Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
2696s -
max time network
2698s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
29/09/2024, 14:53
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://gofile.io/d/kxad3X
Resource
win10v2004-20240802-en
General
-
Target
https://gofile.io/d/kxad3X
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 3396 SilverBullet.exe -
Loads dropped DLL 54 IoCs
pid Process 3396 SilverBullet.exe 3396 SilverBullet.exe 3396 SilverBullet.exe 3396 SilverBullet.exe 3396 SilverBullet.exe 3396 SilverBullet.exe 3396 SilverBullet.exe 3396 SilverBullet.exe 3396 SilverBullet.exe 3396 SilverBullet.exe 3396 SilverBullet.exe 3396 SilverBullet.exe 3396 SilverBullet.exe 3396 SilverBullet.exe 3396 SilverBullet.exe 3396 SilverBullet.exe 3396 SilverBullet.exe 3396 SilverBullet.exe 3396 SilverBullet.exe 3396 SilverBullet.exe 3396 SilverBullet.exe 3396 SilverBullet.exe 3396 SilverBullet.exe 3396 SilverBullet.exe 3396 SilverBullet.exe 3396 SilverBullet.exe 3396 SilverBullet.exe 3396 SilverBullet.exe 3396 SilverBullet.exe 3396 SilverBullet.exe 3396 SilverBullet.exe 3396 SilverBullet.exe 3396 SilverBullet.exe 3396 SilverBullet.exe 3396 SilverBullet.exe 3396 SilverBullet.exe 3396 SilverBullet.exe 3396 SilverBullet.exe 3396 SilverBullet.exe 3396 SilverBullet.exe 3396 SilverBullet.exe 3396 SilverBullet.exe 3396 SilverBullet.exe 3396 SilverBullet.exe 3396 SilverBullet.exe 3396 SilverBullet.exe 3396 SilverBullet.exe 3396 SilverBullet.exe 3396 SilverBullet.exe 3396 SilverBullet.exe 3396 SilverBullet.exe 3396 SilverBullet.exe 3396 SilverBullet.exe 3396 SilverBullet.exe -
Drops desktop.ini file(s) 2 IoCs
description ioc Process File created C:\Users\Admin\Desktop\Silver Bullet v1.1.3 By @Hacktiva_configs\Silver Bullet v1.1.3 By @Hacktiva_configs\Configs\desktop.ini 7zG.exe File opened for modification C:\Users\Admin\Desktop\Silver Bullet v1.1.3 By @Hacktiva_configs\Silver Bullet v1.1.3 By @Hacktiva_configs\Configs\desktop.ini 7zG.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 14 IoCs
flow ioc 384 raw.githubusercontent.com 395 raw.githubusercontent.com 55 discord.com 58 discord.com 383 raw.githubusercontent.com 394 raw.githubusercontent.com 396 raw.githubusercontent.com 466 raw.githubusercontent.com 344 raw.githubusercontent.com 345 raw.githubusercontent.com 382 raw.githubusercontent.com 473 discord.com 465 raw.githubusercontent.com 472 discord.com -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language SilverBullet.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 SilverBullet.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz SilverBullet.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 50 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193" SilverBullet.exe Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings SilverBullet.exe Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags SilverBullet.exe Set value (int) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193" SilverBullet.exe Set value (data) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 SilverBullet.exe Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg SilverBullet.exe Set value (str) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads" SilverBullet.exe Set value (data) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff SilverBullet.exe Set value (int) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" SilverBullet.exe Set value (data) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff SilverBullet.exe Set value (int) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\NodeSlot = "6" SilverBullet.exe Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell SilverBullet.exe Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg SilverBullet.exe Set value (int) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" SilverBullet.exe Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 SilverBullet.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2412658365-3084825385-3340777666-1000\{4F011596-5E02-4880-A5A4-1BA4E6F9AEFA} msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202 SilverBullet.exe Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 SilverBullet.