hxxps://gofile[.]io/d/kxad3X

Analysis

max time kernel
2640s
max time network
2700s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05/10/2024, 23:29

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://gofile.io/d/kxad3X

Score

9^/10

discovery

Malware Config

Signatures

Contacts a large (5180) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Executes dropped EXE 2 IoCs

pid	Process
1016	SilverBullet.exe
6248	SilverBullet.exe

Loads dropped DLL 64 IoCs

pid	Process
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
6248	SilverBullet.exe
6248	SilverBullet.exe
6248	SilverBullet.exe
6248	SilverBullet.exe
6248	SilverBullet.exe
6248	SilverBullet.exe
6248	SilverBullet.exe
6248	SilverBullet.exe

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\Silver Bullet v1.1.3 By @Hacktiva_configs\Configs\desktop.ini	7zG.exe
File opened for modification	C:\Users\Admin\Downloads\Silver Bullet v1.1.3 By @Hacktiva_configs\Configs\desktop.ini	7zG.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 40 IoCs

Web Service

T1102

flow	ioc
5013	raw.githubusercontent.com
12036	raw.githubusercontent.com
15782	raw.githubusercontent.com
7620	raw.githubusercontent.com
22757	raw.githubusercontent.com
25630	raw.githubusercontent.com
5014	raw.githubusercontent.com
14313	raw.githubusercontent.com
22765	raw.githubusercontent.com
25632	raw.githubusercontent.com
26993	raw.githubusercontent.com
63	discord.com
1047	raw.githubusercontent.com
5012	raw.githubusercontent.com
7622	raw.githubusercontent.com
14315	raw.githubusercontent.com
15781	raw.githubusercontent.com
22761	discord.com
22763	raw.githubusercontent.com
192	raw.githubusercontent.com
198	raw.githubusercontent.com
200	raw.githubusercontent.com
25631	raw.githubusercontent.com
12037	raw.githubusercontent.com
22764	raw.githubusercontent.com
26994	raw.githubusercontent.com
5351	raw.githubusercontent.com
5352	raw.githubusercontent.com
12035	raw.githubusercontent.com
1049	raw.githubusercontent.com
5353	raw.githubusercontent.com
14314	raw.githubusercontent.com
26992	raw.githubusercontent.com
66	discord.com
191	raw.githubusercontent.com
199	raw.githubusercontent.com
20195	discord.com
1048	raw.githubusercontent.com
7621	raw.githubusercontent.com
15783	raw.githubusercontent.com

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
16633	ip-api.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SilverBullet.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SilverBullet.exe

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	SilverBullet.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	SilverBullet.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	SilverBullet.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	SilverBullet.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	SilverBullet.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	SilverBullet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	SilverBullet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	SilverBullet.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	SilverBullet.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	SilverBullet.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	SilverBullet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	SilverBullet.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	SilverBullet.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	SilverBullet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	SilverBullet.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	SilverBullet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	SilverBullet.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	SilverBullet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	SilverBullet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	SilverBullet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	SilverBullet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	SilverBullet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	SilverBullet.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	SilverBullet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193"	SilverBullet.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	SilverBullet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	SilverBullet.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	SilverBullet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	SilverBullet.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	SilverBullet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Version = "1"	SilverBullet.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	SilverBullet.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings	SilverBullet.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	SilverBullet.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	SilverBullet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	SilverBullet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	SilverBullet.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	SilverBullet.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	SilverBullet.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	SilverBullet.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-786284298-625481688-3210388970-1000\{80C4CFE2-54A8-447E-AB06-C73DC45FD782}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	SilverBullet.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0	SilverBullet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	SilverBullet.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	SilverBullet.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	SilverBullet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	SilverBullet.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	SilverBullet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	SilverBullet.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	SilverBullet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	SilverBullet.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	SilverBullet.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	SilverBullet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	SilverBullet.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	SilverBullet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	SilverBullet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	SilverBullet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	SilverBullet.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	SilverBullet.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	SilverBullet.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	SilverBullet.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	SilverBullet.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	SilverBullet.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	SilverBullet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	SilverBullet.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	SilverBullet.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	SilverBullet.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	SilverBullet.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3304	msedge.exe
3304	msedge.exe
3688	msedge.exe
3688	msedge.exe
3084	identity_helper.exe
3084	identity_helper.exe
1140	msedge.exe
1140	msedge.exe
5160	msedge.exe
5160	msedge.exe
5144	msedge.exe
5144	msedge.exe
5144	msedge.exe
5144	msedge.exe
3348	msedge.exe
3348	msedge.exe
1436	msedge.exe
1436	msedge.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1016	SilverBullet.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs

