Malware Analysis Report

2024-12-07 17:10

Sample ID 241112-x2kxessmhk
Target www.blackhat.tools - SilverBullet 1.4.1 [Pro].7z
SHA256 f65bf847ed3f5a05c5f159038ea364b05a79ec327b631b5ed7ccd57a0c528925
Tags
credential_access defense_evasion discovery persistence privilege_escalation spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

f65bf847ed3f5a05c5f159038ea364b05a79ec327b631b5ed7ccd57a0c528925

Threat Level: Shows suspicious behavior

The file www.blackhat.tools - SilverBullet 1.4.1 [Pro].7z was found to be: Shows suspicious behavior.

Malicious Activity Summary

credential_access defense_evasion discovery persistence privilege_escalation spyware stealer

Reads user/profile data of web browsers

Unsecured Credentials: Credentials In Files

Reads data files stored by FTP clients

Reads local data of messenger clients

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Accesses cryptocurrency files/wallets, possible credential harvesting

Indicator Removal: File Deletion

Enumerates physical storage devices

System Network Configuration Discovery: Wi-Fi Discovery

Unsigned PE

Event Triggered Execution: Netsh Helper DLL

Modifies registry class

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Delays execution with timeout.exe

Checks SCSI registry key(s)

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-12 19:22

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-12 19:20

Reported

2024-11-12 19:25

Platform

win11-20241007-en

Max time kernel

155s

Max time network

164s

Command Line

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\www.blackhat.tools - SilverBullet 1.4.1 [Pro].7z"

Signatures

Reads data files stored by FTP clients

spyware stealer

Reads local data of messenger clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Unsecured Credentials: Credentials In Files

credential_access stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Indicator Removal: File Deletion

defense_evasion

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Enumerates physical storage devices

Event Triggered Execution: Netsh Helper DLL

persistence privilege_escalation
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A

System Network Configuration Discovery: Wi-Fi Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\netsh.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\timeout.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\system32\BackgroundTransferHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\MuiCache C:\Windows\system32\BackgroundTransferHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings C:\Windows\system32\taskmgr.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix C:\Windows\system32\BackgroundTransferHost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\system32\BackgroundTransferHost.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\Appdata\Local\Temp\taskhostw.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\Appdata\Local\Temp\taskhostw.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: 33 N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\SilverBulletPro.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\SilverBulletPro.exe N/A
N/A N/A C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\SilverBulletPro.exe N/A
N/A N/A C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\SilverBulletPro.exe N/A
N/A N/A C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\SilverBulletPro.exe N/A
N/A N/A C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\SilverBulletPro.exe N/A
N/A N/A C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\SilverBulletPro.exe N/A
N/A N/A C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\SilverBulletPro.exe N/A
N/A N/A C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\SilverBulletPro.exe N/A
N/A N/A C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\SilverBulletPro.exe N/A
N/A N/A C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\SilverBulletPro.exe N/A
N/A N/A C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\SilverBulletPro.exe N/A
N/A N/A C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\SilverBulletPro.exe N/A
N/A N/A C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\SilverBulletPro.exe N/A
N/A N/A C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\SilverBulletPro.exe N/A
N/A N/A C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\SilverBulletPro.exe N/A
N/A N/A C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\SilverBulletPro.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\SilverBulletPro.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\SilverBulletPro.exe N/A
N/A N/A C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\SilverBulletPro.exe N/A
N/A N/A C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\SilverBulletPro.exe N/A
N/A N/A C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\SilverBulletPro.exe N/A
N/A N/A C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\SilverBulletPro.exe N/A
N/A N/A C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\SilverBulletPro.exe N/A
N/A N/A C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\SilverBulletPro.exe N/A
N/A N/A C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\SilverBulletPro.exe N/A
N/A N/A C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\SilverBulletPro.exe N/A
N/A N/A C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\SilverBulletPro.exe N/A
N/A N/A C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\SilverBulletPro.exe N/A
N/A N/A C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\SilverBulletPro.exe N/A
N/A N/A C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\SilverBulletPro.exe N/A
N/A N/A C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\SilverBulletPro.exe N/A
N/A N/A C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\SilverBulletPro.exe N/A
N/A N/A C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\SilverBulletPro.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4320 wrote to memory of 2228 N/A C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\SilverBulletPro.exe C:\Users\Admin\Appdata\Local\Temp\b446dee0-127b-4d24-8e41-cf4a2ca6d221.exe
PID 4320 wrote to memory of 2228 N/A C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\SilverBulletPro.exe C:\Users\Admin\Appdata\Local\Temp\b446dee0-127b-4d24-8e41-cf4a2ca6d221.exe
PID 4320 wrote to memory of 2816 N/A C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\SilverBulletPro.exe C:\Users\Admin\Appdata\Local\Temp\taskhostw.exe
PID 4320 wrote to memory of 2816 N/A C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\SilverBulletPro.exe C:\Users\Admin\Appdata\Local\Temp\taskhostw.exe
PID 2816 wrote to memory of 1740 N/A C:\Users\Admin\Appdata\Local\Temp\taskhostw.exe C:\Users\Admin\Appdata\Local\Temp\update.exe
PID 2816 wrote to memory of 1740 N/A C:\Users\Admin\Appdata\Local\Temp\taskhostw.exe C:\Users\Admin\Appdata\Local\Temp\update.exe
PID 2816 wrote to memory of 568 N/A C:\Users\Admin\Appdata\Local\Temp\taskhostw.exe C:\Windows\system32\cmd.exe
PID 2816 wrote to memory of 568 N/A C:\Users\Admin\Appdata\Local\Temp\taskhostw.exe C:\Windows\system32\cmd.exe
PID 2816 wrote to memory of 5036 N/A C:\Users\Admin\Appdata\Local\Temp\taskhostw.exe C:\Windows\system32\cmd.exe
PID 2816 wrote to memory of 5036 N/A C:\Users\Admin\Appdata\Local\Temp\taskhostw.exe C:\Windows\system32\cmd.exe
PID 1740 wrote to memory of 4536 N/A C:\Users\Admin\Appdata\Local\Temp\update.exe C:\Windows\system32\netsh.exe
PID 1740 wrote to memory of 4536 N/A C:\Users\Admin\Appdata\Local\Temp\update.exe C:\Windows\system32\netsh.exe
PID 1740 wrote to memory of 2332 N/A C:\Users\Admin\Appdata\Local\Temp\update.exe C:\Windows\system32\cmd.exe
PID 1740 wrote to memory of 2332 N/A C:\Users\Admin\Appdata\Local\Temp\update.exe C:\Windows\system32\cmd.exe
PID 2332 wrote to memory of 3480 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\timeout.exe
PID 2332 wrote to memory of 3480 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\timeout.exe

