Overview

overview

10

Static

static

10

Prynt Stea....2.rar

windows7-x64

1

Prynt Stea....2.rar

windows10-2004-x64

10

Analysis

  • max time kernel
    1269s
  • max time network
    1263s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-11-2024 19:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Prynt Stealer 7.2.2.rar

  • Size

    7.8MB

  • MD5

    a518813c6e2951820da8d982d74e079b

  • SHA1

    2c33311ba0421a97f7901a2322892aef35580d26

  • SHA256

    6ce374b8152c18a608e6812513f20dfd9eec26564caa58ff1cca766b3f4aacd4

  • SHA512

    589da2aa8564227852f0ab00cd4eabb0a7dc50b27ea23e3dd68c30a6d6e7d6d6810bd2c57664a7ff6bf7bb56e94c6f3991ddb78f3967e50bf62a6a37abbbc6dc

  • SSDEEP

    196608:W9swR3JQ65amk9zhuWK/ARbS4ookj+yNzXTff:WewRZQ65aDcWKF4uCyNzj3

Score
10/10
asyncratstormkittyagilenetdiscoverypersistenceprivilege_escalationratspywarestealer

Malware Config

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Asyncrat family
    asyncrat
  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty
  • StormKitty payload 5 IoCs
  • Stormkitty family
    stormkitty
  • Async RAT payload 3 IoCs
    rat
  • Executes dropped EXE 4 IoCs
  • Obfuscated with Agile.Net obfuscator 6 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops desktop.ini file(s) 26 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Looks up geolocation information via web service

    Uses a legitimate geolocation service to find the infected system's geolocation info.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 12 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

    persistenceprivilege_escalation
  • System Network Configuration Discovery: Wi-Fi Discovery 1 TTPs 4 IoCs

    Adversaries may search for information about Wi-Fi networks, such as network names and passwords, on compromised systems.

    discovery
  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Delays execution with timeout.exe 1 IoCs
    evasion
  • Modifies registry class 45 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 9 IoCs
  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 34 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Prynt Stealer 7.2.2.rar"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2896
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:4640
    • C:\Users\Admin\Desktop\New folder\Prynt Stealer.exe
      "C:\Users\Admin\Desktop\New folder\Prynt Stealer.exe"
      1⤵
      • Executes dropped EXE
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4832
      • C:\Windows\SYSTEM32\cmd.exe
        "cmd.exe" /c start cmd /C "color b && title Error && echo Please initzalize first && timeout /t 5"
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:2396
        • C:\Windows\system32\cmd.exe
          cmd /C "color b && title Error && echo Please initzalize first && timeout /t 5"
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:1320
          • C:\Windows\system32\timeout.exe
            timeout /t 5
            4⤵
            • Delays execution with timeout.exe
            PID:112
    • C:\Windows\system32\wbem\WmiApSrv.exe
      C:\Windows\system32\wbem\WmiApSrv.exe
      1⤵
        PID:4420
      • C:\Users\Admin\Desktop\New folder\Client.exe
        "C:\Users\Admin\Desktop\New folder\Client.exe"
        1⤵
        • Executes dropped EXE
        • Drops desktop.ini file(s)
        • Checks processor information in registry
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:3748
        • C:\Windows\SYSTEM32\cmd.exe
          "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
          2⤵
          • System Network Configuration Discovery: Wi-Fi Discovery
          • Suspicious use of WriteProcessMemory
          PID:4312
          • C:\Windows\system32\chcp.com
            chcp 65001
            3⤵
              PID:4952
            • C:\Windows\system32\netsh.exe
              netsh wlan show profile
              3⤵
              • Event Triggered Execution: Netsh Helper DLL
              • System Network Configuration Discovery: Wi-Fi Discovery
              PID:1244
            • C:\Windows\system32\findstr.exe
              findstr All
              3⤵
                PID:736
            • C:\Windows\SYSTEM32\cmd.exe
              "cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
              2⤵
              • Suspicious use of WriteProcessMemory
              PID:2340
              • C:\Windows\system32\chcp.com
                chcp 65001
                3⤵
                  PID:2808
                • C:\Windows\system32\netsh.exe
                  netsh wlan show networks mode=bssid
                  3⤵
                  • Event Triggered Execution: Netsh Helper DLL
                  PID:1820
            • C:\Users\Admin\Desktop\New folder\11.exe
              "C:\Users\Admin\Desktop\New folder\11.exe"
              1⤵
              • Executes dropped EXE
              • Drops desktop.ini file(s)
              • Checks processor information in registry
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:1680
              • C:\Windows\SYSTEM32\cmd.exe
                "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
                2⤵
                • System Network Configuration Discovery: Wi-Fi Discovery
                • Suspicious use of WriteProcessMemory
                PID:4636
                • C:\Windows\system32\chcp.com
                  chcp 65001
                  3⤵
                    PID:1980
                  • C:\Windows\system32\netsh.exe
                    netsh wlan show profile
                    3⤵
                    • Event Triggered Execution: Netsh Helper DLL
                    • System Network Configuration Discovery: Wi-Fi Discovery
                    PID:3272
                  • C:\Windows\system32\findstr.exe
                    findstr All
                    3⤵
                      PID:3512
                  • C:\Windows\SYSTEM32\cmd.exe
                    "cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
                    2⤵
                    • Suspicious use of WriteProcessMemory
                    PID:4184
                    • C:\Windows\system32\chcp.com
                      chcp 65001
                      3⤵
                        PID:1412
                      • C:\Windows\system32\netsh.exe
                        netsh wlan show networks mode=bssid
                        3⤵
                        • Event Triggered Execution: Netsh Helper DLL
                        PID:4108
                  • C:\Program Files\7-Zip\7zG.exe
                    "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\New folder\" -an -ai#7zMap27578:106:7zEvent15633
                    1⤵
                    • Drops desktop.ini file(s)
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of FindShellTrayWindow
                    PID:3304
                  • C:\Users\Admin\Desktop\New folder\Prynt Stealer.exe
                    "C:\Users\Admin\Desktop\New folder\Prynt Stealer.exe"
                    1⤵
                    • Executes dropped EXE
                    • Suspicious behavior: EnumeratesProcesses
                    • Suspicious use of FindShellTrayWindow
                    • Suspicious use of SendNotifyMessage
                    PID:4036
                  • C:\Windows\system32\wbem\WmiApSrv.exe
                    C:\Windows\system32\wbem\WmiApSrv.exe
                    1⤵
                      PID:4992

