Malware Analysis Report

2024-11-30 19:34

Sample ID 240920-j1p8vswfnh
Target https://github.com/theDesConnet/TheEye/releases/download/v1.0/TheEye-x64.exe
Tags
agilenet defense_evasion discovery execution impact ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

Threat Level: Likely malicious

The file https://github.com/theDesConnet/TheEye/releases/download/v1.0/TheEye-x64.exe was found to be: Likely malicious.

Malicious Activity Summary

agilenet defense_evasion discovery execution impact ransomware

Deletes shadow copies

Downloads MZ/PE file

Obfuscated with Agile.Net obfuscator

System Location Discovery: System Language Discovery

Browser Information Discovery

Modifies Internet Explorer settings

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

Modifies Internet Explorer Phishing Filter

Opens file in notepad (likely ransom note)

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Modifies registry key

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-20 08:08

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-20 08:08

Reported

2024-09-20 08:09

Platform

win7-20240708-en

Max time kernel

36s

Max time network

76s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" https://github.com/theDesConnet/TheEye/releases/download/v1.0/TheEye-x64.exe

Signatures

Deletes shadow copies

ransomware defense_evasion impact execution

Downloads MZ/PE file

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Browser Information Discovery

discovery

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer Phishing Filter

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PhishingFilter C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = c0939153340bdb01 C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b072665a340bdb01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{83F48221-7727-11EF-9BF6-6AE4CEDF004B} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb4700000000020000000000106600000001000020000000b90753799d1df021e69fdfc030ec981a5c903d359313df43cbf316568ae8a1f0000000000e80000000020000200000006a09fb674249c6ae34b2c0359c4cb6f0db96ef42bf6df93d0fdda259dcae1a9c20000000c20cfc7307f9d333d877cbe7bdb52ab6d04402c942e686909c04a7223860f6c540000000ad7b1a812f096cfb44afc6e028303f9e1cdf487bb1823c49d1a775b1fb251c28ccef38cafddb9673167f333df59b7cb5bd7dce031e09b9fa4c92d924d0bf4fe2 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb4700000000020000000000106600000001000020000000a62265e814e0e50aac94acefcf55030eade1765a2e9f221370ee5c6062828c96000000000e800000000200002000000099801b07dcb8a4532eb3ed8c7262db307308814a1840c7ff5184cf24c935ec2f9000000065f3d87cf2e571cb34653b4d656a365b333889c986f04ba5ec29f714b2b3fc648bd27595d305bdbc326d06d95d0faccf50db11f4907b7096ff6d71ee0acdaabb01c9472abc791f30199579aaecf9ed73a9e0077e3804a64ab8c9651c6081481d743c88a1e2db3137ea61d7c9abc8055235b437de7ea104ced9d6763d0c2e3677d3a544a64d5e804cb6414492433a1404400000004d5baadb8d6cc055305de7019a51d467733750b96c7b377d8f5f202199f07f333cdfa600ab2a0835b8f478e23592e15b8ffa53955f60516b2e2d183fb45507c4 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\system32\reg.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\notepad.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2180 wrote to memory of 2668 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2180 wrote to memory of 2668 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2180 wrote to memory of 2668 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2180 wrote to memory of 2668 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1764 wrote to memory of 848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1764 wrote to memory of 848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1764 wrote to memory of 848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1764 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1764 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1764 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1764 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1764 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1764 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1764 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1764 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1764 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1764 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1764 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1764 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1764 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1764 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1764 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1764 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1764 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1764 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1764 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1764 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1764 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1764 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1764 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1764 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1764 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1764 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1764 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1764 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1764 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1764 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1764 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1764 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1764 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1764 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1764 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1764 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1764 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1764 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1764 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1764 wrote to memory of 2680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1764 wrote to memory of 2680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1764 wrote to memory of 2680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1764 wrote to memory of 2848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1764 wrote to memory of 2848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1764 wrote to memory of 2848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1764 wrote to memory of 2848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1764 wrote to memory of 2848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1764 wrote to memory of 2848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1764 wrote to memory of 2848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1764 wrote to memory of 2848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1764 wrote to memory of 2848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1764 wrote to memory of 2848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1764 wrote to memory of 2848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1764 wrote to memory of 2848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1764 wrote to memory of 2848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1764 wrote to memory of 2848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1764 wrote to memory of 2848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://github.com/theDesConnet/TheEye/releases/download/v1.0/TheEye-x64.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2180 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7e19758,0x7fef7e19768,0x7fef7e19778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1164 --field-trial-handle=1196,i,5482135727660251573,16309676870401568810,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1548 --field-trial-handle=1196,i,5482135727660251573,16309676870401568810,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1596 --field-trial-handle=1196,i,5482135727660251573,16309676870401568810,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2272 --field-trial-handle=1196,i,5482135727660251573,16309676870401568810,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2280 --field-trial-handle=1196,i,5482135727660251573,16309676870401568810,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1340 --field-trial-handle=1196,i,5482135727660251573,16309676870401568810,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1420 --field-trial-handle=1196,i,5482135727660251573,16309676870401568810,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=1164 --field-trial-handle=1196,i,5482135727660251573,16309676870401568810,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3568 --field-trial-handle=1196,i,5482135727660251573,16309676870401568810,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3580 --field-trial-handle=1196,i,5482135727660251573,16309676870401568810,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3468 --field-trial-handle=1196,i,5482135727660251573,16309676870401568810,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3420 --field-trial-handle=1196,i,5482135727660251573,16309676870401568810,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3376 --field-trial-handle=1196,i,5482135727660251573,16309676870401568810,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4048 --field-trial-handle=1196,i,5482135727660251573,16309676870401568810,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4052 --field-trial-handle=1196,i,5482135727660251573,16309676870401568810,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3188 --field-trial-handle=1196,i,5482135727660251573,16309676870401568810,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4184 --field-trial-handle=1196,i,5482135727660251573,16309676870401568810,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4244 --field-trial-handle=1196,i,5482135727660251573,16309676870401568810,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1196,i,5482135727660251573,16309676870401568810,131072 /prefetch:8

