Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    119s
  • max time network
    118s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/04/2024, 21:41

General

  • Target

    AtlasVPN-x64.msi

  • Size

    79.2MB

  • MD5

    04cc95b57c3905f853003fd1ce01ac8e

  • SHA1

    4cd11a3dc0f85c8f68019e311c34c065fcda3638

  • SHA256

    a43f06f6e4b469bb80aa085bf7940b277c60d025ad16716f5bf88620caeb46e2

  • SHA512

    1fc25a2e2e31e788ede5df877b5674784ffefc846d250788e5d012c949e41df50299d540955663f500ae42d1af78ef6f65b0ff8edb8cbdbd48dd1079567f64d4

  • SSDEEP

    1572864:s63jKGuwEOAQQzZDGWDNbutRUtg7fsP2UTdFZ0ogbKpVD5ImV59L3AD:s6furNQQzZDJDNbuDr7fATdFaNEVD51E

Score
6/10

Malware Config

Signatures

  • Blocklisted process makes network request 2 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 19 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 64 IoCs
  • Registers COM server for autorun 1 TTPs 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 5 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 3 IoCs
  • Modifies registry class 49 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SendNotifyMessage 4 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\AtlasVPN-x64.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:1812
    • C:\Program Files\AtlasVPN\Bin\AtlasVPN.exe
      "C:\Program Files\AtlasVPN\Bin\AtlasVPN.exe"
      2⤵
      • Checks computer location settings
      • Deletes itself
      • Executes dropped EXE
      • Loads dropped DLL
      • Registers COM server for autorun
      • Modifies registry class
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:4840
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3548
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:4252
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 203F8C45225E572EEA8D70A4F6794444
      2⤵
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:3948
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding A2B9780F1B5C920FC6827C4BB187CBF6 E Global\MSI0000
      2⤵
      • Drops file in Windows directory
      • Loads dropped DLL
      • Suspicious use of AdjustPrivilegeToken
      PID:3624
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious use of AdjustPrivilegeToken
    PID:3744
  • C:\Program Files\AtlasVPN\Bin\AtlasVPN.Worker.exe
    "C:\Program Files\AtlasVPN\Bin\AtlasVPN.Worker.exe"
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4048

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Config.Msi\e584d9f.rbs

    Filesize

    514KB

    MD5

    bea12e9de6e97f2de33ab59cfc27e989

    SHA1

    3a98d60932474d42cb898bb5506b1cc24966ed4d

    SHA256

    6d2be05bd889c67dbd94ac052ad1aff1e705beebc31ad6b5320b405cd376132b

    SHA512

    34f65e2d3cc391a21cb45d832d39e41f17124cddc878c9a3599a6b0c0f7669c97492d5d58b6105df4474d399f1364fcd25bdb1f651ef76c632c6f01d6a445305

  • C:\Program Files\AtlasVPN\Bin\AtlasVPN.Worker.deps.json

    Filesize

    90KB

    MD5

    a42c611b95071afa4389d300dbaa3815

    SHA1

    5780d725d5252ebdb796139ca7347230562a9d36

    SHA256

    daf5ffa62a414c28b36639ccecc4ba6c7fe7701d97c9635bbde4b81b870afd02

    SHA512

    614c089ec841a83b7d6fb2d2ff6f95314dd11acda23a0c58a127400e2d46084a1f3ff83630c081795b96b5917c950bd37791f27cc6a88d27aca710a7e66bc4cf

  • C:\Program Files\AtlasVPN\Bin\AtlasVPN.Worker.dll

    Filesize

    41KB

    MD5

    0df08decc25a91512bc70d81ac924958

    SHA1

    5d46505e14902af75fedbf1abbc27110b5ce9016

    SHA256

    30f9f78cc7297d1e532728333879dc26bcc994a2e8d59e61c716b4d5cb3285b9

    SHA512

    57bfec68e9b73ace7a2155431572bde71396815148294134cf29fb8e031c1be36dce93c4fc48b0c882242553a96334788139a46bdcf673b484b63910ba183238

