654a286d076e81869399959d8700c68883300e07ef5f8ad7ef4f38ee15b02221

Resubmissions

17/12/2023, 10:14

231217-l96cjsebfp 8

05/11/2023, 05:36

05/11/2023, 05:32

05/11/2023, 05:30

05/11/2023, 05:28

Analysis

max time kernel
57s
max time network
92s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
05/11/2023, 05:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cgsetup_en_52vCnuXs6nskn3wQwksK.exe
Size

119KB
MD5

92afa514c40cbcfab9380561b127f657
SHA1

eea59b3b1ba3ec27d80968aec0642956647dc047
SHA256

654a286d076e81869399959d8700c68883300e07ef5f8ad7ef4f38ee15b02221
SHA512

adff54cfc926474012e8ea02a7a76dec486f299142ddb643d636250d9e69bffb902d252956fd4a82e0b395de2a470e201f9d1f10a60384563121be0b6ae78da6
SSDEEP

3072:3SojD9bzGtzJShh8N7q5AdYGgbVileLxBp/B6:CojxOzPtq5di0L3FB6

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Control Panel\International\Geo\Nation	cgsetup_en_52vCnuXs6nskn3wQwksK.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Control Panel\International\Geo\Nation	tmpB91E.tmp.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Control Panel\International\Geo\Nation	Dashboard.exe

Executes dropped EXE 8 IoCs

pid	Process
3084	tmpB91E.tmp.exe
1240	Dashboard.exe
2188	Dashboard.Service.exe
3624	Dashboard.Service.exe
2344	wyUpdate.exe
4428	tap-windows-9.21.2.exe
4800	tapinstall.exe
1488	tapinstall.exe

Loads dropped DLL 7 IoCs

pid	Process
4428	tap-windows-9.21.2.exe
4428	tap-windows-9.21.2.exe
4428	tap-windows-9.21.2.exe
4428	tap-windows-9.21.2.exe
4428	tap-windows-9.21.2.exe
4428	tap-windows-9.21.2.exe
4428	tap-windows-9.21.2.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 23 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D	wyUpdate.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{facb7cc4-14bc-484f-bde5-7a2e133b09f7}\SET73A6.tmp	DrvInst.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_93702E680A5530C052C8D2BA33A2225F	Dashboard.Service.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\18E6B4A57A6BC7EC9B861CDF2D6D0D02_C3B142D2C5374581DC2FDFFDEDBDEDDB	Dashboard.Service.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AEACCDA8653DD8D7B2EA32F21D15D44F_46E4040B4A28D439FBFA7E9FC642442C	Dashboard.Service.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AEACCDA8653DD8D7B2EA32F21D15D44F_46E4040B4A28D439FBFA7E9FC642442C	Dashboard.Service.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E	wyUpdate.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D	wyUpdate.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E	wyUpdate.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\908D6E8C00F147F66A3BDC489B360B37	wyUpdate.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\wyUpdate.exe.log	wyUpdate.exe
File created	C:\Windows\System32\DriverStore\Temp\{facb7cc4-14bc-484f-bde5-7a2e133b09f7}\SET7385.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{facb7cc4-14bc-484f-bde5-7a2e133b09f7}\SET73A5.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{facb7cc4-14bc-484f-bde5-7a2e133b09f7}\tap0901.sys	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{facb7cc4-14bc-484f-bde5-7a2e133b09f7}\SET73A6.tmp	DrvInst.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Temp\KAPE\Update\a406c60b-a55e-457e-a909-208e785fc00d\bb2e7f9d-feb8-46c3-83cb-c61136219ff0.zip	tmpB91E.tmp.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_93702E680A5530C052C8D2BA33A2225F	Dashboard.Service.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\18E6B4A57A6BC7EC9B861CDF2D6D0D02_C3B142D2C5374581DC2FDFFDEDBDEDDB	Dashboard.Service.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\908D6E8C00F147F66A3BDC489B360B37	wyUpdate.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{facb7cc4-14bc-484f-bde5-7a2e133b09f7}\SET7385.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{facb7cc4-14bc-484f-bde5-7a2e133b09f7}\SET73A5.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{facb7cc4-14bc-484f-bde5-7a2e133b09f7}\oemvista.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{facb7cc4-14bc-484f-bde5-7a2e133b09f7}\tap0901.cat	DrvInst.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\CyberGhost 8\Data\Assets\CyberGhost\Licenses\WireGuard.txt	tmpB91E.tmp.exe
File created	C:\Program Files\CyberGhost 8\Applications\AntiVirus\AntiVirus.Core.dll	tmpB91E.tmp.exe
File created	C:\Program Files\CyberGhost 8\Applications\VPN\Data\Tools\mtr.exe	tmpB91E.tmp.exe
File created	C:\Program Files\CyberGhost 8\Data\Assets\CyberGhost\Ghosties\[email protected]	tmpB91E.tmp.exe
File created	C:\Program Files\CyberGhost 8\Data\Assets\Default\Flags\64\DG.png	tmpB91E.tmp.exe
File created	C:\Program Files\CyberGhost 8\Data\Assets\Default\Flags\64\SH.png	tmpB91E.tmp.exe
File created	C:\Program Files\CyberGhost 8\Applications\VPN\Data\Assets\Default\Flags\64\BT.png	tmpB91E.tmp.exe
File created	C:\Program Files\CyberGhost 8\Applications\VPN\Microsoft.Bcl.AsyncInterfaces.dll	tmpB91E.tmp.exe
File created	C:\Program Files\CyberGhost 8\Applications\PrivacyGuard\pt\PrivacyGuard.resources.dll	tmpB91E.tmp.exe
File created	C:\Program Files\CyberGhost 8\Data\Assets\CyberGhost\Flags\64\AA_black.png	tmpB91E.tmp.exe
File created	C:\Program Files\CyberGhost 8\Data\Assets\Default\Flags\64\GL.png	tmpB91E.tmp.exe
File created	C:\Program Files\CyberGhost 8\Data\Assets\Default\Flags\64\UM.png	tmpB91E.tmp.exe
File created	C:\Program Files\CyberGhost 8\Applications\VPN\Data\Assets\Default\Flags\64\TD.png	tmpB91E.tmp.exe
File created	C:\Program Files\CyberGhost 8\Applications\PrivacyGuard\System.Text.Encoding.CodePages.dll	tmpB91E.tmp.exe
File created	C:\Program Files\CyberGhost 8\Applications\Updater\Serilog.Formatting.Compact.dll	tmpB91E.tmp.exe
File created	C:\Program Files\CyberGhost 8\Data\Assets\CyberGhost\Ghosties\ghostie_worldwide.svg	tmpB91E.tmp.exe
File created	C:\Program Files\CyberGhost 8\Data\Assets\Default\Flags\64\DJ.png	tmpB91E.tmp.exe
File created	C:\Program Files\CyberGhost 8\Data\Assets\Default\Flags\64\BN.png	tmpB91E.tmp.exe
File created	C:\Program Files\CyberGhost 8\Data\Assets\Default\Flags\64\MW.png	tmpB91E.tmp.exe
File created	C:\Program Files\CyberGhost 8\Applications\PrivacyGuard\Data\Assets\Default\Logos\privacyguardYellow.svg	tmpB91E.tmp.exe
File created	C:\Program Files\CyberGhost 8\Applications\AntiVirus\Serilog.Formatting.Compact.Reader.dll	tmpB91E.tmp.exe
File created	C:\Program Files\CyberGhost 8\Applications\Updater\Svg2Xaml.dll	tmpB91E.tmp.exe
File created	C:\Program Files\CyberGhost 8\Data\Assets\CyberGhost\Logos\[email protected]	tmpB91E.tmp.exe
File created	C:\Program Files\CyberGhost 8\Data\Assets\Default\Flags\64\AW.png	tmpB91E.tmp.exe
File created	C:\Program Files\CyberGhost 8\Data\Assets\Default\Flags\64\MA.png	tmpB91E.tmp.exe
File created	C:\Program Files\CyberGhost 8\Applications\VPN\Data\Assets\CyberGhost\Ghosties\ghostie_error_small.svg	tmpB91E.tmp.exe
File created	C:\Program Files\CyberGhost 8\Applications\VPN\Data\Assets\Default\Flags\64\AN.png	tmpB91E.tmp.exe
File created	C:\Program Files\CyberGhost 8\Applications\VPN\Data\Assets\Default\Flags\64\CG.png	tmpB91E.tmp.exe
File created	C:\Program Files\CyberGhost 8\Applications\AntiVirus\Microsoft.Bcl.HashCode.dll	tmpB91E.tmp.exe
File created	C:\Program Files\CyberGhost 8\Data\Assets\CyberGhost\Licenses\Resource.Embedder.txt	tmpB91E.tmp.exe
File created	C:\Program Files\CyberGhost 8\Applications\VPN\Data\Assets\Default\Flags\64\MC.png	tmpB91E.tmp.exe
File created	C:\Program Files\CyberGhost 8\Applications\AntiVirus\zh-Hant\Microsoft.Win32.TaskScheduler.resources.dll	tmpB91E.tmp.exe
File created	C:\Program Files\CyberGhost 8\Data\Assets\Default\Flags\64\SN.png	tmpB91E.tmp.exe
File created	C:\Program Files\CyberGhost 8\Applications\VPN\Data\Assets\Default\Flags\64\EA.png	tmpB91E.tmp.exe
File created	C:\Program Files\CyberGhost 8\Applications\VPN\Data\Assets\Default\Flags\64\HK.png	tmpB91E.tmp.exe
File created	C:\Program Files\TAP-Windows\bin\tapinstall.exe	tap-windows-9.21.2.exe
File created	C:\Program Files\CyberGhost 8\Applications\AntiVirus\LaunchDarkly.Logging.dll	tmpB91E.tmp.exe
File created	C:\Program Files\CyberGhost 8\Applications\VPN\LaunchDarkly.InternalSdk.dll	tmpB91E.tmp.exe
File created	C:\Program Files\CyberGhost 8\Applications\VPN\Data\Assets\Default\Flags\64\CV.png	tmpB91E.tmp.exe
File created	C:\Program Files\CyberGhost 8\Applications\PrivacyGuard\PrivacyGuard.dll.config	tmpB91E.tmp.exe
File created	C:\Program Files\CyberGhost 8\Applications\PrivacyGuard\es\PrivacyGuard.resources.dll	tmpB91E.tmp.exe
File created	C:\Program Files\CyberGhost 8\Data\Assets\CyberGhost\Ghosties\LogoError.svg	tmpB91E.tmp.exe
File created	C:\Program Files\CyberGhost 8\Data\Assets\CyberGhost\Licenses\Licenses.json	tmpB91E.tmp.exe
File created	C:\Program Files\CyberGhost 8\Data\Assets\Default\Flags\64\CW.png	tmpB91E.tmp.exe
File created	C:\Program Files\CyberGhost 8\Data\Assets\Default\Flags\64\GE.png	tmpB91E.tmp.exe
File created	C:\Program Files\CyberGhost 8\Data\Assets\Default\Flags\64\MK.png	tmpB91E.tmp.exe
File created	C:\Program Files\CyberGhost 8\Applications\VPN\Data\Assets\Default\Icons\ic_account.ico	tmpB91E.tmp.exe
File created	C:\Program Files\CyberGhost 8\System.Text.Encoding.CodePages.dll	tmpB91E.tmp.exe
File created	C:\Program Files\CyberGhost 8\Applications\VPN\System.Memory.dll	tmpB91E.tmp.exe
File created	C:\Program Files\CyberGhost 8\Applications\VPN\Data\Assets\Default\Flags\64\BY.png	tmpB91E.tmp.exe
File created	C:\Program Files\CyberGhost 8\Applications\VPN\Data\Assets\Default\Flags\64\HM.png	tmpB91E.tmp.exe
File created	C:\Program Files\CyberGhost 8\Applications\VPN\Data\Assets\Default\Flags\64\AX.png	tmpB91E.tmp.exe
File created	C:\Program Files\CyberGhost 8\Applications\VPN\Data\Assets\Default\Flags\64\BR.png	tmpB91E.tmp.exe
File created	C:\Program Files\CyberGhost 8\Applications\PrivacyGuard\tr\PrivacyGuard.resources.dll	tmpB91E.tmp.exe
File created	C:\Program Files\CyberGhost 8\Applications\VPN\Data\Assets\Default\Flags\64\HN.png	tmpB91E.tmp.exe
File created	C:\Program Files\CyberGhost 8\Applications\Updater\Castle.Core.dll	tmpB91E.tmp.exe
File created	C:\Program Files\CyberGhost 8\Applications\VPN\Data\OpenVPN\ca.crt	tmpB91E.tmp.exe
File created	C:\Program Files\CyberGhost 8\Data\Assets\CyberGhost\Licenses\System.Management.Automation.txt	tmpB91E.tmp.exe
File created	C:\Program Files\CyberGhost 8\Applications\VPN\Data\WireGuard\x64\wireguard.dll	tmpB91E.tmp.exe
File created	C:\Program Files\CyberGhost 8\Applications\AntiVirus\Serilog.Formatting.Compact.dll	tmpB91E.tmp.exe
File created	C:\Program Files\CyberGhost 8\Applications\AntiVirus\System.Collections.Immutable.dll	tmpB91E.tmp.exe
File created	C:\Program Files\CyberGhost 8\Applications\VPN\Data\Assets\Default\Flags\64\NG.png	tmpB91E.tmp.exe
File created	C:\Program Files\CyberGhost 8\Applications\VPN\Data\Assets\Default\Flags\64\WS.png	tmpB91E.tmp.exe
File created	C:\Program Files\CyberGhost 8\Data\Assets\Default\Flags\64\MU.png	tmpB91E.tmp.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\setupapi.dev.log	tapinstall.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	svchost.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 24 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	tapinstall.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	tapinstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	tapinstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	tapinstall.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	tapinstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	tapinstall.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	tapinstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	tapinstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	tapinstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	tapinstall.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	tapinstall.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	tapinstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	tapinstall.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	tapinstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	svchost.exe