pid	Process
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: 33	1308	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1308	AUDIODG.EXE
Token: SeRestorePrivilege	3452	7zG.exe
Token: 35	3452	7zG.exe
Token: SeSecurityPrivilege	3452	7zG.exe
Token: SeSecurityPrivilege	3452	7zG.exe
Token: SeDebugPrivilege	1016	SilverBullet.exe
Token: SeDebugPrivilege	6248	SilverBullet.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
1016	SilverBullet.exe
6248	SilverBullet.exe
6248	SilverBullet.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3688 wrote to memory of 1224	3688	msedge.exe	82
PID 3688 wrote to memory of 1224	3688	msedge.exe	82
PID 3688 wrote to memory of 4396	3688	msedge.exe	83
PID 3688 wrote to memory of 4396	3688	msedge.exe	83
PID 3688 wrote to memory of 4396	3688	msedge.exe	83
PID 3688 wrote to memory of 4396	3688	msedge.exe	83
PID 3688 wrote to memory of 4396	3688	msedge.exe	83
PID 3688 wrote to memory of 4396	3688	msedge.exe	83
PID 3688 wrote to memory of 4396	3688	msedge.exe	83
PID 3688 wrote to memory of 4396	3688	msedge.exe	83
PID 3688 wrote to memory of 4396	3688	msedge.exe	83
PID 3688 wrote to memory of 4396	3688	msedge.exe	83
PID 3688 wrote to memory of 4396	3688	msedge.exe	83
PID 3688 wrote to memory of 4396	3688	msedge.exe	83
PID 3688 wrote to memory of 4396	3688	msedge.exe	83
PID 3688 wrote to memory of 4396	3688	msedge.exe	83
PID 3688 wrote to memory of 4396	3688	msedge.exe	83
PID 3688 wrote to memory of 4396	3688	msedge.exe	83
PID 3688 wrote to memory of 4396	3688	msedge.exe	83
PID 3688 wrote to memory of 4396	3688	msedge.exe	83
PID 3688 wrote to memory of 4396	3688	msedge.exe	83
PID 3688 wrote to memory of 4396	3688	msedge.exe	83
PID 3688 wrote to memory of 4396	3688	msedge.exe	83
PID 3688 wrote to memory of 4396	3688	msedge.exe	83
PID 3688 wrote to memory of 4396	3688	msedge.exe	83
PID 3688 wrote to memory of 4396	3688	msedge.exe	83
PID 3688 wrote to memory of 4396	3688	msedge.exe	83
PID 3688 wrote to memory of 4396	3688	msedge.exe	83
PID 3688 wrote to memory of 4396	3688	msedge.exe	83
PID 3688 wrote to memory of 4396	3688	msedge.exe	83
PID 3688 wrote to memory of 4396	3688	msedge.exe	83
PID 3688 wrote to memory of 4396	3688	msedge.exe	83
PID 3688 wrote to memory of 4396	3688	msedge.exe	83
PID 3688 wrote to memory of 4396	3688	msedge.exe	83
PID 3688 wrote to memory of 4396	3688	msedge.exe	83
PID 3688 wrote to memory of 4396	3688	msedge.exe	83
PID 3688 wrote to memory of 4396	3688	msedge.exe	83
PID 3688 wrote to memory of 4396	3688	msedge.exe	83
PID 3688 wrote to memory of 4396	3688	msedge.exe	83
PID 3688 wrote to memory of 4396	3688	msedge.exe	83
PID 3688 wrote to memory of 4396	3688	msedge.exe	83
PID 3688 wrote to memory of 4396	3688	msedge.exe	83
PID 3688 wrote to memory of 3304	3688	msedge.exe	84
PID 3688 wrote to memory of 3304	3688	msedge.exe	84
PID 3688 wrote to memory of 3156	3688	msedge.exe	85
PID 3688 wrote to memory of 3156	3688	msedge.exe	85
PID 3688 wrote to memory of 3156	3688	msedge.exe	85
PID 3688 wrote to memory of 3156	3688	msedge.exe	85
PID 3688 wrote to memory of 3156	3688	msedge.exe	85
PID 3688 wrote to memory of 3156	3688	msedge.exe	85
PID 3688 wrote to memory of 3156	3688	msedge.exe	85
PID 3688 wrote to memory of 3156	3688	msedge.exe	85
PID 3688 wrote to memory of 3156	3688	msedge.exe	85
PID 3688 wrote to memory of 3156	3688	msedge.exe	85
PID 3688 wrote to memory of 3156	3688	msedge.exe	85
PID 3688 wrote to memory of 3156	3688	msedge.exe	85
PID 3688 wrote to memory of 3156	3688	msedge.exe	85
PID 3688 wrote to memory of 3156	3688	msedge.exe	85
PID 3688 wrote to memory of 3156	3688	msedge.exe	85
PID 3688 wrote to memory of 3156	3688	msedge.exe	85
PID 3688 wrote to memory of 3156	3688	msedge.exe	85
PID 3688 wrote to memory of 3156	3688	msedge.exe	85
PID 3688 wrote to memory of 3156	3688	msedge.exe	85
PID 3688 wrote to memory of 3156	3688	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gofile.io/d/kxad3X
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff882f246f8,0x7ff882f24708,0x7ff882f24718
  2⤵
  PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,15307567662713737715,11778263785830204388,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,15307567662713737715,11778263785830204388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,15307567662713737715,11778263785830204388,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
  2⤵
  PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15307567662713737715,11778263785830204388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15307567662713737715,11778263785830204388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15307567662713737715,11778263785830204388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15307567662713737715,11778263785830204388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:1
  2⤵
  PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,15307567662713737715,11778263785830204388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:8
  2⤵
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,15307567662713737715,11778263785830204388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15307567662713737715,11778263785830204388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15307567662713737715,11778263785830204388,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15307567662713737715,11778263785830204388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15307567662713737715,11778263785830204388,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15307567662713737715,11778263785830204388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15307567662713737715,11778263785830204388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,15307567662713737715,11778263785830204388,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3616 /prefetch:8
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15307567662713737715,11778263785830204388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15307567662713737715,11778263785830204388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15307567662713737715,11778263785830204388,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2116,15307567662713737715,11778263785830204388,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6208 /prefetch:8
  2⤵
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2116,15307567662713737715,11778263785830204388,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5952 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15307567662713737715,11778263785830204388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1
  2⤵
  PID:644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15307567662713737715,11778263785830204388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:5232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15307567662713737715,11778263785830204388,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
  2⤵
  PID:5240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15307567662713737715,11778263785830204388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:1
  2⤵
  PID:5488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15307567662713737715,11778263785830204388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:5576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15307567662713737715,11778263785830204388,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7012 /prefetch:1
  2⤵
  PID:5584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15307567662713737715,11778263785830204388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:6112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,15307567662713737715,11778263785830204388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7192 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,15307567662713737715,11778263785830204388,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7332 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15307567662713737715,11778263785830204388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15307567662713737715,11778263785830204388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7364 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,15307567662713737715,11778263785830204388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6920 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15307567662713737715,11778263785830204388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:2468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15307567662713737715,11778263785830204388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7596 /prefetch:1
  2⤵
  PID:5532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15307567662713737715,11778263785830204388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1
  2⤵
  PID:5916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15307567662713737715,11778263785830204388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7384 /prefetch:1
  2⤵
  PID:6052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,15307567662713737715,11778263785830204388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7708 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15307567662713737715,11778263785830204388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7924 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15307567662713737715,11778263785830204388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3084 /prefetch:1
  2⤵
  PID:1852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15307567662713737715,11778263785830204388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7980 /prefetch:1
  2⤵
  PID:5540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,15307567662713737715,11778263785830204388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 /prefetch:8
  2⤵
  PID:6900

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3948

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2020

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4a8 0x45c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1308

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3840

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap21921:144:7zEvent16829
1⤵
- Drops desktop.ini file(s)
- Suspicious use of AdjustPrivilegeToken
PID:3452

C:\Users\Admin\Downloads\Silver Bullet v1.1.3 By @Hacktiva_configs\SilverBullet.exe
"C:\Users\Admin\Downloads\Silver Bullet v1.1.3 By @Hacktiva_configs\SilverBullet.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1016