  • C:\Program Files\AtlasVPN\Bin\AtlasVPN.Worker.exe

    Filesize

    156KB

    MD5

    7230ebcb7408229b38e3701ac080ec6f

    SHA1

    305a0d692b496ce2a2f944341760e706e08d19a3

    SHA256

    6a77498528617c4e175b6fe3dc2150824a3ca402ec80b3ed9f962a42651b5eb3

    SHA512

    efe98c0fc88923d1bd8b91b03dc405dd68a35af4b5b4e38af055709456929d1e1e317fb67a86da260c121af764810f720ce3eb25a01751659653805631bb6f2f

  • C:\Program Files\AtlasVPN\Bin\AtlasVPN.Worker.runtimeconfig.json

    Filesize

    285B

    MD5

    f7906ead35c5f8c7a7dfcd41d5ff7a1c

    SHA1

    e752a36622c3af57aaf0ee16b83472520b78891c

    SHA256

    a4eaf0e7d87dcc9be4223dd48a1271803168d913a4daf48ccc87741b15c8cb6e

    SHA512

    ed2e4a178b3af62a60f97dd30954ddb04a7ebb35769ab470f6625abd18bfe75f26a1593989e5c3f3e8c09df5e87681a2494b954db648db758a4ce9a87b31145d

  • C:\Program Files\AtlasVPN\Bin\AtlasVPN.exe

    Filesize

    262KB

    MD5

    964d107dba331fed23aa470c17b5fc56

    SHA1

    f8352c6186a75f2000898ea1067f2f184874f12c

    SHA256

    3f2942dff00fabb722dddb25dbf08220135b2de08612e0d70befa641da6e3000

    SHA512

    7e372368a9f469a8212b1bea0889e94956cf1bb383ff5a0bce7beb9b7ce9e8dde9f08ae6946553e1a7373ed36a2120ca8ab21a761ae974d151584af0cff1107b

  • C:\Program Files\AtlasVPN\Bin\Microsoft.Extensions.Configuration.Abstractions.dll

    Filesize

    27KB

    MD5

    873e110bbc4ae372fa3793498d1d4bcd

    SHA1

    028234df7dd6ae16214db188cf5c36da6dd52b69

    SHA256

    b65434fdeea9d06813acdc6dfe247caf849a7af0398f4d8283cbd593aef9ffb3

    SHA512

    0a443743c83acd398f9e380a598b9dd593c55c1e2f1e41f2b8259aca7a58af2511a737aaff7d13fcf843fd70dc42b5419364a6608506f1cc2bc8f0b08598be8e

  • C:\Program Files\AtlasVPN\Bin\Microsoft.Extensions.DependencyInjection.Abstractions.dll

    Filesize

    45KB

    MD5

    2a38e7511ab15677b1cbeed422945807

    SHA1

    21eabf2071a7f68e6befa3599afff37f8cf4e459

    SHA256

    6803c4afe8c332c32d36718a8441bd52595ef5fdb36d38ccb31db9606fa5f358

    SHA512

    1d4beb0d834ec82ac67e1d4dacaf4301bfbcbdcb1317db187926881f2180bf5994b471f3378e915d193457c50d3abb7d44be39955a9ae8dbc3138c21f5e351d5

  • C:\Program Files\AtlasVPN\Bin\Microsoft.Extensions.DependencyInjection.dll

    Filesize

    82KB

    MD5

    9e6c9b146fdee01e0646dec2a800f243

    SHA1

    5a3efde449c3ec84a96bf78f156e819e7344218c

    SHA256

    0c2726556a69f9fa86c4beee8fed28fd59be0cc244c5bec739bc9cb473c12d14

    SHA512

    99088a11dd3ddf20a16a39a8eabd49a6b28f0131cd1f6c368f4a3281acd51f0cc11d2c1bf529544cabf0f611d07c32ad65f8bda6488856f8cb19f6e951fa8e31

  • C:\Program Files\AtlasVPN\Bin\Microsoft.Extensions.Hosting.Abstractions.dll

    Filesize

    29KB

    MD5

    76f063d908a0651de1ed19dab6cbae88

    SHA1

    9805ba207ca12fb7bbd164f3999ecd050875c202

    SHA256

    c1819c835bd64ba2e55b38998f78556628e284e043ca1af466f2fc21f1597ad2

    SHA512

    b69a38e37e4b35e9602d6c20e3eb4abb7ba4b392a284b22e857f117f50ea9a1c09baa5663851c7dcaeb93ea95f2707b232ad6b106f072248c0a01f64a7f12161

