Analysis

  • max time kernel
    130s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    02/06/2024, 01:39

General

  • Target

    8c7d5a492d7680b8062055cc3ddb9b45_JaffaCakes118.exe

  • Size

    2.0MB

  • MD5

    8c7d5a492d7680b8062055cc3ddb9b45

  • SHA1

    0a8ab10ec6ccec645a7b40d4e5ca943475d2a5aa

  • SHA256

    2af485626e4b3fac3c880cf16b950f17562169c0c3b01e8bcead75453e74ce0d

  • SHA512

    8ea5a985fed7d884305558a8c2c2c0a93779e2efc803721f32d952df302bb208e101f83831f6df6611de3f6fbe860a305ee2c677a14b2e49726c4c6ade069a71

  • SSDEEP

    49152:gco0o0emPUHFwm72hQ9y14tkANvHwXS245zSHNiK+UqbeCIRb:gcT6cEFwmS14tk4Hwl4haQ/xbY

Score
8/10

Malware Config

Signatures

  • Drops file in Drivers directory 3 IoCs
  • Manipulates Digital Signatures 1 TTPs 2 IoCs

    Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

  • Executes dropped EXE 5 IoCs
  • Loads dropped DLL 14 IoCs
  • Drops file in System32 directory 21 IoCs
  • Drops file in Program Files directory 60 IoCs
  • Drops file in Windows directory 13 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Kills process with taskkill 2 IoCs
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies system certificate store 2 TTPs 10 IoCs
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 56 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

