Overview

overview

8

Static

static

1

Hide.me-Se....1.exe

windows10-ltsc 2021-x64

8

Hide.me-Se....1.exe

windows11-21h2-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    19/11/2024, 16:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Hide.me-Setup-4.2.1.exe

  • Size

    18.5MB

  • MD5

    074a7929ea64805d3406c86ca3e4d9be

  • SHA1

    08ee722d9d3f85c14b6c7d47fdbfb2c3db019097

  • SHA256

    7b70566316b614060caa472243d87321d0bf7bfcf493493f94f842c9837d27ce

  • SHA512

    f6dcdf1ac978d1a1c7bc81f887b7426df5c89d14a644968d10ac85b41672fd7c40d38b075ea1ad312a6ea6754f9c3c2c936651ea032c534e177bd2efda82de05

  • SSDEEP

    393216:cE1kKDaqKzbCiXoQMO0Ya6FD/9coRQY4a3QZl4P7PzALAWSQbBdk0A3E5:FDaVz+iXDMOBl59fQja3QbAPcMWLtdPx

Score
7/10
discovery

Malware Config

Signatures

  • Drops startup file 2 IoCs
  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 5 IoCs
  • Blocklisted process makes network request 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 64 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 34 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 63 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Control Panel 1 IoCs
    evasion
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 44 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of WriteProcessMemory 31 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\Hide.me-Setup-4.2.1.exe
    "C:\Users\Admin\AppData\Local\Temp\Hide.me-Setup-4.2.1.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1748
    • C:\Users\Admin\AppData\Local\Temp\is-6D3H8.tmp\Hide.me-Setup-4.2.1.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-6D3H8.tmp\Hide.me-Setup-4.2.1.tmp" /SL5="$602D6,18456089,857600,C:\Users\Admin\AppData\Local\Temp\Hide.me-Setup-4.2.1.exe"
      2⤵
      • Drops startup file
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:2268
      • C:\Windows\SysWOW64\msiexec.exe
        "C:\Windows\system32\msiexec.exe" /i "C:\Program Files (x86)\hide.me VPN\OpenVPN\drivers\ovpn-dco-x64.msi" /passive
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        PID:2408
      • C:\Windows\SysWOW64\msiexec.exe
        "C:\Windows\system32\msiexec.exe" /i "C:\Program Files (x86)\hide.me VPN\OpenVPN\drivers\tap-windows-x64.msi" /passive
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of FindShellTrayWindow
        PID:1704
      • C:\Program Files (x86)\hide.me VPN\hidemesvc.exe
        "C:\Program Files (x86)\hide.me VPN\hidemesvc.exe" -i -start
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:1148
      • C:\Program Files (x86)\hide.me VPN\Hide.me.exe
        "C:\Program Files (x86)\hide.me VPN\Hide.me.exe" -i QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxUZW1wXEhpZGUubWUtU2V0dXAtNC4yLjEuZXhl -a ""
        3⤵
        • Drops startup file
        • Executes dropped EXE
        • Modifies Control Panel
        • Suspicious use of WriteProcessMemory
        PID:2316
        • C:\Program Files (x86)\hide.me VPN\hidemesvc.exe
          "C:\Program Files (x86)\hide.me VPN\hidemesvc.exe" -i -start
          4⤵
          • Executes dropped EXE
          PID:4624
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3436
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
      2⤵
        PID:4084
      • C:\Windows\System32\MsiExec.exe
        C:\Windows\System32\MsiExec.exe -Embedding 747D331A1E712B7AAFE0A9771C900EB5
        2⤵
        • Loads dropped DLL
        PID:3536
      • C:\Windows\System32\MsiExec.exe
        C:\Windows\System32\MsiExec.exe -Embedding 0E00761FE0256AE180E7B34BE5DC1605 E Global\MSI0000
        2⤵
        • Loads dropped DLL
        • Drops file in Windows directory
        • Checks SCSI registry key(s)
        PID:1460
      • C:\Windows\System32\MsiExec.exe
        C:\Windows\System32\MsiExec.exe -Embedding D1FCC602D6EB7CF497B7DA8A2B740024
        2⤵
        • Loads dropped DLL
        PID:3140
      • C:\Windows\System32\MsiExec.exe
        C:\Windows\System32\MsiExec.exe -Embedding 66B67CC5E84807CA2C68426EE2609426 E Global\MSI0000
        2⤵
        • Loads dropped DLL
        • Drops file in System32 directory
        • Drops file in Windows directory
        PID:4856
    • C:\Windows\system32\vssvc.exe
      C:\Windows\system32\vssvc.exe
      1⤵
      • Checks SCSI registry key(s)
      • Suspicious use of AdjustPrivilegeToken
      PID:3888
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
      1⤵
      • Drops file in Windows directory
      • Checks SCSI registry key(s)
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:4296
      • C:\Windows\system32\DrvInst.exe
        DrvInst.exe "4" "1" "C:\Program Files\Common Files\ovpn-dco\Win11\ovpn-dco.inf" "9" "4e746adf3" "0000000000000150" "WinSta0\Default" "000000000000015C" "208" "C:\Program Files\Common Files\ovpn-dco\Win11"
        2⤵
        • Drops file in System32 directory
        • Drops file in Windows directory
        • Checks SCSI registry key(s)
        • Modifies data under HKEY_USERS
        PID:2780
      • C:\Windows\system32\DrvInst.exe
        DrvInst.exe "4" "1" "C:\Windows\Temp\c2a10c7ac803bb7c41e54f5decc11a7402f8c89fae73399a0703060e33e23f2a\OemVista.inf" "9" "4c8b1257b" "000000000000015C" "WinSta0\Default" "0000000000000164" "208" "C:\Windows\Temp\c2a10c7ac803bb7c41e54f5decc11a7402f8c89fae73399a0703060e33e23f2a"
        2⤵
        • Drops file in System32 directory
        • Drops file in Windows directory
        • Checks SCSI registry key(s)
        • Modifies data under HKEY_USERS
        PID:3516