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ SilverBullet.exe Set value (int) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" SilverBullet.exe Set value (int) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" SilverBullet.exe Set value (str) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" SilverBullet.exe Set value (int) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" SilverBullet.exe Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0 SilverBullet.exe Set value (data) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202 SilverBullet.exe Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ SilverBullet.exe Set value (data) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0000000001000000ffffffff SilverBullet.exe Set value (int) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" SilverBullet.exe Set value (int) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" SilverBullet.exe Set value (int) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" SilverBullet.exe Set value (str) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" SilverBullet.exe Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell SilverBullet.exe Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 SilverBullet.exe Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0 SilverBullet.exe Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6 SilverBullet.exe Set value (data) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff SilverBullet.exe Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU SilverBullet.exe Set value (data) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 SilverBullet.exe Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} SilverBullet.exe Set value (int) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" SilverBullet.exe Set value (int) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" SilverBullet.exe Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 SilverBullet.exe Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} SilverBullet.exe Set value (int) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" SilverBullet.exe Set value (int) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" SilverBullet.exe Set value (int) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" SilverBullet.exe Set value (str) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Generic" SilverBullet.exe Set value (int) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" SilverBullet.exe Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell SilverBullet.exe Set value (data) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 SilverBullet.exe -
Suspicious behavior: EnumeratesProcesses 21 IoCs
pid Process 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2564 msedge.exe 2564 msedge.exe 3452 identity_helper.exe 3452 identity_helper.exe 4040 msedge.exe 4040 msedge.exe 2788 msedge.exe 2788 msedge.exe 1256 msedge.exe 1256 msedge.exe 1256 msedge.exe 1256 msedge.exe 3280 msedge.exe 3280 msedge.exe 4844 msedge.exe 4844 msedge.exe 1104 msedge.exe 1104 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 35 IoCs
pid Process 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe -
Suspicious use of AdjustPrivilegeToken 6 IoCs
description pid Process Token: SeRestorePrivilege 4252 7zG.exe Token: 35 4252 7zG.exe Token: SeSecurityPrivilege 4252 7zG.exe Token: SeSecurityPrivilege 4252 7zG.exe Token: 33 2796 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 2796 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2564 wrote to memory of 3748 2564 msedge.exe 82 PID 2564 wrote to memory of 3748 2564 msedge.exe 82 PID 2564 wrote to memory of 3868 2564 msedge.exe 83 PID 2564 wrote to memory of 3868 2564 msedge.exe 83 PID 2564 wrote to memory of 3868 2564 msedge.exe 83 PID 2564 wrote to memory of 3868 2564 msedge.exe 83 PID 2564 wrote to memory of 3868 2564 msedge.exe 83 PID 2564 wrote to memory of 3868 2564 msedge.exe 83 PID 2564 wrote to memory of 3868 2564 msedge.exe 83 PID 2564 wrote to memory of 3868 2564 msedge.exe 83 PID 2564 wrote to memory of 3868 2564 msedge.exe 83 PID 2564 wrote to memory of 3868 2564 msedge.exe 83 PID 2564 wrote to memory of 3868 2564 msedge.exe 83 PID 2564 wrote to memory of 3868 2564 msedge.exe 83 PID 2564 wrote to memory of 3868 2564 msedge.exe 83 PID 2564 wrote to memory of 3868 2564 msedge.exe 83 PID 2564 wrote to memory of 3868 2564 msedge.exe 83 PID 2564 wrote to memory of 3868 2564 msedge.exe 83 PID 2564 wrote to memory of 3868 2564 msedge.exe 83 PID 2564 wrote to memory of 3868 2564 msedge.exe 83 PID 2564 wrote to memory of 3868 2564 msedge.exe 83 PID 2564 wrote to memory of 3868 2564 msedge.exe 83 PID 2564 wrote to memory of 3868 2564 msedge.exe 83 PID 2564 wrote to memory of 3868 2564 msedge.exe 83 PID 2564 wrote to memory of 3868 2564 msedge.exe 83 PID 2564 wrote to memory of 3868 2564 msedge.exe 83 PID 2564 wrote to memory of 3868 2564 msedge.exe 83 PID 2564 wrote to memory of 3868 2564 msedge.exe 83 PID 2564 