C:\Users\Admin\Downloads\TheEye-x64.exe

"C:\Users\Admin\Downloads\TheEye-x64.exe"

C:\Windows\notepad.exe

"C:\Windows\notepad.exe" C:\Users\Admin\AppData\Local\Temp\note.txt

C:\Windows\debug\CHLogOn.exe

"C:\Windows\debug\CHLogOn.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\C9E.tmp\C9F.tmp\CA0.bat C:\Windows\debug\CHLogOn.exe"

C:\Windows\system32\reg.exe

REG add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background /v OEMBackground /t REG_DWORD /d 1 /f

C:\Windows\debug\wcmd.exe

"C:\Windows\debug\wcmd.exe" C:\Windows\debug\main.bs7

C:\Windows\System32\wbem\wmic.exe

"C:\Windows\System32\wbem\wmic.exe" shadowcopy delete

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x0

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x1

Network

Country Destination Domain Proto
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 185.199.109.133:443 objects.githubusercontent.com tcp
US 185.199.109.133:443 objects.githubusercontent.com tcp
US 185.199.109.133:443 objects.githubusercontent.com tcp
US 185.199.109.133:443 objects.githubusercontent.com tcp
US 185.199.109.133:443 objects.githubusercontent.com tcp
US 185.199.109.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 api.bing.com udp
US 8.8.8.8:53 www.google.com udp
GB 216.58.212.196:443 www.google.com tcp
GB 216.58.212.196:443 www.google.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 185.199.109.133:443 objects.githubusercontent.com tcp
US 185.199.109.133:443 objects.githubusercontent.com tcp
GB 142.250.200.35:80 www.gstatic.com tcp
GB 142.250.200.35:80 www.gstatic.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.18.190.80:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 184.25.193.234:80 www.microsoft.com tcp
US 185.199.109.133:443 objects.githubusercontent.com tcp
US 185.199.109.133:443 objects.githubusercontent.com tcp
US 185.199.109.133:443 objects.githubusercontent.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab456.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar515.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c38630a10bcbf87040495a6c65cad089
SHA1 54e02b0e5ccb6b570e8e1d286d617052bd98a404
SHA256 c6ef1c7f2ac29bb1b454c52ec977748c87e602ee7715f6edef65b7215235dea9
SHA512 3b32d34a63871a6584117577f449346eae942f4007f62d4ae6dcf5ed856d9b981f45de74ca2141edec00eb67536b32ef6d883455c817742b40bd57458a9e88f9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ff4ac12657b314b20cd6a4469d1406de
SHA1 2fed67a7b5d2a88539d324ce639155ccf6cb83d3
SHA256 111d3f448eafc6c305c5b5ebe9a0f18709fa499704396927851103da0794330c
SHA512 acc210d8bf31935347e368096f7d470de0bcf704f25f5c2fdb0e672efae31f7f11b3918289e2e1723259f8e6b865a136d6b04fdab1bfee2ed6b462eb22307a47