Processes

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\www.blackhat.tools - SilverBullet 1.4.1 [Pro].7z"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\SilverBulletPro.exe

"C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\SilverBulletPro.exe"

C:\Users\Admin\Appdata\Local\Temp\b446dee0-127b-4d24-8e41-cf4a2ca6d221.exe

"C:\Users\Admin\Appdata\Local\Temp\b446dee0-127b-4d24-8e41-cf4a2ca6d221.exe"

C:\Users\Admin\Appdata\Local\Temp\taskhostw.exe

"C:\Users\Admin\Appdata\Local\Temp\taskhostw.exe"

C:\Users\Admin\Appdata\Local\Temp\update.exe

"C:\Users\Admin\Appdata\Local\Temp\update.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe" /c del C:\Users\Admin\Appdata\Local\Temp\TASKHO~1.EXE > nul

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe" /c del C:\Users\Admin\Appdata\Local\Temp\TASKHO~1.EXE > nul

C:\Windows\system32\netsh.exe

netsh wlan show profiles

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /C TIMEOUT /T 3 && del "C:\Users\Admin\Appdata\Local\Temp\update.exe"

C:\Windows\system32\timeout.exe

TIMEOUT /T 3

C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\SilverBulletPro.exe

"C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\SilverBulletPro.exe"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /0

C:\Windows\system32\BackgroundTransferHost.exe

"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13

Network

Country Destination Domain Proto
US 8.8.8.8:53 365123561235125.mooo.com udp
N/A 127.0.0.2:81 tcp
N/A 127.0.0.2:81 tcp
N/A 127.0.0.2:81 tcp
N/A 127.0.0.2:81 tcp
BG 87.120.126.17:81 4363462354.giize.com tcp
N/A 127.0.0.2:81 tcp
N/A 127.0.0.2:81 tcp
N/A 127.0.0.2:81 tcp
N/A 127.0.0.2:81 tcp
BG 87.120.126.17:81 4363462354.giize.com tcp
US 185.199.111.133:443 raw.githubusercontent.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
GB 23.213.251.133:443 cxcs.microsoft.net tcp
GB 92.123.128.173:443 www.bing.com tcp
US 8.8.8.8:53 173.128.123.92.in-addr.arpa udp
GB 2.18.66.169:443 tcp
GB 92.123.128.155:443 r.bing.com tcp
GB 92.123.128.155:443 r.bing.com tcp
GB 92.123.128.155:443 r.bing.com tcp
GB 92.123.128.155:443 r.bing.com tcp
GB 92.123.128.155:443 r.bing.com tcp
GB 92.123.128.155:443 r.bing.com tcp
US 52.182.143.210:443 browser.pipe.aria.microsoft.com tcp
US 8.8.8.8:53 222.197.79.204.in-addr.arpa udp
GB 92.123.128.169:443 www.bing.com tcp
US 8.8.8.8:53 cxcs.microsoft.net udp
GB 92.123.128.158:443 www.bing.com tcp
GB 23.213.251.133:443 cxcs.microsoft.net tcp

Files

C:\Users\Admin\AppData\Local\Temp\7zE02267BD7\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\lib\xmlrpc\__init__.py

MD5 f8259102dfc36d919a899cdb8fde48ce
SHA1 4510c766809835dab814c25c2223009eb33e633a
SHA256 52069aeefb58dad898781d8bde183ffda18faae11f17ace8ce83368cab863fb1
SHA512 a77c8a67c95d49e353f903e3bd394e343c0dfa633dcffbfd7c1b34d5e1bdfb9a372ece71360812e44c5c5badfa0fc81387a6f65f96616d6307083c2b3bb0213f

C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\SilverBulletPro.exe

MD5 5a6fd8a645cd959c75a19f1f4d9124bd
SHA1 fcbeb6d9c3e92b3fc211c5242d86872763416c3a
SHA256 3f300a8d8e8946225e8d0912493049edc29ead99a3ef6c516b14a011254fa31c
SHA512 b8137b5dd933c495f4db01f441c8562faa7027b7f60e5b90856e2a9dde6f34cbd6e99f48b043ceade4cb774febb103edeff0ec967dbbcc33c59faabc418cd2a0

