Analysis Overview
Threat Level: Known bad
The file https://github.com/hxk-PLINT/Eulen was found to be: Known bad.
Malicious Activity Summary
VanillaRat
Vanilla Rat payload
Executes dropped EXE
Loads dropped DLL
Legitimate hosting services abused for malware hosting/C2
Drops file in Program Files directory
Detects Pyinstaller
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Modifies registry class
Modifies Internet Explorer settings
Modifies data under HKEY_USERS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-06 20:56
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-06 20:56
Reported
2024-07-06 20:59
Platform
win10-20240404-en
Max time kernel
150s
Max time network
148s
Command Line
Signatures
VanillaRat
Vanilla Rat payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\eulencheats\Eulen\Eulen.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\eulencheats\Eulen\spoofer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\eulencheats\Eulen\spoofer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\eulencheats\Eulen\Debug\svcchhost.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\eulencheats\Eulen\Debug\svcchhost.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\eulencheats\Eulen\spoofer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\eulencheats\Eulen\spoofer.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\eulencheats\Eulen\System.Collections.Immutable.xml | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File opened for modification | C:\Program Files (x86)\eulencheats\Eulen\Eulen.pdb | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File opened for modification | C:\Program Files (x86)\eulencheats\Eulen\Eulen.exe.config | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File opened for modification | C:\Program Files (x86)\eulencheats\Eulen\Newtonsoft.Json.dll | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File opened for modification | C:\Program Files (x86)\eulencheats\Eulen\spoofer.exe | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File opened for modification | C:\Program Files (x86)\eulencheats\Eulen\System.Buffers.xml | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File created | C:\Program Files (x86)\eulencheats\Eulen\System.Numerics.Vectors.dll | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File opened for modification | C:\Program Files (x86)\eulencheats\Eulen\Discord.Net.Core.dll | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File opened for modification | C:\Program Files (x86)\eulencheats\Eulen\System.Memory.xml | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File created | C:\Program Files (x86)\eulencheats\Eulen\Uninstall.exe | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File opened for modification | C:\Program Files (x86)\eulencheats\Eulen\System.Linq.Async.xml | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File created | C:\Program Files (x86)\eulencheats\Eulen\Eulen.pdb | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File created | C:\Program Files (x86)\eulencheats\Eulen\Discord.Net.Interactions.dll | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File created | C:\Program Files (x86)\eulencheats\Eulen\System.ValueTuple.xml | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File created | C:\Program Files (x86)\eulencheats\Eulen\Uninstall.dat | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File opened for modification | C:\Program Files (x86)\eulencheats\Eulen\Discord.Net.Interactions.dll | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File opened for modification | C:\Program Files (x86)\eulencheats\Eulen\Newtonsoft.Json.xml | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File