zgrat | hxxps://cdn[.]discordapp[.]com/attachments/1277253623767891968/1277257730868117616/BlackBullet_2[.]1[.]6_Cracked[.]zip?ex=66cc8275&is=66cb30f5&hm=d5296e75d2aecb5bd3a47faf45f59dcd4204399a7db7a2301165945ec75ac822&

Analysis

max time kernel
957s
max time network
428s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25-08-2024 13:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1277253623767891968/1277257730868117616/BlackBullet_2.1.6_Cracked.zip?ex=66cc8275&is=66cb30f5&hm=d5296e75d2aecb5bd3a47faf45f59dcd4204399a7db7a2301165945ec75ac822&

Score

10^/10

zgrat discovery rat

Malware Config

Signatures

Detect ZGRat V2 2 IoCs

Processes:

resource	yara_rule
behavioral1/files/0x0007000000023507-344.dat	family_zgrat_v2
behavioral1/memory/3028-347-0x0000000000890000-0x0000000000D82000-memory.dmp	family_zgrat_v2

ZGRat
ZGRat is remote access trojan written in C#.
rat zgrat

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Launcher.exeLauncher.exe

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation	Launcher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation	Launcher.exe

Executes dropped EXE 7 IoCs

Processes:

BlackBullet2.exeBlackBullet INI To BBC Converter.exeBlackBullet2.exeLauncher.exeBlackBullet2.exeLauncher.exeBlackBullet2.exe

pid	Process
3028	BlackBullet2.exe
1184	BlackBullet INI To BBC Converter.exe
3288	BlackBullet2.exe
2816	Launcher.exe
2312	BlackBullet2.exe
1528	Launcher.exe
880	BlackBullet2.exe

Loads dropped DLL 50 IoCs

Processes:

BlackBullet2.exeBlackBullet2.exeBlackBullet2.exeBlackBullet2.exe

pid	Process
3028	BlackBullet2.exe
3028	BlackBullet2.exe
3028	BlackBullet2.exe
3028	BlackBullet2.exe
3028	BlackBullet2.exe
3028	BlackBullet2.exe
3288	BlackBullet2.exe
3288	BlackBullet2.exe
3288	BlackBullet2.exe
3288	BlackBullet2.exe
3288	BlackBullet2.exe
3288	BlackBullet2.exe
2312	BlackBullet2.exe
2312	BlackBullet2.exe
2312	BlackBullet2.exe
2312	BlackBullet2.exe
2312	BlackBullet2.exe
2312	BlackBullet2.exe
2312	BlackBullet2.exe
2312	BlackBullet2.exe
2312	BlackBullet2.exe
2312	BlackBullet2.exe
2312	BlackBullet2.exe
2312	BlackBullet2.exe
2312	BlackBullet2.exe
2312	BlackBullet2.exe
2312	BlackBullet2.exe
2312	BlackBullet2.exe
2312	BlackBullet2.exe
2312	BlackBullet2.exe
2312	BlackBullet2.exe
880	BlackBullet2.exe
880	BlackBullet2.exe
880	BlackBullet2.exe
880	BlackBullet2.exe
880	BlackBullet2.exe
880	BlackBullet2.exe
880	BlackBullet2.exe
880	BlackBullet2.exe
880	BlackBullet2.exe
880	BlackBullet2.exe
880	BlackBullet2.exe
880	BlackBullet2.exe
880	BlackBullet2.exe
880	BlackBullet2.exe
880	BlackBullet2.exe
880	BlackBullet2.exe
880	BlackBullet2.exe
880	BlackBullet2.exe
880	BlackBullet2.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

Launcher.exeBlackBullet2.exeLauncher.exeBlackBullet2.exeBlackBullet2.exeBlackBullet INI To BBC Converter.exeBlackBullet2.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Launcher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BlackBullet2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Launcher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BlackBullet2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BlackBullet2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BlackBullet INI To BBC Converter.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BlackBullet2.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exemsedge.exe

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe

pid	Process
3896	msedge.exe
3896	msedge.exe
2280	msedge.exe
2280	msedge.exe
1456	identity_helper.exe
1456	identity_helper.exe
4392	msedge.exe
4392	msedge.exe
4140	msedge.exe
4140	msedge.exe
1860	msedge.exe
1860	msedge.exe
4468	identity_helper.exe
4468	identity_helper.exe
1476	msedge.exe
1476	msedge.exe
4772	msedge.exe
4772	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

Processes:

msedge.exemsedge.exemsedge.exe

pid	Process
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
1860	msedge.exe
1860	msedge.exe
4772	msedge.exe
4772	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