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Config.Msi\e583cf7.rbs
      Filesize

      8KB

      MD5

      639b4dc51616980e7d732b9f815a3c8e

      SHA1

      f9bee651502b1c40526c8ae88f7eb5e70f4c3d9b

      SHA256

      a2935000922a336e4562856f79c17e66cdd0566247039c79366c864cca03083d

      SHA512

      807e1d9dd6bcc9e1ca9e70c115d483f50382493b4d94d5a2b4609ea5beb0c4e4031c9150acfb98b7225a83c35cac6e6191c07c04491c19b1fc5b17b920d71103

      Download Submit

    • C:\Config.Msi\e583cfc.rbs
      Filesize

      833B

      MD5

      b1bfa979b67060a80b43236596664115

      SHA1

      64beab198aa7d43c4dbdd7967f2ec673129a77dd

      SHA256

      234a2765831643d5a3e4c6f150498d73a030019a78c622b70df624200194f97a

      SHA512

      d560f64877a5f9d8c88d3f87fc1a29c01b291cfe1a0fb8915aa28957a29fd10423ca9e193bd6f496e087ea6857f294dcbe4b64ca182efd505d357947629430c8

      Download Submit

    • C:\PROGRA~1\COMMON~1\ovpn-dco\Win11\ovpn-dco.cat
      Filesize

      11KB

      MD5

      8fd89f82a273cd3ed2f76f7f09cf30ae

      SHA1

      43bb4e81acac468715e874ab86521497ca2e9369

      SHA256

      8c9456aeacd5566234519b5b34ceecd0f7ebb22f6813747e595f5945517ec438

      SHA512

      f77ad5dca3f72701ab2b779e900d22fa3f0c3ca6b8713e25bb7d6d1480992518d66879b6315122c555b32be527fef7c86ead1d59244c955287d48c3132b684f0

      Download Submit

    • C:\PROGRA~1\COMMON~1\ovpn-dco\Win11\ovpn-dco.sys
      Filesize

      90KB

      MD5

      6b0722f0b6ed86877d96da4a57f3aa03

      SHA1

      85cd52a10a8be6ca807fb5f6e180a1b1a1554583

      SHA256

      2c2958dac6f36922ae094705e058bf6470e1622b31318fb9fe0db5457e383f45

      SHA512

      74c399af44e982bb02eeb103bc634d2b5923b5623625a87bd148b6dad1afc438775a00ecbcdeeb2adb13d04c3b1d23a92cd9ee815c89f1af4fdbb3eb8fc3f49b

      Download Submit

    • C:\Program Files (x86)\hide.me VPN\ComLib.dll
      Filesize

      43KB

      MD5

      ce83e5a7926e34faaf6d6a168c7310b6

      SHA1

      a7bc3aa2413752c006e585419b0a9409e6202444

      SHA256

      59888d1a4d12ef8bee9bca5b2177cf356574c036075b32abbe11cf02c4738248

      SHA512

      5f1fed886c4dcfb0bf4addbaecdb1585cee4dc6c76bd47eb3ab4b01bd2a75c0af79ec9c3b59d1e701ee7785e278a3e8f87b555726caa0329583260d9a707768d

      Download Submit

    • C:\Program Files (x86)\hide.me VPN\Common.Json.dll
      Filesize

      58KB

      MD5

      48de2e60982e02241472cb0c5ed37a57

      SHA1

      64c64f5ce7720fe0613eb9a1b19c7fc66a4c5b9a

      SHA256

      77c3d467a3163dd25c8c3fbb23a59fd78a1560febc75f387dca611cf0dab6064

      SHA512

      1c37d3b45f5ce8d408bf3171d662ed04b2c02b266172839d7a3c1f70dd2ab2fc8af0c7852e9eb77e056fd03f9705c664ef88b62b63fb8341748ed61787046c71