C:\Users\Admin\AppData\Local\Temp\b446dee0-127b-4d24-8e41-cf4a2ca6d221.exe

MD5 ab216b4212f3f27e41b26259a830c777
SHA1 e2550a35cf1e4f6f08e28c43a6437fad6cc60711
SHA256 62ef275d396e894861167bd16ffa5fa78773f698447b51315ad84c9c5ff1f0d6
SHA512 d9b20fa1e0714232b9ad6683951991da3da98c294f8e62b441557b062229bd0a19e127a8e071a30b4033932bb400a4853f7866e3774f134f50538b95b5535bb6

C:\Users\Admin\Appdata\Local\Temp\taskhostw.exe

MD5 6d8ebcf1032361188755024be9dcbbcf
SHA1 3dd364b91592622932e7b73c1d7cb2bd3b156a7f
SHA256 05242f7bb65da84c7cec265b73849f1e01925b93996071f10130aeb2cc3401ea
SHA512 e363020a70e2a867011a41a481b347053b132b45c752edaa64b7c684d293d97275a6d2bc2aeb382466a54a05ea3ee087cd70421785faf502f6a90fe1186cdfca

C:\Users\Admin\Appdata\Local\Temp\35tf6.tmplcd1

MD5 6efae5c05e25a0c824e5142194145fa4
SHA1 07e801001081c3aec04fc84918cc3d0781b38fdd
SHA256 796d9eecfb523c75f590c092b5ccf8ea30f9bfc611922dde5b45740696c65e63
SHA512 c6721baf744a6839865d82f119cda25712beb9c5be9523da01ee3ecb59502fc23bd94651210440a1a690ca78a9299085212d42d7611a22288950cad3da51cf9d

C:\Users\Admin\AppData\Local\Temp\7775028437\a.txt

MD5 9a99a0a5a11b04971782c234e148208e
SHA1 ff38f38f5f90eb07eab73314acb9b142939e158f
SHA256 b2dc52301fca2a41da63a69c9c4a0282c3782412145f9be86cc2589df8a8fc3f
SHA512 449dc6c2281ae01c35cb4b4979e9a6b151a5af39f9b51284d2b0148ed53ab30448b20c7b384943f5022a62c8b116db22060b27ef73a2be7647eb39733b61bbcb

C:\Users\Admin\AppData\Local\Temp\7775028437.zip

MD5 57c88e5d637d47b93edff52cac85ca13
SHA1 39bd1c046f3a278f7f9f453153a8a8baad7af2a6
SHA256 26cf59883d306c276dbe3ce278af82b83080ffc6de03619e4d7a73326b60ee0a
SHA512 6cd981321ec7469db73576b745ba1bb105445bf76399732e490ba8f59a6366ab1875cf2c2b9e9d41869b48b6721df141add07a079405c9a1d449a48d5dfcd91c

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 327975ba2c226434c0009085b3702a06
SHA1 b7b8b25656b3caefad9c5a657f101f06e2024bbd
SHA256 6fa9064f304b70d6dcebee643ca017c2417ff325106917058f6e11341678583c
SHA512 150a57c143fc5ff2462f496f5a9451310b8d99e32c4d570641204c8062a78590f14bed438ac981e8b0609a0c87b859a1f8502a78687bc36c3a9529d633a58e51

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 785073822344ae3813284ebc92bb596a
SHA1 96e2a933b38352ed2c8e6e34e94756b70c143214
SHA256 36ef4cbbc494deacf81f364b546281223a39bea01a32b0c4b0e2324f984d6817
SHA512 28b21e17fdf026a025503a2ae1014ea4e8ce5385e42396007a7a23aba3aecb591d225e2a90d47f6f9e02d34792d74b89547715d66899265dbf8372258ccf4498

memory/1740-1878-0x00007FF60BED0000-0x00007FF60CED0000-memory.dmp

memory/1740-1882-0x00007FF60BED0000-0x00007FF60CED0000-memory.dmp

C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\SilverBulletPro.runtimeconfig.json

MD5 451e05918832870c195f1dddd76ad880
SHA1 2578012fafa829fd129caf4d160f38fa2034d1a0
SHA256 a72b03089c8e05b546a0916dff386bf88d553cc9c50aaf28731248c181863581
SHA512 307132dff9707180c13148f24a7d3737b8f43cd794f12d8f2c774f30b30add5f9a50d75ea959586cb2d5411aae72ee63e7985b3727454598cef1fb59eb5315bc

C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\SilverBulletPro.deps.json

MD5 4f7c2e552e2dd667ffe49e8e5947ee26
SHA1 3e9bc75f664927f4a989fccadd6c8ca5b610416d
SHA256 13ce37fa6fbba6df98f00c63f009141c32d8c308e7137bd944fdeb6636dfff95
SHA512 adf63ebe52a9f54ec565962b4897b51193cab8e5c973de9020a5f82571a71320fa3348f1414a901b0afc230388787d6d21f2ac153d75a2030748a32d069a1229

C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\SilverBulletPro.dll

MD5 a43a5ac2ad5d4caf6972c1480c8b1d66
SHA1 ff524774b6bbcf9cb9e3f09b58a35572c2909a60
SHA256 9c2504a8ee0d6685ae2a898ae9fb9024ebe07b44eda4d58ce72eb9c0cbed9a06
SHA512 df45db739cb9b56a71357313c9fd4584baca3e4dddcad60c85fecb4c18ce84913982323553c2971da5762aead285d88e1829e4cf6b9c7219f9c0380fbafe0613

C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\nbloader.dll

MD5 f5404783059053f640052cbc54b5fe8a
SHA1 b4f6e77167c2d0901628e0d6de5924eb1aecaece
SHA256 fd05289b90bb9d0938b90ff4ad89468f535f1bf87cdf37289fc531c6b440d603
SHA512 6c2fd1849950505bb077d92624d3baf19b9adb46f76203898490b53927182f77ed897f75b12019af1e54b52f7c0388db37f891422f7d944d4de7007fef6ab1f3