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:4888

C:\Users\Admin\Downloads\Silver Bullet v1.1.3 By @Hacktiva_configs\SilverBullet.exe
"C:\Users\Admin\Downloads\Silver Bullet v1.1.3 By @Hacktiva_configs\SilverBullet.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:6248

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:6572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Service Discovery

T1046

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000054

Filesize
39KB

MD5
09845d161b788534b62b7ca2d8a3b23f

SHA1
e1cf7408b776f67ef900ce8b5848dbb3d2d7e988

SHA256
80de13e925f1ec80ca3a5b48ee4e1218998037c7310aa332ac7d81c5554c1723

SHA512
d9073a3d6f2d751b2afd687706cd3e3d625fc6ca988e40395dc0b54a63c72db442f42efbf4b7c051cbdd5953fb97f64cdeed184d50392c31f3eb1a204a3f48db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000061

Filesize
18KB

MD5
1f71a8705633e092f61b51bcfedbabbb

SHA1
734de3cf8cebec41efb6139ad505c79f9699e374

SHA256
40f088fce01605128e76e724490a6dabb727793e37a075ce6b2d37a53bcd7635

SHA512
bb6d3289034f402aa04dd6cf3773af78fcb2f9b7ad8f4dbafde6c5036f83ca20ebec1a1012487f8e92b96f164c98ecabdd2b4a2d085f452927e244b3547c217b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000065

Filesize
46KB

MD5
b297a25274fa29ee7831811fa37482b1

SHA1
7538de5c8e45e67d862581ae86c8025d0184282f

SHA256
c459552be70703b076493ebd63ddb5aefb07e64282598a542c7e5bb1de267321

SHA512
937f1d7217b85db4d28a47b9dec31b57b6865f89f6001bd919b7f036505b02051fde86f40d0bcee3910d27cb4524ef89db43c024605bc423595efb1fe0a0e077

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000066

Filesize
98KB

MD5
10d2b9f6e7ba24872cb5779e8818acb0

SHA1
0c24862c5b4a650247745f5f6f79d29adcc2fec1

SHA256
76edea17dd890a34e2c2eaa4262d086a8f17a879c8c77e0b2d7d95207c0b0b42

SHA512
80e753514131a512f022cd98297685e93715cc5f779efe494b627edd324d357cc76b155278054778d0dba964934c5a409430015eab819fcb1e433dee1d0f307e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000077

Filesize
475KB

MD5
a8494a1bdebcdefa9a5dabb427fb39f6

SHA1
4fa09ac96ccd7f5e1a4ce63a026796eb845d1847

SHA256
4ef9c160a7d3f7e538e2ef617f667d41224f8907a3cfc4f91c112350c4ab1f84

SHA512
84d2cb91e86a7b7355f5811ac362e83724be4b0fa1206c719d3334521d71b6673a80bd1929510a68e45371718ed469baf754b039de4d50f93002566c0b421595

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
869752082931472dc28125c451a4352b

SHA1
83a22d7c86ff8152267781729780228fc9636185

SHA256
a2cace736b18ec97fb88ed5fcc4e144847d88aa6f8c318abb69f9f439ab5a41b

SHA512
cef4a222e27389f933796a98eaf5f7aa2410333b1528b8df85f9b074454d904e629d347e4780713c850605de46ef9e08552cd1c35d5499f8c03570429aaa98db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
918553e732fa863c9509795e1d239ece

SHA1
9f4126c3711e25fe358424a29d193a2793e3b84b

SHA256
565be2df0b6ad4c51ddc77132e096fec17e2eede53935f10a3365f09c0180976

SHA512
c9bdddb4ae5a8c89e15ae287353524bcff6f506df3793e3c1feed62b3d1d0862cb6f2942d2f5f259ae700f91dc8c1b657737bc9f4d0ed710fed5460659147ae9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
d233eb255f1d6de786c31ff920ad8875

SHA1
ab4e9baf270723e98f852df93b69b14f02542df5

SHA256
4b77a3f5a5df795b783646d18945b8e145cde40155be8782b718445709102f47

SHA512
1b731f419d2f1f7202989f00b4645190fc3691de4e8e9b2097d3302375f364645b428da43e21e36d5fa847d7e3322b7cc41dfebe7010db76f68e933a6b372744

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
7d32b00bafe7a5ccfe9c7180614f79f9

SHA1
4821b431298c3e6642b492944732c4a5ec882f52

SHA256
8b1216768d8683a14c1a15076c655126199006943f470af2828ffd12a0b74b81

SHA512
eb558e591b3388cc6211edfdbed26298e35cdfc776c58898474711f600d335a9670e634d1239a9d7c75fdf63ff402aca957cf3eb62f2d9e4d2787bd5ff3dc051

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
c47fbaa953ba727ae2ca729bab1fafd7

SHA1
fb598fcedb713f45ab19b4e3f0a5610ca4ad0d81

SHA256
82825432f501ca80b77870526dec329022be569e6f9450b96b52af6792d4b8a6

SHA512
9a9045761ba63ccb23660acc8509dcb548d2b60e155876f7ec6a7e5378fa73014c2b09cc8577037f24d811a2a88d6e76469202fbb11b4bda79c007927768e5b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
de1e6e268282316ff48036f207e001e2

SHA1
6f2a92908bd6f7a3e844a247f3932b734e49c366

SHA256
39723a050551963e2abc48880c427b59978f347a14429f224ce8b98e7e66da55

SHA512
ad7d2ae38ac2b1d93c9410987ffe4d49169998eb83737ec80a9be6b61e137ccfbefe909e67eb201a15497d953133b934505cae61c5ad3afb7cfba744030a5105

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
11728f46a3847da64c0b58c6236a0cd4

SHA1
1245f251297c03ad5c3006ca5528424274c562c7

SHA256
7fb3b9c808cf07bdca9ac86651b79ca653286c353af63c44b672ff052f89f9b8

SHA512
53b575280f859c1ecd021fbf28d097450b3f07b5b5d9ec67bdfb34ee0665fb8f1accd84b6e2215ff33080b494c98518dd03e99b86ed9f9f8ea6e122c9fbf6b0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
66afb499f143dede1d623b22be8fa875