created | C:\Program Files (x86)\eulencheats\Eulen\System.Buffers.dll | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File opened for modification | C:\Program Files (x86)\eulencheats\Eulen\System.Collections.Immutable.dll | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File opened for modification | C:\Program Files (x86)\eulencheats\Eulen\System.Linq.Async.dll | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File created | C:\Program Files (x86)\eulencheats\Eulen\Discord.Net.Commands.xml | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File created | C:\Program Files (x86)\eulencheats\Eulen\System.Collections.Immutable.xml | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File created | C:\Program Files (x86)\eulencheats\Eulen\System.Interactive.Async.dll | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File opened for modification | C:\Program Files (x86)\eulencheats\Eulen\Discord.Net.Webhook.xml | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File created | C:\Program Files (x86)\eulencheats\Eulen\Discord.Net.Core.dll | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File created | C:\Program Files (x86)\eulencheats\Eulen\presetforinstallforge.ifp | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File opened for modification | C:\Program Files (x86)\eulencheats\Eulen\Uninstall_lang.ifl | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File opened for modification | C:\Program Files (x86)\eulencheats\Eulen\Discord.Net.Interactions.xml | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File opened for modification | C:\Program Files (x86)\eulencheats\Eulen\Microsoft.Bcl.AsyncInterfaces.dll | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File created | C:\Program Files (x86)\eulencheats\Eulen\Discord.Net.WebSocket.xml | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File created | C:\Program Files (x86)\eulencheats\Eulen\System.Memory.xml | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File opened for modification | C:\Program Files (x86)\eulencheats\Eulen\System.ValueTuple.dll | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File created | C:\Program Files (x86)\eulencheats\Eulen\System.Interactive.Async.xml | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File opened for modification | C:\Program Files (x86)\eulencheats\Eulen\System.Threading.Tasks.Extensions.dll | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File opened for modification | C:\Program Files (x86)\eulencheats\Eulen\Discord.Net.Commands.xml | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File opened for modification | C:\Program Files (x86)\eulencheats\Eulen\presetforinstallforge.ifp | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File created | C:\Program Files (x86)\eulencheats\Eulen\Discord.Net.Commands.dll | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File created | C:\Program Files (x86)\eulencheats\Eulen\Microsoft.Extensions.DependencyInjection.Abstractions.xml | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File created | C:\Program Files (x86)\eulencheats\Eulen\System.Threading.Tasks.Extensions.dll | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File opened for modification | C:\Program Files (x86)\eulencheats\Eulen\Discord.Net.Commands.dll | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File opened for modification | C:\Program Files (x86)\eulencheats\Eulen\Eulen.exe | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File opened for modification | C:\Program Files (x86)\eulencheats\Eulen\System.Interactive.Async.xml | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File opened for modification | C:\Program