C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\bin\HandyControl.dll

MD5 002169bee4992f5ed7a48e743087044d
SHA1 664bcd5dd251bbf95a7fb5c51aa581c86995af6d
SHA256 d35e617aadf2ea1948be6a8e42c13c720861a5a920a3f11b35efab9673880b53
SHA512 8cf2ac92b253d1158200e0a72e8e533c7fef7ce191ba1bdec9ef2899ee6defc4697b4236ac3b8ab1209e20850a4edc872c62675a10ca3843dd065d99b3a55cfe

C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\bin\locales\en\HandyControl.resources.dll

MD5 733da522b3ad2ca501a3a084d940bd93
SHA1 bfaacd4a579ab466a37fb7a941f0fd8eed99a972
SHA256 56997ff2f240b44e40f4f3c67a750f61c7b3ff2ba2a0fba1e2c38ae2053a8a3b
SHA512 3c23469773ea904412382c286b48f0fffd5ea20b40fb7615839ea60b95bf25867afc9022a3a5c01485d223792431d13b28e337d756b0541f2c5ea1c7c4f8843c

C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\Langs\StringResources.en-US.xaml

MD5 044cb4ae6508c6a43210b85034d7d896
SHA1 c0b7fefe4002f80cb58e9e816d588a1b4f151297
SHA256 086aed1ed0534745b4638e6339892f347e734205f0fc753fdcd36ab7887324fb
SHA512 9a25489ee467c9c8f6588fe5e2a51fddc2a4746722de535a8e93ad974f934d8f8bd7c0a319330b06ae77813d7f74f9eeedf1439c29a9884e4e717949b31ccd30

C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\bin\SilverBulletPro.Core.dll

MD5 c18b6c9eb932f39a65a33417fd9716df
SHA1 421d3470d8f9269a2e88570237f11f78d93464de
SHA256 fbe1c38193a0b5be101da50aa2c0cc42f31bcb1d39dd456245e59b83e747f1af
SHA512 81794f7eb213a773b5f8fcba9907786f502d3cb5b4fe6a7f8ccca45dafe10d74736af5cfe6d8ff5e2102956390ff95227a03b22fda54f2951bb06ea4ffb27dee

C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\bin\MahApps.Metro.IconPacks.Ionicons.dll

MD5 e85b038393fe95965a20be5f0677db6a
SHA1 8812d22914024eef90167114de1b1f19b6ebb876
SHA256 1f63f7cca9075024b44faf2af3a09709440d76c22006492058b31fcaeb70ef5a
SHA512 3b55d7234345daec3cc049ce3ed56a3106fffe5ff47c294532368be2d0433a07bbfd8476b29fa93e6c8cbfd749c7079635c16e67febc277acfd852a3664ae064

C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\bin\MahApps.Metro.IconPacks.Core.dll

MD5 f53bdeff3bf3261d76f67590f75978d5
SHA1 32d9598e205658bf0f54b9a0ac14801740ba8f9b
SHA256 50ff62f374c37911e2c8d61f9adcdb19f566335359c2a3d215b05c08c4dbe30b
SHA512 aeea279600fa23843a684903a8bfea055900b0352917c64b43ae35a839a7197adcb1b9c37ba86049985c634ef2bbaf70b72c66c7ff0ddb8affc9ca6238406ec8

C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\bin\MahApps.Metro.IconPacks.Material.dll

MD5 636eed5d8022cc5082187718fa476cc7
SHA1 555389c434268d8559549a2941496f4b8d18ef7c
SHA256 5a9ed42532c881f78f53d622b64325cc750f3434206be50e6fe74798740ca7e4
SHA512 83da9c2b057466d269803c701d171a55710030bde0e76ca6a3270be32230429bad796cab582fc978cafc00a4da72dd8ade1c7af56ba53a57cb6d938cdfb30899

C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\bin\MahApps.Metro.IconPacks.FontAwesome.dll

MD5 585743c9cf382de33abc16fc5f492af1
SHA1 a9d803ef6102dcb1f84a15bc181e68aa25d2b045
SHA256 d6cb82fa1326d55dd1aeab8d9eeafd6481c8b8f52de4d443c04ad66c5e973d27
SHA512 2ec853ac47ed7be1df0c0cce964745e98e0eeabe42bace5ab904ab52166be536097933202f1e3ab587b685be18230ba76aa3aa722d4a69b0d9a31368bfec9645

C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\bin\MahApps.Metro.IconPacks.MaterialDesign.dll

MD5 efa8567482f0e46ca144f5d7db220e85
SHA1 0a1b2a3c06435fe72446e72c24595bd07b53c165
SHA256 29125ab7c18f26d7dd9b813620d119d9de091f8a1280a1250b8abe2ca5a318ed
SHA512 dd186d1c3e37fc4eddfd338a5d23a85e738e2b1221058007a7306f1118291a7e0cfc65b1c7aab635cd71655804bd23f3ce228237b5ba3427d296d21f34245bb9

C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\bin\Microsoft.CodeAnalysis.CSharp.dll

MD5 69a03eee492e87c0c7132f42a5a87d69
SHA1 4bb3e869a16f47f8238af1a8fc6b532e123455fb
SHA256 15f25e79e0bcc65c885d430f059e0dedd9ce6a323e050b9ec9da67bb33bcda33
SHA512 c904ed6d8cdc5943a71a0367f437421369a81973a99cf0c8881267e5c45ebdab733bcac402236d082e87acfeb177713ca54d60372dd493f5d20a47329ee3081d