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0963410380d6de8475b76e4f862e651f
SHA1 384f9e62798862916b3b0a4127794a0911dc461c
SHA256 7aaa3d1a092513f687a27f261b724e9141c44a736ad4bfe5ca765dbe0389d783
SHA512 763f1dafa996ffe3acaea98cd62c8b2cdad15bdec3168801faed04ffe6c7e0630a035e56486beafba9f67731bf40bd9ec84844cb8825b80940648f5fc8314ec3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 828c91da48f9275fca9a1ae5db3d9d7f
SHA1 a22e18b7875b3890fcb20f32cefdfcf36517dda8
SHA256 f5ca9e3fb1918d5e318d612065a6507ada3e51ad26d1bd6f15261bbd9df5668f
SHA512 eb75ba796098a0f321405e845d693429e34d698f8f153b284055b586e49edaf6bba8b3d9c55f54e176f4a4e14b2b0a9a0ee2ff4ff7542d3328bd7eee14fd19f8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a5f593ebe87808ca1167db3f20465ca7
SHA1 be71aa63d777ff9858eb55f5f6de8e528031436a
SHA256 a49e1113f37f46fc1209b04ae909d89b812492454d795118fe9c158cd808149c
SHA512 0ddaf0c137fa2afaf9e36c73fada8d0b09c2d0fa61df98a00d17aaf918b54f0cc27201172a3aa00d1f8106540112fda287dc0268758bd2663cd5bf9ccf8a02f2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7238063e8171d100a187178f1e6a96f7
SHA1 510ec5829772b80dda3acfa9deb865f614c5dc56
SHA256 6b4b373bdcf5373b787776b917114dcb1ec256900526dad22db74b024203b329
SHA512 93833494429a2ffbfbdd244be00cae15b118bf12c1357d4b8723a94f1d7105d244e01481f851583f67a655f7ff9955437ce907966100e89701a2ac062c6abddc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 361b176dcca910825584be5955f4de7e
SHA1 5644ebbe57377f44e51417f4f1230ea6c9f4fe7f
SHA256 b43852735f98b9e06f5006666d72ee78a0c9892edd71ce6869013b5db57ccdb4
SHA512 c16effc869612de82905f9c19ceee08fb0f8640acf2f51d6016930bca9ac871d51e4ffa3d593869c1a579c6aae37be6294bf3ed7b2fef6063815776cb15b1ec1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9b3617b0dc1d43d16f14246ba414a722
SHA1 ab256db209961c8df79025246ddf7a023e43a8cc
SHA256 2bce10772b8d5d72abc6f3551955ae919b90e1667743ffa6ef389be5e4fa7cc5
SHA512 0036d7d261b32186bfc0b7719e67abc3728bb8a5cb9529577e72565540a05f01debd4a793d3b42b9c1929cc1a85fe23e6c14f68c8b47320226abea377791eefa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ec2984c3607b7602dc6c239fd019a2a9
SHA1 36f47e950c1481632a9aff8da06dd09da86afece
SHA256 ee8d64960da1f59792ca1c1fed6a24b4414563de6aba716c25f277aa4312fbbc
SHA512 b1b72025f2ac02cf8008f5cbe2296ccdbebaa5ceee8594bbf87547365b0e72f2c27bdce39a21e5d6b552cf0101eb1a373183efa7b671418b681a6a85538c9205

