hxxps://gofile[.]io/d/kxad3X

Analysis

max time kernel
2696s
max time network
2698s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29/09/2024, 14:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gofile.io/d/kxad3X

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3396	SilverBullet.exe

Loads dropped DLL 54 IoCs

pid	Process
3396	SilverBullet.exe
3396	SilverBullet.exe
3396	SilverBullet.exe
3396	SilverBullet.exe
3396	SilverBullet.exe
3396	SilverBullet.exe
3396	SilverBullet.exe
3396	SilverBullet.exe
3396	SilverBullet.exe
3396	SilverBullet.exe
3396	SilverBullet.exe
3396	SilverBullet.exe
3396	SilverBullet.exe
3396	SilverBullet.exe
3396	SilverBullet.exe
3396	SilverBullet.exe
3396	SilverBullet.exe
3396	SilverBullet.exe
3396	SilverBullet.exe
3396	SilverBullet.exe
3396	SilverBullet.exe
3396	SilverBullet.exe
3396	SilverBullet.exe
3396	SilverBullet.exe
3396	SilverBullet.exe
3396	SilverBullet.exe
3396	SilverBullet.exe
3396	SilverBullet.exe
3396	SilverBullet.exe
3396	SilverBullet.exe
3396	SilverBullet.exe
3396	SilverBullet.exe
3396	SilverBullet.exe
3396	SilverBullet.exe
3396	SilverBullet.exe
3396	SilverBullet.exe
3396	SilverBullet.exe
3396	SilverBullet.exe
3396	SilverBullet.exe
3396	SilverBullet.exe
3396	SilverBullet.exe
3396	SilverBullet.exe
3396	SilverBullet.exe
3396	SilverBullet.exe
3396	SilverBullet.exe
3396	SilverBullet.exe
3396	SilverBullet.exe
3396	SilverBullet.exe
3396	SilverBullet.exe
3396	SilverBullet.exe
3396	SilverBullet.exe
3396	SilverBullet.exe
3396	SilverBullet.exe
3396	SilverBullet.exe

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\Desktop\Silver Bullet v1.1.3 By @Hacktiva_configs\Silver Bullet v1.1.3 By @Hacktiva_configs\Configs\desktop.ini	7zG.exe
File opened for modification	C:\Users\Admin\Desktop\Silver Bullet v1.1.3 By @Hacktiva_configs\Silver Bullet v1.1.3 By @Hacktiva_configs\Configs\desktop.ini	7zG.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 14 IoCs

Web Service

T1102

flow	ioc
384	raw.githubusercontent.com
395	raw.githubusercontent.com
55	discord.com
58	discord.com
383	raw.githubusercontent.com
394	raw.githubusercontent.com
396	raw.githubusercontent.com
466	raw.githubusercontent.com
344	raw.githubusercontent.com
345	raw.githubusercontent.com
382	raw.githubusercontent.com
473	discord.com
465	raw.githubusercontent.com
472	discord.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SilverBullet.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	SilverBullet.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	SilverBullet.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 50 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193"	SilverBullet.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings	SilverBullet.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	SilverBullet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	SilverBullet.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	SilverBullet.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	SilverBullet.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	SilverBullet.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	SilverBullet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	SilverBullet.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	SilverBullet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\NodeSlot = "6"	SilverBullet.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell	SilverBullet.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg	SilverBullet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	SilverBullet.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	SilverBullet.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2412658365-3084825385-3340777666-1000\{4F011596-5E02-4880-A5A4-1BA4E6F9AEFA}	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	SilverBullet.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	SilverBullet.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	SilverBullet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	SilverBullet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	SilverBullet.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	SilverBullet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	SilverBullet.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0	SilverBullet.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	SilverBullet.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	SilverBullet.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0000000001000000ffffffff	SilverBullet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	SilverBullet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	SilverBullet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	SilverBullet.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	SilverBullet.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	SilverBullet.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	SilverBullet.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0	SilverBullet.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6	SilverBullet.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff	SilverBullet.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	SilverBullet.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	SilverBullet.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	SilverBullet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	SilverBullet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	SilverBullet.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	SilverBullet.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	SilverBullet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	SilverBullet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	SilverBullet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	SilverBullet.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Generic"	SilverBullet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	SilverBullet.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	SilverBullet.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	SilverBullet.exe

Suspicious behavior: EnumeratesProcesses 21 IoCs

pid	Process
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2564	msedge.exe
2564	msedge.exe
3452	identity_helper.exe
3452	identity_helper.exe
4040	msedge.exe
4040	msedge.exe
2788	msedge.exe
2788	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
3280	msedge.exe
3280	msedge.exe
4844	msedge.exe
4844	msedge.exe
1104	msedge.exe
1104	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 35 IoCs

