Analysis Overview
SHA256
9a25faeade01978fd39daedd1b8fea6f4b5957a001a7227141b2ee7d714b421b
Threat Level: Known bad
The file 9a25faeade01978fd39daedd1b8fea6f4b5957a001a7227141b2ee7d714b421b.exe was found to be: Known bad.
Malicious Activity Summary
StormKitty
Stormkitty family
StormKitty payload
Reads user/profile data of web browsers
Accesses Microsoft Outlook profiles
Looks up external IP address via web service
Accesses cryptocurrency files/wallets, possible credential harvesting
Drops desktop.ini file(s)
Checks installed software on the system
Unsigned PE
Checks processor information in registry
outlook_office_path
Suspicious use of AdjustPrivilegeToken
outlook_win_path
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-07-08 16:24
Signatures
StormKitty payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Stormkitty family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-08 16:24
Reported
2024-07-08 16:27
Platform
win7-20240704-en
Max time kernel
117s
Max time network
120s
Command Line
Signatures
StormKitty
StormKitty payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
Accesses Microsoft Outlook profiles
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\9a25faeade01978fd39daedd1b8fea6f4b5957a001a7227141b2ee7d714b421b.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\9a25faeade01978fd39daedd1b8fea6f4b5957a001a7227141b2ee7d714b421b.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\9a25faeade01978fd39daedd1b8fea6f4b5957a001a7227141b2ee7d714b421b.exe | N/A |
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File created | C:\ProgramData\ELZYPTFV\FileGrabber\Desktop\desktop.ini | C:\Users\Admin\AppData\Local\Temp\9a25faeade01978fd39daedd1b8fea6f4b5957a001a7227141b2ee7d714b421b.exe | N/A |
| File opened for modification | C:\ProgramData\ELZYPTFV\FileGrabber\Desktop\desktop.ini | C:\Users\Admin\AppData\Local\Temp\9a25faeade01978fd39daedd1b8fea6f4b5957a001a7227141b2ee7d714b421b.exe | N/A |
| File created | C:\ProgramData\ELZYPTFV\FileGrabber\Documents\desktop.ini | C:\Users\Admin\AppData\Local\Temp\9a25faeade01978fd39daedd1b8fea6f4b5957a001a7227141b2ee7d714b421b.exe | N/A |
| File created | C:\ProgramData\ELZYPTFV\FileGrabber\Downloads\desktop.ini | C:\Users\Admin\AppData\Local\Temp\9a25faeade01978fd39daedd1b8fea6f4b5957a001a7227141b2ee7d714b421b.exe | N/A |
| File created | C:\ProgramData\ELZYPTFV\FileGrabber\Pictures\desktop.ini | C:\Users\Admin\AppData\Local\Temp\9a25faeade01978fd39daedd1b8fea6f4b5957a001a7227141b2ee7d714b421b.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.ipify.org | N/A | N/A |
| N/A | ip-api.com | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | freegeoip.app | N/A | N/A |
| N/A | freegeoip.app | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\9a25faeade01978fd39daedd1b8fea6f4b5957a001a7227141b2ee7d714b421b.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Users\Admin\AppData\Local\Temp\9a25faeade01978fd39daedd1b8fea6f4b5957a001a7227141b2ee7d714b421b.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\9a25faeade01978fd39daedd1b8fea6f4b5957a001a7227141b2ee7d714b421b.exe | N/A |
