stormkitty | hxxps://github[.]com/swagkarna/StormKitty/releases/download/stormkitty-prebuild/builder[.]zip

Analysis

max time kernel
84s
max time network
84s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
20-02-2025 10:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/swagkarna/StormKitty/releases/download/stormkitty-prebuild/builder.zip

Score

10^/10

stormkitty discovery stealer

Malware Config

Signatures

StormKitty
StormKitty is an open source info stealer written in C#.
stealer stormkitty

StormKitty payload 2 IoCs

resource	yara_rule
behavioral1/files/0x000c000000023b27-93.dat	family_stormkitty
behavioral1/memory/2040-95-0x0000025B3B4F0000-0x0000025B3B4F8000-memory.dmp	family_stormkitty

Stormkitty family
stormkitty

Executes dropped EXE 1 IoCs

pid	Process
2040	StormKittyBuilder.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133845209652205506"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
5000	chrome.exe
5000	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeRestorePrivilege	3924	7zG.exe
Token: 35	3924	7zG.exe
Token: SeSecurityPrivilege	3924	7zG.exe
Token: SeSecurityPrivilege	3924	7zG.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeRestorePrivilege	3816	7zG.exe
Token: 35	3816	7zG.exe
Token: SeSecurityPrivilege	3816	7zG.exe
Token: SeSecurityPrivilege	3816	7zG.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe

Suspicious use of FindShellTrayWindow 39 IoCs

pid	Process
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
3924	7zG.exe
3816	7zG.exe
932	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5000 wrote to memory of 2812	5000	chrome.exe	84
PID 5000 wrote to memory of 2812	5000	chrome.exe	84
PID 5000 wrote to memory of 2792	5000	chrome.exe	85
PID 5000 wrote to memory of 2792	5000	chrome.exe	85
PID 5000 wrote to memory of 2792	5000	chrome.exe	85
PID 5000 wrote to memory of 2792	5000	chrome.exe	85
PID 5000 wrote to memory of 2792	5000	chrome.exe	85
PID 5000 wrote to memory of 2792	5000	chrome.exe	85
PID 5000 wrote to memory of 2792	5000	chrome.exe	85
PID 5000 wrote to memory of 2792	5000	chrome.exe	85
PID 5000 wrote to memory of 2792	5000	chrome.exe	85
PID 5000 wrote to memory of 2792	5000	chrome.exe	85
PID 5000 wrote to memory of 2792	5000	chrome.exe	85
PID 5000 wrote to memory of 2792	5000	chrome.exe	85
PID 5000 wrote to memory of 2792	5000	chrome.exe	85
PID 5000 wrote to memory of 2792	5000	chrome.exe	85
PID 5000 wrote to memory of 2792	5000	chrome.exe	85
PID 5000 wrote to memory of 2792	5000	chrome.exe	85
PID 5000 wrote to memory of 2792	5000	chrome.exe	85
PID 5000 wrote to memory of 2792	5000	chrome.exe	85
PID 5000 wrote to memory of 2792	5000	chrome.exe	85
PID 5000 wrote to memory of 2792	5000	chrome.exe	85
PID 5000 wrote to memory of 2792	5000	chrome.exe	85
PID 5000 wrote to memory of 2792	5000	chrome.exe	85
PID 5000 wrote to memory of 2792	5000	chrome.exe	85
PID 5000 wrote to memory of 2792	5000	chrome.exe	85
PID 5000 wrote to memory of 2792	5000	chrome.exe	85
PID 5000 wrote to memory of 2792	5000	chrome.exe	85
PID 5000 wrote to memory of 2792	5000	chrome.exe	85
PID 5000 wrote to memory of 2792	5000	chrome.exe	85
PID 5000 wrote to memory of 2792	5000	chrome.exe	85
PID 5000 wrote to memory of 2792	5000	chrome.exe	85
PID 5000 wrote to memory of 1388	5000	chrome.exe	86
PID 5000 wrote to memory of 1388	5000	chrome.exe	86
PID 5000 wrote to memory of 4040	5000	chrome.exe	87
PID 5000 wrote to memory of 4040	5000	chrome.exe	87
PID 5000 wrote to memory of 4040	5000	chrome.exe	87
PID 5000 wrote to memory of 4040	5000	chrome.exe	87
PID 5000 wrote to memory of 4040	5000	chrome.exe	87
PID 5000 wrote to memory of 4040	5000	chrome.exe	87
PID 5000 wrote to memory of 4040	5000	chrome.exe	87
PID 5000 wrote to memory of 4040	5000	chrome.exe	87
PID 5000 wrote to memory of 4040	5000	chrome.exe	87
PID 5000 wrote to memory of 4040	5000	chrome.exe	87
PID 5000 wrote to memory of 4040	5000	chrome.exe	87
PID 5000 wrote to memory of 4040	5000	chrome.exe	87
PID 5000 wrote to memory of 4040	5000	chrome.exe	87
PID 5000 wrote to memory of 4040	5000	chrome.exe	87
PID 5000 wrote to memory of 4040	5000	chrome.exe	87
PID 5000 wrote to memory of 4040	5000	chrome.exe	87
PID 5000 wrote to memory of 4040	5000	chrome.exe	87
PID 5000 wrote to memory of 4040	5000	chrome.exe	87
PID 5000 wrote to memory of 4040	5000	chrome.exe	87
PID 5000 wrote to memory of 4040	5000	chrome.exe	87
PID 5000 wrote to memory of 4040	5000	chrome.exe	87
PID 5000 wrote to memory of 4040	5000	chrome.exe	87
PID 5000 wrote to memory of 4040	5000	chrome.exe	87
PID 5000 wrote to memory of 4040	5000	chrome.exe	87
PID 5000 wrote to memory of 4040	5000	chrome.exe	87
PID 5000 wrote to memory of 4040	5000	chrome.exe	87
PID 5000 wrote to memory of 4040	5000	chrome.exe	87
PID 5000 wrote to memory of 4040	5000	chrome.exe	87
PID 5000 wrote to memory of 4040	5000	chrome.exe	87
PID 5000 wrote to memory of 4040	5000	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/swagkarna/StormKitty/releases/download/stormkitty-prebuild/builder.zip
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe7393cc40,0x7ffe7393cc4c,0x7ffe7393cc58
  2⤵
  PID:2812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1932,i,8896783573165941375,17837309828677065452,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:2792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1848,i,8896783573165941375,17837309828677065452,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2064 /prefetch:3
  2⤵
  PID:1388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2244,i,8896783573165941375,17837309828677065452,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2432 /prefetch:8
  2⤵
  PID:4040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,8896783573165941375,17837309828677065452,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3112,i,8896783573165941375,17837309828677065452,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4844,i,8896783573165941375,17837309828677065452,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4880 /prefetch:8
  2⤵
  PID:1824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4380,i,8896783573165941375,17837309828677065452,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4612 /prefetch:8
  2⤵
  PID:2432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4636,i,8896783573165941375,17837309828677065452,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4600 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5268,i,8896783573165941375,17837309828677065452,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5096,i,8896783573165941375,17837309828677065452,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5144 /prefetch:8
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5512,i,8896783573165941375,17837309828677065452,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5516 /prefetch:8
  2⤵
  PID:3360

