Malware Analysis Report

2025-06-15 19:48

Sample ID 240210-2bn9dahd3t
Target BlackLoader Setup 9.8.0.exe
SHA256 55bb67ac55ddcf9de96fd17f50506d9f8a9b16895c8299ce91f8f226fa3eb18e
Tags
rhadamanthys discovery stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

55bb67ac55ddcf9de96fd17f50506d9f8a9b16895c8299ce91f8f226fa3eb18e

Threat Level: Known bad

The file BlackLoader Setup 9.8.0.exe was found to be: Known bad.

Malicious Activity Summary

rhadamanthys discovery stealer

Rhadamanthys

Suspicious use of NtCreateUserProcessOtherParentProcess

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Suspicious use of SetThreadContext

Enumerates physical storage devices

Program crash

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Modifies system certificate store

Enumerates processes with tasklist

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-10 22:26

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-10 22:24

Reported

2024-02-10 22:34

Platform

win11-20231215-en

Max time kernel

455s

Max time network

448s

Command Line

sihost.exe

Signatures

Rhadamanthys

stealer rhadamanthys

Suspicious use of NtCreateUserProcessOtherParentProcess

Description Indicator Process Target
PID 672 created 2564 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\system32\sihost.exe
PID 3944 created 2564 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\system32\sihost.exe

Checks installed software on the system

discovery

Enumerates physical storage devices

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 5c0000000100000004000000000800001900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d040000000100000010000000410352dc0ff7501b16f0028eba6f45c520000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\BlackLoader Setup 9.8.0.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4880 wrote to memory of 3232 N/A C:\Users\Admin\AppData\Local\Temp\BlackLoader Setup 9.8.0.exe C:\Windows\SysWOW64\cmd.exe
PID 4880 wrote to memory of 3232 N/A C:\Users\Admin\AppData\Local\Temp\BlackLoader Setup 9.8.0.exe C:\Windows\SysWOW64\cmd.exe
PID 4880 wrote to memory of 3232 N/A C:\Users\Admin\AppData\Local\Temp\BlackLoader Setup 9.8.0.exe C:\Windows\SysWOW64\cmd.exe
PID 3232 wrote to memory of 3148 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 3232 wrote to memory of 3148 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 3232 wrote to memory of 3148 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 3232 wrote to memory of 3792 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\find.exe
PID 3232 wrote to memory of 3792 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\find.exe
PID 3232 wrote to memory of 3792 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\find.exe
PID 2196 wrote to memory of 4344 N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe
PID 2196 wrote to memory of 4344 N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe
PID 2196 wrote to memory of 4344 N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe
PID 2196 wrote to memory of 4344 N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe
PID 2196 wrote to memory of 4344 N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe
PID 2196 wrote to memory of 4344 N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe
PID 2196 wrote to memory of 4344 N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe
PID 2196 wrote to memory of 4344 N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe
PID 2196 wrote to memory of 4344 N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe
PID 2196 wrote to memory of 4344 N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe
PID 2196 wrote to memory of 4344 N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe
PID 2196 wrote to memory of 4344 N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe
PID 2196 wrote to memory of 4344 N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe
PID 2196 wrote to memory of 4344 N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe
PID 2196 wrote to memory of 4344 N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe
PID 2196 wrote to memory of 4344 N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe
PID 2196 wrote to memory of 4344 N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe
PID 2196 wrote to memory of 4344 N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe
PID 2196 wrote to memory of 4344 N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe
PID 2196 wrote to memory of 4344 N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe
PID 2196 wrote to memory of 4344 N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe
PID 2196 wrote to memory of 4344 N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe
PID 2196 wrote to memory of 4344 N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe
PID 2196 wrote to memory of 4344 N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe
PID 2196 wrote to memory of 4344 N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe
PID 2196 wrote to memory of 4344 N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe
PID 2196 wrote to memory of 4344 N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe
PID 2196 wrote to memory of 4344 N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe
PID 2196 wrote to memory of 4344 N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe
PID 2196 wrote to memory of 4344 N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe
PID 2196 wrote to memory of 4344 N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe
PID 2196 wrote to memory of 4344 N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe
PID 2196 wrote to memory of 4344 N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe
PID 2196 wrote to memory of 4344 N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe
PID 2196 wrote to memory of 4344 N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe
PID 2196 wrote to memory of 4344 N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe
PID 2196 wrote to memory of 4344 N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe
PID 2196 wrote to memory of 4344 N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe
PID 2196 wrote to memory of 4344 N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe
PID 2196 wrote to memory of 1896 N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe
PID 2196 wrote to memory of 1896 N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe
PID 2196 wrote to memory of 3604 N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe
PID 2196 wrote to memory of 3604 N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe
PID 3604 wrote to memory of 3156 N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe C:\Windows\system32\cmd.exe
PID 3604 wrote to memory of 3156 N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe C:\Windows\system32\cmd.exe
PID 3156 wrote to memory of 1788 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader6.exe
PID 3156 wrote to memory of 1788 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader6.exe
PID 3156 wrote to memory of 1788 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader6.exe
PID 3604 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe C:\Windows\system32\cmd.exe
PID 3604 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe C:\Windows\system32\cmd.exe
PID 2196 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe
PID 2196 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe
PID 5076 wrote to memory of 3112 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\BlackLoader110.exe
PID 5076 wrote to memory of 3112 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\BlackLoader110.exe
PID 5076 wrote to memory of 3112 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\BlackLoader110.exe

Processes

C:\Windows\system32\sihost.exe

sihost.exe

C:\Users\Admin\AppData\Local\Temp\BlackLoader Setup 9.8.0.exe

"C:\Users\Admin\AppData\Local\Temp\BlackLoader Setup 9.8.0.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq BlackLoader.exe" | %SYSTEMROOT%\System32\find.exe "BlackLoader.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq BlackLoader.exe"

C:\Windows\SysWOW64\find.exe

C:\Windows\System32\find.exe "BlackLoader.exe"

C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe

"C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe"

C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe

"C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\BlackLoader" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1472 --field-trial-handle=1716,i,4567132502202351418,3498143384547615895,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe

"C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\BlackLoader" --app-path="C:\Users\Admin\AppData\Local\Programs\BlackLoader\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2268 --field-trial-handle=1716,i,4567132502202351418,3498143384547615895,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe

"C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\BlackLoader" --mojo-platform-channel-handle=1724 --field-trial-handle=1716,i,4567132502202351418,3498143384547615895,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "BlackLoader6.exe"

C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader6.exe

BlackLoader6.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Users\Admin\AppData\Local\Temp\BlackLoader110.exe"

C:\Users\Admin\AppData\Local\Temp\BlackLoader110.exe

C:\Users\Admin\AppData\Local\Temp\BlackLoader110.exe

C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe

"C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-data-dir="C:\Users\Admin\AppData\Roaming\BlackLoader" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=892 --field-trial-handle=1716,i,4567132502202351418,3498143384547615895,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\dialer.exe

"C:\Windows\system32\dialer.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 672 -ip 672

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 672 -s 524

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 672 -ip 672

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 672 -s 548

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\dialer.exe

"C:\Windows\system32\dialer.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 3944 -ip 3944

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 524

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 3944 -ip 3944

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 520

Network

Country Destination Domain Proto
US 8.8.8.8:53 swapinclick.com udp
FR 195.35.49.154:443 swapinclick.com tcp
US 8.8.8.8:53 154.49.35.195.in-addr.arpa udp
US 8.8.8.8:53 apps.identrust.com udp
GB 96.17.179.184:80 apps.identrust.com tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google udp
US 35.173.69.207:443 tcp
FR 195.35.49.154:443 swapinclick.com udp
US 35.173.69.207:443 tcp
FR 195.35.49.154:443 swapinclick.com udp

Files

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\SpiderBanner.dll

MD5 17309e33b596ba3a5693b4d3e85cf8d7
SHA1 7d361836cf53df42021c7f2b148aec9458818c01
SHA256 996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
SHA512 1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\nsExec.dll

MD5 ec0504e6b8a11d5aad43b296beeb84b2
SHA1 91b5ce085130c8c7194d66b2439ec9e1c206497c
SHA256 5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962
SHA512 3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe

MD5 4e40b9548d950396700efe37c07f70cf
SHA1 7795250fa417222a0d4acf7f8ca55ad8736d7b99
SHA256 cff4260500989c91cc66277e75da16b8a99fdc274f07c349de154b712f2afebf
SHA512 f670ccb2449344e9b57515429f5de6406cddfb47406f20fd9c8cd642687b02756e13bb4955a71e92342d42f2dd62bf062730c87899cc1cfac7c17fd93542efff