Processes

  • C:\Users\Admin\AppData\Local\Temp\8c7d5a492d7680b8062055cc3ddb9b45_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\8c7d5a492d7680b8062055cc3ddb9b45_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1608
    • C:\Users\Admin\AppData\Local\Temp\OpenVPN\Files\hidec.exe
      "C:\Users\Admin\AppData\Local\Temp\OpenVPN\Files\hidec.exe" "C:\Windows\system32\cmd.exe" /C "install.bat %~1 & ping 127.0.0.1 -n 11 & cd .. && rmdir /S /Q "C:\Users\Admin\AppData\Local\Temp\OpenVPN""
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:2480
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\system32\cmd.exe" /C "install.bat %~1 & ping 127.0.0.1 -n 11 & cd .. && rmdir /S /Q "C:\Users\Admin\AppData\Local\Temp\OpenVPN""
        3⤵
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:2952
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /T /IM "openvpn*" /IM "openssl.exe" /IM "autoit3.exe" /IM "devcon.exe" /IM "cpau-run.exe"
          4⤵
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:1696
        • C:\Users\Admin\AppData\Local\Temp\OpenVPN\Files\devcon64.exe
          "C:\Users\Admin\AppData\Local\Temp\OpenVPN\Files\devcon64.exe" remove "tap0901"
          4⤵
          • Executes dropped EXE
          PID:2760
        • C:\Users\Admin\AppData\Local\Temp\OpenVPN\Files\devcon64.exe
          "C:\Users\Admin\AppData\Local\Temp\OpenVPN\Files\devcon64.exe" remove "tap0801"
          4⤵
          • Executes dropped EXE
          PID:2776
        • C:\Windows\SysWOW64\reg.exe
          reg.exe delete "HKLM\SYSTEM\CurrentControlSet\Services\tap0801" /F
          4⤵
            PID:1784
          • C:\Windows\SysWOW64\reg.exe
            reg.exe delete "HKLM\SOFTWARE\OpenVPN" /F
            4⤵
              PID:1556
            • C:\Windows\SysWOW64\reg.exe
              reg.exe delete "HKLM\SOFTWARE\OpenVPN-GUI" /F
              4⤵
                PID:608
              • C:\Windows\SysWOW64\reg.exe
                reg.exe delete "HKLM\SOFTWARE\Wow6432Node\OpenVPN" /F
                4⤵
                  PID:1504
                • C:\Windows\SysWOW64\reg.exe
                  reg.exe delete "HKLM\SOFTWARE\Wow6432Node\OpenVPN-GUI" /F
                  4⤵
                    PID:1620
                  • C:\Windows\SysWOW64\reg.exe
                    reg.exe delete "HKCR\.ovpn" /F
                    4⤵
                      PID:1544
                    • C:\Windows\SysWOW64\reg.exe
                      reg.exe delete "HKCR\OpenVPN" /F
                      4⤵
                        PID:1552
                      • C:\Windows\SysWOW64\reg.exe
                        reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ovpn" /F
                        4⤵
                          PID:1744
                        • C:\Windows\SysWOW64\wscript.exe
                          wscript.exe "C:\Users\Admin\AppData\Local\Temp\OpenVPN\shortcut.vbs" "" "AllUsersPrograms" "OpenVPN"
                          4⤵
                            PID:984
                          • C:\Windows\SysWOW64\wscript.exe
                            wscript.exe "C:\Users\Admin\AppData\Local\Temp\OpenVPN\shortcut.vbs" "" "AllUsersDesktop" "OpenVPN"
                            4⤵
                              PID:1888
                            • C:\Windows\SysWOW64\wscript.exe
                              wscript.exe "C:\Users\Admin\AppData\Local\Temp\OpenVPN\shortcut.vbs" "" "Desktop" "OpenVPN"
                              4⤵
                                PID:2184
                              • C:\Windows\SysWOW64\certutil.exe
                                certutil.exe -addstore "TrustedPublisher" "C:\Users\Admin\AppData\Local\Temp\OpenVPN\Files\\tapadd.cer"
                                4⤵
                                • Manipulates Digital Signatures
                                PID:2200
                              • C:\Users\Admin\AppData\Local\Temp\OpenVPN\Files\autoit3.exe
                                "C:\Users\Admin\AppData\Local\Temp\OpenVPN\Files\autoit3.exe" "tapadd.au3"
                                4⤵
                                • Executes dropped EXE
                                PID:2024
                              • C:\Users\Admin\AppData\Local\Temp\OpenVPN\Files\devcon64.exe
                                "C:\Users\Admin\AppData\Local\Temp\OpenVPN\Files\devcon64.exe" install "C:\Users\Admin\AppData\Local\Temp\OpenVPN\Files\tap\x64\oemwin2k.inf" "tap0901"
                                4⤵
                                • Manipulates Digital Signatures
                                • Executes dropped EXE
                                • Drops file in System32 directory
                                • Drops file in Windows directory
                                • Modifies system certificate store
                                • Suspicious use of AdjustPrivilegeToken
                                PID:2920
                              • C:\Windows\SysWOW64\find.exe
                                find.exe /I "successfully"
                                4⤵
                                  PID:976
                                • C:\Windows\SysWOW64\cmd.exe
                                  C:\Windows\system32\cmd.exe /c reg.exe query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}" /S
                                  4⤵
                                    PID:2984
                                    • C:\Windows\SysWOW64\reg.exe
                                      reg.exe query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}" /S
                                      5⤵
                                        PID:2964
                                    • C:\Windows\SysWOW64\reg.exe
                                      reg.exe add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0011" /V "Characteristics" /T REG_DWORD /D "0x89" /F
                                      4⤵
                                        PID:1828
                                      • C:\Windows\SysWOW64\taskkill.exe
                                        taskkill.exe /F /T /IM "autoit3.exe"
                                        4⤵
                                        • Kills process with taskkill
                                        • Suspicious use of AdjustPrivilegeToken
                                        PID:1396
                                      • C:\Windows\SysWOW64\xcopy.exe
                                        xcopy.exe /E /C /Q /H /R /Y /Z "C:\Users\Admin\AppData\Local\Temp\OpenVPN\Files" "C:\Program Files\OpenVPN\"
                                        4⤵
                                        • Drops file in Program Files directory
                                        • Enumerates system info in registry
                                        PID:2892
                                      • C:\Windows\SysWOW64\reg.exe
                                        reg.exe add "HKLM\SOFTWARE\Wow6432Node\OpenVPN" /VE /T REG_SZ /D "C:\Program Files\OpenVPN" /F
                                        4⤵
                                          PID:1864
                                        • C:\Windows\SysWOW64\reg.exe
                                          reg.exe add "HKLM\SOFTWARE\Wow6432Node\OpenVPN" /V "config_dir" /T REG_SZ /D "C:\Program Files\OpenVPN\config" /F
                                          4⤵
                                            PID:1640
                                          • C:\Windows\SysWOW64\reg.exe
                                            reg.exe add "HKLM\SOFTWARE\Wow6432Node\OpenVPN" /V "config_ext" /T REG_SZ /D "ovpn" /F
                                            4⤵
                                              PID:1472
                                            • C:\Windows\SysWOW64\reg.exe
                                              reg.exe add "HKLM\SOFTWARE\Wow6432Node\OpenVPN" /V "exe_path" /T REG_SZ /D "C:\Program Files\OpenVPN\openvpn.exe" /F
                                              4⤵
                                                PID:2016
                                              • C:\Windows\SysWOW64\reg.exe
                                                reg.exe add "HKLM\SOFTWARE\Wow6432Node\OpenVPN" /V "log_dir" /T REG_SZ /D "C:\Program Files\OpenVPN\log" /F
                                                4⤵
                                                  PID:1488
                                                • C:\Windows\SysWOW64\reg.exe
                                                  reg.exe add "HKLM\SOFTWARE\Wow6432Node\OpenVPN" /V "priority" /T REG_SZ /D "NORMAL_PRIORITY_CLASS" /F
                                                  4⤵
                                                    PID:1844
                                                  • C:\Windows\SysWOW64\reg.exe
                                                    reg.exe add "HKLM\SOFTWARE\Wow6432Node\OpenVPN" /V "log_append" /T REG_SZ /D "0" /F
                                                    4⤵
                                                      PID:3044
                                                    • C:\Windows\SysWOW64\reg.exe
                                                      reg.exe add "HKLM\SOFTWARE\Wow6432Node\OpenVPN-GUI" /VE /T REG_SZ /D "C:\Program Files\OpenVPN" /F
                                                      4⤵
                                                        PID:2316
                                                      • C:\Windows\SysWOW64\reg.exe
                                                        reg.exe add "HKLM\SOFTWARE\Wow6432Node\OpenVPN-GUI" /V "config_dir" /T REG_SZ /D "C:\Program Files\OpenVPN\config" /F
                                                        4⤵
                                                          PID:3012
                                                        • C:\Windows\SysWOW64\reg.exe
                                                          reg.exe add "HKLM\SOFTWARE\Wow6432Node\OpenVPN-GUI" /V "config_ext" /T REG_SZ /D "ovpn" /F
                                                          4⤵
                                                            PID:2928
                                                          • C:\Windows\SysWOW64\reg.exe
                                                            reg.exe add "HKLM\SOFTWARE\Wow6432Node\OpenVPN-GUI" /V "exe_path" /T REG_SZ /D "C:\Program Files\OpenVPN\openvpn.exe" /F
                                                            4⤵
                                                              PID:1308
                                                            • C:\Windows\SysWOW64\reg.exe
                                                              reg.exe add "HKLM\SOFTWARE\Wow6432Node\OpenVPN-GUI" /V "log_dir" /T REG_SZ /D "C:\Program Files\OpenVPN\log" /F
                                                              4⤵
                                                                PID:1648
                                                              • C:\Windows\SysWOW64\reg.exe
                                                                reg.exe add "HKLM\SOFTWARE\Wow6432Node\OpenVPN-GUI" /V "priority" /T REG_SZ /D "NORMAL_PRIORITY_CLASS" /F
                                                                4⤵
                                                                  PID:2552
                                                                • C:\Windows\SysWOW64\reg.exe
                                                                  reg.exe add "HKLM\SOFTWARE\Wow6432Node\OpenVPN-GUI" /V "log_append" /T REG_SZ /D "0" /F
                                                                  4⤵
                                                                    PID:2056
                                                                  • C:\Windows\SysWOW64\reg.exe
                                                                    reg.exe add "HKLM\SOFTWARE\Wow6432Node\OpenVPN-GUI" /V "allow_view" /T REG_SZ /D "0" /F
                                                                    4⤵
                                                                      PID:1600
                                                                    • C:\Windows\SysWOW64\reg.exe
                                                                      reg.exe add "HKLM\SOFTWARE\Wow6432Node\OpenVPN-GUI" /V "allow_edit" /T REG_SZ /D "0" /F
                                                                      4⤵
                                                                        PID:2132
                                                                      • C:\Windows\SysWOW64\reg.exe
                                                                        reg.exe add "HKLM\SOFTWARE\Wow6432Node\OpenVPN-GUI" /V "allow_service" /T REG_SZ /D "0" /F
                                                                        4⤵