pid	Process
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeRestorePrivilege	4252	7zG.exe
Token: 35	4252	7zG.exe
Token: SeSecurityPrivilege	4252	7zG.exe
Token: SeSecurityPrivilege	4252	7zG.exe
Token: 33	2796	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2796	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2564 wrote to memory of 3748	2564	msedge.exe	82
PID 2564 wrote to memory of 3748	2564	msedge.exe	82
PID 2564 wrote to memory of 3868	2564	msedge.exe	83
PID 2564 wrote to memory of 3868	2564	msedge.exe	83
PID 2564 wrote to memory of 3868	2564	msedge.exe	83
PID 2564 wrote to memory of 3868	2564	msedge.exe	83
PID 2564 wrote to memory of 3868	2564	msedge.exe	83
PID 2564 wrote to memory of 3868	2564	msedge.exe	83
PID 2564 wrote to memory of 3868	2564	msedge.exe	83
PID 2564 wrote to memory of 3868	2564	msedge.exe	83
PID 2564 wrote to memory of 3868	2564	msedge.exe	83
PID 2564 wrote to memory of 3868	2564	msedge.exe	83
PID 2564 wrote to memory of 3868	2564	msedge.exe	83
PID 2564 wrote to memory of 3868	2564	msedge.exe	83
PID 2564 wrote to memory of 3868	2564	msedge.exe	83
PID 2564 wrote to memory of 3868	2564	msedge.exe	83
PID 2564 wrote to memory of 3868	2564	msedge.exe	83
PID 2564 wrote to memory of 3868	2564	msedge.exe	83
PID 2564 wrote to memory of 3868	2564	msedge.exe	83
PID 2564 wrote to memory of 3868	2564	msedge.exe	83
PID 2564 wrote to memory of 3868	2564	msedge.exe	83
PID 2564 wrote to memory of 3868	2564	msedge.exe	83
PID 2564 wrote to memory of 3868	2564	msedge.exe	83
PID 2564 wrote to memory of 3868	2564	msedge.exe	83
PID 2564 wrote to memory of 3868	2564	msedge.exe	83
PID 2564 wrote to memory of 3868	2564	msedge.exe	83
PID 2564 wrote to memory of 3868	2564	msedge.exe	83
PID 2564 wrote to memory of 3868	2564	msedge.exe	83
PID 2564 wrote to memory of 3868	2564	msedge.exe	83
PID 2564 wrote to memory of 3868	2564	msedge.exe	83
PID 2564 wrote to memory of 3868	2564	msedge.exe	83
PID 2564 wrote to memory of 3868	2564	msedge.exe	83
PID 2564 wrote to memory of 3868	2564	msedge.exe	83
PID 2564 wrote to memory of 3868	2564	msedge.exe	83
PID 2564 wrote to memory of 3868	2564	msedge.exe	83
PID 2564 wrote to memory of 3868	2564	msedge.exe	83
PID 2564 wrote to memory of 3868	2564	msedge.exe	83
PID 2564 wrote to memory of 3868	2564	msedge.exe	83
PID 2564 wrote to memory of 3868	2564	msedge.exe	83
PID 2564 wrote to memory of 3868	2564	msedge.exe	83
PID 2564 wrote to memory of 3868	2564	msedge.exe	83
PID 2564 wrote to memory of 3868	2564	msedge.exe	83
PID 2564 wrote to memory of 2112	2564	msedge.exe	84
PID 2564 wrote to memory of 2112	2564	msedge.exe	84
PID 2564 wrote to memory of 4196	2564	msedge.exe	85
PID 2564 wrote to memory of 4196	2564	msedge.exe	85
PID 2564 wrote to memory of 4196	2564	msedge.exe	85
PID 2564 wrote to memory of 4196	2564	msedge.exe	85
PID 2564 wrote to memory of 4196	2564	msedge.exe	85
PID 2564 wrote to memory of 4196	2564	msedge.exe	85
PID 2564 wrote to memory of 4196	2564	msedge.exe	85
PID 2564 wrote to memory of 4196	2564	msedge.exe	85
PID 2564 wrote to memory of 4196	2564	msedge.exe	85
PID 2564 wrote to memory of 4196	2564	msedge.exe	85
PID 2564 wrote to memory of 4196	2564	msedge.exe	85
PID 2564 wrote to memory of 4196	2564	msedge.exe	85
PID 2564 wrote to memory of 4196	2564	msedge.exe	85
PID 2564 wrote to memory of 4196	2564	msedge.exe	85
PID 2564 wrote to memory of 4196	2564	msedge.exe	85
PID 2564 wrote to memory of 4196	2564	msedge.exe	85
PID 2564 wrote to memory of 4196	2564	msedge.exe	85
PID 2564 wrote to memory of 4196	2564	msedge.exe	85
PID 2564 wrote to memory of 4196	2564	msedge.exe	85
PID 2564 wrote to memory of 4196	2564	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gofile.io/d/kxad3X
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb96746f8,0x7ffcb9674708,0x7ffcb9674718
  2⤵
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:3868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:8
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
  2⤵
  PID:3772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5836 /prefetch:8
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1
  2⤵
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4024 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2768 /prefetch:8
  2⤵
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=2740 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1
  2⤵
  PID:824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2240 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:3876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
  2⤵
  PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:1
  2⤵
  PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5308 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1
  2⤵
  PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6944 /prefetch:1
  2⤵
  PID:764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1
  2⤵
  PID:972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7304 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7436 /prefetch:8
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7812 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7804 /prefetch:1
  2⤵
  PID:6116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7328 /prefetch:1
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7888 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7880 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7572 /prefetch:1
  2⤵
  PID:6128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,332402260295315908,16097181802554587757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7612 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4496

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4052

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:652

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Silver Bullet v1.1.3 By @Hacktiva_configs\" -ad -an -ai#7zMap5540:144:7zEvent26812
1⤵
- Drops desktop.ini file(s)
- Suspicious use of AdjustPrivilegeToken
PID:4252

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x46c 0x428
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2796

C:\Users\Admin\Desktop\Silver Bullet v1.1.3 By @Hacktiva_configs\Silver Bullet v1.1.3 By @Hacktiva_configs\SilverBullet.exe
"C:\Users\Admin\Desktop\Silver Bullet v1.1.3 By @Hacktiva_configs\Silver Bullet v1.1.3 By @Hacktiva_configs\SilverBullet.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies registry class
PID:3396

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:2572

C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask
1⤵
PID:6344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ff63763eedb406987ced076e36ec9acf