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\chrome_100_percent.pak

MD5 d31f3439e2a3f7bee4ddd26f46a2b83f
SHA1 c5a26f86eb119ae364c5bf707bebed7e871fc214
SHA256 9f79f46ca911543ead096a5ee28a34bf1fbe56ec9ba956032a6a2892b254857e
SHA512 aa27c97bf5581eb3f5e88f112df8bfb6a5283ce44eb13fbc41855008f84fb5b111dfe0616c310c3642b7f8ac99623d7c217aecc353f54f4d8f7042840099abc5

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\ffmpeg.dll

MD5 4396b172a55f389ad77f744d019a1f02
SHA1 813dc27cc325c5200d96d8a473b10081e40b5109
SHA256 33ae931547b680bf6b26bad3e4ff379becff47df63a178d6d37974c3a70bb320
SHA512 9e44a67fd31f77a98833b175bfa5f884c326b6f96a24c0932dcca502a2aadbfdf599ca15174984ea19a0bebf94b5bf72c9abd35f316a06fad929dd4350582d53

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\d3dcompiler_47.dll

MD5 b71bff197406bd414ffbafb081f03ad5
SHA1 13a8e3b76cbebc051a0360a06bc15c909e062b6e
SHA256 e89d41444c76618966b2bfe8f0b65a818f1681221c9179372705cccc82eb467a
SHA512 c76678dfff38151fafc22f6e94298c32dbf7f24055d620f39435e36cacf762a9e9e45c555ed02038bbf1ac98d0f535a20c5e755b45fa91d06c90af9ae6b0ca32

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\chrome_200_percent.pak

MD5 5604b67e3f03ab2741f910a250c91137
SHA1 a4bb15ac7914c22575f1051a29c448f215fe027f
SHA256 1408387e87cb5308530def6ce57bdc4e0abbbaa9e70f687fd6c3a02a56a0536c
SHA512 5e6f875068792e862b1fc8bb7b340ac0f1f4c51e53e50be81a5af8575ca3591f4e7eb9239890178b17c5a8ff4ebb23719190d7db0bd8a9aa6dcb4308ffa9a34d

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\icudtl.dat

MD5 7153389eab63afaaf0ade10152d5bf4c
SHA1 639fa4b31f73e5d0c10ceb5ac7dcd7e998e5bd8a
SHA256 63f60c6a0d7395f3c2444e97bcebfc3fe893091e7f0a5861dcc6a8221b6856fe
SHA512 95583baeb565aea8ac940a2e3dd72882a3fac840498f2c2c043407396a099ff7ddb0eef88772706acdd5e7e64c51bfcc43f84db75ceb96fb7a2622aa8f1cea8d

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\libEGL.dll

MD5 637eeb39ddbeb3ff518ff1988604505f
SHA1 8b3d9a0d542718fb906f8fafb2583d7bb53176ef
SHA256 3c51a8e53ef7473e9a335673e909dc9c67bf962997e6e2a319c3bd70fd52b4ed
SHA512 3257f9c96665f1bc8bb39acd0d98015b7d5e32f3cf3f84e795df4d19f6bd3bcc14a4e89759cc0de83289b79cd290fd5f4b176c3e9a4cb2eca3acfba0c9e232df

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\libGLESv2.dll

MD5 6e9fce1423137e231da0cfa1ce46fc81
SHA1 1fa6626f52c8c716ab277d6d555fa208c96a92ea
SHA256 1972128ccc6211c949a141e0c44b3cd41b07834be2ecfeaa2321f89d56e71049
SHA512 55b4b81e8dd2ce6632a4c4874216f51017f01734f6aea1df47cb4f0ef3d5cb318789c82b7b73392e54fc7447dfa0e32b1c499e5d468c8bd40eb0e2b4bfc6755e

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\LICENSES.chromium.html

MD5 48876275bf08cc1fdd65ba85ee2f1d05
SHA1 2636925db981085d03dcfefc0059b0b30d6ccdb1
SHA256 dd368babcf98300e7d0524acf151950cc2006783370897b7872aa37ffce89b23
SHA512 93eab31f1aa499d7513222b987430913bf842fe627523b7a70713b63e359d372519dff4edf4303cd3cd5a93534e3f4688c8955826609702b740a1a48795e5f55

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\resources.pak

MD5 cc552bf86ea8c33d5164fbcd66ff3396
SHA1 2ff4bae55520f8719f3d6181f364b2793bb48eeb
SHA256 cd27d0a67c1d73ea67c51af402c1195f65dc626edc704223890d3aea2f4310e1
SHA512 83b71ecd19c6245c745702489c4f1428ed7f9726eb88c1459295f3957048304d250a68f4c23da8c2be2235540024153be2dbaa810c25cab7a6cda1ac955393a4

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\v8_context_snapshot.bin

MD5 031ea03da08fe1247280cfe781658791
SHA1 e91db50ad16b5a5fbbaf4118672d60b347ea6161
SHA256 c16dcec41919a6d2850214f2275824be8a97d8c5e694e2ec8dd7d16ab2d5015c
SHA512 b3d6f282761f8ab8760728ecb108f64741f6f3cd2a143813042ff63a3b6604fcfe7c1feabafb65f9f67906217edb5851f44605a34f7a50ed2058c25ce5efb30a

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\snapshot_blob.bin

MD5 b82ff216a0babf602940759b9a3af870
SHA1 07e8a22dcf8d7be04a6ddbcab3098e040494bb0e
SHA256 943b27009d41801c5a649caf680e32d4dd25de002787a4ccd86b0925b3aac3a5
SHA512 da157570afbab7be135f7749df7f4518df1452ea24f98d8f5189430e732ad06ed438afc701cb70451bbc7137b5f35a0c5957df92ecb40d47d54c1071ea79fba1

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\af.pak

MD5 198092a7a82efced4d59715bd3e41703
SHA1 ac3cdfba133330fce825816b2f9579ac240dc176
SHA256 d63222c4a20fa9741f5262634cf9751f22fbb4fcd9d3138d7c8d49e0efb57fba
SHA512 590dcc02bc3411fa585321a09f2033ca1839dd67b083622be412d60683c2c086aac81a27bc56029101f6158515cc6ae4def39d3f246b7499b30d02690904af0d

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\vulkan-1.dll

MD5 8bc92d032251f1283372dd34bfbc3e1f
SHA1 af24bc9609c601f519032372e082967acae3d12f
SHA256 6858691564c26c6db61c2a9bc7f5176d32fef933f722a8d658c83252be9e6295
SHA512 5cdbbff2095aea58a1b1fd66e5ca094e06ba574783f51e1365e7f48e325fc7e696c384950cb233d6441a3418adb2761c420f40fba5e969657a5dac93348e1b86

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\bn.pak

MD5 4ca41a2a019e5c1b0b218a25a36d9e73
SHA1 873bcef920f23ed5cddc794bd55bc72d4d988afb
SHA256 10bcc70b045d51266fe6c2a04b8369e4c0ab170bd6d38a3c8f368d275ac66b5a
SHA512 d99a455369918db452e0dc79c8202d78568244c67c5460f01b7a14250817f8e8487bb1b6b0cd75a1098fb5120be98e3f5412f63899685fbe230da4999014e06f

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\bg.pak

MD5 9dc95c3b9b47cc9fe5a34b2aab2d4d01
SHA1 bc19494d160e4af6abd0a10c5adbc8114d50a714
SHA256 fc4a59ea60d04b224765be4916090e97ed8ddda6b136a92a3827ed0fcc64bb0e
SHA512 a05a506a13ac4566ecbfe7961ace091295967ea4e72a2865e647b5fa9adac9f7cf5e80b53fae0e3917dfb0b9a3f469189cd595cc4ae9239d3a849f5cedd60e46

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\ar.pak

MD5 71f99d68dab1dabb847137093e05bda7
SHA1 23f616bafcdf20b37647b9bfe9bb8bbe170f771f
SHA256 b023f0f02580bbff1b4333b9ac68149e45cd109afc5e2cfc93ccf2f6d70a7be6
SHA512 623eefd28cc084f20d582a86367b5c7e6a2ba7c719941097789b3b24397d32e4b776f59920829bb9c8033cac87fe204ddab93b884a465939ce6d6f85d7b667a6