7zG.exe

description	pid	Process
Token: SeRestorePrivilege	1896	7zG.exe
Token: 35	1896	7zG.exe
Token: SeSecurityPrivilege	1896	7zG.exe
Token: SeSecurityPrivilege	1896	7zG.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exe7zG.exemsedge.exe

pid	Process
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
1896	7zG.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

msedge.exemsedge.exemsedge.exe

pid	Process
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	Process	procid_target
PID 2280 wrote to memory of 4592	2280	msedge.exe	88
PID 2280 wrote to memory of 4592	2280	msedge.exe	88
PID 2280 wrote to memory of 3060	2280	msedge.exe	89
PID 2280 wrote to memory of 3060	2280	msedge.exe	89
PID 2280 wrote to memory of 3060	2280	msedge.exe	89
PID 2280 wrote to memory of 3060	2280	msedge.exe	89
PID 2280 wrote to memory of 3060	2280	msedge.exe	89
PID 2280 wrote to memory of 3060	2280	msedge.exe	89
PID 2280 wrote to memory of 3060	2280	msedge.exe	89
PID 2280 wrote to memory of 3060	2280	msedge.exe	89
PID 2280 wrote to memory of 3060	2280	msedge.exe	89
PID 2280 wrote to memory of 3060	2280	msedge.exe	89
PID 2280 wrote to memory of 3060	2280	msedge.exe	89
PID 2280 wrote to memory of 3060	2280	msedge.exe	89
PID 2280 wrote to memory of 3060	2280	msedge.exe	89
PID 2280 wrote to memory of 3060	2280	msedge.exe	89
PID 2280 wrote to memory of 3060	2280	msedge.exe	89
PID 2280 wrote to memory of 3060	2280	msedge.exe	89
PID 2280 wrote to memory of 3060	2280	msedge.exe	89
PID 2280 wrote to memory of 3060	2280	msedge.exe	89
PID 2280 wrote to memory of 3060	2280	msedge.exe	89
PID 2280 wrote to memory of 3060	2280	msedge.exe	89
PID 2280 wrote to memory of 3060	2280	msedge.exe	89
PID 2280 wrote to memory of 3060	2280	msedge.exe	89
PID 2280 wrote to memory of 3060	2280	msedge.exe	89
PID 2280 wrote to memory of 3060	2280	msedge.exe	89
PID 2280 wrote to memory of 3060	2280	msedge.exe	89
PID 2280 wrote to memory of 3060	2280	msedge.exe	89
PID 2280 wrote to memory of 3060	2280	msedge.exe	89
PID 2280 wrote to memory of 3060	2280	msedge.exe	89
PID 2280 wrote to memory of 3060	2280	msedge.exe	89
PID 2280 wrote to memory of 3060	2280	msedge.exe	89
PID 2280 wrote to memory of 3060	2280	msedge.exe	89
PID 2280 wrote to memory of 3060	2280	msedge.exe	89
PID 2280 wrote to memory of 3060	2280	msedge.exe	89
PID 2280 wrote to memory of 3060	2280	msedge.exe	89
PID 2280 wrote to memory of 3060	2280	msedge.exe	89
PID 2280 wrote to memory of 3060	2280	msedge.exe	89
PID 2280 wrote to memory of 3060	2280	msedge.exe	89
PID 2280 wrote to memory of 3060	2280	msedge.exe	89
PID 2280 wrote to memory of 3060	2280	msedge.exe	89
PID 2280 wrote to memory of 3060	2280	msedge.exe	89
PID 2280 wrote to memory of 3896	2280	msedge.exe	90
PID 2280 wrote to memory of 3896	2280	msedge.exe	90
PID 2280 wrote to memory of 5116	2280	msedge.exe	91
PID 2280 wrote to memory of 5116	2280	msedge.exe	91
PID 2280 wrote to memory of 5116	2280	msedge.exe	91
PID 2280 wrote to memory of 5116	2280	msedge.exe	91
PID 2280 wrote to memory of 5116	2280	msedge.exe	91
PID 2280 wrote to memory of 5116	2280	msedge.exe	91
PID 2280 wrote to memory of 5116	2280	msedge.exe	91
PID 2280 wrote to memory of 5116	2280	msedge.exe	91
PID 2280 wrote to memory of 5116	2280	msedge.exe	91
PID 2280 wrote to memory of 5116	2280	msedge.exe	91
PID 2280 wrote to memory of 5116	2280	msedge.exe	91
PID 2280 wrote to memory of 5116	2280	msedge.exe	91
PID 2280 wrote to memory of 5116	2280	msedge.exe	91
PID 2280 wrote to memory of 5116	2280	msedge.exe	91
PID 2280 wrote to memory of 5116	2280	msedge.exe	91
PID 2280 wrote to memory of 5116	2280	msedge.exe	91
PID 2280 wrote to memory of 5116	2280	msedge.exe	91
PID 2280 wrote to memory of 5116	2280	msedge.exe	91
PID 2280 wrote to memory of 5116	2280	msedge.exe	91
PID 2280 wrote to memory of 5116	2280	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1277253623767891968/1277257730868117616/BlackBullet_2.1.6_Cracked.zip?ex=66cc8275&is=66cb30f5&hm=d5296e75d2aecb5bd3a47faf45f59dcd4204399a7db7a2301165945ec75ac822&
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb271d46f8,0x7ffb271d4708,0x7ffb271d4718
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,3451982041104311226,10981782905734328343,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,3451982041104311226,10981782905734328343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,3451982041104311226,10981782905734328343,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3451982041104311226,10981782905734328343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3451982041104311226,10981782905734328343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,3451982041104311226,10981782905734328343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
  2⤵
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,3451982041104311226,10981782905734328343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3451982041104311226,10981782905734328343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3451982041104311226,10981782905734328343,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,3451982041104311226,10981782905734328343,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3572 /prefetch:8
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3451982041104311226,10981782905734328343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,3451982041104311226,10981782905734328343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6060 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3451982041104311226,10981782905734328343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3451982041104311226,10981782905734328343,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:3080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4256

