zgrat | hxxps://cdn[.]discordapp[.]com/attachments/1277253623767891968/1277257730868117616/BlackBullet_2[.]1[.]6_Cracked[.]zip?ex=66cc8275&is=66cb30f5&hm=d5296e75d2aecb5bd3a47faf45f59dcd4204399a7db7a2301165945ec75ac822&

Analysis

max time kernel
149s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25-08-2024 13:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1277253623767891968/1277257730868117616/BlackBullet_2.1.6_Cracked.zip?ex=66cc8275&is=66cb30f5&hm=d5296e75d2aecb5bd3a47faf45f59dcd4204399a7db7a2301165945ec75ac822&

Score

10^/10

zgrat discovery rat

Malware Config

Signatures

Detect ZGRat V2 2 IoCs

resource	yara_rule
behavioral1/files/0x000700000002348d-360.dat	family_zgrat_v2
behavioral1/memory/4432-363-0x00000000007D0000-0x0000000000CC2000-memory.dmp	family_zgrat_v2

ZGRat
ZGRat is remote access trojan written in C#.
rat zgrat

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	Launcher.exe

Executes dropped EXE 3 IoCs

pid	Process
4432	BlackBullet2.exe
2060	Launcher.exe
6032	BlackBullet2.exe

Loads dropped DLL 25 IoCs

pid	Process
4432	BlackBullet2.exe
4432	BlackBullet2.exe
4432	BlackBullet2.exe
4432	BlackBullet2.exe
4432	BlackBullet2.exe
4432	BlackBullet2.exe
6032	BlackBullet2.exe
6032	BlackBullet2.exe
6032	BlackBullet2.exe
6032	BlackBullet2.exe
6032	BlackBullet2.exe
6032	BlackBullet2.exe
6032	BlackBullet2.exe
6032	BlackBullet2.exe
6032	BlackBullet2.exe
6032	BlackBullet2.exe
6032	BlackBullet2.exe
6032	BlackBullet2.exe
6032	BlackBullet2.exe
6032	BlackBullet2.exe
6032	BlackBullet2.exe
6032	BlackBullet2.exe
6032	BlackBullet2.exe
6032	BlackBullet2.exe
6032	BlackBullet2.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BlackBullet2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BlackBullet2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Launcher.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4272	msedge.exe
4272	msedge.exe
392	msedge.exe
392	msedge.exe
1652	identity_helper.exe
1652	identity_helper.exe
2640	msedge.exe
2640	msedge.exe
2692	msedge.exe
2692	msedge.exe
3620	msedge.exe
3620	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
3620	msedge.exe
3620	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeRestorePrivilege	2660	7zG.exe
Token: 35	2660	7zG.exe
Token: SeSecurityPrivilege	2660	7zG.exe
Token: SeSecurityPrivilege	2660	7zG.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
2660	7zG.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 392 wrote to memory of 4232	392	msedge.exe	84
PID 392 wrote to memory of 4232	392	msedge.exe	84
PID 392 wrote to memory of 1124	392	msedge.exe	85
PID 392 wrote to memory of 1124	392	msedge.exe	85
PID 392 wrote to memory of 1124	392	msedge.exe	85
PID 392 wrote to memory of 1124	392	msedge.exe	85
PID 392 wrote to memory of 1124	392	msedge.exe	85
PID 392 wrote to memory of 1124	392	msedge.exe	85
PID 392 wrote to memory of 1124	392	msedge.exe	85
PID 392 wrote to memory of 1124	392	msedge.exe	85
PID 392 wrote to memory of 1124	392	msedge.exe	85
PID 392 wrote to memory of 1124	392	msedge.exe	85
PID 392 wrote to memory of 1124	392	msedge.exe	85
PID 392 wrote to memory of 1124	392	msedge.exe	85
PID 392 wrote to memory of 1124	392	msedge.exe	85
PID 392 wrote to memory of 1124	392	msedge.exe	85
PID 392 wrote to memory of 1124	392	msedge.exe	85
PID 392 wrote to memory of 1124	392	msedge.exe	85
PID 392 wrote to memory of 1124	392	msedge.exe	85
PID 392 wrote to memory of 1124	392	msedge.exe	85
PID 392 wrote to memory of 1124	392	msedge.exe	85
PID 392 wrote to memory of 1124	392	msedge.exe	85
PID 392 wrote to memory of 1124	392	msedge.exe	85
PID 392 wrote to memory of 1124	392	msedge.exe	85
PID 392 wrote to memory of 1124	392	msedge.exe	85
PID 392 wrote to memory of 1124	392	msedge.exe	85
PID 392 wrote to memory of 1124	392	msedge.exe	85
PID 392 wrote to memory of 1124	392	msedge.exe	85
PID 392 wrote to memory of 1124	392	msedge.exe	85
PID 392 wrote to memory of 1124	392	msedge.exe	85
PID 392 wrote to memory of 1124	392	msedge.exe	85
PID 392 wrote to memory of 1124	392	msedge.exe	85
PID 392 wrote to memory of 1124	392	msedge.exe	85