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\am.pak

MD5 e8989d501159bd2e98edc5e4dbc5a0aa
SHA1 62ec21328148054c26399b305a4edd75d65be64b
SHA256 6264f9a85609b09ef8c9ae1288a5f5dc0a131bb61a3c239b2cb7c90e1e4e96c4
SHA512 ce196727d1c91d3a39b3198d8d5eec1619aeffe3e68e6157d2d8f39dae810ed1930d4b40d292b0cc122d1e7f94a7415b8ce3f1590189fc497f4bb2431ca35f5c

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\vk_swiftshader.dll

MD5 ca20eb92f10f2503991e209ef5162ae7
SHA1 5fe42f6c415c31d286f05adbdb4bf365c26fa834
SHA256 901befbd4befe70340de2d585a430d4e643c2ecbec397dcab4d287fd292048f6
SHA512 153a6f0be3ce6072b497a8ba3b245134c9e3a6aba2f3d32781dd2cc451b99e4d16946a99736bba0506dacc7bb324ab8418d9610fbfbdcd9224098b69143aa325

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\cs.pak

MD5 ff919631102a3a9ec635b3080b63e305
SHA1 e43b117ad5b2d5b373321ab0ae63dd4bc1352a89
SHA256 1b8c3add009028eb567b0094759daff29b7861e11d5a9d864071012200e9735a
SHA512 21833774413cc71ba9c0c592504ae6288e3c8ac4e5d1d62768f4b3eca09e90009abec5e8fadcb4e7d63b99a522ae48fd608aad432eb4165ec7021c8888ad7df1

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\el.pak

MD5 1dda55275041b09101fa6c2c8b114fe4
SHA1 38c9e4c011bc1d6e7e000edbceacccd1c1cef69a
SHA256 6948ea52cd503318e6ace20bcddf8f0a58b54124a261c374fc84fb2e53ea519d
SHA512 08f1db516d4174de2aea2dc3259d325b27c5c112f60a9e9a41b197e757af24933b106ccde4b2f5f8d05bf1c25fa13f701cd3d0c5bd521796c6dc4d8c0560519c

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\en-GB.pak

MD5 1d55fab4db736ff9b535fbd89c04439f
SHA1 78c926c43a213a7ab9f87b7feb2df740b12977b7
SHA256 88a6dc2693c6ded9d162a9999b74922cba3c80c5f82c02e3eeef950e33998245
SHA512 5496418e908efc4aacb956465083d33f7b8988260422e3e609f986860ef35749448aecbf149dce9018f7e7137b066d9706080e67e4cb71aee8e01a7d1c8fb332

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\de.pak

MD5 de6e989070283dce390ab612a01226fe
SHA1 b57d5ca62bdade8a110b17720048f20603bf5780
SHA256 04ee1580ca680a9af658f955dbdf790d30d04a2dde6fe72c926140223da2624e
SHA512 8f8da5eb044804e2b7f46ae64a834b5c32be549ef02385023276cf3b465edb1b0418c115b40635f543bfda1dd0bc54911a24ab695aa9def6e2dd6d9733808ed5

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\da.pak

MD5 4bccba46add5ebaf6efd4ade3c42aed9
SHA1 e48dcc2de930bbf0ea8ee7b735ead321dadb5be8
SHA256 2497368658a988e4eb3f64cd17423ea04e7555b104d43c8996c0ecbbfed5f74d
SHA512 e2059e2a7f80353981eef6982a7da006fa3753aeba9aca5279eef71aa2fa4b7adbf9cbb17c85b8060359f9e871b1a5c665226f8d3b8a6fe49f908fd44e1b46bd

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\ca.pak

MD5 0312c87b6436e733a037bfb3084f7550
SHA1 e3f30b8f3bfc8ddbf4b8f85f845733ed5ac8c632
SHA256 b6c895fbca90c36ae2cfefefda989922162a2cc259603fbca066f0cfbf43c4ff
SHA512 24b7780211b9dcaf7cbe3915851c7b873562e0cff022c29ca1b4e159b9da152b517305f81dd33712a0224fc3b77e594405e432fe5eecf29b7a4f83f441d6905e

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\es-419.pak

MD5 62ebc8482d26d061f25c306b34931cdb
SHA1 a5c3987a37a2ba849eb6dbeba9d4068e4f0c1d1d
SHA256 273745efc5af623c74cf84b50a5cf961ab313fff78f4090a55047c7be04110ff
SHA512 117c934c83e84cdcf483ab4f15e278bd54f9e3b55a443d40d542d26a04951d09fde4c38fe483f540aea48eb195722a883ca9e95f4dc710199f0b7671881ef338

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\en-US.pak

MD5 3f6f4b2c2f24e3893882cdaa1ccfe1a3
SHA1 b021cca30e774e0b91ee21b5beb030fea646098f
SHA256 bb165eaa51456b52fcbdf7639ee727280e335a1f6b4cfb91afc45222895b564f
SHA512 bd80ddaa87f41cde20527ff34817d98605f11b30a291e129478712ebebe47956dbd49a317d3eeb223adf736c34750b59b68ad9d646c661474ad69866d5a53c5c

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\et.pak

MD5 b746948aa7ef401cb2991ebdc946493e
SHA1 59d33d1cfff2d7789966f7d9d32d5a1471d9d75b
SHA256 22a7aca88eaadc24e3fe74c49810f97b426878bf2b54ae92f98e0ccdb02ff3bf
SHA512 dcff275bb04f11a6690db63b54f6f3687ba8391d32d9f2bc869db3208ef41952ad8671a3fa6c040a62ec4df3977ea9b29e01cc799774ba76d22f79ac154a75ca

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\pl.pak

MD5 c0183314be5b379eea92d299dbefd53b
SHA1 c9eb00978769d75c3ac71255fbec35207c3df0c0
SHA256 29cd712ac9c09ec4189ce14cccc9eea9c35dfb6810b129a51723da0c1aa5c8d4
SHA512 d5be41d88be142040d510ed7a8581f70fa7db006fa962ec8d4682b06f949e13e7b3f5aa05b10d262e2afb5c5b27d5d62b624791d289e842aa810f9f8eca451b4

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\sk.pak

MD5 626fa9cc0e3de6a184bce3a4ac2b96b8
SHA1 db5126f10d14ae753e5f5d273566ddbc0a82e601
SHA256 dee84da5612a1eb7ef25e9203f90c5c7095b005dd20826f9ebae6a839bbc5d41
SHA512 5a3f4596a80571beac4ed4186e984559523973ed6532a7d0a9f05867ec61513a1771d09df39786e1f609c5c194b842abe59fc312622d2523a9081bc3a0c3448a

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\ru.pak

MD5 8a7de5803a3748c9283c9aeb7eca2155
SHA1 6c74654716155ff480bfbbfce2cb692e72200297
SHA256 d2e005199518d68463e91ba33a52541846ed4374a6e7e770af94d51b82703031
SHA512 dab725d39da3ae25c1e783f19c2339f342c9ca950c8ee2ae5584dc5f2b86e058956d112872bf1dd5f4d5249788d39cc0167ffcd0df9bb52e3305866280e181b0

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\zh-TW.pak

MD5 44fa91feb49bfabb1b25e1887df03fbc
SHA1 164a53c4c44a5f377bc89d2260009deb121756b2
SHA256 8367390d140ed96155910248b248824a4d6f0b9c19b47a9be2e5de148350fc26
SHA512 f2796f6d2cf91eb29a2b5a68141e989230c24a24f5431d4b57e44499e091adb94c9d620f48949ac59e6f0737d8ecd87426855419ddb416855692f6d344622a27

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\resources\elevate.exe

MD5 792b92c8ad13c46f27c7ced0810694df
SHA1 d8d449b92de20a57df722df46435ba4553ecc802
SHA256 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
SHA512 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\resources\app.asar

MD5 ba5385eed7d388e17b3e6f99c0307fda
SHA1 15315525f237cbce596cf03d6b2f7f583bde6f91
SHA256 e13bcb5422dd0d314b65801591d01de3e77c58ac38f5eb2f129e0c114ba91166
SHA512 8511d08a95038f3ed957bd44327e1adf1417461e11ab89e5a25fe3f7b97f3ff2093875d49c8d6549aafafe69466cf01f3055ecde1134efae0ffa502efa2b51a9

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\zh-CN.pak

MD5 f43466c19804439caf87092ae672f25e
SHA1 711035e5048a8971342c0e42fe7af6dc6e6b0cb5
SHA256 b1c989fc65aab77ac1a3353e2a7bed98605a534a1fd9bdf5bd358ad603d28415
SHA512 ae201b527ba547e40c5878473865304c1ca1738cea8c7d6054878ad2d375bd53dc695177038884d03dfebf1410d7cd4832e686fc132ae23ac91a04eb7bbe78f4

