| Name | 2f49710ae8b509aa_tray.dat |
|---|---|
| Filepath | c:\program files (x86)\maskvpn\tray.dat |
| Size | 17.0B |
| Processes | 3032 (vpn.tmp) |
| Type | ASCII text, with no line terminators |
| MD5 | ac801c28444a1166fa3e32826a95b6fb |
| SHA1 | 36464f0f6d14cdebafb2029a22c58ae9df809924 |
| SHA256 | 2f49710ae8b509aa5b0c0b7d6da15c200ae5c793c9f0d447591706bd92238154 |
| CRC32 | 72BD57B0 |
| ssdeep | 3:C1SXbS7:C1kbm |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | a6e72b88e42d2b47_oemwin2k.inf |
|---|---|
| Filepath | c:\program files (x86)\maskvpn\driver\winxp64\oemwin2k.inf |
| Size | 7.1KB |
| Processes | 3032 (vpn.tmp) |
| Type | Windows setup INFormation, ASCII text, with CRLF line terminators |
| MD5 | b6aada0cbed06889053a05b66f146979 |
| SHA1 | 823025f02b355b37df7d7657b0f2b4d3584891a5 |
| SHA256 | a6e72b88e42d2b478615c5a16bbedb3fd02b0dd3def3a79840fc6a5df8312707 |
| CRC32 | 1A83A3F6 |
| ssdeep | 192:nr8tW9yCTi394vlQdqKbjR+iAUC7bd9io3DcNSj6jvKFkinuEQTXvzLd4Z:aWlGZdUWo3DcNSj6jvKFkinuEQTXvzaZ |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 35ec7f4d10493f28_mask_svc.exe |
|---|---|
| Filepath | c:\program files (x86)\maskvpn\mask_svc.exe |
| Size | 7.1MB |
| Processes | 3032 (vpn.tmp) |
| Type | PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows |
| MD5 | c6b1934d3e588271f27a38bfeed42abb |
| SHA1 | 08072ecb9042e6f7383d118c78d45b42a418864f |
| SHA256 | 35ec7f4d10493f28d582440719e6f622d9a2a102e40a0bc7c4924a3635a7f5a8 |
| CRC32 | 45514E5F |
| ssdeep | 196608:YxhJGB6OMA9nrikx0nMckYRg3M0v62blYAT:4oBZ9nzx0bf0vrblYAT |
| Yara |
|
| VirusTotal | Search for analysis |
| Name |
e3b0c44298fc1c14_SET7FC2.tmp
Empty file or file not found
|
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\{56058eb4-ba9e-325b-febb-584348e77d59}\SET7FC2.tmp |
| Size | 0.0B |
| Type | empty |
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| CRC32 | 00000000 |
| ssdeep | 3:: |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | b96b6977a6140a2b_image_install_logo.png |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\is-UM7RA.tmp\image_install_logo.png |
| Size | 61.7KB |
| Processes | 3032 (vpn.tmp) |
| Type | PNG image data, 560 x 340, 8-bit/color RGBA, non-interlaced |
| MD5 | f38a2a6d0bf5307dcd8dc8c44424f930 |
| SHA1 | 04741c5be18221d9e86d0d62f857c48709402f34 |
| SHA256 | b96b6977a6140a2ba8c292a9fdaab03b8c85f022ab22f26fc3b637b0b26a7498 |
| CRC32 | 9B68A2C2 |
| ssdeep | 1536:I9uNDrkIXLX7q5FDY8fncxZPQ0RAGJtusf4u:I9uN/BXD7UDJCZPp5Puu |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 3b1ff5252012d6e8_tap0901.sys |
|---|---|
| Filepath | c:\program files (x86)\maskvpn\driver\win732\tap0901.sys |
| Size | 22.5KB |
| Processes | 3032 (vpn.tmp) |