Modifies Internet Explorer settings 1 TTPs 15 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING	Dashboard.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_CLIPCHILDREN_OPTIMIZATION	Dashboard.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_CLIPCHILDREN_OPTIMIZATION\Dashboard.exe = "1"	Dashboard.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_96DPI_PIXEL\Dashboard.exe = "1"	Dashboard.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS\Dashboard.exe = "1"	Dashboard.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_NINPUT_LEGACYMODE\Dashboard.exe = "0"	Dashboard.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_96DPI_PIXEL	Dashboard.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING\Dashboard.exe = "1"	Dashboard.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_NINPUT_LEGACYMODE	Dashboard.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT	Dashboard.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT\Dashboard.exe = "0"	Dashboard.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Dashboard.exe = "11000"	Dashboard.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS	Dashboard.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN	Dashboard.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Dashboard.exe = "0"	Dashboard.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	Dashboard.Service.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	Dashboard.Service.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	Dashboard.Service.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:"	wyUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPublisher\CTLs	Dashboard.Service.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	Dashboard.Service.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	Dashboard.Service.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	Dashboard.Service.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	Dashboard.Service.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	Dashboard.Service.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	Dashboard.Service.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	Dashboard.Service.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	Dashboard.Service.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	Dashboard.Service.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\CRLs	Dashboard.Service.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	Dashboard.Service.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	wyUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	Dashboard.Service.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	Dashboard.Service.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	Dashboard.Service.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	Dashboard.Service.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix	wyUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	Dashboard.Service.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	Dashboard.Service.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	Dashboard.Service.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	Dashboard.Service.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	Dashboard.Service.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	Dashboard.Service.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	Dashboard.Service.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPublisher	Dashboard.Service.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	Dashboard.Service.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	Dashboard.Service.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	Dashboard.Service.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	Dashboard.Service.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Certificates	Dashboard.Service.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates	Dashboard.Service.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	Dashboard.Service.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	Dashboard.Service.exe

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	cgsetup_en_52vCnuXs6nskn3wQwksK.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	cgsetup_en_52vCnuXs6nskn3wQwksK.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c0000000100000004000000000800001900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	cgsetup_en_52vCnuXs6nskn3wQwksK.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D89E3BD43D5D909B47A18977AA9D5CE36CEE184C	cgsetup_en_52vCnuXs6nskn3wQwksK.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D89E3BD43D5D909B47A18977AA9D5CE36CEE184C\Blob = 030000000100000014000000d89e3bd43d5d909b47a18977aa9d5ce36cee184c1400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb040000000100000010000000285ec909c4ab0d2d57f5086b225799aa0f000000010000003000000013baa039635f1c5292a8c2f36aae7e1d25c025202e9092f5b0f53f5f752dfa9c71b3d1b8d9a6358fcee6ec75622fabf9190000000100000010000000ea6089055218053dd01e37e1d806eedf5c0000000100000004000000001000001800000001000000100000002aa1c05e2ae606f198c2c5e937c97aa22000000001000000850500003082058130820469a00302010202103972443af922b751d7d36c10dd313595300d06092a864886f70d01010c0500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3139303331323030303030305a170d3238313233313233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a381f23081ef301f0603551d23041830168014a0110a233e96f107ece2af29ef82a57fd030a4b4301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010c05000382010100188751dc74213d9c8ae027b733d02eccecf0e6cb5e11de226f9b758e9e72fee4d6feaa1f9c962def034a7eaef48d6f723c433bc03febb8df5caaa9c6aef2fcd8eea37b43f686367c14e0cdf4f73ffedeb8b48af09196fefd43647efdccd201a17d7df81919c9422b13bf588bbaa4a266047688914e0c8914cea24dc932b3bae8141abc71f15bf0410b98000a220310e50cb1f9cd923719ed3bf1e43ab6f945132675afbbaaef3f7b773bd2c402913d1900d3175c39db3f7b180d45cd9385962f5ddf59164f3f51bdd545183fed4a8ee80661742316b50d50732744477f105d892a6b853114c4e8a96a4c80bc6a78cfb87f8e7672990c9dfed7910816a1a35f95	cgsetup_en_52vCnuXs6nskn3wQwksK.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3084	tmpB91E.tmp.exe
3084	tmpB91E.tmp.exe
3084	tmpB91E.tmp.exe
3084	tmpB91E.tmp.exe
3084	tmpB91E.tmp.exe
3084	tmpB91E.tmp.exe
3624	Dashboard.Service.exe
3624	Dashboard.Service.exe
3624	Dashboard.Service.exe
3624	Dashboard.Service.exe
3624	Dashboard.Service.exe
3624	Dashboard.Service.exe
3624	Dashboard.Service.exe
3624	Dashboard.Service.exe

Suspicious behavior: LoadsDriver 8 IoCs

pid	Process
636	Process not Found
636	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
636	Process not Found

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeDebugPrivilege	1680	cgsetup_en_52vCnuXs6nskn3wQwksK.exe
Token: SeDebugPrivilege	3084	tmpB91E.tmp.exe
Token: SeSecurityPrivilege	3084	tmpB91E.tmp.exe
Token: SeDebugPrivilege	1240	Dashboard.exe
Token: SeDebugPrivilege	3624	Dashboard.Service.exe
Token: SeDebugPrivilege	2344	wyUpdate.exe
Token: SeAuditPrivilege	2380	svchost.exe
Token: SeSecurityPrivilege	2380	svchost.exe

Suspicious use of WriteProcessMemory 19 IoCs

description	pid	Process	procid_target
PID 1680 wrote to memory of 3084	1680	cgsetup_en_52vCnuXs6nskn3wQwksK.exe	90
PID 1680 wrote to memory of 3084	1680	cgsetup_en_52vCnuXs6nskn3wQwksK.exe	90
PID 3084 wrote to memory of 1240	3084	tmpB91E.tmp.exe	101
PID 3084 wrote to memory of 1240	3084	tmpB91E.tmp.exe	101
PID 1240 wrote to memory of 2188	1240	Dashboard.exe	103
PID 1240 wrote to memory of 2188	1240	Dashboard.exe	103
PID 3624 wrote to memory of 2344	3624	Dashboard.Service.exe	105
PID 3624 wrote to memory of 2344	3624	Dashboard.Service.exe	105
PID 1240 wrote to memory of 4428	1240	Dashboard.exe	113
PID 1240 wrote to memory of 4428	1240	Dashboard.exe	113
PID 1240 wrote to memory of 4428	1240	Dashboard.exe	113
PID 4428 wrote to memory of 4800	4428	tap-windows-9.21.2.exe	115
PID 4428 wrote to memory of 4800	4428	tap-windows-9.21.2.exe	115
PID 4428 wrote to memory of 1488	4428	tap-windows-9.21.2.exe	117
PID 4428 wrote to memory of 1488	4428	tap-windows-9.21.2.exe	117
PID 2380 wrote to memory of 3524	2380	svchost.exe	121
PID 2380 wrote to memory of 3524	2380	svchost.exe	121
PID 3524 wrote to memory of 1144	3524	DrvInst.exe	122
PID 3524 wrote to memory of 1144	3524	DrvInst.exe	122