Files (x86)\eulencheats\Eulen\Uninstall.dat | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File created | C:\Program Files (x86)\eulencheats\Eulen\Newtonsoft.Json.xml | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File created | C:\Program Files (x86)\eulencheats\Eulen\System.Linq.Async.dll | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File created | C:\Program Files (x86)\eulencheats\Eulen\Newtonsoft.Json.dll | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File created | C:\Program Files (x86)\eulencheats\Eulen\Discord.Net.Interactions.xml | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File created | C:\Program Files (x86)\eulencheats\Eulen\Discord.Net.WebSocket.dll | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File created | C:\Program Files (x86)\eulencheats\Eulen\icon.ico | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File created | C:\Program Files (x86)\eulencheats\Eulen\System.Runtime.CompilerServices.Unsafe.xml | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File opened for modification | C:\Program Files (x86)\eulencheats\Eulen\Discord.Net.Core.xml | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File created | C:\Program Files (x86)\eulencheats\Eulen\Eulen.exe | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File opened for modification | C:\Program Files (x86)\eulencheats\Eulen\Microsoft.Bcl.AsyncInterfaces.xml | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File opened for modification | C:\Program Files (x86)\eulencheats\Eulen\System.Memory.dll | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File opened for modification | C:\Program Files (x86)\eulencheats\Eulen\icon.ico | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File opened for modification | C:\Program Files (x86)\eulencheats\Eulen\System.Threading.Tasks.Extensions.xml | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File opened for modification | C:\Program Files (x86)\eulencheats\Eulen\Discord.Net.Rest.dll | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File opened for modification | C:\Program Files (x86)\eulencheats\Eulen\Uninstall.exe | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File opened for modification | C:\Program Files (x86)\eulencheats\Eulen\System.Runtime.CompilerServices.Unsafe.xml | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File created | C:\Program Files (x86)\eulencheats\Eulen\System.Collections.Immutable.dll | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File created | C:\Program Files (x86)\eulencheats\Eulen\System.Linq.Async.xml | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File opened for modification | C:\Program Files (x86)\eulencheats\Eulen\discord-rpc-w32.dll | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File created | C:\Program Files (x86)\eulencheats\Eulen\Microsoft.Extensions.DependencyInjection.Abstractions.dll | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| File created | C:\Program Files (x86)\eulencheats\Eulen\System.Reactive.dll | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31117287" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b8ef5172b86ff84599acdb602053c0da00000000020000000000106600000001000020000000b27d6eccb2dafa26f0c93adc0ca9ca4aafd182420f55615fae8304b5d3b9ef0f000000000e8000000002000020000000d06015ef5ca10243551005789ce3dd5ffc8a8d789471a7e9f749e668a6dc861820000000787964df91ac5c1701188ca927810f104c72c2a12168aff1d6a2de31bb269b2240000000f5fbe9dd3c2851ab2a7610838ddedb1e9ef5738d2670170135e800650673f61cc110320cdc9edeb90b76e215d74b48181d908abc1ea4f776d160caa5871b1909 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\MINIE | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50174a4ce7cfda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b8ef5172b86ff84599acdb602053c0da00000000020000000000106600000001000020000000f83321123990bec0b31bb844b7d78d69b0966451e55ea6fc99677d3f80faf0a5000000000e80000000020000200000000af6ae676e08d34477541764dfe997718278bcf84fba4012719828ab5e9502f42000000069ab62e4bd71fa7743b029ad901fa566c997968281bd6a9497748b65c72713e4400000007d13a5cb000ff862d0504dcc94579600f27bf919fcd38a01ce9367b98cfc96410cc490da35a227cf74121cb6e5670b2180f76c35783b53e7739c0f9f1def9a27 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31117287" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1273994425" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{77624D43-3BDA-11EF-A2FF-FA3BFB8A7566} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 605c454ce7cfda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1273994425" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133647730140624910" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/hxk-PLINT/Eulen
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd0,0xd4,0xd8,0xcc,0xdc,0x7ffdc6339758,0x7ffdc6339768,0x7ffdc6339778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=2116,i,17927837797346168739,1811349808989741397,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1796 --field-trial-handle=2116,i,17927837797346168739,1811349808989741397,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1832 --field-trial-handle=2116,i,17927837797346168739,1811349808989741397,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2964 --field-trial-handle=2116,i,17927837797346168739,1811349808989741397,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2984 --field-trial-handle=2116,i,17927837797346168739,1811349808989741397,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 --field-trial-handle=2116,i,17927837797346168739,1811349808989741397,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 --field-trial-handle=2116,i,17927837797346168739,1811349808989741397,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 --field-trial-handle=2116,i,17927837797346168739,1811349808989741397,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe
"C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Eulen-main\.gitignore
C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe
"C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe"
C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe
"C:\Users\Admin\Desktop\Eulen-main\Eulen Installer.exe"
C:\Program Files (x86)\eulencheats\Eulen\Eulen.exe
"C:\Program Files (x86)\eulencheats\Eulen\Eulen.exe"
C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Program Files (x86)\eulencheats\Eulen\Discord.Net.Webhook.xml"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Program Files (x86)\eulencheats\Eulen\Discord.Net.Webhook.xml
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1924 CREDAT:82945 /prefetch:2
C:\Program Files (x86)\eulencheats\Eulen\spoofer.exe
"C:\Program Files (x86)\eulencheats\Eulen\spoofer.exe"
C:\Program Files (x86)\eulencheats\Eulen\spoofer.exe
"C:\Program Files (x86)\eulencheats\Eulen\spoofer.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start Eulen_Controller.exe
C:\Program Files (x86)\eulencheats\Eulen\Debug\svcchhost.exe
"C:\Program Files (x86)\eulencheats\Eulen\Debug\svcchhost.exe"
C:\Program Files (x86)\eulencheats\Eulen\Debug\svcchhost.exe
"C:\Program Files (x86)\eulencheats\Eulen\Debug\svcchhost.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\eulencheats\Eulen\Discord.Net.Webhook.dll
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\eulencheats\Eulen\Eulen.exe.config
