Malware Analysis Report

2024-10-16 05:16

Sample ID 240721-vk4bbswape
Target dgtm,.rar
SHA256 4eb8e15aa97acdc7599a949211b6ca85d6973fa0f8d8a739e4a6e617a29de673
Tags
agilenet agenttesla spynote keylogger spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

4eb8e15aa97acdc7599a949211b6ca85d6973fa0f8d8a739e4a6e617a29de673

Threat Level: Known bad

The file dgtm,.rar was found to be: Known bad.

Malicious Activity Summary

agilenet agenttesla spynote keylogger spyware stealer trojan

AgentTesla payload

Agenttesla family

AgentTesla

Spynote family

AgentTesla payload

Loads dropped DLL

Executes dropped EXE

Obfuscated with Agile.Net obfuscator

Declares broadcast receivers with permission to handle system events

Declares services with permission to bind to the system

Requests dangerous framework permissions

Unsigned PE

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-21 17:06

Signatures

AgentTesla payload

Description Indicator Process Target
N/A N/A N/A N/A

Agenttesla family

agenttesla

Spynote family

spynote

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by input method services to bind with the system. Allows apps to provide custom input methods (keyboards). android.permission.BIND_INPUT_METHOD N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to read the user's call log. android.permission.READ_CALL_LOG N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-07-21 17:03

Reported

2024-07-21 17:43

Platform

win10v2004-20240709-en

Max time kernel

1357s

Max time network

1153s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\dgtm,.rar

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\dgtm,.rar

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 25.140.123.92.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 147.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 200.201.50.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-07-21 17:03

Reported

2024-07-21 17:44

Platform

win11-20240709-en

Max time kernel

1463s

Max time network

1480s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\dgtm,.rar

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\dgtm,.rar

Network

Country Destination Domain Proto
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-21 17:03

Reported

2024-07-21 17:38

Platform

win7-20240704-en

Max time kernel

1563s

Max time network

1573s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\dgtm,.rar

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\dgtm,.rar

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-21 17:03

Reported

2024-07-21 17:40

Platform

win10-20240404-en

Max time kernel

1799s

Max time network

1594s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\dgtm,.rar

Signatures

AgentTesla

keylogger trojan stealer spyware agenttesla

AgentTesla payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.apk\DefaultIcon C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.apk C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.apk\DefaultIcon\ = "C:\\Users\\Admin\\Desktop\\EagleSpy 3.0 Unpacked - Fixed\\res\\Icons\\apk.ico" C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A
N/A N/A C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\dgtm,.rar

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\dgtm,.rar"

C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe

"C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x3c0

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe

"C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\EagleSpy 3.0 - Unpacked.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x434

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 f.f.f.f.8.f.2.0.2.c.1.c.3.1.0.9.f.f.f.f.6.9.8.8.8.0.8.0.8.0.8.0.ip6.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 25.73.42.20.in-addr.arpa udp
US 8.8.8.8:53 240.143.123.92.in-addr.arpa udp

Files

memory/2988-1038-0x00000000009D0000-0x0000000004D56000-memory.dmp

memory/2988-1039-0x0000000009590000-0x000000000962C000-memory.dmp

memory/2988-1040-0x0000000009B50000-0x000000000A04E000-memory.dmp

memory/2988-1041-0x00000000096F0000-0x0000000009782000-memory.dmp

memory/2988-1042-0x0000000009630000-0x000000000963A000-memory.dmp

memory/2988-1043-0x000000000B8F0000-0x000000000B946000-memory.dmp

C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\LiveCharts.WinForms.dll

MD5 76c775d09b24798f6923452e920979b5
SHA1 3fe2c79512a0d1153fb07f6640b27106c90d333e
SHA256 a5b61c1726304e6b72e09a0f35ddbf52f89a75a4e28e6ed098c8d1df6081b4ad
SHA512 eacc093f8ac9401f617df7e07fd68a8a0f1f03aa150283de67ad8c338fcb1520b0f07335547cf533a646ff95f239c92b029f952a706e736bcd9508817c9be0f9