| Type | PE32 executable (native) Intel 80386, for MS Windows |
| MD5 | f49967c396969b71c3a72537db03a68b |
| SHA1 | f59d3a5d2afd85fbb9fb36f1411c767be2bf96cf |
| SHA256 | 3b1ff5252012d6e8a7dd6e4621ec43812510dca1a25a9a2e07288800f445dd41 |
| CRC32 | C6294D60 |
| ssdeep | 384:NumNz7O8/AvUAvm/wMWJ4pdsfH1aJhjJvjiissrisprwEYBu:QmNxAYB9zKal75pwZBu |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 457e1f180eaf6de0_faster.exe |
|---|---|
| Filepath | C:\Program Files (x86)\FastPc\FastPc\Faster.exe |
| Size | 1.8MB |
| Processes | 2340 (FastPC.exe) |
| Type | PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | 20b81f4564220cfa002ebb67e280537b |
| SHA1 | e6519668ab14901593019f128b268da0bd569240 |
| SHA256 | 457e1f180eaf6de0153c8eb4d708c8d34f7747c159a4aa99c8811dbbf826e2fb |
| CRC32 | 5970FE16 |
| ssdeep | 49152:Hk+Y9kX1UEkTCbLwUrcQJMG/RuUT6OA3uXy135c:x1UyLRrcOSO5XA5 |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | a32e0a83001d2c5d_2.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\$inst\2.tmp |
| Size | 36.0B |
| Processes | 2340 (FastPC.exe) |
| Type | Microsoft Cabinet archive data, 36 bytes |
| MD5 | 8708699d2c73bed30a0a08d80f96d6d7 |
| SHA1 | 684cb9d317146553e8c5269c8afb1539565f4f78 |
| SHA256 | a32e0a83001d2c5d41649063217923dac167809cab50ec5784078e41c9ec0f0f |
| CRC32 | EAB67334 |
| ssdeep | 3:wDl:wDl |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | da7d0368712ee419_botva2.dll |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\is-UM7RA.tmp\botva2.dll |
| Size | 41.0KB |
| Processes | 3032 (vpn.tmp) |
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows |
| MD5 | ef899fa243c07b7b82b3a45f6ec36771 |
| SHA1 | 4a86313cc8766dcad1c2b00c2b8f9bbe0cf8bbbe |
| SHA256 | da7d0368712ee419952eb2640a65a7f24e39fb7872442ed4d2ee847ec4cfde77 |
| CRC32 | 5BBF0304 |
| ssdeep | 768:DyNq+QImctzKKFyAE/PFqhezqSQrvYt4lYVuW0zMo4QHVoWyQK7OYwPPh:2Nq+QWJ7ds80mlde7s |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 4c03c27f90cd8a07_unins000.dat |
|---|---|
| Filepath | C:\Program Files (x86)\MaskVPN\unins000.dat |
| Size | 48.2KB |
| Processes | 3032 (vpn.tmp) |
| Type | data |
| MD5 | 6b6da804d5f7dcb5a7fa02d6b70fa231 |
| SHA1 | 65c31d65c9e66311e2fec00bdc2999e1dc25dfe2 |
| SHA256 | 4c03c27f90cd8a07eb082f00759c1b44794f2535c94379c8b301614282b0f468 |
| CRC32 | 0D0CE238 |
| ssdeep | 768:Lo7xQkSy1R6K6i3VRxQdvOIepPAqhg+RflqY:DkSKRf6ilRm1ta4iZ |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | a2ce3a0fa7d2a833_e0f5c59f9fa661f6f4c50b87fef3a15a |
|---|---|
| Filepath | C:\Users\test22\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A |
| Size | 893.0B |
| Processes | 2536 (Faster.exe) |
| Type | data |
| MD5 | d4ae187b4574036c2d76b6df8a8c1a30 |
| SHA1 | b06f409fa14bab33cbaf4a37811b8740b624d9e5 |