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\6955a039913e0d5bca6ebccbe91c498d\Admin@GUMLNLFE_en-US\Browsers\Firefox\Bookmarks.txt
                      Filesize

                      105B

                      MD5

                      2e9d094dda5cdc3ce6519f75943a4ff4

                      SHA1

                      5d989b4ac8b699781681fe75ed9ef98191a5096c

                      SHA256

                      c84c98bbf5e0ef9c8d0708b5d60c5bb656b7d6be5135d7f7a8d25557e08cf142

                      SHA512

                      d1f7eed00959e902bdb2125b91721460d3ff99f3bdfc1f2a343d4f58e8d4e5e5a06c0c6cdc0379211c94510f7c00d7a8b34fa7d0ca0c3d54cbbe878f1e9812b7

                      Download Submit

                    • C:\Users\Admin\AppData\Local\6955a039913e0d5bca6ebccbe91c498d\Admin@GUMLNLFE_en-US\System\Process.txt
                      Filesize

                      1KB

                      MD5

                      fae107203ba43ec6c1bb8050452d9457

                      SHA1

                      01855c0b22a33b39f526a186ff1787cef2dfc0ea

                      SHA256

                      883a4f08b9473387db82958cf81ad0a2b13b4e9978db0636f3ee6a1107202ea3

                      SHA512

                      ce0868e662b87338262f72dbbba407adc3c9cbda5df8f0c23b33e22a8bac604f9f317dbd957883dd7bdbf0cc99cc1d3b3db935a742874f02baa89bdce2b6be54

                      Download Submit

                    • C:\Users\Admin\AppData\Local\6955a039913e0d5bca6ebccbe91c498d\Admin@GUMLNLFE_en-US\System\Process.txt
                      Filesize

                      2KB

                      MD5

                      4758326de8c41bc5e7bd4f2856012232

                      SHA1

                      de00757bb12e15e4de126ccced4e63aab0f9c626

                      SHA256

                      b1a0f24c25a9f223b2423b3a2c0a256aedee0763fb077d14f5c8b18d43c747c4

                      SHA512

                      62090fc727485a077d3ddeb8bfcf273cd664cf742ef2f3307332bde6166e6205aee5662b7d17e006dd4257a7682f40ce83a9a060153d702955e687a4c05b9e5e

                      Download Submit

                    • C:\Users\Admin\AppData\Local\6955a039913e0d5bca6ebccbe91c498d\Admin@GUMLNLFE_en-US\System\Process.txt
                      Filesize

                      3KB

                      MD5

                      d5736001bc464f24c1d1e1ada4169b2b

                      SHA1

                      c48511d580f491548b3e2324e4e79aa56ef5725f

                      SHA256

                      291ea3c1c127684ad3836072cd3df69f83e5b78d8ff7973091dd77da257a8fb2

                      SHA512

                      5ac8bbaa140045a432b0518a5b1cfe778c84b3665d0272e46fed102b48f3ca0d7c864855b09d1427cd487f496ef42c507060b64e8c738b5c9c8ef5d64ff41e49

                      Download Submit

                    • C:\Users\Admin\AppData\Local\6955a039913e0d5bca6ebccbe91c498d\Admin@GUMLNLFE_en-US\System\Process.txt
                      Filesize

                      4KB

                      MD5

                      86ef001bcceb06b920ddac8e63f2e5c8

                      SHA1

                      fb292015a40c712e16c777d4f37479622b6c5afd

                      SHA256

                      352bc60ab5503646ee6d5153d383c24977ef7c0cc3b9342fa8d9fc3a5df293e2

                      SHA512

                      ffb65310a9b736678c058983e3e938f6e215b194ccc891093597dd5548553f7d1132436ff0ad89f7bc8e13bd0e350d95722bf430b6888257a0c6cbb620ae7014

                      Download Submit

                    • C:\Users\Admin\AppData\Local\6955a039913e0d5bca6ebccbe91c498d\Admin@GUMLNLFE_en-US\System\Process.txt
                      Filesize