memory/2988-1047-0x000000000B8D0000-0x000000000B8DC000-memory.dmp

\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\LiveCharts.Wpf.dll

MD5 e924f79f0b5f3e79c98477d75831813d
SHA1 64f71e20e1953b13c771d8a8e63549ad6d64216e
SHA256 1bdbb1b5c1a50653e5c26161e9b7c03edc518721a6e10ea180a84049d967106b
SHA512 063e9bdbdaf0accb46cef5fdb98b30a97b8a6ba097a80d43a9799ff73e820d1c56d41ca9f71d94497736e3def7fbd0109db4000ab1d9e46cdc96357bf3e15fd1

memory/2988-1052-0x000000000B9D0000-0x000000000BA0C000-memory.dmp

memory/2988-1048-0x000000000B970000-0x000000000B98C000-memory.dmp

C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\LiveCharts.dll

MD5 9642899636959b7fc89bf34a8b998a90
SHA1 479a0254d1c9e5565c7d861bb77f54b7eae50c96
SHA256 9fcf89837b60f69c1c501e4cfa4d2860887afd0b8f325803367e795a4e3bc9ca
SHA512 435dccb57ff3e9d0663770768c866838b19fbaa5b8e79de0ca111d9c73276f016e016d1d268f72cf3435ecac122039764fada952e1a4f68f368b492bb866c9a2

memory/2988-1056-0x000000000BA10000-0x000000000BA3C000-memory.dmp

C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\DrakeUI.Framework.dll

MD5 0562b4c97f643306df491a938ae636da
SHA1 0807c37b711374ed4814a9518c9e264517de89a0
SHA256 70e72477f7fe0018e043ce8fe2228a289459058ee41caecd6f05855898bc5b80
SHA512 c969cd274b6bf65a34f1d129b6531616a3485a1f153088609ad2369d380fdec37c3e88a423495912715a26e353dd5498f7f9e73c895e9f3f18fc7d1e65d2ecaf

memory/2988-1060-0x000000000A200000-0x000000000A3A6000-memory.dmp

C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\Guna.UI2.dll

MD5 c97f23b52087cfa97985f784ea83498f
SHA1 d364618bec9cd6f8f5d4c24d3cc0f4c1a8e06b89
SHA256 e658e8a5616245dbe655e194b59f1bb704aaeafbd0925d6eebbe70555a638cdd
SHA512 ecfa83596f99afde9758d1142ff8b510a090cba6f42ba6fda8ca5e0520b658943ad85829a07bf17411e26e58432b74f05356f7eaeb3949a8834faa5de1a4f512

memory/2988-1064-0x000000000C610000-0x000000000C822000-memory.dmp

memory/2988-1068-0x000000000B830000-0x000000000B866000-memory.dmp

\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\GeoIPCitys.dll

MD5 c070f2421851420e832e4f5989a775a2
SHA1 d6af3c48ffbe0fa1e0e54860836d3bbf374b8b46
SHA256 d54fd6c5903eea49a75d620d4ba232f8effb1863f5f9c974e4ac0a8fb1904131
SHA512 75c3edeb4c16d8e82eedc5595b9c3fde4cbd4a3e9deae1967ad513474920a48e4e9275fdc76f44032b1be570a4ece1a6393c4680af8989f67bcdec039d06798e

C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\res\Config\Pass.inf

MD5 199d4698fc8b96cb8fcf0a6365ac48c0
SHA1 f00af06d7cfa05d306c65780050c5049b8b90a01
SHA256 5b57f60546578537adf0440c1b3a8fada8a696af26fc73e5dece33390d4f80ec
SHA512 de5b740df1ab74ad8e1f94b4926452dd4f0e089d252622e91390d5ed6d887f8c3807ea4f4a35aa2450fa8b56ff7959a170129668567e896ee0a07389a2e957f7

C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\res\GeoIP\GeoIP.dat

MD5 2fbec46d430f57befcde85b86c68b36e
SHA1 3ff9829e3242deb69a7fde0832b7d9345b925afc
SHA256 681ede512fe7ac21e976c754bfc1e1a75a9e02c3d931ce6849cfaa9d4080338a
SHA512 42036af6f57e446fec194ce71fa634dee9f4c77342f64a867fca8730d76349190960a7e7a5967ea59c250ca1b220d4845b4911dd63ee870f5620d9eb513b91d6