C:\Users\Admin\AppData\Local\Temp\cgsetup_en_52vCnuXs6nskn3wQwksK.exe
"C:\Users\Admin\AppData\Local\Temp\cgsetup_en_52vCnuXs6nskn3wQwksK.exe"
1⤵
- Checks computer location settings
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1680
- C:\Users\Admin\AppData\Local\Temp\tmpB91E.tmp.exe
  "C:\Users\Admin\AppData\Local\Temp\tmpB91E.tmp.exe" "C:\Users\Admin\AppData\Local\Temp\cgsetup_en_52vCnuXs6nskn3wQwksK.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Drops file in System32 directory
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:3084
- - C:\Program Files\CyberGhost 8\Dashboard.exe
    "C:\Program Files\CyberGhost 8\Dashboard.exe" /install
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Modifies Internet Explorer settings
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:1240
  - - C:\Program Files\CyberGhost 8\Dashboard.Service.exe
      "C:\Program Files\CyberGhost 8\Dashboard.Service.exe" --install
      4⤵
      Executes dropped EXE
      PID:2188
  - - C:\Program Files\CyberGhost 8\Applications\VPN\Data\OpenVPN\x64\tap-windows-9.21.2.exe
      "C:\Program Files\CyberGhost 8\Applications\VPN\Data\OpenVPN\x64\tap-windows-9.21.2.exe" /S
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in Program Files directory
      Suspicious use of WriteProcessMemory
      PID:4428
    - - C:\Program Files\TAP-Windows\bin\tapinstall.exe
        
        "C:\Program Files\TAP-Windows\bin\tapinstall.exe" hwids tap0901
        5⤵
        Executes dropped EXE
        Checks SCSI registry key(s)
        
        PID:4800
    - - C:\Program Files\TAP-Windows\bin\tapinstall.exe
        
        "C:\Program Files\TAP-Windows\bin\tapinstall.exe" install "C:\Program Files\TAP-Windows\driver\OemVista.inf" tap0901
        5⤵
        Executes dropped EXE
        Drops file in Windows directory
        Checks SCSI registry key(s)
        
        PID:1488

C:\Program Files\CyberGhost 8\Dashboard.Service.exe
"C:\Program Files\CyberGhost 8\Dashboard.Service.exe"
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3624
- C:\Program Files\CyberGhost 8\wyUpdate.exe
  "C:\Program Files\CyberGhost 8\wyUpdate.exe" /justcheck /quickcheck /noerr -server="https://download.cyberghostvpn.com/windows/updates/8/nt/wyserver.wys"
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Modifies data under HKEY_USERS
  - Suspicious use of AdjustPrivilegeToken
  PID:2344
- C:\Program Files\CyberGhost 8\Applications\VPN\Data\Tools\nvspbind.exe
  "C:\Program Files\CyberGhost 8\Applications\VPN\Data\Tools\nvspbind.exe" "Ethernet 2" /d *
  2⤵
  PID:5844
- C:\Windows\system32\netsh.exe
  "netsh" interface ip set address "Ethernet 2" static 169.254.123.43 255.255.0.0
  2⤵
  PID:5928
- C:\Windows\system32\netsh.exe
  "netsh" interface set interface "Ethernet 2" DISABLED
  2⤵
  PID:6032
- C:\Program Files\CyberGhost 8\Applications\VPN\Data\Tools\nvspbind.exe
  "C:\Program Files\CyberGhost 8\Applications\VPN\Data\Tools\nvspbind.exe" "Ethernet 2" /e ms_tcpip
  2⤵
  PID:5312
- C:\Program Files\CyberGhost 8\Applications\VPN\Data\Tools\nvspbind.exe
  "C:\Program Files\CyberGhost 8\Applications\VPN\Data\Tools\nvspbind.exe" "Ethernet 2" /e ms_tcpip6
  2⤵
  PID:1592
- C:\Windows\system32\netsh.exe
  "netsh" interface set interface "Ethernet 2" ENABLED
  2⤵
  PID:5484
- C:\Windows\system32\netsh.exe
  "netsh" interface ip set address "Ethernet 2" static 169.254.123.55 255.255.0.0
  2⤵
  PID:5748
- C:\Windows\system32\netsh.exe
  "netsh" interface ipv6 set teredo disable
  2⤵
  PID:5784

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
1⤵
PID:4348

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{461e9b20-6eeb-4a43-bfd5-27079ed21846}\oemvista.inf" "9" "4d14a44ff" "000000000000014C" "WinSta0\Default" "000000000000015C" "208" "c:\program files\tap-windows\driver"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Modifies data under HKEY_USERS
  - Suspicious use of WriteProcessMemory
  PID:3524
- - C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{5bc0ab3e-a0fd-974d-9451-b7e41d398bc8} Global\{5c9873e6-c531-fd4e-ae5e-3a85c79373bf} C:\Windows\System32\DriverStore\Temp\{facb7cc4-14bc-484f-bde5-7a2e133b09f7}\oemvista.inf C:\Windows\System32\DriverStore\Temp\{facb7cc4-14bc-484f-bde5-7a2e133b09f7}\tap0901.cat
    3⤵
    PID:1144
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "2" "211" "ROOT\NET\0000" "C:\Windows\INF\oem3.inf" "oem3.inf:3beb73aff103cc24:tap0901.ndi:9.0.0.21:tap0901," "4d14a44ff" "0000000000000178"
  2⤵
  PID:5448

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:5576

C:\Program Files\CyberGhost 8\Dashboard.exe
"C:\Program Files\CyberGhost 8\Dashboard.exe" /firststart
1⤵
PID:6064
- C:\Program Files\CyberGhost 8\Data\Cef\116.0.23\x64\CefSharp.BrowserSubprocess.exe
  "C:\Program Files\CyberGhost 8\Data\Cef\116.0.23\x64\CefSharp.BrowserSubprocess.exe" --type=gpu-process --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CyberGhost" --cefsharpexitsub --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Program Files\CyberGhost 8\debug.log" --mojo-platform-channel-handle=5984 --field-trial-handle=5184,i,1972587902758961050,3199076270832035045,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion /prefetch:2 --host-process-id=6064
  2⤵
  PID:3512
- C:\Program Files\CyberGhost 8\Data\Cef\116.0.23\x64\CefSharp.BrowserSubprocess.exe
  "C:\Program Files\CyberGhost 8\Data\Cef\116.0.23\x64\CefSharp.BrowserSubprocess.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\CyberGhost" --cefsharpexitsub --no-sandbox --log-file="C:\Program Files\CyberGhost 8\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=6696 --field-trial-handle=5184,i,1972587902758961050,3199076270832035045,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion --host-process-id=6064 /prefetch:1
  2⤵
  PID:5456
- C:\Program Files\CyberGhost 8\Data\Cef\116.0.23\x64\CefSharp.BrowserSubprocess.exe
  "C:\Program Files\CyberGhost 8\Data\Cef\116.0.23\x64\CefSharp.BrowserSubprocess.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\CyberGhost" --cefsharpexitsub --first-renderer-process --no-sandbox --log-file="C:\Program Files\CyberGhost 8\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=6692 --field-trial-handle=5184,i,1972587902758961050,3199076270832035045,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion --host-process-id=6064 /prefetch:1
  2⤵
  PID:1316
- C:\Program Files\CyberGhost 8\Data\Cef\116.0.23\x64\CefSharp.BrowserSubprocess.exe
  "C:\Program Files\CyberGhost 8\Data\Cef\116.0.23\x64\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CyberGhost" --cefsharpexitsub --log-file="C:\Program Files\CyberGhost 8\debug.log" --mojo-platform-channel-handle=6340 --field-trial-handle=5184,i,1972587902758961050,3199076270832035045,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion /prefetch:8 --host-process-id=6064
  2⤵
  PID:5780
- C:\Program Files\CyberGhost 8\Data\Cef\116.0.23\x64\CefSharp.BrowserSubprocess.exe
  "C:\Program Files\CyberGhost 8\Data\Cef\116.0.23\x64\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CyberGhost" --cefsharpexitsub --log-file="C:\Program Files\CyberGhost 8\debug.log" --mojo-platform-channel-handle=6308 --field-trial-handle=5184,i,1972587902758961050,3199076270832035045,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion /prefetch:8 --host-process-id=6064
  2⤵
  PID:5936

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s Netman
1⤵
PID:5284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\CyberGhost 8\Applications\AntiVirus\AntiVirus.Core.dll

Filesize
193KB

MD5
d44dce9908f4ee5d48e585a4f8fc7ce3

SHA1
ed419548c76faf0a0f9bd27b5aff3e29aea2088c

SHA256
2c24493033b04e7473521ca4d7be2d8b56f9e3fa98244d84e9bb9a13799ebcad

SHA512
0589b8067e1a166f33e7b9d0a157394e30ee3b08ad076d72477acf1942611d701152c7988b284cb1662956c85e31f3bac7589fd2810fded0e4f0ed86b975c3ce

Download Submit
C:\Program Files\CyberGhost 8\Applications\AntiVirus\AntiVirus.dll

Filesize
342KB

MD5
752c7b40011c32b6451e6a6016b9739a

SHA1
885888723a1f96827095fc101f5c3bd1b4aa977b

SHA256
c499f27e673380a3932108c2a5c8af0959b50afdc2bd4a8d5bf79270feccbce3

SHA512
8493d192007b1d01b7afddd21e208e1671edac30ca874289a2dab5526a6b9554f600048c58d42f2efb8facfefcbe9d1f2d70c05d55137e942e3b3f584c67dc12

Download Submit
C:\Program Files\CyberGhost 8\Applications\AntiVirus\Data\Assets\Default\Logos\antivirus.svg

Filesize
4KB

MD5
0bcd519bc47d8f289ba01fb8e37c1aa5

SHA1
d10057b61b65268f17162d135b6d67105fcf3d3d

SHA256
98b63c9fa091c300e73ce1369f010f4cdc43d24b8dc45a1ad7e00d212a49fab5

SHA512
f73cfe41c1f96cf8169c7641d47185f60fa469c9d89dd7d3ab5ddb44980c6c9ab397a81edf3c14de1f1ef7f3ac903ca2a672fda073f5abab5ebe432f653f0cba

Download Submit
C:\Program Files\CyberGhost 8\Applications\AntiVirus\de\AntiVirus.resources.dll

Filesize
46KB

MD5
36753e032b15fd32c8eaa8801eb7e724

SHA1
21651757f9af03869fed90cc7bd7a16a88a85369

SHA256
7232bc777a2e1f578b40dd7ea3bac2e4e3ba34468efbbb21e9fbf79fee6c7b05

SHA512
a8618f3ff52cde81ca82888993263724832a3153494ea6c65ea2ac015e7df748300be43163bd4683852439def9e94c39f58aee838e28e75854067f046add943d