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4254a102114dd49faa4815254484e4e7
SHA1 fde143e2d1c48ecb4997be09a8e137c7999c9b7d
SHA256 ca7f3b5bf868d040d64e7044251ed359ddbffc18e87eb737d6f6dbb840dcf0bd
SHA512 4154ecd12062f4953c50d1af6cd8fa10a4a8b83551996058aa4e70e3259067b612833c362e45d3892dfe2e96d8e13f840635b0f9d2b8d9ce49be89359a4b20a1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 439eb5cab377037a334b16516329cace
SHA1 95e3450ea068d7fb3bf9cc942290717b1e6850ce
SHA256 dcabb3d668544760b4516a9427efdde6d1e42c982e87bc308095a0c8091364a7
SHA512 b7e59ec08b16a36f27889240b086e579dbafdb0ec76a90ee1464c89d11e93f6564bead54b164a12258406157b496ed1a2244de47b43d0e8ee56977dd15a7b0ef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 69539359d7c84ee68dc4b65431305020
SHA1 bf89c4cae5b6aeee63f26d8c049cb3a0c906c613
SHA256 bf90f282c656fc6afc89f858423cf90c0db0b9ce4d3b724c71644d299bb6e084
SHA512 3dfe6c4a42ea6e6df3ad4fb6fb16cd36abe842bbc5d98b34794f89a34905ffb699c5ecb0aed526d26d90cd1b28de4ef7ac0a8cd845ed908ec633427aaacd4bf3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 98187e8049de21023a79717e66724594
SHA1 ecfde01698096c7697237846ea809a2de7fb1e52
SHA256 79c0b837b2b13230c2c9ea1d10e901bb93a675a2330fc77397fafc9ca0dd17e7
SHA512 791a7e3bac2829aba1031325514bd1535ff5a2b54aff57afb82345d7d57b50ae3460245cad8de5a7018572db31568a78726c8ebadc3b5a9bd1c712458548c8f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0bbc292f33c03efb57398efa18e53988
SHA1 bcbe6fbb736d25eeb31744e5a226a5132f95cbfb
SHA256 7c4f8265815fa2e45bbb1beda5531e3fadbfeafa1bb95cd8569e5c3a6c4b3d45
SHA512 cd2b9f4d58417888768ef2191b9bd3c2a91e2e893fe54bce531a01f074c035b39fcc444589969773d38c57d5a4f3578c467856248daae06921599f7e2fb21d60

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fb78f1c73200e03058fca818ce3edcf7
SHA1 3f60bcb74d75b178b3fe9f2c1e64a467f88e3845
SHA256 7f7267f3df376835a0adfaadadccde01791e84054372d0580ac8f09e1444c7a8
SHA512 4bbb71c3fe379053e77dad9447cc022f5188b0947d5cb8f122685292e2caa0e3308c7e3ada8665e12a5c1cc1156533a87fcee997c6d817b3473e338a7d0285c6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0eb8f5815f8f3971819646241d9e7b6d
SHA1 4f170c5ff0fa74635163a4ef7d3ca8d9dcdfbbf8
SHA256 9fc3c461ade7d2c4d9f4bfdf151941a67ea3e0e9159c231b38ef006a23c094ae
SHA512 6f6127611a660d6066a3555cfedc24b282cdd2b31616cf90517ba7077d332f801eb42201f00e242a910499c198c9247c463bf8911491e8bf6476a4bf303269a5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3a65670d025e682df33416656b7253d1
SHA1 e435835edd3fe724ffd9eaa1b0f7586a3396d111
SHA256 335d2ca57d2eb522deccee9cf3e36e57cb10d60c3c7597c4ce575711a4b0fdb1
SHA512 c052005c8b8041ea004fe17c832e53fdaec1b1c512de1b5bd034bf984220a24e8bf928fa303fac81e9d29c28a4b4aa83287721f9f03f3bb82ec51ee50b68550a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 599c7a21a526c481aecda6d2f58e882e
SHA1 3cb6dfbb48f984d2185d344dca3bb5097031b2bb
SHA256 8766b06a6b6f2f3e8662165bb5590286ae5b0a205cc0d7e64f512d8479878c29
SHA512 75f4fb6f9e091af1c3b84b90898f373f1b5d93a19386abf2285857eb774bc64bd3be3c41b5dc6561a9168e6f05e56cdd5fd8bfd9f03faf29c1a8f83cbf91941e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

