f0729e62c4bc3633797eea6c70969503993eebfce3fb8a852a029c0ea81c43f6

Analysis

max time kernel
143s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
06/01/2024, 16:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

windowsProxy_2.0.9.0.exe
Size

62.4MB
MD5

6790611f5b8913cdd10f4c284af8da08
SHA1

93c081a1a6b3656fcb66beead69587878d392d99
SHA256

f0729e62c4bc3633797eea6c70969503993eebfce3fb8a852a029c0ea81c43f6
SHA512

3e7eafd3c1bfe782676e702474565d546c1e2f6cfa7feff351f915eb0d12a25050edfb07635b1bab5963afe2302ad9502595005291fe1b9e8f83c2449c51bee4
SSDEEP

1572864:5ypH6HJ6XKAZJy9oxpwAlroxZXWjqyE1rTR9Et5nubC4:YYQK0y9oYA4XWNEWnubC4

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
1932	windowsProxy_2.0.9.0.tmp
2680	vc_redist.x64.exe
2964	vc_redist.x64.exe
560	naiyouwl.EXE

Loads dropped DLL 36 IoCs

pid	Process
2228	windowsProxy_2.0.9.0.exe
1932	windowsProxy_2.0.9.0.tmp
1932	windowsProxy_2.0.9.0.tmp
1932	windowsProxy_2.0.9.0.tmp
1204	Process not Found
1204	Process not Found
1204	Process not Found
1204	Process not Found
1204	Process not Found
1932	windowsProxy_2.0.9.0.tmp
2680	vc_redist.x64.exe
1204	Process not Found
1204	Process not Found
1204	Process not Found
2964	vc_redist.x64.exe
560	naiyouwl.EXE
560	naiyouwl.EXE
560	naiyouwl.EXE
560	naiyouwl.EXE
560	naiyouwl.EXE
560	naiyouwl.EXE
560	naiyouwl.EXE
560	naiyouwl.EXE
560	naiyouwl.EXE
560	naiyouwl.EXE
560	naiyouwl.EXE
560	naiyouwl.EXE
1160	Process not Found
1204	Process not Found
1204	Process not Found
1204	Process not Found
2512	WerFault.exe
2512	WerFault.exe
2512	WerFault.exe
2512	WerFault.exe
2512	WerFault.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\icons\is-BVDOL.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\images\is-QPEI3.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\shaders\is-BUTUU.tmp	windowsProxy_2.0.9.0.tmp
File opened for modification	C:\Program Files (x86)\winproxy2.0\tray_manager_plugin.dll	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\assets\dep\is-J9245.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\images\is-90ODI.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\assets\images\main\is-2MHGV.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\icons\is-DHF41.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\icons\is-0KUG8.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\icons\radio\is-CDI4C.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\images\is-44R4F.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\images\is-HHF1I.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\assets\bin\is-DFORG.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\images\is-1BQNB.tmp	windowsProxy_2.0.9.0.tmp
File opened for modification	C:\Program Files (x86)\winproxy2.0\url_launcher_windows_plugin.dll	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\is-QO5PC.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\assets\dep\is-8K1MJ.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\images\is-SS5E6.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\icons\is-AQG5E.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\icons\is-VMGKR.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\icons\is-NBNNM.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\images\is-UFR23.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\images\is-QR6P5.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\window_manager\images\is-N36DT.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\icons\is-15HHJ.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\images\is-5D50I.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\fluttertoast\assets\is-QH1CE.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\getwidget\icons\is-AG123.tmp	windowsProxy_2.0.9.0.tmp
File opened for modification	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\assets\bin\ccore-service-windows-amd64.exe	windowsProxy_2.0.9.0.tmp
File opened for modification	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\assets\bin\ccore-windows-amd64.exe	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\assets\images\node\is-8R045.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\icons\is-2K7NF.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\images\is-C51DU.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\images\is-LR38P.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\unins000.dat	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\icons\is-V3N64.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\images\is-DAV9K.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\images\is-7FCL5.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\images\is-IT0K3.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\fluttertoast\assets\is-DUC30.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\images\is-1JVF4.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\images\is-74A70.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\images\is-1O0E1.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\cupertino_icons\assets\is-C83VO.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\assets\images\main\is-9UBRQ.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\icons\is-TSM33.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\images\is-OEMUB.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\assets\images\main\is-LK8BC.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\fonts\is-KAJIF.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\icons\is-AK1GO.tmp	windowsProxy_2.0.9.0.tmp
File opened for modification	C:\Program Files (x86)\winproxy2.0\naiyouwl.exe	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\assets\images\main\is-F13MN.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\icons\is-1VVMB.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\images\is-HT0LJ.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\images\is-OR000.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\getwidget\icons\is-93HB8.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\images\is-OO5LS.tmp	windowsProxy_2.0.9.0.tmp
File opened for modification	C:\Program Files (x86)\winproxy2.0\screen_retriever_plugin.dll	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\is-Q5BLH.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\icons\is-O76M2.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\images\is-G92QN.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\icons\is-P7LIV.tmp	windowsProxy_2.0.9.0.tmp
File opened for modification	C:\Program Files (x86)\winproxy2.0\unins000.dat	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\is-QDC42.tmp	windowsProxy_2.0.9.0.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 19 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\win加速器File.myp\shell\open\command\ = "\"C:\\Program Files (x86)\\winproxy2.0\\naiyouwl.exe\" \"%1\""	windowsProxy_2.0.9.0.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\win加速器File.myp	windowsProxy_2.0.9.0.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\win加速器File.myp\ = "win加速器 File"	windowsProxy_2.0.9.0.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\win加速器File.myp\DefaultIcon\ = "C:\\Program Files (x86)\\winproxy2.0\\naiyouwl.exe,0"	windowsProxy_2.0.9.0.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\win加速器File.myp\shell\open\command	windowsProxy_2.0.9.0.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\win加速器File.myp\shell\open	windowsProxy_2.0.9.0.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications	windowsProxy_2.0.9.0.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\naiyouwl.exe\SupportedTypes\.myp	windowsProxy_2.0.9.0.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.myp\OpenWithProgids	windowsProxy_2.0.9.0.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\win加速器File.myp\shell\open\command	windowsProxy_2.0.9.0.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\win加速器File.myp	windowsProxy_2.0.9.0.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\win加速器File.myp\shell	windowsProxy_2.0.9.0.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\Applications\naiyouwl.exe\SupportedTypes	windowsProxy_2.0.9.0.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\naiyouwl.exe	windowsProxy_2.0.9.0.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\.myp\OpenWithProgids	windowsProxy_2.0.9.0.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.myp	windowsProxy_2.0.9.0.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.myp\OpenWithProgids\win加速器File.myp	windowsProxy_2.0.9.0.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\win加速器File.myp\DefaultIcon	windowsProxy_2.0.9.0.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\naiyouwl.exe\SupportedTypes	windowsProxy_2.0.9.0.tmp