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3940

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:404

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:212

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" t -an -ai#7zMap30277:76:7zEvent20073
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3924

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\builder\" -spe -an -ai#7zMap20929:76:7zEvent4539
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3816

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\builder\" -spe -an -ai#7zMap13470:76:7zEvent8433
1⤵
- Suspicious use of FindShellTrayWindow
PID:932

C:\Users\Admin\Downloads\builder\builder\StormKittyBuilder.exe
"C:\Users\Admin\Downloads\builder\builder\StormKittyBuilder.exe"
1⤵
- Executes dropped EXE
PID:2040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\655edf2f-1146-4bb8-a323-9218cb88d3d7.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a7ae15d5f2a0d82bc38c7b1c189bc34f

SHA1
fece9f144d21179eef460b87285775dd69dfc135

SHA256
5e2455ebaa8e8c73bb35422c8f435b15be288e41e34ed65f682d89eb68a4c330

SHA512
f6bf3bf4fdf04f14c0048e8b76c860b10f00f231949afb29ec1e1e13209d3c6e50c42b31116091835c9bbca5cfc8a0c24c1acae084a5c37f7c26bd8c49b1374a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
45979bf7a1f5e3edb5db7584826bb56a

SHA1
58f2272fc79f0227652464806982078a78f353fe

SHA256
09d56b701813789ece9dc442797c7926da977191a41b2d4ef4aa1c441102b411

SHA512
c8291415cbff10357a109bba060969492862cd0bc0b6c50e9a0cfb301efb7a9cb8f2fa3c62c8adc2b7d39963d65a541bca669d7e1935bdd8abd58536636f4cf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
6e7f11dca280739bb7582935aa947a0c

SHA1
1cec7231fccd37331e88e2b046e07a3809a7cca3

SHA256
58a4a66521880cd7cf513a0813676ddbb6d13b5c3505238d766ea8cd3cab3087

SHA512
ad80d87100a438b0148fcb559aea311017d2411b697e0ef150749eaf6cc673bf82cd18f57eaa0462ca9d97f60f9e48562301e6978208d7ac566a2e7dce642532