PID 392 wrote to memory of 1124	392	msedge.exe	85
PID 392 wrote to memory of 1124	392	msedge.exe	85
PID 392 wrote to memory of 1124	392	msedge.exe	85
PID 392 wrote to memory of 1124	392	msedge.exe	85
PID 392 wrote to memory of 1124	392	msedge.exe	85
PID 392 wrote to memory of 1124	392	msedge.exe	85
PID 392 wrote to memory of 1124	392	msedge.exe	85
PID 392 wrote to memory of 1124	392	msedge.exe	85
PID 392 wrote to memory of 1124	392	msedge.exe	85
PID 392 wrote to memory of 4272	392	msedge.exe	86
PID 392 wrote to memory of 4272	392	msedge.exe	86
PID 392 wrote to memory of 1688	392	msedge.exe	87
PID 392 wrote to memory of 1688	392	msedge.exe	87
PID 392 wrote to memory of 1688	392	msedge.exe	87
PID 392 wrote to memory of 1688	392	msedge.exe	87
PID 392 wrote to memory of 1688	392	msedge.exe	87
PID 392 wrote to memory of 1688	392	msedge.exe	87
PID 392 wrote to memory of 1688	392	msedge.exe	87
PID 392 wrote to memory of 1688	392	msedge.exe	87
PID 392 wrote to memory of 1688	392	msedge.exe	87
PID 392 wrote to memory of 1688	392	msedge.exe	87
PID 392 wrote to memory of 1688	392	msedge.exe	87
PID 392 wrote to memory of 1688	392	msedge.exe	87
PID 392 wrote to memory of 1688	392	msedge.exe	87
PID 392 wrote to memory of 1688	392	msedge.exe	87
PID 392 wrote to memory of 1688	392	msedge.exe	87
PID 392 wrote to memory of 1688	392	msedge.exe	87
PID 392 wrote to memory of 1688	392	msedge.exe	87
PID 392 wrote to memory of 1688	392	msedge.exe	87
PID 392 wrote to memory of 1688	392	msedge.exe	87
PID 392 wrote to memory of 1688	392	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1277253623767891968/1277257730868117616/BlackBullet_2.1.6_Cracked.zip?ex=66cc8275&is=66cb30f5&hm=d5296e75d2aecb5bd3a47faf45f59dcd4204399a7db7a2301165945ec75ac822&
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff877946f8,0x7fff87794708,0x7fff87794718
  2⤵
  PID:4232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,6718841426267002350,17620085201529310627,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2
  2⤵
  PID:1124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2236,6718841426267002350,17620085201529310627,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2236,6718841426267002350,17620085201529310627,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2608 /prefetch:8
  2⤵
  PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,6718841426267002350,17620085201529310627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,6718841426267002350,17620085201529310627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,6718841426267002350,17620085201529310627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,6718841426267002350,17620085201529310627,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2236,6718841426267002350,17620085201529310627,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5736 /prefetch:8
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2236,6718841426267002350,17620085201529310627,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5736 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,6718841426267002350,17620085201529310627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,6718841426267002350,17620085201529310627,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,6718841426267002350,17620085201529310627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2236,6718841426267002350,17620085201529310627,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5936 /prefetch:8
  2⤵
  PID:376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2236,6718841426267002350,17620085201529310627,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6276 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2640

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4364

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1212

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4200

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\BlackBullet 2.1.6 Cracked\" -ad -an -ai#7zMap21918:112:7zEvent19251
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2660