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1932	windowsProxy_2.0.9.0.tmp
1932	windowsProxy_2.0.9.0.tmp

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1932	windowsProxy_2.0.9.0.tmp

Suspicious use of WriteProcessMemory 32 IoCs

description	pid	Process	procid_target
PID 2228 wrote to memory of 1932	2228	windowsProxy_2.0.9.0.exe	28
PID 2228 wrote to memory of 1932	2228	windowsProxy_2.0.9.0.exe	28
PID 2228 wrote to memory of 1932	2228	windowsProxy_2.0.9.0.exe	28
PID 2228 wrote to memory of 1932	2228	windowsProxy_2.0.9.0.exe	28
PID 2228 wrote to memory of 1932	2228	windowsProxy_2.0.9.0.exe	28
PID 2228 wrote to memory of 1932	2228	windowsProxy_2.0.9.0.exe	28
PID 2228 wrote to memory of 1932	2228	windowsProxy_2.0.9.0.exe	28
PID 1932 wrote to memory of 2680	1932	windowsProxy_2.0.9.0.tmp	30
PID 1932 wrote to memory of 2680	1932	windowsProxy_2.0.9.0.tmp	30
PID 1932 wrote to memory of 2680	1932	windowsProxy_2.0.9.0.tmp	30
PID 1932 wrote to memory of 2680	1932	windowsProxy_2.0.9.0.tmp	30
PID 1932 wrote to memory of 2680	1932	windowsProxy_2.0.9.0.tmp	30
PID 1932 wrote to memory of 2680	1932	windowsProxy_2.0.9.0.tmp	30
PID 1932 wrote to memory of 2680	1932	windowsProxy_2.0.9.0.tmp	30
PID 2680 wrote to memory of 2964	2680	vc_redist.x64.exe	31
PID 2680 wrote to memory of 2964	2680	vc_redist.x64.exe	31
PID 2680 wrote to memory of 2964	2680	vc_redist.x64.exe	31
PID 2680 wrote to memory of 2964	2680	vc_redist.x64.exe	31
PID 2680 wrote to memory of 2964	2680	vc_redist.x64.exe	31
PID 2680 wrote to memory of 2964	2680	vc_redist.x64.exe	31
PID 2680 wrote to memory of 2964	2680	vc_redist.x64.exe	31
PID 1932 wrote to memory of 1088	1932	windowsProxy_2.0.9.0.tmp	34
PID 1932 wrote to memory of 1088	1932	windowsProxy_2.0.9.0.tmp	34
PID 1932 wrote to memory of 1088	1932	windowsProxy_2.0.9.0.tmp	34
PID 1932 wrote to memory of 1088	1932	windowsProxy_2.0.9.0.tmp	34
PID 1932 wrote to memory of 560	1932	windowsProxy_2.0.9.0.tmp	35
PID 1932 wrote to memory of 560	1932	windowsProxy_2.0.9.0.tmp	35
PID 1932 wrote to memory of 560	1932	windowsProxy_2.0.9.0.tmp	35
PID 1932 wrote to memory of 560	1932	windowsProxy_2.0.9.0.tmp	35
PID 560 wrote to memory of 2512	560	naiyouwl.EXE	37
PID 560 wrote to memory of 2512	560	naiyouwl.EXE	37
PID 560 wrote to memory of 2512	560	naiyouwl.EXE	37