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
b024fa9b3fb6609b6aa83b5ea09f97d5

SHA1
02a2831315720ace49c2230c5993b56bf8e9af5c

SHA256
157e15d064cedf0aaa1614e721429f339810da097943196956e737807e75c87a

SHA512
0265ecf6a13be60473a31e7f4d0fe227aba024da0e41f5fd74b9f57d75004074c896f2b2cec5006d74d1ee0dd95dab7495f8ce7ee205a0a48ee7aa65ba16217f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
7c06cf38e85a92bf64af5c163f09933e

SHA1
e47c21ce32b092d75194042f3b1a70595d7be771

SHA256
46dc2031e09c373b048e1d71236c08abc302264215aefc0e89aac4a26e274816

SHA512
c94b5dd602b720133a0806398a48270e7f6b7fac4f0cfe522da60931559bf0b045c8a39e529316656491a3ecf751978c532fcece87bac6221472d667794fc87d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
5dde27d1fd43d052acaa3c78b385a19e

SHA1
5f5d3cdc00ac4d460cd1934f80ee1b85dd2ebf00

SHA256
d3b5accebe99d65bbda6b70e024557930db1440a7993f2f21cfb3a810539b75a

SHA512
45bdd7745459cb15a9b122f3ba576be3d8819aa7bead346987b9e40aa4d094e12f8905d3169a2bb785797113ba704745595c9107e16265488ea1b12ec193704e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
bd307f855e290c2acd5a2420d6771a6c

SHA1
07e8efa224c9ec6b07e9495a50400b9b3c15f4df

SHA256
0aac400664e8f1ad7793715b84dbc3228fb91db4a725a6b8e654e52e72c46b05

SHA512
f14b074ad0412e7f68e2a7a13907a6629e94eb8f973d245be4472e098c31c966ca4d8a9cd6a5111cf2a5cca9b6d6751833c398c0eaaa1fd7c87a72c50f07dfb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
26384b1ec973e6aebd7994bf917b0fc0

SHA1
a39ba1aabff7688a900ac613ccbdab5704786a1e

SHA256
aa51d11dd9aa5b8ddc400e045cf7ca8d58cf7a3671e63ab1183d84241092a8e0

SHA512
bbf2675505e63c93d019cef2fe90c57995fa2c612b743c53129ad11e72bd68260c994bf7acfb92e0b6260829d928a7579c8cc4af2c062b6fc13cbee28009b435

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
180c9e40fb669f138a93cdd116db0aca

SHA1
08a77d555d85f6be531d3628bb00f95f6ef5642b

SHA256
cf5d8c78315b8b027ef0fb96a849b4f9ec9719c3157eaadd57cf1badf4a4f69a

SHA512
b0741c0541135c0a70bdc48921b339ffa83c99639fe9453b932ed001683a6bcae74d369594776ec2a1eb65933a0dfe23d47b3e3eec80c1d73fdc24abef8c84a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
40c10781c7de86f8d80d3688c2c76e9c

SHA1
528640048d27737ef5256f114e554e128000cb78

SHA256
57c6d7c0b2e02fb1aff02df630173670dee6996f4c91af39e2e8414b78dcb2df

SHA512
3fb37cf2f69aa3bc777dec3266bb9570b34d80e92587e4905a710636a21bf418ace12a842b9a5b501f0dbb730cf2f17f70c052ff61bc40ae91a9f833c35bd48a

Download Submit
C:\Users\Admin\Downloads\builder.zip

Filesize
277KB

MD5
89a1cef24f1814a412dd34c91727a8d3

SHA1
0fa5d0c0b43b1a687900e47ad98e3d71d0fbadd6

SHA256
39b268b299acc7944e2c3081c586b84003935761f22a98dbe2086181d4e697c7

SHA512
2ea5b79ab2cb80c4092d6097871d599f1516b8be5b62a63aaf4a6645647f50e87adf8808d0fd3e601389e4c48877929ebc60b24f52903abf6005373cf833637d

Download Submit
C:\Users\Admin\Downloads\builder\builder\StormKittyBuilder.exe

Filesize
17KB

MD5
e936b50ab766fb1fdfee7b01b3e4450a

SHA1
6b45ee8349b61604c4007e775e34c8ca45cae16b

SHA256
241b415fdfc53d5c0df654fa70cdf4ddb9df6d5cac6d42e465f521f4321ffdfb

SHA512
d3091a39156bad832f2d9faee22ddc0f3055dc2562f93a0a5ead04938b528c202a9658d02ef3f5b3f2c36f4508b970d815033cb32e18f7098629b105a1fe93b8

Download Submit
memory/2040-95-0x0000025B3B4F0000-0x0000025B3B4F8000-memory.dmp

Filesize
32KB

Download