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\vi.pak

MD5 98925a2bb68e74fee002c077971e694c
SHA1 90cb050d839f210d945baf473fc903e30dd1bb87
SHA256 18eaf4dd2aceb602789ceeb1d4757a3c7e552c226882696a59c6b592ecb4eba8
SHA512 16b0ed12a1c5b2221ff84bf053ceeb1d5a3c0023a54eeaa49d8b907ae8dfd645573e2b655c421c689238c8cb4ab9ae8c3f9f67e6074f1a8e09d593135f2e8294

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\ur.pak

MD5 79b13441ad72298e148e4445debede7c
SHA1 54f72b4c7ea2738f3868746fa779a12bb7347a21
SHA256 68c9dd85b70b56567ed1081ed08f4775a85ad12d6b65b989ee52f717a290a7b1
SHA512 0b4e1e630ed630e61e458bd3947db95be55d5d592a47b81158a71658bdedf1c5a69cbd3ce86a817c18b2aca583aaac5e5d10ce53ad5be1f8e392d8d9f5b2ccba

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\uk.pak

MD5 730e82c9d41358234f5c5b07853369c3
SHA1 2eca732b8b7b116f03a45b98dafd1d5ae5fd9391
SHA256 21bdb8b2889d86dbad4695ae2a5a706c71ad52230fd287199c9009a0a2aa23a8
SHA512 e81269f0ce8aa7b5589a2c18729e987185f4b4f796856684445b61841bf8d15ce4c751c88e1aba55f56ca3609ca66b46d6ef185a2ed8cf08b024f225ae02fefd

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\tr.pak

MD5 9883f9005c6d40b71201985c14a406fe
SHA1 015c008ee69a62d421c3d09bbf17bd46f2b79b3a
SHA256 c397f6b331132059344e5c0ac7f26dcda30d9e5496b4e58cfcafad07e147fa47
SHA512 c4d74e254eaf0255f864f8b67f8be43c5106ed91fe44f40add145af4e6aa660b359a4fda9c75e650cfbaeb097155027dc00fb989b74cdf1d68b1cddd2cbe02ec

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\th.pak

MD5 5f0dac36df62a7fa9fc448a878b8e70c
SHA1 45f92a611333999b6457b0f619c8c7d4a0e1aeb4
SHA256 6abfee4b054c8d54df3daa98de70002b835868407ed33ffa051c6f9ac80da89e
SHA512 b7b8e0e3732059b06f0e197982b62c7a0c5bf208300c9422557b9d9eeab0fa4de4d308c7a457ff888e102b28c12a2c1575029aaf9b184c387f04d812ecb38c0a

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\te.pak

MD5 c74594f9382f23e51edc47ff7685a241
SHA1 a15d664336d50464f771b49780bbd0f48e4eec35
SHA256 20a35aeba829f1c4de29079575eb0df09f0fec00782ac49fb132834be7967216
SHA512 3f7ead875a84a411eb1c96ed203546cf18d4d37ce73e467f3810a76c69246c0d83a34aa080853606762e7bb62c43162017fc36512f5302ea1295372109235387

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\ta.pak

MD5 8deed50aa8d7b3e0fda6242322136f16
SHA1 4430643aae3d755c9c03e1118a9af677a47a9fed
SHA256 41a06fbf1638ed477ca86c1379552790db82cf8d0e55a9e926e1ff83263b987e
SHA512 b42c4bfe91b8db02f9f7dc74b6c61fb1561d58af142d50684c913b70a6dec8042243ef7a185b97ba3259ca948e1ee79ccf610f479df8189c58a7e25f0467e55c

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\sw.pak

MD5 7a083ff726353cf124d66473e02dd3e0
SHA1 718682e4b14f736ed0f49456d68650292e2889ff
SHA256 f7efb9973068b970169ab0070d14642b75618b5be1f26f4096d74baaab4c18ed
SHA512 315734b744f1912e4d995411e52538f9ab70952ef18050d50038ac7e4f1ae29cce7e8fc97dc60b1ffbd2663786743a7b4888f892101d1c26f6a9ac3717a40c15

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\sv.pak

MD5 87820411509e40825754fa732072f93e
SHA1 22424e932c45f72e70a401ec91fb0ed6804abbf4
SHA256 b31a5154f8180f9ca7ac8cbaf33618fa9ab516fe1b619c3f71b047d93e05e154
SHA512 1b6634010675b89c54576411a6d1a9d16c97f8af796cd4a57f02d36083678fd8462ed19f7e4d8f2149e35328ffb97e1c527f6742123ed6a0ad0f1bcf2785aa0f

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\sr.pak

MD5 51324c9289bf9bf68a6057bf49c8fb9a
SHA1 30dfe023e839daea4dd8a7f116fef24a27d053d0
SHA256 3afe97b04f455e2670b4f3649d64284520dfb197a67f58baab42b04e7d71de30
SHA512 e1dcbe20547a7bc1b5428846feb90bd7996fa471dc185863679b48ccdd4bcb18bda002f680a2efadf4ca004434753a3b68e524cab9a87c6f84f4c3fac607a339

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\sl.pak

MD5 d64a9b98b0227903600a286a3e4432f5
SHA1 187513017c3401aefccc99c546506bdbc3fe8902
SHA256 1b9a71bf126adcfc36c9cac372992c248a1e95ba778e182bafea6820cd0adf46
SHA512 8eba4f9d6d87217f36b7f500bc7f3a1172db72fde423453f360aa6b02733beff1d3b7163265d2b98b75ebab9bdaee0f5fa7ffe6d436a2dd99e2f8b659fcede51

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\ro.pak

MD5 b72fe90a476e027e9b05f4444a4841cd
SHA1 ca3bad88b9dd726b21e84d6533fed9352b8bdc14
SHA256 034d37ba07687ac375d577ec4494c1c9e5a77d291c7db4bd888742dfa2947591
SHA512 aeea9d997498830f0aea0ac382e0b654c4f46a2cd3f2fd70d80c7e624381d3c4c688373acaa2ae79ca2d61b3b63a144cd01844df808f3c4855ee8cf41f580d6d

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\pt-PT.pak

MD5 80c6b7e5cb50fd41302643ffc4d37aaa
SHA1 7c8c9575f9651a18f7e63a9201b631ad4c66ffa9
SHA256 63807f1f1ffbb8650badf326a124de166215127cc3a383435edc0cd0099d99ee
SHA512 f60ad21b8360e17683226571cb40c531ccf7e0d334446739c0fc5841ef3b2e24e4247a53df8964fc14a4803108ad54a1cd850554d1f03693c068b3d48bbeca89

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\pt-BR.pak

MD5 9f63528f60513410d05e43bcae2f9697
SHA1 da2be5114a77f899ce4c85059e26bd9e2b1f2754
SHA256 40f7d9c66300fbc035971700a65f4420cfa9011884af7fc64baf9a45de4f1696
SHA512 44f7be9bffbe64325937d35eaef250988ecf149c4ebc25307f6db7be9a9b4f28e4a4018745964bc8019f052feba7791cd8520e35d332095d40b3591a9151d455

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\nl.pak

MD5 2c4b6a61a2bc51caf8b0a63ea17e26c6
SHA1 2ce191f9379354621d072045e3cf699e33c1c653
SHA256 4645743b0430658d1f0703359615d3820d184b7fc3ee1994b6240016c4bc8f20
SHA512 1d7dcdd57863728bd38a711054bd02c562788a81bb6533732bb39ac486f01ba6f0d1e718249bac6f682bcb9b2e45de8c287093f3642553c4dda9c5f6d56b02a7

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\nb.pak

MD5 6387dcc7240c4774342d4eae86a366e2
SHA1 ecd8d212520ed6b9f4f8cbda117699c24cf9514d
SHA256 ae7c32a5ce908b9be1d587b88f65b1e3f1e9e0c78a6d27444b6ba65f228d7b82
SHA512 29e6be46e2a8153e940a519831302c698deb3b403717117c023a2d6d5329b920078b887c85a801ebb0326bf7f00f90f4bb51122b8063357262be6e8080117adc

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\ms.pak

MD5 5be988c3bef366af99f228a3d79285d5
SHA1 5c06f6567379b2a41d8752b736a64c86124c5cf8
SHA256 966247f48f891fba8184121f264fdb4befc31f736f693b23a5a6762f92d25380
SHA512 6b07e8d42eed02fc722a272f791af2ba287af3c8372f786ebcf8fc4d0d2d4232acb954390106eea61f514152a89d2c79d0afd5db6ef2582aab25f0f9b3f01fd1