C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\Settings\Environment.ini

MD5 4f5984e4ea96c5be642e653b7a1712f5
SHA1 1d6db80a1f049e8a73157406eec8a2a220bb5abd
SHA256 7058555d04117bdc8cdd091c152b3ba8d792b967bf31dce772acd6c85b084bb0
SHA512 3756c90c86c4838caae8fe728c333b20e40069084469141c6115a2d02fa0f81abf937414bf0ffbfd0869a9e06012beadd02c30eddbd25e00c5d75acc18c322ef

C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\bin\Microsoft.CodeAnalysis.dll

MD5 da0ebe33c55152d9bbd25c68004a3082
SHA1 8b13cbfb16d3fb0ba4dce744f8b0e4e30cee3d3d
SHA256 7f8a255d6e5595a6564bfa66f9fd9afdba27e51bd79261f3b6dc6748e3408d4b
SHA512 1598ab5f4640612559582edba52b2632529902092be10a75f4f8215b051c9a65a0e4892c291df1a26b541fb7672df5c264eecc4e97e7147613a5233a31e02ae1

C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\Settings\CoreSettings.json

MD5 1f1a2736fd404d383279ee27af55a632
SHA1 35a5be5aa5ed495d9c7e8edf91238738b69a6222
SHA256 848f29551dbdfbd203f74e086c9cd36db7e3214815cabac36828b8ee019dac97
SHA512 ddf4f0bab55e5d8b725708e744cb8b87c9d103fa0ffed8d41524b3152c9ef7583569f3fe5e2c40338aa07237b8ad1caadb81a1612022a6066937520c07075124

C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\bin\Newtonsoft.Json.dll

MD5 86a83a63f12b55fd3718cfbfb577d7dc
SHA1 3df82ebba50086de83aee27c63255e80f2d73f3b
SHA256 4816c4276f575e4d85b80633a0df2eadf29496fe00bdc33cd7843e61373bde0e
SHA512 ae0eac0477e4b6375b5266297e6503c9206e6327ecb476d3f54022daef92c015b6f33bc9a5423533d869f200ac71793aba14f197bd358a0fdd3129e2c00bec10

C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\Settings\SBSettings.json

MD5 5664f543f3113c94c3cdf80068a6e704
SHA1 2f64db47b76103586f3d046e5ef16255c4f28978
SHA256 056eba6c5f48998abb18600b6f7f71f38db08cb2db27001af6fc264012c96813
SHA512 e2642f5f0d624a25d23bd21b248d7da1495168ef14af202db03707fd2ce9a8e93d98d70954b3f6443a0032224a116770fb201ca5dce65b8ce7344a77ca86a9bd

C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\Settings\ProxyManagerSettings.json

MD5 e3cf82f10679ea9beb2f391b8e9dd5fb
SHA1 246385297bc0e4f05843a4ffcc999655708a3cfc
SHA256 0ee113ff20185db88493bae249f6729eecf814750dca280b8f562f1ef35e9dd9
SHA512 5235b05a918e5d9d5c76c88d223175db454fa70e47115f5148c09b87a03371f414fad64038eb22ba90ba1614a4b37b5b1875efabc7048a6ab6d8520aa0d30e5d

C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\bin\LiteDB.dll

MD5 1fc101533893a57ebe6c04764391c7c1
SHA1 b2cbe26253e3710e4af35af2a458a096786be498
SHA256 98b5886f19f1b5ed06374068a344d466e1136f77fbeffcc5cf26e11142560bdf
SHA512 311254d4901d36f8c0102b7eac3c8a7474681dd10b444b45e67d80f7aba4b52940edd4310549be8351b24ca5fd4c35d40cb100bfd5a0e7f0e54d594471d5dc54

C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\bin\SilverBulletPro.Requests.dll

MD5 db8cf30c8216df2b4788d2965d88a9b8
SHA1 fce2fe3efa8aad7deef620c956b2352c1c02d7f4
SHA256 9a14e8acce3bae0df12e054d6c2504eeebecb8dac95923fc2994e1f6fd5a5b70
SHA512 05273acad5eddc49a87aafacf4387fc273d9288d627ecc0bb94db00646bc1247a396c6c5fba5179325d40d5aaf147be41b4827b841703721d5edadead9ff8f22

C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\bin\PluginFrameworkPro.dll

MD5 2e74cebb5e3fab2e07bb3ad52c3b4265
SHA1 ddddc6446e3588808b984b4f149091945cc5d336
SHA256 8335271805eb5f0edd593102113a91321d0efbc218c18ee8d5c9105a159d61b0
SHA512 754893a9ef0cc976ec2dbe105cf99d17f6e57bab3c90edc7a75199faaf9b37dbf45b257ccf3b0b424f4ed5cd12b8447eb37e8257c72785fde00081bd82a8040e

C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\bin\CaptchaSharp.dll

MD5 cb69cd7b4ef360b7ab17fefc8d32335a
SHA1 055101214bacaa80a7a512e3b6767f1b3232abe9
SHA256 6f7f89efb97ef7a790f32997e5ff5d4963a31d70c19334f747954d34b7d4f5e9
SHA512 cec3ca14d7af6d26c6271d13ea8e802c0dd9acb84e8970231d1724d6ddd9f9cde83b2686946742783d7688518257b527136c499adf1d40046326329e8658761b

C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\Plugins\SilverBulletPro.Plugin.dll