\??\pipe\crashpad_1764_EKEBIHZJOLZFYHBW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 670fa0e9352632db9be829678e691797
SHA1 da4385a0e872648930fffdccd4e9ae71fc436ab6
SHA256 da7af41f7090542ee7512df5540c48fb8c48880775d01ada6d2b4eb1c8e10268
SHA512 f195cc60db66735071923b6c842c2632982411218f069edf10c7325e1fcfd6cb031c8e0bfea362be31b43ab803640376314347e18e67afa4aa821ad5c651ee1b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A66A8DB907BADC9D16AD67B2FBFFDD5C

MD5 9940e07922cbeca2994020f0138ae310
SHA1 cdc728495751208e08e24430dfc9dc8fe9d6b01a
SHA256 240f7e58e7a07fc5c2f57d084d3e00f4f9ac745ada1af615e8ba4a13dcf5d1d6
SHA512 5f966218b0151024ca5be399b4f68ef08e635990799689d7a8dd0a6418077c4131061f15ed98dc233473786e155dbd453bdec67f966eeddb79e43e549054b2ab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A66A8DB907BADC9D16AD67B2FBFFDD5C

MD5 6dace634c2dc2e239ffe313bc309f82b
SHA1 6e4a7ccf5364e7c4d33a9c00e5b1ab09d44a01fd
SHA256 60b6f7d02553ab6479e588d8cc703ddf3326d1b0a4243989260f347de92a6f12
SHA512 ef69696c42f6e379973b60344ae276cc13a2a01482e194432659208389e448c0299d3bae434fdc9dbf59073ea24a8968fb1decf936e093b61ea9cfcc2aa15ffb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

MD5 621d518af6be9df1abeb8b3b6b66eae4
SHA1 7cf9ab5a7e3558d8afd6985bc0cbbabdeca277cc
SHA256 bba0137028953432024d26d0e6e52fa12f88210b48583059126a95987f2c6a3e
SHA512 50364198ebdedf190002198fc00709846bc12bd65cdf880295765c8cacdcd998a92c31d40fb3e1af0652bf0f15d19c0ad4a8971649e50252dfe444bebf192549

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

MD5 bdf3c75c16098454b6eaf51460e00117
SHA1 57c474f55194eae9f7cbc47b4d266cc5b165db49
SHA256 d465fa2f9a1d4bf0c583b2c4312406bdc0d9f715634959317c67f38f212f67d3
SHA512 f4656dd365bd7429a7446f5c811d9d05d81d338a8253c6b381dc1e93db140530056f79ccb98415d53129d2f2d824540606cfc14e3e03e7a421921611b83b2f13

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

MD5 fc26bf1f0c0646ccb9aa12f5baf2f3d7
SHA1 f011463b8edda0521577f88066f851f38e7a0f41
SHA256 2efd83280a336d33c2a97cbd9c1d47c6c53393bf84cf03aa412a67ed6f58ed16
SHA512 aa1b3327833548496c0fe39cae952c2ac472e58a1b2c1bc79dd890b6a4ead46d3e18267342f6e8a46507d67e92f5e67a894dbec630e7f4d1c00ff0034db72f3e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

MD5 00864b86c9df1329fb87313bf11576ce
SHA1 70e349dfde2ab8dadea0abd11b16354d2ae6617a
SHA256 a3584600e0919737166bb1d08d4be217aa6eef53e45f602acc162b2bc8f8ce2e
SHA512 5d0c21371668db0394abe135883198dcfce754e9d85ba0c1a32071f65e6109e10345a01c6f26e3163f238ca0a3a1c20cab55abb6c063ce588772be8842680f65