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4908

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\BlackBullet 2.1.6 Cracked\" -ad -an -ai#7zMap917:112:7zEvent12007
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1896

C:\Users\Admin\Downloads\BlackBullet 2.1.6 Cracked\BlackBullet 2.1.6 Cracked\BlackBullet2.exe
"C:\Users\Admin\Downloads\BlackBullet 2.1.6 Cracked\BlackBullet 2.1.6 Cracked\BlackBullet2.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:3028

C:\Users\Admin\Downloads\BlackBullet 2.1.6 Cracked\BlackBullet 2.1.6 Cracked\BlackBullet INI To BBC Converter.exe
"C:\Users\Admin\Downloads\BlackBullet 2.1.6 Cracked\BlackBullet 2.1.6 Cracked\BlackBullet INI To BBC Converter.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1184

C:\Users\Admin\Downloads\BlackBullet 2.1.6 Cracked\BlackBullet 2.1.6 Cracked\BlackBullet2.exe
"C:\Users\Admin\Downloads\BlackBullet 2.1.6 Cracked\BlackBullet 2.1.6 Cracked\BlackBullet2.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:3288

C:\Users\Admin\Downloads\BlackBullet 2.1.6 Cracked\BlackBullet 2.1.6 Cracked\Launcher.exe
"C:\Users\Admin\Downloads\BlackBullet 2.1.6 Cracked\BlackBullet 2.1.6 Cracked\Launcher.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2816
- C:\Windows\system32\cmd.exe
  "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\8C8B.tmp\8C8C.tmp\8C8D.bat "C:\Users\Admin\Downloads\BlackBullet 2.1.6 Cracked\BlackBullet 2.1.6 Cracked\Launcher.exe""
  2⤵
  PID:1564
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://crackingcentral.com/
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:1860
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb271d46f8,0x7ffb271d4708,0x7ffb271d4718
      4⤵
      PID:2416
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,1246057395658875784,107124143475749661,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
      4⤵
      PID:1992
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,1246057395658875784,107124143475749661,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4140
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,1246057395658875784,107124143475749661,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
      4⤵
      PID:5112
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,1246057395658875784,107124143475749661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
      4⤵
      PID:3028
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,1246057395658875784,107124143475749661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
      4⤵
      PID:1980
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,1246057395658875784,107124143475749661,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8
      4⤵
      PID:1036
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,1246057395658875784,107124143475749661,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4468
- - C:\Users\Admin\Downloads\BlackBullet 2.1.6 Cracked\BlackBullet 2.1.6 Cracked\BlackBullet2.exe
    BlackBullet2.exe FL
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:2312

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2788

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3288

C:\Users\Admin\Downloads\BlackBullet 2.1.6 Cracked\BlackBullet 2.1.6 Cracked\Launcher.exe
"C:\Users\Admin\Downloads\BlackBullet 2.1.6 Cracked\BlackBullet 2.1.6 Cracked\Launcher.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1528
- C:\Windows\system32\cmd.exe
  "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\1634.tmp\1635.tmp\1636.bat "C:\Users\Admin\Downloads\BlackBullet 2.1.6 Cracked\BlackBullet 2.1.6 Cracked\Launcher.exe""
  2⤵
  PID:1152
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://crackingcentral.com/
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of SendNotifyMessage
    PID:4772
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb271d46f8,0x7ffb271d4708,0x7ffb271d4718
      4⤵
      PID:1932
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,9421736295497095214,13803671445250490823,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
      4⤵
      PID:2988
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,9421736295497095214,13803671445250490823,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1476
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,9421736295497095214,13803671445250490823,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
      4⤵
      PID:5112
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9421736295497095214,13803671445250490823,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
      4⤵
      PID:2780
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9421736295497095214,13803671445250490823,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
      4⤵
      PID:1616
- - C:\Users\Admin\Downloads\BlackBullet 2.1.6 Cracked\BlackBullet 2.1.6 Cracked\BlackBullet2.exe
    BlackBullet2.exe FL
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:880