MD5 b5c01c4fac2d7ae45751adc27f54baf6
SHA1 14dbbcee9b3e1af22a7398bd872adbeb5117e288
SHA256 7c2ac23d3dd3321db0394894709cc41fbfc38737c76d1a67dc0776c1a1e5eda8
SHA512 83e6184473a7d070d0b97c89154c17b2312d1d595cfd80d305533edf8b6273d94fea8bf20c375cf98fc9145b18990c6827adead09e966556d41481a84e9feb34

C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\bin\BouncyCastle.Crypto.dll

MD5 84f888b04c3c105f527e222e94bc9fe8
SHA1 963c8251cdcb4759f17453eb94dc28facbd03ff2
SHA256 d196a84a38e2e0ba11dba58400e348a79d6d76987b5d8f3acb7d39cff62be8fe
SHA512 7edca257a5a28fb33946f2796792125ac0cdfe1a3a8bd41560f0e60d945934a46cb31b4239638388daee1f9ddde4ed4d20471d30b808f84d382c4c4559178a30

C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\bin\Microsoft.CodeAnalysis.Scripting.dll

MD5 f0c16fde34267651cd45f7af63697c5a
SHA1 b05b09714e3ebf85d0c591e2cf27164c02fb4da3
SHA256 234f1434f6567eaf651296ac9c1eec4c2b55ebd0b9226b89cd024826b43334d8
SHA512 11019db85773f504a740ba91e61a24bf6531ce8132e17751febd69383f85915ff1062c0b9f6b86409acf286219711c91fe691f2eaffb96420ab31ad5543ba32d

C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\bin\Esprima.dll

MD5 20dbae06166042939e157e2be779609d
SHA1 d099353e9ee848041601e25b86380b5a3c99d136
SHA256 51a5b35ba5478be6a4fa0e6a8ca97d4d92c8334704ed48ca87a569d4e393e8ef
SHA512 8c7cbeea0890ce6a711b608adc2191a6871f70a4024d2da8a7e61c4b1a8d33d51c655ee64a88db3fca6597438e3d209274369636388cf9e86ef9c8c2c0b88d70

C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\bin\Microsoft.Scripting.dll

MD5 166b9f4e3bfde3ab94d8d48edf4ee798
SHA1 020da3346c656cdec57b6eb7027c970373d73239
SHA256 4c679e4ae0ac831eef4023fb653059940e6f9f35c8f476ee4067bd2e566c96f3
SHA512 7e69a78c958786d05ca76c6803676492b51aa0ee18ea852e9af8336b77151669bf3d8ce371aba9e5d17b9aadada65cbf7c434a36e965b806e539a5912ba6b66c

C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\bin\Jint.dll

MD5 7b280e4784fe5cee05944ab853721b13
SHA1 cee7fc85be076c83942d4a75ef6eb5dd6ebd73f0
SHA256 b2fc37397be6db186337416f4e5e9c1de91c2856d16d7f21e15830f4d76f25f9
SHA512 d2b9d0e514c0468526fa3a357eb594f09aade5d4dae2fb673a902f2127b4bd985853dae3177b3cfc48bb6e6a6df3b67837c841918d18667c25d4d385dcfa4138

C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\bin\Microsoft.Dynamic.dll

MD5 82ec4657bee7664837b9025b8aeeea02
SHA1 2ea2368881ceab012006d0fc77e9724d768e059a
SHA256 efc5bc0cb23b68d48004badcfa6b32569d7e4b95bcfc0d580f67baa70ff21002
SHA512 b91e4c08b0e3856c44d6c3ac804bb575d4f083050f77f203c7c6e87251243706dc1f26114c2d2678374001558550e8377c71c42352d6cedbac7369d232734131

C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\bin\IronPython.dll

MD5 cb4557cbc718dbc62535813fa3d45332
SHA1 efee6d8d68b3329c895e6a96c0934f7db5273856
SHA256 249252a582fbc474d1489bc1215660f3661573621f1b38f856c816f1b05d9ea4
SHA512 be3cac99a3dbc37a42d67aff59a9179018182e6b1848528308e05cc84eb669260fe79096248453833eade89f4b6deeb3906fea88e2aa30c65b7b4d03dd5d590a

C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\bin\Microsoft.Scripting.Metadata.dll

MD5 ba0334844f738a7efb50ad061a00b1b1
SHA1 06fd6289c6ab7f24d6284b4ab2be8f4abf193bfc
SHA256 0fbc40901384922c0fc24035d1415eb73276073fd4f545ede261afef0855f269
SHA512 5b4af9b42d53db32bbca04bd3ceca489bfff9c4a36ab59340ca5fcbcf1b6da2d5a43cea261f6f9468d891d4375dc705000f2e982a3981ddb683fd4014283fa55

C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\bin\Mono.Unix.dll

MD5 62242a8dfcb2ff6a6d52994b49a08bb8
SHA1 a41570356ee9e7639f0a7d76b744c0eec3962e6a
SHA256 99bafdcab6e98708f76d6359c7b855994680385de3d6d2f0eb86d891f13074ff
SHA512 6e42d9fef428371f75b8c7e0707b005bfc27ab42c17f63e5dcc17fadfd6a124b416d23a0055dcbcf6c529b814c736e891c7eb187a3567635e1165941a60a6a83

C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\bin\Microsoft.Extensions.Primitives.dll

MD5 68bedc3bb92b470db9eb44ac00244119
SHA1 dd30379df7ba68fe6981f1003f208eb4ed9d7158
SHA256 7f63e0a1fb6a124291bae88093a4b5307ca03aea99047cc1d07381def47ddd35
SHA512 066ce93c8c5f4d1ede1c0edba4eea5db4f810d4570a817f7243cd6977df2c681f67be90fe0bfc7cde3d00d429da24d4e2aaf5efab31801c9ca99a8f0b32eb2ed