C:\Users\Admin\Downloads\BlackBullet 2.1.6 Cracked\BlackBullet 2.1.6 Cracked\BlackBullet2.exe
"C:\Users\Admin\Downloads\BlackBullet 2.1.6 Cracked\BlackBullet 2.1.6 Cracked\BlackBullet2.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4432

C:\Users\Admin\Downloads\BlackBullet 2.1.6 Cracked\BlackBullet 2.1.6 Cracked\Launcher.exe
"C:\Users\Admin\Downloads\BlackBullet 2.1.6 Cracked\BlackBullet 2.1.6 Cracked\Launcher.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2060
- C:\Windows\system32\cmd.exe
  "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\3EE8.tmp\3EE9.tmp\3EEA.bat "C:\Users\Admin\Downloads\BlackBullet 2.1.6 Cracked\BlackBullet 2.1.6 Cracked\Launcher.exe""
  2⤵
  PID:1172
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://crackingcentral.com/
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:3620
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff877946f8,0x7fff87794708,0x7fff87794718
      4⤵
      PID:3928
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2248,12809942855706600753,15938761106660841211,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2260 /prefetch:2
      4⤵
      PID:5016
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2248,12809942855706600753,15938761106660841211,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2692
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2248,12809942855706600753,15938761106660841211,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
      4⤵
      PID:3992
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,12809942855706600753,15938761106660841211,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
      4⤵
      PID:4344
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,12809942855706600753,15938761106660841211,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
      4⤵
      PID:2424
- - C:\Users\Admin\Downloads\BlackBullet 2.1.6 Cracked\BlackBullet 2.1.6 Cracked\BlackBullet2.exe
    BlackBullet2.exe FL
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:6032

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1580

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\BlackBullet2.exe.log

Filesize
1KB

MD5
44e269a1b21f1c56f870bd443ae2b47e

SHA1
b15eefb9fb8d5f55f1c10f7942fc4a54ad8ceddd

SHA256
018255ce66edb432315980a01bf545600a958620769d2aa4df9983b6feb14b58

SHA512
ea4a1dc71321560d3782439f1e0e4fce7cc43ece395f0ab35924c8fbebe95e0fb32f0042d8f60ec41d919f26a57a21102a57be37c0de1e066f6b5b891a6c710a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
646f0bd64ee1617c3f718bc49683b5d1

SHA1
c741146021701e98702d56f07c0487d3a3b387f9

SHA256
42541d16c833118aeedea1bbb88654e957dbce1b5c64a0432285856cfdcd04c7

SHA512
81dacef0781255647ebc77df1ec07e45c3297474046674ed0d8b06b68141a23cc63b8215b3cbc4c973aecf5d2f461dfbe77e2f68b8a25323e1c395879f48f8b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9a35e10619e92fe055bc1ed9a2767107

SHA1
9abb6520603eb621d39a8fef96bbc008a8df4f27

SHA256
5906159de73933d3b5d0ca64cf4ee4504c71b4ece33c175886ab559f423df815

SHA512
782cd307d3ab9aafb39bc1434a096a13ec898ff5b09478c60f6728f321cbb21a8c1dbd681b507cab5e632baa5ea4e2c31b99715c7ab1402dd27efc94bed72cd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
6d579c0c2c9864178ed8c8cc27ef0947

SHA1
f0c6596297401ba660648b8f748e24d7e737e8f2

SHA256
4bac2d448d56c2488a7d5b9d03ee7d6faa8d1c24b9b8463de593dc27fd79ff57

SHA512
b2cc86ee76932469e034364f0a85f85a6d7eaa4485ec160952157889d479fcaa04baa0958edc923e1f82134a9b67a5269b7f88c9cc539e79f00ac886bbccd724

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
c4c827b21a86a180c452f687eb2c6678

SHA1
8aa0a385b75aa2ec4d243608bd38940834032030

SHA256
5bdc31c67372dda147d7e0ce32b7f9dfb9135d4702c7237e89c9323aca32a02b

SHA512
9f8282ea301129f7ad213144f9aa77a51a81f0f39a0e96137a1271b5610a6c19f3718f8a9e38e0b5bf923dbbf1b6f4f6457c0b6cbb7b0a14689b31a20acddb73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
e1cbe180d3094b970e3da752a6e63c7c