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 185.199.110.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | camo.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.200.42:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 142.250.200.42:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| GB | 20.26.156.216:443 | codeload.github.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 216.156.26.20.in-addr.arpa | udp |
| US | 52.111.227.14:443 | tcp | |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | plint.onthewifi.com | udp |
| DE | 85.16.42.48:4444 | plint.onthewifi.com | tcp |
| DE | 85.16.42.48:4444 | plint.onthewifi.com | tcp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| DE | 85.16.42.48:4444 | plint.onthewifi.com | tcp |
| US | 8.8.8.8:53 | 2.173.189.20.in-addr.arpa | udp |
| DE | 85.16.42.48:4444 | plint.onthewifi.com | tcp |
Files
\??\pipe\crashpad_1580_RATJDDMDFNTLSCTD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\Downloads\Eulen-main.zip.crdownload
| MD5 | 88b28d43313761551b5055314e0ca392 |
| SHA1 | acee723481076c61c569240b4c2b4e6b04cf3fcc |
| SHA256 | dc68d557b77e75d912bc38aeb859a8c1d2b762bc42c0af6aa76c1b666384e4a6 |
| SHA512 | da16ed428d9a4a8ae2357bcc70ed04a691d0634d974ce469832920b65c709385b68617106d29c493adf3f8a97ffc7d2d74bb54fcc47cc9e057bebaab7b2b4965 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d0170ca36570afcb28ba4180cf074737 |
| SHA1 | 12f0005eb14bc507ee2cc5202e99195288454f19 |
| SHA256 | e3a52d2d5527a0bdd5418546b461d494b248ca5906eeae1384497ad983c8f1eb |
| SHA512 | c149dc3cfbe50f236aa8c21d0797057af9e9cd2c56c558e873639bf892919c491b24456e8dd6ee091a466c523afa0a95382b1232cf775bd44ae25d1852a2f827 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1965db21a82922b949ec8d80a87d842d |
| SHA1 | 7a4a8b6222f7c35b21bfa56a90cc99e5622b849a |
| SHA256 | 64c4c3e06802c0443461d5631a71e869cadfce161732f0fa613e28408d6ea83b |
| SHA512 | 36321a8e9dade5c5ff7bea374e3afa429ec806ea4a9d0c43deb64c3336aa2e7f5b132c89375457b30a80c44522dc0a417c0a8cf442f3f93fce03613eca54149f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e5411119550fbec2e4ee452c9e94600b |
| SHA1 | 0d84d6cc086d2ea56e256f3c36501d72ea34130f |
| SHA256 | 6add77103a66cc7b999c9ec0eb5307623f0a61102acde0b1b8b56916a30a353c |
| SHA512 | 67dd0d51dd15519c4ce134d58f35bf774dd953322f2fe9c5ae624f0ab7d87696f21a5a86be05e932e0c952b848bff023fd6833f6b5ec1506eefc32293fa3e051 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 39b6ef97ccb1dee5869f2bf3269abc33 |
| SHA1 | ac77b338b135b6c0179e50c8d8544aaf7a4e3abb |
| SHA256 | 9e646cec6d2affebecc67170c94e6daceb86b840ef607661e9e44e74a9cabf45 |
| SHA512 | 95ce2b4c0922b3cb9ab156a16dccbba743b6ddee79ea83f4b72174395620df48a06d2683f5aff4556c3f221e4ff4e0a29c97050a4fac8d3528ec14865f2a46d6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d92eae9beb7e761c2788085124d06f50 |
| SHA1 | f1e490bac92466271fc6ad9c5b87103ce1ed423e |
| SHA256 | eeeaa458f0d30abf0f74a419035ac9a0f1ab8c372f4120060f6d9175434151af |
| SHA512 | 5321a870809922ede6d043537d68cd434c5bb8c4b431ab3a9107617657a396ea4a02fb92fa43916a6e0cdcb124f4703c1960b8ac1870409232432988061c4150 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0e716673b3a22d5fd5f2035e6dfdecdd |
| SHA1 | 6f1983accff42fc31792e559ef281574f92d0faa |
| SHA256 | 387cdf83f89694271c8d15c4058aa3df2607e6750fd60e89d1c37cf161164c83 |
| SHA512 | e9b56bb27d5a426216cc8b53a71dcd1e029e0750a9404da6abf0c7ff89bfe94c680165d195760c0c2d5f720b507f2a1d1e93d5a543ada3d7dcef62939921a33c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 0c0002c0333a4aa2ad7ce3e694be558e |
| SHA1 | fd546caeaa31d54a6d60aa1f5fa0eb3ac173ebe9 |
| SHA256 | 8287dff09293ca1427edf299b7f1da478e072143b6f1cc1255d4585434a33f0d |