      Download Submit

    • C:\Program Files (x86)\hide.me VPN\Common.Rpc.dll
      Filesize

      80KB

      MD5

      5c420f925f3af853a31503538eeec43e

      SHA1

      196b8624f5be0720df3b81cee32b552ac933c73e

      SHA256

      a455023d17111d5a2f1f11b5b59f60da46470850bd3cae56b9a8da8c1213e386

      SHA512

      84b6f35c714cd5b775f52d7ba70504a6cb95229811570e6035debb22af07bb23772b0cd88b4a2f4fb80cf3e5921df41daa3d64feb60a2d968b7d4d2c2d5a0371

      Download Submit

    • C:\Program Files (x86)\hide.me VPN\Common.SC.dll
      Filesize

      58KB

      MD5

      6ff3f570be18d417182bd8e31613bbde

      SHA1

      34940ced10561334270c8985f1b3a054ccaf08d6

      SHA256

      a4dadc51c98e9489092179353f2db04146df5493415940faac9490422f8f8a49

      SHA512

      203cc4e08b2be8933cab4cd06cc0b9b3931bfc3cf7a808776a1e64b5928c6e88de30342d5405675a69ed73557abb51ed0394ee0d40c7708ea2c31db74a51d24d

      Download Submit

    • C:\Program Files (x86)\hide.me VPN\Common.Sentry.dll
      Filesize

      64KB

      MD5

      01a3ecca1454e6c2632f1548397c56ed

      SHA1

      2631c99d967ed5ba18b1b14043256f5d08e09854

      SHA256

      378327724aadd29c7d7de3cf81aff641ab8dcb4f27bfae7a979a9daf990f22f2

      SHA512

      0f7582acd51d452026193e4ead484cdb552961abad832d52a5a52a016c90820c58af6cd89b200253776176b8b749102e5f2c3d4f4cef6456b59080993d371c4a

      Download Submit

    • C:\Program Files (x86)\hide.me VPN\Common.UI.dll
      Filesize

      143KB

      MD5

      012e93809aa20aea7050d79b37e828ef

      SHA1

      d72d9e1707ee96904cd8d3935e7214539cc8bd10

      SHA256

      ee0068ef5238ed59078fff3c9c527916e576c0619d827b779004301d6dcfe122

      SHA512

      b6fa06a41e319f07bad1845a8ea906312052d84e915219461d63f9682b3e317daeedd38c91f227c2525b028fe264cb321f8caee1ffd9f16cc668e4303d72e4b0

      Download Submit

    • C:\Program Files (x86)\hide.me VPN\Common.dll
      Filesize

      162KB

      MD5

      81c58ce9d08363d7230a297434b1def9

      SHA1

      6b7be8cfd849ded3a54ec3a0184fdfb0be90f603

      SHA256

      bfc4678ca4efab222f26d53122fcccf6013c1fdd821415c1facb0f737d8191c9

      SHA512

      5cd5c8365dd96e7f947b7b813875ccfbd77a3b540774315de3ea9b29a31fecf6ddac0334a56a595565aef9404b90d287c475fef7da274459ee8dfe95d784fc88

      Download Submit

    • C:\Program Files (x86)\hide.me VPN\Configuration.dll
      Filesize

      79KB

      MD5

      03807e52cedef73cdc6cf21f126f2dca

      SHA1

      9c5787526fc95379d0671953ce26696808e0a249

      SHA256

      4b36fa9d163bcf9091a662a91c8b866c1e835d953ad13f017c03f931935d928f

      SHA512

      8a75b22a0fe503c3691820edcbd77d0422f24cccd68bf38075255b796ca6d9b3c74bda896c68e8dce2d465596e3422cbb6888e7704fbfa41e762599d04d5af0c

      Download Submit

    • C:\Program Files (x86)\hide.me VPN\H.Formatters.BinaryFormatter.dll
      Filesize

      23KB

      MD5

      c6fc3c9e5e41f8f1c61fa045e7e1912b

      SHA1

      850c164fea0fd5d16ff294e96151b1d7f5aa17de

      SHA256

      e10fef7894b5e2363b8e9cd84e11ae167ec9dc83fe17aadc7dc9ac510db3bf92

      SHA512

      9788e1b6a92d3626ce5b8ef7297d4b6521875f889a48f9311fbc58fed1f18f292f31b5e7be343ebbfb43ae41cda69e9000b20ab5177b90f4ac2b74614f1d258c

      Download Submit

    • C:\Program Files (x86)\hide.me VPN\H.Formatters.Newtonsoft.Json.dll
      Filesize