Download Submit
C:\Program Files\CyberGhost 8\Applications\AntiVirus\es\AntiVirus.resources.dll

Filesize
45KB

MD5
5ebb7ebcdd3e5043e7acd07570a338f6

SHA1
9e7a4d4715c25573370c3368183c7998bd0e587c

SHA256
6bcaddf6dcd0cace4a122a58e753ed3b42b9cfaa22ffa094c647d41420b8e78f

SHA512
f471bbfb2e4dce4e2476ddf3cc0d07fb8e76f94b2c365e60e368fdb94024fbb324a5191b25f9037606c940e6159bd0cc6dc796035ef67a908fc2d59522bcf95f

Download Submit
C:\Program Files\CyberGhost 8\Applications\AntiVirus\fr\AntiVirus.resources.dll

Filesize
46KB

MD5
49a9fe16381c9332db31014df982fe1b

SHA1
b19707330f015ac697d8ccfafa6402d8fda011ef

SHA256
b7ddb7fddd803b57ba5a99d4b7248a3efb327b362b189b21e29020ab3aba4b54

SHA512
90ca0aa9317554a9d6e0fdd517d4484a7580a932c76f0f4d1d0f62d53fb839630b8085d7dafb0ac9d8ef36e8e2f673a859a13e43da878ebe219a37a5ad33ccf9

Download Submit
C:\Program Files\CyberGhost 8\Applications\AntiVirus\it\AntiVirus.resources.dll

Filesize
44KB

MD5
414c43de9cad2e666f978d8c15959470

SHA1
aa74becfb1073f5fb026c93a629a3ef3f9e0e0b8

SHA256
730186cd5f90fc47f70601a9edcd6ecbef764805434b35657ce05acb55ec45de

SHA512
64ef0ad17f46904dd5522ad5938efe0120756904c72d6f9bbfc67e01f09d945a3cc5724125d6f36a639591470315d06399455bb5e50d854c912249b75249618a

Download Submit
C:\Program Files\CyberGhost 8\Applications\AntiVirus\ko\AntiVirus.resources.dll

Filesize
46KB

MD5
a49d622f18b3ea371bcce55faa95daf4

SHA1
c00b3ea851a08b7c1e0a13a3ffdf10d09e842fbf

SHA256
89a2ac6dc49ddd4952c2b5c9d189042eeaa7b561ebbbaa5ab9cd5aa3af538f77

SHA512
898a99582a5df469ffbe3a7de10e46bc8f7f0caefe254f1ec5111e51dc02daafd1844143515d7f61f8da95c97109eb18673af7ea7469559c77dbc56c019ed760

Download Submit
C:\Program Files\CyberGhost 8\Applications\AntiVirus\pl\AntiVirus.resources.dll

Filesize
46KB

MD5
dab1551d0bbc82cff9d57e25f342587e

SHA1
adb2b24bf16ebb1839d91ec5f5d06b0bdfdab5de

SHA256
f4a284bb0b1109f2cefadb0129a140de10e507866e9d522ac6c26c3cb03595aa

SHA512
1e72fe9a1eeee269aa98bb9581651476e5bc558b288ed39ba18b921b7acd358b5f56e017cff48f9c82de89de90562957a9238aef1cdc3504b4e84d1df723f6d6

Download Submit
C:\Program Files\CyberGhost 8\Applications\AntiVirus\pt\AntiVirus.resources.dll

Filesize
45KB

MD5
5d4f1276d1e2b8b9e479c6f152813406

SHA1
7ae4ee58cfd976225dd3947bcd254abc6eeb46cf

SHA256
797aae134b184d9c7f2368c0bf5cfe786e8f04627f0851f6843cd39caabf7952

SHA512
9f775ed072efea95ec6fec32e0c28315f041cf9151e66961a29aabdcc53e7831b7b17d08e6d8eb11641757473c67f8e7895013e4ac8c532173b0835625e3bc8c

Download Submit
C:\Program Files\CyberGhost 8\Applications\AntiVirus\ro\AntiVirus.resources.dll

Filesize
46KB

MD5
47795e98cc375a9181ff7e7fe90231ab

SHA1
c96c8869b4b46ba9274cacdce5d99ca4303c7282

SHA256
61f307b099612634c5b3f26e65fbfda305f4ffefa260063f082bbb6fef47d17c

SHA512
dae33291977ed5ab49de934883bb25ebab0983f012dfd45227d68f77e974d014b9baf1ac057d5c1c87e86d6d7db44a82c5eeb80eb1c4c7213cbd0e5b3e062582

Download Submit
C:\Program Files\CyberGhost 8\Applications\AntiVirus\ru\AntiVirus.resources.dll

Filesize
53KB

MD5
4b18fc7ef23ded034a7dec37283873d8

SHA1
1fe4cdcd09301659b62072d6687ac207d2a433bd

SHA256
003f8efff0edf362b6baa73ac7601987e6d1e793c9ec4780e8b7eade6d354659

SHA512
a52e20272419d3a7703e8eb529311fa6b80b28e5091cab16304b9ffd2166ea7ff12e45ae1136f97f657cbdd02a1acff6bfce094ec332f533efad36651adcbf43

Download Submit
C:\Program Files\CyberGhost 8\Applications\PrivacyGuard\PrivacyGuard.dll

Filesize
720KB

MD5
c34a970c6d2c97cf9e4815fd138986b8

SHA1
4866856ed715b9c3633c45a4fde8acbf6ebb90ae

SHA256
538ce8b10112b5c13029665a7c1531cbb97b1d7994b3c04c8ec1344497c652ea

SHA512
cf21d77acdc750314f60e1b3e9df076aebbab9df113885e8f633ce469c9e710b6ca4ee96ff5354131a212473b3b1a637107da9d8e5f14c6cecbc710a97f03d85

Download Submit
C:\Program Files\CyberGhost 8\Applications\PrivacyGuard\de\PrivacyGuard.resources.dll

Filesize
96KB

MD5
aa98962d2a9b3c76ad9b9454668634bb

SHA1
90f42e0e5d91cab471fa3ad7c3b332a4a676ff0e

SHA256
c4ab61ec5ca64ee28119b2d82735f173e01721d3b08c41df867b3ad89b3b5047

SHA512
ee94e00660e4b19dd6354dedb26cf7a43f7a14407939506031ea074b0550bb0c7ced2bc76ebc9581fe46129bbada0093501c417f3b805e1eb96c55c42ba2cde5

Download Submit
C:\Program Files\CyberGhost 8\Applications\Updater\Updater.Core.dll

Filesize
116KB

MD5
04894b201274b7226d289b94dac1b1bb

SHA1
c8372cfc900248dcfdcb13b7bf01382909eeb9df

SHA256
a365e72d3e23268c791194f45dc8165a80022bd456fa00ec5344ced212dbb3ca

SHA512
b2aed6ba2f0edc94d1e56c34f822ec36679fad3022bcc1488bf2ce2028a14fb9742fd06ead862dd0cf9e97e37a1af51d9fe36e2892f8ad12451ae2c50bcfda93

Download Submit
C:\Program Files\CyberGhost 8\Applications\Updater\Updater.dll

Filesize
165KB

MD5
08d9b739b4822cd3d76e9b6db3f30c92

SHA1
4c7eb590bc96e32386f5c0d873247c411178fd98

SHA256
3bc6113e7873b096dd0f1c20bea23cfe839ab0e21fa8398bd7168ab974d771a3

SHA512
14a116f9422d481c39dd8ae613dfb04b268cb1f68a38356bf859128e0a207e6b7b86a50276e35f52131ce82fd8ea2a76f9a83543f2093ee51051339af3d96be3

Download Submit
C:\Program Files\CyberGhost 8\Applications\VPN\CyberGhost.VPN.dll

Filesize
788KB

MD5
7685be063a3eee08f564df90ad742f6b

SHA1
fff28d4758573367d33359541af8242c82a2dc4f

SHA256
3c7a989608de8826a67d148788cf403ec83c0a97f082579e337e3905f62356ba

SHA512
355606887e5a4bd9daef086aa048def6c400d2c3abd73fd054f2e9cd34d000abf8e30c1cd5fd04f09de042daaa6987f23906e8172fdfa2ac7eb925c02be4b195

Download Submit
C:\Program Files\CyberGhost 8\Applications\VPN\CyberGhost.VPNServices.dll

Filesize
139KB

MD5
85b868bbb88800f7b0657354afc34169

SHA1
47dfcbb8ac0138551e70af9a5c1b94aec0ab50d7

SHA256
d79f5565d3fd88700faa6e252c1b9dc2fb45b47120506d2da1f9be84f5f624a6

SHA512
cca94944090af3b421ee10941079ae1ef300d35c2b2c85324536c8db1c2319a0b01344622c9331c2ae051e6e3c6d1cf3340dff74768056eed77df5fc7dc03a37

Download Submit
C:\Program Files\CyberGhost 8\Applications\VPN\Data\Assets\Default\Flags\64\CP.png

Filesize
136B

MD5
30bea326e5024b6a9b0136a000403d75

SHA1
0b6e65e87f670af6fbc4a28171aedf4db4daa0a5

SHA256
e58c331133d8f780738133e2aa966c8bcb5b17a07c860a990bc401afd6382e1a

SHA512
43362cef837497bc264a46dd70a67c3129d854cf7a9866bee4a33a4f62acb833ba96b4720441c6d6db56301c9b49f8c29f1465363b5c057ec6e16a213f06caac

Download Submit
C:\Program Files\CyberGhost 8\Applications\VPN\Data\Assets\Default\Flags\64\FR.png

Filesize
114B

MD5
42c4c4ecb4448888421a7c1180b4cd08

SHA1
bb515751cc2f7616fe41929d2577fc965c69b51a

SHA256
1ef1946b6e352f2d5a4b003367b968374d6af122c5b645c6b4d9577645fb819d

SHA512
0e8d4b1c124b86d696e979d9b3aae007c80258672202f66fe3d2ea72e64d205f8dace52333d6749feab74abbd090173f6811490e9b09c3a06682f58b14e5fcbf

Download Submit
C:\Program Files\CyberGhost 8\Castle.Core.dll

Filesize
425KB

MD5
5d97c75774cfe0177f486a569d33f9d3

SHA1
30202a1b2caf2fe51155667d38c988422adf677e

SHA256
9aa2dea98874e69e32001eabf6b6eaa1f0149c74e66d0a3f7df70fddefb38937

SHA512
d61f19291dbc57e6982d45c21f2caf54052640fbaf3b791d4901a9deeac8896e167b31c8ec1ed379ecf5bededc17852b792c531d73cac72b26b8684ff9462e78