  • C:\Program Files\AtlasVPN\Bin\Microsoft.Extensions.Hosting.WindowsServices.dll

    Filesize

    24KB

    MD5

    958055384e0bd351a40e015407f020a3

    SHA1

    88fa04892caca08a8146ded2d8566eb4b7cd42bd

    SHA256

    de631c863a6cd73ee6801e8ec435f42cc2fef3213840c59c2821a933d177dd06

    SHA512

    a7a25e12563007404211bc882e001a324a38850d8ff6a7355b304d6eb7c7f1141cd50c691e1948c2f9680ad5b9c581895bf587ce3c1b5502be22c2cfb67fba40

  • C:\Program Files\AtlasVPN\Bin\Microsoft.Extensions.Hosting.dll

    Filesize

    56KB

    MD5

    e71c0ae43b88404aa97acb5e3dc5e10a

    SHA1

    b56fbae1d44d6d0aa82157000c8c7483f623de2c

    SHA256

    9ed8aa21d7bcc20587fc583e25c42cdeb0d739276f30873219b5391f24e48c79

    SHA512

    2f546219e834b10bfdeafff3c3d904a2cf97c17987a568e36d7e21149ac79316a0fbcf5e963779e7fe8b8eb277c300508548c30c6492381951e0b80752a4b674

  • C:\Program Files\AtlasVPN\Bin\Microsoft.Extensions.Logging.dll

    Filesize

    46KB

    MD5

    bc2ffd86629d21e4156877b980318501

    SHA1

    63412c795b13ecb5680385c13b536849f7e7c582

    SHA256

    f7a667ce93dd33306aaa60f75061a9d9bd7f9358680968a3ceadebc2b29113f3

    SHA512

    90fb55e653cd77fb1993e228b48cb3da98fa45d65e40e88e6a86246514589b8a447460c81737b0ffdda74bfb5ce06c1a9764bef92f42d0cad74cc5914aa79f2e

  • C:\Program Files\AtlasVPN\Bin\Microsoft.Win32.Primitives.dll

    Filesize

    27KB

    MD5

    4b5386234df977c229cb485374b357a7

    SHA1

    8e61b051c7e8e934ac818af8653c52955afed92c

    SHA256

    b6aa9a20d7c15bb62ed2f20561eb2ee6fa143512e09e714e3b4e00ef9d468b97

    SHA512

    19c5bcdd21941c9642f063e8ed23e88a5b6612cad11a5fe2fdcf740d2ab56fb20944c9ceb20f4cceded092f9c890b8dac766e2b2d57d092542caab3ebf8c3619

  • C:\Program Files\AtlasVPN\Bin\System.Collections.dll

    Filesize

    260KB

    MD5

    10603fba914f7f9d7478300b5ce4359a

    SHA1

    5beb8f6ee7e87c87ed921580f44f7f67235695d9

    SHA256

    262cc8ec5ebdb04f7352e60ebeb7a6e6a483db18d955c41265a5935f86d7e86b

    SHA512

    a96afc074a097b800e27518a953341cead8151becceffdcb440ac63a9f2c6794c502eeda1cc58b2a55f5d19461e55034be7eb94532d3d3ad23a4f6a3542ea552

  • C:\Program Files\AtlasVPN\Bin\System.ComponentModel.Primitives.dll

    Filesize

    75KB

    MD5

    ae565ae84112eea16a60bb8e9c6e3c2f

    SHA1

    1c82eaf0b6e5c5e3d308c733f8a10a8333a59361

    SHA256

    9da3719f34fff3474eeaba9eab2a30ba53e9e0672980407b4ccec52f5dd6dbe8

    SHA512

    269ac24da2448540b08ae90be1affb2778b01c181edf6c91b82ea88f1f7bffcf260858359f6dd3c0ad7ba86c2eca5d670617dd45a7dd6bf6e85d22655283f010

  • C:\Program Files\AtlasVPN\Bin\System.ComponentModel.dll

    Filesize

    19KB

    MD5

    e8fbac1e2ac141d99c85c8755d8ef48a

    SHA1

    63d84eec5778a1fc9b99e014a3fb30b15b9ea5b6

    SHA256

    58dd442c5b189056fcb9033c7e9d022a58028bcf1f0c240745f6afcc8e6fae0d

    SHA512

    85efc776cc113c884b24117f909989026443591afbba628318740287005eb50b8401d12a3044da68622257761aef32be687ed34eb9db7d9c4607d40cdda1a9f8