                      1021B

                      MD5

                      8f621978fb1c80c196503ae9a2bb3d32

                      SHA1

                      66534f07ae7afb632da9fcb6725bc8e5be565306

                      SHA256

                      ffc49884817c08d4a825de2d2be3171c46d7253f0b6b212572b833f8861383fa

                      SHA512

                      24de76cd4ec5d2e41436d9f35b6776f2dee2be14b2ee32b249fd39241c942184626ba5138dac56bd4321451f8dd22427dba26b5493133ff0c64c8875fccf69d5

                      Download Submit

                    • C:\Users\Admin\AppData\Local\6955a039913e0d5bca6ebccbe91c498d\Admin@GUMLNLFE_en-US\System\Process.txt
                      Filesize

                      1KB

                      MD5

                      a5521211af72138894a49fd02875b3a7

                      SHA1

                      b7a56e2be7484a794314bb7ef2303fe87d3af34b

                      SHA256

                      6efc8cde63f75b56d02cfd59a8c778903a37154ae3ef540a7ac0fba31e3be8d7

                      SHA512

                      2868fa7860f9383b44af6b051a29091740505035431835dca2949fffbd0a1efe72b899011b70c8bffd20cf8ff41dbe7ff394cedbbb0ab45d983a71b1e6073de2

                      Download Submit

                    • C:\Users\Admin\AppData\Local\6955a039913e0d5bca6ebccbe91c498d\Admin@GUMLNLFE_en-US\System\Process.txt
                      Filesize

                      1KB

                      MD5

                      2f07be9b25854ae3f8979cc3e9b5fea3

                      SHA1

                      9ea8b7f1ff9674fd7c00d0e765ac7f3d8d33256a

                      SHA256

                      f725cddb108ab5b3e3f44f6686f5016a1e171f049e3f5bc86545f757574a5d08

                      SHA512

                      5b58df29bb919c9b1e08c53daf0f9e393be36d2ccf444828f710d813e7296ddfd4451112c54a4ca2604c7221bf8d2867bb2ce9f31d064a5a7ba50401a1b8b702

                      Download Submit

                    • C:\Users\Admin\AppData\Local\6955a039913e0d5bca6ebccbe91c498d\Admin@GUMLNLFE_en-US\System\Process.txt
                      Filesize

                      2KB

                      MD5

                      92703277f752450a52d4f625d40cf70c

                      SHA1

                      332c9b1ff16175a0f75aac34890c0c65b26ca2c5

                      SHA256

                      a70dfe017fe7b8d8f208c24fe0f789507c993cff66825c3fad0152ac4abd4e94

                      SHA512

                      a581a92f0ba4773c502f99b7c3560a8259dbadb2299a994e8939655c0a168848dec4e66446e7f318b8e1d9d71cea15b305e1a40d78148513558e21a74adcddbd

                      Download Submit

                    • C:\Users\Admin\AppData\Local\6955a039913e0d5bca6ebccbe91c498d\Admin@GUMLNLFE_en-US\System\Process.txt
                      Filesize

                      3KB

                      MD5

                      96ac23ecbef0836eba0a0750b50ea1e2

                      SHA1

                      4ba409534d7d7144dcb48f473b4fccecfb0c99c0

                      SHA256

                      a82f05350e06f63c935eab71fa95452e8dff9dc906bafef66c61a5bb798b8f08

                      SHA512

                      18bb954b9b898ffbcfa3015d1530ee818961ce37d39e83aad96fc75a0503c27f13486d3b88d87d605091fbcea67eb0d50693bdada87cf2a7e3b9d54aaefd821c

                      Download Submit

                    • C:\Users\Admin\AppData\Local\6955a039913e0d5bca6ebccbe91c498d\Admin@GUMLNLFE_en-US\System\Process.txt
                      Filesize

                      4KB

                      MD5

                      a6606e96cab1733ef165220ef16d42c2

                      SHA1

                      5eaa18d712db364908ce27d2b50f7c26fa56ec82

                      SHA256

                      fcf6c36309dcada7d00677e82420ec917cb65b43e831799463bf6540e2e1cfbf

                      SHA512

                      1b3f542e8f282e036c013a35a1517877cc88bac36aec49215c4ed3aafc479df77aaf40ad602c8cf7632ca572b5381f3336ef33b3c9244a3e5f8489491693d2b6

                      Download Submit

                    • C:\Users\Admin\AppData\Local\6955a039913e0d5bca6ebccbe91c498d\msgid.dat
                      Filesize

                      1B

                      MD5

                      cfcd208495d565ef66e7dff9f98764da

                      SHA1

                      b6589fc6ab0dc82cf12099d1c2d40ab994e8410c

                      SHA256

                      5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

                      SHA512

                      31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Prynt Stealer.exe.log
                      Filesize

                      2KB

                      MD5

                      11fc68c0e81cc6779958e8c57aa5ae79

                      SHA1

                      db71c0cd336e4ce1caa492db34ec58c1b43cbccd

                      SHA256

                      ca1bfbe8a8480f0cdb89fc9e3af66f555320024640c79c6bd683a8e7e6f40783

                      SHA512

                      8464017204be0945208fe4417c2c8cf590ad8e43790bbd3f5aacade2bca8b0a0d742dc98ac47a05b36d4170c5a4c43fc1b84ec4c7e03522c97d71b1c352ece8d

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Server\Prynt_Stealer.exe_Url_cuuh0h242vfkvrwxaikralquu3nkviq2\1.0.7.0\user.config
                      Filesize