C:\Users\Admin\AppData\Local\Temp\windowsProxy_2.0.9.0.exe
"C:\Users\Admin\AppData\Local\Temp\windowsProxy_2.0.9.0.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2228
- C:\Users\Admin\AppData\Local\Temp\is-R131V.tmp\windowsProxy_2.0.9.0.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-R131V.tmp\windowsProxy_2.0.9.0.tmp" /SL5="$40016,64583684,1047040,C:\Users\Admin\AppData\Local\Temp\windowsProxy_2.0.9.0.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1932
- - C:\Program Files (x86)\winproxy2.0\vc_redist.x64.exe
    "C:\Program Files (x86)\winproxy2.0\vc_redist.x64.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2680
  - - C:\Windows\Temp\{96CEB16E-6AC4-4EF5-B6DF-3F96616022A7}\.cr\vc_redist.x64.exe
      "C:\Windows\Temp\{96CEB16E-6AC4-4EF5-B6DF-3F96616022A7}\.cr\vc_redist.x64.exe" -burn.clean.room="C:\Program Files (x86)\winproxy2.0\vc_redist.x64.exe" -burn.filehandle.attached=180 -burn.filehandle.self=188
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2964
- - C:\Windows\SysWOW64\NOTEPAD.EXE
    "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\winproxy2.0\ppt.TXT
    3⤵
    PID:1088
- - C:\Program Files (x86)\winproxy2.0\naiyouwl.EXE
    "C:\Program Files (x86)\winproxy2.0\naiyouwl.EXE"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:560
  - - C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 560 -s 548
      4⤵
      Loads dropped DLL
      PID:2512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\winproxy2.0\data\app.so

Filesize
381KB

MD5
06f09bcb5726907f54a55e0939804d4b

SHA1
199d69d08c31bb90d44505cf96fec0ca671ae847

SHA256
94021aa954c3cf4286f49fac91e17ba0668589d90fb81311238cd18e788848ab

SHA512
504302b036a560f4c173a91867d034535bc45cc3071ac7b4aba94437755ae30872bbb6081c83461a99ffa1d98c0949f5b3f330922f2b12796ede1e82699a3c32

Download Submit
C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\images\is-HHF1I.tmp

Filesize
1KB

MD5
0aa3617b3ef4fd6ab38b469c1063f944

SHA1
4914e93add79be7ceb9dd03d3fe8ce25d112bf0b

SHA256
3edab6fd14846db990192b0fa7ebc78941cc872036b1ba3fd8be881aab91f41b

SHA512
ff6af58e624d86d92e467b277690821e51416beb28ef7730974ff099ea79cb17f8c109faec6345075bf9daa5b44e16e1f22e37bfd47533aaf86aa8dab1794b26

Download Submit
C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\images\is-P1ALO.tmp