  • C:\Program Files\AtlasVPN\Bin\System.Diagnostics.DiagnosticSource.dll

    Filesize

    373KB

    MD5

    cf10c9c63972c5c95e7eb3612762fb15

    SHA1

    c48f3ca57efee1e603dd257a515d91a380dc39bd

    SHA256

    6e21f54987bbb9ac7805da6d94ddca7d61b4f59b9a9663f738f7c59d1f84ba2d

    SHA512

    cfa8d64770efe296aa71cbe303e3d76b3ffaf87432281c010855a7979c9973942f690697d4b51daf6972eb32cb42b8cbe27e284e8235c3a35d13f409ebca3e88

  • C:\Program Files\AtlasVPN\Bin\System.Diagnostics.Process.dll

    Filesize

    285KB

    MD5

    b9835c96764bb5b2d246d0244620c451

    SHA1

    fd1dd65b58a1111f507115c6b9b13f9030afdbd5

    SHA256

    9dbd4b9df1dc1a41807143a45558f847415024e3e29297b2dfac9783495ad017

    SHA512

    52d9969a65044a05ad0413a2cc797d61307d807a5838fd45a5f53aaa83626a6517a6c416578374160623e6ae2b56c52804d0262c7368d9c9f5557406c5b6d2db

  • C:\Program Files\AtlasVPN\Bin\System.Memory.dll

    Filesize

    171KB

    MD5

    e98a05eb7219dd4c5a09cbc0962759e4

    SHA1

    a55a15153f709380b6f4fbe0ae1e4773c607c418

    SHA256

    aede82dd7ee77314b1a491b1a9ca65c7cfcba7dc26bc8ea720b11063409441ba

    SHA512

    9b9e414190671be3222c538cc94c69b3a3c6b4e1a63b0039541afada0c18d5586a82dabd02638a58416262543aa7b6f730da198250456c716235e808f1b2c812

  • C:\Program Files\AtlasVPN\Bin\System.Private.CoreLib.dll

    Filesize

    10.1MB

    MD5

    8d1ff4dbfbb56742076f90a2bc71985d

    SHA1

    df27d00e109fff431d640511a82bb91bf86fe374

    SHA256

    7cf2ba8d1b18f42b7da7b0ff5fc93740e959422e0e0dae4e374b2d4a2e5b5384

    SHA512

    d676549cd95b4ffad9c523fd4e63dbabd0ef8ebbdcf526e4acb1e24974dff50345792c4450846c1e6874c7fb92330e242f87cf323a403f7444131fcf5c9aa87b

  • C:\Program Files\AtlasVPN\Bin\System.Runtime.InteropServices.RuntimeInformation.dll

    Filesize

    32KB

    MD5

    a856ce9a5ea297ba02b34dfe37bfb9bc

    SHA1

    e0bd9431639a415d2315d33c1cf86bd4ab57563a

    SHA256

    7ce50398eea6f292389ec13b5e9e8ff5417669d27b38d0f82f15dc51ccedb569

    SHA512

    c719b7ee4f876a45be4878f66f7d16c44d0a32b234172e32316c75f350b2db2ea8dcd7181abf011a32976c058acdad51c1fa1c1c2a62bc1d0e610ed428aac048

  • C:\Program Files\AtlasVPN\Bin\System.Runtime.InteropServices.dll

    Filesize

    52KB

    MD5

    5bf2398f935183238f792aad6bb76905

    SHA1

    e5f3e420ddedf9a52484f23513f508e32e524e35

    SHA256

    f7ee44f2054383e86cdddc9bdbcc78725538ade9b676a61f062ca730c1d9de40

    SHA512

    88654fa6b23ef4cecbbca6e7c7b5217d163863e4c7e62e597c855314a652af96f754090d8778989beae62f4db0f256c12c8593190da09eb5da79ee6319c1df4a

  • C:\Program Files\AtlasVPN\Bin\System.Runtime.dll

    Filesize

    43KB

    MD5

    4072097ef4af2a79fa1ad21cd9060488

    SHA1

    a801ec968dcbb03a8c47f2cf8833d477417a000a

    SHA256

    49f1f71a99aac0f1f9695bac37e501b4c91eea7dbd8a1896b8fa6d765991b246

    SHA512

    7c7e1dc531b673cb46bb5dc938496d326d1f4c65a8498293ea49be6da79c77bcbe90be9b9febf2583f0b36cbbc7c0975075543674970deed3b4258cfd8256c5d