      23KB

      MD5

      4d118f2a443290521dd60a7119b29cca

      SHA1

      7b0debecf694ab9f23e799927d6c3f782ac80d31

      SHA256

      33d668174804265d7c3639b1c0e7e25fa57d717e13a92a0708ff635e6cb2fef9

      SHA512

      7a4af54c50d92ef2af67dd30d3a593b7f52461538eba3521b0d6b14987081c998664f3ef21031db61d6ae8d48ffbed68531f47dde9fc79218da0a3df4e2a642c

      Download Submit

    • C:\Program Files (x86)\hide.me VPN\H.Formatters.dll
      Filesize

      26KB

      MD5

      57db53cbe05de001e3dea03fa032c6ca

      SHA1

      d425749913d74cae4d4d98bf036833dd99fc0d25

      SHA256

      ab8f2ffe2b46fbb7f3e306a909efb6375cbc757880cfbc4502aaec617124980b

      SHA512

      636a777956fc02b2f0777c84662bb0f1408707644c4fc9b5a3cd20a0b4f865b0aaf9d7d9d7b81dd7da42d0c3c687a89b3ca7067b9a13f674e4159894705e12ef

      Download Submit

    • C:\Program Files (x86)\hide.me VPN\H.Pipes.dll
      Filesize

      119KB

      MD5

      eda98a45f04d2f3dfd43ff6583b69d89

      SHA1

      aab1d2e18c8bd06db52bc17a0123f09d14595d51

      SHA256

      ba17fb115912c68edb1d195fa0acd380ba8f539e3e6ab7cd56aa5b135987c24a

      SHA512

      f2df1029e054eb51be65842d4f4d5e1777e301cd515d01324f1befe5dacedefdd9a479dfd6fefd576f1467bb704ea5ba040257e7b7587a6da93fe72a74cf83cc

      Download Submit

    • C:\Program Files (x86)\hide.me VPN\Hide.me.deps.json
      Filesize

      27KB

      MD5

      d76166065ef02ce332cda17013e01b0a

      SHA1

      96730c2f740c6f655a4e3237f8b3c754de07d60e

      SHA256

      ffb4276b6add0b0340f5e4a66679cb57032dc208cd511a96ec770b55ac0ecb0b

      SHA512

      2e8921782e242cc3bc9a763f96e15ceeae54d4bd3ad355142ce39489e702688875d3cb587fd0f9ce995242dc577d2375ca7d2f8ecf002e7f02f985e791b61931

      Download Submit

    • C:\Program Files (x86)\hide.me VPN\Hide.me.dll
      Filesize

      6.3MB

      MD5

      f2cc734f0d98fbd06624b9cbed41d400

      SHA1

      bad47d8c70f465392eccf54847af43ab00fe8e44

      SHA256

      2b63bb9b0dbfb72a0f27740a702b06ef909172c1e38435673178383101b29be1

      SHA512

      748cd56b1ee609ccb25a92e1aa139139fdac4d36f86bbfbab053848b1b0706edc572236c47a819ee09f707d31ffd07673983b6a14b00946deb5f2aadc8305d91

      Download Submit

    • C:\Program Files (x86)\hide.me VPN\Hide.me.dll.config
      Filesize

      535B

      MD5

      d46bdd8810ba34a43279dd1ffe6a928e

      SHA1

      b5769cb92c2a6bf6c2b5740f2be546d282eca737

      SHA256

      e51225406347b222215cce8b2d916c8625e69dcf952b76b25cc5c631d26a76ae

      SHA512

      0ba5e1f5aa674f2348374d4c6ceb2bf747d5b80a7c9037b04cf4187ecd5f149011db5858cad49b1fd2d279d77559e673f14355a0a6f0f4d7806111a1e13409d8

      Download Submit

    • C:\Program Files (x86)\hide.me VPN\Hide.me.exe
      Filesize

      445KB

      MD5

      a848cb531c31cd1810698506b004777c

      SHA1

      524446cbc0d6a03bed6bd2ec8de2f39ad1b85492

      SHA256

      9b3e582fd182fde0f8f97d84509cdd07870a92e55d3464ae0e39798faba3425e

      SHA512

      d83f81adbeaca953cbaeba952b503688b8dfab33cdb5c267e387bcf5f697ade1b0562b882600e5318660478982cdde3ab6b50189e64c2018abcb391c76c0a579

      Download Submit

    • C:\Program Files (x86)\hide.me VPN\Hide.me.runtimeconfig.json
      Filesize

      372B

      MD5

      d94cf983fba9ab1bb8a6cb3ad4a48f50

      SHA1

      04855d8b7a76b7ec74633043ef9986d4500ca63c

      SHA256

      1eca0f0c70070aa83bb609e4b749b26dcb4409784326032726394722224a098a

      SHA512

      09a9667d4f4622817116c8bc27d3d481d5d160380a2e19b8944bdd1271a83f718415ce5e6d66e82e36819e575ec1b55f19c45213e0013b877b8d61e6feb9d998