| SHA256 | a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7 |
| CRC32 | 1C31685D |
| ssdeep | 24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 2e3b749c6db360c7_config.data |
|---|---|
| Filepath | c:\program files (x86)\maskvpn\config.data |
| Size | 626.0B |
| Processes | 3032 (vpn.tmp) |
| Type | data |
| MD5 | 979c3f765105281a5675efc5d5b0fa26 |
| SHA1 | 7198f3a890f0f344a9d42afe72a5343e1d78553d |
| SHA256 | 2e3b749c6db360c75982daf40409e795b5af95a75012cf6794971e52d99432b8 |
| CRC32 | 28B339E5 |
| ssdeep | 12:6HlDXVz/bnw9SVkKPoLwZTldlX0CB7h5d2uFK3PIHJzYH9xcnWXsC0Ig7B/ju+k:6HlDBDw9SVkJqTLFuu4PcpY3cnWV0IgQ |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | f6706fcb6baa7dff_libcommon.dll |
|---|---|
| Filepath | c:\program files (x86)\maskvpn\libcommon.dll |
| Size | 1.7MB |
| Processes | 3032 (vpn.tmp) |
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows |
| MD5 | c9ef33d91bf886f8e6076b5f88c0f752 |
| SHA1 | 618c6fa433335897202436f66c47fc0895416b7e |
| SHA256 | f6706fcb6baa7dff750b799bd47393efc1f8c3a06289415fb0acf7795978f417 |
| CRC32 | F6A4AC41 |
| ssdeep | 24576:oMiRbQvteQxT8YIDryibz1QWKn5amfvmW7Q1tcWd7DTyj3R/lbvX:5teL4amutc0wxlLX |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 580a1bb479de4768_config.db |
|---|---|
| Filepath | c:\program files (x86)\maskvpn\config.db |
| Size | 40.0KB |
| Processes | 3032 (vpn.tmp) |
| Type | data |
| MD5 | 0c99c1a78ce20039f0b17317bfb2b2ea |
| SHA1 | 4aecfcef161ef25acd3e2d4dbf4ed6e58198cdd8 |
| SHA256 | 580a1bb479de47689c49ba42a2d810f135fcc7cb6f8b27e29729b43b02391215 |
| CRC32 | 90BADEC0 |
| ssdeep | 768:yZj8facjYVNwHBgskJatBSgHtGiTOTWC7zr2fW++CkTgI45ESvMqPdNQI1A5weq:yZj8ScjNHBgskJatL4iTOTWKv2OOsSvx |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 89c5ca1440df1864_tap0901.sys |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\{56058eb4-ba9e-325b-febb-584348e77d59}\tap0901.sys |
| Size | 26.5KB |
| Processes | 556 (tapinstall.exe) |
| Type | PE32+ executable (native) x86-64, for MS Windows |
| MD5 | d765f43cbea72d14c04af3d2b9c8e54b |
| SHA1 | daebe266073616e5fc931c319470fcf42a06867a |
| SHA256 | 89c5ca1440df186497ce158eb71c0c6bf570a75b6bc1880eac7c87a0250201c0 |
| CRC32 | 44F67708 |
| ssdeep | 768:23TW/1EGrmXdi0OGNwe2AC8nZluRpG/caKk1/yhd:X1EwcJHuqEaKk1qhd |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 93ffd0c0b164422f_vpn.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\is-DFGN3.tmp\vpn.tmp |
| Size | 1.7MB |
| Processes | 2128 (vpn.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 2d136816152335b80991aefc4d5ddf8d |
| SHA1 | c9cf142e99ee4c48f0cc1f42288289d4b21c3adb |
| SHA256 | 93ffd0c0b164422f8df1edff87deb6386619c995e4b2dca5bb95b028580b82bc |
| CRC32 | 9643B579 |