  • C:\Program Files\AtlasVPN\Bin\System.Threading.dll

    Filesize

    79KB

    MD5

    6f97d62798c209488efb1a1262e02c0a

    SHA1

    3acc2b2570ccde709819808015070321c36891d9

    SHA256

    356a5a0c308ed908779252f08b461ce8a68b2e111f994ffda7e560628270715d

    SHA512

    4c5a33448a951e1d50b21fcb648f0d0b63051594a2a7c170529d5fdcef601bde10a9c6192cbf7273a054c53d99215b66d5d8380c6d93fd6e2d38287ec60dfd0c

  • C:\Program Files\AtlasVPN\Bin\clrjit.dll

    Filesize

    1.4MB

    MD5

    b582610f6f2238ad2f870932442d55e7

    SHA1

    ec0f039f250b3c41ec7367ecd11ff9f7c3af577b

    SHA256

    33d1d5e413c0871c985d37e827f4620148d2c1e6d8c13960ad455b32c3d5e65e

    SHA512

    52a3be870492c35015b32f03b1147d3350e53552d44c73de2e871d4f8e1eac5afc85a649d901010582eb8268ece43b76ec047eb36c91e758080a35ac69efea4f

  • C:\Program Files\AtlasVPN\Bin\coreclr.dll

    Filesize

    4.9MB

    MD5

    219d43e2ecc74c6d89b23b3533278e42

    SHA1

    dbe6a69160869f9541c2cddcb3e4c555fd61b21d

    SHA256

    6b15e3d195f0ba048703841f3a7ded4973e45eb4337ea3358f243165b9c9d8bc

    SHA512

    ce6bc498c7b86523ae902184773ed49e03932b2ebb4596583a6af037102605355759e55ad6d87708519ff924fa72805d16032838f06c8d848b7f5228580a8562

  • C:\Program Files\AtlasVPN\Bin\hostfxr.dll

    Filesize

    368KB

    MD5

    9559634b72c43481c212bf4d1e8d5db2

    SHA1

    60c2ad0b36ff63dc459f8f4d41f39d76b572c967

    SHA256

    d2ba2e9e265028993513b0830f515cf7fd6139965f9e40bac6338f9e2a53e7d1

    SHA512

    b0ea22c4761a6971e5c6a3329d8fb49a8fe5a37c3f09d945c589f59d7f6ca9d72f715f2098bcc1ff17c647cd7419c9347999b185b5551e77f5e426509a428034

  • C:\Program Files\AtlasVPN\Bin\hostpolicy.dll

    Filesize

    384KB

    MD5

    22e0f186b5b630a0988f01730b7c4e9b

    SHA1

    fcecdb4960db195b99028579a548cf1c20271410

    SHA256

    02a7a787b52e8804d4008677e532843141340e7132a90251982027420b30e87b

    SHA512

    0ba3bebf9e02ff60063df08c6f8dea995c5b60898ead08297a3d50e17d8dc7d9ca9e30d95ef81e1ca8a0a23f124c262be36644df419c185b5f27935762dd3781

  • C:\Program Files\AtlasVPN\Bin\mscorrc.dll

    Filesize

    145KB

    MD5

    c3b3a1854f889814c12f6cc6da40b5aa

    SHA1

    553ad6cefa2348c71d6ba84b562a9c470631a0cc

    SHA256

    a25e7a71d8ede9ad4727b0a74c0cb1ca8a8a9f79e6f5e6b6a7d26f75b61c2141

    SHA512

    68d577858b28e057ef38f638a4983db6b6fb980d39f998536eff57623e8f87d99323ba3843eee22bfa356230366193827534eb0289fc484e438600d540b0039f

  • C:\Program Files\AtlasVPN\Bin\netstandard.dll

    Filesize

    100KB

    MD5

    30dca9c062efa8a31691efe3385f6e87

    SHA1

    8a62daa53b88b0b87043a10fcd6e84e7d348a591

    SHA256

    81fa3c2943d987608233928a96c3167de59fdd239e75f18e2d4ebd5907d8b357

    SHA512

    3a5b81faa6286f70baa2b80dd2d14a18b887951042039d653926e9d29ab658625f0d04d3830d11d45b73b4cf6830bb341265bc0db09580f12150c8aaae244ce2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\357F04AD41BCF5FE18FCB69F60C6680F_70C7C5399E13EE2B17865233A7698176