SHA1
0f6c6574d37fef2cee4664dabe1eabf7d9dd6757

SHA256
72863ee1d183efcd415bc3cec5aed5c3dcf905694075e026492ac82512b3fbdd

SHA512
c652b0930418cd863a7cd3906c033437326301dd0374aece040eddd5d6ccd630b6748276b8ed41c15790c780b3df5c4bd85e91fac3204cc444c190b307c4b1cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
691a64d39cbdf14a4cbad26ba98faedb

SHA1
6bf8366042a95f96b16e998e6b5e0e632d2107f9

SHA256
d2ae79bb53b017ef93286c29035431b4759c9e17a9f8daec91e98ab21ec6c46b

SHA512
a44a78400a16036771ff82f93d0a9961399aa5b105be2b8e60d6898fae220b2ad379f24911e3a6f6e63140a003bbdaea8e1df99f1b154e6e76809cdc36005d20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
2ecf154fc6c03fb6659b1fe290e19128

SHA1
c24979da3a16c6ce5abcf86bcf2b34780a04b8bd

SHA256
0c3b5e64012c33d6e53e976d86601c5f381f9025e1c1255308bbd5c2ed94423e

SHA512
edf9a2cb32f6e867b078cc9f98f69812d52273409027bee277a0602bbe998ad0a50c011c2d8e4fa8d0e52fe327002605382eb40a7b4c9d4003e8fe1a77a33657

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
9fed825a5291bb72321a6ddfc4534338

SHA1
42322df7b6f81c9cc804a007978d8d55ca86e037

SHA256
c8298094b7d112eedfdf26990383ae00030b03d614dd2cb2954b00e8370c2cab

SHA512
1e1cc3d51b57c5b398d9c12c7c3d880e84ea6caa5862fa69bcc135d9d785afefcc21dcd55ed85818b72c0364d611d20b636fb7669caf3475a5688cd1dd5673a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
1bc74ed982bd93f5a6f6f029b50cf3cf

SHA1
4b99deb9286d63f2f3c944ab9b6c5652c5b47617

SHA256
4608d308a1c33acaff096a022cbea4c31093c9fbbe4fec2dcbe2bca3b3b212e5

SHA512
4e5ba4905cff7a45799535cdfaba76c5d7b5f87072b775224bb17866f2c49ee33ff343ef11e3c53216720fd66fc7ca513595c8c83c7f4902d7eed7e498104c53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
3e79c1f88114f3dc443bcbe95fc7d330

SHA1
45b71eb15e5be84adcfb14fad78b21e3dd465585

SHA256
5881a498b119feb5b7e33f2472c822ab6c7daff0b01cb5b9fb6a27fde8afe41d

SHA512
05fac9056a63fde6905963924d91d99a7c62ec50b5e343cfbbb35b6cea674ac9cb108a9d9fa661caf7da13dfe359103da38e24d00fff62f4261e6753fbcea820

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
e9648f8739b816a64386a96325a97230

SHA1
833c61f4ab2e4ac6cd4b0ab192c2e138c38dec65

SHA256
b332192ea27bac3f3db339c914e6d639152cf10666e9e6c4ddb98b656c1881d5

SHA512
841dbbbfc548a1a962a0ca35f3bd2ff128e75a7b0ea3b521d3f6c8b2ec47103018cf5a948421ddaab587b2046f7217c8b9a4123d3474ae07d99ef4bddf97a9e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
865e0b093ea6419829205125a068a595

SHA1
75366f1547c4521f9dff3f955b81ec99105eb460

SHA256
6d0794f58e4010fb02c915aa264405e63be79943b256cb37b7c02abc363d25e3

SHA512
fd2298a79a28c6ecaf8fbfca583620db97704f692a606b3f1d12ec50005ea940ebfcb1efcc4507bd299473dccc5543a67c93890b465c0d865b8d8389784543b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
a655143a03e615c45a1f10e4ae602676

SHA1
0b3ff9ba68a9d99653b10b5bad9150aed1545ce7

SHA256
3085849fc34c69aac3673acb237b8c9cea85e2c59119a8bbd5e758b8ca4db3fb

SHA512
d5f81a34849b4bf45de8830d20bac306af461b5a78f2282e40f500baf86fb7aa2cb03aea2e19cb702f4c1185690de4c501c58320a1c015cd8cd6b5386771f4b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
d0b0e358c7a36cc39447bf438d275a33

SHA1
612ae8618509f6b3a20983945ce631a1dc317eed

SHA256
69e0f4cfb6f94c89d2893827ee8b29e24dcebe02bd1b215aa3e13346320141b0

SHA512
e3ac64aec1789847975e9fd6c7aead3ae555cb0bb92a716eb67850d34b165ee1969eaf685de91f1533c498ccf05efbc0630f52f79f8a8cbba1c5f61c8f27fbd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
092e6f7c0b28711a009074a688bd66c2

SHA1
1c91ceaa6756391552eb346bbdab1382cb8ed610

SHA256
a620ae89545811b0e77852de8514dc7bb3276ccdc19909710af4cf2ce567b2d7

SHA512
c49e024b801633e27b9333115701d8fc9a0a9df3f4ed6bd04b6b92938774c00dff87b92b46741a24d74add6ba8f5271967bcee3b8c6bc319a7af547aacb37ba6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c84515bd5dcacb0d6568dae05955657c

SHA1
7f2a954232a2ef9676ffd359d3f30502dff6e3b3

SHA256
1f7c64cbb719272461c26acffebb058f40c1b12e05c9ba4ca47c8637a18fe4b9

SHA512
043734f4f190506387d6a34df87121a906d1299422ff8d12acf69bb0b0e64a9824f26c500bb1eefdcd53f9d5e38e6910de931f3246bdd3111bb397a0a517a9f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
f3b81c667256543656cadc16031f7dde

SHA1
224a0f3bb2777a12d3fa0e405404e36c38ccaefe

SHA256
92ed5cd8f0ce2340fac1e1a52aa1f7107f134bc4a22e9f32381f9c4b353ed17d

SHA512
f902700f80925401cdef664782f1e59062f217fb112bf7f3e6192c9259ab35388b0f03e8ca7f08dc3acdb663d86f76b105d826de25bafd4834a831f7503d235d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
dba09c843164a36ce0310e236c78e061

SHA1
a7095ba0cb098a6dafbedafc2b0f8f9bb7801143

SHA256
ca1b653d8986891c85947728212422b501f52df83f487dd91df82abb224e6588

SHA512
280802dd36f168d47c2cc8328cffaa5b32b1803283bdd91c4da9048c1e4eb1616c76093b73deba3b9e695537bf31f5b71a3c09e6870005c1681becd7f0033891