| ssdeep | 24576:6H9/gqpQYze0XKvc4BYCsCS3D4kjiIUjyeyXEDq8UbVlc3GYgl4KvjKwCjAFCjAS:SIEJxCWluyZ8UbM5jAsjAv6 |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | a4c86fc4836ac728__setup64.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\is-UM7RA.tmp\_isetup\_setup64.tmp |
| Size | 6.0KB |
| Processes | 3032 (vpn.tmp) |
| Type | PE32+ executable (console) x86-64, for MS Windows |
| MD5 | 4ff75f505fddcc6a9ae62216446205d9 |
| SHA1 | efe32d504ce72f32e92dcf01aa2752b04d81a342 |
| SHA256 | a4c86fc4836ac728d7bd96e7915090fd59521a9e74f1d06ef8e5a47c8695fd81 |
| CRC32 | B1C5F7C5 |
| ssdeep | 96:sfkcXegaJ/ZAYNzcld1xaX12pS5SKvkc:sfJEVYlvxaX12EF |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 58803be2b5157658_maskvpn.ico |
|---|---|
| Filepath | c:\program files (x86)\maskvpn\maskvpn.ico |
| Size | 130.0KB |
| Processes | 3032 (vpn.tmp) |
| Type | MS Windows icon resource - 15 icons, 48x48, 16 colors, 4 bits/pixel, 32x32, 16 colors, 4 bits/pixel |
| MD5 | 8aa92d1ed7f79b01305085e2083485b9 |
| SHA1 | 4ff240bba0a252c70cd5281ccce8056304827008 |
| SHA256 | 58803be2b5157658db6125b7cf1d765496eb4751dd9e47c31b77e7c8142dc5cf |
| CRC32 | 7AEB4997 |
| ssdeep | 1536:GO+No26U7rZ439hzMRODe2zBBkvAgPU4p5u30:L+NP5Cnz3jzItdg0 |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | e536f11a73ab87eb_ipseccmd.exe |
|---|---|
| Filepath | c:\program files (x86)\maskvpn\ipseccmd.exe |
| Size | 104.0KB |
| Processes | 3032 (vpn.tmp) |
| Type | PE32 executable (console) Intel 80386, for MS Windows |
| MD5 | 11e5a276a93c4604c175ca3ebce6d77a |
| SHA1 | bb3cdda302afdb2f1e31249d8f80eeca09ccb515 |
| SHA256 | e536f11a73ab87ebae64a6a51be70f0d8a11b2bb601a6c447c42e8e27f6a10c3 |
| CRC32 | 82972C67 |
| ssdeep | 1536:zIZYaabvIhcAb3/oJwSzQm5y1kH9eey38tBbqpDuK:MZgbQhizQNkdDLqpiK |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 2b7469d2f2305ccb_button_install.png |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\is-UM7RA.tmp\button_install.png |
| Size | 3.7KB |
| Processes | 3032 (vpn.tmp) |
| Type | PNG image data, 240 x 152, 8-bit/color RGBA, non-interlaced |
| MD5 | d6cbe926b339382e5856af4661354151 |
| SHA1 | 93d23425b99e1e3a7f3ec5eb711bbeb6ffc4e03e |
| SHA256 | 2b7469d2f2305ccb890f4b00228a190b675fd723f21dcb0cf7a9cc2a06ffa7a2 |
| CRC32 | 0F107AB6 |
| ssdeep | 96:MSMllcHitlIxv9vk7C1+I4wWHLihk/xbB6/W95uViZEPJnX:MSHIIHUCD4wa5BCJVaE9X |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 4b63e2ae62c42b36_button_minimize.png |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\is-UM7RA.tmp\button_minimize.png |
| Size | 2.9KB |
| Processes | 3032 (vpn.tmp) |
| Type | PNG image data, 30 x 100, 8-bit/color RGBA, non-interlaced |
| MD5 | 1cccfb960555e423cd8a0684714d676d |
| SHA1 | 932157f11f213ec02acfd3296fe1a85f13705c7a |