Download Submit
C:\Program Files\CyberGhost 8\Castle.Windsor.dll

Filesize
356KB

MD5
7e0cb5563172582407f61d4bcdd50444

SHA1
18cd2a960ff9320782719967cdf6b6246c5d0579

SHA256
18eeb881eb59f9a74a485a78ff5f1a7777532b69f06b1a8e128f8181d4f45812

SHA512
ddfc4c80a0465569454c16b6f4f48e311becb82f7c82f6ab302715dcd527b3096a7b0fd33f9719b7f54d5230f71ae542264008656f4f580dc4dff610c8c46aee

Download Submit
C:\Program Files\CyberGhost 8\CyberGhost.Browser.dll

Filesize
56KB

MD5
436990f092aa41cf15f4a31f324cfa22

SHA1
bb1dd205ce4ac7f09eceda81142b31c8c20061ef

SHA256
4aa33a05f0ce5037fbae080290981e00934a7578d5025c25b564f2cd3ea77a4d

SHA512
7a8db8327917357c8fe3f73c2254d209029dc5508100c18a55cc2efa5bbaafaa17c0c83d6e7ab7e798a2cc18fdbedfdac6beb8b3dc58e9aa73770a2255958057

Download Submit
C:\Program Files\CyberGhost 8\CyberGhost.Controls.dll

Filesize
629KB

MD5
2265f33ae76ff97a680e8b5794c48e29

SHA1
36bad34195ae65bb84fb3f596565a2fbf503c64d

SHA256
86ae122baa4be1d94e885147b8eb7f66d47afab0749c18fc3631dcee2e47a6b0

SHA512
5cbfbbe945eb624111bd9080b21d9b7c17f404fa739327d1c27c59038673a112c6c10adaa5f0385018e568cb31639759634dec6da382e4c9d6b556c616ed2d23

Download Submit
C:\Program Files\CyberGhost 8\Dashboard.Contracts.dll

Filesize
207KB

MD5
1c6da69f1c8abdfeba282dc37ae3228a

SHA1
aede0e8699910b9b6a2d3a5862a1723187ae8355

SHA256
7c017681b3a8d6f6d35df71655b1ed2213fd9c138c03c50ffb453e820eaf02bd

SHA512
a088567da712fa33ad8a8b9b5808b44167eedbea1004a73efbbf98d1a16fd0ce1f7a91b2148487504397a7532dfadccb1ba3a916a789162477f10adcff50f16d

Download Submit
C:\Program Files\CyberGhost 8\Dashboard.Core.dll

Filesize
200KB

MD5
470c86e19823ad626df54efe29bba081

SHA1
53094db2f48f1a3c51119277a9728075026f9c04

SHA256
ec37e243c3f0cc5f83115dc0820bdb62940eddf068e63db976305ee7dadb5eab

SHA512
8440e1f0cc8ff8a41ad1e272bf525e66e0828926a0a1bd9c02a60939c33b661d4588329a77a94cce18df97ee64bf6cf1245d97172ecab20dbeb3f2b545356ce4

Download Submit
C:\Program Files\CyberGhost 8\Dashboard.MPAHelper.dll

Filesize
157KB

MD5
3ff43034053abe048a0d8ebfea9e79de

SHA1
099f7cea5626b28d578dcaba9ed6481257c3c569

SHA256
09f38df639d9a5d6dea170a1c71a4c2b0f54b12f58ea2eb156aa375ef1063b4d

SHA512
938b242864ad8882e4d945dc627e1a1c2d83ab95cd667ac17cdf123d5644865d29394abf902a1fade172172b119ff3d00971112e480b06ef4613de903008d65c

Download Submit
C:\Program Files\CyberGhost 8\Dashboard.Pipes.dll

Filesize
31KB

MD5
47f3ae1dad08b41b1a96e0bf84bb6d25

SHA1
907506dadcda3295e8d0de5b4efbff898c77b174

SHA256
2d9e90481d5545a30a2681db13d590e94cd79344848cdb9e5345c4e76951f8b2

SHA512
cbf378ef8e2646a2e24d93f3cde61a6fbe654168a9de1d7b5e4a2711f741e3a552adcbd600d443c2463bc28afaf79e2619dc3ce5f406af3ab2559d5417c39ce9

Download Submit
C:\Program Files\CyberGhost 8\Dashboard.Service.InstallLog

Filesize
439B

MD5
7f45be626acd834af4bc05aec26a70b7

SHA1
e4595250912835dc7c92fa0a09b62e03eba7b9a3

SHA256
9dcc45001296eb80ac59c4291839a9bed4910bfe818751cdd73ba998c35bf0bd

SHA512
3d693476a0eef6cc6f493443dd320cc16db8858844f4332d2388df55860d3ae0c8e685563f2b6c6533cb25019b90df5645136f50eb783a0a654cf3e5ec00cdc2

Download Submit
C:\Program Files\CyberGhost 8\Dashboard.Service.InstallLog

Filesize
705B

MD5
93db14a63444f0640443ef75ef8e0276

SHA1
93789457f75725d2af59d0ad214c65a1db9038df

SHA256
4f233323f8bd797a8f1a1f7b42fd59b7b2cb4e5b8ef5c6e94a8bf85020e8543e

SHA512
45f469c0f7cf7f016a6eee01251407a783f1f4845bf6596e4e54c73e7cc460e8827b701760a676c47e4d75cf12c65a5649123304f175f7803327e2fe84f6d549

Download Submit
C:\Program Files\CyberGhost 8\Dashboard.Service.exe

Filesize
70KB

MD5
0c65854af6ce4163b83eca4a6b6f11b1

SHA1
d10ce5e187fb727d564511a7c2e7cf7152ac9830

SHA256
3490daa87390b7357fc89e9cb4f89e246d9384b5046b8e4195b59edc1b4774e3

SHA512
c0ecd4c7dfc93516d6465af597b2a19c9415bce5979cb3fa8ddd517b8a0094a43adf72c0f5dc07b837482909c1b3a3ebb95eb082494a90fcbc6fe0fde62b78bb

Download Submit
C:\Program Files\CyberGhost 8\Dashboard.Service.exe

Filesize
70KB

MD5
0c65854af6ce4163b83eca4a6b6f11b1

SHA1
d10ce5e187fb727d564511a7c2e7cf7152ac9830

SHA256
3490daa87390b7357fc89e9cb4f89e246d9384b5046b8e4195b59edc1b4774e3

SHA512
c0ecd4c7dfc93516d6465af597b2a19c9415bce5979cb3fa8ddd517b8a0094a43adf72c0f5dc07b837482909c1b3a3ebb95eb082494a90fcbc6fe0fde62b78bb

Download Submit
C:\Program Files\CyberGhost 8\Dashboard.Service.exe

Filesize
70KB

MD5
0c65854af6ce4163b83eca4a6b6f11b1

SHA1
d10ce5e187fb727d564511a7c2e7cf7152ac9830

SHA256
3490daa87390b7357fc89e9cb4f89e246d9384b5046b8e4195b59edc1b4774e3

SHA512
c0ecd4c7dfc93516d6465af597b2a19c9415bce5979cb3fa8ddd517b8a0094a43adf72c0f5dc07b837482909c1b3a3ebb95eb082494a90fcbc6fe0fde62b78bb

Download Submit
C:\Program Files\CyberGhost 8\Dashboard.Service.exe.config

Filesize
3KB

MD5
594b609d1b0b91f92ed36f59bf431555

SHA1
ab5a419d98f2d3abfa602513bc1f43615932c1fc

SHA256
478004e9145ef9db15781ce66a4334c76347cab3da033e1be8831bd4bedd484e

SHA512
8efb48c17461df3bc765889ff9bfa6a85a325e285119aad76dc4abd2320b9d25bb8453a254aa0f20a76a4029087eafbfb9e61b56d8d8a66fee02b8eb1a862b12

Download Submit
C:\Program Files\CyberGhost 8\Dashboard.exe

Filesize
1.3MB

MD5
5644dad29341ea97cea10ae623b2714d

SHA1
99ddd99f8d396fac56dd5f308d8739cda6fe0e7b

SHA256
c07973f1217df8612b8dc7b3a08ce76015057fd1e07aa8b5e05ca3536c4bac07

SHA512
85419d4c84c15cebc7d34be9bfda5a962c0bbf18e8a0f69493a9a7f3c33b55f9c2e89b84e38f58f01f7871dfa91a13ecb8b12a2504f28d0d0a013f6a4d282cd1

Download Submit
C:\Program Files\CyberGhost 8\Dashboard.exe

Filesize
1.3MB

MD5
5644dad29341ea97cea10ae623b2714d

SHA1
99ddd99f8d396fac56dd5f308d8739cda6fe0e7b

SHA256
c07973f1217df8612b8dc7b3a08ce76015057fd1e07aa8b5e05ca3536c4bac07

SHA512
85419d4c84c15cebc7d34be9bfda5a962c0bbf18e8a0f69493a9a7f3c33b55f9c2e89b84e38f58f01f7871dfa91a13ecb8b12a2504f28d0d0a013f6a4d282cd1

Download Submit
C:\Program Files\CyberGhost 8\Dashboard.exe

Filesize
1.3MB

MD5
5644dad29341ea97cea10ae623b2714d

SHA1
99ddd99f8d396fac56dd5f308d8739cda6fe0e7b

SHA256
c07973f1217df8612b8dc7b3a08ce76015057fd1e07aa8b5e05ca3536c4bac07

SHA512
85419d4c84c15cebc7d34be9bfda5a962c0bbf18e8a0f69493a9a7f3c33b55f9c2e89b84e38f58f01f7871dfa91a13ecb8b12a2504f28d0d0a013f6a4d282cd1

Download Submit
C:\Program Files\CyberGhost 8\Dashboard.exe.config

Filesize
3KB

MD5
dbad1342429edce620d2e96b1e44e179

SHA1
38ae22086e612f3b8f5e1f48d725799bebaa71c9

SHA256
0a44b47433ae1cfd272368b9bfc8e963aae80a833cf094a2a8136879c41cd1f1

SHA512
89965204168dc28556838d9cc392f2aa10eed06f60aeda0a3a189b34a01bb6c9236a63f01fba67093ba3f4f092677507f9dfeaa38fe039aec3368deb2ae9508f