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
93c01c817b355af60dbf0faf193cb8ee

SHA1
26e4fb2d5fc3857c4155d1d6f935dab4607c02db

SHA256
64d15093fb44a8a51a1c72f325994b3f49d6128e3f36c81b55e6ad62c23897ab

SHA512
2f92ae817edf0c9275814e065caf05a1c658ec1e84ea218dac40db506ba6ec65ac3ac7a329101b846ea9a29e5e3d0793607aea30819daa235c9ac67833bd921e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
8a87ae1af46fa1127762ce27296f4bae

SHA1
6b602df713c937522fb4cb6467f1a4272e07f3c2

SHA256
318d8ea6ef8931416cc6edac6f4a1ee3296694ba469c2d7c20c5aafd3aafbdf3

SHA512
f244a9e8a3d709c31591b8d7d88265088f7f84a408a069ef93a352fb186d00255fcc01a00fb3d01bb5dc84a3fc1282e63ff1e9a327d0a664fc6ed5f1b340d94d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
737fdabf6b3fc20d97e64421c2843040

SHA1
be6fda4731fc727b36622911084872ad45f1bcca

SHA256
4f565685fea98541e41037a52a67bfa4421618ba52959d624cb884f69c087a06

SHA512
e7c9e020aa1749b737d7f85638ada9682151fdd071a04575a255c950368620a12bccba04aa09849b8c6d4d7e66b17b1b9cd6d8b262bf4fa5d7b7fea3f6d3e16a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b8acf343269cb34677d529edd0613ffa

SHA1
30fa3e94788cad46e803080f54f10d2e3e5349e5

SHA256
13beaaf37aa7cc42b34d89e2dbe48319232253b7e83149b1b32da346c9763fed

SHA512
b3873ac8f908c9e4c41669a8c8a5f0a9e65f6c3b4a0cb2d58ff1bb1ac4ce7d40b1619cf9f0f73665fc8bf08250c923475c4a5201770d4596707e5eaaee4db3b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2ad170a7fdd10c395aad556ef5f995b8

SHA1
6bf5d2df666cdca2fe9e87af08b38d391eada46f

SHA256
bfc72f44747ea8afd3857971f5053f1b68acf4439a12205b3fa5e2e9aef2d8ff

SHA512
3c516808b46f5e9a2fbdb9803d41eb158f1b2552c91afa0d9f3ff731bbc4f6d065af3b2c13c7b0d3aa339c8af1e399e6e6f5333c6071ac460f84a9c766c309f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a53b2694bce47e6788365d03a128d937

SHA1
bf91f243b3fcd4226913a121ad537cd6518eb5ec

SHA256
99e671537b966874aee1728ba37c3f59187a0309bfba091bbbe6efe5a133633c

SHA512
6f76649a2b8f56e6c4f549c9aa2123d9015c05c770ece8352756cc01b83e9ef70288b2c4a505ae8c395c844b1d2fbc02b250832e0356ef359f8d516cf860d52f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
833412271fd665b485698043d58a1000

SHA1
4e219c17445cf507288a5d1d047428b9dc82aca8

SHA256
d2c7b4727d5cedf3d343c9e505a505a18ba4573e6371db37cbf1e68be5489f01

SHA512
6d0330f7be0c278fbce47d3b38373f5943fa800dd9880bf0d190b01713f82d93476c1a865be2e2f905437e5c8c08e9420c210806534876ddb4ea09fb16d4519e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bb6980d99a3ffa0c63ce668b2da0e0b1

SHA1
1326ce5478f444fb22fd70b5ff5b9383f180d92e

SHA256
9906ed2726c269e519d5ac89c4e8ede776a8e489c46ca4a74fc3069e276c941d

SHA512
53dc478c4582938627c8ed07ebc75f720c031a2126a840b133d1ebb669057ade8ea9a4346e745ad9f9b91089e166db14a274356268298b5c1134bbe4034844fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a966d1e61827e07b017abe737d40870e

SHA1
369a24056de0c0fca178f1ae6dba691e601ff864

SHA256
4c7b546ac3415e01f437bbf2ebb0ddc7008c8eae11da4e135a091c35fb52208b

SHA512
fd6205071f2f7a2e457efc8b7cd00b47893cad66d70fce021f4f2dfd04cfe2feace359efd3dee2c868c612f1fc9e2136947dd1e15abe4a5493f09a93381db864

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e7d0bc3bc9889f52637b31f255abbe4c

SHA1
3a82dd2c2ae07344245712438f0957d8327a13ba

SHA256
09abb55388589c6ca4a3856a3b32115d73d9a329e55498b563b4fd4d30995fa6

SHA512
fa83449cd0d5263628c8ef89ba690abfc7ae073643ba0b374752d4cf2beb2d99aff6caea596dce4ffe10a2fbcb2c23493bf0ca6ffcb5d451ad47be4d8aa7f3dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
44ce9a94fb38d635fdaa7684e296aed3

SHA1
55d7dcdc5088addba810df4e1feeb846755584a4

SHA256
dcee5489bce2c9322a9805f713f4a497189c338a429c37771373a1f4b081e54c

SHA512
dd351da411ff87e552154d4ba864c25131b453ecf81c8773e8adcb8925a071c3564d004ec395ff3fd7fc767854ffb9143d4043b5d56fe2ab178dbf99211eca84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d22ce594abe63d60b20074b23e703935

SHA1
ecbaf63d9f9aa4f8dfafc519744a3a4595630af5

SHA256
476309d9004c8372c6e57d86cbe3e534d4d8e49a65fea40dacab55187d62362d

SHA512
1f9cb8af8ee1802afa130a0479cde8eee2a5ffc26e4c27208df7c2de00867b0bbd46b2d7cc71259d7ddd1f6cb414a2fbe5030508ab7bc01c30aedcb2a9032431

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cd22d4497b7c1f229b4d6beab5b74886

SHA1
ad6f1ffd5ec006108bcc385294bc3597a6888b19

SHA256
9ea5c876e53ebb4f95dfce87b39af3531169a38e6fe5e7ce895a7650ce9897e6

SHA512
250310e5a508166addcca9b31c97baf1d398a1976e2dc504e773f92f82d4ac52a3931f6c6e2a230f6f4d50dbd06ae4ab9bb155c5a3db92caca9487c76f0e1960

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
92fb7a79565f08a6b4f394d0bf7b9530