SHA1
16365aa97cd1a115412f8ae436d5d4e9be5f7b5d

SHA256
8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c

SHA512
ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2783c40400a8912a79cfd383da731086

SHA1
001a131fe399c30973089e18358818090ca81789

SHA256
331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

SHA512
b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
38KB

MD5
ff5eccde83f118cea0224ebbb9dc3179

SHA1
0ad305614c46bdb6b7bb3445c2430e12aecee879

SHA256
13da02ce62b1a388a7c8d6f3bd286fe774ee2b91ac63d281523e80b2a8a063bc

SHA512
03dc88f429dd72d9433605c7c0f5659ad8d72f222da0bb6bf03b46f4a509b17ec2181af5db180c2f6d11c02f39a871c651be82e28fb5859037e1bbf6a7a20f6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000082

Filesize
133KB

MD5
d4f5a5fcc39adc617b4ea892a6215788

SHA1
7d89cb425f9740ba46b9925d90f54aa320a0ef5b

SHA256
9434115017729880acd3201847eaca6b6b77d615077b20dafdd4341d16ced868

SHA512
8804847085fa93ef84d2e56301aeea8bc8e18be932888b584aca03c126de2ab3f608e80d38195ec68a0f4b1b54d270e6ce39c19664e1af91d90b093de8614f78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000090

Filesize
400KB

MD5
53bd54476c1eff24a7759d5a5d6725e9

SHA1
6517257e04c0bd31ab3721a26031ecba103d5f16

SHA256
1c52856f9547999ea46b052d87bce8c9477faf10a57fc591723ac939a7868477

SHA512
f1736478707adc13e35514dd005b36f66deb01ec4c84eaed5c1355fef7ad00310a8c4448f3b1bfd9ed9f650d9a669e4e9096cf05f144b4228b484d6da56e1b9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
c6a4eb2b2c19351126c2227a21b5393f

SHA1
198cafd99bd7cb223a1ad0855e2a4749edb40aa1

SHA256
fb62bf1cb86937187b9cd4cb2cba18f138b729e5dcd9a6eb0509a889f44fe3d9

SHA512
97b53c57b4beb5014de85d45a85aadff8d5b5e13ba590f674188d7327ae466dd062f5eba01815b20aee887b3b03ab6cc423aa44285dc944c21f450e4e475c15a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
ac66ef54d6c56e95e777be4be2b78cb2

SHA1
3dfea6e83d3cedc6e329e4a7c1087be9fd314bd5

SHA256
9ff7111b4bc91848129732bb9a06679fbc6ef2e641275ddfbeac7b9d52436171

SHA512
24956ddfd4ed5ccda46501c264f3f1aa8f1f0841186588a1767a4bd4b0d0049d2f916f62f35244fbf8bc4e488fae516ea981fa5afe4fcd8d5c0015d9fc505066

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
497f88f33dca4bbd688f4626946e4bc3

SHA1
78f9734ee1c17b07d7070224992f517e9b8518cb

SHA256
77a9fc76d5d1003a2ddf31594fe09a479052eaf09b06549e80c7b001ef429441

SHA512
5ae3ddefce86811e306d8271c266ba263a580b3e1f5a5b07b97c9aa341cd6335da16d4db7938f6deead5a2f1877b72df53e1303a9108fd88469a5afc96a585df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
f084aeee01d237d12f16ed3bd83e60e6

SHA1
934ecaf1e83acc15ca7c2c4d49af22f63cfabeef

SHA256
84ec0bf6452ccea5aedc6a4c7e0eb43408a34cfd9641c0e524b51fd9a476602f

SHA512
b4caef4fe1ee9e8ab906435a404168c75e46b7fb2bdb5a5527f6f56db46977faca2da0769e0ddb5c4e4538187126916d6405582c099ce97ce519b9acdf323d8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
6a0e21185e9904e3e965149f225dcdfe

SHA1
59e2828a71f57059c43afcfac8ecbf5833c7f6ff

SHA256
fc379dfac01208f02048edd06b3efce256f9ae3b7333eb9b2b281fb5a8605384

SHA512
f20e8da34ddc55c5c4c4eb4dc08f7e9d3299039ccc43ff25d31cebb000435ef617b9c9536f0a37d7a6c2c5dc0b67e52cdde2e8e9bbf5ffcc0d4f0049501c6f59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
08ef08c97928027c5b7f2767935440a1

SHA1
a3b686a5a938600dc6c3647700f0b375ad75ca6c

SHA256
2ccd4771b2d551d0d9f61d88b21d63cef0bafbba171c34c9c2fc2886f2c06f2e

SHA512
47c80da6ff6ecd519440ad7137e3b064e23b97a1dcaf26640aad40c459fd9f9289f31393df84b4d6af0e1e778d23910aff7e046437c65cc1a5ef2c91445c84e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
123bbe69410b9eb85242c485724f1d02

SHA1
d648c93d345acc2d667abd502dbb35e60ba5ea6b

SHA256
7f4ca29e35c049fcac7dd96f8e3a44d44806000852bac6fb69bcb7d9d87fb37f

SHA512
e5e1bd6fde445b095c3bd14bff6cb153019f146d1402b2c7bbbfafa65ac9905a542beb99a6a2fb50874de0d85e93a13bf9ec69622bbcc851dad554bec291564d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
44e34d1dae20153271c37aad67922806

SHA1
57dc628b16de8ea04e27a5f03b9d79b932886260

SHA256
0a0558536781c4199cca98c1741d391987c0433d201dde9464eb2ce87226e156

SHA512
e0f298947446ea24f47d1257fb7770df8079f718d5ebe029c562dc6cf72ef76920ab5efadf31eb6cbdffe256dbdcf9545d97d3463d09cb928681f8d9589246ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c7b70e1e8a6642d7aca6a7d12e2925f6