Download Submit
C:\Program Files\CyberGhost 8\Microsoft.Bcl.AsyncInterfaces.dll

Filesize
23KB

MD5
6762407f5245118f1e12fdfaea91f66d

SHA1
cc7c2441d0ef702629a0c7494b3984811bdf81d2

SHA256
17e5fb5ae71d52dae6ada2937c442762fbd1617de0f73f35c3efee2c14d38bbb

SHA512
617105f30fe56907658dd0884921952a6e3832c46ccf38f7f2a22919eb64b9de9990ba8d180592906e260fdbd2e236d9cf9d773e9b279cf4d27c9fc9ad0bc4a5

Download Submit
C:\Program Files\CyberGhost 8\MobileConcepts45.dll

Filesize
593KB

MD5
2622dc2e1427d3fe11ebac05ce7c4ac7

SHA1
befb46ffde4b00440e912d748af07aa9b0c99b92

SHA256
2735d5a02e0e831dd2bde6b61bfee33bbf0ef343c22cd26679820c66e81b0614

SHA512
397516331b5056ec8b2b95d8c089944bda5ae8eba6bb8dfe7c45bbca18321f1f74d3a1108849058caf4c6ad1ff71dcacc40dcb37fde2d7d91675dab49d094a42

Download Submit
C:\Program Files\CyberGhost 8\Newtonsoft.Json.dll

Filesize
694KB

MD5
cf0f7e31b2fe18f57f499efce031376c

SHA1
7c47967c0131c8b48dafd9968e368cdd9fcf7bb8

SHA256
015a4db226023a1f14ab02ce4eee262ba4f499cc6bf0739bd2b2042dd1d4b88e

SHA512
58da40fd309692456b80b73bf1d82bfc4fedb52ca21336aeec79b6adf67620c307ff1daab1bfcb85f9842279186245f5c579f4abd289853b947e95c5532193c8

Download Submit
C:\Program Files\CyberGhost 8\Sentry.dll

Filesize
587KB

MD5
7807649ad5aaadcd888b9d1f36dc615e

SHA1
7feb8a50d1cb7875726fb0670953c5f98703e575

SHA256
a329a9734f52dd4c4937b54c043f5b42635aa8176e282dcb619fe4898ee797c3

SHA512
d7dc37405605f612139292c24b670a57e897cadc60dbcac76159e6cc8749f7726de4ccf6281767fd3248b0bb8407352ac27fff5fcb6d73a5a606b3ad22871c9c

Download Submit
C:\Program Files\CyberGhost 8\Serilog.Formatting.Compact.dll

Filesize
19KB

MD5
0ddd367aaeecc9a0e654501d12eb2def

SHA1
e3088c430d6e402263af44ec568356c4e078bf89

SHA256
37749a31253b8d26bf857401376798d37e8d1bac0e5b84712f23e1b4822aef5a

SHA512
37ca121b7fc66dd47d9d8f4eacb69d2f22f96d8a0644012ba2b4e36a5752506b58cf90df9d8178e6e1da8b832225c0976183fead86ee72832fe29e03e3894672

Download Submit
C:\Program Files\CyberGhost 8\Serilog.dll

Filesize
148KB

MD5
57ed2cd6b713c1089bb5d19ab5ccb1b8

SHA1
69a66c6dd5517008784d239d7b986b8eeef7c871

SHA256
8b4f89a5ce4022854bdce878931089342024817091e7bee9e38f540ee4c722fb

SHA512
741f7ef616c58b00499b8e205d2008736911b96f197b11cef9f351245523880b1cab57e571d2e50415f9973debf4a7c89aa0c0e6e71054603a0363dcf1ab620f

Download Submit
C:\Program Files\CyberGhost 8\Svg2Xaml.dll

Filesize
70KB

MD5
dd91610aa62cfd039c0091c45d967dd1

SHA1
d779fd0048366fe5b6c560ec6371bd8753f8935a

SHA256
dd9a279f046550c9d2f26635045527e550e0aa078bd0866e90a1929496481639

SHA512
59ebc7ad0f38927e9159c23473ca3e8f06a675f43ead11c9499c80460937e6f33bbee795237f7cb471a9c14ab6f63fc6fd552171d3c401c99fbb17247ac3687c

Download Submit
C:\Program Files\CyberGhost 8\System.Threading.Tasks.Extensions.dll

Filesize
27KB

MD5
c1cb0af821e15a717a7291b02dc858cd

SHA1
0c05b57dd23515dc51b0d15875b2362ceb056414

SHA256
7c30ec3a5c1a65c973531693d287b1e461ed539d4fd96ae3eb515f7f0ca4944d

SHA512
dfabc4888f4a9fc2ba1b51226f9ab7e4a9f3a4f30649ec85d902018d32eee19584e222c5c21d7a6303858a12d39d6edc0d2413dfc23fff2921979fc45080d8f2

Download Submit
C:\Program Files\CyberGhost 8\WPFLocalizeExtension.dll

Filesize
88KB

MD5
59731e46a0d74fe8c6709e54c6ebc68a

SHA1
0dd186248aa298401ef4960ca54c954bfc8e1be0

SHA256
fc95a395edb5f7bdbf72b00f7cc279189ad418ad256f1905a2e67936dc39721c

SHA512
5a7d142b79c90edf0d2afe330805f8994c54013a470647185ad1fb3189b3fc1ad10e4aae22776ef42e2c86febb22ffe91ee2afacce8016f8fd1087c95ff6fe49

Download Submit
C:\Program Files\CyberGhost 8\XAMLMarkupExtensions.dll

Filesize
40KB

MD5
e2146d7e04cb50b7f440bcb97eaf3298

SHA1
bfaa89470595c8413c4d5d3b0795e0fe20622e2e

SHA256
2e311cdf1c3b6f95acbb849e8e6af9a6c5ce21bfec58f8be07376c2f7b15448d

SHA512
d0146d9b2aed02a716e95f84be7312a5afe4f854fe27678a9efdbb5797fe4fab03d63781c6b1d3d427a6c3e818ff17a746b81f3c77cd85d278070234c987de20

Download Submit
C:\Program Files\CyberGhost 8\client.wyc

Filesize
59KB

MD5
40967936157d770a13edfd5622dd285b

SHA1
10a2176ada8e20d70d0f8d0c912f92489f1a93dc

SHA256
c47d03d168c16d0f2ecb34dcb09cd6eaa0822a0086e4b4bf41d8de6b51d0c4ce

SHA512
c27fda7bb72e583f209d6532040f08c7b6cb525214e1d004415fa26cd7a564be91b3ee9a895f82f19877579903996c7536aba56803766b67c87ca3ece4c0db2c

Download Submit
C:\Program Files\CyberGhost 8\de\Dashboard.resources.dll

Filesize
55KB

MD5
51d271f997d2f392e5451b936cba012c

SHA1
c4f1e96aa71a843c21fc74fd81085a72868770ce

SHA256
39a66b048e2e6a2a750898634893e8d3064785ae077bafb621e1bdf4f3d7e50a

SHA512
8179040c0ecfdeb4672f7aa283cd7845d56531e163469c5d43a6fe3227b53c389230d08323f0ff07dfa2056ba2ffe04dce6ab2bc1d154eabc86b21cb21629657

Download Submit
C:\Program Files\CyberGhost 8\es\Dashboard.resources.dll

Filesize
54KB

MD5
2dce5e717c3a6242ffb8feb717f0849f

SHA1
94ac7492232f210b351a241e44a014400383d174

SHA256
6debd0540b507f0f7e8e49b000af8dd47220ff2d5542b698f67072201684e191

SHA512
359a4b3cb8f4657349fed5d434a7578ca1488f72337e04358bfd9c42efc4fda7a6f389c1ed1454bf7916a7d9b4fba715fbbd9031cd83977919c1994ceb4871df

Download Submit
C:\Program Files\CyberGhost 8\fr\Dashboard.resources.dll

Filesize
56KB

MD5
5c236df784821c2cbc09ec2f095c4973

SHA1
0fe4441980c61af5f66d0bafb77ae51c7d79f084

SHA256
8b5b88076fc1d7e60007daa786b1ed80e4435a34676e486f0aad1068cb62ca83

SHA512
2a12024f899b363579b5f33728df8afd3a0f3a9afbec6f589437553af96a4477fac70bbb52e9666faff51f96c0b13a2dd176ce46f5da7ef9c96af9c0007360e2

Download Submit
C:\Program Files\CyberGhost 8\it\Dashboard.resources.dll

Filesize
54KB

MD5
a536bf86a67481487f6d8eb15a7d83a4

SHA1
fd9c6e1f2a5cb55aa8f9988effde0397b547bbe3

SHA256
3e40b6146e2da6c14a979e9149215ee9a2c47c20dc061649630e52a8095e398e

SHA512
c48b4887c1819b41352ffabfc817235bcab1f6dc6d7b9a9737eea481e22b9b20e0c8b76c7024e069ddfeb4630b98f58c5efab2645414fefeec649a5804eadb69

Download Submit
C:\Program Files\CyberGhost 8\ko\Dashboard.resources.dll

Filesize
56KB

MD5
2f738a34de48a7c4ca23c21bd68e1607

SHA1
c06ee7234c1114a8e88aaa567e836dd36b54d9ce

SHA256
66b8ee3aed59ed250872c181865faf691091da955543e4390b13928bdf1cc868

SHA512
092cd10a25c40deda2b68172d972cf4c0df5f5665d13d84b417196286ba20f581939d050549b0cd64055c5fbda1d5b644dea3165da20fc8e81de6452e3efbf8a

Download Submit
C:\Program Files\CyberGhost 8\pl\Dashboard.resources.dll

Filesize
55KB

MD5
336e39de7ba0d4fa1f359c044e4084ac

SHA1
81a10b531fe1f6c809c58b397c107a16676463db

SHA256
1363e36c252bae65a4dc8bbd413a434dbb7b7218f8f12a5015e274fb7d234219

SHA512
118c8a1fa6836e4edd10aabac7bdff99e629ab143de9170d6233ab44f7424195a8402fa6785bd1bc843245f8ce6b20e0e2ac53dd1cf165dc237c66438c109c48

Download Submit
C:\Program Files\CyberGhost 8\pt\Dashboard.resources.dll

Filesize
55KB

MD5
53cfa3c060f91a1cb18521b9e63ade81

SHA1
8a33a7cc9d0fc67ccaa512b75808d27a12b1ca3b

SHA256
8df690fd69aec12b66d1301ff2fd781300987e6c57510b0c7688ff055f49e9e0

SHA512
8a27812124264720593dc697cb78a00f71ee9a25b6ce51e70c3863e323d360f6460c2b332278abf49956b7cb8a53c29df9f887584e7c96b1871684e54b1066b5