SHA1
422e4264d5b24329b0d28f298c4350eb048ad68c

SHA256
a3a47d4630a767b4eef0bbe81c5c3bcb7a2d889f465f2d721ec24a03e619d081

SHA512
4cfde0185543eae8864f18cfc44165fbbc8867a9847c4e97e2565aeb4079b2273250871e2a051d9f48f024ecf7fcc8c8abaca27daaaaffe77f5ddb9ea0abe40e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
80af9734222043cc43df5e9e8b865be7

SHA1
2360efc4cd784fe9951ea0c4c4406f43532b835b

SHA256
18314acd4e6088fe779412014840754d3961cf04ff2c9dfa5f823d60fcacffe3

SHA512
4cbc575cc418adaaf9702c8deefe5daac1f0096cd7c9d0ba5cb858b59a9f4ea3da90aa94afb4c685cab6a52628b5a4a6ee23e08d60177caab166b56b681a5ba0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e9f009b7289f54b27c95604501638c86

SHA1
5c050d675f85b3a012f913978fa19dc8e534caaa

SHA256
99f72ceccd7605679012774389a09fa7be13adc8c6b63ba75dc62426ccfd1500

SHA512
2dbe99cb2fb89c0a1a02a2276afa232dc61dd0a9081fa5b42f836fb5af36ccf91f68eb01ecad559ecc55599696bf32804b903f3b76dad82ce27dcdabcc0aec73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
892ef32cea3e9f050e54604f9e2485d8

SHA1
9daffa7234e4d0729cb32f4d13b41cbc32f201fc

SHA256
d14039a8a481e842c45943015b977fb83d2bd7794007291afce06e3b839ce91b

SHA512
30583c87ae727f58535303a070eec074f16da875fcff722d42cb14b4d837efe757d347a6c2252dd3b823b4ee91b6f409e387b3d0b8f6a1de918dcd3a812e3503

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
62d69850faf10dbbdba080d514baf0bf

SHA1
22f8e22fceb76d23078ba4683935153fb5cbb4f5

SHA256
8e51975e20dc871af422a6d5cd38a378c152016bfeeb093564b89556217e65d9

SHA512
06a2f3950ad3008677167a957c2e79dd8b610052a0a3a75a0eb77c96b9f9ff4b110c6fe965e34eb703c4d789e5a52d4adde6347e080e42a7699b4168499bb33d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b8695a5570a3ca74a68e8445ddcc3bb4

SHA1
733e19de3e1018c41cd1191876761719523d7a70

SHA256
defc9e4d2829a8b7a1a754780cc3692847a2f470ed9d305b814db64e58ba3003

SHA512
12b72b103a29c58733d1302d1a39583cfcd387e0bb91ed4df6e49fa6d3066d5ad48b10d4e4b9c12668e97e8769fccb361153d600f6608439440f26d50b923268

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5dd87445f9cbbb2b6ad07a3e23bfabe1

SHA1
bc3529c8b2f7b77e1c9e435d9a9d87aee59dda88

SHA256
5846210e3fe1d2642f051a36a2c3ce70eed17e9622ddbc59c59fb5a1922e58fb

SHA512
0da6f7bc7ee94f61ff45b2773c7a58a94704b001b0d10ee32fb8d76817fdfa3112cf5dcbe3bad81e84c13cb9676f67e9e6152d958d59fde4747bb9e3f3facb5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
32cd7f5b34e74964e59df3e145ca05f3

SHA1
0a3792b37ac0e12030ee54db2bebdab9095345e7

SHA256
4543c75259f585fdfd8d91c50bff3eade51bcdfee9c28ecbb301c4944726be24

SHA512
5be508837ccd69beaff60e588e647c3997f94d23219498e3666004dfdca3770118b853bfcd31dd640f6d6cc23e010982d3101aef0061aa89bb6bbe6db9f8f6a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a1a67b9b35a19eba31d46d8356917aec

SHA1
69f4665d7e12c9af28c92661c3446c6328fd8486

SHA256
9595ea16677228e2b5a4ec9fbb0d54955830b31954056976c300bd1f53cb531f

SHA512
d66111067abc65ed2bc7565d3d9640651531bf80a82e58f3e7ca942a699bd2f2c2cca9fdf58e422fde5996a5dc5cf45df12fe4591376dd170071d559bab79f25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5811be.TMP

Filesize
532B

MD5
6ca12a68f96257fd0aaeac368178ed06

SHA1
1df77450a052d55fbc4ec10d0264b06e4a00bf38

SHA256
d17b644a7a577917e5ad51e7962b18be2f0fc74af41c176fa2729c86107a0875

SHA512
93b3634acddaec1b18af40a5e07b632aa36a9afba12524b669ff87f9780e004fe5d5be16064f09bfc65ac9eaa293e9b2ac63c9f383df411a1c98d2ba9bb5667f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
70f1b13fa8c17f609d38cefb6bf95619

SHA1
8ab355d9deecc0c7f1b88fa829fa8942a0452c56

SHA256
6290e2f1a263ade7a63ccb5e513010ba746b7934a854f85753a770aca1088062

SHA512
c87d0879127b90a1afecb42d3d550e85a16009b05032b5af9dc20cdd7ded3e75b911a770620b61b7215af1ba2d39790b4a7d635f34e24209e82dd59356d108c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5d76308df2d25813360db18c22dcd6c4

SHA1
8ad12d38ffa7e3d1ad3953118482209ebea5faa6

SHA256
5bf3858d2d8b1d51000c51297cd68d4598e46aaeb6c5fa322a216fdbe02f8046

SHA512
e202c0783d7a49df54f2653c09e249a6f9cf201585343170c3c698ff9cbf78022fbae12660969fabd47d37535f08216c12a2f5e95a3fa91ca2a0432839333d86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
09b45192b8cce05ad282e969e401b472

SHA1
c0569b30fc1657f3f4358b3f7af1851f3aa0561f

SHA256
d91e2553effa946ca7101168d0cdaafbe9e27d148813d2c50720570f97a397d5

SHA512
e7187273b5f817d6dba9effbb8b8f64c3ff12b4ecc0ec2c21a67a5468476eb7134352e1be5de6e3d8b7a73015224c822218912bfc04467c9a6ea578f358d7f03

Download Submit
C:\Users\Admin\Downloads\Silver Bullet v1.1.3 By @Hacktiva_configs\SilverBullet.exe