outlook_office_path
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\9a25faeade01978fd39daedd1b8fea6f4b5957a001a7227141b2ee7d714b421b.exe | N/A |
outlook_win_path
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\9a25faeade01978fd39daedd1b8fea6f4b5957a001a7227141b2ee7d714b421b.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\9a25faeade01978fd39daedd1b8fea6f4b5957a001a7227141b2ee7d714b421b.exe
"C:\Users\Admin\AppData\Local\Temp\9a25faeade01978fd39daedd1b8fea6f4b5957a001a7227141b2ee7d714b421b.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | dl.dropboxusercontent.com | udp |
| US | 8.8.8.8:53 | freegeoip.app | udp |
| US | 8.8.8.8:53 | dl.dropboxusercontent.com | udp |
| GB | 162.125.64.15:443 | dl.dropboxusercontent.com | tcp |
| GB | 162.125.64.15:443 | dl.dropboxusercontent.com | tcp |
| US | 104.21.73.97:443 | freegeoip.app | tcp |
| GB | 162.125.64.15:443 | dl.dropboxusercontent.com | tcp |
| GB | 162.125.64.15:443 | dl.dropboxusercontent.com | tcp |
| GB | 162.125.64.15:443 | dl.dropboxusercontent.com | tcp |
| GB | 162.125.64.15:443 | dl.dropboxusercontent.com | tcp |
| GB | 162.125.64.15:443 | dl.dropboxusercontent.com | tcp |
| GB | 162.125.64.15:443 | dl.dropboxusercontent.com | tcp |
| US | 8.8.8.8:53 | ipbase.com | udp |
| US | 104.21.85.189:443 | ipbase.com | tcp |
| US | 8.8.8.8:53 | api.ipify.org | udp |
| US | 172.67.74.152:443 | api.ipify.org | tcp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 172.67.74.152:443 | api.ipify.org | tcp |
| US | 172.67.74.152:443 | api.ipify.org | tcp |
| US | 8.8.8.8:53 | api.telegram.org | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
Files
memory/2516-0-0x000000007424E000-0x000000007424F000-memory.dmp
memory/2516-1-0x0000000000050000-0x00000000000A6000-memory.dmp
memory/2516-2-0x0000000074240000-0x000000007492E000-memory.dmp
C:\ProgramData\ELZYPTFV\Browsers\Firefox\Bookmarks.txt
| MD5 | 2e9d094dda5cdc3ce6519f75943a4ff4 |
| SHA1 | 5d989b4ac8b699781681fe75ed9ef98191a5096c |
| SHA256 | c84c98bbf5e0ef9c8d0708b5d60c5bb656b7d6be5135d7f7a8d25557e08cf142 |
| SHA512 | d1f7eed00959e902bdb2125b91721460d3ff99f3bdfc1f2a343d4f58e8d4e5e5a06c0c6cdc0379211c94510f7c00d7a8b34fa7d0ca0c3d54cbbe878f1e9812b7 |
memory/2516-85-0x000000007424E000-0x000000007424F000-memory.dmp
memory/2516-86-0x0000000074240000-0x000000007492E000-memory.dmp
C:\ProgramData\ELZYPTFV\FileGrabber\Desktop\EditExport.html
| MD5 | 6b039cf336a0cd8b24b139a6c4dff317 |
| SHA1 | 45d3aa1744ba4fed4dc996626c5165729dfdef0d |
| SHA256 | ba4e2edd40173a23b9b5332966a4fdd48076757ce9bc3b213e61933cd085c0c3 |
| SHA512 | 881d0f6f00aae504bc67c14ab5b2231fe0e887adffeb549bcba95bc6712c9f9221eed436741c6b3fad0eb5ff424fa03d77b8cfd7099402e38ca49b6d1fd1cc12 |
C:\ProgramData\ELZYPTFV\FileGrabber\Desktop\JoinImport.txt