Filesize
1KB

MD5
597877df09f2c0de126f303dfe266bfd

SHA1
86bdca524843fb8dff4bb6dfc99b8ae10d39a792

SHA256
8a9f24368087235c4fcf11a0f8203b2e221ab8cd9a5a41bb412f25f0c05523b7

SHA512
3000faa86a43bf48c22a6069466f31fd4d03a3d4d030fe89c442c92e835bc1381c07c8c70627da3d949ebb362ac9a09b63101bc038f5fff616ddd9996114f303

Download Submit
C:\Program Files (x86)\winproxy2.0\data\icudtl.dat

Filesize
13KB

MD5
cbb1e57ab3678698842e1c722d7dfd17

SHA1
849a251286b911970e5c74b4847df4ad9461251f

SHA256
9bbce8f3b2518e5e9c85cccd9699fe5a01e39816815d2f8724bf6c3b6c1802f2

SHA512
9e91de1c24d04c41df3d5722b1959ca633e0f76fe3e95e349feef557183cf25390d7aa943b8f72d438e0602b371d63bb1c66ff35a97e2088bd2f1b458c5d2951

Download Submit
C:\Program Files (x86)\winproxy2.0\flutter_windows.dll

Filesize
1.1MB

MD5
75f5042e364749c51031b5b01cd9b692

SHA1
b5fcffd06acabaf21dd61543f8fe579a2e348647

SHA256
4e1debcf01de9bdc64762c24470b81f9db50c92765e7ab83afbb4a374649637a

SHA512
b68b3eef37b3057837981237056ce48cd5d8d761f3af629e1261e2bc4bcbdee403ea80512f6c8316cfe636752c1eddeb17e915843b899419c749f2e57938daed

Download Submit
C:\Program Files (x86)\winproxy2.0\is-MGHQ5.tmp

Filesize
71KB

MD5
57ef7050657dc0893162cfa6c91b9231

SHA1
946134410cfe9f2a56faaa3c9941161d3e9296c2

SHA256
778c2bc1d8b08366e9f7c8f8e4a8610bcbec3edc7b7e4deffd0e05c9157c4c25

SHA512
3f63f7ce8d0d9a89bfa9000a2f8a887df89653e3d06b9064711217248aa7ac9eb4da6db48e7e5240320d81b8bb834b46aa699c2cc23160d753daae28896da0c7

Download Submit
C:\Program Files (x86)\winproxy2.0\ppt.TXT

Filesize
970B

MD5
b3dcb5003ffef02751b0e57c5ec3c6b7

SHA1
a9ad3c9b8de3092deeda2ac9b92de2437283a3c5

SHA256
928c0ac4d153d4ff3fe178d2b173f9909caf2161149030fbeb06eee11cc17e02

SHA512
55166940cf55baf25de3ca67e784f23f1622dcef99720b4a9831cb4b814724d446f954f7fb2f021ba5ee603ede2ca6cd5e0a3281f0d75b29770628dd1a47113f

Download Submit
C:\Program Files (x86)\winproxy2.0\vc_redist.x64.exe

Filesize
1.5MB

MD5
063fdec9b2dd3fb4e18f6373e2e74f14

SHA1
62c7b41e9d7ca3249c72da3efbbb6bbf3acfddce

SHA256
06644ee8666b409a100dd6433fc0316bac17ccbc15da57b39ef4856e3ae1c880

SHA512
b6ede3057ec3a2ac6e19baaece4ee61500f54ddc2d284f9bfda0d784eae94552b6bd78647d580d79f466582a08ad000e7c19a06ebc01c44761f0725790535237

Download Submit
C:\Program Files (x86)\winproxy2.0\vc_redist.x64.exe

Filesize
1.6MB

MD5
7ce992b8bbeacf4750a57a808aa88823

SHA1
fc18757391e703441d5eef4cdfa775d0a4ae1570

SHA256
c3d2bcbec6d2dd54a3beec74fd43a81af2a99db825c90d02e6b644c5d80b4ad7

SHA512
93832f71b0774783f71bbbec3ee2ef4111926a8964d653aadbd01556bee068a6470b66206aba05eeff99ffd26fe39dd288baf148492f66d80099c7df4d7aef37