SHA1
3705cc2c4acbdfc9d83c68826e47734cad4c7d2a

SHA256
e994daa9d589e7ad8d57be1c87fe34024acfbb002d9a4d348d800b0f6cc7978b

SHA512
c4b8b118bf59669dcb541b3dd66e8ce81c6db1596c9c4e2b54efcabf2a2cc9fc3c75162a83dc1ad085d541959d310ae5c4e8ade390b9a66ff96f82d410c14dd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
186B

MD5
094ab275342c45551894b7940ae9ad0d

SHA1
2e7ce26fe2eb9be641ae929d0c9cc0dfa26c018e

SHA256
ef1739b833a1048ee1bd55dcbac5b1397396faca1ad771f4d6c2fe58899495a3

SHA512
19d0c688dc1121569247111e45de732b2ab86c71aecdde34b157cfd1b25c53473ed3ade49a97f8cb2ddc4711be78fa26c9330887094e031e9a71bb5c29080b0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f57dbf1d9e8b430239b1d9bc0b08f960

SHA1
3018f347675e0fc3f41dc6609f8c46cd78bd4ee7

SHA256
5484ab151f0905af65d44711e0217741876adf079a020ed7fe1535a40da9ef54

SHA512
124865445aa6939bc8f7a46097c3573e88b4bcdb2b6d51c9dcebe4fa632394b9f8b03a2ad21f0f0ccdb59d36e35c2168fc726efc20ab3da4780b15209b4597b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
81d1c2747b08a79ecabae9849a717c5a

SHA1
afab98f25ac466b5001ae055a226e1df6f78b5e4

SHA256
127abb525941c44036dd82091d89c2d8d2a18d0858b0a088aa4e4e7ffb1862ce

SHA512
52d371c1d7d953c875e454ca2a6501084b656ef4f709134400465390bd2d802e053503cd57c6b132c646179e8396e8833224e9c8f5f58cde6182384ee0d8d15e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2d319f3e7ce2acddc32c5c1586203780

SHA1
3af7ea5303cddc8fc155f1d0f9b48336c32373ab

SHA256
08cbafc187176b059cf19e7b5d46fa380274a176ef147e2765688842b3bbcf84

SHA512
34d03321e6d57e8d6400136baf49afff6f1ba2250f40e2e76da5af2dc0618db181f2efe9c1058fea126e7c4b334f0dcb4a36632b2236e51317f2d242c3413f25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6730acbfb8c1e0c872806494b57c30a7

SHA1
d3e67aa17bce2c865f10c15bd751506c26206e98

SHA256
95107f4c0cdb1407493fa1943a806ac719b8a7fc36428c49101fa9bdaee4a382

SHA512
9c0745d636b8239300f150199ee4b7ce9ebcc67b9b63a1b07215d3e85bb481214e1e67b342ac94a5e967bfe819242d045ce93650c5e0b91b5f752698a0859149

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
175B

MD5
6153ae3a389cfba4b2fe34025943ec59

SHA1
c5762dbae34261a19ec867ffea81551757373785

SHA256
93c2b2b9ce1d2a2f28fac5aadc19c713b567df08eaeef4167b6543a1cd094a61

SHA512
f2367664799162966368c4a480df6eb4205522eaae32d861217ba8ed7cfabacbfbb0f7c66433ff6d31ec9638da66e727e04c2239d7c6a0d5fd3356230e09ab6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
0a38208126623747b35cc8f1498b1665

SHA1
fe607ce20d5f07b99eb64c8fb256539b27391949

SHA256
5589baa35066a74609fb1b01f6a5939d0f20345a1f3a03a9a6ba0749d1acd453

SHA512
79864dc1f5ec828f0c48d310fec2d84cd80d7c3bffaa5170b477d8abfdb04d8f03700aa588d7897b9d4bcbd471e40d7773f53104519380f59db9edf4311eeccf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13369066401312434

Filesize
933B

MD5
abe8b8e623010bf14e85eb1d353c957b

SHA1
bbf9b62ef360495e96af398c163bb0b1061fbd92

SHA256
269ea4f9cd7c3a9f664536b63e239c56e42aaa5061b799e295d7db86d0fed1cf

SHA512
59812f0e935ec90672790ee1316a279a406b1928a681ce58da9c5aa3227510f426f130061407ced661110cb2684a64bf6bc25666209b2b7ea903d4a5bf9dd279

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
4bdd30e0db3070569cdc690d6fe9768d