SHA1
ba9dd971fad5a2d702eeb0c91c502ad6c8af43cf

SHA256
b3e9182efff03dc06d4f55ceec3c30f1712f51005deb56dea13aeb481d7ee3c9

SHA512
f31f3f836a68127675a7d5089b367d2457ae90d84d92f9d4c9b632da70b8a912b27190291e27da6ecf60ef55f2863d3f1bff425889009efde65477d2d8d2b17f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
37c353c223118ea433cfc113deab0457

SHA1
1ce9fd1f7d06f62dd79ddcc2fd58bd846aff941b

SHA256
ad92495b5ab51ab8df6b93356c9f8fdaa548cb77975f5f44f939932414e471d0

SHA512
31a65a753f85bef923205ca6f0e430703575bae76fb1104a1721a3cd77b8b06522641efa8ec1d41be6593f7033494c29158f229ab284b1c3fc789cdd29f8fc8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
58790d7df727b5167d717bbc1d8e716b

SHA1
9d999051ee74f62d3c1bdf82a160bc9e9da5e0d9

SHA256
7bf590b17b434bd4c0b261f552f58fde714c89d7a87f6ab0617af71c7d4dd953

SHA512
e679889db272ec0e7466dc4974352991277ec47a24ca642de75ed2ad875332a91c9555329f91184c5c80381c0461f938ff74edc37dc9da229323419437121a62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
deb386e6be0808d67d3c8d0a79bf9cfb

SHA1
360760e942539a7184251c55a7b61ca1575a97ae

SHA256
a91a8aaf4e23986c83adfb8ad3eef422be36d9e7952ad4fd31ef63fa6805b2ca

SHA512
e29272173e81b8b4934c19a7821fd396321da607c11e2a8ede174c8fcc0239411bb48677d7cdd49fdfa909e802891c1635e4d002bf8f4ba3fdce29484155bbb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
0241c3ccbfa077918fa5e77677570a60

SHA1
7efa7e95a6592697c3d369ada58a6073061f4b25

SHA256
f5be288a52bc3154f6244847da9c01feaab14d459217d799a3c0b45fbbfc4214

SHA512
371f2e3996b3c3aa4191ec778e363d10bb47a634ce9c8febefdf4f42d547110c3145057c1206e170901aea00117b1c08337673063b63fd22e11f9a29208c5548

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7a00207d15bf26f65cde3df0865b4075

SHA1
eaafdd0b46d4697720711587131204ece121f056

SHA256
9471bb6ac1f09e38e1c6ff9f45e8d98bc2fd941113f9506ae92ea3e2153c458b

SHA512
b3be8ce2c7e2b71616575deac95cf4f24b3d576115fe00d73fce0759c26e424dc453c7a3006c197404a496c7901b19f09e0bf56c3702e38bacbb40b59f3190db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d9bbfc53bd306a8c201981f93764c62f

SHA1
e04f82498a9b66e753731847beb40f9cb812ce8f

SHA256
a3ab3408d8a6f940065214eadfb0364523c2e52022a3107001b2df99e5bb010a

SHA512
c5a984362d97fa5a711f66512cfaf7a16d194563521f42fb3895832f4d81c64769143e8e80d6126490a3b658c7b7e0f58dd08e2e66dac19cc519e24adca1e9d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2a88c0aadc8d50bd825abd1d09b39862

SHA1
54eb0e36e5ceee6d7f8bd46db8576e3ee699eeff

SHA256
bdf2f224e51efaa7a7813a312cf899af138f74a9d794ef55147b48db383b4d5d

SHA512
be8c7ea7950abf6c3a6617d802b1301fe6f46d31cada491b77b7b526eb4e128aefb199d53bbdb11e7cd2c47f56eea1552e0f498e6cef62c8580773a954cd38a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
89c4ddff833ac0e0aab4cd8640a135af

SHA1
de54b07f2067e5609eb3d4dc9296fb905ed46008

SHA256
21aae75c65a5987a33d065e78575f0b7789f5190245cf69370a81b9f09391dc3

SHA512
9236ebb04af6f3c231e59b1455d29aee87a1ad24576a5a83252d904a1738d33defbb02325d4bf8f2a0c1ce51cd04e756d974f51d982f473e296d263378c386fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
48b54a209a987502ce859a0cb207bf06

SHA1
3a9d557d908072363fa557ca72b900c8b0c348fe

SHA256
097e6b182532299f2af680eadfec953a9a661750e627da99f5e74db54873b32a

SHA512
142e78e77c7a8db9a5ad17cc648846d9fbe5400faa660c4d9daf5e5d9047a028943e3fd6722711d4d85db7343573c37a09c430478afc44cb314a62f969b189a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
48950bdd413070f78e3a6daf1734978e

SHA1
7dc6719b2ac54e5b0d1d23dcff1b44ff1ded7ad8

SHA256
6203077e1a8acb4948cc7fd980ed3bc7107284b229c7e3eadd1dbee9151d2a22

SHA512
cdcd2a9d5ca9f779c7a16a908bf9c4f627c24064656e972d4c36f7dffb2d73d62ab098cd63e6aa1947a42800b26d04ee4b40ad2b2b9280fab1b3d32b4a98d263

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
fe1f13fe5cde89cda4b3172551fe6a29

SHA1
4e63881aa484951b81ab5de3817e2348909a9de4

SHA256
39f4e279ebccd473fc39498de9509d4b59356fda4fbb39047c70040c8c3e0db1

SHA512
076b3d5d73a6b095fd507b1e948ea8834ca6b961c29457f1757e227eed7c66fef4cfc2599d1c2d7a768f9cdf6a8d7931268c749d34c64fd84a08c1d0061fd489