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dc9e3b9ebf43ef18ef38599c93a48f51
SHA1 cfa5b1ecf797a240f5ce1fb440f1dff5fbf35ec7
SHA256 76a22018fcea85a35c5d5e794e53ee238720f0c28ba27a69326efb762a88fb78
SHA512 fc490ed88ceed5bde0307ff75002c2a34cf7cd9dde7b1bfbc6bea60805c6ea5e955324010e0433f1461c4dec7b148f11fc332cf3de2b8ff757fa2f6ebf71194c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d0ff9ba7b11adc295f8af4c02b22f3cb
SHA1 19258859b97af85b5585110a443ae1105bdd6e89
SHA256 b45edacb34ef9a1e9b93a39b0a3c1b326454762c15885cddc707a2d03d0340d2
SHA512 86372e7b4d966bba9227c3bbe84d03ba79618ca993031d084b043ddb46c703f2328e270c5a4415710b9ce86e958406ee6d3fc8d4101ee101c25d3d038f627763

C:\Users\Admin\Downloads\Unconfirmed 708634.crdownload

MD5 914d34ecdfa0ef6430ca4809e7a8c10c
SHA1 0e00f756f0997414af61b0ba2e1ea78a44619e9d
SHA256 fe79fb788f0fc6c4752f7bab66a52d8a4a1d15aa3821a919b9af6ba2c03aa5ae
SHA512 cee271e233c472ae2bbc298ca8cf9de08993f7db2f8d8503025e9a644af6ccfc1290a3c02d91854788c316fa2240a155609edb9c87be5470fde1d5abae546e11

memory/2916-1580-0x000000007172E000-0x000000007172F000-memory.dmp

memory/2916-1581-0x00000000013E0000-0x00000000025B2000-memory.dmp

memory/2916-1582-0x0000000071720000-0x0000000071E0E000-memory.dmp

memory/2916-1583-0x0000000071720000-0x0000000071E0E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 61bd4140a2f2eb469679ce1df676ed4a
SHA1 7181bea3b5e2e9d7f9d5c6917a5063379e9bcfd9
SHA256 85108025a2417cf07279336d59d91e6757e99325eb19eb451ffa0fb4040498d0
SHA512 b22a03ff4507ced16ef6a29f88117ac97bb71c5f538ca5d4980abdb88797f435c6fe440bf768348474e8eeaa1f9fa71f4501143f5663a20f638ae19f99f2f0d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 23a9a1dc40acf8fa347aaa11a0bdd3e6
SHA1 2a90660ca19adad999e31bef91f9d8884d6759c4
SHA256 62274b98624c10574677c6963042014d828ebcb45611f925d999ddcf448b19cd
SHA512 6e0bf0ec84c0af2d9eb0b239812538e7855d4a53804d8ed1339ba2c397fc06055dd8054c764522873be0d2c441624d06c880e5c6b72e8f9fd35caf428964a55d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 65935d0a883066260e1e0d20b3f84094
SHA1 8321d9730ba655053cf0772cf087285ac523a741
SHA256 bc0fae3acfd040fdfd94b888197e8c4c376ae396431afdcbd01f00f9b57d69ea
SHA512 17d59f50c28f434cd27f61bcd5d2ceb4ced250c32a1103f31aa5f1562f77c3e7739f102353c0a68d77ed328726d914c53c7af4ac07c0563ddd825f82741732b3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\61489e26-9134-4cc4-92f6-fd1bc8bdbb92.tmp

MD5 6fa3c5892e248844dfb76a3cc1f99bd9
SHA1 e8a66b8d827500359fd6d5a8527d0226fc2a7ebe
SHA256 bd672a99239c3cd4bac65e3b2cacd654057c3dd72c7b12aeeca99bcf539772b3
SHA512 593930a3bfefac2dd4e7c7afe5b33f07efa35543a4f8935974f0a978fe3ce59925bfccbb45aede005eaf9549d79610c0e4547c95fe24a00116f61eda36707405