SHA1
4c3888dc451219dcce0b45ffb5a8e8a392b833d7

SHA256
a235dcb93bb838a70ee5418da1eb372f9753bb6e7a3d5dae192b8d2a3e608a17

SHA512
90c4ff719ce30169ca256e116e89761b26fb446c758fe3e2f54bcecbcbaa4b7ad03bde59c798ef07b5381b1b32ebe599379fa83f999d4c4d5a78a5fb98e15379

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
0ae38fb25bc0dfb053f47484802b676e

SHA1
3789447b5d53437327ed0c86fa9f43d1085e9c67

SHA256
a9d171729fb7cd86bf30a9db43c871d1de70ab21d490834d25dcdd9b7ee77d48

SHA512
a1929c2eae416dc6738bdf8324a959161c8825004a9f85dea6bc69261671e1eeb7018baecc9f3a984da6e4e6bdf7b6a4c70fa2d23568019e69c2635c6ef20d07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
6b4729382128d86fce266e174137b069

SHA1
01c8b5c47389b1676fd0f55dfcdf579e88b374ea

SHA256
97ff3149f575ec69b798ba569173010f96d748448241f519b13a9e56b9fe701a

SHA512
2ea5e1c321697abefb886b0168a7fcfa194bd19e5b926d55c897bc493fb4f30493bdea15449bd457570c216d301c689a81f66f4aeae42391c4417d3ae67c5f22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
7KB

MD5
61b936edad3b67614b788d7971286a8b

SHA1
c3980bf3e524e65b27a9d63f5cc9ccb58d5ca21e

SHA256
efef1945f84ce6fbe7d8288aed8a4706c5c718b74023843e794ea78861e8d1ad

SHA512
e39c33ed02aada1cfdb040880e52660dec2fdb5560892cc506e29be22369a576959bf63631e0ed65011abbe3d225074a42b3b65db7936385922d7a9511796f68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
9fa6c9db23b67efff63d15e0aa7fa50b

SHA1
6788f3b0ea39504a3a5fe634ed5f7d27043312d4

SHA256
56e787feb6b72d9e518b154a796ce31acb46b9185f41fe12bb9eacb9299019af

SHA512
d0653478bf435b564652c81c1d2ccfc4055aea4b385fe16c6207b4b0b3c37f1ee9fcea05c6330cff422ac66db13ed52f82495d1c68ebfef2b8619fa4a60a3e33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
594B

MD5
fa303662535ded63b1a080d80af4f891

SHA1
200044c0ebf71c1db5d95519987f04ff1a0ceefc

SHA256
04d86c50a07eeda246f3a4b44aefb921b8f8005f65e99fb07f76f3e707801915

SHA512
5efaf76c900f5d4e5b7dc0db032fde9c723e183bee165d2036f6968c2f6838bdfe756597b342c9ec086f736cb29927c1832a010b97ce200876ed92aeff0a3dbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
f903556275714e9aed383900640864c1

SHA1
a263f9ad965f76c06618e2ee49ba01b99a088ee9

SHA256
de4e72ee1f3f02aa35f0e47b3ba8faf2f1d3ff16193ec11db9d9b54fa24ed508

SHA512
f2f3c18878a7635ff10332dcb8d7b94295a0f5fc4c156c757f7c7e8186f36b7deb812726ae35a585a033ce0d1e6a6721f089f2ec87140a5844437fd37cf8ab16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e0accd7a961a7ad659ea69f70c6ac8ed

SHA1
7f2a2dfcc04229a18118003fd0737cf00b4e4e89

SHA256
e7c37004d2e85bd9342c560d793af8f91bd804eb58599ef9b6d71b1cdc0570d6

SHA512
d706911f7b3f263ee03fa340b94e302e606e4a445ed806581412c16ab007935af91d7abd6d948b736c140ba4555b6c7b8ee91bd1046b1e9fc11ebdc870e94045

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9d0350b36e869bdbe460d5c2abc680a7

SHA1
7b7b0be758ce48b433b068ed11dcb7959b6e4230

SHA256
394a4788c28150a9d4bda3c20cda564382e5058ff74e8d9887cb49efc301fac5

SHA512
3cbc3c834e122cf0d560860ce3922c51a681838c29105eee07ede8866dba87effea45d78a434abf508fa0c6a890e5babb184446b4ddb5430bd8e8057a67489c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\3EE8.tmp\3EE9.tmp\3EEA.bat