| SHA256 | 4b63e2ae62c42b364669992531e04a990f30618d81ad1afd7512db19adad3a36 |
| CRC32 | B8FD00C5 |
| ssdeep | 48:o/6qbllck+itY5vm7I6Wzv9UAOb57C1cSMIg6lc3d+0UWHdVG/jJtFo3/d7xSkS:oSMllcHitlIxv9vk7C1+I4wWHLihk/xe |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 6f997d53abfc991e_tap0901.cat |
|---|---|
| Filepath | c:\program files (x86)\maskvpn\driver\winxp64\tap0901.cat |
| Size | 10.3KB |
| Processes | 3032 (vpn.tmp) |
| Type | data |
| MD5 | 0365c95d5be2b3d314dcc019380c0e11 |
| SHA1 | c269cee763f580e890d2eae42a8e98116e04a232 |
| SHA256 | 6f997d53abfc991e23f08256fbde3eb21a1680af2e504b7accfef0f1d8909503 |
| CRC32 | 81E1B2A5 |
| ssdeep | 192:NLdBt9XdZubhZCIt3YsXC15bG03OZZ3xN5BdxK6CYO6+y789:3hNZq3dXCHr+ZZv/K6jO6M9 |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 2aa89522da7f7fa7_maskvpnupdate.exe |
|---|---|
| Filepath | c:\program files (x86)\maskvpn\maskvpnupdate.exe |
| Size | 4.8MB |
| Processes | 3032 (vpn.tmp) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | ea4a5721c804e49f4073fc041c83c674 |
| SHA1 | dd66319b55823baec0d21e69337f7a6fabbe5267 |
| SHA256 | 2aa89522da7f7fa7d3d7636c30e7415174073b1117e3eb1837548269b19e6776 |
| CRC32 | A2840631 |
| ssdeep | 49152:evsWttKu0WASNZXWFG1jliCFH2vtQ7G+ehO6KzpIVMrTLcpzOr5G98pjAuHqv:evss4A1jli1vtQG+efKdIeKi5TjAYqv |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 43d03cbdc64bf461_tunnle.exe |
|---|---|
| Filepath | c:\program files (x86)\maskvpn\tunnle.exe |
| Size | 389.4KB |
| Processes | 3032 (vpn.tmp) |
| Type | PE32 executable (console) Intel 80386, for MS Windows |
| MD5 | f776bfba1498a340a29a17b7277a97c9 |
| SHA1 | 1976417c58aa9a81333840ce3cc691eee677359a |
| SHA256 | 43d03cbdc64bf4616d0da8d05ae282331abcc7caf31f0c8e2878c315da32950e |
| CRC32 | 61F56527 |
| ssdeep | 12288:WFrff4auJqbAszRRGNPS6mfKavWExL59zP0bVcj:WFCazRRGNPtSKavWqDP0U |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | c9963a3f8abf6fed_tapinstall.exe |
|---|---|
| Filepath | c:\program files (x86)\maskvpn\driver\win764\tapinstall.exe |
| Size | 90.1KB |
| Processes | 3032 (vpn.tmp) |
| Type | PE32+ executable (console) x86-64, for MS Windows |
| MD5 | d10f74d86cd350732657f542df533f82 |
| SHA1 | c54074f8f162a780819175e7169c43f6706ad46c |
| SHA256 | c9963a3f8abf6fedc8f983a9655a387d67c752bd59b0d16fd6fc2396b4b4ca67 |
| CRC32 | 04AF3B31 |
| ssdeep | 1536:HmYSYxGfIZnRnD6M7EFOUakPhtUn6KXF4O7Wbv6:GYFZnRDGdvPXU6K1RW2 |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | ccf1d09954147e0e_button_close.png |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\is-UM7RA.tmp\button_close.png |
| Size | 705.0B |
| Processes | 3032 (vpn.tmp) |
| Type | PNG image data, 30 x 100, 8-bit/color RGBA, non-interlaced |
| MD5 | 492e8ff960b1bc2616c03e5035eb6376 |