                                                                          PID:2384
                                                                        • C:\Windows\SysWOW64\reg.exe
                                                                          reg.exe add "HKLM\SOFTWARE\Wow6432Node\OpenVPN-GUI" /V "allow_proxy" /T REG_SZ /D "1" /F
                                                                          4⤵
                                                                            PID:2212
                                                                          • C:\Windows\SysWOW64\reg.exe
                                                                            reg.exe add "HKLM\SOFTWARE\Wow6432Node\OpenVPN-GUI" /V "allow_password" /T REG_SZ /D "0" /F
                                                                            4⤵
                                                                              PID:2568
                                                                            • C:\Windows\SysWOW64\reg.exe
                                                                              reg.exe add "HKLM\SOFTWARE\Wow6432Node\OpenVPN-GUI" /V "service_only" /T REG_SZ /D "0" /F
                                                                              4⤵
                                                                                PID:2232
                                                                              • C:\Windows\SysWOW64\reg.exe
                                                                                reg.exe add "HKLM\SOFTWARE\Wow6432Node\OpenVPN-GUI" /V "log_viewer" /T REG_SZ /D "hidec.exe" /F
                                                                                4⤵
                                                                                  PID:1936
                                                                                • C:\Windows\SysWOW64\reg.exe
                                                                                  reg.exe add "HKLM\SOFTWARE\Wow6432Node\OpenVPN-GUI" /V "passphrase_attempts" /T REG_SZ /D "3" /F
                                                                                  4⤵
                                                                                    PID:2732
                                                                                  • C:\Windows\SysWOW64\reg.exe
                                                                                    reg.exe add "HKLM\SOFTWARE\Wow6432Node\OpenVPN-GUI" /V "editor" /T REG_SZ /D "notepad.exe" /F
                                                                                    4⤵
                                                                                      PID:2672
                                                                                    • C:\Windows\SysWOW64\reg.exe
                                                                                      reg.exe add "HKLM\SOFTWARE\Wow6432Node\OpenVPN-GUI" /V "connectscript_timeout" /T REG_SZ /D "15" /F
                                                                                      4⤵
                                                                                        PID:2704
                                                                                      • C:\Windows\SysWOW64\reg.exe
                                                                                        reg.exe add "HKLM\SOFTWARE\Wow6432Node\OpenVPN-GUI" /V "disconnectscript_timeout" /T REG_SZ /D "10" /F
                                                                                        4⤵
                                                                                          PID:2608
                                                                                        • C:\Windows\SysWOW64\reg.exe
                                                                                          reg.exe add "HKLM\SOFTWARE\Wow6432Node\OpenVPN-GUI" /V "preconnectscript_timeout" /T REG_SZ /D "10" /F
                                                                                          4⤵
                                                                                            PID:2728
                                                                                          • C:\Windows\SysWOW64\reg.exe
                                                                                            reg.exe add "HKLM\SOFTWARE\Wow6432Node\OpenVPN-GUI" /V "silent_connection" /T REG_SZ /D "0" /F
                                                                                            4⤵
                                                                                              PID:3068
                                                                                            • C:\Windows\SysWOW64\reg.exe
                                                                                              reg.exe add "HKLM\SOFTWARE\Wow6432Node\OpenVPN-GUI" /V "show_balloon" /T REG_SZ /D "1" /F
                                                                                              4⤵
                                                                                                PID:1652
                                                                                              • C:\Windows\SysWOW64\reg.exe
                                                                                                reg.exe add "HKLM\SOFTWARE\Wow6432Node\OpenVPN-GUI" /V "show_script_window" /T REG_SZ /D "1" /F
                                                                                                4⤵
                                                                                                  PID:2576
                                                                                                • C:\Windows\SysWOW64\reg.exe
                                                                                                  reg.exe add "HKLM\SOFTWARE\Wow6432Node\OpenVPN-GUI" /V "disconnect_on_suspend" /T REG_SZ /D "1" /F
                                                                                                  4⤵
                                                                                                    PID:2708
                                                                                                  • C:\Windows\SysWOW64\reg.exe
                                                                                                    reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers" /V "C:\Program Files\OpenVPN\openvpn-gui.exe" /T REG_SZ /D "RUNASADMIN" /F
                                                                                                    4⤵
                                                                                                      PID:2496
                                                                                                    • C:\Windows\SysWOW64\wscript.exe
                                                                                                      wscript.exe "C:\Users\Admin\AppData\Local\Temp\OpenVPN\shortcut.vbs" "C:\Program Files\OpenVPN\cpau-run.exe" "AllUsersPrograms" "OpenVPN" "VPN-¬½¿Ñ¡Γ" "C:\Program Files\OpenVPN\openvpn.ico"
                                                                                                      4⤵
                                                                                                      • Loads dropped DLL
                                                                                                      PID:2488
                                                                                                    • C:\Windows\SysWOW64\wscript.exe
                                                                                                      wscript.exe "C:\Users\Admin\AppData\Local\Temp\OpenVPN\shortcut.vbs" "C:\Program Files\OpenVPN\cpau-run.exe" "AllUsersDesktop" "OpenVPN" "VPN-¬½¿Ñ¡Γ" "C:\Program Files\OpenVPN\openvpn.ico"
                                                                                                      4⤵
                                                                                                      • Loads dropped DLL
                                                                                                      PID:2656
                                                                                                    • C:\Windows\SysWOW64\PING.EXE
                                                                                                      ping 127.0.0.1 -n 11
                                                                                                      4⤵
                                                                                                      • Runs ping.exe
                                                                                                      PID:2492
                                                                                              • C:\Windows\system32\DrvInst.exe
                                                                                                DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{0fefe06a-ebbc-2c12-4116-6c521a955d70}\oemwin2k.inf" "9" "6d14a44ff" "00000000000004C8" "WinSta0\Default" "0000000000000574" "208" "c:\users\admin\appdata\local\temp\openvpn\files\tap\x64"
                                                                                                1⤵
                                                                                                • Drops file in System32 directory
                                                                                                • Drops file in Windows directory
                                                                                                • Modifies data under HKEY_USERS
                                                                                                • Suspicious use of AdjustPrivilegeToken
                                                                                                PID:1448
                                                                                              • C:\Windows\system32\vssvc.exe
                                                                                                C:\Windows\system32\vssvc.exe
                                                                                                1⤵
                                                                                                • Suspicious use of AdjustPrivilegeToken
                                                                                                PID:2320
                                                                                              • C:\Windows\system32\DrvInst.exe
                                                                                                DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot18" "" "" "6792c44eb" "0000000000000000" "00000000000005D0" "00000000000005CC"
                                                                                                1⤵
                                                                                                • Drops file in Windows directory
                                                                                                • Modifies data under HKEY_USERS
                                                                                                • Suspicious use of AdjustPrivilegeToken
                                                                                                PID:2608
                                                                                              • C:\Windows\system32\DrvInst.exe
                                                                                                DrvInst.exe "2" "211" "ROOT\NET\0000" "C:\Windows\INF\oem2.inf" "oemwin2k.inf:tap0901.NTamd64:tap0901.ndi:9.0.0.9:tap0901" "6d14a44ff" "000000000000038C" "00000000000005C0" "00000000000005D8"
                                                                                                1⤵
                                                                                                • Drops file in Drivers directory
                                                                                                • Drops file in System32 directory
                                                                                                • Drops file in Windows directory
                                                                                                • Modifies data under HKEY_USERS
                                                                                                • Suspicious use of AdjustPrivilegeToken
                                                                                                PID:2644