| SHA512 | 5f4666404999d2f726f38b7a7c282b3df272386744cce319320fff8928a116fdd17abc42d45066f0875cf7a8a0edc0f75e7b8b1c93a215b702fb83326d7d4ebc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
memory/576-297-0x0000000000400000-0x00000000004F4000-memory.dmp
C:\Program Files (x86)\eulencheats\Eulen\Uninstall_lang.ifl
| MD5 | 981077ef92410cbf204c59e5465de5dd |
| SHA1 | ad253930fd3a5edd8a81dc473f89132ff2243699 |
| SHA256 | a792f4f5edee0e158798b75b82f6ac720e51957498450161b04ee812101f801c |
| SHA512 | 3f1e30cd667a658f3a2f1388efbd712b57cc5b028de431fd995d8ff376734a8e7ec62a686502761c03214eded30b0ab445d0762b58e5d24663cd25ef8749725c |
C:\Users\Admin\AppData\Local\Temp\IF{91AB3C7C-942D-477A-BCCF-20A43ABD4498}\OS.dat
| MD5 | 48d3c4d4cdc791b3c3e5b4432c3ea0ba |
| SHA1 | 3f840e5554cf797254550d702644d51c17576a33 |
| SHA256 | 38f778cbb7aa3d52f7fd5ab5ccf30b25962a6a5fecdff6efbb10501829459ca5 |
| SHA512 | 65240bafbb3e86c7c7b99cddeac7b3b202562b99506b458980fd8c1437ed560ca56bc446adc62a0cce397e1451b81b531d9dd6baf145664cfc2d55efda5cace7 |
C:\Users\Admin\AppData\Local\Temp\IF{91AB3C7C-942D-477A-BCCF-20A43ABD4498}\setupConfiguration.archive
| MD5 | 03f12a9620e961edf92807014833b9d3 |
| SHA1 | bdbdb280eed3a2762826d9aa0ea3153858165372 |
| SHA256 | 9d23817ff79860369312c135123ddc8407d54ac70fd641e7ce5e4a320c864d7e |
| SHA512 | b3691f9c790d3da9bab38a5e3f686856e6a6f5fe29f4cd73244bf2dfcc06e84a8916982633fba3a9c36e649a8834c96a936316e058f8801dd94cc982c76e1908 |
C:\Users\Admin\AppData\Local\Temp\IF{91AB3C7C-942D-477A-BCCF-20A43ABD4498}\SC.dat
| MD5 | 16d4bd0f9df2ec5a3ccb7980f2bd064b |
| SHA1 | 76a212c6af9f2762547c9c23a58de8ab214faf45 |
| SHA256 | 2a8d26e139707981826db30135c3ca9c4ce04ea8de046c10a16098ea3dad80c7 |
| SHA512 | d409ec560d1d4d96e02b4510e674b6b77c53282261d32b33dba3ce26f4393a0949c6db9ce6a4ea3c8c3819eb7d971fe0eb66cfe2a02ada258fead8a54cc3a6b8 |
C:\Users\Admin\AppData\Local\Temp\IF{91AB3C7C-942D-477A-BCCF-20A43ABD4498}\languages.dat
| MD5 | a3ae2c67104c86a3197586c115a96136 |
| SHA1 | 925e56044b3b98947ae208b22d8011b78613c56d |
| SHA256 | 8422463648619e4c5205304db50282cab2dba418f25b3ae32d14648293a0c019 |
| SHA512 | beb890e6cb8209e78db5d4ffe86aaf342efdb29ec912f9b55de2c3f20d309880d9daf013c9e7c25d7e612e51f416d572b68f547d5ba7eede3c2861357dd4dab4 |
C:\Users\Admin\AppData\Local\Temp\IF{91AB3C7C-942D-477A-BCCF-20A43ABD4498}\licence.rtf
| MD5 | 822356269c1cf4e5cc7d6a42b7dcfd55 |
| SHA1 | b856b04d1d944d6b560ee2954dd5f34d859c6354 |
| SHA256 | a2d86c306a58582d056b9d2bdccf76419807e2a978f63b34ae38ef4193bd3d76 |
| SHA512 | 614cf8d4de49acb3fd54ad0da66cb3a1ddd9e23321a3dcf9b6180cb9a2c75e56544005b7c18919fa3876db9d46e3cdb1d106d3531e9d5fa8d22f27ca01d2f69d |
C:\Users\Admin\AppData\Local\Temp\IF{91AB3C7C-942D-477A-BCCF-20A43ABD4498}\setupArchive.archive
| MD5 | b2781d20ec7a767e76d86e96bf47587a |
| SHA1 | 5e7e0857190bc5acae8c0d2f53a45b09e509bffd |
| SHA256 | cbb6b83ea161bb016cdb9e9747ab1f5b37789ef2fa2ee3d14e0c28ee59e1c1e6 |
| SHA512 | 94ff43c9c2351ffea2c52bca892524a9f13ba2be19f5192083c8775c8b9ec0dd46b0d66397f4f0d6109b06b9aac06eaccd83f84551bf452facfa38fbcad2abce |
C:\Program Files (x86)\eulencheats\Eulen\Discord.Net.Webhook.dll
| MD5 | 9188d316763b975a9e3356a688c9607d |
| SHA1 | 99839afdf0397f756e6b69970f8a65361fca9bd3 |
| SHA256 | abd5a1e1debdbf33ae1281aad9849a656a802438d54c413860c2d5103c7a362e |
| SHA512 | 97b4058c1addbf7f1129a019488a2b97b667c7d37ccbe565cafd55485fb2828bfe482c8fb8065506533551d608c73befbd4864558bcd9dd9af265f5e25fe7a68 |
C:\Program Files (x86)\eulencheats\Eulen\Discord.Net.Webhook.xml
| MD5 | c8e6624459879d278dc69ab2bf8ec492 |
| SHA1 | 04e2fa75fc043bb4e9dda5adf15ae2b28a5f9f1e |
| SHA256 | b6894dc52cbb2b113ed0fd61f4fc57bac32b3a50987d4d350d54f981bf99e255 |
| SHA512 | 4e38e392a49f64ed10bb2ddb99a9a26dcf38e4ccf6960dee554e22b2e94977426566f6770895a0fa9c44ba7029ff8438fc4c34cb261cffb845876730bba2d90e |