wrote to memory of 3868 2564 msedge.exe 83 PID 2564 wrote to memory of 3868 2564 msedge.exe 83 PID 2564 wrote to memory of 3868 2564 msedge.exe 83 PID 2564 wrote to memory of 3868 2564 msedge.exe 83 PID 2564 wrote to memory of 3868 2564 msedge.exe 83 PID 2564 wrote to memory of 3868 2564 msedge.exe 83 PID 2564 wrote to memory of 3868 2564 msedge.exe 83 PID 2564 wrote to memory of 3868 2564 msedge.exe 83 PID 2564 wrote to memory of 3868 2564 msedge.exe 83 PID 2564 wrote to memory of 3868 2564 msedge.exe 83 PID 2564 wrote to memory of 3868 2564 msedge.exe 83 PID 2564 wrote to memory of 3868 2564 msedge.exe 83 PID 2564 wrote to memory of 3868 2564 msedge.exe 83 PID 2564 wrote to memory of 3868 2564 msedge.exe 83 PID 2564 wrote to memory of 2112 2564 msedge.exe 84 PID 2564 wrote to memory of 2112 2564 msedge.exe 84 PID 2564 wrote to memory of 4196 2564 msedge.exe 85 PID 2564 wrote to memory of 4196 2564 msedge.exe 85 PID 2564 wrote to memory of 4196 2564 msedge.exe 85 PID 2564 wrote to memory of 4196 2564 msedge.exe 85 PID 2564 wrote to memory of 4196 2564 msedge.exe 85 PID 2564 wrote to memory of 4196 2564 msedge.exe 85 PID 2564 wrote to memory of 4196 2564 msedge.exe 85 PID 2564 wrote to memory of 4196 2564 msedge.exe 85 PID 2564 wrote to memory of 4196 2564 msedge.exe 85 PID 2564 wrote to memory of 4196 2564 msedge.exe 85 PID 2564 wrote to memory of 4196 2564 msedge.exe 85 PID 2564 wrote to memory of 4196 2564 msedge.exe 85 PID 2564 wrote to memory of 4196 2564 msedge.exe 85 PID 2564 wrote to memory of 4196 2564 msedge.exe 85 PID 2564 wrote to memory of 4196 2564 msedge.exe 85 PID 2564 wrote to memory of 4196 2564 msedge.exe 85 PID 2564 wrote to memory of 4196 2564 msedge.exe 85 PID 2564 wrote to memory of 4196 2564 msedge.exe 85 PID 2564 wrote to memory of 4196 2564 msedge.exe 85 PID 2564 wrote to memory of 4196 2564 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gofile.io/d/kxad3X1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2564 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb96746f8,0x7ffcb9674708,0x7ffcb96747182⤵PID:3748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:22⤵PID:3868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:82⤵PID:4196
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:12⤵PID:4316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:12⤵PID:3008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:12⤵PID:1196
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:82⤵PID:1460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:12⤵PID:3772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:12⤵PID:3892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:12⤵PID:5048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:12⤵PID:3420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:12⤵PID:2456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5836 /prefetch:82⤵PID:3544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:12⤵PID:1460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:12⤵PID:1396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:12⤵PID:2456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4024 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:12⤵PID:1652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2768 /prefetch:82⤵PID:4660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=2740 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:12⤵PID:824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:12⤵PID:1512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2240 /prefetch:12⤵PID:2484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:12⤵PID:4292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:12⤵PID:2068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:12⤵PID:3876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:12⤵PID:1052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:12⤵PID:1196
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:12⤵PID:1948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:12⤵PID:4864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5308 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1256