                      580B

                      MD5

                      a8537dfbc789fac6fb420a92b046f42a

                      SHA1

                      412a83fc80097efa3745e7064e2f313f0373fe95

                      SHA256

                      7ba81949be44a2fe1c975c06307adfc68aa4c3b8001f2adaba687db20fd206c0

                      SHA512

                      670855ae056aac381b1d553d6b224e0211de00a729917b2162d54dc97f9ad36ff1461929aae73597eba0456f5e62aa70947ef32f864d827953d06b093541f1c3

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Server\Prynt_Stealer.exe_Url_cuuh0h242vfkvrwxaikralquu3nkviq2\1.0.7.0\ykwk4qrs.newcfg
                      Filesize

                      580B

                      MD5

                      ebe3e57c890053286c6646b38fae1f13

                      SHA1

                      145a8905b635548513d365446ca9eb747910a60a

                      SHA256

                      ac9b0afdff264078f3e704fb2f403b595b7085c939619910da41b1b01890dd80

                      SHA512

                      7749005fa7effedd24ff4f32fd74bd121dca040d465041f8fddb2765bff4d3e62586d6433d15e6b6c1dd06a5d9a4d4b2eb4b1992edceb5d4cbfec84a113c6485

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\7zE05BB1968\Prynt Stealer.exe.config
                      Filesize

                      5KB

                      MD5

                      70c30af2d7a188a400a7edbfdfb21091

                      SHA1

                      e49a1041afe6717ef0ea9cce8de0bcf951178f8f

                      SHA256

                      e4a70d2676b53729716cd8ff6198693db5dbd2d4f34f081484823cb3c9e8576c

                      SHA512

                      c35bbf53673d4ace9ab09e0fe39f6e907c8de0eeba0a93cbb481f10195d33cfe2c5fa5162f517f5124d340a1aa3bf33cd61a36132147c80f2d6acdc94dd37ef7

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\places.raw
                      Filesize

                      5.0MB

                      MD5

                      48a487bd3544c6fb62a830c256dc7699

                      SHA1

                      31b692f6973298aa7d19ad1b42de00e2cc5d9053

                      SHA256

                      96f59d96ad8f469b549fab4ef1794e9db70987ca0aa915fd0eb7381302f8c2df

                      SHA512

                      62c2910a3f10f7dfb0b54b952662a7e85e5cd5cdb9e81725b3e27750e70cf16542a4a5520b73e74b2554a1ab205fb84ca3c402383f5d3a91ef99cdb25e1a76e4

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\tmp24D1.tmp.dat
                      Filesize

                      114KB

                      MD5

                      a1eeb9d95adbb08fa316226b55e4f278

                      SHA1

                      b36e8529ac3f2907750b4fea7037b147fe1061a6

                      SHA256

                      2281f98b872ab5ad2d83a055f3802cbac4839f96584d27ea1fc3060428760ba7

                      SHA512

                      f26de5333cf4eaa19deb836db18a4303a8897bf88bf98bb78c6a6800badbaa7ab6aeb6444bbbe0e972a5332670bdbb474565da351f3b912449917be21af0afb8

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\tmp24E3.tmp.dat
                      Filesize

                      160KB

                      MD5

                      f310cf1ff562ae14449e0167a3e1fe46

                      SHA1

                      85c58afa9049467031c6c2b17f5c12ca73bb2788

                      SHA256

                      e187946249cd390a3c1cf5d4e3b0d8f554f9acdc416bf4e7111fff217bb08855

                      SHA512

                      1196371de08c964268c44103ccaed530bda6a145df98e0f480d8ee5ad58cb6fb33ca4c9195a52181fe864726dcf52e6a7a466d693af0cda43400a3a7ef125fad

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\tmp24E8.tmp.dat
                      Filesize

                      116KB

                      MD5

                      f70aa3fa04f0536280f872ad17973c3d

                      SHA1

                      50a7b889329a92de1b272d0ecf5fce87395d3123

                      SHA256

                      8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8

                      SHA512

                      30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

                      Download Submit

                    • C:\Users\Admin\Desktop\New folder\11.exe
                      Filesize

                      143KB

                      MD5

                      0f301efc60a3422ab8887aa777498e61

                      SHA1

                      4df17480b12afbe71c076dbe5b49b3967f63f6c9

                      SHA256

                      1e986cbffa1f008fa3724bec9bcd16df38b4ea593bfc728bca7ce8e6425d5763

                      SHA512

                      ba6d98419eae9a684eb4aaac5b87845690b23a43e9f1c668f8e311dbb22f1c599afc206f9a4bf701dbe2c8b38580d1b8cf2182ae4adcfff1e2fd148475ccbd4b

                      Download Submit

                    • C:\Users\Admin\Desktop\New folder\Bunifu.Licensing.dll
                      Filesize

                      1.2MB

                      MD5

                      1a45c5f35d5a5b3bf94f01caae45a641

                      SHA1

                      678428c593a7b168803766264e4fe44fab253700

                      SHA256

                      3410caef0cb538e883b3e4a2ef8bc26c1aeb7d07206021cf31f3382d5cdecba1

                      SHA512

                      3f8b7179cc68fdcb33b474b0c9295ffa13454d4eafd4a769332be21fac4fcbf30e69f1b76bc2fa0a818d972c90001fa4bf9272ef7e333205cdfa5008e035a579

