stormkitty | hxxps://github[.]com/otaku-codes/StormKitty-API-Fixed/releases/download/stromkitty/Stromkitty[.]By[.]otaku_codes[.]rar

Analysis

max time kernel
226s
max time network
230s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
11-10-2024 13:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/otaku-codes/StormKitty-API-Fixed/releases/download/stromkitty/Stromkitty.By.otaku_codes.rar

Score

10^/10

stormkitty discovery stealer

Malware Config

Signatures

StormKitty
StormKitty is an open source info stealer written in C#.
stealer stormkitty

StormKitty payload 6 IoCs

resource	yara_rule
behavioral2/files/0x001900000002ac36-610.dat	family_stormkitty
behavioral2/files/0x001900000002ac37-611.dat	family_stormkitty
behavioral2/memory/4524-614-0x00000000006F0000-0x0000000000700000-memory.dmp	family_stormkitty
behavioral2/files/0x001900000002ac49-623.dat	family_stormkitty
behavioral2/files/0x001c00000002ac54-641.dat	family_stormkitty
behavioral2/files/0x001900000002ac65-652.dat	family_stormkitty

Executes dropped EXE 3 IoCs

pid	Process
4524	StormKittyBuilder.exe
4660	StormKittyBuilder.exe
1520	Confuser.CLI.exe

Loads dropped DLL 2 IoCs

pid	Process
4660	StormKittyBuilder.exe
4660	StormKittyBuilder.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	StormKittyBuilder.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	timeout.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	StormKittyBuilder.exe

Delays execution with timeout.exe 1 IoCs

evasion

pid	Process
3416	timeout.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Stromkitty.By.otaku_codes.rar:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 15 IoCs

pid	Process
4780	msedge.exe
4780	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
1032	msedge.exe
1032	msedge.exe
3680	identity_helper.exe
3680	identity_helper.exe
4120	msedge.exe
4120	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeRestorePrivilege	784	7zFM.exe
Token: 35	784	7zFM.exe
Token: SeSecurityPrivilege	784	7zFM.exe
Token: SeDebugPrivilege	4524	StormKittyBuilder.exe