Filesize
79B

MD5
bdd6d7981d6538ec3c1bdc564f56d9f8

SHA1
19d56a107ca0c4f7e81188fe19d822b91c3bfa1f

SHA256
e678ff18d3943013f2b0b00cf491a905d1b41a435f7a61e1605cdd40e55c9b81

SHA512
2c185a2ea57b1a2064013a7bca555b2339a2d85efa369e8e53b4aec5784552552f66d05b7bdd5c8835175423d6f6fed05eae505013a4894fa55966b9290db49d

Download Submit
C:\Users\Admin\Downloads\BlackBullet 2.1.6 Cracked\BlackBullet 2.1.6 Cracked\BlackBullet2.exe

Filesize
4.9MB

MD5
c42a8cb8a90aea5145a40b3e3390a551

SHA1
4e077faf46b63e4bda449f8736100c6c95173a6b

SHA256
95b686c4c21e3b2b96d4aa63fc583b2c8bff5d04f851f1303c46b001e0bcba5b

SHA512
eafa39be943843ebaa11f3655f0970b0f144f3752db8b0b3ebcc8c385215b7f7ef6e796964520a8e359ade53636baee65e051dd5a4a44cf388fafee038efcf51

Download Submit
C:\Users\Admin\Downloads\BlackBullet 2.1.6 Cracked\BlackBullet 2.1.6 Cracked\BlackBullet2.exe.config

Filesize
858B

MD5
919236f98bca660111b7eb3703c387bc

SHA1
eed03be30f98b6cce546389d96bf8a9ed0224e93

SHA256
7f05f68f739ad4f463f831ef81d0bbf954dc7e29ef86cc87bf041e1f6cec29dc

SHA512
5437eccedcc2e0a3b2a57144dba3ebcac3eac09fa0004c5abca141e5e0def5686a75e85437bb697c1f907d53feac4bc4265d1cbcbeff92288e90a82b0b6f3744

Download Submit
C:\Users\Admin\Downloads\BlackBullet 2.1.6 Cracked\BlackBullet 2.1.6 Cracked\Launcher.exe

Filesize
98KB

MD5
6f73711cdc0c9f061957aa9b07c9b2d4

SHA1
6481d49d4743917d97d151c876bbb592971f19fe

SHA256
c4d72470fa030d9aee379d305947274f9fc4e7258aff28e619d21667dc9adf06

SHA512
a6c73815498e10c425915b6f5d4108165e597869a3ac1e4bf2dec0253c0e716a8518b00b3e934c7d131af08d12cc511430c43ca7353068c1a0f9a297011bc4a0

Download Submit
C:\Users\Admin\Downloads\BlackBullet 2.1.6 Cracked\BlackBullet 2.1.6 Cracked\bin\RuriLib.dll

Filesize
384KB

MD5
0157e615708f3d4e424ed37d54c110bf

SHA1
2d7fdabb6e570f0b64cdabeea37b43937028e38d

SHA256
556eec696e9c6eaa76b8960509c98a6b5a4f8332897b523ec09c905a581eedf4

SHA512
66c981fdea99b4ad1bd151f5670c011191261865d018b3d8d61f2a41451556b0e7595a3d4c6c73757c5bc91866531c706737801f123699a435d907d575b53b75

Download Submit
C:\Users\Admin\Downloads\BlackBullet 2.1.6 Cracked\BlackBullet 2.1.6 Cracked\bin\System.Windows.Controls.Input.Toolkit.dll

Filesize
106KB

MD5
9722713e648f42b57299e9d2cf3d5c1a

SHA1
a4d0dc4f09ce84a33f1aa3e0c5cb4ae131f9fb0c

SHA256
bc3a78eb4df2fd5b39244fa0586cc0a82fe3d0e185d151e6c340c53072a61872

SHA512
f6bb5724dfc46476e94448ecb4650ad23197ca21965edf923e5d8bf51a31a707c058bca6cbac8e40e324bb54944da4129659dc2d2fc965e260bd40123a8aeebb

Download Submit
C:\Users\Admin\Downloads\BlackBullet 2.1.6 Cracked\BlackBullet 2.1.6 Cracked\bin\System.Windows.Controls.Layout.Toolkit.dll