                      Download Submit

                    • C:\Users\Admin\Desktop\New folder\Bunifu.UI.WinForms.BunifuGradientPanel.dll
                      Filesize

                      61KB

                      MD5

                      3d622700dc3bcafe8d024c9db5498e2b

                      SHA1

                      05195f9aae925b79dcc50abf33b2e19b99979d21

                      SHA256

                      ec894ea254b16af35edce401678cb079036a98103550c9384ce99669abe21a31

                      SHA512

                      6044f3d3f46e8514a46514b5bcbc82591b1af448591efadd017d31e0c59701df4fc530fa68d60ac05f6557c5507b971a94597928ac6752310414cd44452797e0

                      Download Submit

                    • C:\Users\Admin\Desktop\New folder\Bunifu.UI.WinForms.BunifuPictureBox.dll
                      Filesize

                      37KB

                      MD5

                      fd6e28c44ab0bb05721034aa10e5e5c7

                      SHA1

                      2c52c3925b7b3f9bb17fcf32ee7daadd275fdf81

                      SHA256

                      df1d1a4399138a002883caeb326cb23fa95b5ec4a18a1abbc725166155a299d0

                      SHA512

                      bf8bb42cce6713bdae6a70f30ba3e889f6d63ab1e92336fddc890cedf33c3cf17f06114c301eeb0b552384af3a2ca0b64ad8920f7a266bed0b6b690b710b74e9

                      Download Submit

                    • C:\Users\Admin\Desktop\New folder\Client.exe
                      Filesize

                      143KB

                      MD5

                      6580328e2dac4ba16b18242cd32c14fb

                      SHA1

                      00b5129157b0f8eceb8fdb86ca5e8802322bd887

                      SHA256

                      5b65745cb31241304281a02d651647f042fd58834346282dbb5e954d736e180a

                      SHA512

                      0a25eafef969c51bd50c410a26db74aba9429ca1490970ed386f806a7d6e32067171fe94dfcd964d3fda2a938739857a489d434b92cbea68ea0d00b11ef3e622

                      Download Submit

                    • C:\Users\Admin\Desktop\New folder\Directories\Documents.txt
                      Filesize

                      973B

                      MD5

                      eeb04edea66f9886022a80c017270ccd

                      SHA1

                      c4cea41161bc3bf7276fd1728e83e6d7470be922

                      SHA256

                      6e8fdb30685f73a6a17856c45bce26ccca7b690654a50a52b5cc1bdf3fba3c77

                      SHA512

                      348a6bd159437fc4fb4d9812f8b0c82061e89c06c2676bccf16377292cb2658f6128670dcc69b7862d4463b0bfad7094f26b5e15fbe14a9d3146f6ae29b50afb

                      Download Submit

                    • C:\Users\Admin\Desktop\New folder\Directories\Downloads.txt
                      Filesize

                      641B

                      MD5

                      f6f8def595db10e5eb9c4c2ee9003eef

                      SHA1

                      12a6d65a177ba63635c07dea1233e128dd3348c2

                      SHA256

                      f3f4497b41d62c2f9b31c3c8a0f5e992922b303f0023a4ca4541eae53d917426

                      SHA512

                      4e36c464d41b7b4f9fddf97dee574cdbe50aa8577dec21355c3e62b3a7632fa2812570f128e22ed15b5a1b057d7445874135ed740968873416ae555b29c7feaa

                      Download Submit

                    • C:\Users\Admin\Desktop\New folder\Directories\OneDrive.txt
                      Filesize

                      25B

                      MD5

                      966247eb3ee749e21597d73c4176bd52

                      SHA1

                      1e9e63c2872cef8f015d4b888eb9f81b00a35c79

                      SHA256

                      8ddfc481b1b6ae30815ecce8a73755862f24b3bb7fdebdbf099e037d53eb082e

                      SHA512

                      bd30aec68c070e86e3dec787ed26dd3d6b7d33d83e43cb2d50f9e2cff779fee4c96afbbe170443bd62874073a844beb29a69b10c72c54d7d444a8d86cfd7b5aa

                      Download Submit

                    • C:\Users\Admin\Desktop\New folder\Directories\Pictures.txt
                      Filesize

                      521B

                      MD5

                      fe7c90d0f72ab8be162d330d1dff9b89

                      SHA1

                      91c1173718a907608a19651d44ab43117efca190

                      SHA256

                      8c9d86f33621a824f0c2961a61895e603727b1ad5e11ba7b831c24243692e324

                      SHA512

                      879a149b9fca196603ee56ee348cb252b5dc46067babaec37e842243badf76fe6dca18a5168ede9f2b8d6ace294bc0b5715beb266786ec5849015205b15c7a46

                      Download Submit

                    • C:\Users\Admin\Desktop\New folder\Directories\Startup.txt
                      Filesize

                      24B

                      MD5

                      68c93da4981d591704cea7b71cebfb97

                      SHA1

                      fd0f8d97463cd33892cc828b4ad04e03fc014fa6

                      SHA256

                      889ed51f9c16a4b989bda57957d3e132b1a9c117ee84e208207f2fa208a59483

                      SHA512

                      63455c726b55f2d4de87147a75ff04f2daa35278183969ccf185d23707840dd84363bec20d4e8c56252196ce555001ca0e61b3f4887d27577081fdef9e946402