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1628

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\BlackBullet2.exe.log

Filesize
1KB

MD5
44e269a1b21f1c56f870bd443ae2b47e

SHA1
b15eefb9fb8d5f55f1c10f7942fc4a54ad8ceddd

SHA256
018255ce66edb432315980a01bf545600a958620769d2aa4df9983b6feb14b58

SHA512
ea4a1dc71321560d3782439f1e0e4fce7cc43ece395f0ab35924c8fbebe95e0fb32f0042d8f60ec41d919f26a57a21102a57be37c0de1e066f6b5b891a6c710a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5899d666a9553875e560736fc5ff8894

SHA1
06a530b8b9404df3b52315815b80af0a222a3c91

SHA256
85055c0c1b39e44fcb9bd38185af77cfbb8e105d0b5b0ac1496ceadabe622ab1

SHA512
980553c6146a211b4779b4ff14ca36a91117b08138c6adcc5bbae3b67500f043d07c745e8ba0571a195b660e26c0157f5834f5f06ca676fff7225a68b3c93c40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
177e9dd0dbdb756f07e7df1e0678f9fd

SHA1
7521c61598d36ea5ee6f68671108801dc439f3cb

SHA256
9ccdd7adbeb810870a6c25eff2980732e160d2460f7e1271af246ecf660ae65f

SHA512
af4433ac043019f34d488c160947ab3799c6a4a26c03cbf5d297c64b27ee8457b43c8de3d2bf128f4affc4ecc980f17207dbb5f4f953bee61c14261d9470cb81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8cfc3c7be856d609cff392805338cea8

SHA1
d732e56086438b76de5b79053f08d69f797710da

SHA256
ee3a3d708c8ec6566163dbb85f65c2f4080334dbee891682d2a2b486e80e8bba

SHA512
907d279bd4db9626daa687e7dbbf57c1ff8d907abd81ec50ed2e7998eea2e6fda6635b7953d1bbfbbcf5100ba83b6c6e40f8a00037bb41fcb2f1b0877ef9ca1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
ded23b413bde511d83e01cc60ddbde1a

SHA1
f0827e900c249d21e608e512b839b5f8790e176a

SHA256
72ce4d6af0d5f726e0300b2e8655ecf416b229366b63ef3ae3cf485765f19f2d

SHA512
49ec299eb6d764205ab4acad6cca0bd15aa49cb67144835d4e6c0508671e7d14d6a79b00b677b174850a36beaf42f402ab8d05cb9aaa1358e83f01f5da7f54f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
97b6d0cab20d66a52aa4aa2c232c786c

SHA1
7cb3f442a5674dbdff8e83c7f5122b8bf8e06afd

SHA256
d0a85b4fc7ec04cd3f69ec7646e0953b7d35fe6e1001e5448df8fed8f0323559

SHA512
37c3fb3c42bec06ee80d04ec5d0581aa2d0fa8e0839fdc9af5d34fc248a88e8fafb7a289d7b1b8a70ac2121639a4ec644b7278a4c065a174427bd55881b731c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
6c6126be58a3327994759bcc5886c05f

SHA1
9897a32ea27f785aa0b6e639869f097bdefb50e3

SHA256
bc99ce93cf76071c7cf055a22e3241d5df05283757e752f43ff0f54c709ce64e

SHA512
677f0da1298888196e8d0b7fd7459032f342fe521e5937391a2cf12f330472c69f5d753619b87ddb83d17e9b2d1f035c4bdbd80d828a1081610ae51e3b396e82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
186B

MD5
094ab275342c45551894b7940ae9ad0d

SHA1
2e7ce26fe2eb9be641ae929d0c9cc0dfa26c018e

SHA256
ef1739b833a1048ee1bd55dcbac5b1397396faca1ad771f4d6c2fe58899495a3

SHA512
19d0c688dc1121569247111e45de732b2ab86c71aecdde34b157cfd1b25c53473ed3ade49a97f8cb2ddc4711be78fa26c9330887094e031e9a71bb5c29080b0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
353B

MD5
b6c52bb000c3f5b2ebe5ce3f5b6d2c54

SHA1
e4f15c92e65a43a473091cc78867b2fc17514975

SHA256
4c60ac63e78837adb6a547decd303fbb7e1da3d9ca496ef3177550cd34e2e87f

SHA512
ecff0bea27f4f2e7a8f4a91105404403c141f0f7252db071a72001797088a686d7045b8c24e04d593f850937713c43049be499d348af17e7ee44f0d4aa988d76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
353B