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 73368098feaa4f4f4e97d21f6c0e6221
SHA1 e808cda0c26efcd1c0d05ae814412765cf845955
SHA256 017a21748f9757bc1ec898b418d60e8247bcd2db9d83bbafd53241e3c7c01889
SHA512 491f5bd94b2ceae82df81ee0115d03dcf06cc7598719504b22d937208817c47f541f978464908fe17b7027c9cb959a451f9446bb30b61507e2f5f10cf88453fa

memory/2916-1692-0x000000007172E000-0x000000007172F000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 39396b4feda8dde83863c2d25ab21ccd
SHA1 666091c3974393edc0f8868e2adb50690fd93ad5
SHA256 c8e83bb40a97e723d96335181c12d0836eca7d276a30760a34888df10c572d2f
SHA512 f178cff76dfd405fd33a91dae9fe33317ba3f5cdd1b8502881db86fe2970b44d80e33d53a3e5cb01fccd1accded6e5f6009069ffaf3a501f471125f250996a3f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 fd111432410a3a2859f0e6efbb71058d
SHA1 51cc3ade7a0c45d3e3a315f8df0dcb0a5e4d1538
SHA256 385224fb085e8440d49831ba4cf27c02a659c31de95771946754b73dffc49611
SHA512 ae63632e36fff5a7b2742b6006bbf6f9a969efb7f8366a487e45b3b65bab5b399e676f3566e00148235d270106288c84a8ba2a030d5db06a0364bdb5fb22f47e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 19b399a427d6d0b0a987b216417b1120
SHA1 4b2d7919c76470d95a740890251f7fb8b94e18bf
SHA256 f07476483e4a8e74a6beea92544845642efcb1d959190974843f9f14c78692dc
SHA512 62bc9a0373afaca490db5d1ef124cffb147827703f13593667161c6db5aafbd8bb3b09ae6d7df7cf57ad3afbe899b259d61c3215da48070296a2bac1e5350228

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 753ffcab4cade78b962ac7d626f9df60
SHA1 d82608043c63e18de2e164063b103df7b196aee9
SHA256 78ae61a89bae9ab0601e86f2ddf32c6e5b43c0078240735c1f1c2a4cd0fb5a21
SHA512 b090e961e768fcc097bda7e919cd946e6a03d0edc1c6c7a27e3b6c652a542af47f66bd2427148e1cfc0a29c2f16b2f8f36f47e26f7593253171ef14123ba1297

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9c3d5b677f30f0c16db637c870439a3f
SHA1 039fabe88f2a54a0dc3bd71e9c9fef6aa0638710
SHA256 9eb3e8256289aad81e1496e282c30d4f217750c941ba7509bd1d3d8dbe02c93a
SHA512 f81377b63dc648cc97b79d7f92a624d7f67641ac2eb356dd00465e5e20b2319a4c82faea7d706240bf5f80c424500a7da992ee0d0cb2deff0e75d3927ef6d6d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 325deaa997145463bbd2371143721e19
SHA1 9c90e0cb9b460d134d4268b213167fe80b1a65a4
SHA256 ef1dd15242f4053638bdfc64b11232146db39c3cbc1faec1ae0494afe5c06bee
SHA512 9658006d8cf40765474da05fc4dc39f3323bb21f24f3ab5d1087b508d781e21364eec576208e04170264732cc7b81247b058f12216ec8840255578f0bae60278

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 22c01dfa84c1f958301ccf6004ee0743
SHA1 49f43ebd7f87c7cb8801f2cf12ab5e472ac64ff1
SHA256 15447f9f797cea128bf8c538cb4d919b9c0d0309b3df546ab57a7eaea982318c
SHA512 cfd61138eee33e206b960ce6e0b85afaabc956d7cd9d233e607bec6558ec48da754b550015b609130bbda0426e6ea43d0090f496f0193c5b7e201cd29a25f0d0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 22778707feae9537bc0fd76028622494
SHA1 1eef08bda75c3844bdfc257ea3f4ef4ebe889973
SHA256 733d4550b4a750039854b7f9d25f5bf44713f098fcaef14c9791701b4887cbd5
SHA512 46d19f3f0e19a779c53db4e7b41257e2594682e89a032a54251fda6847522cdf374e68147cd9f45dd46b3c4b0ce7b0dad5f8938eef92ce14cbf2c55dec7f97a9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8a99d958f3ff164cdce364e89c94c4db
SHA1 643fb9cd9fdaa2b168bea9490b65677f9e628721
SHA256 78b900a5eea5e3763d90b8450ee5f0c8ab7c2c1a8e5adc28d0b89dd5e3a4dc57
SHA512 3861a5f0111d91dda1d55e5822eac8c3262e8c0ea0350e4d69a6b50ea4ac374a8758d17ce834842cdf4329d991024b83e2894f91f7f51d5644dfae9ade84a8de