C:\Program Files (x86)\eulencheats\Eulen\Eulen.exe.config
| MD5 | b1f9d66ef005aa3c83b4325d19eddfc7 |
| SHA1 | 02fab54210b73330fc29fbb88cbf1f67238398f9 |
| SHA256 | 54cf3144f875a8c6554a51b6fa1915fa85e37eb7ad2dbceab7b1fcafe5f9d099 |
| SHA512 | 818081bda201b816e03e4f2d1db7b2588b190e85b8974d0801544c2c6ccca04768efffd446e9eebb9a4fc2f3bd91d9d5defc56bdb83ec0e41bb9e7e8d761f031 |
C:\Program Files (x86)\eulencheats\Eulen\Eulen.pdb
| MD5 | 0bfd30f2274fb537805a96266828b7b5 |
| SHA1 | becb9d9b6af51e4d376b4c3841f0461a66914dcb |
| SHA256 | 9e3f1495fc059b0c9244d9f7310bf262afb6c6446e169d31f068988f00556dd2 |
| SHA512 | baf25a0013297646f2db0c48eeee60a7e909b3eacc0402e89fa86a71cc087e66f7abee344e3f7d998118666d023dde5342c5799dfd9ce1e81ad0fdbdb05a3df4 |
C:\Program Files (x86)\eulencheats\Eulen\Microsoft.Bcl.AsyncInterfaces.dll
| MD5 | ff34978b62d5e0be84a895d9c30f99ae |
| SHA1 | 74dc07a8cccee0ca3bf5cf64320230ca1a37ad85 |
| SHA256 | 80678203bd0203a6594f4e330b22543c0de5059382bb1c9334b7868b8f31b1bc |
| SHA512 | 7f207f2e3f9f371b465bca5402db0e5cec3cb842a1f943d3e3dcedc8e5d134f58c7c4df99303c24501c103494b4f16160f86db80893779ce41b287a23574ee28 |
C:\Program Files (x86)\eulencheats\Eulen\Microsoft.Extensions.DependencyInjection.Abstractions.dll
| MD5 | 00053ff3b5744853b9ebf90af4fdd816 |
| SHA1 | 13c0a343f38b1bb21a3d90146ed92736a8166fe6 |
| SHA256 | c5a119ec89471194b505140fba13001fa05f81c4b4725b80bb63ccb4e1408c1e |
| SHA512 | c99fcda5165f8dc7984fb97ce45d00f8b00ca9813b8c591ad86691bd65104bbb86c36b49bb6c638f3b1e9b2642ec9ac830003e894df338acfca2d11296ff9da4 |
C:\Program Files (x86)\eulencheats\Eulen\presetforinstallforge.ifp
| MD5 | 6590775fed1e98af37801cbf3f7d3be8 |
| SHA1 | 07125aa9e2e76baba2436f0b93cbf2d7c72ac6b8 |
| SHA256 | f570d30d02c3360a0fb53adc9df4420ba05b52451c86dc976d39734ad77168ab |
| SHA512 | e543349acf0da60288d06ae2ff2363d1d052f4d0e38dbe43ea93ba1a31d912a7e8dd7d0d6cef69c70649009970cbc442aee744f748164318563a25d945ad8fb5 |
C:\Program Files (x86)\eulencheats\Eulen\System.Buffers.dll
| MD5 | ecdfe8ede869d2ccc6bf99981ea96400 |
| SHA1 | 2f410a0396bc148ed533ad49b6415fb58dd4d641 |
| SHA256 | accccfbe45d9f08ffeed9916e37b33e98c65be012cfff6e7fa7b67210ce1fefb |
| SHA512 | 5fc7fee5c25cb2eee19737068968e00a00961c257271b420f594e5a0da0559502d04ee6ba2d8d2aad77f3769622f6743a5ee8dae23f8f993f33fb09ed8db2741 |
C:\Program Files (x86)\eulencheats\Eulen\System.Buffers.xml
| MD5 | 1c55860dd93297a6ea2fad2974834c3a |
| SHA1 | 7f4069341c6b62ecfc999a6c2d8a2d5fb59d44f6 |
| SHA256 | 2ec7fb12e11f9831e40524427f6d88a3c9ffdd56ccfa81d373467b75b479a578 |
| SHA512 | 37fa5d4553ca3165f10e2ffef38fefc0dba4a2dbfa05ab9f09ab87b5f71f30e6d965d2f833f58b50b3bc2529ebe8fb5cc431c264f7b47ad026f5c5a874a6ada1 |
C:\Program Files (x86)\eulencheats\Eulen\System.Runtime.CompilerServices.Unsafe.dll
| MD5 | c610e828b54001574d86dd2ed730e392 |
| SHA1 | 180a7baafbc820a838bbaca434032d9d33cceebe |
| SHA256 | 37768488e8ef45729bc7d9a2677633c6450042975bb96516e186da6cb9cd0dcf |
| SHA512 | 441610d2b9f841d25494d7c82222d07e1d443b0da07f0cf735c25ec82f6cce99a3f3236872aec38cc4df779e615d22469666066ccefed7fe75982eefada46396 |
C:\Program Files (x86)\eulencheats\Eulen\System.Runtime.CompilerServices.Unsafe.xml
| MD5 | c782e92abbfc0531226f735c6ac56498 |
| SHA1 | 2586fdbeb6d1e11d4cecd5b3e8387a18c7b4d350 |
| SHA256 | 39c2d4a63a186d423e9c866f4d3e9a6acba0103398f20baf8b92a38744894215 |
| SHA512 | a12b6807695c9c626de9602abc6df72bcc5e869a29c7111e956034f321436e7c50ea36ed5ec5b6f93a639ae0f7aea93953e91ae557bf423a749b036c7252a7b9 |
C:\Program Files (x86)\eulencheats\Eulen\System.Threading.Tasks.Extensions.xml
| MD5 | c89e735fcf37e76e4c3d7903d2111c04 |