Suspicious use of FindShellTrayWindow 37 IoCs

pid	Process
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
784	7zFM.exe
784	7zFM.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2900 wrote to memory of 4952	2900	msedge.exe	79
PID 2900 wrote to memory of 4952	2900	msedge.exe	79
PID 2900 wrote to memory of 492	2900	msedge.exe	80
PID 2900 wrote to memory of 492	2900	msedge.exe	80
PID 2900 wrote to memory of 492	2900	msedge.exe	80
PID 2900 wrote to memory of 492	2900	msedge.exe	80
PID 2900 wrote to memory of 492	2900	msedge.exe	80
PID 2900 wrote to memory of 492	2900	msedge.exe	80
PID 2900 wrote to memory of 492	2900	msedge.exe	80
PID 2900 wrote to memory of 492	2900	msedge.exe	80
PID 2900 wrote to memory of 492	2900	msedge.exe	80
PID 2900 wrote to memory of 492	2900	msedge.exe	80
PID 2900 wrote to memory of 492	2900	msedge.exe	80
PID 2900 wrote to memory of 492	2900	msedge.exe	80
PID 2900 wrote to memory of 492	2900	msedge.exe	80
PID 2900 wrote to memory of 492	2900	msedge.exe	80
PID 2900 wrote to memory of 492	2900	msedge.exe	80
PID 2900 wrote to memory of 492	2900	msedge.exe	80
PID 2900 wrote to memory of 492	2900	msedge.exe	80
PID 2900 wrote to memory of 492	2900	msedge.exe	80
PID 2900 wrote to memory of 492	2900	msedge.exe	80
PID 2900 wrote to memory of 492	2900	msedge.exe	80
PID 2900 wrote to memory of 492	2900	msedge.exe	80
PID 2900 wrote to memory of 492	2900	msedge.exe	80
PID 2900 wrote to memory of 492	2900	msedge.exe	80
PID 2900 wrote to memory of 492	2900	msedge.exe	80
PID 2900 wrote to memory of 492	2900	msedge.exe	80
PID 2900 wrote to memory of 492	2900	msedge.exe	80
PID 2900 wrote to memory of 492	2900	msedge.exe	80
PID 2900 wrote to memory of 492	2900	msedge.exe	80
PID 2900 wrote to memory of 492	2900	msedge.exe	80
PID 2900 wrote to memory of 492	2900	msedge.exe	80
PID 2900 wrote to memory of 492	2900	msedge.exe	80
PID 2900 wrote to memory of 492	2900	msedge.exe	80
PID 2900 wrote to memory of 492	2900	msedge.exe	80
PID 2900 wrote to memory of 492	2900	msedge.exe	80
PID 2900 wrote to memory of 492	2900	msedge.exe	80
PID 2900 wrote to memory of 492	2900	msedge.exe	80
PID 2900 wrote to memory of 492	2900	msedge.exe	80
PID 2900 wrote to memory of 492	2900	msedge.exe	80
PID 2900 wrote to memory of 492	2900	msedge.exe	80
PID 2900 wrote to memory of 492	2900	msedge.exe	80
PID 2900 wrote to memory of 4780	2900	msedge.exe	81
PID 2900 wrote to memory of 4780	2900	msedge.exe	81
PID 2900 wrote to memory of 4788	2900	msedge.exe	82
PID 2900 wrote to memory of 4788	2900	msedge.exe	82
PID 2900 wrote to memory of 4788	2900	msedge.exe	82
PID 2900 wrote to memory of 4788	2900	msedge.exe	82
PID 2900 wrote to memory of 4788	2900	msedge.exe	82
PID 2900 wrote to memory of 4788	2900	msedge.exe	82
PID 2900 wrote to memory of 4788	2900	msedge.exe	82
PID 2900 wrote to memory of 4788	2900	msedge.exe	82
PID 2900 wrote to memory of 4788	2900	msedge.exe	82
PID 2900 wrote to memory of 4788	2900	msedge.exe	82
PID 2900 wrote to memory of 4788	2900	msedge.exe	82
PID 2900 wrote to memory of 4788	2900	msedge.exe	82
PID 2900 wrote to memory of 4788	2900	msedge.exe	82
PID 2900 wrote to memory of 4788	2900	msedge.exe	82
PID 2900 wrote to memory of 4788	2900	msedge.exe	82
PID 2900 wrote to memory of 4788	2900	msedge.exe	82
PID 2900 wrote to memory of 4788	2900	msedge.exe	82
PID 2900 wrote to memory of 4788	2900	msedge.exe	82
PID 2900 wrote to memory of 4788	2900	msedge.exe	82
PID 2900 wrote to memory of 4788	2900	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/otaku-codes/StormKitty-API-Fixed/releases/download/stromkitty/Stromkitty.By.otaku_codes.rar
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffedfe23cb8,0x7ffedfe23cc8,0x7ffedfe23cd8
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,1040280179487920147,9452099373789655690,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,1040280179487920147,9452099373789655690,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,1040280179487920147,9452099373789655690,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2476 /prefetch:8
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1040280179487920147,9452099373789655690,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1040280179487920147,9452099373789655690,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1040280179487920147,9452099373789655690,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,1040280179487920147,9452099373789655690,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1032
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,1040280179487920147,9452099373789655690,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,1040280179487920147,9452099373789655690,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1040280179487920147,9452099373789655690,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:1344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1040280179487920147,9452099373789655690,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1040280179487920147,9452099373789655690,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1040280179487920147,9452099373789655690,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,1040280179487920147,9452099373789655690,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2940 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4180

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2740

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3056

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Stromkitty.By.otaku_codes.rar"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:784

C:\Users\Admin\Desktop\Stromkitty By otaku_codes\StormKittyBuilder.exe
"C:\Users\Admin\Desktop\Stromkitty By otaku_codes\StormKittyBuilder.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:4524

C:\Users\Admin\Desktop\Stromkitty By otaku_codes\StormKittyBuilder.exe
"C:\Users\Admin\Desktop\Stromkitty By otaku_codes\StormKittyBuilder.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4660
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /C title Confuzer && color f && obfuscator\Confuser.CLI.exe -n C:\Users\Admin\AppData\Local\Temp\tmpD0EE.tmp.crproj && timeout /t 7
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3880
- - C:\Users\Admin\Desktop\Stromkitty By otaku_codes\obfuscator\Confuser.CLI.exe
    obfuscator\Confuser.CLI.exe -n C:\Users\Admin\AppData\Local\Temp\tmpD0EE.tmp.crproj
    3⤵
    - Executes dropped EXE
    PID:1520
- - C:\Windows\SysWOW64\timeout.exe
    timeout /t 7
    3⤵
    - System Location Discovery: System Language Discovery
    - Delays execution with timeout.exe
    PID:3416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\StormKittyBuilder.exe.log