                                                                                              Network

                                                                                                    MITRE ATT&CK Enterprise v15

                                                                                                    Replay Monitor

                                                                                                    Loading Replay Monitor...

                                                                                                    Downloads

                                                                                                    • C:\Program Files\OpenVPN\config\lnkrivoshapka.ovpn

                                                                                                      Filesize

                                                                                                      3KB

                                                                                                      MD5

                                                                                                      bbec26e2402902591d21c4dad4206f30

                                                                                                      SHA1

                                                                                                      06d41d840116f75beeb56002b90182eb88cded86

                                                                                                      SHA256

                                                                                                      e79f12b202712e3189ed34321eb20e0f82cc301450e1d13a8c739b399a7482ee

                                                                                                      SHA512

                                                                                                      d54bde1bf9c6ecc77b6dbedf8db99f8b31a94b9788349b0a974d61bcd86b2bdb95501a49443b63734ecac3e0e737515256c189dfffcb2c369ad90b9bc67cb859

                                                                                                    • C:\Program Files\OpenVPN\cpau-run.exe

                                                                                                      Filesize

                                                                                                      8KB

                                                                                                      MD5

                                                                                                      7e54c20a0658b2691e95935231e2539e

                                                                                                      SHA1

                                                                                                      51a5b9a034104563100de5190220cfc8b73afadc

                                                                                                      SHA256

                                                                                                      16c3bc3270665b4776b35936c12a30f28ba3d858b27d59827370c1bfb5b1b60d

                                                                                                      SHA512

                                                                                                      98e72078f7e4e123be9e59a9bf91d27011448eddc90bf4229d0e8350a3d0c13a6751f395149928659587f8adf7d9b560eb84c1e5ae4a2dc7488f78114d6575b2

                                                                                                    • C:\Program Files\OpenVPN\cpau.exe

                                                                                                      Filesize

                                                                                                      542KB

                                                                                                      MD5

                                                                                                      7100f979b8516b8c1ae6ff858435626e

                                                                                                      SHA1

                                                                                                      c6a596b10bc8fd05f8a13859fef8b2cf7a9360e7

                                                                                                      SHA256

                                                                                                      5ac5867eafea23f57bfead8e84c366e2259490d8814ef0e3739853364055e4e3

                                                                                                      SHA512

                                                                                                      d3f3acb9482df113eb2eadfcedc8ce869b4b9221df6f28497521fdb3042bc86d707dbda08df659258c706713ece89d5e0b81c5c85f8255923e96a55bb015a593

                                                                                                    • C:\Program Files\OpenVPN\cpau.job

                                                                                                      Filesize

                                                                                                      1KB

                                                                                                      MD5

                                                                                                      b47e8a3ea1bf24b7238471f3ef4c2012

                                                                                                      SHA1

                                                                                                      b85a15c08e9c895e98ed7bdc5093dbc2d5d9623e

                                                                                                      SHA256

                                                                                                      978364b033b906900d39def309c9ea5f62c4734e66731ffa15b4e04991b0ef46

                                                                                                      SHA512

                                                                                                      4a4e84565ebd80845a129923aadf8e67337919b319e28ce0c2c784908defa460fdbedb136b8f851683bf9049b1f358059eb4945f41bdaa39b156ca7957f95237

                                                                                                    • C:\Program Files\OpenVPN\devcon32.exe

                                                                                                      Filesize

                                                                                                      76KB

                                                                                                      MD5

                                                                                                      b40fe65431b18a52e6452279b88954af

                                                                                                      SHA1

                                                                                                      c25de80f00014e129ff290bf84ddf25a23fdfc30

                                                                                                      SHA256

                                                                                                      800e396be60133b5ab7881872a73936e24cbebd7a7953cee1479f077ffcf745e

                                                                                                      SHA512

                                                                                                      e58cf187fd71e6f1f5cf7eac347a2682e77bc9a88a64e79a59e1a480cac20b46ad8d0f947dd2cb2840a2e0bb6d3c754f8f26fcf2d55b550eea4f5d7e57a4d91d

                                                                                                    • C:\Program Files\OpenVPN\libeay32.dll

                                                                                                      Filesize

                                                                                                      2.2MB

                                                                                                      MD5

                                                                                                      88a5e21b46019e6632820a7ab72c4897

                                                                                                      SHA1

                                                                                                      3829dade8363cc3000fee0adc760614755c69bc4

                                                                                                      SHA256

                                                                                                      6fd2315f248473d4da77cec857500f47d93b91010504d40f81d650a0bebf7225

                                                                                                      SHA512

                                                                                                      b75e85a7c38f39b418ac3f2ed023f21d88c83c6e69b13a4888456f2e8fb5074b4e1aeebf4dd7cc3d226ae57359b8bdb2300c6d88cd85447bdaec626d822c21d9