    Filesize

    1KB

    MD5

    f8a784ae449686a513e0c4e2584cb60a

    SHA1

    f706d94d99119052f1ed0af03895f24caa2e07fe

    SHA256

    883f1d78d771c47589eac13af88ce0ca404656fb132e7d44c6c9aba0a004c397

    SHA512

    62b116255d9a89dac549de52b245e189ee0510b0814a79faa4ca8993abe4b87bb3d1c9f2d95313faa9f718202e470a17ce350a545c99f3288d8d0700195bea10

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E

    Filesize

    1KB

    MD5

    f63bd70c0841c95d9093aa0e30bd04a5

    SHA1

    8efe41947c4ae392ea62f87e40c9426262911857

    SHA256

    647370dc954f29363d2231eb873f1dfdd7ae5a2070794c233544aa34ca63d611

    SHA512

    49455800de06573fd49c44cd59088761652868ae93cb22f711103ecac703011c21cd4b9ee2c6f3c7ffe5c83c5e14f927b0e74bede0f5409b726cfea33508d39a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\357F04AD41BCF5FE18FCB69F60C6680F_70C7C5399E13EE2B17865233A7698176

    Filesize

    540B

    MD5

    731bc0adc44dff65a52d85d9595ecd0b

    SHA1

    7ad622f5c17abc5d833eb50fda7f2f686a1c2f48

    SHA256

    8ebd2dd357edc0fd9d7b613b5331b6174ea91f642c5279a7d2402b5fc9bf36c2

    SHA512

    75db467a01408601ee294c7625591e1de3b021c3d33d014624a9bde7eef0fcef8966af3dbf02e1daeb0b736a4814e38255351124f527e7c85553773326c683f7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E

    Filesize

    536B

    MD5

    91a813f3596d7488faa8b5fe7f60f8ea

    SHA1

    d83b9b46bd06cab97a78cb8e61e1a73dfb45af37

    SHA256

    d4c93810c82f7c3565f058add9d0b52e44f8bd9d68befc23e87f96ffb14cabda

    SHA512

    4e14cd39ecb1982c198908ded9df8869c1b9d2d1d065ced1174274587f6f0fe7dbd9bfc8a8627eaf2ad29b905a5420b5753b895d045a0472aa56b53f53282608

  • C:\Users\Admin\AppData\Local\AtlasVPN\AtlasVPN_StrongName_sk5dvgpwisbm4egbpxgjauge0zc5yymi\03jb5nuc.newcfg

    Filesize

    339B

    MD5

    b856b1c2833dae5e4512d372feddf831

    SHA1

    d1bb66d06db43f93406aeac39b7cd35855ea6c9a

    SHA256

    5faf9f8bfa96c8cdd25fa2869438f9daf133b5df116a8b77ce85d425d587af91

    SHA512

    d6eb1817b5ed63f8059bd28088a5e075c5cd3b498aa92117fa90225bea92552e087f0f2032c319ebab5510a3f256b7ffe3a19d898c3ba824a3dfa61165498b42

  • C:\Users\Admin\AppData\Local\AtlasVPN\AtlasVPN_StrongName_sk5dvgpwisbm4egbpxgjauge0zc5yymi\AppCenter.config

    Filesize

    199B

    MD5

    0fe1441adc7420783954d40eca829cb4

    SHA1

    a1a33f73716f5f977473743035f757a3d03da690

    SHA256

    dfcd24add844cc97521c5123f2b2ef51ac340a91013b532e43a7cd2f7eaea049

    SHA512

    fd9dcaee4c9bab8cbb0a1fd4b3fac663b99aaa87542a5b94ca033402450714da023b8a0bfbb9cf8276090417dbfdd8dfecfd2fae26c37e37c57497bbbbb7d894

  • C:\Users\Admin\AppData\Local\AtlasVPN\AtlasVPN_StrongName_sk5dvgpwisbm4egbpxgjauge0zc5yymi\ygv0zplb.newcfg