| MD5 | b8c2f91120f953b49ad802e78a05025d |
| SHA1 | 9ef7166044fed8e1a7ee4e2f5dea48ae2fbbccb6 |
| SHA256 | 0a40da271080c92888ade8a3f1cee009f13555409fe81309f336dd5fade27313 |
| SHA512 | a6df2cf8a673ecc06d73478c1c4bcc06dc4c1013afac4b879c7ba7e97fff02dcb60da7185880a97078fb2d6dc7ae7e94667d5def5a2b62fbe668c1237588eeb6 |
C:\ProgramData\ELZYPTFV\FileGrabber\Desktop\LockUnprotect.svg
| MD5 | 3afc8b45553dfd8fcf9328c396a33e65 |
| SHA1 | 09ff9a38f3e155407d7f7e2861764c22cae69604 |
| SHA256 | 0837802d720b2e3874b950b0f924496d820984f40430c56c8d2a6a9e3063c144 |
| SHA512 | a998651748818b94c8d037eaa1db39351566cc7e6534cd901fc352ecae9a671047bdc5aab68bcdf092a573529c53512c08d3bdace26a5896b503c1243edf7b87 |
C:\ProgramData\ELZYPTFV\FileGrabber\Desktop\RegisterAssert.ini
| MD5 | b67cd8e6dd8e3ad739267d43863adfeb |
| SHA1 | 9d11edf1b139d2369ed5e8beaed78897396f1239 |
| SHA256 | f84064307d8bed87686e9cc0b66c9c228bdc647fd9c21b7c0ba7a5c6716c5c5b |
| SHA512 | 85ee943dc50025b9a1550a02067bf6642602b42cf83fdd710c6dedf8f8052c464806889301457a23f2f836fdd4364a6b744ccb07f1315cd692d8589ad88997e8 |
C:\ProgramData\ELZYPTFV\FileGrabber\Desktop\RestartWait.xlsx
| MD5 | f6ef91b3d26e1b4fe7e269405d516084 |
| SHA1 | d0b1a6652de6c43685e9d97bb8ef511b1afef896 |
| SHA256 | c7013ce1b5533762a8f62f2253d17c2a6d2677a7cff921bc8d877d8126c176e2 |
| SHA512 | 75820bc95816b43005af48d4a1b257724b9c2a038cfe617770e59873d397d590939ac1d02d5c2cdc0dc5780e247746a154a056702582981f5cfa20e98ce6a6f5 |
C:\ProgramData\ELZYPTFV\FileGrabber\Desktop\SelectDebug.jpeg
| MD5 | 13b4adf9c7fa5702a72c577fe005b649 |
| SHA1 | dbbf674bb72758aafa85763ef474603d672ab001 |
| SHA256 | 17ec4b4293092d7acb44bd3ea00856afde302d94417a6186ff0880cae52eec76 |
| SHA512 | ebc3d22cf512c8aad16076eecc2cef80fa2ea2bb2c360623de86acbe55d161bddd4e03eeecc6f500e24f5164bb3f0537f90429e7931f0c0a714dac3b235dc2b1 |
C:\ProgramData\ELZYPTFV\FileGrabber\Documents\ConnectRemove.rtf
| MD5 | 7afe5bf6fe9ed26d6839df83d062e907 |
| SHA1 | dba99d3c302b852c966b7e6c66d1ce91590d0391 |
| SHA256 | abaee788fd723ac8cb1189001888f5b39d08aab5cefe610cdf18d4749578d3c1 |
| SHA512 | f9a2cac420a012911c5a2d7301ce7b76d8e9d749a4cf1df07132e1ebc99f4e30a65245ee498568360881dfbb52cd9680f961ebcdb5d9f2c18d663cded9d6389d |
C:\ProgramData\ELZYPTFV\FileGrabber\Documents\SkipWait.xls
| MD5 | 25d4c0907dc14909b1dadbd188316edc |
| SHA1 | 3d560f0f90f02155bbe211243b4a6caf88399624 |
| SHA256 | 390f55f8449f0ad7835180b34c10eed053b0aae4dda4a2b5e7d836646c1add66 |
| SHA512 | 55ac2e54f94998601b454869c882be3b1055ada7a33d8675d6a04a1ca014ea45ed9026c8a655f78ff55919abe8e8ea7cf06d4c4a64d705332a9fcfef884d173e |
C:\ProgramData\ELZYPTFV\FileGrabber\Downloads\ConnectGrant.html
| MD5 | 9424e699a71ac27543a91cfee5cca073 |
| SHA1 | 53907f2fd2f6e73cbaf4064f4ea5afb609dc48b6 |
| SHA256 | 7eee9a6fdd039ad4d90330ea3d76f2f7567a1de8839203afb9b9bcd979adca91 |
| SHA512 | cc60fdd556b8398f1dbfd9c908bf4c9913ebefb5018a51591f099d10b596c74cadac8e68e9b31252c0c3f2cda6c8f88a9d7b7dc46b0e7ca378cf116f813d0ce5 |