Download Submit
C:\Program Files (x86)\winproxy2.0\window_manager_plugin.dll

Filesize
64KB

MD5
26c983533566180b9b2887b58a7bbf1b

SHA1
2a425740c1c47a561617caa188c24885b5707dd4

SHA256
ae005c6bfc6325664d82d3e6126ac590fcd2124828fb8f8de569602eefd4396b

SHA512
5109275cf481e30e493bb0281c0f4a6ad8a3b0ad2965c94ed7d0286dc1292efea3a4362d693a9ce083fd4b0b3adab78a8ff13c3962a10e8910c579fc4b34c0b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-R131V.tmp\windowsProxy_2.0.9.0.tmp

Filesize
2.3MB

MD5
3999514816af30144e081a2fa6791a36

SHA1
58b78acd43e56b296c72efe33a620ba87e258bde

SHA256
27525e4fb7e633edc3dc525f2e8c37cbbccd5b1d3ed06af185215866afd37984

SHA512
37ecbff98ac20e1a8e9417b430a13d8fbba8c22446fa54b13af57fe5dd11f135aff7f8853421f254a3d63ad83791b1de49c1f6952728c7622d0289a863dd6af7

Download Submit
C:\Windows\Temp\{3015B1AF-F624-4E28-9563-70FD41E0C34C}\.ba\logo.png

Filesize
1KB

MD5
d6bd210f227442b3362493d046cea233

SHA1
ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

SHA256
335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

SHA512
464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

Download Submit
\Program Files (x86)\winproxy2.0\connectivity_plus_windows_plugin.dll

Filesize
86KB

MD5
53b89f65cc347a79da33cb2f0276ab91

SHA1
27913c1aca3af640e0a6116e5e3f67255ebe0933

SHA256
9165e8b26855d1c86c1901abe9856cc84ed48b1b7684a0a56551c9509d40e5be

SHA512
d6d62717fb3186cc93ea5ac1e5d28e14452127fbc14e688295f1d891ba3ad8b7b8345cd7d869daf7f72717c430ef898a02ec31fa9696cc1d68baa1dec4d77e7b

Download Submit
\Program Files (x86)\winproxy2.0\file_selector_windows_plugin.dll

Filesize
101KB

MD5
50a51b3fe7fdb4897436eafe58f58a47

SHA1
1ff1dc0858db9ea7d48f804099a06592a6c7967b

SHA256
f835c9dfb53e1bfb55c0a2212ce5993618f44550171414ac75f68b4a0f9dc50a

SHA512
0b56d67da4e7ec2216064654ad03500081a94037488eca25d02e0634782a32594400c5236cf277d17a05a6c23be7e41728dcc3a801153a6a4ced704560cbe107

Download Submit
\Program Files (x86)\winproxy2.0\flutter_secure_storage_windows_plugin.dll

Filesize
85KB

MD5
48a189ebbe3efcf0d149d2bf79d651ca

SHA1
589a7c877b004d17e5d54175e717d1a331e84a6a

SHA256
16e3d68805974265868997ffe13a95bd35fd2ac02c6e5b99834c1414bfbfafbb

SHA512
859e9b33b0a64b5974c472d1cd697bd98de60e620f818cd4a135f704cad49eed400addb8725da9689db88eeb3a787a64a8781ea8c3c441601f9652fa0ff12052

Download Submit
\Program Files (x86)\winproxy2.0\flutter_windows.dll

Filesize
1.5MB

MD5
7438e9515add78a3b38042124194d352

SHA1
c990738a780173f9e0f8cdd5bc3e166877ae929a

SHA256
be10a189c59df83bba334cfa182c3c3c2fde7943bdcdf0f539c450e20d6a008e

SHA512
4bdb636eeece149d573dea051ca3c15187f2b32bc7040ce1756556735ef39e5d3264bf4c6fadc5f51818eaa42b5a0171525843d28a13d9fea5b96e55a87bc335

Download Submit
\Program Files (x86)\winproxy2.0\permission_handler_windows_plugin.dll

Filesize
110KB

MD5
63b7b44ab33179a5d1a4e1ff6f51b730

SHA1
0dd47157c76b882ae125a97ee21e1ecb7f2adcac

SHA256
3cb127a5a2970e95af3cab7a0eb989e9c4dad5a33332d85f3a964692cd31b13d

SHA512
cf1f9d587575a05fda672510d560248930871257e41b7870242e922230b7d75e96974fbc66e8dd207a7eac1ac494dd19d5073bf424578f47df14445576d930b0