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 78aa76f3fac03c6e58c62c395040c903
SHA1 6bdb7e81d3e1c74ed684c2dadf6dcfcf0836eab5
SHA256 755f11a0485b4ed171398f9db26605256a68bd7835a22a9749a078574a859ab0
SHA512 d0f1a9bf963631ab35a2d4767bb3f0d4796ebf24a1abdfa5a788a5a64f83c673f3ab0775cb922cfa7641e134b02c8fde154b00c189b3566c7d98c1c840bd88dc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 321e1107df8b8351f48c07adeef87ab2
SHA1 11c92bc22d4c02e6a19cb88b86d92aa657c05a6f
SHA256 ac40e277e540cf58e1c6c46f8b5fef0fd3339bfbf92a14221f7afe4aef51a77a
SHA512 76fff80971bf4a241f49211a2443c0797e5a41a7d90cc13b5a420ae68b05022bd93a6ba223160fc540e291739f9ece38d53fdc155e62115172289534d047bb96

memory/2916-2232-0x0000000071720000-0x0000000071E0E000-memory.dmp

\Windows\debug\CHLogOn.exe

MD5 9ca586ddfc5a57ce57ce626f207e1eb6
SHA1 1c87f85c2ffca02f99bca7d8aafcb342ae2ad7ee
SHA256 21684746e7e1540020be0392fb5b05c66a5b06f53671702d175d259144e6a002
SHA512 708f6d00bb8a46ce78c9db6fb4af1288a8ee7bd0e52a0384a18f3a77c72d61888030c5f3454658baf120886823fb1c3f8bd7988b7009631dc89e1ccc62b5e2bf

C:\Users\Admin\AppData\Local\Temp\C9E.tmp\C9F.tmp\CA0.bat

MD5 7f742118852893437bb5785d5ee7e73c
SHA1 aa1ded32065885ffbd8df69034106747c0cf812f
SHA256 9c348976c62fbb4c9cb6c9fbf3f9971b3d57a293f27a32a95bc7c051e392c2d4
SHA512 abd874873dd8e0c1dde285aa7f403405990e0f6d1f08c32f0519bb4cd744f5232f80fc542a793f896fe450158e237da233f0ae3fab9cd6ef74eb3fb8f81b7658

C:\Windows\debug\BG.jpg

MD5 da3abafe35393a02cfb59c057a456a43
SHA1 8f38b57d8716f8bfe96c652a442bb6684ad1c577
SHA256 d82c51b9ce2448f4229f8bbceaad0a166531e5a50572925c00716307309037c1
SHA512 71a79917123287e6fa4df02e0fecb70fbcb0069fb71a36c4c231952a0bd1195482c457918822df002fcb14139639387b138c4e93e1bc1f069ed9c946436288ed

\Windows\debug\wcmd.exe

MD5 d90879c6015e4a04c0941f5cbe263e62
SHA1 0da175415fe367f814524a0b406cf2b666aa7e9f
SHA256 3c21a2f3c4bdfedd641b834d87d927760621ff8a267255a2029c5215f2286967
SHA512 1ac57863d7d92abddf14d52d9d243ae39b48fa68ef091cf193678805e061061fd58e0734c488252a33915e73548a5475ecb48f3f7674150f5229eff6a974e68b

memory/2916-2281-0x0000000071720000-0x0000000071E0E000-memory.dmp

memory/2916-2287-0x0000000071720000-0x0000000071E0E000-memory.dmp