                                                                                                    • C:\Program Files\OpenVPN\liblzo2-2.dll

                                                                                                      Filesize

                                                                                                      170KB

                                                                                                      MD5

                                                                                                      33120addb41cebf8bef95c71cf2166c8

                                                                                                      SHA1

                                                                                                      07ad36f3303fc95c0c914224ce0ac66cbe191042

                                                                                                      SHA256

                                                                                                      81d618e824c8fc4481f337f301b2cd8a1299ccacc85fc70186a84841999d21df

                                                                                                      SHA512

                                                                                                      cc89dd35d0e8aef12d8eeb5dcafbaca9735a87622adc8d9fadf5771b2b88ef7fdadf973d2f58f7190c91444cd2e98abeda5d5f04d20ea829370afc8540f3e79f

                                                                                                    • C:\Program Files\OpenVPN\libpkcs11-helper-1.dll

                                                                                                      Filesize

                                                                                                      112KB

                                                                                                      MD5

                                                                                                      b953c29a14e9a1de3634894ae338132d

                                                                                                      SHA1

                                                                                                      17adfb1793bcf320a8eab328b83caf1fff905dae

                                                                                                      SHA256

                                                                                                      65848133a5efb6ce50cc34e5aece19b7f95496cfdeb704840db643a1a0799394

                                                                                                      SHA512

                                                                                                      0f7238c25d92e1ac05a1a926e6c318560246dfd062dde6f868b3eebf2b01c68ef27cad28927e629fa0d8d67de29783430d25427593c1891ad9789c755f2a0808

                                                                                                    • C:\Program Files\OpenVPN\openssl.exe

                                                                                                      Filesize

                                                                                                      889KB

                                                                                                      MD5

                                                                                                      482989dd49b3fd50dfc63d4555f7ac34

                                                                                                      SHA1

                                                                                                      8bd69d6f676992c37de9554b1be633a30298047b

                                                                                                      SHA256

                                                                                                      2f89d2769625080c4f4d691edc189582bcfe7bc661f69b4254db20913d89e2ed

                                                                                                      SHA512

                                                                                                      8647b21bfbe8664163c7569cb09ec1fe4de901fb4149fe9acc37c9aef9642eb4e18bf9156b3d343a0680d068d2cd2b4cd4844f89779cdff3ef15e21c3d0cd943

                                                                                                    • C:\Program Files\OpenVPN\openvpn-gui.exe

                                                                                                      Filesize

                                                                                                      400KB

                                                                                                      MD5

                                                                                                      a6476027f3d13292599be72b672d0eba

                                                                                                      SHA1

                                                                                                      00fefcd36c7743499aec9a8d2c5076e1f1605639

                                                                                                      SHA256

                                                                                                      9412723b811f33d33408b8a932cc389c95294f56b1cb622859dba1280c2e259b

                                                                                                      SHA512

                                                                                                      8033f132797ce69fb074d7ac5e9771e126ed0757ab410b0ee17020f7728803e0c89483b2ba38b4ce13b5e4855172fcb41e8476060284ca8500e56fdba5c6a6bb

                                                                                                    • C:\Program Files\OpenVPN\openvpn-run.exe

                                                                                                      Filesize

                                                                                                      7KB

                                                                                                      MD5

                                                                                                      a04d972fa20f1b04802448756f9f3a49

                                                                                                      SHA1

                                                                                                      a99c091155100c71b631386604bc045d86e843c5

                                                                                                      SHA256

                                                                                                      97cb8862a4af8218a5c30dd51e219c23f8e3e1588fc890d65d8b12850d15a28d

                                                                                                      SHA512

                                                                                                      413459b771e2d7404534c12d1d5844ef8a455402c7c2cc8925e1f7e9a9cbab66968a26c5c23aa1014bcadf894381fb453e1b3ba415a0ab6644c390102f495b16

                                                                                                    • C:\Program Files\OpenVPN\openvpn.exe

                                                                                                      Filesize

                                                                                                      661KB

                                                                                                      MD5

                                                                                                      abd63e52fd0eb910a8d3eccb247ab25d

                                                                                                      SHA1

                                                                                                      8ad3fc615e5190e7de79e98e6a4ddf8e4c5ec910

                                                                                                      SHA256

                                                                                                      83bab0975ba4b8202b77a3ae6e6edada231ddbae30bafae1246d6fe886167bb4

                                                                                                      SHA512

                                                                                                      6df9d32c5f455448fae85c2f0256db8cf64b688ca2852cd30ba57e3ce763fe28f6b0d169fc7db60afd817faab74cc5481268992854b9913848873b41c2ca6627

                                                                                                    • C:\Program Files\OpenVPN\ssleay32.dll

                                                                                                      Filesize

                                                                                                      575KB

                                                                                                      MD5

                                                                                                      d5bbd87e924eb25c9dccf3cf719ec3f0

                                                                                                      SHA1

                                                                                                      53318e7eef3422af92669df2530542d830fe1985

                                                                                                      SHA256

                                                                                                      7bb88ab66da575da9a78c4d6d92c52540b6f0346a836baded3aa9b7608996ba6

                                                                                                      SHA512

                                                                                                      2793cb8f5d7764f09e01f364820c1b43594a6e6eaa25aa0ec57548b13c6afd31420e11d77625cf5de69aeeaa836885592c5672cda3ae854d87eae065026affcb

                                                                                                    • C:\Program Files\OpenVPN\tap\x32\oemwin2k.inf

                                                                                                      Filesize

                                                                                                      7KB

                                                                                                      MD5

                                                                                                      35589b966c65a52a1c95791bbcd80543

                                                                                                      SHA1

                                                                                                      d65994dd38de0e1971f8c99a048c46acc284e8bf

                                                                                                      SHA256

                                                                                                      8892d224ae879cc35ffe216691fc6ba3266d88b6239838f7d38b3a4ff4ad74b6

                                                                                                      SHA512

                                                                                                      ece01e898527ae2ce3039457ea1823bda6351871900c1a7a20057ff3250e33ed8ed216af3318edaa1c3825c17d348dee06078e946d10332e87af8ec45795fd5f