MD5
95b45b37b6be85956d9feace4fe1277c

SHA1
b9414b17fa4f65fe5f6df9d81a91b9cf7c7f8d2f

SHA256
ef1764bcfb158cbc20f54a20ea0dbc496d8149779de7708877f05bad6f40c059

SHA512
71c77cdfd6e1e0fd76a6b245d24058ab20d1ce1265bf8609b6ac003442d451bb7a66f088bc9856eaff478173df62abbb30f628d326e6f93f2fbc8003f615d6dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
52bcb03748a4c9162c791aca94658ca5

SHA1
cc69a3a58001ca4f9fdc2dbd0776b0f72556c576

SHA256
effa31324d38633bd95ede47fcc4da4d4e2b83b10d171a19165c8d38fe2644b8

SHA512
c0003304ee45135cdb7536bf955104cc01c161f64b0b9ab11ec3a4be79450665935194653744a630f721ded5915aead24160e30dd969e893fcaa34ff8f55cbf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a017d766ea6e5f92a3c44d7b864e3e64

SHA1
d42b820cb479ebef1852860a5d31b44b86497e8b

SHA256
a3db1d5f803fd92bc4d449fef6dc768b8a47895d6aceeedf80a4c0e6abcc3be8

SHA512
1f5433686fc3ac9c845a27a8aa8ece93494c93f69989bba2c0df7caddc056be27a206020db5be2b774d56ee88465fe76724d4c73aa6b37bfd7fb1cafa0b9d5ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
867d5b6617b77cf5439356dd4952f32c

SHA1
afa677bcdd4b5247492f16660625da2a24bbe30c

SHA256
60662c27513e89c61b9f71f7546f1b89251ccd8df7212dfef25539396d7e3772

SHA512
720d1f292c6c925d019b33c05ecaaa2749694007b0e8133c2255442baf62999fab421e925f58c8284c23efd23545b7118637b9f7a18c187e4bc160fa77551dec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4966c162486877081655ec7389c44931

SHA1
2bf338ccb711f93ba30ed92d7aa80ad308c4a1c2

SHA256
e5141b73469550bd1eb346673374ad22eace839834f1e209fa657147785204f1

SHA512
27527238bd65ea3c9886b47f57d80daefd70ab726230b8d3dce15a8a41a8d12703f71b6acfcf47b4e963f0af214fa50cf19d68fbc03bab59c7a1f727b0b33293

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8ccc3b67aedc06642742be8aed02d215

SHA1
3d2d8a8a2596e46e74f0df40592d88a43ee627b2

SHA256
b4142a780c10977243dd208f324726de6a45ed76bd11ffb1e701b6a3bb59a8cb

SHA512
e25f3dbea5ffbbefcc95c0fd35a40fc8e63de3fe4073ca3bd85d8bb6af44495ec393344862771ddb7743b191404fb446a1537ef592a1dae902834c10f1a6f474

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9795524af8e6932c2c6672af279d8c09

SHA1
629a8fb74e9fe9bbc677496ebd5b7011adbb52bd

SHA256
213ea27b9f523433aa3a585b32ce61669d4fbcf21c2c8facb3d9aae2dd0e11c1

SHA512
87165bbef9d88a64ccc478f2c3b5a8c6c79b97ece5ce5083353817e25f41ff14b48885c3545915287d0645516f7ea0673b31e21b2899a93e79d2989b8d2f39e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ea1665396f60e15040f99011c993f6ee

SHA1
4219818a9f45347149bc1c3a5b23c097480b6d5b

SHA256
2587e58d5660426bbae4a8159ec1c0bdfcf11b7cceb0b07c523c26201ba61102

SHA512
40df40261282dcdd7988c6ae23b3909bb2a8de7be3d6ba1348fa95563493d65ac42e7c435819f53da45399d0ac70dc5edaa711579fa0e8cd145be4ffcbaf5482

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13369066010217340

Filesize
933B

MD5
48091c68fd4994b5c82b306ba9d0a36e

SHA1
44041151a5504b5b3af3bf8f1e1ed86b1a251c31

SHA256
13b2b3af6a27f9dc5fb891474657998fcd145dfb0791c9554c4b792349d189d5

SHA512
a2b64b2546d2dbc0ac12999d47a0a89bfec47c052c305365ce6f69895e0cf78e5a728bf354ebdc305cab3f661e5b7d5822056e9eb3c51e4c9d6cdf00a2fffc26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
1ffa0f2482f2a0e4c9ad3a02984b1d61

SHA1
2676b8ec50b8d0b3be64366afd61ac1a33bcff07

SHA256
7ee8bd9f22de2c31e45b06048dd4cb112c2b1e99e7ab004e84d3096e667c4a30

SHA512
2471dc9f3b873fc5d6e08e025caf666c963e731d321c88ac366803b76da8a6fc1af06fae34ca81d5dab1624e539b619b4eb8547f4aa188877d926ab62d939c65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
0ed97bed640627012c73f2144beff737