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\mr.pak

MD5 182aa89978663c10d670af50c471826b
SHA1 47d2b13b272690252b471406d5eb50d294927f35
SHA256 a8ac84cf199a35ec75a178f6c8fa975a0fac7a089fbcc1b5763f15a66ca42cfc
SHA512 2a615da237f32b33b4c35b014b2305f842d6e47d74df4233ae75cd8a4972c538af1ea5ef243de4cc0597b2233021caf361c10d2a78360198e98386ff0beecc77

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\ml.pak

MD5 ab5d0360b710870fe09a0e3059470d2e
SHA1 d6fc4a54744656750982fb433d91463c1611cfbe
SHA256 78e652080cb2f52981d4dd1a984f63739f9483d5d34e3194a77d19dc728a734a
SHA512 8ad381eee90250844dd4c58b19963d79a71a53afd2e3cd0665d63db4bc1adde451637cc1632d392d98b8fe57d0416be738756e93ee9115ab6b018dbc705b76bb

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\lv.pak

MD5 528046058386c6beda612a2bb6055273
SHA1 34d782fe60fbdf07b829aaaf59f30efe2aa99c30
SHA256 53bc1ef268c120a9f81da7bfaa63842ab320719c68ac8b46fd67308d82983b53
SHA512 112abce7d7ad726c50fe5f730add9b49c295c2c318fbc3ac2c994d66f02b767ebb5990ff5f5ffe8ebbd54766193f42bd45505d37c26e0508bf08cc4eab64a904

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\lt.pak

MD5 4a45237866ba7bfbcdda5ff700dbfaf8
SHA1 173d8f236e41340e25bbe3405523a855a6258873
SHA256 9995ce0a5c444464db40c085c5b58495b087789815a8d86ccb788586fe1391b8
SHA512 c1dbca6ddb75bdafdc9ed5a8d24d251a89748e1790819910dfcc1a2927f2e5f7e618ed154d9856fae1f406ec5217ab50358abb376d2ea5eef4e52b4b9c973228

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\ko.pak

MD5 96923c7fad1c9c8647a8ae14babbad10
SHA1 a088fdc32a749bfede7b4c4e2cb00c1fab96abd2
SHA256 7a90cb3e17599da73c4908cfca277907ab9d1d88ca315f72b14351dd9aa59e99
SHA512 18ca475128c175a814f61b7570f924a998d1e912b6ca4621b3b6a26e1724931703827788da9ce495a8802cb507ec635acdcd4489b4254fa0c55bf6c88d4cd94f

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\kn.pak

MD5 86f847a3c3695686db88359a13b62a13
SHA1 a86a2a83b720bd7f9887b5a9f7fb51b01f753ddc
SHA256 6e62b16a200bdde17d16167f3b24efb110e8c0a1f1a2920b7d626229a0f3083b
SHA512 8880988d969d0f125fc235e29dd93036cabd1d59822687dbd5e6879624f397a4eec445675b83f09d7c1d9b2b9b8961430118247c930e547f8a7cb00ebec64d38

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\ja.pak

MD5 ed2a24fc6d026f987a1b343bb16e8bcf
SHA1 c09bce228d886278f082fe52c6f560e5808011ce
SHA256 cfa65c38f65d7d0da76cd619929cc73bc061f91e7835bda0f74d43f00994cb05
SHA512 135d2e0054b63ffaad5e27a30568f7d42506b7e62d8011f63a5f963a93fd826b3bd274d2e64fa79b87eaff744f04fd47229d37e6c2454809f61f0d8d2d5983e4

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\it.pak

MD5 ca86e368944a904622c50a4ad7141dbf
SHA1 cafaf5adee0616211869f3807120e299b804f3df
SHA256 37ba98cf033b9ae162bd381d52db4c9a506bcb316160e8fc383f7fd7b6094e8f
SHA512 7f743e60abd12632179fa9fe35a6acad6f6c47c54c2c2d3f3577ee4b0aaa3cd984e21b6b0a2ea2a95cbc1471e03bdc33c857849496896c138afe22267bfb990b

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\id.pak

MD5 52c015be5bd65b54ee69cd920cea9366
SHA1 e2bcc1e453035acbfe806067e855308dccd38b2d
SHA256 11fe8bdfc3c24e4ce7173a572bf9a7aa10a3e99bff4d0ffeb9c169f55fb24d3f
SHA512 afca1f4b72950f6165e52270e859e36b5428d60971369635608bfdc36ee7855abe463e261d9be7df1deca1accc29f36671ecb602910b759da62a3d9702121caf

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\hu.pak

MD5 6cb047d9656d1fc1be010709098bfb41
SHA1 6d9251c35ef3b1c959f6b9970dc3b744a1820570
SHA256 4bec285384f07d9bf7fa5b6bbd7cf9f42c53cc41c921b76c1ec3dc79b54b72ea
SHA512 63d114e20ea62cf3db841d54806d9bdd2590df851f84c321e3bfc751339403db813f00c914cd11cd836884074fb973d5ebcfb4d4b0ae9cd0ee2ba903eb68ecd1

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\hr.pak

MD5 e068728df69df51c32929b5d821666fa
SHA1 388dcb41d6401c5a16e44733ef32f0504fc01539
SHA256 9d80d476f8fea34384658cf9e11506b0429c3db316b89be8fc1c9ae6c65cd670
SHA512 0f018c206de0751dc6c5796fa5f036fcff08775bdf617d0041aed4a83069e031d122eb919b13ba5459cdac8d7dca71f02ea4df02daea84bbe9ecaee6f3c0cd2f

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\hi.pak

MD5 a820f2bf9983e13d20453aab70b379f3
SHA1 9f33246d7b81d5129c2ce28a3988c360ef241c0b
SHA256 aec0834aa0ca75e9ed0322dd173da1507ec1b05180701d981b93dc407107077e
SHA512 2676fd2e34421cd2e4fafc9585a8886c27dd3ed20896dbfc4c69b7418b59283cc7b4ecac8a86d96cb3e480276af704fe5f7bd9ee3f320d08550319eb494f5aac

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\he.pak

MD5 f7961a4ec67556114f60d07b337a1caf
SHA1 e2cd548f8ab4e68a7b9bf20fdaddca6fe5c3b47b
SHA256 b4a7c91e0f7451c2e104932097fb4c683d06bd9fc0ab084b9a20fbeef90be412
SHA512 f9f9a7871b4a49d5f562437252838010af22f603b829d8dc18176b5be4ab14ec74ae7419488e5af2bc971c417e9882014485a2777074d48e04c12a4afeb95818

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\gu.pak

MD5 5d9645fb5800d2c452762f448b79d239
SHA1 fa439baeab5563fb79f11dcf4fb1cc3e76cfda56
SHA256 2f0231cb275a2d1f0e2cd48bfd47140e89373c8337368e38b8b7f4af83fdc2c5
SHA512 4a9cdf86f1c4b411de23e06e3b7be027ae1e1e5da2444938be4e1887fa553f7948c2e429ac1fd205e6eb44e827c19badf15f6a976a3fe55d5227091364213eca

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\fr.pak

MD5 c0f801f92e41aab9d7c72c457ca06947
SHA1 5e9a2874947305f982ae16f50de794e221632faa
SHA256 78e77fbde19fb4dd4d11619ceaaa2367dee94102113144cc82fde5d0dadb75dc
SHA512 b5bb1782f053a7f9f48ff0f4aac0613f785df39ef6e72eab5ded6c5d8161c647ce2ef4490b1a681b5a25a5dc8421363c2e0af5a297a30ad8c142004090a5788c

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\fil.pak

MD5 364027b8f16e3e63e3f71ec65e981dcf
SHA1 576db6232cabc770856017a43f023e9355963294
SHA256 b07f16a15c6ae5cebc9434f05e950b515dda9e5ba832ca60c469d1afdfece94d
SHA512 54bf150a888a0b8fce515e1a8f8176979ad79d7ba4470b0f8b94ebb402022bcc0ff2ea12d9dcb6adeca17738a981c83147563389fa336d4d5640c48a11dcbc3a