C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\res\GeoIP\GeoIPCity.dat

MD5 fab3cc04a19ffdf90d775e27967a7c25
SHA1 723c1635338bec7c1c876769618789268b8faad2
SHA256 bf41a0a700e3b35415609d090b15c5355e5cf4ca703ab119626b2d450997c608
SHA512 fe013386ff799cda195222341ee601d7b8b3c5c8abacf3c80e3fa03af52ac848f8a79a7dd87d8831d5a366243343f1025f704f49d858da4b02235968f834a9e6

C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\res\GeoIP\Flags\AL.ico

MD5 5dbcdfb9a2f9120ba42006c997e22b42
SHA1 01fe537ccabec19b252e07ed6ab557a46a70e6df
SHA256 8f726d2132b2b7764936aaffb52ef7b0271abf857949588c36b32fb3c769bcc4
SHA512 519b0757a1bba205915aea9f8bb715072420fae126a4917f146c9ea7567fc231d74f93ded8dead86dcffb0fc293de1a4c85a161dd894b490e57806df67cf01da

C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\res\GeoIP\Flags\CD.ico

MD5 ce3a6c35e3c3c2e5a283e903378b9c47
SHA1 df642801fcfb8c444dd6268a3169cf0d5e3507a1
SHA256 50f6609606763761767bbbcaa7f845644a15612fd7a9228c384729691a14b350
SHA512 22c2eedd1ea6333e0475202ca1835372efe4312480996a02da8067a15cbf90384e455c424b371280fb87494d30a87d580eac7e5bdb42debd522553feb02f53d1

C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\res\GeoIP\Flags\CC.ico

MD5 549077dbd6355bdf02cf9ae94cd90d31
SHA1 447cee9c147f048529a2f654665e48d390d4ca61
SHA256 4c13e537ae62cfd9e6bf1690ad6fd7a0444ccdbebf9f29478c0238ba60c4bc58
SHA512 720a6f26cb64b4ba56c931370ae74ce0ec83756a1af0a33af2b11ee725ce4eea2945972283b49a908aec9aa42eb7f357e7eb7030465a11d4d63b5802ca6442d9

C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\res\GeoIP\Flags\CA.ico

MD5 a28d60062ceb07e296f5c4ddd6e76fed
SHA1 e9306422c690eb6e773b9ce306c6e5eb545f6e1c
SHA256 642b7b575255c44fa96167b1268e69f2fa72e76d62aa8f15768eeebdd45d11d2
SHA512 73dfb8a1ca49d5b8e9a739fc36dc68f5ee7a66be7b851f38941c6a7b55af64187b3390d1e8962b850e6d3f3755b9c03c5103ae62cb0e29855b2cc7cc49b3105f

C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\res\GeoIP\Flags\BZ.ico

MD5 79c5d3202341bbd141ccd6543fe01983
SHA1 ea4b1accd5025dce621752bd23a5143b1128873e
SHA256 627bbd8aefb32eb4bd11c2519ad35427d5627bdbd54b68119827990ef66b4180
SHA512 790390d2e6bd15f35f7f414504a01f206b6114837388b8897cf74bb0191598b4dbe01f1a99a39e0f3a535bedc714d77b63dfbe1e368f744e04acfe93f938ae25

C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\res\GeoIP\Flags\BY.ico

MD5 4c2fd28b7d3e934b6979550174bf4f97
SHA1 5177886a85094d8446ff457e2956481a68b066db
SHA256 de9fb648d544aee8166232826f3ddf7973d957eedb70ce5100df5a969d7a6cc7
SHA512 fdafcec7528305f0aa03d83ec5888c19bbea333b116a142ade6fb53d2812f4cfe5735ffb2ba2158389751c04b3e172fd196648e9fc8e95892125fdac1183a976