C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\bin\Microsoft.Extensions.DependencyInjection.dll

MD5 d1eab0788faf50da1364869c5ea83651
SHA1 3401adbe73bf6ac5e9c13e27847c657846cce600
SHA256 bbe80d1d9794a9b9f0b3e8089f521f362605fa68742237a47bce7a8552377a23
SHA512 4fce1c47ba8ab79b94c30af3b652032fa9b04060888ffb28fdf046c9cfd76ca109d1b1dee88b09ec72956c8a20f174cfecd7652409098013d54790c0e6d01776

C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\bin\Microsoft.Extensions.Options.dll

MD5 1959a4c7fd7f99849612e523e1948c11
SHA1 b77264b7cb6fd511f1dd450ef6728a3cb58fa0b3
SHA256 61f2ba665d119a5254a81243eca872eeee07116d834677b45528aa03a62ab345
SHA512 2b5adefd4d91426d63338576d8af00f387c023c6c00e0b5716fc371de59cb3ea64d085ab33b978da9c08f56c4b75cb37b389e31e6d43806b7e0efc113c608734

C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\bin\Microsoft.Extensions.DependencyInjection.Abstractions.dll

MD5 844b2effc2a7d080f6534ac3f5c27987
SHA1 8c65eea5ddfc2f13e7c749e1b9f933d9c391d69f
SHA256 0fdcb94576c0fec133c24e9c9c66c630a42ff3b6ef384115c9cacb5137b49465
SHA512 e632bf27c9cce0f08c64526023aa2bd522491ef4efb07b4c71b766263de78aafa1be86c968147ec71a3086656b77b4864498417d83ee2c21aeb149aea3e02acc

C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\bin\Microsoft.Extensions.Logging.dll

MD5 e182ff8e0e13846b4bf8b17e4bef7be9
SHA1 75d5677e29ead685cb117050ab32de49a2e74a7e
SHA256 565b0abf9cd781d2b432b6075ebf57954097c2ec0d23b01423f0b53c4157733e
SHA512 06db19ba83cf52fcbb9901fbf7fa994bf305e2451fbede84d33b87cd98b664a0bdbc4c921eb6dc938189a11a771460d215c8d75d3a440e0a554cafc96244e5df

C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\bin\Microsoft.Extensions.Logging.Abstractions.dll

MD5 5c7662ba9fe09233cef5d328f32009e9
SHA1 fedd61331d78dbc99beb6bd5feb114f3a2a190ac
SHA256 ef3a0a9cd696a963ab8c5d9e5f77457ad24bf88d37c6abc2cce46d141e16b34f
SHA512 bc60706a10d77de88cf988a8b99f5c6830c30ce41b19bfcd669cc1fa381de8afd38cbbdb52135976abd9fbbebb1bd926fc88b44b77a0f12ea96be043129b0710

C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\bin\Microsoft.Bcl.AsyncInterfaces.dll

MD5 2d270ddbca547ab26b5be6e16e4825d7
SHA1 206852b9b8a1a26524446b6b8b820890885fca03
SHA256 3815a1da8afeda653a7a5c2a3df98bef61416552a5d96cd32782ff22b29e5cce
SHA512 17cfcacc46234cd4f232f03cb06c5febe34eecc26e1678d052f6538b4c123962a6bcb5ad633f473fc434d5e49aad8d6ee14a747c9708c5640513116367cfbff1

C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\bin\PuppeteerSharp.dll

MD5 9764c303efb00b14470502e31021bab7
SHA1 4c49a006fc3f762aa2f7f05fbfd4f23a1f13eb11
SHA256 a445c7ce254055488ae4ece5e86a68b5823135345ae425fe8d26a68d9a166247
SHA512 264002d04a42790da25035710507816eb51e9c6e647140f668352f1b92ce83e4278c015d4fc2f793b6b974a69a38d489f0a9dc7b7a2cfe621a1934eaa240039c

C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\bin\Microsoft.Net.Http.Headers.dll

MD5 56d833cb79fa1bde835eba801899f55e
SHA1 f04eea7ac13adf4224199d6362573b866e91eb97
SHA256 3fae9fb43ad7c1ce9ac8d0fcb98cc893408f432d468cd6403c7c7d44c862dd5e
SHA512 1011803ad92ccf94f4118663d0a151ac7b1029752fdffcb50ea24eb3042a86b01e2fc5d9d7c6c8d39baa82f45167f8aa66d31d5605687b19b74354a61042a620

C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\bin\Microsoft.AspNetCore.WebUtilities.dll

MD5 0d65948a9719aa94218b0012409c3398
SHA1 92deee204350c7c029f59054b115cbed8ffdf1e6
SHA256 0f96a425e05decd3484eecc05f1957ef39768dfb1ce2e4cac9e10ac30361aa8a
SHA512 8438ceeb545f80709594eb32219961e5d13d830ddf7c391866e7e27431fb0658be0a24653f47c8311ad451c365984ecf8ed9b88e963283e8a99b9fe5a637486a

C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\bin\WebDriver.dll

MD5 bd33e9b536793f5cad22274e26439520
SHA1 46bd26083a11f0f124104563799136a32049574a
SHA256 fb0f5fddf5dea7d189f88ae5a15e23069428c85424c2ebdd6aa0824e2a1d43f7
SHA512 12f07f57d2c5616cf57137ad42465f58b03d19eb229012d8622145377ab8a60b2233fb34bd9301c2ec3c708d68582cb4205fcd9c7899e4dc2ab271d25907696e

C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\bin\Microsoft.IdentityModel.Tokens.dll