                                                                                                    • C:\Program Files\OpenVPN\tap\x32\tap0901.cat

                                                                                                      Filesize

                                                                                                      10KB

                                                                                                      MD5

                                                                                                      fb34d08569af3a01758d4bf629a3aa0d

                                                                                                      SHA1

                                                                                                      d84aa4acf33724ea68d0f60ffbce0afebc583d95

                                                                                                      SHA256

                                                                                                      aa83670a92681a19b6aed64cf0509c2b53b56c11352a88764fc25c7bf6f5c5f9

                                                                                                      SHA512

                                                                                                      df6f9d33b38b0910cbfe9aa4449bc3793eac88160d9346cf4010985bfd1edd67e70376af4c6680f08c1fe7bea76b0ab396392b09f3ce22b1f5797b66fa235de2

                                                                                                    • C:\Program Files\OpenVPN\tap\x32\tap0901.sys

                                                                                                      Filesize

                                                                                                      34KB

                                                                                                      MD5

                                                                                                      432d9d823c4c26b6070c41bad4404ce4

                                                                                                      SHA1

                                                                                                      5e562e4b8a04dc61614423d0440f2057a0e55059

                                                                                                      SHA256

                                                                                                      741b41f7467d312af4cc733ea31f647fbcd06985cbb6a14117e8a87a6f7b06f5

                                                                                                      SHA512

                                                                                                      b53f7e036f7dabfae9d5a447ec134f43cf7c03b5c60a138e13ada19358e9b42bcd24244a220d8c00229319812fd6935a81c45233eafaf2603616846f27ae5084

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\Cab2ADA.tmp

                                                                                                      Filesize

                                                                                                      68KB

                                                                                                      MD5

                                                                                                      29f65ba8e88c063813cc50a4ea544e93

                                                                                                      SHA1

                                                                                                      05a7040d5c127e68c25d81cc51271ffb8bef3568

                                                                                                      SHA256

                                                                                                      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

                                                                                                      SHA512

                                                                                                      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\OpenVPN\Files\devcon64.exe

                                                                                                      Filesize

                                                                                                      80KB

                                                                                                      MD5

                                                                                                      3904d0698962e09da946046020cbcb17

                                                                                                      SHA1

                                                                                                      edae098e7e8452ca6c125cf6362dda3f4d78f0ae

                                                                                                      SHA256

                                                                                                      a51e25acc489948b31b1384e1dc29518d19b421d6bc0ced90587128899275289

                                                                                                      SHA512

                                                                                                      c24ab680981d8d6db042b52b7b5c5e92078df83650cad798874fc09ce8c8a25462e1b69340083f4bcad20d67068668abcfa8097e549cfa5ad4f1ee6a235d6eea

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\OpenVPN\Files\openvpn.ico

                                                                                                      Filesize

                                                                                                      3KB

                                                                                                      MD5

                                                                                                      069888d95f71a29ec6f8fe4b4e124adb

                                                                                                      SHA1

                                                                                                      353821428d6dded375f64e2c75f6cfd44b4c3f49

                                                                                                      SHA256

                                                                                                      bf445fb428e0ead0523322ddc9bdcdadd70ebbf83b7ff68aecdeb961a7d1be11

                                                                                                      SHA512

                                                                                                      0875805467275597e7acbfae7d6edf5efad0228331b624a279b7cf485d4f8ac23c608829921e4ab372515750f66e4485c5c29d035f23baa905d42bd109546a97

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\OpenVPN\Files\tap\x64\oemwin2k.inf

                                                                                                      Filesize

                                                                                                      7KB

                                                                                                      MD5

                                                                                                      b6aada0cbed06889053a05b66f146979

                                                                                                      SHA1

                                                                                                      823025f02b355b37df7d7657b0f2b4d3584891a5

                                                                                                      SHA256

                                                                                                      a6e72b88e42d2b478615c5a16bbedb3fd02b0dd3def3a79840fc6a5df8312707

                                                                                                      SHA512

                                                                                                      9f8a6b0ad5ae4ea4c14043d663fd5aca2f1884ece0975b13c0533eb93103eb89120c1884121d71c8f9d09f5d210926fdba3b29fc6cf87f601bbc0f359c31d4ad

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\OpenVPN\Files\tapadd.au3

                                                                                                      Filesize

                                                                                                      1KB

                                                                                                      MD5

                                                                                                      1399f4d45f332e0b7443e91f601cc4e5

                                                                                                      SHA1

                                                                                                      4fafcd4d415f977a018b3fb169d4982de5e62aaf

                                                                                                      SHA256

                                                                                                      9dba0f89b93b7880061dcc0b30d37d992ef99f15ee9b2e70124ebc70a55ae96b

                                                                                                      SHA512

                                                                                                      fb805f85e566066ca40d8f04c52ed0f0a9aee09926b37eff41b318edfe880ca5a5e909642182e8f452b90becd368d64763e2329340d3986caedd2993da9ce178

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\OpenVPN\Files\tapadd.bat

                                                                                                      Filesize

                                                                                                      1KB

                                                                                                      MD5

                                                                                                      1d547f162cc179e515400745d47a9815

                                                                                                      SHA1

                                                                                                      aa57115d87770d696b0a5ac810be261c06d623db

                                                                                                      SHA256

                                                                                                      9de5b0471dbae91bdf1a140682c1e821616b715e96305ca8fe1556baa84599ab

                                                                                                      SHA512

                                                                                                      18ce4d2a9879f098410debcf8f6e1792666cbe420a474dfbf8ff9c622f66fc1790a9a2377eb16c74f3077e4cd99add2a72ef0227009939019afb3198dcc4ca20

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\OpenVPN\Files\tapadd.cer

                                                                                                      Filesize

                                                                                                      1KB

                                                                                                      MD5

                                                                                                      3d5ffd53be77c32cbb147f32423c0a86

                                                                                                      SHA1

                                                                                                      ec4f1d31686625ecc004993cd0e89a4136dd3344

                                                                                                      SHA256

                                                                                                      669c56db590c0308ea25c4508375bb88611b06b1ae689a895dc6b19f4df5619c

                                                                                                      SHA512

                                                                                                      bc2a1bf2dd5d4b135b7cc2b5d8cc24f1a6b6fed7fcfa092e5cfc5965dd368da86b24550338f925a36c458e154c3c4694d369d06cbc5e72e40983b760a39ee2d7