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:12⤵PID:4448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:12⤵PID:1948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:12⤵PID:2524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:12⤵PID:4984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6944 /prefetch:12⤵PID:764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:12⤵PID:972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7304 /prefetch:12⤵PID:4940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7436 /prefetch:82⤵PID:4992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:12⤵PID:4500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:12⤵PID:2316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7812 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7804 /prefetch:12⤵PID:6116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7328 /prefetch:12⤵PID:452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7888 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7880 /prefetch:12⤵PID:4756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7572 /prefetch:12⤵PID:6128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7612 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1104
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4496
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4052
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:652
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Silver Bullet v1.1.3 By @Hacktiva_configs\" -ad -an -ai#7zMap5540:144:7zEvent268121⤵
- Drops desktop.ini file(s)
- Suspicious use of AdjustPrivilegeToken
PID:4252
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x46c 0x4281⤵
- Suspicious use of AdjustPrivilegeToken
PID:2796
-
C:\Users\Admin\Desktop\Silver Bullet v1.1.3 By @Hacktiva_configs\Silver Bullet v1.1.3 By @Hacktiva_configs\SilverBullet.exe"C:\Users\Admin\Desktop\Silver Bullet v1.1.3 By @Hacktiva_configs\Silver Bullet v1.1.3 By @Hacktiva_configs\SilverBullet.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies registry class
PID:3396
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵PID:2572
-
C:\Windows\system32\rundll32.exeC:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask1⤵PID:6344
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ff63763eedb406987ced076e36ec9acf
SHA116365aa97cd1a115412f8ae436d5d4e9be5f7b5d
SHA2568f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c
SHA512ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f
-
Filesize
152B
MD52783c40400a8912a79cfd383da731086
SHA1001a131fe399c30973089e18358818090ca81789
SHA256331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5
SHA512b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685
-
Filesize
38KB
MD5ff5eccde83f118cea0224ebbb9dc3179
SHA10ad305614c46bdb6b7bb3445c2430e12aecee879
SHA25613da02ce62b1a388a7c8d6f3bd286fe774ee2b91ac63d281523e80b2a8a063bc
SHA51203dc88f429dd72d9433605c7c0f5659ad8d72f222da0bb6bf03b46f4a509b17ec2181af5db180c2f6d11c02f39a871c651be82e28fb5859037e1bbf6a7a20f6b
-
Filesize
133KB
MD5d4f5a5fcc39adc617b4ea892a6215788
SHA17d89cb425f9740ba46b9925d90f54aa320a0ef5b
SHA2569434115017729880acd3201847eaca6b6b77d615077b20dafdd4341d16ced868
SHA5128804847085fa93ef84d2e56301aeea8bc8e18be932888b584aca03c126de2ab3f608e80d38195ec68a0f4b1b54d270e6ce39c19664e1af91d90b093de8614f78
-
Filesize
400KB
MD553bd54476c1eff24a7759d5a5d6725e9
SHA16517257e04c0bd31ab3721a26031ecba103d5f16
SHA2561c52856f9547999ea46b052d87bce8c9477faf10a57fc591723ac939a7868477
SHA512f1736478707adc13e35514dd005b36f66deb01ec4c84eaed5c1355fef7ad00310a8c4448f3b1bfd9ed9f650d9a669e4e9096cf05f144b4228b484d6da56e1b9c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize5KB
MD5c6a4eb2b2c19351126c2227a21b5393f
SHA1198cafd99bd7cb223a1ad0855e2a4749edb40aa1
SHA256fb62bf1cb86937187b9cd4cb2cba18f138b729e5dcd9a6eb0509a889f44fe3d9
SHA51297b53c57b4beb5014de85d45a85aadff8d5b5e13ba590f674188d7327ae466dd062f5eba01815b20aee887b3b03ab6cc423aa44285dc944c21f450e4e475c15a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD5ac66ef54d6c56e95e777be4be2b78cb2
SHA13dfea6e83d3cedc6e329e4a7c1087be9fd314bd5
SHA2569ff7111b4bc91848129732bb9a06679fbc6ef2e641275ddfbeac7b9d52436171
SHA51224956ddfd4ed5ccda46501c264f3f1aa8f1f0841186588a1767a4bd4b0d0049d2f916f62f35244fbf8bc4e488fae516ea981fa5afe4fcd8d5c0015d9fc505066
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize5KB
MD5497f88f33dca4bbd688f4626946e4bc3
SHA178f9734ee1c17b07d7070224992f517e9b8518cb
SHA25677a9fc76d5d1003a2ddf31594fe09a479052eaf09b06549e80c7b001ef429441
SHA5125ae3ddefce86811e306d8271c266ba263a580b3e1f5a5b07b97c9aa341cd6335da16d4db7938f6deead5a2f1877b72df53e1303a9108fd88469a5afc96a585df
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize912B
MD5f084aeee01d237d12f16ed3bd83e60e6
SHA1934ecaf1e83acc15ca7c2c4d49af22f63cfabeef
SHA25684ec0bf6452ccea5aedc6a4c7e0eb43408a34cfd9641c0e524b51fd9a476602f
SHA512b4caef4fe1ee9e8ab906435a404168c75e46b7fb2bdb5a5527f6f56db46977faca2da0769e0ddb5c4e4538187126916d6405582c099ce97ce519b9acdf323d8f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD56a0e21185e9904e3e965149f225dcdfe