C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\res\GeoIP\Flags\BW.ico

MD5 52744003db72b685d11c884f2f9e56b6
SHA1 310b6932dc8864a8a6b2811badfac88288609a79
SHA256 9c1c1186d19dd5c439351fcb756df877c4ea351dbf4aac1de226b98b3053ff01
SHA512 6bfa94f9e8905498fd503b55d67d87ad2778799b04c9129c5f15de45d3fbf75d3460b5b855f048d169e345766e4457b25e29b03abeff043ef68b4669822c6d8f

C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\res\GeoIP\Flags\BT.ico

MD5 6354a3e9500fd25c6b16d06ee185b4df
SHA1 cfc3cdf3c1dffc5b8e00751cd25ec2e25d4ebbbe
SHA256 ea70f8f17623daf8128eeee0fd9b91d942d928e5b20da5e1bbc7a5d7a4be5e1f
SHA512 941b4b4b61f6475dd10df924f6580fc0b351d6bcf3dc75e8a9ed6ad60d57931379483457bf5d3c998e8fcae23ad110160fd73cb1e876119a702c0aceefe3b486

C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\res\GeoIP\Flags\BS.ico

MD5 8e52a4c31bcf00be00030a8e22e0642c
SHA1 a6743ce24e9ccc60064ea3629d54593cda7309b3
SHA256 2f2cf7125492eb037d8c5bfa15c1584ad8b55047f46e5052b142674ce10e95c4
SHA512 c5fe2072d1c029f359f79e07835e528f5527ccffef1d85483760eea8556b842449dd5babdad3b6f3ced1fe5a6104bdb4d9a688630bd9e26c8e533bdacf6096dc

C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\res\GeoIP\Flags\BR.ico

MD5 b44d5f3b7562b900379302a2f8abe2e7
SHA1 93f2167eeb28510497a4cf6e731aadc1deb783cb
SHA256 29be53093407af0aa165535b196cd3233e19903e7d07c7487c3590feaf3806dd
SHA512 6654a62d640d0b20be490d05a871abe2cae150e3ebd9119c656a8e62deb8a820a417c06fad5fcfbbf5d942c73c9042a281affbd9c28240d85d17ffd1af709ef8

C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\res\GeoIP\Flags\BO.ico

MD5 ac44c7d4d6d1725f969c9aea026bbff1
SHA1 7796cd8f72ca40280d819cf4512a534eacf35b68
SHA256 a74d0a96d71485df49614b77a3a232af0c0984443cf2a3efd30d2a9b367271f6
SHA512 1a68ed03fd0bb79460fdb2c6a0c3677db9055f17a14da79eb3388fa3d4a61d17984ea3d0b7d69c9bc5b6a39be955fba62962993122d8df860355125b2e759242

C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\res\GeoIP\Flags\BN.ico

MD5 4af382e98b18f91caac79ae5240ccc40
SHA1 3158bae6579aa85151b67ab08687b64467c19e4b
SHA256 9cb1449764b3abaae85b2edb0e39afb9776e4c662591f3b241b741a502bb777b
SHA512 0a6daa2b22ee49819d0cda58cfe74343638c62041ef342b08918edd4e1e9e4e90ce2e72a09773b2d9a8859310d237cb8f765fa9658cdfa4adaf1b9e40bb5880a

C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\res\GeoIP\Flags\BM.ico

MD5 d3be823145f7a4b0424beecfff5c9e75
SHA1 0d279742a4c5468d58f2d141b5e3922699b165b7
SHA256 7f33f4d7cdbe5ac4745917badc34bb93d38a8e5abff6bcdc0c76d3171baf275a
SHA512 6f84de202333e036d1aa772a82448e3e0adb2b453d3f93eab5ed745b4399b74e07abd3a533862a68b57dcd1982941698545e239a6510e0f59a51a442adbd7009

C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\res\GeoIP\Flags\BL.ico

MD5 a5b94c9bcb4d88d9db4d0a568f80b079
SHA1 80167cfe16e20d0eda73b7b4627ce676911814be
SHA256 8165efe84da8f10193cadb266016cfb6ca87724614d00c70495a7b9afc172caf
SHA512 5a186a33e52870dbe2e58c889e913315add63486dd184b216cc3a8b2317169e3ffea8eaaf95084eef6ea04a0f3a791d6012bce6b0118143aa514820050577c54