C:\ProgramData\ELZYPTFV\FileGrabber\Downloads\DenyConvert.jpeg
| MD5 | bfe48b0e2ad52856b814572672b01d31 |
| SHA1 | 2d0f452ae70d8abb6040f53416e1d83fc35c96b9 |
| SHA256 | 945b9c9998abc142fd6706b79e44ea7455e3e0d8869553f0ade42bd3f4cc5053 |
| SHA512 | 01cc5339b9a6477d773658d3bb9fcb6ec9f523b49991da388167f32cb7ad2dfc9bc4496dfd5c203d2c7f1f06beeb30d2e0c09f22fd4dc0b33142eabdd5bf15d4 |
C:\ProgramData\ELZYPTFV\FileGrabber\Downloads\FormatReset.jpg
| MD5 | 84424e80ac817b2d92d6814adeff6f2b |
| SHA1 | 3101cd9714716dc7cf1cf12432f5bb9e47b58814 |
| SHA256 | 2304ab7691ad9873e22376ae614cb147a5de1fc55f7be34e9bceff11f2f08f19 |
| SHA512 | 9cc082b944d690250f9014bdc9645d5469dec0b64df22313a91f9032913c1c41b379500bde98ce38913dbdbefb8e22d059080005244f52d120f0d6b41b411e5c |
C:\ProgramData\ELZYPTFV\FileGrabber\Pictures\NewSubmit.png
| MD5 | 7c097e3e9f320f0c2e7e9447e386c8bf |
| SHA1 | e79eb66548b938baeeae938248f9de82e5063c6d |
| SHA256 | a365fec82693652b925ffe1941e12a97e660255090987e9027334de8075c8934 |
| SHA512 | 01441b5d329d06546c7ac288aa3eb19d81c4023214c5e6747701dd01d4453c2f8e6327df3140ed9aabde163cd2e066e590197367707341ff9ebf3a55b3f74a48 |
C:\ProgramData\ELZYPTFV\FileGrabber\Pictures\RedoEnter.svg
| MD5 | 3006834b8421663a661af48c9e7b3dfb |
| SHA1 | e80c9a7b04b414d7fbdc373b9e3eac085356765b |
| SHA256 | 2cb48bb7dfa0d9286f48c7b0c8d303f5e2989aad94ef6b67d6ef70f2c0149b4c |
| SHA512 | 85fbdb2269446b3a9ad2fa68c1ee51eea830ea6a21852469afc063f35be71b9692d18ba71ba4019877501b4197b367d280cbe835959882016309d5063c0eb902 |
memory/2516-211-0x0000000074240000-0x000000007492E000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-07-08 16:24
Reported
2024-07-08 16:27
Platform
win10v2004-20240704-en
Max time kernel
137s
Max time network
128s
Command Line
Signatures
StormKitty
StormKitty payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
Accesses Microsoft Outlook profiles
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\9a25faeade01978fd39daedd1b8fea6f4b5957a001a7227141b2ee7d714b421b.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\9a25faeade01978fd39daedd1b8fea6f4b5957a001a7227141b2ee7d714b421b.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\9a25faeade01978fd39daedd1b8fea6f4b5957a001a7227141b2ee7d714b421b.exe | N/A |
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Local\DJVPRFTV\FileGrabber\Pictures\desktop.ini | C:\Users\Admin\AppData\Local\Temp\9a25faeade01978fd39daedd1b8fea6f4b5957a001a7227141b2ee7d714b421b.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\DJVPRFTV\FileGrabber\Desktop\desktop.ini | C:\Users\Admin\AppData\Local\Temp\9a25faeade01978fd39daedd1b8fea6f4b5957a001a7227141b2ee7d714b421b.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.ipify.org | N/A | N/A |
| N/A | ip-api.com | N/A | N/A |
| N/A | freegeoip.app | N/A | N/A |