      Download Submit

    • C:\Program Files (x86)\hide.me VPN\Localization.dll
      Filesize

      1.3MB

      MD5

      6db508c36838bd61b683e259827fbb34

      SHA1

      e9a8e8da6c8d901328b148de20022cb54732e712

      SHA256

      2d5e6510f912c102c2988ff537e2d2f558d0c4f70620993e6381fdb5ebb40f10

      SHA512

      5fd88278bc1cb2bcc5bd930a5af6375d12abae922bc5e825e31587f2fc51bafc869e4cd950f2ab6215d7c71200625e36e7d7bd42c8543bf974df54ebb6d10d67

      Download Submit

    • C:\Program Files (x86)\hide.me VPN\ModernWpf.Controls.dll
      Filesize

      706KB

      MD5

      ad6b09d44e0095bbf6bc61c2b7978937

      SHA1

      936355ce20649edfae9bd4d60e51d031c635d93f

      SHA256

      cf0cd6c451b1dc2528bad42fbd9f8906b79f5763c5c1accd50ae8812a9c2d10e

      SHA512

      904e5cf70a67b9258f1de51e94e0b600830904d7bd61422479b30b233858f7e0f4459f0625497b75760d33cd9d69b82f82942a23989df2239885b01b3c12876f

      Download Submit

    • C:\Program Files (x86)\hide.me VPN\ModernWpf.dll
      Filesize

      1.5MB

      MD5

      f8dfb20b23d1e94528fdb475895864ab

      SHA1

      54e724d5aec5aeae4d15c21b66ca2b25ef7b70cb

      SHA256

      897597d8172805e45f75c9a00b9ae48e1859eb42adc0b5608acf27ef68b9be73

      SHA512

      c2183c67154a274aff1ef410ce30c0210c16c399352a50e8a34985d0782bb5695bb275fe959580104a521a46cb74276d7459f35132dadff07fe8165076c6b668

      Download Submit

    • C:\Program Files (x86)\hide.me VPN\Newtonsoft.Json.dll
      Filesize

      695KB

      MD5

      adf3e3eecde20b7c9661e9c47106a14a

      SHA1

      f3130f7fd4b414b5aec04eb87ed800eb84dd2154

      SHA256

      22c649f75fce5be7c7ccda8880473b634ef69ecf33f5d1ab8ad892caf47d5a07

      SHA512

      6a644bfd4544950ed2d39190393b716c8314f551488380ec8bd35b5062aa143342dfd145e92e3b6b81e80285cac108d201b6bbd160cb768dc002c49f4c603c0b

      Download Submit

    • C:\Program Files (x86)\hide.me VPN\OpenVPN\drivers\ovpn-dco-x64.msi
      Filesize

      256KB

      MD5

      b35e4e3cec593a0c9573f94bd1216f79

      SHA1

      9d83e761a502e205728606a458d9791abf084f12

      SHA256

      f0bceaee27f6c945437a6d37bd34be4ed1f7245682f6a59b1a6587cc61386c31

      SHA512

      a30506d1fd1d02e809a4cb9fb19f4637e02a6665e9390a8a75cb3ef21d2131b7410c30a3739b065b9896835b7152a887accc3970d3bc22caf7110dfc35d8572a

      Download Submit

    • C:\Program Files (x86)\hide.me VPN\OpenVPN\drivers\tap-windows-x64.msi
      Filesize

      332KB

      MD5

      eca0ac91827335c42615639d5968eae9

      SHA1

      11093076102b5d6aefa6add8717b23dae2a074cd

      SHA256

      26abd331f860db83481de91cfd185d2e71197ce5c4c521d944601c8924aac2a5

      SHA512

      bb2043b352508da8169bb12653feb9aa0289c8907ca48aa4be1a5ed6204bf136229f5678243496697ae45becd09e49cfd17c954596cd8cb191ad0480d17006bf

      Download Submit

    • C:\Program Files (x86)\hide.me VPN\Resources\Fonts\FontAwesome\fa-light-300.ttf
      Filesize

      469KB

      MD5

      1b42927b3fa4fb4566e755429c3cb615

      SHA1

      e9a423185c949ca2bc001e2f3e2ff08b4f87f0d8

      SHA256

      5d40a2e0bcb868bffaba9d187bd3d7eed5862fd1900e117ca09a2665cb9b3a14

      SHA512

      e4b86242293827ec68e840951fdf9cc21f214b2999dd31f73db8ebd2d4f10ebf53f4ce37a48fca686714323b93f19ba36bc9576f2642c3752a304aff467f04c5