Filesize
847B

MD5
b5157e3b05d5377e804a3da93f60cd05

SHA1
7cf8567609e35a0a3bcfd12abc22c794ce400781

SHA256
e657eb2ddff170d808168b02d455644f23f121a9495cd0c4bf83d32127ce7c2e

SHA512
328e85b3eda0b3f439fd1d0a58e8351083ec3cf67b7a6e358b760368ac5ba193dee7e62d01ef21bc1422ceba8748842913c3ceff9a7ff5b8439b2d05556ecb13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
826c7cac03e3ae47bfe2a7e50281605e

SHA1
100fbea3e078edec43db48c3312fbbf83f11fca0

SHA256
239b1d7cc6f76e1d1832b0587664f114f38a21539cb8548e25626ed5053ea2ab

SHA512
a82f3c817a6460fd8907a4ac6ab37c2129fb5466707edcfb565c255680d7f7212a5669fe2a42976150f16e4e549ea8310078f22ed35514ee1b7b45b46d8cc96e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
02a4b762e84a74f9ee8a7d8ddd34fedb

SHA1
4a870e3bd7fd56235062789d780610f95e3b8785

SHA256
366e497233268d7cdf699242e4b2c7ecc1999d0a84e12744f5af2b638e9d86da

SHA512
19028c45f2e05a0cb32865a2554513c1536bf9da63512ff4e964c94a3e171f373493c7787d2d2a6df8012648bbefab63a9de924f119c50c39c727cf81bdc659f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
265B

MD5
f5cd008cf465804d0e6f39a8d81f9a2d

SHA1
6b2907356472ed4a719e5675cc08969f30adc855

SHA256
fcea95cc39dc6c2a925f5aed739dbedaa405ee4ce127f535fcf1c751b2b8fb5d

SHA512
dc97034546a4c94bdaa6f644b5cfd1e477209de9a03a5b02a360c254a406c1d647d6f90860f385e27387b35631c41f0886cb543ede9116436941b9af6cd3285d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1d28be861a7bbd1b5ae768b423e7fff0

SHA1
45d329f7f382d7394904c4d0303875fd42e8f4e9

SHA256
6dfcd99a804adbfeafd6ea61ddfea53730203671372ec68176a6e601961ada74

SHA512
1bf6bfe1abb9b132ad24988532063feb3294b13130d40334f0b8b1f0e62039b65ccdd69590bf4a360918b067db7efe348504504c86778f86912764555dfec402

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
48768721e2a0b764d68536c9f9a29f85

SHA1
aaaf360c3a397ab587fdad8a465bc853620b382b

SHA256
8ecc57395caa86e794ea083ffd5ef2b4fc3eb315892bf2cad8a8979d2c8c2740

SHA512
f46f78b68cbc5861425c22142981a086ad277d37a28139dff3124d13a1c4fdd5eaf5c9a2cc77578a6f6ce4f39b7b9308a0d50f5eabe7d8fe764dc8e3ff2e6e3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
298763cb294d5496c9453e44e4111bfb

SHA1
890f67bc4a77c9c88a9635519ab2ededca41fe1a

SHA256
53f791567f80b2d8669406427172a4496ca8525aa0f6cf1dce92ee9e92634714

SHA512
381ed591dee27d1756453ec32955ffc201d606afcb4b4c15fce149fd2d5b8a883dca5aabe4c522812db460198ee260e699940e78211a238778958272af13676b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2ee1321b985810c978cf0a113db82496

SHA1
b5351b033e838cd3a2ef714c9e9d7365e22fc1ba

SHA256
a1381f9896aa9687c18fba2e2ca326345618ec9c6a47b131f88aeaf5d554999e

SHA512
efe591ef27433f96fe8715dea425bcb337667aed1b5b84b83115128f986f79e7ebd6edb2c797da7d1e3ca4d1e805a5ccca70f48a048faa48f0362d8fa63f4992

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6b325020a6d58390da45ea7644dcc891

SHA1
e6869e7ddcee6dceb7cc103c2881f2a593b06529

SHA256
5d697f12e46096f36561ce18899a14004e0fb5bb5ec97aa2d19d3c2d33f33575

SHA512
c73e9f9528af164d0c2ddc6d9411b9e29e810949b13162331e4c920b2f4f8a1459481862f08335d62337b0be20065e903a0ca80830e4847422b252dee27d7fce