Filesize
2.1MB

MD5
3f89deb4acf3a85a8f13a8d331f549ec

SHA1
a4c5c6080d3608de2f2a131b2363e0e113315b2f

SHA256
ca6a148be5d5a4ab3dd790bb666592e8a82544187a6ba17b31656d6ad5b724fe

SHA512
54bd6556afd1e6d60bd9ef04a5c681e637f2786326e3f27db6e2d858eedfe1ce0ffc3c91e517b63ba9028c2eb7b283bd6fc37e6b0173b57fce78bae4f46ec920

Download Submit
C:\Users\Admin\Downloads\Silver Bullet v1.1.3 By @Hacktiva_configs\SilverBullet.exe.config

Filesize
5KB

MD5
18f904272cc903f60afa8bb3bd0edc94

SHA1
414c166358abac055d542d0f2f4524632dd75ef3

SHA256
457d4543429310ab6b1be49c0feb5c302b7b774789c579c8c34d5b075cdb38f7

SHA512
843f6f0bd4aa6e942599afae59ddbc9344d1460af2a17f7bca6353fd86ddc2f1b8456029c039d6c7b87f0db620a252b596b8cf0dc066a1d33940439f3ac0fd4d

Download Submit
C:\Users\Admin\Downloads\Silver Bullet v1.1.3 By @Hacktiva_configs\bin\ICSharpCode.AvalonEdit.dll

Filesize
605KB

MD5
8f36b03d547fb3e0f9654d4f3074b89f

SHA1
efa7dc54a626c20cbaec3b19b517a2ab64ac6e63

SHA256
941d014ff2689248704b92e4de92bc7a6015a4fcd31dec426ef2d727acc04231

SHA512
27c3020357d19a1498fff8c70d86e501b2b691a179fcf82d4590f371df6130157e7a88c97d5d22c9dcebd4d94af54d2aff90bb12589b88e6b65f3f50e9067509

Download Submit
C:\Users\Admin\Downloads\Silver Bullet v1.1.3 By @Hacktiva_configs\bin\MaterialDesignColors.dll

Filesize
295KB

MD5
01a9e121917c0b03878d6d38fab65b4f

SHA1
aa7bf2edabd7b01101b72a0faeb2a1669fab55f3

SHA256
d4360d786d921e21f9efee7f4c92d953784f5ccb195c49eb718de36c3699cc6a

SHA512
ae7d2ade379090c6fda41dfa108562f8dd823f2af251c9b4d3307784cb9ee99e9d1fd17a28014b62e77f9a8a8ecf70f31a9e1d9242389420b4f24631ae6f47ca

Download Submit
C:\Users\Admin\Downloads\Silver Bullet v1.1.3 By @Hacktiva_configs\bin\MaterialDesignThemes.Wpf.dll

Filesize
8.7MB

MD5
512d66bea27476f776e32ee5f766b8de

SHA1
6b54c6e26a45a487e294c6ae1eb9e54327d37e4f

SHA256
bfe82bd0be7e708c1fb24b9c178ed0c5f5931954b41d0c493d14cd40225a3451

SHA512
034ae0916a4863a8966375f7f3f2aca64a877137628ee250c3c8aec65e17ee7c575974fb3994f86515ae21931d21700071a69de974758cf5d1220d700c6cc39f

Download Submit
C:\Users\Admin\Downloads\Silver Bullet v1.1.3 By @Hacktiva_configs\bin\PluginFramework.dll

Filesize
5KB

MD5
a2e488c6b1df009c4c2dc7917baa1c9f

SHA1
c0d2c3841fe663af1ffa5ecef37848921052d34f

SHA256
08ce03ae16e08c875bffd625213475a1a20b3ec6c19aa502d17cdb62b75b347f

SHA512
e029797b21156af8cbdd17156f0751541ea0cc294ee602e4807ce465c43c56111d580c2339ce5bc591355aa2828a8fcd8a4e5f076e734e811ad999c196d95b0d

Download Submit
C:\Users\Admin\Downloads\Silver Bullet v1.1.3 By @Hacktiva_configs\bin\RuriLib.dll

Filesize
419KB

MD5
5dbc819b693987277d76b1ecec1bcd94

SHA1
51fbfb4a678aa84bb3ad046b1b89056047ee04b0

SHA256
984f317522a7346b2164c872c2fbd94bcd29e8485225fdd28f25a26045beeac2

SHA512
1e8cc77a53e56a6d6205ce2c030e3d7d8ead61f70d38ae80947ab21d5ce2083cd3c813c1d457c7bd2dab5e57deb15e9f99eeae7965e061a7b2e56024aa2fbde8

Download Submit
C:\Users\Admin\Downloads\Silver Bullet v1.1.3 By @Hacktiva_configs\bin\System.Windows.Controls.Input.Toolkit.dll

Filesize
106KB

MD5
9722713e648f42b57299e9d2cf3d5c1a

SHA1
a4d0dc4f09ce84a33f1aa3e0c5cb4ae131f9fb0c

SHA256
bc3a78eb4df2fd5b39244fa0586cc0a82fe3d0e185d151e6c340c53072a61872

SHA512
f6bb5724dfc46476e94448ecb4650ad23197ca21965edf923e5d8bf51a31a707c058bca6cbac8e40e324bb54944da4129659dc2d2fc965e260bd40123a8aeebb

Download Submit
C:\Users\Admin\Downloads\Silver Bullet v1.1.3 By @Hacktiva_configs\bin\System.Windows.Controls.Layout.Toolkit.dll

Filesize
92KB

MD5
22d9d032858972b8ee628fa818ab04db

SHA1
6eeae133e394292c6c349f838114c2a39dfe8357

SHA256
e3d7f794442d9dbe99f5d578c0bc8d9e3198fe4055cf5581fc1de78085967c50

SHA512
6899b2650aafd1e88049303c7ee26ff7e0dfe201d8a7188386ef2354deeb32f611bb4b73a02be9127fc96d5b4d37cab9bdbec3cfcb3bf4cada43170ac4349e0f

Download Submit
C:\Users\Admin\Downloads\Silver Bullet v1.1.3 By @Hacktiva_configs\bin\WPFToolkit.dll

Filesize
456KB

MD5
195ed09e0b4f3b09ea4a3b67a0d3f396

SHA1
01a250631397c93c4aab9a777a86e39fd8d84f09

SHA256
aef9fcbb874fc82e151e32279330061f8f22a77c05f583a0cb5e5696654ac456

SHA512
b801c03efa3e8079366a7782d2634a3686d88f64c3c31a03aa5ce71b7bf472766724d209290c231d55da89dd4f03bd1c0153ffeb514e1d5d408cc2c713cd4098