| SHA1 | badc67a94f6eb8c767b3784bb3f4fc2bad58fb4c |
| SHA256 | ccf1d09954147e0e30181af3bc4a4fcefd465bd6aa6a7f94b84eaa2795952eb6 |
| CRC32 | FF93D03D |
| ssdeep | 12:6v/7zTPl2FRS++sVLrH0nqvkbdphHkHo2mVFJgiqTdjG8X03DTqNlfrOARSLtN:ST2THsyGdjEBwkNTdjVyTMfDOtN |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | dc03a5a501db9198_version |
|---|---|
| Filepath | c:\program files (x86)\maskvpn\version |
| Size | 16.0B |
| Processes | 3032 (vpn.tmp) |
| Type | data |
| MD5 | c0639bebad514403172e924fd4c6ca4d |
| SHA1 | 294d46bb9fba42d81d148fd8e9c1febd6a1ee821 |
| SHA256 | dc03a5a501db919817e5e4a05917f045da3c65cb3e96ffb53e63e2ac5a899893 |
| CRC32 | 18CC4602 |
| ssdeep | 3:w3onLXvn:w30v |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | ed441a39e75312e0_install.bat |
|---|---|
| Filepath | c:\program files (x86)\maskvpn\driver\win732\install.bat |
| Size | 89.0B |
| Processes | 3032 (vpn.tmp) |
| Type | ASCII text, with CRLF line terminators |
| MD5 | 920b0b8ed98665f8e3210f3dba618fdc |
| SHA1 | 757600d9ed889b4d97509884e0c19b0aa85bdfdc |
| SHA256 | ed441a39e75312e00d22a77dab1c192ab9c4737b94e1a4b405fd7b17589cf78d |
| CRC32 | 6A4D8492 |
| ssdeep | 3:EqLASFi6d0Ab0+8RAXyiVYrcLVLyBELMb1VUov:f0Y0+lXHVYYLV3Gxv |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 878c1b205887b619_tap0901.cat |
|---|---|
| Filepath | c:\program files (x86)\maskvpn\driver\win732\tap0901.cat |
| Size | 19.0KB |
| Processes | 3032 (vpn.tmp) |
| Type | data |
| MD5 | ad8a5cbec4f83ae4f850c793713ee770 |
| SHA1 | bee00a5037d4f1232837d27bca21658efcff1750 |
| SHA256 | 878c1b205887b61906f6f4f8da5783d2bb8756d0a39359288d09f65f983b27c2 |
| CRC32 | AEC1821F |
| ssdeep | 384:HP01ych1MrYATK6jjZ2ZE6qeZsHLwuaB+XFhMb:8fMrrKgdqq7Zz1hi |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | b44168e17f69da5a_install.bat |
|---|---|
| Filepath | c:\program files (x86)\maskvpn\driver\winxp64\install.bat |
| Size | 87.0B |
| Processes | 3032 (vpn.tmp) |
| Type | ASCII text, with CRLF line terminators |
| MD5 | 559416931cce256b9c8c7cc4140d9b6b |
| SHA1 | 7e9059fa49ce2f70b8d204bd60786af57ed9bc33 |
| SHA256 | b44168e17f69da5a09cbaca15bfd685c9ca69db3b3c7cdfbf91453d644312995 |
| CRC32 | 09203062 |
| ssdeep | 3:EqLASFi6d0Ab0+8RAXy2ZMLVLzMLXFpVUoa:f0Y0+lXzyLV3MLlxa |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | d209df8559df3de4_ssleay32.dll |
|---|---|
| Filepath | c:\program files (x86)\maskvpn\ssleay32.dll |
| Size | 346.9KB |
| Processes | 3032 (vpn.tmp) |
| Type | PE32 executable (DLL) (console) Intel 80386, for MS Windows |
| MD5 | 2c9264500435473f437264a931b0fafd |
| SHA1 | 513c5d37d86b218f7d30d67d08142dcd3b3320eb |
| SHA256 | d209df8559df3de477dbe60c6fa3e7d98b191b0d90ed6d95ad6471ec3ec32c1f |
| CRC32 | 5C300AEC |