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpD0EE.tmp.crproj

Filesize
596B

MD5
1cc702266384297d3588f97dfd83ca23

SHA1
8e8d87cbdff7bca38de7d84d81fece068ca1d629

SHA256
8d5a53ed410188a09e4e6ae15a56ea4e12bb9fa6fcd6cd971dda09199714b5d9

SHA512
08b4a05b504e4838a9a8f3768ea78d97d1cd66a4eca82ba9f5894064aa419329cb384fdf6331a3efe5dc63593dd67a76f087d4ca3a6ddc1e4f9c5f9b0baacaf0

Download Submit
C:\Users\Admin\Desktop\Stromkitty By otaku_codes\Mono.Cecil.dll

Filesize
337KB

MD5
7546acebc5a5213dee2a5ed18d7ebc6c

SHA1
b964d242c0778485322ccb3a3b7c25569c0718b7

SHA256
7744c9c84c28033bc3606f4dfce2adcd6f632e2be7827893c3e2257100f1cf9e

SHA512
30b3a001550dca88c8effc9e8107442560ee1f42e3d2f354cc2813ae9030bf872c76dc211fd12778385387be5937e9bf172ea00c151cab0bca77c8aafdd11f7d

Download Submit
C:\Users\Admin\Desktop\Stromkitty By otaku_codes\StormKittyBuild.exe

Filesize
366KB

MD5
1afedad3b668e4bd8faa5f2d7abda95b

SHA1
99bca8ccac242858184191f64f5da874722442f8

SHA256
3106f3defd63051dd4652582b58c1f030c102f5f6e49a10e3e008df6e7a27fc1

SHA512
2b9eb2ed122e20e82148c2243d25376cb44008d91a2bda41922380955a532fe827503b527d39b3aa96d8a0cd85cfdc942c23203b87568d292313c203c499c0c0

Download Submit
C:\Users\Admin\Desktop\Stromkitty By otaku_codes\StormKittyBuilder.exe

Filesize
40KB

MD5
94e1a4b2c59d68dcf969affa76f2d6e7

SHA1
6a12b3540c13d11fde4637c504438c852635b41b

SHA256
1930c1df6cd383764992b0ef0169d579937bc51e583a2f6e61038fb0745e2b1a

SHA512
9fe95cb55a0dd039730dd668703447ff5c5d8c1d6928fecc200c5a61d9b7060038a3f924d8f1e04abfc6026e27a4f1161514fe299e7332d35459abab2c24e6b7

Download Submit
C:\Users\Admin\Desktop\Stromkitty By otaku_codes\StormKittyBuilder.exe.config

Filesize
189B

MD5
9dbad5517b46f41dbb0d8780b20ab87e

SHA1
ef6aef0b1ea5d01b6e088a8bf2f429773c04ba5e

SHA256
47e5a0f101af4151d7f13d2d6bfa9b847d5b5e4a98d1f4674b7c015772746cdf

SHA512
43825f5c26c54e1fc5bffcce30caad1449a28c0c9a9432e9ce17d255f8bf6057c1a1002d9471e5b654ab1de08fb6eabf96302cdb3e0fb4b63ba0ff186e903be8

Download Submit
C:\Users\Admin\Desktop\Stromkitty By otaku_codes\StormKittyBuilder.pdb

Filesize
51KB

MD5
13ba0f1aa576720c11eabf492b0f5d4d

SHA1
17e048417674c1cc4beec5279b1d8acf8f5434fc

SHA256
20be672d349532c4a262659f6f1c7614a475a82465595e1f44f18ac64cda45d1

SHA512
84f1041bb9167055d26e9e87598e012ff0fb19a2eb787b51d95c0f7936190d2f7dae3e58d8cbea7068683a0ded0f3ceb02fdfa7407269705f41c0d2694550cf1

Download Submit
C:\Users\Admin\Desktop\Stromkitty By otaku_codes\build\stub\build.exe

Filesize
364KB

MD5
712a8067ee2fda42c5eac14a050df55a

SHA1
8ad13a2a4b8b81b891e659bfea03a313281286d3

SHA256
0ee9023af748d3d9dd029a3c1306f942207e4f756f8f6894350a3bfdf442cb7d

SHA512
0e6929ee0974200c62efef39d674a376e2e8bb7f75927fe75e8e8fa680df89f5b1272d439a5501e17989d43b590d1ddfe6a1e949bc44012b66db3eca11e5be78