Download Submit
C:\Users\Admin\Downloads\message.txt

Filesize
21KB

MD5
a8463baf682d84949e0b874c1f828b32

SHA1
def0b91e91a5b2bc1ce858e1d621a9c2b35d7cb4

SHA256
7117589af5bc77983df46891c781672d14c4c3c0c17848ff896d90e2e841e14c

SHA512
d8a91d8ab0b317b066262a12de13f0be0a8ba06b7cf9806a8db5f301b9331bb9bed099d9840569bd393a39f386417dbab3365360b8cd6136d013abd6610c1b48

Download Submit
memory/1016-1405-0x0000000005FE0000-0x0000000006050000-memory.dmp

Filesize
448KB

Download
memory/1016-1847-0x0000000000EB0000-0x0000000000EBA000-memory.dmp

Filesize
40KB

Download
memory/1016-1418-0x0000000006E00000-0x0000000006E76000-memory.dmp

Filesize
472KB

Download
memory/1016-1419-0x0000000006E80000-0x0000000006E9E000-memory.dmp

Filesize
120KB

Download
memory/1016-1420-0x0000000007E80000-0x0000000007EA2000-memory.dmp

Filesize
136KB

Download
memory/1016-1421-0x0000000007EB0000-0x0000000008204000-memory.dmp

Filesize
3.3MB

Download
memory/1016-1422-0x0000000008880000-0x0000000008E24000-memory.dmp

Filesize
5.6MB

Download
memory/1016-1423-0x0000000008300000-0x000000000830C000-memory.dmp

Filesize
48KB

Download
memory/1016-1425-0x0000000008610000-0x000000000868C000-memory.dmp

Filesize
496KB

Download
memory/1016-1426-0x0000000009E30000-0x0000000009F6E000-memory.dmp

Filesize
1.2MB

Download
memory/1016-1449-0x0000000009F70000-0x000000000A09C000-memory.dmp

Filesize
1.2MB

Download
memory/1016-1450-0x0000000008590000-0x0000000008598000-memory.dmp

Filesize
32KB

Download
memory/1016-1451-0x00000000085E0000-0x00000000085E8000-memory.dmp

Filesize
32KB

Download
memory/1016-1452-0x00000000086D0000-0x0000000008708000-memory.dmp

Filesize
224KB

Download
memory/1016-1453-0x0000000008600000-0x000000000860E000-memory.dmp

Filesize
56KB

Download
memory/1016-1458-0x0000000010870000-0x0000000010ABC000-memory.dmp

Filesize
2.3MB

Download
memory/1016-1459-0x0000000010830000-0x0000000010838000-memory.dmp

Filesize
32KB

Download
memory/1016-1416-0x0000000006AA0000-0x0000000006B5A000-memory.dmp

Filesize
744KB

Download
memory/1016-1506-0x000000001A9E0000-0x000000001B186000-memory.dmp

Filesize
7.6MB

Download
memory/1016-1507-0x000000001B290000-0x000000001B36E000-memory.dmp

Filesize
888KB

Download
memory/1016-1509-0x000000000B460000-0x000000000B46A000-memory.dmp

Filesize
40KB

Download
memory/1016-1508-0x000000000B410000-0x000000000B454000-memory.dmp

Filesize
272KB

Download
memory/1016-1415-0x0000000006920000-0x00000000069F0000-memory.dmp

Filesize
832KB

Download
memory/1016-1417-0x0000000006EB0000-0x0000000006F60000-memory.dmp

Filesize
704KB

Download
memory/1016-1414-0x0000000006F60000-0x0000000007418000-memory.dmp

Filesize
4.7MB

Download
memory/1016-1413-0x0000000005630000-0x000000000563C000-memory.dmp

Filesize
48KB

Download
memory/1016-1412-0x0000000006500000-0x000000000674E000-memory.dmp

Filesize
2.3MB

Download
memory/1016-1409-0x00000000060A0000-0x00000000060E4000-memory.dmp

Filesize
272KB

Download
memory/1016-1410-0x0000000006150000-0x00000000061AA000-memory.dmp

Filesize
360KB

Download
memory/1016-1411-0x0000000006230000-0x00000000062AE000-memory.dmp

Filesize
504KB

Download
memory/1016-52297-0x000000000DEE0000-0x000000000E282000-memory.dmp

Filesize
3.6MB

Download
memory/1016-1371-0x0000000000270000-0x0000000000492000-memory.dmp

Filesize
2.1MB

Download
memory/1016-1408-0x00000000056E0000-0x0000000005704000-memory.dmp

Filesize
144KB

Download
memory/1016-1375-0x0000000005720000-0x0000000005FD4000-memory.dmp

Filesize
8.7MB

Download
memory/1016-1379-0x0000000005390000-0x00000000053E0000-memory.dmp

Filesize
320KB

Download
memory/1016-1407-0x00000000055A0000-0x00000000055BA000-memory.dmp

Filesize
104KB

Download
memory/1016-1406-0x00000000055D0000-0x00000000055F2000-memory.dmp

Filesize
136KB

Download
memory/1016-1401-0x0000000005380000-0x0000000005388000-memory.dmp

Filesize
32KB

Download
memory/1016-1397-0x0000000005640000-0x00000000056D2000-memory.dmp

Filesize
584KB

Download
memory/1016-1392-0x0000000005400000-0x0000000005420000-memory.dmp

Filesize
128KB

Download
memory/1016-1396-0x0000000005420000-0x000000000543C000-memory.dmp

Filesize
112KB

Download
memory/1016-1383-0x0000000005480000-0x000000000551E000-memory.dmp

Filesize
632KB

Download
memory/1016-1384-0x00000000053E0000-0x00000000053FC000-memory.dmp

Filesize
112KB

Download
memory/1016-1388-0x0000000005520000-0x0000000005598000-memory.dmp

Filesize
480KB

Download
memory/6248-52387-0x0000000010E90000-0x0000000010EB6000-memory.dmp

Filesize
152KB

Download
memory/6248-52386-0x000000000A910000-0x000000000A918000-memory.dmp

Filesize
32KB

Download
memory/6248-52299-0x00000000084A0000-0x00000000087F4000-memory.dmp

Filesize
3.3MB

Download