SHA159e2828a71f57059c43afcfac8ecbf5833c7f6ff
SHA256fc379dfac01208f02048edd06b3efce256f9ae3b7333eb9b2b281fb5a8605384
SHA512f20e8da34ddc55c5c4c4eb4dc08f7e9d3299039ccc43ff25d31cebb000435ef617b9c9536f0a37d7a6c2c5dc0b67e52cdde2e8e9bbf5ffcc0d4f0049501c6f59
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize5KB
MD508ef08c97928027c5b7f2767935440a1
SHA1a3b686a5a938600dc6c3647700f0b375ad75ca6c
SHA2562ccd4771b2d551d0d9f61d88b21d63cef0bafbba171c34c9c2fc2886f2c06f2e
SHA51247c80da6ff6ecd519440ad7137e3b064e23b97a1dcaf26640aad40c459fd9f9289f31393df84b4d6af0e1e778d23910aff7e046437c65cc1a5ef2c91445c84e5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize288B
MD5123bbe69410b9eb85242c485724f1d02
SHA1d648c93d345acc2d667abd502dbb35e60ba5ea6b
SHA2567f4ca29e35c049fcac7dd96f8e3a44d44806000852bac6fb69bcb7d9d87fb37f
SHA512e5e1bd6fde445b095c3bd14bff6cb153019f146d1402b2c7bbbfafa65ac9905a542beb99a6a2fb50874de0d85e93a13bf9ec69622bbcc851dad554bec291564d
-
Filesize
1KB
MD544e34d1dae20153271c37aad67922806
SHA157dc628b16de8ea04e27a5f03b9d79b932886260
SHA2560a0558536781c4199cca98c1741d391987c0433d201dde9464eb2ce87226e156
SHA512e0f298947446ea24f47d1257fb7770df8079f718d5ebe029c562dc6cf72ef76920ab5efadf31eb6cbdffe256dbdcf9545d97d3463d09cb928681f8d9589246ed
-
Filesize
1KB
MD5c7b70e1e8a6642d7aca6a7d12e2925f6
SHA1ba9dd971fad5a2d702eeb0c91c502ad6c8af43cf
SHA256b3e9182efff03dc06d4f55ceec3c30f1712f51005deb56dea13aeb481d7ee3c9
SHA512f31f3f836a68127675a7d5089b367d2457ae90d84d92f9d4c9b632da70b8a912b27190291e27da6ecf60ef55f2863d3f1bff425889009efde65477d2d8d2b17f
-
Filesize
7KB
MD537c353c223118ea433cfc113deab0457
SHA11ce9fd1f7d06f62dd79ddcc2fd58bd846aff941b
SHA256ad92495b5ab51ab8df6b93356c9f8fdaa548cb77975f5f44f939932414e471d0
SHA51231a65a753f85bef923205ca6f0e430703575bae76fb1104a1721a3cd77b8b06522641efa8ec1d41be6593f7033494c29158f229ab284b1c3fc789cdd29f8fc8f
-
Filesize
7KB
MD558790d7df727b5167d717bbc1d8e716b
SHA19d999051ee74f62d3c1bdf82a160bc9e9da5e0d9
SHA2567bf590b17b434bd4c0b261f552f58fde714c89d7a87f6ab0617af71c7d4dd953
SHA512e679889db272ec0e7466dc4974352991277ec47a24ca642de75ed2ad875332a91c9555329f91184c5c80381c0461f938ff74edc37dc9da229323419437121a62
-
Filesize
6KB
MD5deb386e6be0808d67d3c8d0a79bf9cfb
SHA1360760e942539a7184251c55a7b61ca1575a97ae
SHA256a91a8aaf4e23986c83adfb8ad3eef422be36d9e7952ad4fd31ef63fa6805b2ca
SHA512e29272173e81b8b4934c19a7821fd396321da607c11e2a8ede174c8fcc0239411bb48677d7cdd49fdfa909e802891c1635e4d002bf8f4ba3fdce29484155bbb7
-
Filesize
10KB
MD50241c3ccbfa077918fa5e77677570a60
SHA17efa7e95a6592697c3d369ada58a6073061f4b25
SHA256f5be288a52bc3154f6244847da9c01feaab14d459217d799a3c0b45fbbfc4214
SHA512371f2e3996b3c3aa4191ec778e363d10bb47a634ce9c8febefdf4f42d547110c3145057c1206e170901aea00117b1c08337673063b63fd22e11f9a29208c5548
-
Filesize
5KB
MD57a00207d15bf26f65cde3df0865b4075
SHA1eaafdd0b46d4697720711587131204ece121f056
SHA2569471bb6ac1f09e38e1c6ff9f45e8d98bc2fd941113f9506ae92ea3e2153c458b
SHA512b3be8ce2c7e2b71616575deac95cf4f24b3d576115fe00d73fce0759c26e424dc453c7a3006c197404a496c7901b19f09e0bf56c3702e38bacbb40b59f3190db
-
Filesize
6KB
MD5d9bbfc53bd306a8c201981f93764c62f
SHA1e04f82498a9b66e753731847beb40f9cb812ce8f
SHA256a3ab3408d8a6f940065214eadfb0364523c2e52022a3107001b2df99e5bb010a
SHA512c5a984362d97fa5a711f66512cfaf7a16d194563521f42fb3895832f4d81c64769143e8e80d6126490a3b658c7b7e0f58dd08e2e66dac19cc519e24adca1e9d2
-
Filesize
6KB
MD52a88c0aadc8d50bd825abd1d09b39862
SHA154eb0e36e5ceee6d7f8bd46db8576e3ee699eeff
SHA256bdf2f224e51efaa7a7813a312cf899af138f74a9d794ef55147b48db383b4d5d
SHA512be8c7ea7950abf6c3a6617d802b1301fe6f46d31cada491b77b7b526eb4e128aefb199d53bbdb11e7cd2c47f56eea1552e0f498e6cef62c8580773a954cd38a4
-
Filesize
7KB
MD589c4ddff833ac0e0aab4cd8640a135af
SHA1de54b07f2067e5609eb3d4dc9296fb905ed46008
SHA25621aae75c65a5987a33d065e78575f0b7789f5190245cf69370a81b9f09391dc3
SHA5129236ebb04af6f3c231e59b1455d29aee87a1ad24576a5a83252d904a1738d33defbb02325d4bf8f2a0c1ce51cd04e756d974f51d982f473e296d263378c386fc
-
Filesize
9KB
MD548b54a209a987502ce859a0cb207bf06
SHA13a9d557d908072363fa557ca72b900c8b0c348fe
SHA256097e6b182532299f2af680eadfec953a9a661750e627da99f5e74db54873b32a
SHA512142e78e77c7a8db9a5ad17cc648846d9fbe5400faa660c4d9daf5e5d9047a028943e3fd6722711d4d85db7343573c37a09c430478afc44cb314a62f969b189a3
-
Filesize
6KB
MD548950bdd413070f78e3a6daf1734978e
SHA17dc6719b2ac54e5b0d1d23dcff1b44ff1ded7ad8
SHA2566203077e1a8acb4948cc7fd980ed3bc7107284b229c7e3eadd1dbee9151d2a22
SHA512cdcd2a9d5ca9f779c7a16a908bf9c4f627c24064656e972d4c36f7dffb2d73d62ab098cd63e6aa1947a42800b26d04ee4b40ad2b2b9280fab1b3d32b4a98d263