Filesize
92KB

MD5
22d9d032858972b8ee628fa818ab04db

SHA1
6eeae133e394292c6c349f838114c2a39dfe8357

SHA256
e3d7f794442d9dbe99f5d578c0bc8d9e3198fe4055cf5581fc1de78085967c50

SHA512
6899b2650aafd1e88049303c7ee26ff7e0dfe201d8a7188386ef2354deeb32f611bb4b73a02be9127fc96d5b4d37cab9bdbec3cfcb3bf4cada43170ac4349e0f

Download Submit
C:\Users\Admin\Downloads\BlackBullet 2.1.6 Cracked\BlackBullet 2.1.6 Cracked\bin\WPFToolkit.dll

Filesize
456KB

MD5
195ed09e0b4f3b09ea4a3b67a0d3f396

SHA1
01a250631397c93c4aab9a777a86e39fd8d84f09

SHA256
aef9fcbb874fc82e151e32279330061f8f22a77c05f583a0cb5e5696654ac456

SHA512
b801c03efa3e8079366a7782d2634a3686d88f64c3c31a03aa5ce71b7bf472766724d209290c231d55da89dd4f03bd1c0153ffeb514e1d5d408cc2c713cd4098

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 709644.crdownload

Filesize
20.2MB

MD5
e9d36b2d529f6320b0073cfeab7ef95d

SHA1
bf96766ce1e7d3249ff8ec526679d4efb1e93a67

SHA256
eefffe9df34827e550181136a88d7f4cc1ac318a4a97ba305ecd3ea649b83ba4

SHA512
ac31b0ed9e6655a118c8ca7eb219c6a8041eeb06c4aeb66fe853dbef75c84555c53c856449721edc4747e252226b3598b81475f556a0881e27321634886d827d

Download Submit
memory/4432-375-0x0000000005C40000-0x0000000005CA6000-memory.dmp

Filesize
408KB

Download
memory/4432-371-0x0000000005AA0000-0x0000000005ABC000-memory.dmp

Filesize
112KB

Download
memory/4432-367-0x0000000005630000-0x0000000005650000-memory.dmp

Filesize
128KB

Download
memory/4432-363-0x00000000007D0000-0x0000000000CC2000-memory.dmp

Filesize
4.9MB

Download
memory/6032-513-0x0000000006590000-0x00000000065D0000-memory.dmp

Filesize
256KB

Download
memory/6032-519-0x000000000BB30000-0x000000000BB52000-memory.dmp

Filesize
136KB

Download
memory/6032-437-0x000000000A0F0000-0x000000000A128000-memory.dmp

Filesize
224KB

Download
memory/6032-436-0x000000000A160000-0x000000000A168000-memory.dmp

Filesize
32KB

Download
memory/6032-435-0x000000000A060000-0x000000000A068000-memory.dmp

Filesize
32KB

Download
memory/6032-420-0x0000000006020000-0x0000000006098000-memory.dmp

Filesize
480KB

Download
memory/6032-514-0x00000000065E0000-0x00000000065EA000-memory.dmp

Filesize
40KB

Download
memory/6032-517-0x000000000B2F0000-0x000000000B382000-memory.dmp

Filesize
584KB

Download
memory/6032-518-0x000000000B880000-0x000000000B928000-memory.dmp

Filesize
672KB

Download
memory/6032-438-0x000000000A0D0000-0x000000000A0DE000-memory.dmp

Filesize
56KB

Download
memory/6032-520-0x000000000BBC0000-0x000000000BC1A000-memory.dmp

Filesize
360KB

Download
memory/6032-521-0x000000000BC20000-0x000000000BF74000-memory.dmp

Filesize
3.3MB

Download
memory/6032-522-0x000000000BB60000-0x000000000BBAC000-memory.dmp

Filesize
304KB

Download
memory/6032-523-0x000000000C030000-0x000000000C06C000-memory.dmp

Filesize
240KB

Download
memory/6032-524-0x000000000BFF0000-0x000000000C011000-memory.dmp

Filesize
132KB

Download
memory/6032-525-0x000000000C110000-0x000000000C132000-memory.dmp

Filesize
136KB

Download
memory/6032-526-0x000000000CE80000-0x000000000CF94000-memory.dmp

Filesize
1.1MB

Download
memory/6032-527-0x000000000CDF0000-0x000000000CDF8000-memory.dmp

Filesize
32KB

Download