                      Download Submit

                    • C:\Users\Admin\Desktop\New folder\Directories\Videos.txt
                      Filesize

                      23B

                      MD5

                      1fddbf1169b6c75898b86e7e24bc7c1f

                      SHA1

                      d2091060cb5191ff70eb99c0088c182e80c20f8c

                      SHA256

                      a67aa329b7d878de61671e18cd2f4b011d11cbac67ea779818c6dafad2d70733

                      SHA512

                      20bfeafde7fec1753fef59de467bd4a3dd7fe627e8c44e95fe62b065a5768c4508e886ec5d898e911a28cf6365f455c9ab1ebe2386d17a76f53037f99061fd4d

                      Download Submit

                    • C:\Users\Admin\Desktop\New folder\Grabber\DRIVE-C\Users\Admin\Desktop\desktop.ini
                      Filesize

                      282B

                      MD5

                      9e36cc3537ee9ee1e3b10fa4e761045b

                      SHA1

                      7726f55012e1e26cc762c9982e7c6c54ca7bb303

                      SHA256

                      4b9d687ac625690fd026ed4b236dad1cac90ef69e7ad256cc42766a065b50026

                      SHA512

                      5f92493c533d3add10b4ce2a364624817ebd10e32daa45ee16593e913073602db5e339430a3f7d2c44abf250e96ca4e679f1f09f8ca807d58a47cf3d5c9c3790

                      Download Submit

                    • C:\Users\Admin\Desktop\New folder\Grabber\DRIVE-C\Users\Admin\Documents\desktop.ini
                      Filesize

                      402B

                      MD5

                      ecf88f261853fe08d58e2e903220da14

                      SHA1

                      f72807a9e081906654ae196605e681d5938a2e6c

                      SHA256

                      cafec240d998e4b6e92ad1329cd417e8e9cbd73157488889fd93a542de4a4844

                      SHA512

                      82c1c3dd163fbf7111c7ef5043b009dafc320c0c5e088dec16c835352c5ffb7d03c5829f65a9ff1dc357bae97e8d2f9c3fc1e531fe193e84811fb8c62888a36b

                      Download Submit

                    • C:\Users\Admin\Desktop\New folder\Grabber\DRIVE-C\Users\Admin\Downloads\desktop.ini
                      Filesize

                      282B

                      MD5

                      3a37312509712d4e12d27240137ff377

                      SHA1

                      30ced927e23b584725cf16351394175a6d2a9577

                      SHA256

                      b029393ea7b7cf644fb1c9f984f57c1980077562ee2e15d0ffd049c4c48098d3

                      SHA512

                      dbb9abe70f8a781d141a71651a62a3a743c71a75a8305e9d23af92f7307fb639dc4a85499115885e2a781b040cbb7613f582544c2d6de521e588531e9c294b05

                      Download Submit

                    • C:\Users\Admin\Desktop\New folder\Grabber\DRIVE-C\Users\Admin\Pictures\Camera Roll\desktop.ini
                      Filesize

                      190B

                      MD5

                      d48fce44e0f298e5db52fd5894502727

                      SHA1

                      fce1e65756138a3ca4eaaf8f7642867205b44897

                      SHA256

                      231a08caba1f9ba9f14bd3e46834288f3c351079fcedda15e391b724ac0c7ea8

                      SHA512

                      a1c0378db4e6dac9a8638586f6797bad877769d76334b976779cd90324029d755fb466260ef27bd1e7f9fdf97696cd8cd1318377970a1b5bf340efb12a4feb4a

                      Download Submit

                    • C:\Users\Admin\Desktop\New folder\Grabber\DRIVE-C\Users\Admin\Pictures\Saved Pictures\desktop.ini
                      Filesize

                      190B

                      MD5

                      87a524a2f34307c674dba10708585a5e

                      SHA1

                      e0508c3f1496073b9f6f9ecb2fb01cb91f9e8201

                      SHA256

                      d01a7ef6233ef4ab3ea7210c0f2837931d334a20ae4d2a05ed03291e59e576c9

                      SHA512

                      7cfa6d47190075e1209fb081e36ed7e50e735c9682bfb482dbf5a36746abdad0dccfdb8803ef5042e155e8c1f326770f3c8f7aa32ce66cf3b47cd13781884c38

                      Download Submit

                    • C:\Users\Admin\Desktop\New folder\Grabber\DRIVE-C\Users\Admin\Pictures\desktop.ini
                      Filesize

                      504B

                      MD5

                      29eae335b77f438e05594d86a6ca22ff

                      SHA1

                      d62ccc830c249de6b6532381b4c16a5f17f95d89

                      SHA256

                      88856962cef670c087eda4e07d8f78465beeabb6143b96bd90f884a80af925b4

                      SHA512

                      5d2d05403b39675b9a751c8eed4f86be58cb12431afec56946581cb116b9ae1014ab9334082740be5b4de4a25e190fe76de071ef1b9074186781477919eb3c17

                      Download Submit

                    • C:\Users\Admin\Desktop\New folder\Prynt Stealer.exe
                      Filesize