-
Filesize
10KB
MD5fe1f13fe5cde89cda4b3172551fe6a29
SHA14e63881aa484951b81ab5de3817e2348909a9de4
SHA25639f4e279ebccd473fc39498de9509d4b59356fda4fbb39047c70040c8c3e0db1
SHA512076b3d5d73a6b095fd507b1e948ea8834ca6b961c29457f1757e227eed7c66fef4cfc2599d1c2d7a768f9cdf6a8d7931268c749d34c64fd84a08c1d0061fd489
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD5b014a25b1ee294354ad51791c0c8769a
SHA164269cc1d62ae64d7189be69b80206e33cfc2129
SHA25627342a386dab45d438ff4ff283d552ff2b3cb233ba1a9bc0e679d3651efb2d7f
SHA512b54e9ac468c3fbb2777bd8b712fd60a2bd624b727974a2e01e535a5805ec19229409869943547c79edc5ead67eee287c2c573e5e3b2ff6ea41d74c18324b750b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a159c.TMP
Filesize48B
MD5bef7fc47e96119cd61a4cd491df06258
SHA1cfcd48cb706c570e701b657e0e68e63084466edd
SHA2564109363560c44ff70aaedd6344e816d6499ad0b9e90d9d87f3e6e7e65b3636c4
SHA512cae6ac7db615cdd9a0ffe020745477f3d1974abc03794819a8e3486671e36b5f3d5b881ee5d389dc6945fa7a5a2b4b7976973b1c04822b512fe21e416179c8de
-
Filesize
3KB
MD5eeeff6c5938bd668678c9c7bd986cff3
SHA139c608faa7bc3a60df553cf1434ceb7c5834fa8d
SHA2560bd85edef54433d64d75ec1e866f6ca570e77380014c8e9e565c5e1121a3ba1c
SHA5129d5051236fa62f14c630d0572366deee237c55eeace584dac64429e7d638a4037f0f97dda395de1d321e535a42d4fef8609d4270854de361cf3f236aa113076d
-
Filesize
1KB
MD580c5075429592c1a75ce1f1a03261a71
SHA196372a00de9ba5174c2bd72fd4197a9ca15dc2ba
SHA256b7be78e59d5fc2cad5f1fca563cca6ced339550fbe5dccefd588609932508f6e
SHA5120cec9aa86b8e5456037c3c71a73fbf71fb6873c6501c4474b9845b753689fee7759957f81cf34595b8eaa148f145beaf5a4b40f6ac211e86e24d5eb3da6149bc
-
Filesize
3KB
MD5620344f5cc641760639b57201b45ec26
SHA187f19693d681c82e15ef0e63ccb845cef84a8e2d
SHA256cbed6032545b77a2de620f163d53794b55081f0e583592271bd2b527941a38ec
SHA512496abfb67fba5770b4388f3e57bf1657c008725696c3c01ac1b0179c048a87b378e7287e8410ea6d0b56308196e3797f584680c72c32f63685cd963edb11f46c
-
Filesize
3KB
MD54eb14dfd65d50f7fed870ed654d2983a
SHA14124ec904cd9cf4b4624d9ca9ab6e203ae293832
SHA2561e5cada6a1dacd6ad68db63e1c3dc762d0d3404e2cbd4f8feac180d72af8fdcd
SHA5122cca1db09caac0fec06c7e74ff4015a8f407bec038ffe71167d4dc4ce01256ca41770ccff04af6c2054d3382ffe6a295ce9a5fb887e9a8df59b186b75b742f30
-
Filesize
3KB
MD54a6ff099b7592b50eef1ff6960ffff9b
SHA1c163c1230d439b1a6ba71f29715e2fc9ba579842
SHA256efc519bcf66ad58bc9a10946f6c969135a5fc9dfd964306b083d0b80274f9f70
SHA512d7b39cc4dcd7ea1bd97ee64c8aab2baee02980371a37abb8933e7cd87f585ec39af20deb89debd0144ada79e29df4675a4e8c63ec53041abbe35db02b42863fc
-
Filesize
3KB
MD518e0dddb4e7bcb264fb9bcf67bd3cde2
SHA1e79467c5f003a52f5ce348501899fefeef07c6de
SHA2562982db42e0b206ba6e0edcaba3ac5e8355bbcdde1d0f4d03ed7158ff1e0b03bb
SHA512627de2787db71b3a3bf94ba1d73644f8706c978babfe40522568761e6c0476af745c40167521270d82f2b8f31d4cb6854fa6fbea81974df490d923cdcb4de2fa
-
Filesize
3KB
MD51805194905470cf0e2b046f1366b1e84
SHA12bad7275f3369b41106759b463116a777b5d1919
SHA256db3bb5926f57b7b874c5b9986edb8f4dd5dcadca18f3f142aa52fdedda081d18
SHA512550209eabcd5ed9f522b794c57dff017fdbcf2cc24d1e0bff60294a9bfccc278a2d1bc573e4e042c05f0a2516f72de613cd87963514979be8f3c5d004f47d1fd
-
Filesize
3KB
MD5e83648d362555c70ab7beb9f03f24751
SHA1dfb3568380ad25dbed663bf2d3a29683ad1b8ce3
SHA25601c7e818a4567657da8de55028df85621380bd8797a33dae06a66dd8fe04f25b
SHA512c245387dd5719169852328a0e48fab79be768ad84c1a4126989120bc29ac2e3cfb25d4d2aeb761494f76f16071edd35dc0869c4034b727eae8a78d839a921560
-
Filesize
3KB
MD5fe043ee3e65660ce8a4e35a1d7731a6e
SHA17293b866f5ba6a36bc1301e35a7163d422270b67
SHA256a35ac61ab8bec0fa1644d8ebfa7b466a43b353bd2d95fa5e278bcc6c57fb3bbd
SHA512259f7530ca2e32f066611c7ba3c71f6777f47ade222d158d51a3d9cc2a573a1a4da81aee23560b890378989b445359c04d99ceaa7498c447906a0ed8fb66542d
-
Filesize
1KB
MD58d50e748ddc80cf3625693a76d0c9114
SHA106a3bccde57ef71c23a9ceffe0214747690ddb39
SHA256ee99f7ea8e75b339df438cdde60f5580aabb4b151a8a953f66544bca62da866b
SHA512bf28e2f4d5f2c1a5da2d00902380060664264e26df7e3b5f8d821da5babc63e1750145cb3859adf93721a96ec08838a5048c608a1b286ba4dfbb2c520f5202ed
-
Filesize
3KB
MD5e48bdd7740dcb9461cb050d83d945d32
SHA19a838bcd216eecc325f123ace030bd2cf114d2b3
SHA256ce9e6f50904a70aa8af76a625f7655a55c76615f751f61947e6d50d0fdf654bc
SHA512ab0c885c1e5dac251cf45c815a9292ad60a15d56e7d0a080dcbe1262df64ba388938c16253daab8f80192a327a87f4f2a22ea92b68cd1749e7b93d238f276c18
-
Filesize
3KB
MD520ba035dc6af73e7754fdbb77b767818
SHA1e0de4a9bccba1bc7ea76018531507321fce0b16d
SHA2560a7d152bd0271214bd8894a1d77a0856a30f9986fb43fefb3ec98bca41b061ae