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\fi.pak

MD5 eab99437c623151bdc3e9da54fd79f6b
SHA1 b9709f1fcd7ba8f1da7d9aee28e23294edc237eb
SHA256 7dce994aaa24ebb09e35e53869f98c073676b50586e96495964613048e0367a2
SHA512 2a370e52730d228750a8b240fef57e7b15d00c7c51ee9db640df5295cf2530b2075c08e563e249332f5108f4435d2f7ae7a2f61cbc00f45909c6bd397f6caf7d

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\fa.pak

MD5 1f72920662981d8836c29046ec5ff291
SHA1 a8a230eb19ae8acaae48e09ef900e4a916cc90cb
SHA256 08518e6462e15d8c0cdd02b9ec8fdd7d2f20c407e3ad3005a343e38e6d3ef088
SHA512 0d626fb534943357b0c4cda1e59d00495fcafa28a44d2103036e925af7518526ce5f6d60f760946caa7bc9ca748b7e80615310797514c1293063c9b38a74f1f9

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\7z-out\locales\es.pak

MD5 fd85e9bb827d4c8f9d80c62d5b84704d
SHA1 fae741adf6e710dec4408feafe51dd3bf6e2a59b
SHA256 f959250aec749e407917e321a94ac30a9b06d32d22aaa5a591cec7c08f36597b
SHA512 7b148aa79ccff5ebb87b39ea2ed288779420e39dc6120e1e40d9155837d93815a0b2738d4164ec7c97cde7e2ae3a12f2ac1cdeacee93045f49feac76984f336b

C:\Users\Admin\AppData\Local\Temp\nsj9E44.tmp\WinShell.dll

MD5 1cc7c37b7e0c8cd8bf04b6cc283e1e56
SHA1 0b9519763be6625bd5abce175dcc59c96d100d4c
SHA256 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
SHA512 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe

MD5 7a7f8aa4d118d1243a0ed6144c884cf5
SHA1 1fb78c7c21a46bebd77d1c08fc16a84849762f68
SHA256 95174d8eeb4bbd08525660855ca2627176eeb5322867d9490aaae30bfe139bfc
SHA512 7c1ec0485861fe76ef12d16662f9349efacffa13847e5e505ddf0f7c39414c0427a5e2ddfe7ef2c062bf3f6108f94b1555b5225e1974cc7c2ae9a1b95c51fda9

C:\Users\Admin\AppData\Local\Programs\BlackLoader\v8_context_snapshot.bin

MD5 fdeefa86c76c3bf0cbc1d58f9709c785
SHA1 4bf102f78fd0e488ea29ce4140d54352a26bbea3
SHA256 3bc16c9d2dcf50e480c26580637ced838b6de76447eed106b297e42537e61650
SHA512 8d95e966c127443935bbacf33363bfe6669d20ee3ba74ba2da19434ce805c1f0bfd29f3563091bb8b9e0075f3ac9df3d7c7387c8acf2fe28da29f2d7e950ff6c

C:\Users\Admin\AppData\Local\Programs\BlackLoader\icudtl.dat

MD5 a20bf88698e91504ed5d2165b32b12dd
SHA1 928b3c6ef18c93e34db119213d5bf9778baf2504
SHA256 659cf32725d5cb7598da480ff82e64d35232a3523107ff7d84be5671ac14cabb
SHA512 40f7ba24fbe52d867eff3384d17bf03cfa4d900257cb5510b1775163ce9003db289f620970f3d86526f057ddb61137a4ce713deaad434602b5afaa3997d53fde

C:\Users\Admin\AppData\Local\Programs\BlackLoader\ffmpeg.dll

MD5 f24c6d3020aca1be41e1deb799b6a546
SHA1 92f10b9819710d8f6417891604b97c53b4e56a80
SHA256 0d68b6472449d9a66bf9475586f5222546694d3ed9f73143df9425d8f2b76948
SHA512 f830f3315a2802efeef41f5256bd9a0bde586f84e4fc1f593e3150944fb0188601ad941d0430d4d660e6e51a39d2a97e00446ca5a24b1c5b0bc60c4777fe9626

C:\Users\Admin\AppData\Local\Programs\BlackLoader\ffmpeg.dll

MD5 e9640c4538b2e04464eb32d8e59e0461
SHA1 1745612006064807281df2f359bddf2b5e4bac3c
SHA256 4ae013f021b6f7914d437ef07274536c530652749cf38b31494f3ff4fc81b6e3
SHA512 e58212ca94a57dd71cc0e9294b9ff97532625c80d3fc32f020d18544ee99e0418ff74281deb4255a917f3ac91155f90661bd45f31ee822626227d2b68b8640e1

C:\Users\Admin\AppData\Local\Programs\BlackLoader\resources\app.asar

MD5 681e2f3ddcba43fc27ac19ea25883b88
SHA1 3bb5f8783cdbbc0865707273077923071b618c34
SHA256 bcf3f23d526d639edaf36f9a2f9c77352fdbd340b4faa0284d1065b92ad89cf3
SHA512 714f02616f07bf47f858b63d3d5497b3682183666167779d0f16e91404f43df8b733cc6f3f2be0e7f92ef4bc2c756fbed28105c85f35d417376b714be367dd18

C:\Users\Admin\AppData\Local\Programs\BlackLoader\resources.pak

MD5 193837c95b6ea4d73f354d2d83021b0d
SHA1 51b54204dfba9e433a12fc96e13c4c5020de6328
SHA256 4b5e913f16d9f84729cb68a5e7120f2ff089a39770e605c4026ab4b6ec0a161e
SHA512 768b5645af8053fb7b288cb7f27305913d6b1d714e7170289a3167612effcc5ea92d165f8ff155015497c7be0048edba1e5ca4e913836bc75e0ffcad24414cf2

C:\Users\Admin\AppData\Local\Programs\BlackLoader\ffmpeg.dll

MD5 b93f5243070c50e7156c48d15ac956c1
SHA1 7ae7d0113aed530161ccc65bcbe2914c73e0a544
SHA256 18d9d82a5f71dd5c907b5e37801ba3dcda3716cf059f9634e5f0ca70363f4d56
SHA512 afa82da0480d698f4ca5f449526d16c65e52eb1fad0cb81812d6c840190f8653aedc21a864d7e24c640399b6e893353e17c528a2a8e86609054e4dc471077081

C:\Users\Admin\AppData\Local\Programs\BlackLoader\ffmpeg.dll

MD5 1190e2747b3ef20d9a27bf406576a212
SHA1 ff72c6b26737bda66a5237e41f7792e967474369
SHA256 bcec7d8616646c0be6301cef03c55306ea0f7e3eea04463f6a74ea4fe72e3a8b
SHA512 7d203f278f22d3f17e71683d1dce7d29ea12bea97106faf0bc389d399caf5cbf062215f2593ea2d380d560b8a096e959484552dc893913b2ac565aaf4f4e8b4a

C:\Users\Admin\AppData\Local\Programs\BlackLoader\ffmpeg.dll

MD5 658a6218fb584bf1e7de5df305256024
SHA1 570e104d40eaf59c8ed5589ae9142b2b200f0691
SHA256 2cff17ddfe491c1e2617070d6d38d3270e2272f9a84cd5f4686e4d1f41e017ad
SHA512 910daf67c35a6c20a27f5411c42cdfdf8274a836dd5c282d2f9b4ed3d2376a3ec983aca26651a58c0cae48cf9a0a7422b500bcbf0e253032176e2aa598e2c729

C:\Users\Admin\AppData\Local\Programs\BlackLoader\vk_swiftshader.dll

MD5 2425a4635394646e49559f830c444bba
SHA1 b573b83c0ed539268a81fab7b610985844e7254f
SHA256 36d5e8ec004b1fee728f89237e7043f6113faf7c270d5551689e12686f90a52d
SHA512 634bfc045338302d5e24fda1b458f669de414c21168f392c477e91a93b48195b540d9cad70bce57d137c0fa488cd715c222a8f2f6dab098a5699cff5c29ce651

C:\Users\Admin\AppData\Local\Programs\BlackLoader\vk_swiftshader.dll

MD5 58ae49f437885ce6054fe73874df886f
SHA1 d1d6d3132fb57d0f238c1056f6cf031618269616
SHA256 d5c67e4a550edf470b8dc00ecb3ec4730a8c1cc348ef1579d8cda8bf8316e7c4
SHA512 50c90d0ef33837cc87f79055354a6aad360b2956420a3a4fc35c26ae242632ca8338af7d5f7bbe0c7207fc7cd61b04546fb651eaab022012a63346b3166e5859