| ssdeep | 6144:76MNzVTEz1LgXCpfoaDRQHojjYkARhcPL0U2pHGS5VdQ/TOEzrqArrpA1riT1Pit:76MNzVgz1LgXCpfoaDqHojjYkARqPL0H |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 69cb3ebbf5fe619d_button_checkbox.png |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\is-UM7RA.tmp\button_checkbox.png |
| Size | 3.1KB |
| Processes | 3032 (vpn.tmp) |
| Type | PNG image data, 15 x 120, 8-bit/color RGBA, non-interlaced |
| MD5 | 5ecf75ff3f915320ea9e051e85a84c67 |
| SHA1 | cd5bb9d03fd4abc2f7236986ddc14ac3d0753b99 |
| SHA256 | 69cb3ebbf5fe619d6f290597c32d88846aa9b218107255a54aaa8271ebe88f71 |
| CRC32 | 1302D6C2 |
| ssdeep | 96:hSMllcHitlIxv9vk7C1+I4wWHLihk/xESXl:hSHIIHUCD4waVl |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | fb801b50a64fd187_button_browser.png |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\is-UM7RA.tmp\button_browser.png |
| Size | 861.0B |
| Processes | 3032 (vpn.tmp) |
| Type | PNG image data, 66 x 104, 8-bit/color RGBA, non-interlaced |
| MD5 | 76fb1693af9afa4fe3d1f89e58a464b7 |
| SHA1 | 6a76368b793266d0c2aaef7482ebcbfd47c91383 |
| SHA256 | fb801b50a64fd187a8b49b55406989b8fcc61f76146a3f840fca2116ab26fb37 |
| CRC32 | C14C35C4 |
| ssdeep | 12:6v/7LyZcbGZQdta2Uoff2E/uB0q7Lqt2oT1FIgizwBNfcfwpRgNQe54yWzJP:HciKdwCf2E/uNXCfTwgiz89c6KuMVWZ |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | b5728e42ea12c675_oemvista.inf |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\{56058eb4-ba9e-325b-febb-584348e77d59}\oemvista.inf |
| Size | 7.3KB |
| Processes | 556 (tapinstall.exe) |
| Type | Windows setup INFormation, ASCII text, with CRLF line terminators |
| MD5 | 87868193626dc756d10885f46d76f42e |
| SHA1 | 94a5ce8ed7633ed77531b6cb14ceb1927c5cae1f |
| SHA256 | b5728e42ea12c67577cb9188b472005ee74399b6ac976e7f72b48409baee3b41 |
| CRC32 | F4D2E419 |
| ssdeep | 192:wr8tW9yCTi3l4vlQd22bjR+iAUC7bdYiio3DcNSj6jvKFkinuEQTXvzLd4Z:LWlGxdkWXo3DcNSj6jvKFkinuEQTXvzq |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 55cfcec7f026c6e2_tap0901.sys |
|---|---|
| Filepath | c:\program files (x86)\maskvpn\driver\winxp64\tap0901.sys |
| Size | 39.7KB |
| Processes | 3032 (vpn.tmp) |
| Type | PE32+ executable (native) x86-64, for MS Windows |
| MD5 | 3c32ff010f869bc184df71290477384e |
| SHA1 | 9dec39ca0d13cd4aadf4120de29665c426be9f2b |
| SHA256 | 55cfcec7f026c6e2e96a2fbe846ab513bb12bb0348735274fe1b71af019c837b |
| CRC32 | 27E26842 |
| ssdeep | 768:OIOPCr6ghD8JTbddDChKSfl4FUFqa0XFC1bRbq0FlCbxG95ux7KqKgv:rcCr6gYTb/DoBfi60a0XFC1UP+5ux7Kg |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 6929f6da490b9f5c_button_customize.png |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\is-UM7RA.tmp\button_customize.png |
| Size | 4.1KB |
| Processes | 3032 (vpn.tmp) |