MD5 982857e57d4c54718ba5ecb0b3cde23e
SHA1 4a6bac08051e7239c41f8d1c6dd6613e35184898
SHA256 f304b814d6df8aa368743a1c54b2f3b3783e7efd51928e2fe7c9dc0bb553398c
SHA512 f840b545f26f3d35afd005788f677ae61d7adaa4f690af77557f3093c73e600dcda90466689d3664d62d3e441595c3e2a667616d3eb6ac426d3acdbe09129c75

C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\bin\Microsoft.IdentityModel.Abstractions.dll

MD5 333341a4a2a746bcc6e89c44cbccedb9
SHA1 019e51f083dd215a57af9158b45f48852e025fb0
SHA256 218ab3e590f71b2d8366df1d0476910c1406d0278ab00737e050d5d0ffca49b6
SHA512 1c98821d99c1ca1cb414e457cc2cc5a2843bcc0e7806e51be01179d1b66e0ad68472e67edd1c73b572c23f423c44248468be1cc8a0e86227ef8137de3fca4b76

C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\bin\Discord.Net.Core.dll

MD5 3477640e5c5cb5d071f8dcb3d514d2c1
SHA1 2a565a67fcd10febade607cfd7b4ec6da32d2971
SHA256 8428aee5f9902e79e1ace66301e05e2fbe47cecca08d22f1193394efacac3db3
SHA512 1e39d1013f6fc5d82aadef4502a9fdb23e25059e42ace749d5051ecfe5be66547d06eca81cce40a8d382a76c86c627e18545ad4a715f2564cc5c784ccf7892e5

C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\bin\Discord.Net.WebSocket.dll

MD5 586bc07493e70195a7a9c6920e149dbe
SHA1 c929ffea4e2f6cb971e432b89e657d2deb1a3e23
SHA256 e3a5af0565f143bd37e0a07b09a389faca1030bd14401e2ba013d55663b52bb3
SHA512 14e501111d04a9c450cd2c3a76d5bae4158f150e1a40eeac2d65172f014f4d7ea0ea7295937f9f36bd65e0fbb7998001debaed078daebe121f4c2d75a9978a08

C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\bin\Magick.NET-Q16-AnyCPU.dll

MD5 61fab6f9bbb3654ea772331f21efade6
SHA1 a19b644940e9e1bc71e71bb8f4c3cedcb520a12f
SHA256 d831dc2d7da46b28ad8bc4ced1136e17eb8a4da1eef91eb5ee4b6016dce725ba
SHA512 a5a73d71644b900b4dd6cc7653575ca74632708603834ca735a84938a7a448292ad7c451fd5e47c95c9f59dfd8b473087d05636ad9bac77384cbf13c3f993de7

C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\bin\Microsoft.IdentityModel.Logging.dll

MD5 201e43ba85c1cce48a57dfff83b7997e
SHA1 9d868c058274a4c7dc14901d1cbd841afad65bc4
SHA256 f9dd7d91409664cfcdab35bfb77970355862f0e61aaeaa9862748e693033508b
SHA512 c30ae011eb558221aa0ea7bb2d2300f7434937c460f3b29939adc0fac496864a1ef2e6723d89eff05bc51abb33282554654e81dcd2d8fcbc1019fc4508c20f9a

C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\bin\Magick.NET.Core.dll

MD5 4d623ad49186aa1d7a77bc973a09dab8
SHA1 5c16d45c79208d4eab1617bdc1cc327164c2afac
SHA256 ba2d39cc0befa02c32f18809ce8343dce4d12ae45775134ca83c3b84d8719246
SHA512 4d06a12095764dd12c622e365f9282817ee4bd7cb33cd875f799ed697d36fc7cd3218ecb95945b709ae8c69fc7065cc8135c979aecedbe5f0db9f74ae8180f39

C:\Users\Admin\Desktop\SilverBullet 1.4.1 [Pro]\SilverBullet 1.4.1 [Pro]\DB\SilverBulletPro.db

MD5 8cd9b3d88780e6eed86823bdaee400e1
SHA1 b09de1c92f0eabd3c25e47ffcfe87d8d8d059412
SHA256 7b7790947eb355c3fd6b0937a877462c46c3e98d8b317cee69ac5a76f25bd809
SHA512 ae1518028bb664468b5ce6192a7b36290fe86891dd5734a02a83dadc7c8fd256e2692cac89c9716c1bdbe2013236ac9438d7cfb24a1008cc3a4a90e4a6368dbe

memory/5060-1944-0x00000249B7280000-0x00000249B7281000-memory.dmp

memory/5060-1946-0x00000249B7280000-0x00000249B7281000-memory.dmp

memory/5060-1945-0x00000249B7280000-0x00000249B7281000-memory.dmp

memory/5060-1950-0x00000249B7280000-0x00000249B7281000-memory.dmp

memory/5060-1956-0x00000249B7280000-0x00000249B7281000-memory.dmp

memory/5060-1955-0x00000249B7280000-0x00000249B7281000-memory.dmp

memory/5060-1954-0x00000249B7280000-0x00000249B7281000-memory.dmp

memory/5060-1953-0x00000249B7280000-0x00000249B7281000-memory.dmp

memory/5060-1952-0x00000249B7280000-0x00000249B7281000-memory.dmp

memory/5060-1951-0x00000249B7280000-0x00000249B7281000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\e9f835b1-ee1e-477e-9956-d80605381d9a.down_data

MD5 5683c0028832cae4ef93ca39c8ac5029
SHA1 248755e4e1db552e0b6f8651b04ca6d1b31a86fb
SHA256 855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e
SHA512 aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3