory/3112-907-0x0000000004D50000-0x0000000004D60000-memory.dmp
memory/3112-909-0x0000000004D50000-0x0000000004D60000-memory.dmp
memory/1788-913-0x0000000002870000-0x0000000004870000-memory.dmp
memory/672-912-0x0000000000400000-0x0000000000488000-memory.dmp
memory/672-917-0x0000000000400000-0x0000000000488000-memory.dmp
memory/672-919-0x0000000000400000-0x0000000000488000-memory.dmp
memory/1788-920-0x0000000074DD0000-0x0000000075581000-memory.dmp
memory/672-921-0x0000000003E60000-0x0000000004260000-memory.dmp
memory/672-922-0x0000000003E60000-0x0000000004260000-memory.dmp
memory/672-923-0x0000000003E60000-0x0000000004260000-memory.dmp
memory/672-924-0x00007FFB7AD60000-0x00007FFB7AF69000-memory.dmp
C:\Users\Admin\AppData\Roaming\BlackLoader\Network\Network Persistent State
| MD5 | a312aff49e4818621575dc54cc9253e2 |
| SHA1 | 18872b2a632874cd0830a40500910728d21b46bd |
| SHA256 | 2845f63a5896e97057f8cd434f2637620c0a94e8bc2fd6a14e030b0677cecaa1 |
| SHA512 | d2f24f269f077ae805886ffc7f11c47bb7a9228843f3609c2b9b1bdf125910e5e88f1dcfd514fb683ce2fece0de28ff12c07d91bf98b1078147ad2a571b99f62 |
memory/672-934-0x0000000003E60000-0x0000000004260000-memory.dmp
memory/672-936-0x00000000769E0000-0x0000000076C32000-memory.dmp
memory/1216-937-0x0000000000F90000-0x0000000000F99000-memory.dmp
memory/1216-939-0x0000000002D40000-0x0000000003140000-memory.dmp
memory/1216-940-0x00007FFB7AD60000-0x00007FFB7AF69000-memory.dmp
memory/1216-942-0x0000000002D40000-0x0000000003140000-memory.dmp
memory/1216-943-0x00000000769E0000-0x0000000076C32000-memory.dmp
memory/1216-944-0x00007FFB7AD60000-0x00007FFB7AF69000-memory.dmp
memory/1216-945-0x0000000002D40000-0x0000000003140000-memory.dmp
memory/1216-946-0x00007FFB7AD60000-0x00007FFB7AF69000-memory.dmp
memory/672-947-0x0000000003E60000-0x0000000004260000-memory.dmp
memory/3112-955-0x00000000027F0000-0x00000000047F0000-memory.dmp
memory/3112-961-0x0000000074DD0000-0x0000000075581000-memory.dmp
memory/3944-964-0x0000000003F20000-0x0000000004320000-memory.dmp
memory/3944-963-0x0000000003F20000-0x0000000004320000-memory.dmp
memory/3944-966-0x00007FFB7AD60000-0x00007FFB7AF69000-memory.dmp
memory/3944-969-0x00000000769E0000-0x0000000076C32000-memory.dmp
memory/3944-968-0x0000000003F20000-0x0000000004320000-memory.dmp
memory/2272-973-0x0000000000AF0000-0x0000000000EF0000-memory.dmp
memory/2272-972-0x0000000000AF0000-0x0000000000EF0000-memory.dmp
memory/2272-974-0x00007FFB7AD60000-0x00007FFB7AF69000-memory.dmp
memory/2272-975-0x0000000000AF0000-0x0000000000EF0000-memory.dmp
memory/2272-977-0x00007FFB7AD60000-0x00007FFB7AF69000-memory.dmp
memory/2272-978-0x00000000769E0000-0x0000000076C32000-memory.dmp
memory/2272-979-0x0000000000AF0000-0x0000000000EF0000-memory.dmp
memory/2272-980-0x00007FFB7AD60000-0x00007FFB7AF69000-memory.dmp
memory/3944-981-0x0000000003F20000-0x0000000004320000-memory.dmp