Download Submit
C:\Users\Admin\Desktop\Stromkitty By otaku_codes\obfuscator\Confuser.CLI.exe

Filesize
28KB

MD5
f03e1cfb8bfed0b793243a3fe5b19588

SHA1
686baab670836df515af6131e1e89737b13d503d

SHA256
2b3e5cb7f96589e5377700a5f7f25e9fc6a14539e85256e6ac6e85c07f769f61

SHA512
a57f3807a9064288080e8585d6193d184015ae832c91d4a1ed5f89070ceaddf00fede0727869c31045cd46c1fd5fef6b7baf9da7869cb80950b08dfb141fe051

Download Submit
C:\Users\Admin\Desktop\Stromkitty By otaku_codes\obfuscator\Confuser.Core.dll

Filesize
179KB

MD5
b55534baec3ed55e42d9bf240073e8b8

SHA1
717b69eafed93ddfccb8ffd866351ec236824e6b

SHA256
05672d22e3158e033e6a8990591311220f8efaa2c6159cccc6d08e8fa128f498

SHA512
27b9fc3aad0e6c710f1ff719f037e4785596b645faddc41e94d643bf9979da71d3b65b460a0fd9dad4d0079cb2fb1388675c9f1ef1e4677e898504244155a80d

Download Submit
C:\Users\Admin\Desktop\Stromkitty By otaku_codes\obfuscator\Confuser.DynCipher.dll

Filesize
46KB

MD5
34c77aee4f10e87cd655b26fff5e2898

SHA1
87c09d032fe0be6e18e561691702132c1b68c7da

SHA256
f146b894d5b8725b59124f313970fa9cb897ea6a09f2fe093e36832874f85674

SHA512
5bde380fcfce5f62721a014d37fcc37787ab74795f5afba0e808408ce7163c5b4dba5ea7c91eedb8a3dc57621ee7ee1ef84e8d7778eaceb9d8aa4b2255d1a953

Download Submit
C:\Users\Admin\Desktop\Stromkitty By otaku_codes\obfuscator\Confuser.Protections.dll

Filesize
128KB

MD5
ed24fd75334b55be2728407eecb8c61e

SHA1
92ffa769d3ecbb8f02eda77c87fe75b291b73e8c

SHA256
a1d689aa8cc4b239e34fa97f9713f0ef9fe1b2ae26297818ea5edac9721b0d36

SHA512
c51031520b52e5bb1f53af21f3d2e3f1eebc17619d2b16961ce9f63c913a47c6bced2c68f1cbb8d919e64b5fbdc5f3695e40aed15a62d9dd87fb07ef59ac08af

Download Submit
C:\Users\Admin\Desktop\Stromkitty By otaku_codes\obfuscator\Confuser.Renamer.dll

Filesize
303KB

MD5
5f2523c16e9509e66e243c533e9d1429

SHA1
2264222525f4a28d127f890fec0911d443424cc2

SHA256
61f2780c0823c10aecf3e1df2d422b3ea1f1d286652668bd06790496e22fdfc2

SHA512
1d4638905f728894c80b2878d59e0bb69a8777f7d79a75ba7980663d3d12367257211cd3b301ccd7d3b2c58a3fd8f95fb90189c7c8236b4a3b717b78b859b764

Download Submit
C:\Users\Admin\Desktop\Stromkitty By otaku_codes\obfuscator\Confuser.Runtime.dll

Filesize
42KB

MD5
43afbe110d9d9e4bc930137e3d7a76f2

SHA1
b7b42a04b2876095cdb1fa786d193119b0187e85

SHA256
df47f392af638f6abc0b1d4588a092c34e2b5bd4c9dd55bee0588aa8d1095dce

SHA512
d6a534531854fbe69ac64a587cb5ca093a70cfe3117e9713e2fca59226106b96123d4f74655f6751852d38de424f3d9cc9ba4a8f4be44ba25f1ef5a23f794034

Download Submit
C:\Users\Admin\Desktop\Stromkitty By otaku_codes\obfuscator\Confuser.Runtime.pdb