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
b014a25b1ee294354ad51791c0c8769a

SHA1
64269cc1d62ae64d7189be69b80206e33cfc2129

SHA256
27342a386dab45d438ff4ff283d552ff2b3cb233ba1a9bc0e679d3651efb2d7f

SHA512
b54e9ac468c3fbb2777bd8b712fd60a2bd624b727974a2e01e535a5805ec19229409869943547c79edc5ead67eee287c2c573e5e3b2ff6ea41d74c18324b750b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a159c.TMP

Filesize
48B

MD5
bef7fc47e96119cd61a4cd491df06258

SHA1
cfcd48cb706c570e701b657e0e68e63084466edd

SHA256
4109363560c44ff70aaedd6344e816d6499ad0b9e90d9d87f3e6e7e65b3636c4

SHA512
cae6ac7db615cdd9a0ffe020745477f3d1974abc03794819a8e3486671e36b5f3d5b881ee5d389dc6945fa7a5a2b4b7976973b1c04822b512fe21e416179c8de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
eeeff6c5938bd668678c9c7bd986cff3

SHA1
39c608faa7bc3a60df553cf1434ceb7c5834fa8d

SHA256
0bd85edef54433d64d75ec1e866f6ca570e77380014c8e9e565c5e1121a3ba1c

SHA512
9d5051236fa62f14c630d0572366deee237c55eeace584dac64429e7d638a4037f0f97dda395de1d321e535a42d4fef8609d4270854de361cf3f236aa113076d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
80c5075429592c1a75ce1f1a03261a71

SHA1
96372a00de9ba5174c2bd72fd4197a9ca15dc2ba

SHA256
b7be78e59d5fc2cad5f1fca563cca6ced339550fbe5dccefd588609932508f6e

SHA512
0cec9aa86b8e5456037c3c71a73fbf71fb6873c6501c4474b9845b753689fee7759957f81cf34595b8eaa148f145beaf5a4b40f6ac211e86e24d5eb3da6149bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
620344f5cc641760639b57201b45ec26

SHA1
87f19693d681c82e15ef0e63ccb845cef84a8e2d

SHA256
cbed6032545b77a2de620f163d53794b55081f0e583592271bd2b527941a38ec

SHA512
496abfb67fba5770b4388f3e57bf1657c008725696c3c01ac1b0179c048a87b378e7287e8410ea6d0b56308196e3797f584680c72c32f63685cd963edb11f46c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
4eb14dfd65d50f7fed870ed654d2983a

SHA1
4124ec904cd9cf4b4624d9ca9ab6e203ae293832

SHA256
1e5cada6a1dacd6ad68db63e1c3dc762d0d3404e2cbd4f8feac180d72af8fdcd

SHA512
2cca1db09caac0fec06c7e74ff4015a8f407bec038ffe71167d4dc4ce01256ca41770ccff04af6c2054d3382ffe6a295ce9a5fb887e9a8df59b186b75b742f30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
4a6ff099b7592b50eef1ff6960ffff9b

SHA1
c163c1230d439b1a6ba71f29715e2fc9ba579842

SHA256
efc519bcf66ad58bc9a10946f6c969135a5fc9dfd964306b083d0b80274f9f70

SHA512
d7b39cc4dcd7ea1bd97ee64c8aab2baee02980371a37abb8933e7cd87f585ec39af20deb89debd0144ada79e29df4675a4e8c63ec53041abbe35db02b42863fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
18e0dddb4e7bcb264fb9bcf67bd3cde2

SHA1
e79467c5f003a52f5ce348501899fefeef07c6de

SHA256
2982db42e0b206ba6e0edcaba3ac5e8355bbcdde1d0f4d03ed7158ff1e0b03bb

SHA512
627de2787db71b3a3bf94ba1d73644f8706c978babfe40522568761e6c0476af745c40167521270d82f2b8f31d4cb6854fa6fbea81974df490d923cdcb4de2fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
1805194905470cf0e2b046f1366b1e84

SHA1
2bad7275f3369b41106759b463116a777b5d1919

SHA256
db3bb5926f57b7b874c5b9986edb8f4dd5dcadca18f3f142aa52fdedda081d18

SHA512
550209eabcd5ed9f522b794c57dff017fdbcf2cc24d1e0bff60294a9bfccc278a2d1bc573e4e042c05f0a2516f72de613cd87963514979be8f3c5d004f47d1fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
e83648d362555c70ab7beb9f03f24751

SHA1
dfb3568380ad25dbed663bf2d3a29683ad1b8ce3

SHA256
01c7e818a4567657da8de55028df85621380bd8797a33dae06a66dd8fe04f25b

SHA512
c245387dd5719169852328a0e48fab79be768ad84c1a4126989120bc29ac2e3cfb25d4d2aeb761494f76f16071edd35dc0869c4034b727eae8a78d839a921560

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
fe043ee3e65660ce8a4e35a1d7731a6e

SHA1
7293b866f5ba6a36bc1301e35a7163d422270b67

SHA256
a35ac61ab8bec0fa1644d8ebfa7b466a43b353bd2d95fa5e278bcc6c57fb3bbd

SHA512
259f7530ca2e32f066611c7ba3c71f6777f47ade222d158d51a3d9cc2a573a1a4da81aee23560b890378989b445359c04d99ceaa7498c447906a0ed8fb66542d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8d50e748ddc80cf3625693a76d0c9114