      Download Submit

    • C:\Program Files (x86)\hide.me VPN\Resources\Fonts\FontAwesome\fa-regular-400.ttf
      Filesize

      432KB

      MD5

      4acd65f30fc35f357aa09039f090aab0

      SHA1

      3214e8d5381eec35fb94a66904751fab466e9a7d

      SHA256

      d6cc8bfc49b7e61b20a87fe690bcb0ff4de18abdd69ddd69e080f13595715320

      SHA512

      30f7dd40fe601302c81f9e7346774e19f57b0d5051b5dc1f664336b8964a589166c4819b7fe9a26c326f998a63b4367a75574176612db4dc24e6bec1035613b9

      Download Submit

    • C:\Program Files (x86)\hide.me VPN\Resources\Fonts\FontAwesome\fa-solid-900.ttf
      Filesize

      369KB

      MD5

      a0e9f13549d93eb7cd8a36fc68db1dc6

      SHA1

      050b8212eaf0107dd919386713ef6f4ecd0d8e4f

      SHA256

      d3125a7b86b7e9e36665be41dea6c501c4e766c1028f483b5c405e0971293edd

      SHA512

      41a4e4eaf8d158c737efde8ccf59a603722e77b669e56e6098d55355347b3db43200d848545fbed72c12f9b058f526bb8149c5e4e9714195a3c5c776355399bf

      Download Submit

    • C:\Program Files (x86)\hide.me VPN\Sentry.dll
      Filesize

      696KB

      MD5

      a5e12b0b2c03445b50b04e88a611bd40

      SHA1

      aa2f72f447bb9b5fdc8d7582ef65186aac17ef08

      SHA256

      4282c4915d6ab6e7f38f07e1ea6622a4c4d621ec909082cacc3c833c1d819b8c

      SHA512

      a58b6c94f11adf99c6d78b0995c5af5778f7953f8850ab8a6968e06b8590ff482c060635d3beb475598f5535d5d24c03e59d98d90c7b30104baf378ad00077f7

      Download Submit

    • C:\Program Files (x86)\hide.me VPN\System.Drawing.Common.dll
      Filesize

      430KB

      MD5

      155f47739363f68b1f290a779b2ae442

      SHA1

      e92b48298a98520fef5e30d9ca69bd895a0e39bd

      SHA256

      cdb113094b32dc00f731d42886d03b5bad3017d9a797deebbe61d4340d5e67d7

      SHA512

      06301bbf5961ebaf4afa4d6ffa17b3b65ebe60dbc3d8febe1008ed82e82c80249b3bd8776b0d644fd9eda936634dc1a90d0d4e9b54f41675b90ce86622476f52

      Download Submit

    • C:\Program Files (x86)\hide.me VPN\hidemesvc.exe
      Filesize

      125KB

      MD5

      860c9eab25bb5a274462ce415f4cfbc9

      SHA1

      8a4d0b5269c2bcf3a299679ab8bbbebe181c3566

      SHA256

      a9f46bdca066b538724bae310c2aa5de1f4196d865d90c09907b894158f0b094

      SHA512

      d9ea21058c57b6ff68dd7e2409db58e991f3d1752866bda6f6874d375d538c2ceac3d6cb3472bc6e5a3360cf34bf80a68fcd1e4546ce3a3103c28b6ac1015c4f

      Download Submit

    • C:\Program Files (x86)\hide.me VPN\is-DT6CL.tmp
      Filesize

      253B

      MD5

      24e4653829de1022d01cd7ddd26e2f22

      SHA1

      9160a009cb381e044ba4c63e4435da6bfeb9dc6d

      SHA256

      ded3aeb5856a11db0b654a785574490cab55839ebfb17efe9e39b89618fc5b91

      SHA512

      efd4bbba1baec0b47003831510e3aa539db9ef468e0f06ba9d7ba6d0b3800035f7c818d7d90171bfd377ec97d08c4617555bcff635dd83efceb412b1a9cca820

      Download Submit

    • C:\Program Files (x86)\hide.me VPN\runtimes\win\lib\net6.0\Microsoft.Win32.SystemEvents.dll
      Filesize

      56KB

      MD5

      dd65cc318d2ef5f46a3f826c85322761

      SHA1

      5977fb1ef6d6696205aed84973559f58bfb7e3bb

      SHA256

      e712093997e02359ca09c14e80818735cc3592f4d2e1ac2657a8166e6c60047c

      SHA512

      4d14e8c9ac7d214da05d87c0f6d3ca7c009619397711eff630be981cc6ec84e458d3d910411267f83dcd2d482c9589375be82a9bc8b76d1c39eee4e85749c1dd

      Download Submit

    • C:\Program Files (x86)\hide.me VPN\runtimes\win\lib\net6.0\System.ServiceProcess.ServiceController.dll
      Filesize