| N/A | freegeoip.app | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\9a25faeade01978fd39daedd1b8fea6f4b5957a001a7227141b2ee7d714b421b.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Users\Admin\AppData\Local\Temp\9a25faeade01978fd39daedd1b8fea6f4b5957a001a7227141b2ee7d714b421b.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\9a25faeade01978fd39daedd1b8fea6f4b5957a001a7227141b2ee7d714b421b.exe | N/A |
outlook_office_path
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\9a25faeade01978fd39daedd1b8fea6f4b5957a001a7227141b2ee7d714b421b.exe | N/A |
outlook_win_path
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\9a25faeade01978fd39daedd1b8fea6f4b5957a001a7227141b2ee7d714b421b.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\9a25faeade01978fd39daedd1b8fea6f4b5957a001a7227141b2ee7d714b421b.exe
"C:\Users\Admin\AppData\Local\Temp\9a25faeade01978fd39daedd1b8fea6f4b5957a001a7227141b2ee7d714b421b.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | freegeoip.app | udp |
| US | 8.8.8.8:53 | dl.dropboxusercontent.com | udp |
| US | 104.21.73.97:443 | freegeoip.app | tcp |
| GB | 162.125.64.15:443 | dl.dropboxusercontent.com | tcp |
| GB | 162.125.64.15:443 | dl.dropboxusercontent.com | tcp |
| US | 8.8.8.8:53 | 97.73.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.64.125.162.in-addr.arpa | udp |
| GB | 162.125.64.15:443 | dl.dropboxusercontent.com | tcp |
| GB | 162.125.64.15:443 | dl.dropboxusercontent.com | tcp |
| GB | 162.125.64.15:443 | dl.dropboxusercontent.com | tcp |
| US | 8.8.8.8:53 | ipbase.com | udp |
| US | 172.67.209.71:443 | ipbase.com | tcp |
| US | 8.8.8.8:53 | 71.209.67.172.in-addr.arpa | udp |
| GB | 162.125.64.15:443 | dl.dropboxusercontent.com | tcp |
| GB | 162.125.64.15:443 | dl.dropboxusercontent.com | tcp |
| GB | 162.125.64.15:443 | dl.dropboxusercontent.com | tcp |
| GB | 162.125.64.15:443 | dl.dropboxusercontent.com | tcp |
| US | 8.8.8.8:53 | api.ipify.org | udp |
| US | 104.26.12.205:443 | api.ipify.org | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | 205.12.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.112.95.208.in-addr.arpa | udp |
| GB | 162.125.64.15:443 | dl.dropboxusercontent.com | tcp |
| GB | 162.125.64.15:443 | dl.dropboxusercontent.com | tcp |
| GB | 162.125.64.15:443 | dl.dropboxusercontent.com | tcp |
| GB | 162.125.64.15:443 | dl.dropboxusercontent.com | tcp |
| US | 8.8.8.8:53 | api.telegram.org | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 8.8.8.8:53 | 220.167.154.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
Files
memory/4536-0-0x000000007455E000-0x000000007455F000-memory.dmp
memory/4536-1-0x0000000000770000-0x00000000007C6000-memory.dmp
memory/4536-2-0x0000000074550000-0x0000000074D00000-memory.dmp
memory/4536-36-0x00000000064C0000-0x0000000006552000-memory.dmp
memory/4536-37-0x0000000006B10000-0x00000000070B4000-memory.dmp
memory/4536-41-0x00000000069D0000-0x0000000006A36000-memory.dmp
C:\Users\Admin\AppData\Local\DJVPRFTV\Process.txt
| MD5 | 8ffdc0a1156b079ae04f4b52b28fb3b2 |
| SHA1 | 35b53f7c9769c711a61199453f911a18384256da |