SHA1
06a3bccde57ef71c23a9ceffe0214747690ddb39

SHA256
ee99f7ea8e75b339df438cdde60f5580aabb4b151a8a953f66544bca62da866b

SHA512
bf28e2f4d5f2c1a5da2d00902380060664264e26df7e3b5f8d821da5babc63e1750145cb3859adf93721a96ec08838a5048c608a1b286ba4dfbb2c520f5202ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
e48bdd7740dcb9461cb050d83d945d32

SHA1
9a838bcd216eecc325f123ace030bd2cf114d2b3

SHA256
ce9e6f50904a70aa8af76a625f7655a55c76615f751f61947e6d50d0fdf654bc

SHA512
ab0c885c1e5dac251cf45c815a9292ad60a15d56e7d0a080dcbe1262df64ba388938c16253daab8f80192a327a87f4f2a22ea92b68cd1749e7b93d238f276c18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
20ba035dc6af73e7754fdbb77b767818

SHA1
e0de4a9bccba1bc7ea76018531507321fce0b16d

SHA256
0a7d152bd0271214bd8894a1d77a0856a30f9986fb43fefb3ec98bca41b061ae

SHA512
13d0f424c7ff6ffa6a726ef5bb9adf3a6dabbeff4b3272b4fa868c075c55b9a20953dfc75d0a66398a782d523c01ee33da4a369f1db2ef5408e0a5e1f934e1ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
cab31b7370fd2319a79ac8a8dd2c88ad

SHA1
40ee40b35f531b8523610bebcf193324e6897494

SHA256
82cb06d108800c54cfb362025dd6dfd6a22463b93362c31bc2683caf2501b33e

SHA512
a274ae4050efb52009d2c5e63613b35df3cccbe58c93152dce8ebb02f1ea6fe094b45ec6f8d191a6675b0785a1c7405c9731519e1e66970658e78822c03c4d13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
13f0d83b4ae4f817ad572e935d5aa903

SHA1
4e51dd1285ebbf852d65e6b035eac2e73f1fefac

SHA256
83f8003ddf23933e45426baebe374fb3df602b43e568653b7fd7525a000a250f

SHA512
7d3db4f05f33aadc69cc6e4d8297891c09988082976ac8fd0a9bca52e29ad79c751a8d85d06731457f2260fa8fbae8edd045e1e0af3f1ae2ff7de11dc51523ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
c53f9cfb93fcb22d891d75d4c65ad101

SHA1
3bec7d3b3fea359bd6a7f2fac977cca257088085

SHA256
e1887054cbdb49d4bf59b4d845c17dd5a8f9a54a8e7c0326c344cb9c8b598a10

SHA512
0964435274a4c78aa9c60e79b91d82c74ff82de3836dab326206d4f304ef430c95e5c74a02defbb57905b5b8e7ef4baf0e281b5d6113fbdd4a6d78affbd46991

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583d81.TMP

Filesize
370B

MD5
4a1d3292389ea00ecb72a233341f7e58

SHA1
541b8546469df64250bc55275d4b8af7b5e494df

SHA256
18ce760ebfd71134861eba786c899984c3ea68af78765810b6a835efa5d275cb

SHA512
45ab82d4c866df7206558f09f4b406ff7c8e74bd936aa3ea046dedd2c56cc6a1ce669c16cd3e45a7677784bec2ffd91df95bbf3b6480854370e2773f5148163a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d1ecf0de3d4f48783cf21eb638089a6a

SHA1
1f06a38a8bfeb1744c942a15b360fd8bcada8aed

SHA256
3d1c0010188d2dc38d1c25424718f0a2a4bcf2c8d9395402563bef65df871dd4

SHA512
8494f00ea878debb3eb066c1ab43b0bad645556b4ebe2f7b483dff8ece660ebae2caf58ddb86bc232904d58370638b4eb437ad9211683ba8b6c6a2ebb4968e25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b88f283c5f6bd286835767933a2c2813

SHA1
ae8ada4c42e13d5e55d47290e5f0820f57419c1d

SHA256
045b312f096e58460cb66047fc7025e37abc56aba58cb620ada4bd7ae7a0007b

SHA512
cbe87ae0f6f6491241b2e52e636a9297a0ee52613e8efe8925b87658120206fd83f256f69d6f8d8dcb8e29e95f7e399983edde918df91eb5bfe7387f72c3d744

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7d6b9b3ac6134a4a418a9599e52f89ff

SHA1
514375cbaa8a4ff229da37ff019f3d45e40e95e4

SHA256
bf069a061d77151f0c067ba43cf90303f8f306e0346cb0444f5b4e60e42524bf

SHA512
9c596a1293fba14ebdb2366bd4930a2eb2d5271c504fb13ad89a8e989d39cc1877caccebcae43c1730660c962cda208dcc43632124ecf903c16054025a2c876f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
241501578e0b703deca8d789f2d7cffd

SHA1
f9fbb30420a7c5d87e0ee7aa57577d9731a71900

SHA256
4c5a854ea00b41a0b56deb30dc04dfbc0872eef5a77e1e8f558b138ad0b67e94

SHA512
4a26551fba7c7333fcead3f146ce5f2ea8db507aa1a3bb5030ee29c9a5c90bc7290d4e72b0eb46c2d5874dca4b690e816218742bcdeb76c9f600298d0a67f3bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ec65940e-d86d-45ef-8c97-7c349c550056.tmp

Filesize
11KB

MD5
a4be27687de3978992cae621fa59e02d

SHA1
fed6c8aeb4c3d72d73ec5fae61825539750dfa7a

SHA256
7355b8bb8c6be3d2e15607b182f1d919b5df5b2563aea1a69fbe993c17e69745

SHA512
ee33a8d7013192516f09f4ebc941baea40a54cf73b88dde2aca42cafcc136cde2a96267a5256c8985e57de37d402d5c2d55b0bc84827ef2e7308a857f21cd24a