Download Submit
\Program Files (x86)\winproxy2.0\protocol_handler_plugin.dll

Filesize
90KB

MD5
c04fd9f303d74c808d0dc7a0cd0a2e8e

SHA1
89319137ef5e224c36596c2183c6b2df9d32da12

SHA256
f870232d3e30b72005fdac7a165f8399fd403300462d4c89440b6336596dea91

SHA512
c849ccc6036273d922262e7d3214e8c955edc595baf6757beaee45a105a9ae818a4a8c0e9a4ccda7896898c2f42c0d1a84df27279a4ae3b1ea8867f2f60594bd

Download Submit
\Program Files (x86)\winproxy2.0\proxy_manager_plugin.dll

Filesize
82KB

MD5
3718eb3597435ece470085d30957d018

SHA1
e0c3bedad9093bb685cea4f6c9f55cfc3b50c6c4

SHA256
7117f740e5f0456daa16a1ff4a915d4cc7eb61f61c7fea893f02fb07cfd3354c

SHA512
95a93e7cfdbc836ed495512eb922b809e8f1c2c8a9d557427fbfdb97dbe0ec898e65b54a76d53899cb5dae665d3ec246b8d38d59751bf9481ece6a6669c364ef

Download Submit
\Program Files (x86)\winproxy2.0\screen_retriever_plugin.dll

Filesize
96KB

MD5
e78dbc0f4e856e35de98edd811e6f453

SHA1
8212babf31a3da4e419e918e92a4d9a17fb26d4a

SHA256
20b0e2761ccdfacb8677a95b530c94bf327507d052b3322a7add767d5d64a55e

SHA512
c1746fd32864eab52c0bb1934e416176a5ccee78ef52cc08662f4ca8674cd9c5855be80dae8162a5ee410508a85224b825c98265b203b65872c156372db3d64a

Download Submit
\Program Files (x86)\winproxy2.0\tray_manager_plugin.dll

Filesize
103KB

MD5
5d00961020e0ccf75a1e79938c3410f1

SHA1
c0e65aa4426da92a21cda041f95c6a43cd3131f5

SHA256
83acffa2ad5be64a603e5326545ba37b598884814ea92212502b08d47e26e828

SHA512
e1f33be792908e16daa1bafec91748d3343adf0ff5ec43e90aa958f01bc20f4842fda5421391c566866a51ee8a64b3682f88696001d11c93820a40e21781858a

Download Submit
\Program Files (x86)\winproxy2.0\url_launcher_windows_plugin.dll

Filesize
84KB

MD5
dbefa917fe45dbc1e81ebdbd33e30294

SHA1
b5afb37adc69a2278edd9613184de4beb0a274a2

SHA256
fd5865adb3a154fc5054d0ac51c9c49356cf5fd3196464c5e89e9122f260df9c

SHA512
d5a23484b1f5b78c886311ef94b3db7d546a13e0f74307464db246cb59f9af31f92b55623c871af14c05384f725250f25f543b2375981dbf504899d40f5fb778

Download Submit
\Program Files (x86)\winproxy2.0\vc_redist.x64.exe

Filesize
2.6MB

MD5
b1070382a4876d578b5820783f50524a

SHA1
c336c01e71d0ee58502630afe99d439c383552c6

SHA256
0b785c2464e3cb142afe1ed5663b454777a8a0d91aebed6ed1821fbfd2fa4d29

SHA512
49396937c23676745dade828eb696c22f7a346137f3a50a31aa0e401e51efe94fc62421a8f6e9ccb9a47ed3264805f17fa580d0551173a5aaf892b8d5e01f457

Download Submit
\Program Files (x86)\winproxy2.0\window_manager_plugin.dll

Filesize
135KB

MD5
9de2fd3d64c63220300d05d5176268c4

SHA1
acf806efa83e3f080bc0210c0ff607c0ff1fa0fb

SHA256
64ab9b5643a3186314231e5b40e7582e24d0008ebcae32e5a9e72a5b9e808b10

SHA512
b6583856643fcd5efa67150894cde7bd079e346b15190e4e218eb4df0e61764beaa485bfdda2e5278894b63ce179787122b97b4226257327bfaeeea525ed40da

Download Submit
\Program Files (x86)\winproxy2.0\wl_base_help_plugin.dll

Filesize
83KB

MD5
fd91b59d8ad067da38c51f06cc3175ae

SHA1
824b0c4145b6998e916c8555fea27f5421d6e97f

SHA256
3783b58b7e01bd33c74dee3109a5cf997c3f64d635e4d3ff0989b92d87ac11ec

SHA512
a5dc0ae95b7f270f057a3d8fca341b5afe4c7495e25ca2f8ff0de3cf448a28529d4619fbed7428eb8b78e0a9a1953f330710a1969c5199ce0f2fbc5bb70eb021