Download Submit
C:\Program Files\CyberGhost 8\ro\Dashboard.resources.dll

Filesize
55KB

MD5
d9fd181a4efd0a80378142c46f68befc

SHA1
88b7215a032630fc4321b6d7d1044196966b2027

SHA256
9fa0a23ba44c918c7e30d2f32289ea6614bd5c220b11b5cbbc3d13d2b0a5d87f

SHA512
6b7763ccbc6c783ae0b3178df48033284d7e0c98538bf65c474d380422099b85c6f79d8e280f86ed997b4cd3a170baf41c232a522cd6e95597a41ab4d1c8afe1

Download Submit
C:\Program Files\CyberGhost 8\ru\Dashboard.resources.dll

Filesize
65KB

MD5
dcbc7f58a79fa7454a62856a945a3db6

SHA1
22d66f6370055be11fe9598ce790af3a1643b651

SHA256
c741f3c067362d5261a58fc6e88c0d0f6b8c96c6408a0e050264025ebf587b2f

SHA512
a3428c514202a26bb71a84d78ec12923dace905af9f178afd4d9329b12a9681055041a12815fc20ddc5da3dcf7225aaeddb16329a495269e96751a1d52bf1ecf

Download Submit
C:\Program Files\CyberGhost 8\wyUpdate.exe

Filesize
624KB

MD5
5ff68edc41c13daa31e4503c5a33bb32

SHA1
494be220ced57fe6e9a7382f17ee497dd8ad3cc6

SHA256
c03c45ec9f32fc035a3c7a84d066e2b841014082ed496febc7efba95ab285a60

SHA512
9646b7907aa82bb1a5c37cf5732f78ba908c13b80b55646d43b4f651e8508e0167d56042880e77c3b1e31cba6c8ef4940a2a16f935dbf7a3958a8b1effe07977

Download Submit
C:\Program Files\CyberGhost 8\wyUpdate.exe

Filesize
625KB

MD5
105fbfe4b77f2e32b4b4c79db556dd3c

SHA1
1b27c588403b3532770e4d3d941eb2da9ae15144

SHA256
9a7dad7115b0a9f99d94ac3440561637e0565aaa3131b80abc640ac967619965

SHA512
fed51dfa8a6c8bc0b3220eb581c818eb13cf14823359bf9b37d05aac1b7160f9e2a6abc28f8e9383a0a6500f2968eb162f228e0587172636c7238f92a191ea03

Download Submit
C:\Program Files\CyberGhost 8\wyUpdate.new

Filesize
625KB

MD5
105fbfe4b77f2e32b4b4c79db556dd3c

SHA1
1b27c588403b3532770e4d3d941eb2da9ae15144

SHA256
9a7dad7115b0a9f99d94ac3440561637e0565aaa3131b80abc640ac967619965

SHA512
fed51dfa8a6c8bc0b3220eb581c818eb13cf14823359bf9b37d05aac1b7160f9e2a6abc28f8e9383a0a6500f2968eb162f228e0587172636c7238f92a191ea03

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\18E6B4A57A6BC7EC9B861CDF2D6D0D02_C3B142D2C5374581DC2FDFFDEDBDEDDB

Filesize
765B

MD5
8073642337dd0c205826ab555f46794b

SHA1
c3400685d099eaf72ee9b080e29a622b2d1f6d67

SHA256
6e8138bcb143278e7428f587fea95d11c6684a4900e6e0e8c951313411409ce2

SHA512
b62b50445da30e56d35acd48b2bfd07045997a6d9af829aee79b1076f66e3b52bc835d1699121429ad32b8962dce60cdde3a9068eac1f2b90551b11444574d2c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AEACCDA8653DD8D7B2EA32F21D15D44F_46E4040B4A28D439FBFA7E9FC642442C

Filesize
637B

MD5
2a2fd8f3761383fdcbaac40b4f5606ce

SHA1
358c78678ce31f3c90e37af623d44fd36a5cbe08

SHA256
4a883348c2bf1b9dfe0a3f04a3fe7904784209b884a2cefad7ec407b572a848d

SHA512
94234e01af6376a068694f8ec0ffe9d18559652f61ed911584cd02174ec10136f0cd903c2b6631a5ebf9d1d0193fe14d1eb648b0e2ee980edf9ce4d582e43e60

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_93702E680A5530C052C8D2BA33A2225F

Filesize
1KB

MD5
5a1608cd2ab8421f8b092569433e75b6

SHA1
0bfd20d4deee1077de10e7524be060ea18070b7a

SHA256
c54acdc5b98f6278a4a5cc09ecc9aa9e265e80617956fdbc269cf97e416f659d

SHA512
c5a5cb4ee6f273e986a37c47ec0d22fe8215c767e06c7af73cdf7ba20fb59ea2a0c0c647659fcc2c988364a97899a50bf41de9ba83966f3cb6e4fae6db666513

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\18E6B4A57A6BC7EC9B861CDF2D6D0D02_C3B142D2C5374581DC2FDFFDEDBDEDDB

Filesize
484B

MD5
e996afdd8aff03fcbcaf9119f5745b3e

SHA1
c2bd05da22bb69c3443229e12bd311ad3005188c

SHA256
1d033c6d82b7bc4cec2d4fbcde0bf0d920f58defc0153df859f955d94553ed8f

SHA512
1c99f2d3a6da4e362d98a1f4efafd5c246a2b4192a2de7e3b9e75bb811292faf72f6d211d1b32d8d1c3f5d3c822cd810d72ba90840777c786897f52ab4be4ed4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AEACCDA8653DD8D7B2EA32F21D15D44F_46E4040B4A28D439FBFA7E9FC642442C

Filesize
488B

MD5
bab0661a6dd81adb1e663c21da180523

SHA1
ceb0849b672821af421a8b28ec678e06ee1b69e7

SHA256
7e73e2abb5bf518b4d67879e3602ce820a55362be8239957c406fea832fe4c7d

SHA512
5eac6b6228e92b426bd964fb10b20ad100ba963e3915f6cabad45946b2c325dc99baf1f2b67eebdd88a0389057ec5bb84d355ca201d1df557fe0cb8e41d5eee8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_93702E680A5530C052C8D2BA33A2225F

Filesize
482B

MD5
6e9b3c54b40ca8c4cd3d7d60e0a94958

SHA1
5358341b437e1d575c1767fffd6d650420441b99

SHA256
1012e6ecab01bae5e549d09f18c5bc778a7264f802699ff6ccb2306d8995688d

SHA512
3b4ba1e287a08865401f25a189ff9953b2f43bfe8d7fd15461bcc628502385b8fb92ec352d83032203b10cda2e69db05c7aa9fcbdec513fdf9e8988eae398bc6

Download Submit
C:\Users\Admin\AppData\Local\CyberGhost\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\CyberGhost\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\IsolatedStorage\4kzs53wg.3uq\tqtnawxm.gew\StrongName.1r34rtndphgwhqowmyxywu5guyuf1gh2\StrongName.bx0ds5js14qgmnal5bhexnafezsd5pyy\identity.dat

Filesize
529B

MD5
b81dfaf8c0f7f1e2f170f4c6cb8c5634

SHA1
c24612cfc0b9c1067c311b4a9e6f7a98feda645f

SHA256
1f8da753d2cdc1c999a1cf1331c7ce4156c3cccf9ac6ed14b6621e6697566fdf

SHA512
980f1be6a48154a65cfd92d45a5737b53b20e2da48f1d88afb0e8186cb0cd9079436d4f6ad422012e8a7bcacba5b5452558ed3fddf904cb1e5c5bbb6dae0c051

Download Submit
C:\Users\Admin\AppData\Local\IsolatedStorage\4kzs53wg.3uq\tqtnawxm.gew\StrongName.1r34rtndphgwhqowmyxywu5guyuf1gh2\identity.dat

Filesize
516B

MD5
4cacfd09021c202af22376c5c70f7e01

SHA1
60d2dcbf2e24aa7136e8af2316bdad4d56954959

SHA256
7ba174551a28411972a2fcbf3432943496c2859981ad33c4002940ea9c4eba0a

SHA512
161a02d5899f8710587a8552aead5e0743d2f1cba2b6e640eb32adec2a3823674454cad7426c8e74f8207443d69269d92e345768d2bff03bebbd992a9a586084

Download Submit
C:\Users\Admin\AppData\Local\IsolatedStorage\4kzs53wg.3uq\tqtnawxm.gew\StrongName.1r34rtndphgwhqowmyxywu5guyuf1gh2\info.dat

Filesize
64B

MD5
e344f0ce76aa503d70e2754db2011f9e

SHA1
26779e583ea9312564512e22e560af73c726f304

SHA256
13874f1478f698fbbe4c753834155dc62d15da2b12cac4232ff08c9361a9d5f7

SHA512
5cb5d498a81657dbb0238430d81921f14139182c7b6eb5c7d45ba45f34b0af3248d8c0e973981064e5f582d90fc80f75960c2cff40fd02eab065da586d00caa4

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpF5E9.tmp

Filesize
2KB

MD5
647f843626b023aaaa748f924f95ac25

SHA1
652cacf99409e3dcd39b6eb8839c16d22b1800e8

SHA256
732dee732e0261afbfba21eca43008a5009cfc9e4c405ece8826a9746564cceb

SHA512
61093dcbe07efa5bdffec4933243168bf40b8159bc5a9840552bc3ea8e7c129156276a8548c658e5267bf0b8c4448dcb5c8ab10140c72ed48eb8910c075022fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh6FFC.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh6FFC.tmp\UserInfo.dll

Filesize
4KB

MD5
7579ade7ae1747a31960a228ce02e666

SHA1
8ec8571a296737e819dcf86353a43fcf8ec63351

SHA256
564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5

SHA512
a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh6FFC.tmp\nsExec.dll

Filesize
6KB

MD5
acc2b699edfea5bf5aae45aba3a41e96

SHA1
d2accf4d494e43ceb2cff69abe4dd17147d29cc2

SHA256
168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

SHA512
e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpB91E.tmp.exe

Filesize
5.0MB

MD5
72540194bd451dac050609406eb50a56

SHA1
57c33ec10f90f81f6abc612b4d251510c36ebd6b

SHA256
3a18d5fd76abcfe537d78457dab4797231af313028b5594231f019245c5f7a74

SHA512
ec9b24c877e82269aba78701a9828879e8b91580c4d3002227ee18868b8db76b6c0fba08e687aba1ea3127eea05e37124e2b615c224b33e4dac2512dbefb3444