      84KB

      MD5

      19ef3e88a0caeee8826b40849d9f8a39

      SHA1

      1e56ea9f0abe6217784bbb8848339985aaaa3041

      SHA256

      1748e287b706d7e369fe5b191d95fcb26e0a8ed485eb9572e5d994acd17e233b

      SHA512

      e4818253b6c9115f58c28cf8c1f3c43a908fcab57a2c7d7f75c02729beb207e6907d7b0fd8c6787aeaddbc76c24189f0c108e16244337dcd8ad02c5f6f85414e

      Download Submit

    • C:\Program Files\Common Files\ovpn-dco\Win11\ovpn-dco.inf
      Filesize

      2KB

      MD5

      77da079a3665afc84d05c3d07bcaa0d0

      SHA1

      3fbfafe2c08100f5b46b792398c2ecb9157760e9

      SHA256

      1f6c35bc11d910f91c32ea54894d0fddb0094876bdd526d04a9287d04d636242

      SHA512

      10fcd8464c6aab386bf2f675175598764e0b784a898b7b450fef3d055ecf902c7a57ac0aef2725b9e6899146e4e9230c8677bfd2a8f18489b642fa6beca25507

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\is-6D3H8.tmp\Hide.me-Setup-4.2.1.tmp
      Filesize

      3.2MB

      MD5

      307ad78ad76fbbf81fb02b6778cc797e

      SHA1

      b6e4cad64490502a89bc9bb3f5c1cbb2631d704a

      SHA256

      4f59dca19ba2399323d8ab13b7b3493b3f651b94ed732edacf5260340dad267f

      SHA512

      2281d3ce0c7450c926cbaf2baf2f88e4fe4122099f6c4b033e58e28c36213fa260f2d05bd720f5d36f9e3be71b020093e4af0b5d335b7989d23096645e147e6b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\is-Q05EN.tmp\idp.dll
      Filesize

      232KB

      MD5

      55c310c0319260d798757557ab3bf636

      SHA1

      0892eb7ed31d8bb20a56c6835990749011a2d8de

      SHA256

      54e7e0ad32a22b775131a6288f083ed3286a9a436941377fc20f85dd9ad983ed

      SHA512

      e0082109737097658677d7963cbf28d412dca3fa8f5812c2567e53849336ce45ebae2c0430df74bfe16c0f3eebb46961bc1a10f32ca7947692a900162128ae57

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hide.me VPN.lnk
      Filesize

      1KB

      MD5

      aeed19c7e6806a80670a1956d49729d5

      SHA1

      f4eebca0c3a2a13235c52e50e649ab5d61ad8473

      SHA256

      239e08f90b9b7f002866b1b55b9e02214cb9d38f4417a9c06ebb6f9e4c3e4a14

      SHA512

      9c383ecbe278540a3d3e0eb4ea16be01ee95755faeb309c07ff86b2ebb6adadc915d6d46be3a60deff4b163ad94a5ab9b492f8b1c6edac00dbaa3394d3125503

      Download Submit

    • C:\Windows\Installer\MSI408F.tmp
      Filesize

      143KB

      MD5

      84a1cc9540d5cdad74bc54f8090dd27a

      SHA1

      c6f82d1491015457785ae0d365e7196d693d9a6b

      SHA256

      2738720da0b6ce474ca6eb51a92372d047eca2d713c256f0cd6c147ac3a0db21

      SHA512

      9c25d6e7331844d01d732ac923e99c68f305749d92407c873cd09b451e59a8864001e308864fda319fa4a2bcae9dbe50682201c67901dce14272291dedecd2c8

      Download Submit

    • C:\Windows\Installer\MSI46BC.tmp
      Filesize

      281KB

      MD5

      718222e232d11298dfbabbc2b70d8b14

      SHA1

      89fc560692111c2245694867b8772fd8969f46d2

      SHA256

      45e855461f5d1be28a2f88416603070bd1778055abdd06834ae58e97b7ddf53c

      SHA512

      9191961c28a7a4647ae8f9f9e1956d60b97f5f5c3e4e838d888bf78c1ea665e98e8e3c75cc1247a68a89b2413493ea6d39dbc60827eec919ddba0536d793c801

      Download Submit

    • C:\Windows\System32\CatRoot2\dberr.txt
      Filesize

      107KB

      MD5

      803c13ee8e6c658b463dcaabca3d3f33

      SHA1

      5c444fdffdaa69bc114436fb4e7d825c4b902aeb

      SHA256

      37f8e63d1a46457624acf8bd18af7ebe6b940d480b030cb970784197cf042c2f

      SHA512

      a46996d80709887eaa00ace62fe69c9fa046cf8b83013636ca3b8753ea70f3b40a2c38c6d87284446aff9b49f89453a2352336aee071553fd569498a44b2f74f