| SHA256 | f41130d097512f5d8959a1d2e429d45f4e343325f2d83e4469d02479b9d0f36d |
| SHA512 | f0c02adc4f28ea5ff8d49ca60d797f5d241b4efbc0f8164d4474a10d42dc5f798d4cd0db6fa3a679fbbdc251c9028b617dc1bd6273a09b62040b5564414c2c05 |
C:\Users\Admin\AppData\Local\DJVPRFTV\Browsers\Firefox\Bookmarks.txt
| MD5 | 2e9d094dda5cdc3ce6519f75943a4ff4 |
| SHA1 | 5d989b4ac8b699781681fe75ed9ef98191a5096c |
| SHA256 | c84c98bbf5e0ef9c8d0708b5d60c5bb656b7d6be5135d7f7a8d25557e08cf142 |
| SHA512 | d1f7eed00959e902bdb2125b91721460d3ff99f3bdfc1f2a343d4f58e8d4e5e5a06c0c6cdc0379211c94510f7c00d7a8b34fa7d0ca0c3d54cbbe878f1e9812b7 |
C:\Users\Admin\AppData\Local\DJVPRFTV\FileGrabber\Desktop\CheckpointEnable.rtf
| MD5 | c0b854aaa1481ebed201bb28984e10f6 |
| SHA1 | 393d259622c3d6ce7d7165cc146e3169c43df8df |
| SHA256 | b3f4fafb3f335b2ddc978e4adb5f04d94506834d3ef5a9622b181a0c19217f9a |
| SHA512 | 79cbba2e21c5dcb067ffea967da936dac3f7aea56b0f17301f4c93de978743a8602a339e20f43ce0a80f62263c09b6132beab7372db02e04ff547dc6c513b14e |
C:\Users\Admin\AppData\Local\DJVPRFTV\FileGrabber\Desktop\CompareCheckpoint.jpeg
| MD5 | deaad2210966073a544ce701c90ae5d3 |
| SHA1 | 59ebc204aff3c24c49ce7a40c45062d4ffe37cca |
| SHA256 | ed84d2fbcf63d75bd8d28df61a6aaa9fbfb83dbe8f4a6bae691bd09c01285744 |
| SHA512 | fe9702e9e2a7d292e41e95500212c3143b342a0cd081cfd3e0e82d957b903222399057f3e659a954969d0f5c0dbce1d6059ccf5096551cd3964005cb0348bec0 |
C:\Users\Admin\AppData\Local\DJVPRFTV\FileGrabber\Desktop\DisableCompare.html
| MD5 | 25f9f6f15e749534f3db0a2079c445f5 |
| SHA1 | be3133681b6092af03e2325afdb3bcf48adedecd |
| SHA256 | 1cb37e5c6220adcd2c72b549711da43b0dd262c39a59a6d8b0b95e49a5b9d9c3 |
| SHA512 | 131795cd52916ecbdde65f536e2fae694c911912ea8033f1c2808e114cbfdfcbd3996fa7a2bada628ade3aeeac19e99564d854c3178b4e15d2a4761e1b6ddb26 |
C:\Users\Admin\AppData\Local\DJVPRFTV\FileGrabber\Desktop\InvokeImport.css
| MD5 | 02e561d03b5b4186020c27724f3787a4 |
| SHA1 | 4ec35fb7e0089858d5596c2f5da2ff10489b1e9d |
| SHA256 | 788853b48028c4c0cd0135fe3e6adca6f882937fb0790e566c76042c72e8aca1 |
| SHA512 | f4196fa1c341a2d24831667017b2fb03c340ebed05abddd846ca8e0c7964ddbb4fe60f0ca67859332d31e3cdb83cad6272ebb0c1243a8172f796bf4bb71f0bc0 |
C:\Users\Admin\AppData\Local\DJVPRFTV\FileGrabber\Desktop\JoinDisable.pdf
| MD5 | e50d86070194763e9090846288e50222 |
| SHA1 | 2f233b106fa9fd56e8f0be54eba4f6e5f41e6672 |
| SHA256 | f1564091585eebf8e511b951afd089c1c7f4a215862f2b7861cafec524ef05f2 |
| SHA512 | b965e05e9a3e47e4e34a526044b8ec43007cd5044301565110416559939c19d2c8ed86d5df7ce97d53a28c87176469431e80ded1fcd1323e8b1bf6471848c1da |
C:\Users\Admin\AppData\Local\DJVPRFTV\FileGrabber\Desktop\TraceRepair.docx
| MD5 | 863ea08e9bef0345d6c6e17af62b26b2 |
| SHA1 | 9247e80576c722988ce7668ba3e927d93f6f958c |
| SHA256 | f3c5e5352e72236094a5befa91ddd1f9655ee37d090c89b7bf4ec96a7ab29d4d |
| SHA512 | 00aba907113b19fee4e4b28743ddece81b09ff88c6bbb7aea4401aad5cdbcc2103555d7e896d7524e654bf9265424dbaf23e44f83aaa7c399e67dfbff5e2b2aa |