| SHA1 | 3c0f1f09c188d8c74b42041004ece59bbd6f0f56 |
| SHA256 | 975a9555f561b363c3e02fd533f6bf7083aa11bbc7cbf2b46c31df3d3696b97b |
| SHA512 | debdd8d0ed2ff6ad7b175acfeb1681b1a68eeedd6d717e20e6ac5e0d11c13a1219b4d60f9319939c63bf4b53456328531369f4a9fff5b201475858310e385007 |
C:\Program Files (x86)\eulencheats\Eulen\System.ValueTuple.dll
| MD5 | 23ee4302e85013a1eb4324c414d561d5 |
| SHA1 | d1664731719e85aad7a2273685d77feb0204ec98 |
| SHA256 | e905d102585b22c6df04f219af5cbdbfa7bc165979e9788b62df6dcc165e10f4 |
| SHA512 | 6b223ce7f580a40a8864a762e3d5cccf1d34a554847787551e8a5d4d05d7f7a5f116f2de8a1c793f327a64d23570228c6e3648a541dd52f93d58f8f243591e32 |
C:\Program Files (x86)\eulencheats\Eulen\System.ValueTuple.xml
| MD5 | b6e60687ae5db6d011e21e6993620745 |
| SHA1 | b117c6bbddc72e7f4b590173992ee17bfdde4be1 |
| SHA256 | c37e163fa76629c196460c7b4d54e95b1a46a4c66ab7b6f3311959c8137dc5f1 |
| SHA512 | 709212b6cb36f57b92a82def810f9c075a91b3e6a5fd330dcfb563d94a320783509441347d63bde97f530c6b10ce6aa769ca11f7fc39acf1b25d5c8f9dcbb389 |
C:\Program Files (x86)\eulencheats\Eulen\Eulen.exe
| MD5 | 5f309ab77cc425d8954b7c25cab3b78d |
| SHA1 | c7a0a97edaf12122128551d7e10dc95e956c04e5 |
| SHA256 | a9aa89e3ff1c3f5b02086d69b78971c83c75a85a4ce938f390c27c1cc5b69c59 |
| SHA512 | 720399d8e91fcfbb7f307396559afa91c0403af36695810d7b96da41ceabb0371156e4b437ef9963a60a2ca12ba182f7c727c0eb0e14fefea38e22562ffa9b40 |
C:\Users\Admin\AppData\Local\Temp\IF{91AB3C7C-942D-477A-BCCF-20A43ABD4498}\Desktop.dat
| MD5 | 155b88ea1bfd87caa0a1db30f5e9ee9a |
| SHA1 | ab72a08395472a300d32114cc9872839acc4ba0e |
| SHA256 | 50900a5165a91fe6c25985330c12e0af6ddcfcdf9f363820cbfe119336af9f92 |
| SHA512 | d69113f709cc098be2663adff23b7f063f00d4f6c7504080a86bd9b10cf907df7d0f2b2a64ee609a182574b38feae04a828b89865d132b6b98e77e24f6899846 |
C:\Program Files (x86)\eulencheats\Eulen\Uninstall.dat
| MD5 | d465dc7f492fe655259287c7035a7884 |
| SHA1 | 1c1c70a12323cf814a5c3dbc0f05d6b71f1351d6 |
| SHA256 | 515213481a0ab9589eecafafef31e6ece2415b18384344a58e0e5a1e5a96a645 |
| SHA512 | 7d5072a799c2f5b4cbbc8a5d3d219c817af710588c724b024ddb6e65a8951bc5beef12dfef380217e518536729eac8c21ec1f758402b7aa9217174d94a5bf100 |
C:\Users\Admin\AppData\Local\Temp\IF{97A4EBD3-8B67-47CD-A698-A317CBC828F2}\English.ifl
| MD5 | 2922d0c758d9c3c10cbdc59f91979d0c |
| SHA1 | feb69bdf58d06cca776db63036811af0764ca013 |
| SHA256 | 20f6d12eac29bd6ddc6a99dd276c5e200fac25c976ab4293195b58ec164c253f |
| SHA512 | d15e888bae4e23ce5d61becc3c47d9b5f61fbbe4612cf90677314570fe1df1f4fde6c519b789ad46cc50d19c2b3701bc9bd968e85bb618fb7127950d4ae92695 |
memory/1612-533-0x00007FFD91E90000-0x00007FFD91EA0000-memory.dmp
memory/1612-534-0x00007FFD91E90000-0x00007FFD91EA0000-memory.dmp
memory/1612-535-0x00007FFD91E90000-0x00007FFD91EA0000-memory.dmp
memory/1612-536-0x00007FFD91E90000-0x00007FFD91EA0000-memory.dmp
memory/1612-538-0x00007FFD91E90000-0x00007FFD91EA0000-memory.dmp
memory/1612-540-0x00007FFD91E90000-0x00007FFD91EA0000-memory.dmp
memory/1612-539-0x00007FFD91E90000-0x00007FFD91EA0000-memory.dmp
memory/1612-541-0x00007FFD91E90000-0x00007FFD91EA0000-memory.dmp
C:\Program Files (x86)\eulencheats\Eulen\spoofer.exe
| MD5 | 1a8ac5672cbc3e4c9b650af9b3474ba4 |
| SHA1 | 25b8e9d55f718d47bf785d9a47ce1c63614abd40 |
| SHA256 | 3b63560e4479e7bcc5671d8b266afb26f72d4c78c37e0684e62d863a69c37c69 |
| SHA512 | 4829c5b3f46f0839ae8e83d79816043ef2a3694d489a3fd313f440540e09bbd6d3fc125b667b98a0c3f2d6674016895a7f98dd0fe2970f67dbc50da1f6f8b2a0 |
memory/368-577-0x0000000000CE0000-0x0000000000D02000-memory.dmp
memory/368-578-0x0000000005DF0000-0x00000000062EE000-memory.dmp
memory/368-579-0x0000000005710000-0x00000000057A2000-memory.dmp
memory/368-580-0x0000000003260000-0x000000000326A000-memory.dmp