SHA51213d0f424c7ff6ffa6a726ef5bb9adf3a6dabbeff4b3272b4fa868c075c55b9a20953dfc75d0a66398a782d523c01ee33da4a369f1db2ef5408e0a5e1f934e1ba
-
Filesize
3KB
MD5cab31b7370fd2319a79ac8a8dd2c88ad
SHA140ee40b35f531b8523610bebcf193324e6897494
SHA25682cb06d108800c54cfb362025dd6dfd6a22463b93362c31bc2683caf2501b33e
SHA512a274ae4050efb52009d2c5e63613b35df3cccbe58c93152dce8ebb02f1ea6fe094b45ec6f8d191a6675b0785a1c7405c9731519e1e66970658e78822c03c4d13
-
Filesize
3KB
MD513f0d83b4ae4f817ad572e935d5aa903
SHA14e51dd1285ebbf852d65e6b035eac2e73f1fefac
SHA25683f8003ddf23933e45426baebe374fb3df602b43e568653b7fd7525a000a250f
SHA5127d3db4f05f33aadc69cc6e4d8297891c09988082976ac8fd0a9bca52e29ad79c751a8d85d06731457f2260fa8fbae8edd045e1e0af3f1ae2ff7de11dc51523ec
-
Filesize
3KB
MD5c53f9cfb93fcb22d891d75d4c65ad101
SHA13bec7d3b3fea359bd6a7f2fac977cca257088085
SHA256e1887054cbdb49d4bf59b4d845c17dd5a8f9a54a8e7c0326c344cb9c8b598a10
SHA5120964435274a4c78aa9c60e79b91d82c74ff82de3836dab326206d4f304ef430c95e5c74a02defbb57905b5b8e7ef4baf0e281b5d6113fbdd4a6d78affbd46991
-
Filesize
370B
MD54a1d3292389ea00ecb72a233341f7e58
SHA1541b8546469df64250bc55275d4b8af7b5e494df
SHA25618ce760ebfd71134861eba786c899984c3ea68af78765810b6a835efa5d275cb
SHA51245ab82d4c866df7206558f09f4b406ff7c8e74bd936aa3ea046dedd2c56cc6a1ce669c16cd3e45a7677784bec2ffd91df95bbf3b6480854370e2773f5148163a
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5d1ecf0de3d4f48783cf21eb638089a6a
SHA11f06a38a8bfeb1744c942a15b360fd8bcada8aed
SHA2563d1c0010188d2dc38d1c25424718f0a2a4bcf2c8d9395402563bef65df871dd4
SHA5128494f00ea878debb3eb066c1ab43b0bad645556b4ebe2f7b483dff8ece660ebae2caf58ddb86bc232904d58370638b4eb437ad9211683ba8b6c6a2ebb4968e25
-
Filesize
11KB
MD5b88f283c5f6bd286835767933a2c2813
SHA1ae8ada4c42e13d5e55d47290e5f0820f57419c1d
SHA256045b312f096e58460cb66047fc7025e37abc56aba58cb620ada4bd7ae7a0007b
SHA512cbe87ae0f6f6491241b2e52e636a9297a0ee52613e8efe8925b87658120206fd83f256f69d6f8d8dcb8e29e95f7e399983edde918df91eb5bfe7387f72c3d744
-
Filesize
11KB
MD57d6b9b3ac6134a4a418a9599e52f89ff
SHA1514375cbaa8a4ff229da37ff019f3d45e40e95e4
SHA256bf069a061d77151f0c067ba43cf90303f8f306e0346cb0444f5b4e60e42524bf
SHA5129c596a1293fba14ebdb2366bd4930a2eb2d5271c504fb13ad89a8e989d39cc1877caccebcae43c1730660c962cda208dcc43632124ecf903c16054025a2c876f
-
Filesize
11KB
MD5241501578e0b703deca8d789f2d7cffd
SHA1f9fbb30420a7c5d87e0ee7aa57577d9731a71900
SHA2564c5a854ea00b41a0b56deb30dc04dfbc0872eef5a77e1e8f558b138ad0b67e94
SHA5124a26551fba7c7333fcead3f146ce5f2ea8db507aa1a3bb5030ee29c9a5c90bc7290d4e72b0eb46c2d5874dca4b690e816218742bcdeb76c9f600298d0a67f3bd
-
Filesize
11KB
MD5a4be27687de3978992cae621fa59e02d
SHA1fed6c8aeb4c3d72d73ec5fae61825539750dfa7a
SHA2567355b8bb8c6be3d2e15607b182f1d919b5df5b2563aea1a69fbe993c17e69745
SHA512ee33a8d7013192516f09f4ebc941baea40a54cf73b88dde2aca42cafcc136cde2a96267a5256c8985e57de37d402d5c2d55b0bc84827ef2e7308a857f21cd24a
-
C:\Users\Admin\Desktop\Silver Bullet v1.1.3 By @Hacktiva_configs\Silver Bullet v1.1.3 By @Hacktiva_configs\SilverBullet.exe
Filesize2.1MB
MD53f89deb4acf3a85a8f13a8d331f549ec
SHA1a4c5c6080d3608de2f2a131b2363e0e113315b2f
SHA256ca6a148be5d5a4ab3dd790bb666592e8a82544187a6ba17b31656d6ad5b724fe
SHA51254bd6556afd1e6d60bd9ef04a5c681e637f2786326e3f27db6e2d858eedfe1ce0ffc3c91e517b63ba9028c2eb7b283bd6fc37e6b0173b57fce78bae4f46ec920
-
C:\Users\Admin\Desktop\Silver Bullet v1.1.3 By @Hacktiva_configs\Silver Bullet v1.1.3 By @Hacktiva_configs\bin\CaptchaSharp.dll
Filesize110KB
MD5c1dcac26d8544c9f233df4a250869607
SHA196e1f221a9a3943c1f6f23594ddf373cac7689ed
SHA256232318398b7ec25ca292059aea773ef440f8fa8b00769c91d94e8e0a32893d61
SHA512e8822a45ac103b62ea2969253f7c238880015971d524bf55a9e6a9faf4a222eb469b627544aeb7108a8abba304dd350a28dd48c032dea088e13a7b688b9c2792
-
C:\Users\Admin\Desktop\Silver Bullet v1.1.3 By @Hacktiva_configs\Silver Bullet v1.1.3 By @Hacktiva_configs\bin\Extreme.Net.dll
Filesize121KB
MD5cf9c5c9aa637504a2d9799b139e615f3
SHA18daa7710f0748eeadb870bb0d62659a9ff8b6f44
SHA2566f4f3b1fd4f6f2a396355a651a7686bb4998c2aa900bc33804a7e0742fcabbcc
SHA512a828051372ebc1dcaca60edca8646d14654bb95fcb256291ac02d51d8aaa412580aa84b87df1e14cadc25d5547e1a612076f8cf90693492093c93a672e277a6c
-
C:\Users\Admin\Desktop\Silver Bullet v1.1.3 By @Hacktiva_configs\Silver Bullet v1.1.3 By @Hacktiva_configs\bin\ICSharpCode.AvalonEdit.dll
Filesize605KB
MD58f36b03d547fb3e0f9654d4f3074b89f
SHA1efa7dc54a626c20cbaec3b19b517a2ab64ac6e63
SHA256941d014ff2689248704b92e4de92bc7a6015a4fcd31dec426ef2d727acc04231
SHA51227c3020357d19a1498fff8c70d86e501b2b691a179fcf82d4590f371df6130157e7a88c97d5d22c9dcebd4d94af54d2aff90bb12589b88e6b65f3f50e9067509