C:\Users\Admin\AppData\Local\DJVPRFTV\FileGrabber\Desktop\WriteUnregister.php
| MD5 | 83c9566df27c6a8a30c6b80bac1020da |
| SHA1 | debb7ce6b9d33de6f63ac1d5c928e1f5b0fddc93 |
| SHA256 | 847ed08519daaa0764c6fb8c051f7a1dd867d8b9bf0c6f528e614b6093ad7ec7 |
| SHA512 | 6f9a44bf32bfeaef77e83de1609a4f9cd84bcf2b2362653885ec7651416e964f070adb913d40ca7d5aae4b527f8e83b30c47ba15b599d4e19921eb96610f1e18 |
C:\Users\Admin\AppData\Local\DJVPRFTV\FileGrabber\Documents\BackupBlock.docx
| MD5 | 3300d712438e903e25efa2d47bb83baf |
| SHA1 | 15bdbb6d3d92de33ded4b5639eabe03ab042bfa3 |
| SHA256 | ca254c9c0603678c1504347cd0c142aa7e4aff393f95b45b3e40958828a3196e |
| SHA512 | f7557ed2b4dbda08d3fc46088abac284bf4f1cfe0577b81a1b74759314ec977a53db95d49ef7400e139794618671dca425e97b2f24a60d423a87c00895adee99 |
C:\Users\Admin\AppData\Local\DJVPRFTV\FileGrabber\Documents\CompressSearch.xls
| MD5 | 524395022f41ef99c20087c20fc0a5f3 |
| SHA1 | 2ed6f05554ad82805a5841972e49cd8914df44d3 |
| SHA256 | c33db37c70d780292df8092335d062458146ab783043fc2d942f20ac6cb6d356 |
| SHA512 | 7c2bd305a046abd7c53729db3e4b36d70d2b01fdb753a13401267b488268d77e2a031a9f9f034195245aebf3a464fbd66d997e699a31bed0f7dd16352e2d6394 |
C:\Users\Admin\AppData\Local\DJVPRFTV\FileGrabber\Downloads\CloseShow.doc
| MD5 | aec151fc8ca93acf18e2d64ec0b5bda3 |
| SHA1 | 57050101b10895124369247dcc47dbc2a90505eb |
| SHA256 | e2d6b18be33692d6e0d4a6a75fc53077b4ed5267fdb6d6b65807ed54cde60ba7 |
| SHA512 | c05fc5480bd3aeab978597073aea93fdb2873337955fc11b45cbd08eb567a82a539f8a54e3fdce0d437cf5f285563ca07836d9634ba69221e0780d0026dd1a94 |
C:\Users\Admin\AppData\Local\DJVPRFTV\FileGrabber\Downloads\CompareGrant.txt
| MD5 | b8e75a98480ab9e9354eb1efc69ee12f |
| SHA1 | 29c64c634dd1453cb29f0b50c9a05e66fd02e149 |
| SHA256 | 2526a081d6f69a98601a7fe549ae5d0157fdf56fb7a3b2f414bbf005564b55a5 |
| SHA512 | e144de984f6c090e47bc356d525fd6c963d82a9cf5f24c52c23b8bbce6697e106aa435254a78c42e64ef926d105b77e73f5e47e1bedb484c54d3ad56f8e5c8bd |
C:\Users\Admin\AppData\Local\DJVPRFTV\FileGrabber\Pictures\CheckpointRedo.png
| MD5 | 5faa6c524082d8001ee81dcaad51c75e |
| SHA1 | f25a772832ee9b3785a9602a3e41dad81c0da45d |
| SHA256 | 61c05aa604aef4f32613f323b38c729bf43cd2ddae0ac838f92a6fe5d1cee60f |
| SHA512 | bb02788a0e4bf3570b304233e961f92839d6bcbb338c5f413f6e169ec24516511cd75544fbcbdbd389d27fad7fcabb00086c968ce027a341e030d3439efe8cd3 |
C:\Users\Admin\AppData\Local\DJVPRFTV\FileGrabber\Pictures\UnregisterSwitch.svg
| MD5 | 0c53a4859f2ab65d344be1426aa9a9fb |
| SHA1 | 0080aa3eb394ba196300116911ccdaa30eafd112 |
| SHA256 | 14e215a0509e3a41283ce6574f37ebf83a3a3e4ad5854aa60304354986817f23 |
| SHA512 | 20768038c47f96c7d85261a3b0135e9227ecb0a071159d3ba11a90c18358458789c3f1adb78a6d03156ac4631f4ba9abd7b7f5281dedbffc5d6cf65c45c3fdf9 |
memory/4536-242-0x000000007455E000-0x000000007455F000-memory.dmp
memory/4536-243-0x0000000074550000-0x0000000074D00000-memory.dmp
memory/4536-270-0x0000000074550000-0x0000000074D00000-memory.dmp