Download Submit
C:\Users\Admin\Desktop\Silver Bullet v1.1.3 By @Hacktiva_configs\Silver Bullet v1.1.3 By @Hacktiva_configs\SilverBullet.exe

Filesize
2.1MB

MD5
3f89deb4acf3a85a8f13a8d331f549ec

SHA1
a4c5c6080d3608de2f2a131b2363e0e113315b2f

SHA256
ca6a148be5d5a4ab3dd790bb666592e8a82544187a6ba17b31656d6ad5b724fe

SHA512
54bd6556afd1e6d60bd9ef04a5c681e637f2786326e3f27db6e2d858eedfe1ce0ffc3c91e517b63ba9028c2eb7b283bd6fc37e6b0173b57fce78bae4f46ec920

Download Submit
C:\Users\Admin\Desktop\Silver Bullet v1.1.3 By @Hacktiva_configs\Silver Bullet v1.1.3 By @Hacktiva_configs\bin\CaptchaSharp.dll

Filesize
110KB

MD5
c1dcac26d8544c9f233df4a250869607

SHA1
96e1f221a9a3943c1f6f23594ddf373cac7689ed

SHA256
232318398b7ec25ca292059aea773ef440f8fa8b00769c91d94e8e0a32893d61

SHA512
e8822a45ac103b62ea2969253f7c238880015971d524bf55a9e6a9faf4a222eb469b627544aeb7108a8abba304dd350a28dd48c032dea088e13a7b688b9c2792

Download Submit
C:\Users\Admin\Desktop\Silver Bullet v1.1.3 By @Hacktiva_configs\Silver Bullet v1.1.3 By @Hacktiva_configs\bin\Extreme.Net.dll

Filesize
121KB

MD5
cf9c5c9aa637504a2d9799b139e615f3

SHA1
8daa7710f0748eeadb870bb0d62659a9ff8b6f44

SHA256
6f4f3b1fd4f6f2a396355a651a7686bb4998c2aa900bc33804a7e0742fcabbcc

SHA512
a828051372ebc1dcaca60edca8646d14654bb95fcb256291ac02d51d8aaa412580aa84b87df1e14cadc25d5547e1a612076f8cf90693492093c93a672e277a6c

Download Submit
C:\Users\Admin\Desktop\Silver Bullet v1.1.3 By @Hacktiva_configs\Silver Bullet v1.1.3 By @Hacktiva_configs\bin\ICSharpCode.AvalonEdit.dll

Filesize
605KB

MD5
8f36b03d547fb3e0f9654d4f3074b89f

SHA1
efa7dc54a626c20cbaec3b19b517a2ab64ac6e63

SHA256
941d014ff2689248704b92e4de92bc7a6015a4fcd31dec426ef2d727acc04231

SHA512
27c3020357d19a1498fff8c70d86e501b2b691a179fcf82d4590f371df6130157e7a88c97d5d22c9dcebd4d94af54d2aff90bb12589b88e6b65f3f50e9067509

Download Submit
C:\Users\Admin\Desktop\Silver Bullet v1.1.3 By @Hacktiva_configs\Silver Bullet v1.1.3 By @Hacktiva_configs\bin\MaterialDesignColors.dll

Filesize
295KB

MD5
01a9e121917c0b03878d6d38fab65b4f

SHA1
aa7bf2edabd7b01101b72a0faeb2a1669fab55f3

SHA256
d4360d786d921e21f9efee7f4c92d953784f5ccb195c49eb718de36c3699cc6a

SHA512
ae7d2ade379090c6fda41dfa108562f8dd823f2af251c9b4d3307784cb9ee99e9d1fd17a28014b62e77f9a8a8ecf70f31a9e1d9242389420b4f24631ae6f47ca

Download Submit
C:\Users\Admin\Desktop\Silver Bullet v1.1.3 By @Hacktiva_configs\Silver Bullet v1.1.3 By @Hacktiva_configs\bin\MaterialDesignThemes.Wpf.dll

Filesize
8.7MB

MD5
512d66bea27476f776e32ee5f766b8de

SHA1
6b54c6e26a45a487e294c6ae1eb9e54327d37e4f

SHA256
bfe82bd0be7e708c1fb24b9c178ed0c5f5931954b41d0c493d14cd40225a3451

SHA512
034ae0916a4863a8966375f7f3f2aca64a877137628ee250c3c8aec65e17ee7c575974fb3994f86515ae21931d21700071a69de974758cf5d1220d700c6cc39f

Download Submit
C:\Users\Admin\Desktop\Silver Bullet v1.1.3 By @Hacktiva_configs\Silver Bullet v1.1.3 By @Hacktiva_configs\bin\PluginFramework.dll

Filesize
5KB

MD5
a2e488c6b1df009c4c2dc7917baa1c9f

SHA1
c0d2c3841fe663af1ffa5ecef37848921052d34f

SHA256
08ce03ae16e08c875bffd625213475a1a20b3ec6c19aa502d17cdb62b75b347f

SHA512
e029797b21156af8cbdd17156f0751541ea0cc294ee602e4807ce465c43c56111d580c2339ce5bc591355aa2828a8fcd8a4e5f076e734e811ad999c196d95b0d

Download Submit
C:\Users\Admin\Desktop\Silver Bullet v1.1.3 By @Hacktiva_configs\Silver Bullet v1.1.3 By @Hacktiva_configs\bin\RuriLib.dll