-
C:\Users\Admin\Desktop\Silver Bullet v1.1.3 By @Hacktiva_configs\Silver Bullet v1.1.3 By @Hacktiva_configs\bin\MaterialDesignColors.dll
Filesize295KB
MD501a9e121917c0b03878d6d38fab65b4f
SHA1aa7bf2edabd7b01101b72a0faeb2a1669fab55f3
SHA256d4360d786d921e21f9efee7f4c92d953784f5ccb195c49eb718de36c3699cc6a
SHA512ae7d2ade379090c6fda41dfa108562f8dd823f2af251c9b4d3307784cb9ee99e9d1fd17a28014b62e77f9a8a8ecf70f31a9e1d9242389420b4f24631ae6f47ca
-
C:\Users\Admin\Desktop\Silver Bullet v1.1.3 By @Hacktiva_configs\Silver Bullet v1.1.3 By @Hacktiva_configs\bin\MaterialDesignThemes.Wpf.dll
Filesize8.7MB
MD5512d66bea27476f776e32ee5f766b8de
SHA16b54c6e26a45a487e294c6ae1eb9e54327d37e4f
SHA256bfe82bd0be7e708c1fb24b9c178ed0c5f5931954b41d0c493d14cd40225a3451
SHA512034ae0916a4863a8966375f7f3f2aca64a877137628ee250c3c8aec65e17ee7c575974fb3994f86515ae21931d21700071a69de974758cf5d1220d700c6cc39f
-
C:\Users\Admin\Desktop\Silver Bullet v1.1.3 By @Hacktiva_configs\Silver Bullet v1.1.3 By @Hacktiva_configs\bin\PluginFramework.dll
Filesize5KB
MD5a2e488c6b1df009c4c2dc7917baa1c9f
SHA1c0d2c3841fe663af1ffa5ecef37848921052d34f
SHA25608ce03ae16e08c875bffd625213475a1a20b3ec6c19aa502d17cdb62b75b347f
SHA512e029797b21156af8cbdd17156f0751541ea0cc294ee602e4807ce465c43c56111d580c2339ce5bc591355aa2828a8fcd8a4e5f076e734e811ad999c196d95b0d
-
C:\Users\Admin\Desktop\Silver Bullet v1.1.3 By @Hacktiva_configs\Silver Bullet v1.1.3 By @Hacktiva_configs\bin\RuriLib.dll
Filesize419KB
MD55dbc819b693987277d76b1ecec1bcd94
SHA151fbfb4a678aa84bb3ad046b1b89056047ee04b0
SHA256984f317522a7346b2164c872c2fbd94bcd29e8485225fdd28f25a26045beeac2
SHA5121e8cc77a53e56a6d6205ce2c030e3d7d8ead61f70d38ae80947ab21d5ce2083cd3c813c1d457c7bd2dab5e57deb15e9f99eeae7965e061a7b2e56024aa2fbde8
-
C:\Users\Admin\Desktop\Silver Bullet v1.1.3 By @Hacktiva_configs\Silver Bullet v1.1.3 By @Hacktiva_configs\bin\System.Windows.Controls.Input.Toolkit.dll
Filesize106KB
MD59722713e648f42b57299e9d2cf3d5c1a
SHA1a4d0dc4f09ce84a33f1aa3e0c5cb4ae131f9fb0c
SHA256bc3a78eb4df2fd5b39244fa0586cc0a82fe3d0e185d151e6c340c53072a61872
SHA512f6bb5724dfc46476e94448ecb4650ad23197ca21965edf923e5d8bf51a31a707c058bca6cbac8e40e324bb54944da4129659dc2d2fc965e260bd40123a8aeebb
-
C:\Users\Admin\Desktop\Silver Bullet v1.1.3 By @Hacktiva_configs\Silver Bullet v1.1.3 By @Hacktiva_configs\bin\System.Windows.Controls.Layout.Toolkit.dll
Filesize92KB
MD522d9d032858972b8ee628fa818ab04db
SHA16eeae133e394292c6c349f838114c2a39dfe8357
SHA256e3d7f794442d9dbe99f5d578c0bc8d9e3198fe4055cf5581fc1de78085967c50
SHA5126899b2650aafd1e88049303c7ee26ff7e0dfe201d8a7188386ef2354deeb32f611bb4b73a02be9127fc96d5b4d37cab9bdbec3cfcb3bf4cada43170ac4349e0f
-
C:\Users\Admin\Desktop\Silver Bullet v1.1.3 By @Hacktiva_configs\Silver Bullet v1.1.3 By @Hacktiva_configs\bin\Telegram.Bot.dll
Filesize333KB
MD55b2c215ff48861efe9021bf4f5af87a7
SHA16ab9e5ce1b85df4b17a4de7fab091601053ee28b
SHA256f42969849a1b91c682c364650d068cc67c55d89217279079be2c6421f835304d
SHA512b87bf6803bdfb4868fe9212c9e5d0c91e9695ba4159f32a747489e863e73c312fd8e0ab843d15aceb86fae7e6d6e9830e3a059419bc4b0e660bcaf384281c8d6
-
C:\Users\Admin\Desktop\Silver Bullet v1.1.3 By @Hacktiva_configs\Silver Bullet v1.1.3 By @Hacktiva_configs\bin\WPFToolkit.dll
Filesize456KB
MD5195ed09e0b4f3b09ea4a3b67a0d3f396
SHA101a250631397c93c4aab9a777a86e39fd8d84f09
SHA256aef9fcbb874fc82e151e32279330061f8f22a77c05f583a0cb5e5696654ac456
SHA512b801c03efa3e8079366a7782d2634a3686d88f64c3c31a03aa5ce71b7bf472766724d209290c231d55da89dd4f03bd1c0153ffeb514e1d5d408cc2c713cd4098
-
C:\Users\Admin\Desktop\Silver Bullet v1.1.3 By @Hacktiva_configs\Silver Bullet v1.1.3 By @Hacktiva_configs\bin\websocket-sharp.dll
Filesize244KB
MD57379936cac71973885587a3bc6fbb70b
SHA1e72fec39314d7eb75f13c1ff0459515d95dd910c
SHA256fb06ffceb4f8789c893d2f292e5810927dd7266d3bad68df2cedb8775500e8be
SHA512d9da358bcc134232f6418d49fe98c427ad49fe8a212a2f166fcbf1718d0a8f8b0fa055caec30b267c6e4b1b4d687f08394830e3fadbae812c4b255abdf8c7b7a
-
Filesize
3KB
MD559f7c957f86d85da45af59189202c90d
SHA1526cc836498e9cb3fb0564838007855549e83cf9
SHA2569c3771cac2d7270cbc6b6d2bc5423a39d23317a3f5df5d63a3eb853ba41c2387
SHA51207a6dce2783e176c2d00ad2f8359dda88a2c1d9b0ec2cde44fe0b930317ed20d5117508dd4ddaa5f3398b8323f44f3b16037c7ad9c6cfdb3a40c2935fef5685d
-
Filesize
96KB
MD5244148ae6a4ada2dd32697bf3a68cdd1
SHA132a452138b9bd3f50084e2ae33e706358e2f4f1c
SHA25619896b905468069f23ef5095e3c3e7291b91941309af09f33386bf38770603c3
SHA51287569b31c2ca43bda1fedae9e5a91cbeee2337c73ddd49496ae7a48579c375b4e93b6e74928d66c44250c5aef444cc98af6bfd9c38706fe8329f0ff9850be9ff