Filesize
127KB

MD5
efedd2ad5556db0df9dba5a87c197fb1

SHA1
1cacfbed73e07d0be8a567365311141e2dcbc559

SHA256
c78776b9ef27021ba7d68ce80f4381e49378eb90e9f2befd4c49b64ad59db7aa

SHA512
3a60994aa9e73e9870a09d61253dc7cc17c0a98850b0e1079011981e440dbdc07fd769d0f905667e21d1379ef58364a2a8d00e8b78fbc1e68323fad6ca864960

Download Submit
C:\Users\Admin\Desktop\Stromkitty By otaku_codes\obfuscator\dnlib.dll

Filesize
987KB

MD5
458edca81ac9e413253f0903312502ff

SHA1
0abf87a4dabf48d3905b32365bd4608f1956c226

SHA256
4643b49bc48eaadd3470f6771e6bb26b42cabf700c96c9cb53dbcaf8fd26f281

SHA512
a71fc4e48b61a24c25c075dc7a91518c05a6f9198d051649323b223d14efa23b838aca708f3c3ddf7bee2d2a05a74d9118c7fa3eeb9050265588653962d5d6d4

Download Submit
C:\Users\Admin\Desktop\Stromkitty By otaku_codes\stub\DotNetZip.dll

Filesize
448KB

MD5
6d1c62ec1c2ef722f49b2d8dd4a4df16

SHA1
1bb08a979b7987bc7736a8cfa4779383cb0ecfa6

SHA256
00da1597d92235d3f84da979e2fa5dbf049bafb52c33bd6fc8ee7b29570c124c

SHA512
c0dce8eaa52eb6c319d4be2eec4622bb3380c65b659cfb77ff51a4ada7d3e591e791ee823dad67b5556ffac5c060ff45d09dd1cc21baaf70ba89806647cb3bd2

Download Submit
C:\Users\Admin\Desktop\Stromkitty By otaku_codes\stub\build.exe

Filesize
173KB

MD5
c87595c25663e93c459be6ceedccf2cd

SHA1
24e36b925a5b899259f4f43a9385546c1b8f3f3c

SHA256
28d987b7977d2129e2492c501454c336691259e2039f3bfde588d1d26d5dbe55

SHA512
40367153aeaf85bd07305266e1369c811f8c50025c91d0c029543c609251290abc122c0ea7edd89ef9ea8025537e42a57f3208465253987e0f8642accf22deea

Download Submit
C:\Users\Admin\Desktop\Stromkitty By otaku_codes\stub\stub.exe

Filesize
175KB

MD5
c2094f09d013f8a5dec6ee34b20351b9

SHA1
c2a751a10624dd1c94fd6c62f508784ed372bc90

SHA256
df51b75aa5ce0e64de9d4bbcf7b0a0f76460b8af8c20564ab9b60b1120e35813

SHA512
f42906031d2970bcd6259e120d4f94be4478cd9e780a440d0bf488d978594b2ec1109294f55742a377fdd4a3f38c1d1ad66d31bb45dc7e30ad9c08203852d067

Download Submit
C:\Users\Admin\Downloads\Stromkitty.By.otaku_codes.rar

Filesize
6.1MB

MD5
3cb13bd98e9698289993b3a0c2d8fea5

SHA1
0a3086f6d2f557c63433e972226bf54357b7d28f

SHA256
ba23be58cb6c4d9aa8cff3e1ee24486ccabec2158dfab3812e42f919812da281

SHA512
fca38d754fe22e5cf71364af49b861d37dbbcc3c9ad30a6aec556398ba5b90998e1831c96d5772903ae1e726e1322ec3a3b0ff9524217e0a0c46ec9e522576f1

Download Submit
C:\Users\Admin\Downloads\Stromkitty.By.otaku_codes.rar:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/1520-640-0x000000001B800000-0x000000001B852000-memory.dmp

Filesize
328KB

Download
memory/1520-638-0x000000001B740000-0x000000001B752000-memory.dmp

Filesize
72KB

Download
memory/1520-636-0x000000001B770000-0x000000001B796000-memory.dmp

Filesize
152KB

Download
memory/1520-634-0x000000001B0B0000-0x000000001B1AE000-memory.dmp

Filesize
1016KB

Download
memory/1520-629-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/1520-631-0x000000001AF50000-0x000000001AF84000-memory.dmp

Filesize
208KB

Download
memory/4524-614-0x00000000006F0000-0x0000000000700000-memory.dmp

Filesize
64KB

Download
memory/4660-622-0x0000000005060000-0x00000000050BA000-memory.dmp

Filesize
360KB

Download