                      5.4MB

                      MD5

                      123b912539bee6881ba0529c5174fa13

                      SHA1

                      e2ac06ac802f8b75231da726c9a01e4314c764ec

                      SHA256

                      1f317915a2c57705221732f4898d23279f1128ae446aef543a6c18ce590ff168

                      SHA512

                      d13689d723043c9844b353bf379bcbd59d491c72c439d7fea6ef1f4228d6d34f68b5e253322b3d02f037a0bf0abc25f3d89ddde0fc533ad5ed8459c8144777db

                      Download Submit

                    • C:\Users\Admin\Desktop\New folder\ServerCertificate.p12
                      Filesize

                      1KB

                      MD5

                      3f49688231308f9283c0c02366bb9f5b

                      SHA1

                      3ceec4de86768178c98fe9af5cf4731980c1afe3

                      SHA256

                      76879b3153eea637d87e59e8a02d39c2937b3fa79f40ddd63c68a81de2b46f2e

                      SHA512

                      3a9704808a7fd4814e65246979b97717751f1a4c327cee8d819fea08075cc0fe336576e0111e3aac26f4f83f29cfad8583e7c879d906cb620d0afd3daf6d7412

                      Download Submit

                    • C:\Users\Admin\Desktop\New folder\Siticone.UI.dll
                      Filesize

                      1.3MB

                      MD5

                      750c58af2e56b6addecffcf152520ab8

                      SHA1

                      14995e7f1d12498606d9d209d78d55fe6fd87802

                      SHA256

                      27c56a28cbde094157206da1bfcd7a395111ab97b8a5ff600b11c2175dcefb26

                      SHA512

                      2179790e23f61b3dfea828457f8609279c70b1e071cddc73b1dbda02caa664e0aae2553fc24a4956f9e89c477d66b1a704bde26fa23bc6db26c19e18db00abb5

                      Download Submit

                    • C:\Users\Admin\Desktop\New folder\Stub\Client.exe
                      Filesize

                      143KB

                      MD5

                      588fcb644bf8040a3fe5144ca563391f

                      SHA1

                      d9296a21c947d19ea854eb2c338317150cc4e9d6

                      SHA256

                      cff899a86097b097908b00d0211e9c02be814f79349417fdb6116f4a10a9992c

                      SHA512

                      0a26e96e441ea5ae62521a07b777e956de4e29ab17147a15708c79b96339446ad5e332f2eff80c6238ee558437562fec7bbf824b2016f5360b7724bdcba90171

                      Download Submit

                    • C:\Users\Admin\Desktop\New folder\Stub\Client.pdb
                      Filesize

                      145KB

                      MD5

                      ce86041837a217bab9744f64f1144b7d

                      SHA1

                      fe18ae34807eb50af3888c4f7975ee16aedeef38

                      SHA256

                      7a90972ec72a5ec9e0d036bb2c8788384c29c7dcf2714d00e0938fe2172b36e0

                      SHA512

                      d9f2e03de6742da645ffcea0f13356188b137cb1bb98c75d9a6b902c16d5e3bd43a8882b2a607a58ca41d89fd93e134e25863266d35f9fe57d98929d03036b7d

                      Download Submit

                    • C:\Users\Admin\Desktop\New folder\System\Desktop.jpg
                      Filesize

                      90KB

                      MD5

                      9858bd96d61d5ddbc79e505c51e4ec01

                      SHA1

                      cf881f2ed0c9ab3eb57d3770320cf7a087a370c5

                      SHA256

                      8a136202f820e36210bc4a0fc65756d16f96c1c1deb7a75d5d495b1aade7d3b8

                      SHA512

                      33da10282a9c9a358e0081ca2240c5b57fcc287d6aad3b12099d1898ddf6db94244839f920e54b4b034e6dcdec05b801e9120ed12721ec57eee16dc418a4fa6f

                      Download Submit

                    • C:\Users\Admin\Desktop\New folder\System\ProductKey.txt
                      Filesize

                      29B

                      MD5

                      71eb5479298c7afc6d126fa04d2a9bde

                      SHA1

                      a9b3d5505cf9f84bb6c2be2acece53cb40075113

                      SHA256

                      f6cadfd4e4c25ff3b8cffe54a2af24a757a349abbf4e1142ec4c9789347fe8b3

                      SHA512

                      7c6687e21d31ec1d6d2eff04b07b465f875fd80df26677f1506b14158444cf55044eb6674880bd5bd44f04ff73023b26cb19b8837427a1d6655c96df52f140bd

                      Download Submit

                    • C:\Users\Admin\Desktop\New folder\System\ScanningNetworks.txt
                      Filesize

                      84B

                      MD5

                      58cd2334cfc77db470202487d5034610

                      SHA1

                      61fa242465f53c9e64b3752fe76b2adcceb1f237

                      SHA256

                      59b3120c5ce1a7d1819510272a927e1c8f1c95385213fccbcdd429ff3492040d

                      SHA512

                      c8f52d85ec99177c722527c306a64ba61adc3ad3a5fec6d87749fbad12da424ba6b34880ab9da627fb183412875f241e1c1864d723e62130281e44c14ad1481e

                      Download Submit

                    • C:\Users\Admin\Desktop\New folder\Unknown-Admin.zip
                      Filesize