Filesize
419KB

MD5
5dbc819b693987277d76b1ecec1bcd94

SHA1
51fbfb4a678aa84bb3ad046b1b89056047ee04b0

SHA256
984f317522a7346b2164c872c2fbd94bcd29e8485225fdd28f25a26045beeac2

SHA512
1e8cc77a53e56a6d6205ce2c030e3d7d8ead61f70d38ae80947ab21d5ce2083cd3c813c1d457c7bd2dab5e57deb15e9f99eeae7965e061a7b2e56024aa2fbde8

Download Submit
C:\Users\Admin\Desktop\Silver Bullet v1.1.3 By @Hacktiva_configs\Silver Bullet v1.1.3 By @Hacktiva_configs\bin\System.Windows.Controls.Input.Toolkit.dll

Filesize
106KB

MD5
9722713e648f42b57299e9d2cf3d5c1a

SHA1
a4d0dc4f09ce84a33f1aa3e0c5cb4ae131f9fb0c

SHA256
bc3a78eb4df2fd5b39244fa0586cc0a82fe3d0e185d151e6c340c53072a61872

SHA512
f6bb5724dfc46476e94448ecb4650ad23197ca21965edf923e5d8bf51a31a707c058bca6cbac8e40e324bb54944da4129659dc2d2fc965e260bd40123a8aeebb

Download Submit
C:\Users\Admin\Desktop\Silver Bullet v1.1.3 By @Hacktiva_configs\Silver Bullet v1.1.3 By @Hacktiva_configs\bin\System.Windows.Controls.Layout.Toolkit.dll

Filesize
92KB

MD5
22d9d032858972b8ee628fa818ab04db

SHA1
6eeae133e394292c6c349f838114c2a39dfe8357

SHA256
e3d7f794442d9dbe99f5d578c0bc8d9e3198fe4055cf5581fc1de78085967c50

SHA512
6899b2650aafd1e88049303c7ee26ff7e0dfe201d8a7188386ef2354deeb32f611bb4b73a02be9127fc96d5b4d37cab9bdbec3cfcb3bf4cada43170ac4349e0f

Download Submit
C:\Users\Admin\Desktop\Silver Bullet v1.1.3 By @Hacktiva_configs\Silver Bullet v1.1.3 By @Hacktiva_configs\bin\Telegram.Bot.dll

Filesize
333KB

MD5
5b2c215ff48861efe9021bf4f5af87a7

SHA1
6ab9e5ce1b85df4b17a4de7fab091601053ee28b

SHA256
f42969849a1b91c682c364650d068cc67c55d89217279079be2c6421f835304d

SHA512
b87bf6803bdfb4868fe9212c9e5d0c91e9695ba4159f32a747489e863e73c312fd8e0ab843d15aceb86fae7e6d6e9830e3a059419bc4b0e660bcaf384281c8d6

Download Submit
C:\Users\Admin\Desktop\Silver Bullet v1.1.3 By @Hacktiva_configs\Silver Bullet v1.1.3 By @Hacktiva_configs\bin\WPFToolkit.dll

Filesize
456KB

MD5
195ed09e0b4f3b09ea4a3b67a0d3f396

SHA1
01a250631397c93c4aab9a777a86e39fd8d84f09

SHA256
aef9fcbb874fc82e151e32279330061f8f22a77c05f583a0cb5e5696654ac456

SHA512
b801c03efa3e8079366a7782d2634a3686d88f64c3c31a03aa5ce71b7bf472766724d209290c231d55da89dd4f03bd1c0153ffeb514e1d5d408cc2c713cd4098

Download Submit
C:\Users\Admin\Desktop\Silver Bullet v1.1.3 By @Hacktiva_configs\Silver Bullet v1.1.3 By @Hacktiva_configs\bin\websocket-sharp.dll

Filesize
244KB

MD5
7379936cac71973885587a3bc6fbb70b

SHA1
e72fec39314d7eb75f13c1ff0459515d95dd910c

SHA256
fb06ffceb4f8789c893d2f292e5810927dd7266d3bad68df2cedb8775500e8be

SHA512
d9da358bcc134232f6418d49fe98c427ad49fe8a212a2f166fcbf1718d0a8f8b0fa055caec30b267c6e4b1b4d687f08394830e3fadbae812c4b255abdf8c7b7a

Download Submit
C:\Users\Admin\Downloads\@YeatTheLegit Honeygain Full Capture.svb

Filesize
3KB

MD5
59f7c957f86d85da45af59189202c90d

SHA1
526cc836498e9cb3fb0564838007855549e83cf9

SHA256
9c3771cac2d7270cbc6b6d2bc5423a39d23317a3f5df5d63a3eb853ba41c2387

SHA512
07a6dce2783e176c2d00ad2f8359dda88a2c1d9b0ec2cde44fe0b930317ed20d5117508dd4ddaa5f3398b8323f44f3b16037c7ad9c6cfdb3a40c2935fef5685d

Download Submit
C:\Users\Admin\Downloads\@YeatTheLegit http proxies.txt

Filesize
96KB

MD5
244148ae6a4ada2dd32697bf3a68cdd1

SHA1
32a452138b9bd3f50084e2ae33e706358e2f4f1c

SHA256
19896b905468069f23ef5095e3c3e7291b91941309af09f33386bf38770603c3

SHA512
87569b31c2ca43bda1fedae9e5a91cbeee2337c73ddd49496ae7a48579c375b4e93b6e74928d66c44250c5aef444cc98af6bfd9c38706fe8329f0ff9850be9ff

Download Submit
memory/3396-1492-0x000000006DA20000-0x000000006DA32000-memory.dmp

Filesize
72KB

Download