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\OpenVPN\Files\tapdel.bat

                                                                                                      Filesize

                                                                                                      493B

                                                                                                      MD5

                                                                                                      20be78849f16f8008914d8146b5a06f3

                                                                                                      SHA1

                                                                                                      7025a9cf11277fcafb527a1b6bd72fa9e467d6e2

                                                                                                      SHA256

                                                                                                      fac6e63efe3b4fbf2013b68f8e420b4d6ab6dd820a1205f75cf774bf27c9d0b2

                                                                                                      SHA512

                                                                                                      0f8f5b7a7b678667bc263017df6b43b48451c8d6a9dd111103504943a81feba7da89d2eec0b1fc2fc3129e11f8037f4877aa41f5583afb2a2750e2dfd05deae0

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\OpenVPN\Sources\OPENVP~1.CS

                                                                                                      Filesize

                                                                                                      802B

                                                                                                      MD5

                                                                                                      d488d8de97683b833c32bbe531a3f8c1

                                                                                                      SHA1

                                                                                                      4d5e1461bf19d1e46ee184235913d5e83f638f6f

                                                                                                      SHA256

                                                                                                      cc56e334b58dff595cec0ad534e4aeb95ea0bfc3c7e4c8d80b64c9d9603f028b

                                                                                                      SHA512

                                                                                                      d16442c5f5bd902ae4d13e6abb87726f6608cfbb845d9de4db5018b5bf61bc4e88c618b98dc58f13443a83913105f2110bcd3ee5e91c1491ba880267370243b7

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\OpenVPN\Sources\cpau-run.cs

                                                                                                      Filesize

                                                                                                      952B

                                                                                                      MD5

                                                                                                      204f9556853cf1f01dd6ef9b6e93c89e

                                                                                                      SHA1

                                                                                                      1f90491b6acf00025df95edcf485dacb0657c541

                                                                                                      SHA256

                                                                                                      f61a6c64fb5dcaef02162c85083a650ab5874ba04121caea66925a88577401ae

                                                                                                      SHA512

                                                                                                      01e208e5e82c788f45c17ff60a0ffcac981c1db5946307e5f665ec7a41b3697b04d5d5e292f043e1f1f9ca5caf5454cddf8456810054ba799b44e131ced8d177

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\OpenVPN\Sources\make.bat

                                                                                                      Filesize

                                                                                                      469B

                                                                                                      MD5

                                                                                                      53aff72e284f8b212a7d88abb0dc8763

                                                                                                      SHA1

                                                                                                      01eb94360f2190f963010b93147999a2e5c28e4e

                                                                                                      SHA256

                                                                                                      4355121da1e8b1b40003e7c33b43145a4af9e6e86d2da1cb36327ffe10b69e35

                                                                                                      SHA512

                                                                                                      940a2b59c3e160df0315968875b9a963ee0f72bc4698351d6839bbc48d103026b5839722e147aff901d4070c4211800a7eb9db8a120df6dc018ec78793f13a16

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\OpenVPN\install.bat

                                                                                                      Filesize

                                                                                                      7KB

                                                                                                      MD5

                                                                                                      3b400e42685b3fa8df13b8cd97bedc3c

                                                                                                      SHA1

                                                                                                      8cc19661310675e1a823168dcf14343514d6532c

                                                                                                      SHA256

                                                                                                      eeffe81413b850dd41861be98bdf7f5a0da84502d0e91467cfc286b89c63c719

                                                                                                      SHA512

                                                                                                      463a5bb6ce2d5af52895ca203c7cfcec6144c772b2b14130d0081c11e6ef9a3f9f44181541fbbb007528512c9dd2d84e6627b7744001bd0c08f712ee0d21dc55

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\OpenVPN\shortcut.vbs

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      MD5

                                                                                                      106bcfcc67890864960720c1ef24d49c

                                                                                                      SHA1

                                                                                                      80afac8bf05f1aae0033b286f4e10e8ff15ef6d7

                                                                                                      SHA256

                                                                                                      857f6e98200cd127165f602bc018b5e4d3dcc6e6c558eb65476d0a9da930f27b

                                                                                                      SHA512

                                                                                                      ceb91976b8690d18ef61ebcb8912bcb4d0fda4e4da0489642ea76507648336cdd015a264a390ebda379b903a843887f8f47ee1f18a33a9246dbb089935552bfa

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\Tar2AFC.tmp

                                                                                                      Filesize

                                                                                                      177KB

                                                                                                      MD5

                                                                                                      435a9ac180383f9fa094131b173a2f7b

                                                                                                      SHA1

                                                                                                      76944ea657a9db94f9a4bef38f88c46ed4166983

                                                                                                      SHA256

                                                                                                      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

                                                                                                      SHA512

                                                                                                      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

                                                                                                    • C:\Windows\System32\DriverStore\FileRepository\oemwin2k.inf_amd64_neutral_5a1fec2fbbccefcc\oemwin2k.PNF

                                                                                                      Filesize

                                                                                                      8KB

                                                                                                      MD5

                                                                                                      6855a9c34a2bd45ce302e8635a7913a5

                                                                                                      SHA1

                                                                                                      3b1a911a944eb1970a9fd8501a45bfbfca825f57

                                                                                                      SHA256

                                                                                                      91e27001efcbc2ef7ac66bf564d296a42640899b75b821037ff607b13beefbcf

                                                                                                      SHA512

                                                                                                      847183d9029374a7be71682a8bc7d9c748349c82b316bc013e29a88493dd6100b64614afbeb0a0e53e3eeedbb3ed56c0099642e352162bd3f7e74432c90db63e

                                                                                                    • C:\Windows\System32\DriverStore\INFCACHE.1

                                                                                                      Filesize

                                                                                                      1.4MB

                                                                                                      MD5

                                                                                                      e27e5ee5c5c2c8d742bdd8d187a101f2

                                                                                                      SHA1

                                                                                                      17e7ef7c6aff9a1858bc8db391b3841f0bb498ea

                                                                                                      SHA256

                                                                                                      4c6f56bf5f87f209aeb6f0a38ab994b6948e6529b9d9e09601804791eaca3416

                                                                                                      SHA512

                                                                                                      4ad3d84230ab62c37fca393970e24dd40ec4887915a61ef7b10aff9b41153f21e971890bb08d2a73a969cf0b239ff13d3e6e2c16aec99cee0e1d8cb92368af15