SHA1
8fee640c7b9fcec752a43f808bbc4a646daf2a67

SHA256
50f74f445b1309428525e8c026e6eefd622772d9a0ee46ce0c3cdb312a209aa5

SHA512
f4cf4d3eefec17946c807dc310c584783784f223ef4e9044e7b375f9c5f493c69c1034afbe316db09fe932ae65d9c3f965c5f10d3d86f1521bf5310a8e77b4c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a835dedf-8449-48a0-809c-418f12029cde.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
3dc8d24242ae5f0f871938641d27b607

SHA1
b531be25ce707b36df7059704282b8f8710c7769

SHA256
5679d6f0935eaec1cef6f5e872abf001f036771fa05d417b943c72b311850d75

SHA512
e63871b3319ef8002600397ae55f9c7b7d0b9eedcf2f07e7aaa1ef50360c6b257bf8a27c8c17c2c5bcf34b3414aa8901890e95c0450a5627e148f3d905cc3afe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b58384c2bdedbfd66b363e4ec8dab1b9

SHA1
829e46d8a1822746567be79c522a438ee1870e48

SHA256
71114e46a8a208861c317ad268e0e6bb64ad54ca0e74bd20b0882d1d8aa51b61

SHA512
c694ead79838115c685d6fddaaf52a3a88929017fa6021b129ffcc70178b1c99ac68becd5dc58f0e8ab82792429949048578ad14dbec33cc8c3cffcb64110337

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
decf805f7cc54dfd07e4369605608c9c

SHA1
2b9135024802d203a5999d9fe7c06b31aaa220e5

SHA256
aab31002a62b6bb4b304038d58d8451b98cefa9cb510c801aa501904e2c8a5c4

SHA512
e333315396e69525bd14d6d3a84104a8b5edc2a40b5027d4c461658bee0c517e105a360cf01cd58e9585ce550a8142a80acd5219eb773430e45a19811fa61d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
af5c34827b6261de3c51a47301288901

SHA1
3a9565b4577c58285686567ce732287abada2721

SHA256
80031d2a7ab81d2011174a9aa3a2fe465046a2c7fc60c33fcdfe4fd6d4511c50

SHA512
de9d90716a7cacd473e4457d878d0600f1754b937a85ec820543d4edde627c9d5ca06d391b8b5a1f33004018d7e1201c2104ecd0289e4a80f1385941f2e35c79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
af21deb7180339c295add4d9ecc35620

SHA1
b7a782c7a8b8f5dae7ad48e081f426987f675f04

SHA256
a964bd8219f3d7ebacb3c750879ed60bf083e426c174310bca9ee3eb3e6450b4

SHA512
8c804663c24181b98f2e26e28ad556a4eb73c1ea359d7847ef636ddebcf029668cf04b73c255c2c528967249cd3d8ca74a338526cab0fa7d0b1dd7dd5dd2034a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\8C8B.tmp\8C8C.tmp\8C8D.bat

Filesize
79B

MD5
bdd6d7981d6538ec3c1bdc564f56d9f8

SHA1
19d56a107ca0c4f7e81188fe19d822b91c3bfa1f

SHA256
e678ff18d3943013f2b0b00cf491a905d1b41a435f7a61e1605cdd40e55c9b81

SHA512
2c185a2ea57b1a2064013a7bca555b2339a2d85efa369e8e53b4aec5784552552f66d05b7bdd5c8835175423d6f6fed05eae505013a4894fa55966b9290db49d

Download Submit
C:\Users\Admin\Downloads\BlackBullet 2.1.6 Cracked\BlackBullet 2.1.6 Cracked\BlackBullet INI To BBC Converter.exe

Filesize
1.2MB

MD5
88224bbd2474ae56cda119c826f8b86c

SHA1
b2b26f19dbdbaff25bf4098a692ad84b66349a66

SHA256
4d0003dc064c54036d1e5c38db2ce29c850adb87a78529d7edc6aea9cdd93ceb

SHA512
13c41e86be0575874a9191151b6b53da3e4b8bbeebd63ee79a6e185505b4a8cb6c057d87d9d9fd66b71d604c09b6f4c6e82d252501e799a987c6f45e34c69820

Download Submit
C:\Users\Admin\Downloads\BlackBullet 2.1.6 Cracked\BlackBullet 2.1.6 Cracked\BlackBullet2.exe

Filesize
4.9MB

MD5
c42a8cb8a90aea5145a40b3e3390a551

SHA1
4e077faf46b63e4bda449f8736100c6c95173a6b

SHA256
95b686c4c21e3b2b96d4aa63fc583b2c8bff5d04f851f1303c46b001e0bcba5b

SHA512
eafa39be943843ebaa11f3655f0970b0f144f3752db8b0b3ebcc8c385215b7f7ef6e796964520a8e359ade53636baee65e051dd5a4a44cf388fafee038efcf51