C:\Users\Admin\AppData\Local\Programs\BlackLoader\libGLESv2.dll

MD5 71927cd1ed4b1663855ef967045ecb74
SHA1 5fc228cc65041e0c049998bf457d34541c420787
SHA256 f52e70c426c975daedb50528d54e834ef9a954931d78a797b7e25396dc3f96fb
SHA512 2535fb62f498a26b2bf27a6d722943d058994fe7c82ce1848737ca7afa3d0d8d169c4ba415f1ccb3783f58f9833b1a1e46270a05daac5490c783ff3238b816a2

C:\Users\Admin\AppData\Local\Programs\BlackLoader\libglesv2.dll

MD5 0e531709bc6a8a16764562ff6acf8c52
SHA1 34c48debf71fa1d0977f2e1d476a20aea37b2ce2
SHA256 b0f30c32207a0eae4937926e98572155a1d59ad518cf1f459e365c72aef1df3e
SHA512 205fe03ac958a0cb0bcd9375acfdba9b776b09a2a36fae5c56e6b2f261862cf99e2996b4a4aa2f108f507e713494f1a00b7961fc6a195cf3912aa470d953de86

C:\Users\Admin\AppData\Local\Programs\BlackLoader\d3dcompiler_47.dll

MD5 c0f2419ae612480a938e6480c0aa4059
SHA1 d37dfbf5df8ec03164b78d547354be937402f479
SHA256 96e36ccc75bd8572c24bc11b802d3ab5588dc9d6c7087b26df1cf5b3f7589c8e
SHA512 d38c1d26e3a58486ae7bced8eb556949c7508e364a7a3384ad698df13f7c14bf2edf1cb0dc1e26792b5ba25584ffddcf60a6ecf865298fddc2552d7dd73ca1c6

C:\Users\Admin\AppData\Local\Programs\BlackLoader\D3DCompiler_47.dll

MD5 7f1d05c28cfa44907c9abbb2c1aa3c6a
SHA1 f0ca57da2e316b7f4b063ec515eac04fcb405064
SHA256 f0bfea2a913bac9e334baa98ae0c08c55443fd4b5d3f75c24165fbb837be22d1
SHA512 eab342c936cebd6e1f4e555b5a9878435679132d2ba675ea1932bbdd2a2b63c439731143af116507fcaa830717363fc8c4bcd36ad775ee62ac599372027acae4

C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe

MD5 5aa161538e58d87d54ab550af2101c10
SHA1 36cd0c27d11ed3ecc70dd8e5e464fc8d5f83df24
SHA256 13644750454502497d57de91fa90fc5e3457eb5f8b1e0cad26b1f2adecb3a3cd
SHA512 aec4ea137ced7181667d7e0f00b9f6db4e38ae2ee48908ee4b067ff45d240490702d257961893ebac8bf4e91ec24a4cd198fb907e83d85217fe5ab53867707fc

C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe

MD5 1ba978fe5e7285116b43a85b0429e850
SHA1 27845e708c6f4a0320b9e4bcc256bc528a01b845
SHA256 3ffd57404d7eadd769d706d52e4272fd4dee6a24a85587769895ff6063f1e485
SHA512 bff8b9809eeb313fa137765c03de3547578495e439f256ee3e1cb808e3552797f188ea65c815ca8e059af726451296f5795cc24ca3fb3d2fc34f3cc304599641

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe

MD5 6961bae67beb78e3fd8d6906ef60dbd7
SHA1 2631ac63d9dd7765c37c606c32040a3e7552d597
SHA256 7b3d2e6545b3123d780a541583433854bd7ec4a68de5ca6a5e1e50f636efe026
SHA512 9d2b9dd1a1487693e90ebc214643c38f578e48cc3644ac537e2a79f73acef88f87a800a62fdfd2be6a15918c8347b50e2860fc01d7f839e730d22079eb3ddcd4

memory/4344-574-0x00007FFB7A4F0000-0x00007FFB7A4F1000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe

MD5 13ab2a981ae0a407bb4742ea3cdeb298
SHA1 c8c02aa9642b7828106d1a6df5403f83073dd134
SHA256 3e4d0f67ee37f3db539214060d93339dbd5313a7b66777e06557cbe9a1701402
SHA512 9af03fcb3d4c15dc256e05d10ab0aa363849036c45e1e14135dc794cbbb4f013ffacedf4c93537e80a074b49374198ce3e17dce800a1b51274d6bfacb5921fec

memory/4344-813-0x0000013F563D0000-0x0000013F5657C000-memory.dmp

C:\Users\Admin\AppData\Roaming\BlackLoader\Network\TransportSecurity

MD5 1719ba0c0593a648e58aba302be4a088
SHA1 031c3520b609debd94d0f1ee5eded4493cf8450e
SHA256 aae297ceed6ad96edcffcbdb620ea8861754c1e09c70d8051abca7277cf2ee3c
SHA512 d4adbab4abba4e2826af38b8dfe7b45509c38bd34ea461fede98d67ca3f1e54a77d01e223101c5a7056237d80655039ade1828ffe780560e65ae3ba78605cae8

C:\Users\Admin\AppData\Roaming\BlackLoader\Network\TransportSecurity~RFe583738.TMP

MD5 295246f04b132ba5f1b1a5bb14d69bdf
SHA1 28df90265344b2975aee20a66ac191bef0563530
SHA256 13929867ab0005c9e19d845c0edd1648a85f9e3ac6d39c1d1fac0618cd92bcab
SHA512 efdf0ebc0b21290860a84d912379f54f63f5257ea96a423d5dee7e5ba25528330330263421f294fc5d3c81ab91818beeb2beeae1dde5bf7946ef3ed48c18febc

C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader6.exe

MD5 e8ad958c0268f69125ab584d4a6e9382
SHA1 95c612fe683dfa9d2e4ef7629616f0a17677e121
SHA256 1b3d424d76406039f9e1b5f0aaaf699613dca62a32587ba873c5fe1fd0cdbfa7
SHA512 6657621ae6f0204e9ade9921bc147ffc4aef0e30e493c9fe7fe93d2a6bda20ba96644a71b89ec518732751f837faad306b0202fa6a7d39f6c8564b06ac17227f

C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader6.exe

MD5 94400899eb2cd99283fd0075734a4c61
SHA1 724d1fbd05f86d9f7e09d84793f2112918cb4c05
SHA256 c91efff255016c7ea91cc01b3c2927ee6630eb52d4450f7fabd22b9103f12b22
SHA512 aa7abb15c22b65349a89dad1b18245ad24d4c6a056ef9d8bfe28e809598eb926dff293c1fb238db1f1879a7c8175d4b5d9d6f6fa4ca34b6b6ab158d8942e6746

memory/1788-836-0x0000000074DD0000-0x0000000075581000-memory.dmp

memory/1788-837-0x0000000004D90000-0x0000000004E0E000-memory.dmp

memory/1788-838-0x0000000004EB0000-0x0000000005456000-memory.dmp

memory/1788-839-0x0000000005460000-0x00000000054DC000-memory.dmp

memory/1788-840-0x0000000004EA0000-0x0000000004EB0000-memory.dmp

memory/1788-841-0x0000000004EA0000-0x0000000004EB0000-memory.dmp

memory/1788-842-0x0000000004EA0000-0x0000000004EB0000-memory.dmp

memory/1788-844-0x0000000004EA0000-0x0000000004EB0000-memory.dmp

C:\Users\Admin\AppData\Roaming\BlackLoader\Network\Network Persistent State

MD5 5598490dc192b210a783ab9d48f338d4
SHA1 399c8c6b76fad74bb047d8b00631e084794880a6
SHA256 39828c2e2b4a90de8f0d928acd67826d3bea9a98e36956b2edcbad1141dd7c5e
SHA512 3899188c28f26d7d276cefd6253723430e69299fcd3ebcfd7eeb80e5d6baf896f16c4dc5d0484f09037c00fbd99933093748cc8cadedad5b5994271f68b12ab5

C:\Users\Admin\AppData\Roaming\BlackLoader\Network\Network Persistent State~RFe58d80c.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Local\Temp\BlackLoader110.exe

MD5 55cd55536b2735766b664ac6bdcf5e8e
SHA1 6744503b2389b4d456424f58b37b5dc46b79fece
SHA256 d7848c9a141cc13b7144b29be35e1a7fd12a1049663057c2b496eee11f530c09
SHA512 15f1213a9d0cc3d49b6c152a50af2707ecd1ae2110c3a674bc7ee9651fc2b09e7e898ccc7c4f916be02e6e44d854aef8875d778c2dafcfd3d5f4449b6ebb55af

memory/1788-862-0x0000000074DD0000-0x0000000075581000-memory.dmp

memory/1788-863-0x0000000004EA0000-0x0000000004EB0000-memory.dmp

memory/1788-865-0x0000000004EA0000-0x0000000004EB0000-memory.dmp

memory/1788-866-0x0000000004EA0000-0x0000000004EB0000-memory.dmp

memory/1788-867-0x0000000004EA0000-0x0000000004EB0000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\BlackLoader\BlackLoader.exe