Download Submit
\Users\Admin\AppData\Local\Temp\is-4ADAJ.tmp\_isetup\_isdecmp.dll

Filesize
28KB

MD5
077cb4461a2767383b317eb0c50f5f13

SHA1
584e64f1d162398b7f377ce55a6b5740379c4282

SHA256
8287d0e287a66ee78537c8d1d98e426562b95c50f569b92cea9ce36a9fa57e64

SHA512
b1fcb0265697561ef497e6a60fcee99dc5ea0cf02b4010da9f5ed93bce88bdfea6bfe823a017487b8059158464ea29636aad8e5f9dd1e8b8a1b6eaaab670e547

Download Submit
\Users\Admin\AppData\Local\Temp\is-R131V.tmp\windowsProxy_2.0.9.0.tmp

Filesize
3.2MB

MD5
2f4b6c3c676f4a4ec6193c662d7237ee

SHA1
d39df5ee7e5d22d342c155b3877b332e288260f5

SHA256
dcbd79f914729daac6890f93fb737a2ddb7cd4d2be3c6dcd9d92ed6eacad5f63

SHA512
2420cc8b95a53b624ab3bd8e63b5c14e4b2e735c1d61acb898c8290b5c30efda19ac0f6b5eb5d92699a2a49db9d7831a380875e0d5123c21df36b91c1268f903

Download Submit
\Windows\Temp\{3015B1AF-F624-4E28-9563-70FD41E0C34C}\.ba\wixstdba.dll

Filesize
64KB

MD5
aa7c40c5c65f62fda845e6f476d24602

SHA1
11772f409b02c7b5079fb1d00bbf334b963e39a9

SHA256
746c5d6b641663096cf2ecc99770cdc9051614e6b2b35d9dfcd5432eb118b447

SHA512
f8a3dd1ced612b4975cdca37f25d9906dfab5b389c2a2809ad5c8a9b376ff52a8cb17169acbe7c202d016a77bf5ec64ec82a9a6155542e88a60ab95fe9e5ae4e

Download Submit
\Windows\Temp\{96CEB16E-6AC4-4EF5-B6DF-3F96616022A7}\.cr\vc_redist.x64.exe

Filesize
635KB

MD5
b26ea60ea4341cd87c2a67e061e34439

SHA1
48f80f1defda08c555e99d55f9914c9674fa8ac9

SHA256
f4f22e86366343d12d68a925ad3cfd3aa5986a26708f26b5cc5ebbbb7d7ea461

SHA512
89f1e978c351cf01d570be1adee11f412840bb255d2b53c12d7e2c524153def7a0e618c0b35b4479d79633cc5e51d990f0ef60419d879a9729926f969ea07330

Download Submit
memory/560-607-0x00000000023A0000-0x0000000002AA1000-memory.dmp

Filesize
7.0MB

Download
memory/560-609-0x00000000023A0000-0x0000000002AA1000-memory.dmp

Filesize
7.0MB

Download
memory/560-608-0x00000000023A0000-0x0000000002AA1000-memory.dmp

Filesize
7.0MB

Download
memory/560-606-0x0000000001C40000-0x0000000001C41000-memory.dmp

Filesize
4KB

Download
memory/560-610-0x0000000001C50000-0x0000000001C51000-memory.dmp

Filesize
4KB

Download
memory/1932-530-0x0000000000400000-0x0000000000748000-memory.dmp

Filesize
3.3MB

Download
memory/1932-577-0x0000000000400000-0x0000000000748000-memory.dmp

Filesize
3.3MB

Download
memory/1932-568-0x0000000000400000-0x0000000000748000-memory.dmp

Filesize
3.3MB

Download
memory/1932-531-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1932-189-0x0000000000400000-0x0000000000748000-memory.dmp

Filesize
3.3MB

Download
memory/1932-7-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2228-600-0x0000000000400000-0x000000000050D000-memory.dmp

Filesize
1.1MB

Download
memory/2228-0-0x0000000000400000-0x000000000050D000-memory.dmp

Filesize
1.1MB

Download
memory/2228-176-0x0000000000400000-0x000000000050D000-memory.dmp

Filesize
1.1MB

Download