C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\res\GeoIP\Flags\BJ.ico

MD5 994401f509db6b74c3ba205814ff1f02
SHA1 3334f65250c7ba7cbee20065bf4d52becdbd392d
SHA256 569c37c33bf5fe84cf1766c26c531be1398e80585551cd065dfb8dd62a57b608
SHA512 cbdf647eebcbbab5df5b8b68ffbb900534f2d41ec2f4d74e53e53eabbd2219caf83dce0cdbb53cd9c126ce1f88aa667439bce5a5a6ae5e6eb07acc8c8740d1d2

C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\res\GeoIP\Flags\BI.ico

MD5 f44e4ff32292c899f1dfc0d40946c945
SHA1 3e1c7d81166d64dcd6052a7fbe72dd6a56753682
SHA256 84145ca9e4595bdd4838af891ca65f3b88f4ce830f867b6d4f821780152b9c16
SHA512 aad82aee512ee6768ab98e83aeda9b6954d792e81273594d4c2f46183fc0f7df8c0fc4a8035a43c8989b61690dbebea8e286461b01eeafa3398ecbe61750fccb

C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\res\GeoIP\Flags\BH.ico

MD5 75c68788c23a5adf9efe2c1b70526710
SHA1 3750a765118359dd026580d071da6bd3ecd677f3
SHA256 2525fc71eb284013f3add2f13578363e8030ed41fec3a7fd599a96b2a8ba0d70
SHA512 c2a8ee014d1c9ed3ff09d6781c5062fd9aa2dd233c911358eefc2f27d24cee05883086420b2ecab27138a5f6d0143e045ea2b80a221b30b28eb02ecfe3b6c0d3

C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\res\GeoIP\Flags\BG.ico

MD5 8237c4778058a9bab26f406b8f06dca2
SHA1 4bc2b85679ea7e634af68b4e31135d3205ae01c6
SHA256 426c8b630bdc5916c5a687450e90a265d18a1042111c7f26a5a7d85d143044ad
SHA512 b64ec153ba921e2f91146ec1461a75b59fb8e71ddb27dc306144a9cc1aa271e6a61096210f4a3a8e56b45ced2f16343cf61a8bc594b52ccb1d9a0d5b312456ed

C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\res\GeoIP\Flags\BF.ico

MD5 afe862286a0c17305ca72a54bacc21ca
SHA1 e220c5912d11960c8e9ee38f44dca1361b729dd3
SHA256 5f865103ca695247ab7ea7e02a1942ef01cd65120973e17fa3fcc3e59f9f7eb9
SHA512 33905016ee79a2213a5dd03d553e0245058422d45861f4587f4b3aa2e9562686c209fd1e76575d7614a52388f3308907bbdf867223e15a7fe62d3650b130ce68

C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\res\GeoIP\Flags\BE.ico

MD5 f7ed63c5a74feb0ee727cab8d64e2ba2
SHA1 d06d03cc1f832a30c3b5ae51f164291498ff4df4
SHA256 bd0eefab4e51b0beae22d4557f8c43e2908c39b23158900d9c3d38d4a3c27b2d
SHA512 01bb6f850b6b213e365b55861f6a92442c15931db6989f6be03a009a97151abf066eb1298fbd6d130a7ff47970097ecda5855acd2f15fb750f1e5f6916b06e48

C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\res\GeoIP\Flags\BD.ico

MD5 7bb2410b8a58504b0645e9e869cb903e
SHA1 a1d49a900e2367817575d581c34a3f4b5282db25
SHA256 f8d767b5e74cde08d614d64bc51f4d9db90dc056dba1c38ad8b21aa6c598a286
SHA512 a629b6e3a5fc4cc0499e18139260a7c67c629d76c8264ffd3d99c62154354b50bcc5d73b0475891cf38b90809de996648c211a9c2df0aa4e885e536fe4d3f825

C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\res\GeoIP\Flags\BB.ico

MD5 a272b143736710d954a021e7b5b1fe41
SHA1 abf3a358da02a0d9786a022a1367d9bf805ae060
SHA256 f679b5b2dfe2c980b55b713a025936c10260db10254391c5b66dcec51dd97705
SHA512 9290ed552de75f080719d3e6f4954234b48cb1bf87952bf62d1799d64c0d0a2419fe6776d5a84f691f877a6e7ccb176824e7dd00f5ceec7da32458faf1ef6485