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpB91E.tmp.exe

Filesize
5.0MB

MD5
72540194bd451dac050609406eb50a56

SHA1
57c33ec10f90f81f6abc612b4d251510c36ebd6b

SHA256
3a18d5fd76abcfe537d78457dab4797231af313028b5594231f019245c5f7a74

SHA512
ec9b24c877e82269aba78701a9828879e8b91580c4d3002227ee18868b8db76b6c0fba08e687aba1ea3127eea05e37124e2b615c224b33e4dac2512dbefb3444

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpB91E.tmp.exe

Filesize
5.0MB

MD5
72540194bd451dac050609406eb50a56

SHA1
57c33ec10f90f81f6abc612b4d251510c36ebd6b

SHA256
3a18d5fd76abcfe537d78457dab4797231af313028b5594231f019245c5f7a74

SHA512
ec9b24c877e82269aba78701a9828879e8b91580c4d3002227ee18868b8db76b6c0fba08e687aba1ea3127eea05e37124e2b615c224b33e4dac2512dbefb3444

Download Submit
C:\Windows\System32\DriverStore\Temp\{facb7cc4-14bc-484f-bde5-7a2e133b09f7}\SET7385.tmp

Filesize
7KB

MD5
87868193626dc756d10885f46d76f42e

SHA1
94a5ce8ed7633ed77531b6cb14ceb1927c5cae1f

SHA256
b5728e42ea12c67577cb9188b472005ee74399b6ac976e7f72b48409baee3b41

SHA512
79751330bed5c16d66baf3e5212be0950f312ffd5b80b78be66eaea3cc7115f8a9472d2a43b5ce702aa044f3b45fd572775ff86572150df91cc27866f88f8277

Download Submit
C:\Windows\System32\DriverStore\Temp\{facb7cc4-14bc-484f-bde5-7a2e133b09f7}\SET73A5.tmp

Filesize
19KB

MD5
c757503bc0c5a6679e07fe15b93324d6

SHA1
6a81aa87e4b07c7fea176c8adf1b27ddcdd44573

SHA256
91ebea8ad199e97832cf91ea77328ed7ff49a1b5c06ddaacb0e420097a9b079e

SHA512
efd1507bc7aa0cd335b0e82cddde5f75c4d1e35490608d32f24a2bed0d0fbcac88919728e3b3312665bd1e60d3f13a325bdcef4acfddab0f8c2d9f4fb2454d99

Download Submit
C:\Windows\System32\DriverStore\Temp\{facb7cc4-14bc-484f-bde5-7a2e133b09f7}\SET73A6.tmp

Filesize
26KB

MD5
d765f43cbea72d14c04af3d2b9c8e54b

SHA1
daebe266073616e5fc931c319470fcf42a06867a

SHA256
89c5ca1440df186497ce158eb71c0c6bf570a75b6bc1880eac7c87a0250201c0

SHA512
ff83225ed348aa8558fb3055ceb43863bad5cf775e410ed8acda7316b56cd5c9360e63ed71abbc8929f7dcf51fd9a948b16d58242a7a2b16108e696c11d548b2

Download Submit
memory/1240-1278-0x000002117A960000-0x000002117AA00000-memory.dmp

Filesize
640KB

Download
memory/1240-1280-0x0000021178650000-0x0000021178688000-memory.dmp

Filesize
224KB

Download
memory/1240-1276-0x000002117A740000-0x000002117A750000-memory.dmp

Filesize
64KB

Download
memory/1240-1275-0x00007FF8B5A10000-0x00007FF8B64D1000-memory.dmp

Filesize
10.8MB

Download
memory/1240-1274-0x00000211780B0000-0x0000021178202000-memory.dmp

Filesize
1.3MB

Download
memory/1680-0-0x0000000000C70000-0x0000000000C90000-memory.dmp

Filesize
128KB

Download
memory/1680-50-0x00007FF8B5A10000-0x00007FF8B64D1000-memory.dmp

Filesize
10.8MB

Download
memory/1680-37-0x00007FF8B5A10000-0x00007FF8B64D1000-memory.dmp

Filesize
10.8MB

Download
memory/1680-4-0x000000001CFF0000-0x000000001D518000-memory.dmp

Filesize
5.2MB

Download
memory/1680-3-0x000000001C8F0000-0x000000001CAB2000-memory.dmp

Filesize
1.8MB

Download
memory/1680-1-0x00007FF8B5A10000-0x00007FF8B64D1000-memory.dmp

Filesize
10.8MB

Download
memory/1680-2-0x000000001B8A0000-0x000000001B8B0000-memory.dmp

Filesize
64KB

Download
memory/3084-80-0x00000244C6770000-0x00000244C6780000-memory.dmp

Filesize
64KB

Download
memory/3084-74-0x00000244E1F40000-0x00000244E1F48000-memory.dmp

Filesize
32KB

Download
memory/3084-387-0x00000244C6770000-0x00000244C6780000-memory.dmp

Filesize
64KB

Download
memory/3084-112-0x00000244E5490000-0x00000244E549A000-memory.dmp

Filesize
40KB

Download
memory/3084-111-0x00000244E55A0000-0x00000244E55A8000-memory.dmp

Filesize
32KB

Download
memory/3084-110-0x00000244E5450000-0x00000244E5476000-memory.dmp

Filesize
152KB

Download
memory/3084-109-0x00000244E6AF0000-0x00000244E6B82000-memory.dmp

Filesize
584KB

Download
memory/3084-106-0x00000244C6770000-0x00000244C6780000-memory.dmp

Filesize
64KB

Download
memory/3084-105-0x00000244C6770000-0x00000244C6780000-memory.dmp

Filesize
64KB

Download
memory/3084-104-0x00000244C6770000-0x00000244C6780000-memory.dmp

Filesize
64KB

Download
memory/3084-103-0x00000244E5070000-0x00000244E5082000-memory.dmp

Filesize
72KB

Download
memory/3084-102-0x00000244E4FC0000-0x00000244E5072000-memory.dmp

Filesize
712KB

Download
memory/3084-101-0x00000244E4F80000-0x00000244E4FBA000-memory.dmp

Filesize
232KB

Download
memory/3084-100-0x00000244E4700000-0x00000244E470A000-memory.dmp

Filesize
40KB

Download
memory/3084-99-0x00000244E4F50000-0x00000244E4F72000-memory.dmp

Filesize
136KB

Download
memory/3084-84-0x00000244E4EE0000-0x00000244E4F1A000-memory.dmp

Filesize
232KB

Download
memory/3084-83-0x00000244E4760000-0x00000244E4798000-memory.dmp

Filesize
224KB

Download
memory/3084-82-0x00000244E46F0000-0x00000244E46FE000-memory.dmp

Filesize
56KB

Download
memory/3084-81-0x00000244E4720000-0x00000244E4758000-memory.dmp

Filesize
224KB

Download
memory/3084-1250-0x00000244E6BD0000-0x00000244E6C20000-memory.dmp

Filesize
320KB

Download
memory/3084-79-0x00007FF8B5A10000-0x00007FF8B64D1000-memory.dmp

Filesize
10.8MB

Download
memory/3084-78-0x00000244E4690000-0x00000244E4698000-memory.dmp

Filesize
32KB

Download
memory/3084-77-0x00000244E4660000-0x00000244E4668000-memory.dmp

Filesize
32KB

Download
memory/3084-76-0x00000244C6770000-0x00000244C6780000-memory.dmp

Filesize
64KB

Download
memory/3084-75-0x00000244E20A0000-0x00000244E20B6000-memory.dmp

Filesize
88KB

Download
memory/3084-577-0x00000244C6770000-0x00000244C6780000-memory.dmp

Filesize
64KB

Download
memory/3084-73-0x00000244E1EC0000-0x00000244E1EC8000-memory.dmp

Filesize
32KB

Download
memory/3084-72-0x00000244E1DE0000-0x00000244E1DE8000-memory.dmp

Filesize
32KB

Download
memory/3084-71-0x00000244E1D80000-0x00000244E1D88000-memory.dmp

Filesize
32KB

Download
memory/3084-70-0x00000244E1BE0000-0x00000244E1BE8000-memory.dmp

Filesize
32KB

Download
memory/3084-69-0x00000244E1BA0000-0x00000244E1BA8000-memory.dmp

Filesize
32KB

Download
memory/3084-67-0x00000244E1AA0000-0x00000244E1AA8000-memory.dmp

Filesize
32KB

Download
memory/3084-68-0x00000244E1B40000-0x00000244E1B48000-memory.dmp

Filesize
32KB

Download
memory/3084-66-0x00000244E14A0000-0x00000244E14A8000-memory.dmp

Filesize
32KB

Download
memory/3084-65-0x00000244E0F40000-0x00000244E0F48000-memory.dmp

Filesize
32KB

Download
memory/3084-64-0x00000244E0E40000-0x00000244E0E48000-memory.dmp

Filesize
32KB

Download
memory/3084-63-0x00000244E0E10000-0x00000244E0E3A000-memory.dmp

Filesize
168KB

Download
memory/3084-62-0x00000244C67F0000-0x00000244C67FE000-memory.dmp

Filesize
56KB

Download
memory/3084-61-0x00000244E0C60000-0x00000244E0CA6000-memory.dmp

Filesize
280KB

Download
memory/3084-60-0x00000244E0C40000-0x00000244E0C5A000-memory.dmp

Filesize
104KB

Download
memory/3084-59-0x00000244E0A70000-0x00000244E0B10000-memory.dmp

Filesize
640KB

Download
memory/3084-58-0x00000244C67B0000-0x00000244C67BA000-memory.dmp

Filesize
40KB

Download
memory/3084-57-0x00000244C6780000-0x00000244C678A000-memory.dmp

Filesize
40KB

Download
memory/3084-56-0x00000244E0890000-0x00000244E0924000-memory.dmp

Filesize
592KB

Download
memory/3084-55-0x00000244C67A0000-0x00000244C67A8000-memory.dmp

Filesize
32KB

Download
memory/3084-54-0x00000244C6730000-0x00000244C6738000-memory.dmp

Filesize
32KB

Download
memory/3084-53-0x00000244C6770000-0x00000244C6780000-memory.dmp

Filesize
64KB

Download
memory/3084-1251-0x00000244C6770000-0x00000244C6780000-memory.dmp

Filesize
64KB

Download
memory/3084-1252-0x00000244E6CA0000-0x00000244E6D16000-memory.dmp

Filesize
472KB

Download
memory/3084-52-0x00000244E07F0000-0x00000244E0886000-memory.dmp

Filesize
600KB

Download
memory/3084-51-0x00000244C5E70000-0x00000244C6380000-memory.dmp

Filesize
5.1MB

Download
memory/3084-49-0x00007FF8B5A10000-0x00007FF8B64D1000-memory.dmp

Filesize
10.8MB

Download