Download Submit
C:\Users\Admin\Downloads\BlackBullet 2.1.6 Cracked\BlackBullet 2.1.6 Cracked\BlackBullet2.exe.config

Filesize
858B

MD5
919236f98bca660111b7eb3703c387bc

SHA1
eed03be30f98b6cce546389d96bf8a9ed0224e93

SHA256
7f05f68f739ad4f463f831ef81d0bbf954dc7e29ef86cc87bf041e1f6cec29dc

SHA512
5437eccedcc2e0a3b2a57144dba3ebcac3eac09fa0004c5abca141e5e0def5686a75e85437bb697c1f907d53feac4bc4265d1cbcbeff92288e90a82b0b6f3744

Download Submit
C:\Users\Admin\Downloads\BlackBullet 2.1.6 Cracked\BlackBullet 2.1.6 Cracked\Launcher.exe

Filesize
98KB

MD5
6f73711cdc0c9f061957aa9b07c9b2d4

SHA1
6481d49d4743917d97d151c876bbb592971f19fe

SHA256
c4d72470fa030d9aee379d305947274f9fc4e7258aff28e619d21667dc9adf06

SHA512
a6c73815498e10c425915b6f5d4108165e597869a3ac1e4bf2dec0253c0e716a8518b00b3e934c7d131af08d12cc511430c43ca7353068c1a0f9a297011bc4a0

Download Submit
C:\Users\Admin\Downloads\BlackBullet 2.1.6 Cracked\BlackBullet 2.1.6 Cracked\Settings\License.txt

Filesize
28B

MD5
f99318e1621819f8989e099ff50775b2

SHA1
d679893e548cfef2f30f8654528cc96b1ee7c48d

SHA256
3a162c985e8502a15519da5d91791f665279d335a6661bc9ef2abcf9e5fc7304

SHA512
496ef676bd90eb511849a5bf0e380d3e67632e5e13e4d2ea37dfb0f10eaff8be99b42ad35cc8eb9891370f4d8eb00cae93bd36d95cad187294450ba27c899a3e

Download Submit
C:\Users\Admin\Downloads\BlackBullet 2.1.6 Cracked\BlackBullet 2.1.6 Cracked\Settings\License.txt

Filesize
34B

MD5
382cf777c7a6f4d6a57dce78a644310b

SHA1
e900e88b5996813cc6bf07be922065cebb9dd3ac

SHA256
6f3a0f12e296aa930f35728130e5f44524aabdee290327ee8df36ab8a09d859a

SHA512
4ca386b8cf883b2a04e865790a6ec21f8fd25ed3f6038b64a114e0a13d5e0d914a2eb8cb3a396c7ec841b5cd59013f31401965e95301ce0414740872a7f5194b

Download Submit
C:\Users\Admin\Downloads\BlackBullet 2.1.6 Cracked\BlackBullet 2.1.6 Cracked\bin\RuriLib.dll

Filesize
384KB

MD5
0157e615708f3d4e424ed37d54c110bf

SHA1
2d7fdabb6e570f0b64cdabeea37b43937028e38d

SHA256
556eec696e9c6eaa76b8960509c98a6b5a4f8332897b523ec09c905a581eedf4

SHA512
66c981fdea99b4ad1bd151f5670c011191261865d018b3d8d61f2a41451556b0e7595a3d4c6c73757c5bc91866531c706737801f123699a435d907d575b53b75

Download Submit
C:\Users\Admin\Downloads\BlackBullet 2.1.6 Cracked\BlackBullet 2.1.6 Cracked\bin\System.Windows.Controls.Input.Toolkit.dll

Filesize
106KB

MD5
9722713e648f42b57299e9d2cf3d5c1a

SHA1
a4d0dc4f09ce84a33f1aa3e0c5cb4ae131f9fb0c

SHA256
bc3a78eb4df2fd5b39244fa0586cc0a82fe3d0e185d151e6c340c53072a61872

SHA512
f6bb5724dfc46476e94448ecb4650ad23197ca21965edf923e5d8bf51a31a707c058bca6cbac8e40e324bb54944da4129659dc2d2fc965e260bd40123a8aeebb

Download Submit
C:\Users\Admin\Downloads\BlackBullet 2.1.6 Cracked\BlackBullet 2.1.6 Cracked\bin\System.Windows.Controls.Layout.Toolkit.dll

Filesize
92KB

MD5
22d9d032858972b8ee628fa818ab04db

SHA1
6eeae133e394292c6c349f838114c2a39dfe8357

SHA256
e3d7f794442d9dbe99f5d578c0bc8d9e3198fe4055cf5581fc1de78085967c50

SHA512
6899b2650aafd1e88049303c7ee26ff7e0dfe201d8a7188386ef2354deeb32f611bb4b73a02be9127fc96d5b4d37cab9bdbec3cfcb3bf4cada43170ac4349e0f