C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\res\GeoIP\Flags\BA.ico

MD5 a603875f8aecceb0d62c9c346f250e62
SHA1 44b58245d17d8d205e6bc2015965b3ac9374245e
SHA256 b586dd987bd326d24ad3edddd1f649d2fc49eaf96028e62e6e14208591a31a9b
SHA512 62c218f9e7e30c056c02b0e9e35b39fa9b66faced7fa8c3a14e9636450d271da04aa5f04a627452be03d0df062b38db0bbeb4fcdedb0d7d820d0bb186cb38953

C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\res\GeoIP\Flags\AZ.ico

MD5 3abcf274a070469b7fd5cc1f60408c9d
SHA1 a2fbdbc0028f398a90b351fe5e3a2e4b31153b07
SHA256 d3cc5eeabeae7f54a8c5600b5c2354b355492634031e32e8ba981806b0494b61
SHA512 14be128eaa0b49b7ad07ad2230732e923a30c204faae1c3afac766088836845fc385a99ef50938f6261456e0e45afcd17c0661345ab72cca8b66bd710eb3035f

C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\res\GeoIP\Flags\AX.ico

MD5 19169001a889e72fef769900ca7a8b27
SHA1 e17d9c371cc34d19f05c46d81e06f7ae2159dc7f
SHA256 5ac8c61a8ad2d7ecc3e76927fd6d52b4f279c4d3a92dd32715395581c4615423
SHA512 4c8247ab0f37cafa90ae34aa865af45b6b388fdfa8ab96935d2ae2064c620240dbb8f93c9958844a34fbd249422a9b5751639179697bab44aabda8afc18b0454

C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\res\GeoIP\Flags\AW.ico

MD5 49d969f363a153b7e1cb4dc2cb742238
SHA1 2a8fbfd37be58690dc2e0ca2b3ce04c2d15d6eec
SHA256 f0d730a0d8ce85f049a6d8a52733c506a8cf48584b18838f3d677b09d9c09b52
SHA512 97f17ab20ee96ae4e71e31c7864c509ef0b714215606413c801b3608770415ab63d6d5be0980af7231e4c2e270407fd273c36e0e47d524e59126b933fafa4eac

C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\res\GeoIP\Flags\AU.ico

MD5 ae8189b2c04d783a2f68f0204f1baeab
SHA1 e5709598ed08427a1dd83e1d994330bba1b1b091
SHA256 047f9bd82ca7e2685c1dca4c065209977b5e8c32f78ee821bcc7aba12decb044
SHA512 ef1dd8330cf3cfa9840a5902e13c669e6de911ca9f383067506e2c106f05021aa79df60e2a867259bbd1dd056b9367d5814e9bcbafb242d718fa7fe0fe664248

C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\res\GeoIP\Flags\AT.ico

MD5 8effa2f5bbcecf6415b04f9408c0a65d
SHA1 3f3249fe921c1d4767b76b0c3a720cba0262b565
SHA256 236c59500b9bd83212375ca7514c0d62dc088203ed269e9cd55ca6349adbc8f0
SHA512 3f8a1f0683207ed616819a0e42b18e5b02eab0300fcf6eac1c399f0e5475f45d62e0bdebfe0055d411d529649938623acfd4b3b02fe80fc9da6a0492dcd31822

C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\res\GeoIP\Flags\AS.ico

MD5 caba1e66c954bc8d784efe2a3c02d808
SHA1 ef1d5ba4735c99b55648503513d9ae7393a3a6d6
SHA256 4946c58e14318696ea03cf9bcb5d8a7334273c2f9e30173a3c7ae0bb7ee70bc4
SHA512 430806d048e383411e36a8e3777a27b7efc1819cca50c7d7eeba662d32351a366d3cc0b892f819b6a96db8281c5e249d3faef13e8a4ec3bef75e67b9567bd466