                                                                                                    • C:\Windows\Temp\Cab2D98.tmp

                                                                                                      Filesize

                                                                                                      29KB

                                                                                                      MD5

                                                                                                      d59a6b36c5a94916241a3ead50222b6f

                                                                                                      SHA1

                                                                                                      e274e9486d318c383bc4b9812844ba56f0cff3c6

                                                                                                      SHA256

                                                                                                      a38d01d3f024e626d579cf052ac3bd4260bb00c34bc6085977a5f4135ab09b53

                                                                                                      SHA512

                                                                                                      17012307955fef045e7c13bf0613bd40df27c29778ba6572640b76c18d379e02dc478e855c9276737363d0ad09b9a94f2adaa85da9c77ebb3c2d427aa68e2489

                                                                                                    • C:\Windows\Temp\Tar2DE9.tmp

                                                                                                      Filesize

                                                                                                      81KB

                                                                                                      MD5

                                                                                                      b13f51572f55a2d31ed9f266d581e9ea

                                                                                                      SHA1

                                                                                                      7eef3111b878e159e520f34410ad87adecf0ca92

                                                                                                      SHA256

                                                                                                      725980edc240c928bec5a5f743fdabeee1692144da7091cf836dc7d0997cef15

                                                                                                      SHA512

                                                                                                      f437202723b2817f2fef64b53d4eb67f782bdc61884c0c1890b46deca7ca63313ee2ad093428481f94edfcecd9c77da6e72b604998f7d551af959dbd6915809c

                                                                                                    • C:\Windows\inf\oem2.PNF

                                                                                                      Filesize

                                                                                                      8KB

                                                                                                      MD5

                                                                                                      e8b3eee05aeb838e7b93c27837d116db

                                                                                                      SHA1

                                                                                                      5ea7e83df7332f9fc9ba5fa63a0bbc034082a9f9

                                                                                                      SHA256

                                                                                                      0117cb5a10a89d6f70b8cdb0058fd177cf5f4bc0d2d95c08113d9d97fd24d77b

                                                                                                      SHA512

                                                                                                      c24172409b03bd27f458c4e6c93f65fe8460048fe2829e51f664e35393a2ab7123bd24ba9e30a1d9d0b61a6fab9c21c91ec64ce24849f4f92c492568db2b6675

                                                                                                    • \??\c:\users\admin\appdata\local\temp\openvpn\files\tap\x64\tap0901.cat

                                                                                                      Filesize

                                                                                                      10KB

                                                                                                      MD5

                                                                                                      0365c95d5be2b3d314dcc019380c0e11

                                                                                                      SHA1

                                                                                                      c269cee763f580e890d2eae42a8e98116e04a232

                                                                                                      SHA256

                                                                                                      6f997d53abfc991e23f08256fbde3eb21a1680af2e504b7accfef0f1d8909503

                                                                                                      SHA512

                                                                                                      9acfc1ce0b46d3edc9708c16ae39a0707dcfc86fc6ba66f7e1712c383babde4c4cfb25338abe511429b67c39f2c2e30e0eb4c94e9987a7919e9b5cae53b4d24c

                                                                                                    • \??\c:\users\admin\appdata\local\temp\openvpn\files\tap\x64\tap0901.sys

                                                                                                      Filesize

                                                                                                      39KB

                                                                                                      MD5

                                                                                                      3c32ff010f869bc184df71290477384e

                                                                                                      SHA1

                                                                                                      9dec39ca0d13cd4aadf4120de29665c426be9f2b

                                                                                                      SHA256

                                                                                                      55cfcec7f026c6e2e96a2fbe846ab513bb12bb0348735274fe1b71af019c837b

                                                                                                      SHA512

                                                                                                      2443368fa5b93ebe112a169d1fff625a9a1a26f206dfeb6b85b4a2f9acec6ccfc7e821d15b69e93848cbad58b86c83114c83338162ea0fedd1a0798fab1700ff

                                                                                                    • \Users\Admin\AppData\Local\Temp\OpenVPN\Files\autoit3.exe

                                                                                                      Filesize

                                                                                                      727KB

                                                                                                      MD5

                                                                                                      78c22df03127318893ce5b1fede8401c

                                                                                                      SHA1

                                                                                                      d640359b4c5d04f666b3c57c762570a6bbb61c2c

                                                                                                      SHA256

                                                                                                      be76e4e3109418b914a958deeeef9116df9c269d90a1e92e9656df70dcbecd9f

                                                                                                      SHA512

                                                                                                      8070a452912c4a399496bd646857c3659111a9f6b6785ed0fdbde4020eabcc3aec28099534bd773b71c6b0d19dd013672441a3df1bbb287af8c1d222c3dd2664

                                                                                                    • \Users\Admin\AppData\Local\Temp\OpenVPN\Files\hidec.exe

                                                                                                      Filesize

                                                                                                      1KB

                                                                                                      MD5

                                                                                                      abc6379205de2618851c4fcbf72112eb

                                                                                                      SHA1

                                                                                                      1ed7b1e965eab56f55efda975f9f7ade95337267

                                                                                                      SHA256

                                                                                                      22e7528e56dffaa26cfe722994655686c90824b13eb51184abfe44d4e95d473f

                                                                                                      SHA512

                                                                                                      180c7f400dd13092b470e3a91bf02e98ef6247c1193bf349e3710e8d1e9003f3bc9b792bb776eacb746e9c67b3041f2333cc07f28c5f046d59274742230fb7c1

                                                                                                    • memory/1608-71-0x0000000003310000-0x0000000003312000-memory.dmp

                                                                                                      Filesize

                                                                                                      8KB

                                                                                                    • memory/2480-77-0x0000000000400000-0x0000000000402000-memory.dmp

                                                                                                      Filesize

                                                                                                      8KB

                                                                                                    • memory/2644-363-0x00000000003D0000-0x00000000003F6000-memory.dmp

                                                                                                      Filesize

                                                                                                      152KB