Download Submit
C:\Users\Admin\Downloads\BlackBullet 2.1.6 Cracked\BlackBullet 2.1.6 Cracked\bin\WPFToolkit.dll

Filesize
456KB

MD5
195ed09e0b4f3b09ea4a3b67a0d3f396

SHA1
01a250631397c93c4aab9a777a86e39fd8d84f09

SHA256
aef9fcbb874fc82e151e32279330061f8f22a77c05f583a0cb5e5696654ac456

SHA512
b801c03efa3e8079366a7782d2634a3686d88f64c3c31a03aa5ce71b7bf472766724d209290c231d55da89dd4f03bd1c0153ffeb514e1d5d408cc2c713cd4098

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 907341.crdownload

Filesize
20.2MB

MD5
e9d36b2d529f6320b0073cfeab7ef95d

SHA1
bf96766ce1e7d3249ff8ec526679d4efb1e93a67

SHA256
eefffe9df34827e550181136a88d7f4cc1ac318a4a97ba305ecd3ea649b83ba4

SHA512
ac31b0ed9e6655a118c8ca7eb219c6a8041eeb06c4aeb66fe853dbef75c84555c53c856449721edc4747e252226b3598b81475f556a0881e27321634886d827d

Download Submit
\??\pipe\LOCAL\crashpad_2280_UUKDEIJNWIUGFWZW

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/880-691-0x000000000B850000-0x000000000BBA4000-memory.dmp

Filesize
3.3MB

Download
memory/880-692-0x000000000B790000-0x000000000B7DC000-memory.dmp

Filesize
304KB

Download
memory/880-693-0x000000000BC20000-0x000000000BC41000-memory.dmp

Filesize
132KB

Download
memory/1184-363-0x0000000000D10000-0x0000000000E4A000-memory.dmp

Filesize
1.2MB

Download
memory/1184-366-0x0000000005910000-0x000000000591A000-memory.dmp

Filesize
40KB

Download
memory/1184-364-0x0000000005C80000-0x0000000006224000-memory.dmp

Filesize
5.6MB

Download
memory/1184-365-0x0000000005770000-0x0000000005802000-memory.dmp

Filesize
584KB

Download
memory/2312-579-0x000000000BB90000-0x000000000BBEA000-memory.dmp

Filesize
360KB

Download
memory/2312-428-0x00000000065D0000-0x00000000065D8000-memory.dmp

Filesize
32KB

Download
memory/2312-578-0x000000000BB00000-0x000000000BB22000-memory.dmp

Filesize
136KB

Download
memory/2312-470-0x0000000006530000-0x000000000653A000-memory.dmp

Filesize
40KB

Download
memory/2312-580-0x000000000BBF0000-0x000000000BF44000-memory.dmp

Filesize
3.3MB

Download
memory/2312-581-0x000000000BB30000-0x000000000BB7C000-memory.dmp

Filesize
304KB

Download
memory/2312-582-0x000000000BFA0000-0x000000000BFDC000-memory.dmp

Filesize
240KB

Download
memory/2312-583-0x000000000BF60000-0x000000000BF81000-memory.dmp

Filesize
132KB

Download
memory/2312-584-0x000000000CC60000-0x000000000CC82000-memory.dmp

Filesize
136KB

Download
memory/2312-585-0x000000000CDF0000-0x000000000CF04000-memory.dmp

Filesize
1.1MB

Download
memory/2312-586-0x000000000CD60000-0x000000000CD68000-memory.dmp

Filesize
32KB

Download
memory/2312-577-0x000000000B8E0000-0x000000000B988000-memory.dmp

Filesize
672KB

Download
memory/2312-427-0x00000000065C0000-0x00000000065C8000-memory.dmp

Filesize
32KB

Download
memory/2312-411-0x00000000060D0000-0x0000000006148000-memory.dmp

Filesize
480KB

Download
memory/2312-429-0x0000000009CE0000-0x0000000009D18000-memory.dmp

Filesize
224KB

Download
memory/2312-430-0x0000000009CC0000-0x0000000009CCE000-memory.dmp

Filesize
56KB

Download
memory/2312-469-0x00000000064C0000-0x0000000006500000-memory.dmp

Filesize
256KB

Download
memory/3028-359-0x0000000005CF0000-0x0000000005D56000-memory.dmp

Filesize
408KB

Download
memory/3028-355-0x0000000005810000-0x000000000582C000-memory.dmp

Filesize
112KB

Download
memory/3028-351-0x0000000005730000-0x0000000005750000-memory.dmp

Filesize
128KB

Download
memory/3028-347-0x0000000000890000-0x0000000000D82000-memory.dmp

Filesize
4.9MB

Download