C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\res\GeoIP\Flags\AR.ico

MD5 bb4f489b2ae1f6601513296357fb478b
SHA1 b8337772e2e17d48412f44373ea8a821b85e9c54
SHA256 af2f591584f6c59da15fd42e5175dc136844442e1c755fac047b0efae3956c50
SHA512 547e0753a1ac4058ec609ddd2d6ce54b50cc47177ee319f5bcc82eca9e231d01d74b7c2d02de90557c08224bed962c74f8c4079a1292153cbff32db234ddf6a6

C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\res\GeoIP\Flags\AQ.ico

MD5 be6fa7ab4980735841141d4d3f642a4a
SHA1 c6d03cda7f73a959a3d20d0e3897595fbe2915e9
SHA256 3439ebcdd8e7a614f157f58d7f77d190aac7fe514129a01024a8b68b7008fbb2
SHA512 fbc116df306de7a04f43cb2becfecbbaf103d6b252336e0bd37f006506140ceb14f114cdf62e203bc12f78c25906066385eb6caa67f694d8526b341bcf3462f2

C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\res\GeoIP\Flags\AO.ico

MD5 a5c78266329a1eb0f3e52bc0343783b5
SHA1 e0b254e2176f0eab8d2b76213a64c24ba1788675
SHA256 550a1b6e2b97febd865cd130b0c0d484cf2fd02b8066ddf6d7290b9cffb35059
SHA512 61a7bf67f9019e5f4c653246e1844703619d6421c3625c963862ee9b0b3975b26ce2f785c9b3cc79e77181c098f0e3d60c9f0e21203928117c6cd45f104af36f

C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\res\GeoIP\Flags\AN.ico

MD5 ed05e0515da2b4c11d839493abf8d44b
SHA1 8862a2bd75632d916fdd049b31f2155ac7894524
SHA256 8f641c948721c9e7e92f28224b8b1beeb27382e5bac8a4014a57537dd7543a8d
SHA512 31613012f4ea1da8d1318f69e6e9a4be068e9e490f01ef0e1f880b33f50d715d92d7498ca99223ce81d6656ccc4293a7fbd272939e99dbc21d62176a6c6d9553

C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\res\GeoIP\Flags\AM.ico

MD5 16782d3d013fbdd1277424363dd8a0ad
SHA1 c26e1fd52de7ceb24af6f01fb4486d39e1932bfe
SHA256 faf3d661a09912ff0c1f6cc92dd8775c3d2be31e9a72fe0962c144d679021d86
SHA512 44bda0a5d59f1ead6939a6af13b81ab23b28be44a61e7e736d5e21cbfee813a3a44c5832b16036717f0e18a418dc449b5c3aa1e0f05c4830cb3b64698ce0901a

C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\res\GeoIP\Flags\AI.ico

MD5 2d5ee470e51e769e649109d2721937d3
SHA1 89bb18a904dc2857e52cff3a384df50858d5e17c
SHA256 08afe88e8a0475e320c6da70ff530ada3a6fb426051a6337a769c14dc37ae316
SHA512 d6801a6b238a9779b0b8829f79412c227ed8480ec060e3d1992c9b1024c94a8f1f6ed32097c8a93a6f2600ad68b2ac537fba5f0982a41fef01a832994cc0cc20

C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\res\GeoIP\Flags\AG.ico

MD5 93f8d14b56bf5f257f87ea438c7a3601
SHA1 31b71ace333e016408af2f18290463389206d1c0
SHA256 8e36c85a8ba6b92ea906d4dcda412b492449e668fac3b05f5fc512118fa71e5f
SHA512 a70adeb933e65ba11b28d11fad9a2eae29a623013f9bd8383afa5c794f214a6820f797f03f1714759bd38356b160b9c1e159dfcecbfa7e95f4ce2b24bfb24cf5

C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\res\GeoIP\Flags\AF.ico

MD5 e18c650283441dfbdc3aa46a414f326c
SHA1 eda65607858d6b93db9ca4a9f20cac382cb685db
SHA256 ecf99e08bf15aca4325c4790ee20ccc674b6f4fc6dbbef0885f36bf8e6e8aa68
SHA512 f10cd2a31390bbb06546052214a817153f35ed9b5c5403995267e1e9b4987630c08ddf7db414146211b8cfb4769949cd660060bd2a5c8a51bf5bc381372a6673