      Download Submit

    • C:\Windows\Temp\C2A10C~1\tap0901.cat
      Filesize

      11KB

      MD5

      71ecece58bb00bdc1e728ee28d7a5332

      SHA1

      4305889415cf95662a30d024f1138f1af224cf42

      SHA256

      ee062e5ef2743ceab10c64830e4cefe52e35cc1ece85947ac4e61ddd1c0b05f7

      SHA512

      9b23404d867fc4fd7c7beeba3768e8fed3113cc7430ec1bc9ca7faf6e6105388de7057b1402f9b4ba8fbc11e5fcd3afe14233721e8d15b6c0bed40f65aa5b58b

      Download Submit

    • C:\Windows\Temp\C2A10C~1\tap0901.sys
      Filesize

      40KB

      MD5

      1bb9772a05517e227d1dafd3936e8f66

      SHA1

      d695ca5791a4b6a3509939aebdfaf5e229c6fbcf

      SHA256

      581dcaace05d5c1ac9512457ff50565aca5d904d2c209bd3fc369ca4d4a0d2b1

      SHA512

      3f1966038f91b887fe1a71474929bd87f3c75091846c6e9563f7424d3a7c19c908f1d874895341c61a868a616aba637e3d4188d4ebb7383087886a13a4dc0aa2

      Download Submit

    • C:\Windows\Temp\c2a10c7ac803bb7c41e54f5decc11a7402f8c89fae73399a0703060e33e23f2a\OemVista.inf
      Filesize

      7KB

      MD5

      6f5ffb58a9e406ab1643c890e2a198c6

      SHA1

      3ff1faba00ac18a93e88a6f2bbfa747c9fdc7e0c

      SHA256

      1327ab3a8c50691f04bea8e2ca356c5b604092a719e219464f8cc4b42e192de9

      SHA512

      af29bc13cc02238208c51e4e95dd0a4445a952755635a9eab38aa77a5c087cc8e2025af55d8f3a0e9f2430baa91534e7f892bb71aa0ef72bab4483211a845b4b

      Download Submit

    • \??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
      Filesize

      24.6MB

      MD5

      1299c4105c8f3130d310bc9b37b8c09e

      SHA1

      c4053e6a6f118f2e0fc29f1904c9a1ce6de6109b

      SHA256

      47d113c125d5c6112d4d6d09832ddfe3ede6886e86ad3b4247c9b0098ee26f64

      SHA512

      366d9b810b79263a3a312c1dea18e8d487f8245ee22ac1ebe61b55895813d328a334a5672aca81c33ebe685e1f0a5e3c1cdfb8917de7c3f576764bca8fcaa7c8

      Download Submit

    • \??\Volume{3f575a23-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{f6fe7034-e6e9-46e3-b012-eb99add49d04}_OnDiskSnapshotProp
      Filesize

      6KB

      MD5

      d0a183be8ac67e991b7be82d38dd59f6

      SHA1

      ef53c3e71d8940bc9678dfc01ed8f7e834462101

      SHA256

      34902150814f4e71b65406977a9230d715e07d6c7ecf2748e81289e1dab42113

      SHA512

      4bd97701429e72ff54e0bc8095b82ada76ce0f5a259783a935b8834168aca2449a1d80c7b2c2760e94a380ef0832fe6af4281b6ec6cc3404a06578ce77aaa5ec

      Download Submit

    • memory/1748-0-0x0000000000670000-0x000000000074F000-memory.dmp

      Filesize

      892KB

      Download

    • memory/1748-2-0x0000000000671000-0x0000000000719000-memory.dmp

      Filesize

      672KB

      Download

    • memory/1748-573-0x0000000000670000-0x000000000074F000-memory.dmp

      Filesize

      892KB

      Download

    • memory/1748-17-0x0000000000670000-0x000000000074F000-memory.dmp

      Filesize

      892KB

      Download

    • memory/2268-19-0x0000000000E70000-0x0000000000E71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2268-345-0x0000000000EE0000-0x000000000121F000-memory.dmp

      Filesize

      3.2MB

      Download

    • memory/2268-263-0x0000000000EE0000-0x000000000121F000-memory.dmp

      Filesize

      3.2MB

      Download

    • memory/2268-173-0x0000000000EE0000-0x000000000121F000-memory.dmp

      Filesize

      3.2MB

      Download

    • memory/2268-566-0x0000000000EE0000-0x000000000121F000-memory.dmp

      Filesize

      3.2MB

      Download

    • memory/2268-18-0x0000000000EE0000-0x000000000121F000-memory.dmp

      Filesize

      3.2MB

      Download

    • memory/2268-6-0x0000000000E70000-0x0000000000E71000-memory.dmp

      Filesize

      4KB

      Download