                      80KB

                      MD5

                      5592b5549eaea84b0c4c47996cb2d357

                      SHA1

                      d4fd49b1fb0c9a18d6773225684ce7f974180ba5

                      SHA256

                      fe67d6046d73cebd84cdf61e24409dc5dec31cecd552220a3e434679be5b2a5e

                      SHA512

                      e036148470508070aa374bbb9ba6ab9abee292304f2b51383b7a65b3544d65d0daacc899a6b515db002ef9d5e953177e694bfd6ae24ed22917069c2d9655d4c2

                      Download Submit

                    • C:\Users\Admin\Desktop\New folder\Unknown-Admin.zip
                      Filesize

                      80KB

                      MD5

                      047dd2bed44d4a4492ec97b72461671a

                      SHA1

                      9bb264cb95bfeb0a3f2ab706e366a7394e7edecc

                      SHA256

                      1c302b210cc24bb70345f352c646f635d92ec97a2db7b7565108ab108ec7112e

                      SHA512

                      62c1d599973524edcdc0893288653bdfeb07fff5b7c3060bc02953a75aacd1b3f836bb06b606739e312617378f6b1e3df34964de5f93d91ebda27f15dd35978a

                      Download Submit

                    • C:\Users\Admin\Desktop\New folder\cGeoIp.dll
                      Filesize

                      2.3MB

                      MD5

                      6d6e172e7965d1250a4a6f8a0513aa9f

                      SHA1

                      b0fd4f64e837f48682874251c93258ee2cbcad2b

                      SHA256

                      d1ddd15e9c727a5ecf78d3918c17aee0512f5b181ad44952686beb89146e6bd0

                      SHA512

                      35daa38ad009599145aa241102bcd1f69b4caa55ebc5bb11df0a06567056c0ec5fcd02a33576c54c670755a6384e0229fd2f96622f12304dec58f79e1e834155

                      Download Submit

                    • C:\Users\Admin\Desktop\New folder\dnlib.dll
                      Filesize

                      1.1MB

                      MD5

                      de0069c4097c987bd30ebe8155a8af35

                      SHA1

                      aced007f4d852d7b84c689a92d9c36e24381d375

                      SHA256

                      83445595d38a8e33513b33dfc201983af4746e5327c9bed470a6282d91d539b6

                      SHA512

                      66c45818e5c555e5250f8250ea704bc4ca32ddb4d5824c852ae5dc0f264b009af73c7c1e0db1b74c14ee6b612608d939386da23b56520cac415cd5a8f60a5502

                      Download Submit

                    • memory/1680-423-0x000001F4722D0000-0x000001F4722FA000-memory.dmp

                      Filesize

                      168KB

                      Download

                    • memory/3748-206-0x0000019413FE0000-0x000001941400A000-memory.dmp

                      Filesize

                      168KB

                      Download

                    • memory/3748-353-0x0000019414580000-0x000001941458A000-memory.dmp

                      Filesize

                      40KB

                      Download

                    • memory/3748-354-0x00000194145B0000-0x00000194145C2000-memory.dmp

                      Filesize

                      72KB

                      Download

                    • memory/4036-659-0x0000026E7DA70000-0x0000026E7DA84000-memory.dmp

                      Filesize

                      80KB

                      Download

                    • memory/4832-183-0x000001D3ADCF0000-0x000001D3ADD04000-memory.dmp

                      Filesize

                      80KB

                      Download

                    • memory/4832-181-0x000001D3AE9A0000-0x000001D3AEBF2000-memory.dmp

                      Filesize

                      2.3MB

                      Download

                    • memory/4832-185-0x000001D3ADCE0000-0x000001D3ADCEE000-memory.dmp

                      Filesize

                      56KB

                      Download

                    • memory/4832-187-0x000001D3AED10000-0x000001D3AEE52000-memory.dmp

                      Filesize

                      1.3MB

                      Download

                    • memory/4832-188-0x000001D3ADCC0000-0x000001D3ADCC6000-memory.dmp

                      Filesize

                      24KB

                      Download

                    • memory/4832-179-0x000001D391200000-0x000001D391214000-memory.dmp

                      Filesize

                      80KB

                      Download

                    • memory/4832-178-0x00007FFB741E0000-0x00007FFB74CA1000-memory.dmp

                      Filesize

                      10.8MB

                      Download

                    • memory/4832-177-0x000001D3AB520000-0x000001D3AB66E000-memory.dmp

                      Filesize

                      1.3MB

                      Download

                    • memory/4832-189-0x00007FFB741E3000-0x00007FFB741E5000-memory.dmp

                      Filesize

                      8KB

                      Download

                    • memory/4832-175-0x000001D3911C0000-0x000001D3911D2000-memory.dmp

                      Filesize

                      72KB

                      Download

                    • memory/4832-174-0x000001D3908A0000-0x000001D390E00000-memory.dmp

                      Filesize

                      5.4MB

                      Download

                    • memory/4832-173-0x00007FFB741E3000-0x00007FFB741E5000-memory.dmp

                      Filesize

                      8KB

                      Download

                    • memory/4832-656-0x00007FFB741E0000-0x00007FFB74CA1000-memory.dmp

                      Filesize

                      10.8MB

                      Download

                    • memory/4832-190-0x00007FFB741E0000-0x00007FFB74CA1000-memory.dmp

                      Filesize

                      10.8MB

                      Download

                    • memory/4832-194-0x000001DBB0D70000-0x000001DBB0E8E000-memory.dmp

                      Filesize

                      1.1MB

                      Download