C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\res\GeoIP\Flags\AE.ico

MD5 5c22046c8b4f37adbd0f41a811238d5e
SHA1 e3c49202f86ff0718f169ce4cb82570457891bd3
SHA256 0759c987d55b3e2bc78ea1761d451b0b40928865c5b5652ef7b304426bc1dab9
SHA512 655c129c7456ce083a9eec235e04b871a16c4226f7cb1aa2ac4b119770b24ac61036950b0a77257af96352318a991037a1b9b5e2925ca84272995dd8135abca8

C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\res\GeoIP\Flags\AD.ico

MD5 2cce7e02f2decbdcf648cc249eeabbfc
SHA1 4a9cc2ab3162a949d5f559ac2828813da7aaa6d2
SHA256 ffd5e4016c4bc247f49ded9d4ac463e7bd9d7f92c9889528f5f3a865dc8234e2
SHA512 be3d96046ec50bfd8e4399d1268856d0cc1f541635896ad128d660660294cfd98f79998dfa46849a2e6e5aa3e637626a94a062ab694444b7210f69b3a55d1686

C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\res\GeoIP\Flags\-1.ico

MD5 4f19376cec65932d86e2502b3f1188fc
SHA1 e1fc98b80dbfc4cd7ccc8ef3dc77374f1f00d97d
SHA256 3adec935ead947039d90410754ef66ea178aa731dd342ec2a83b0a20c2c2491d
SHA512 dc02d6d547a54c0a046b44e1ed54569a76b2f009e098b6b390bcfb7ce15144a93277bcac8616125ad72c8c5defcc4e6fb3cec4ceecb155126dab4aa1bc65a2cb

C:\Users\Admin\Desktop\EagleSpy 3.0 Unpacked - Fixed\res\GeoIP\Flags\-1-1.ico

MD5 410e4dba1b3e1acd689425d024f3fd56
SHA1 d38fcae133db0cff918dc455acd8ffa437989659
SHA256 e10518132ded7ee51739953121f6efe77412aa85bd744ea7b256a5a6da751e44
SHA512 cac41002ef9ffe4592a0949ebb3a21b3837645838e623d3a188f7e70b6c82b2253c586a6a9395007849da0ef94d6dc47bcfce9cde554e8b6becdaf21082cf014

memory/2988-1113-0x0000000014480000-0x0000000014494000-memory.dmp

memory/2988-1116-0x00000000161C0000-0x0000000016510000-memory.dmp

C:\Users\Admin\AppData\Local\EagleSpy\EagleSpy_3.0_-_Unpacked.e_Url_t0dzi2unslftw41ppgk3kymy0mrnqxtr\3.0.0.0\user.config

MD5 d8317b163044ca3e40b9d24dec14a4aa
SHA1 9013b746cce3b25a9e952a908d9bad4e6dd1da43
SHA256 bcea0df9342eedfd14de5bd164e746005db36ed29d26adcc96f5cb8d3409b3d4
SHA512 11fdede5a1011602e87a71539d8ba268047c4be832790be6873524a96b425653305e2853352f59fc8347d34cedda3b88f1bdbcadd18cd933fbb78175b124696c

C:\Users\Admin\AppData\Local\EagleSpy\EagleSpy_3.0_-_Unpacked.e_Url_t0dzi2unslftw41ppgk3kymy0mrnqxtr\3.0.0.0\user.config

MD5 bece86c5fce933e9b5a0f6b95bf6ed1b
SHA1 647e4002e0fcb71d90f3a1708db1959067db90a6
SHA256 b64bfa27bf56b655d1f651f4b1807b38000f150e0ea291715857dbb249faa155
SHA512 f56b733625cce283189eaa4a59b26dbf2711dd90b5fa8b7fc205af51909846aa5b8d832d27cbb2750c7f57ac6897eed552b0e5e5f3e480ced91f4e33cbfbbab4

memory/1660-1136-0x00000000166D0000-0x0000000016A20000-memory.dmp