    Filesize

    270B

    MD5

    b7d65ad3499547dc5ca366b07ce19896

    SHA1

    9531d07706504861b2f6c92504ab1a498cea6c6b

    SHA256

    9b091cad17cbab97f6a5ffdb8ff11ed540820fa50542335185ffce1fc33aa0e9

    SHA512

    a3e3252fe4d128a817167d72a2b857d602329b036b7b42ac34fe8f39d562380d1b84e8df23f762de3702b5d7e55d6a107d6fad50b138e73b78aba1e434783aec

  • C:\Users\Admin\AppData\Local\Temp\Tmp5BC7.tmp

    Filesize

    1KB

    MD5

    af36cad66920ea0fbbcd7ee8ad681dc6

    SHA1

    8bb9ce34d950ace8c610d1c67af5b7cad2b26e23

    SHA256

    c33e5e2472ed34576c889a27a46d90ca849a8f9dbf69a7ef6791ef826680f950

    SHA512

    b069e6fcb08b22031410d261d298b398501e78e81ea413cd842e95ddb030703f0292c58c76ce9144e4aa54a764d0a4e03c34c12986e3cea5021a65ac7b1b3433

  • C:\Users\Admin\AppData\Local\Temp\TmpCAAE.tmp

    Filesize

    1KB

    MD5

    379a301592736712c9a60676c50cf19b

    SHA1

    c103790503bf8c2ff3f119adee027ebb429b9d21

    SHA256

    cc7400692bd90e1b5fc44e11c8dd7c788cbb462f52ea3f3decb579e4d51eb268

    SHA512

    dec25a31f2930eb575a43e654c29f170c261c1c4516767c0e71cc172ad6ad115914fb58d9cd79f681ff3d7c6baa6b7c0d6de99de09d7582c9807ae436f15572f

  • C:\Windows\Installer\MSI5270.tmp

    Filesize

    211KB

    MD5

    a3ae5d86ecf38db9427359ea37a5f646

    SHA1

    eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

    SHA256

    c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

    SHA512

    96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

  • C:\Windows\Installer\MSI5AD0.tmp

    Filesize

    297KB

    MD5

    7a86ce1a899262dd3c1df656bff3fb2c

    SHA1

    33dcbe66c0dc0a16bab852ed0a6ef71c2d9e0541

    SHA256

    b8f2d0909d7c2934285a8be010d37c0609c7854a36562cbfcbce547f4f4c7b0c

    SHA512

    421e8195c47381de4b3125ab6719eec9be7acd2c97ce9247f4b70a309d32377917c9686b245864e914448fe53df2694d5ee5f327838d029989ba7acafda302ec

  • C:\Windows\Installer\MSI6F74.tmp

    Filesize

    224KB

    MD5

    4837bbfa20c65ac97910388f07d1785e

    SHA1

    e066a3d68c8a5c099633f22a32e22cb8c4f24d8c

    SHA256

    29b9f6167ea343f279c7ebafa18f8fba0fa8c3c21f9f33e7741452c856d45664

    SHA512

    91cade5a43fedce4c06e21cd68023ad13ecc18ddf34379544f8111569868980d3852e93d8f0ccbb013df317f9ee1ac97d9a16862878371ec2cb0fd51b3468037

  • C:\Windows\Installer\e584d9e.msi

    Filesize

    79.2MB

    MD5

    04cc95b57c3905f853003fd1ce01ac8e

    SHA1

    4cd11a3dc0f85c8f68019e311c34c065fcda3638

    SHA256

    a43f06f6e4b469bb80aa085bf7940b277c60d025ad16716f5bf88620caeb46e2

    SHA512

    1fc25a2e2e31e788ede5df877b5674784ffefc846d250788e5d012c949e41df50299d540955663f500ae42d1af78ef6f65b0ff8edb8cbdbd48dd1079567f64d4

  • memory/4048-516-0x00007FFFA0040000-0x00007FFFA053E000-memory.dmp

    Filesize

    5.0MB

  • memory/4048-591-0x00007FFFA0040000-0x00007FFFA053E000-memory.dmp

    Filesize

    5.0MB

  • memory/4840-532-0x00007FFFA0040000-0x00007FFFA053E000-memory.dmp

    Filesize

    5.0MB

  • memory/4840-594-0x00007FFFA0040000-0x00007FFFA053E000-memory.dmp

    Filesize

    5.0MB