MD5 eb30f56d8e2474724e33a9b90a050db6
SHA1 ac74e36a24561097fec2ef5f6b3d779c6a90e894
SHA256 28b8361d1fcfda8dc499fb54d5260c4f9c60c35e47bee80294b0cbe05e613924
SHA512 7de5e0905e82fe1d042aaaad3910af3e56489e2af7a136814b1d14d46add51e865eb043c9d7d091023e8707ddf4bc3cc8b4f93f078cb2b2202e784a9143eb92f

C:\Users\Admin\AppData\Local\Programs\BlackLoader\ffmpeg.dll

MD5 8397852bbbdcd3b058fa8db7ac16cc42
SHA1 752bfa86d8d20ecfdc2611bf2e1bbc8a0b4f612d
SHA256 316acffdd8b65b268b0cf2cf304b508304ac8b0c204a18c88afcc8b9eff136ce
SHA512 9e704f7624a0e8b8d2a5277dbc69cd5a312dd0397fb64704084a79e6f8f812c84a31ed02b9cf84c3cc82e51686a5d1b73f72831f9180ce8e60083b6f3658134a

memory/4660-875-0x00000260761D0000-0x00000260761D1000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\BlackLoader\vk_swiftshader.dll

MD5 2652ca381b7770709282b2d9a12d9220
SHA1 1451ff0c95d384a7a0ed1e243b5732535981634b
SHA256 020dc12ba9ab30a8d1c28c244f4a930d189afb8624aaafc378f397f96c55e56d
SHA512 0d2a63876423a656fd3b78007788fd03c7df4bf44f387d0295ce23ce698cbc0aa7b0f65babf6d3472f024c9a26f1e769d8d4f7dc2d490f21e98ae4370df5981a

memory/4660-876-0x00000260761D0000-0x00000260761D1000-memory.dmp

memory/4660-877-0x00000260761D0000-0x00000260761D1000-memory.dmp

memory/4660-881-0x00000260761D0000-0x00000260761D1000-memory.dmp

memory/4660-882-0x00000260761D0000-0x00000260761D1000-memory.dmp

memory/4660-883-0x00000260761D0000-0x00000260761D1000-memory.dmp

memory/4660-884-0x00000260761D0000-0x00000260761D1000-memory.dmp

memory/4660-885-0x00000260761D0000-0x00000260761D1000-memory.dmp

memory/4660-886-0x00000260761D0000-0x00000260761D1000-memory.dmp

memory/4660-887-0x00000260761D0000-0x00000260761D1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\BlackLoader110.exe

MD5 483e810e01f5d980eb061a51f9779037
SHA1 67cf1a269fdecc01f4a7f8594d5dd82476bdb072
SHA256 caa0bbaa7a8e991e3eb016ee38a82c71271780c270ac62d343486832d44f016a
SHA512 edf6b8673241ee22eb55562f58addec015c0453468ac1a38cb968d1676f30558d8ac8108f06b7c749f55086be573651cdf2f7b63f8bf1c24f67bdfa42e48f465

C:\Users\Admin\AppData\Local\Temp\BlackLoader110.exe

MD5 549d4e4d200081f29e645fd5be511db7
SHA1 911612a4819f69d5d8d981ff10e257b217341979
SHA256 442c07575779924fa249ea62c088290f1d56a1099944d1f15ac0305803bcd648
SHA512 fe47f8d70b5ad7da8f1c3a408ab63e906e2296de43a227eb04a8b535c780d04ae5fe35feacd4a39d30f4e1fbd9d323c27ddca5eb0b32ca9f6afd9ec8fa70f728

memory/3112-895-0x0000000074DD0000-0x0000000075581000-memory.dmp

memory/3112-897-0x0000000004D50000-0x0000000004D60000-memory.dmp

memory/3112-898-0x0000000004D50000-0x0000000004D60000-memory.dmp

memory/3112-899-0x0000000004D50000-0x0000000004D60000-memory.dmp

memory/3112-903-0x0000000074DD0000-0x0000000075581000-memory.dmp

memory/3112-905-0x0000000004D50000-0x0000000004D60000-memory.dmp

memory/3112-906-0x0000000004D50000-0x0000000004D60000-memory.dmp

memory/3112-907-0x0000000004D50000-0x0000000004D60000-memory.dmp

memory/3112-909-0x0000000004D50000-0x0000000004D60000-memory.dmp

memory/1788-913-0x0000000002870000-0x0000000004870000-memory.dmp

memory/672-912-0x0000000000400000-0x0000000000488000-memory.dmp

memory/672-917-0x0000000000400000-0x0000000000488000-memory.dmp

memory/672-919-0x0000000000400000-0x0000000000488000-memory.dmp

memory/1788-920-0x0000000074DD0000-0x0000000075581000-memory.dmp

memory/672-921-0x0000000003E60000-0x0000000004260000-memory.dmp

memory/672-922-0x0000000003E60000-0x0000000004260000-memory.dmp

memory/672-923-0x0000000003E60000-0x0000000004260000-memory.dmp

memory/672-924-0x00007FFB7AD60000-0x00007FFB7AF69000-memory.dmp

C:\Users\Admin\AppData\Roaming\BlackLoader\Network\Network Persistent State

MD5 a312aff49e4818621575dc54cc9253e2
SHA1 18872b2a632874cd0830a40500910728d21b46bd
SHA256 2845f63a5896e97057f8cd434f2637620c0a94e8bc2fd6a14e030b0677cecaa1
SHA512 d2f24f269f077ae805886ffc7f11c47bb7a9228843f3609c2b9b1bdf125910e5e88f1dcfd514fb683ce2fece0de28ff12c07d91bf98b1078147ad2a571b99f62

memory/672-934-0x0000000003E60000-0x0000000004260000-memory.dmp

memory/672-936-0x00000000769E0000-0x0000000076C32000-memory.dmp

memory/1216-937-0x0000000000F90000-0x0000000000F99000-memory.dmp

memory/1216-939-0x0000000002D40000-0x0000000003140000-memory.dmp

memory/1216-940-0x00007FFB7AD60000-0x00007FFB7AF69000-memory.dmp

memory/1216-942-0x0000000002D40000-0x0000000003140000-memory.dmp

memory/1216-943-0x00000000769E0000-0x0000000076C32000-memory.dmp

memory/1216-944-0x00007FFB7AD60000-0x00007FFB7AF69000-memory.dmp

memory/1216-945-0x0000000002D40000-0x0000000003140000-memory.dmp

memory/1216-946-0x00007FFB7AD60000-0x00007FFB7AF69000-memory.dmp

memory/672-947-0x0000000003E60000-0x0000000004260000-memory.dmp

memory/3112-955-0x00000000027F0000-0x00000000047F0000-memory.dmp

memory/3112-961-0x0000000074DD0000-0x0000000075581000-memory.dmp

memory/3944-964-0x0000000003F20000-0x0000000004320000-memory.dmp

memory/3944-963-0x0000000003F20000-0x0000000004320000-memory.dmp

memory/3944-966-0x00007FFB7AD60000-0x00007FFB7AF69000-memory.dmp

memory/3944-969-0x00000000769E0000-0x0000000076C32000-memory.dmp

memory/3944-968-0x0000000003F20000-0x0000000004320000-memory.dmp

memory/2272-973-0x0000000000AF0000-0x0000000000EF0000-memory.dmp

memory/2272-972-0x0000000000AF0000-0x0000000000EF0000-memory.dmp

memory/2272-974-0x00007FFB7AD60000-0x00007FFB7AF69000-memory.dmp

memory/2272-975-0x0000000000AF0000-0x0000000000EF0000-memory.dmp

memory/2272-977-0x00007FFB7AD60000-0x00007FFB7AF69000-memory.dmp

memory/2272-978-0x00000000769E0000-0x0000000076C32000-memory.dmp

memory/2272-979-0x0000000000AF0000-0x0000000000EF0000-memory.dmp

memory/2272-980-0x00007FFB7AD60000-0x00007FFB7AF69000-memory.dmp

memory/3944-981-0x0000000003F20000-0x0000000004320000-memory.dmp