| Type | PNG image data, 90 x 120, 8-bit/color RGBA, non-interlaced |
| MD5 | 0d5287d3e74e12619ee0ee561edb1937 |
| SHA1 | 02bae16e800233e6bbbbc20e8e6219b69b109bff |
| SHA256 | 6929f6da490b9f5c0a3277975c23a309cd2c8516dba9fbe1de1300d7fc729efe |
| CRC32 | 824774FB |
| ssdeep | 96:lSMllcHitlIxv9vk7C1+I4wWHLihk/xHf6hILPTDkpAP79jPLCiz:lSHIIHUCD4waN3LPPKAP7tPdz |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 5bccb86319fc9021_libMaskVPN.dll |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\is-UM7RA.tmp\libMaskVPN.dll |
| Size | 2.3MB |
| Processes | 3032 (vpn.tmp) |
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows |
| MD5 | 3d88c579199498b224033b6b66638fb8 |
| SHA1 | 6f6303288e2206efbf18e4716095059fada96fc4 |
| SHA256 | 5bccb86319fc90210d065648937725b14b43fa0c96f9da56d9984e027adebbc3 |
| CRC32 | 2F765C4A |
| ssdeep | 24576:kQu9k/+XwST8oE46nDTDcPB+cxENBySNZjYzqdA1wHanrzEfcln8JIaIvufnXs:QXwsSD04NISXYzqannZ+I98c |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | aa83670a92681a19_tap0901.cat |
|---|---|
| Filepath | c:\program files (x86)\maskvpn\driver\winxp32\tap0901.cat |
| Size | 10.2KB |
| Processes | 3032 (vpn.tmp) |
| Type | data |
| MD5 | fb34d08569af3a01758d4bf629a3aa0d |
| SHA1 | d84aa4acf33724ea68d0f60ffbce0afebc583d95 |
| SHA256 | aa83670a92681a19b6aed64cf0509c2b53b56c11352a88764fc25c7bf6f5c5f9 |
| CRC32 | AE0B1673 |
| ssdeep | 192:2PC9NdAdZubhZCIt3YsXC15bG03OZZ3xN5BdxK6CYO6Lut:8gqZq3dXCHr+ZZv/K6jO6Y |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | f2f42083ce7f440d_libeay32.dll |
|---|---|
| Filepath | c:\program files (x86)\maskvpn\libeay32.dll |
| Size | 1.3MB |
| Processes | 3032 (vpn.tmp) |
| Type | PE32 executable (DLL) (console) Intel 80386, for MS Windows |
| MD5 | d5b478ce42b8918dfae9ecc4ec65ad09 |
| SHA1 | b6f73c2bdab4f7f2faed514c861cd90e7a4f1aa9 |
| SHA256 | f2f42083ce7f440d8ce3ab438af7a74b3519ecc1ff2d634d67d6dba7ed628820 |
| CRC32 | CAFA9E0F |
| ssdeep | 24576:Sb9g+KpPh4i6HsyTx1tzrMDvuMbmcXxpOdJqFrG/kqg1D:556x1tzrMDvuiXxpO7qs/kP1D |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | a391af39b1444587_fast.exe |
|---|---|
| Filepath | C:\Program Files (x86)\FastPc\FastPc\Fast.exe |
| Size | 716.5KB |
| Processes | 2340 (FastPC.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 37f9ed9d61e6463796aeeb8b72fe3b37 |
| SHA1 | 0a70b57a1a674a881ca23405532848e31acfe770 |
| SHA256 | a391af39b144458767e805699ef1964bf65f1e5ca82ef6980796c8af4e86e25c |
| CRC32 | A5B96C8D |
| ssdeep | 12288:iy5+Ra2zsSBIwbf7RdLlim3XRxxpHcPn7ux+1t+3+k7XQAT0lDOMUH:x5Obzs6bf733hrlo7q+1t4d7XH |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 9884e9d1b4f8a873__shfoldr.dll |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\is-UM7RA.tmp\_isetup\_shfoldr.dll |
| Size | 22.8KB |
| Processes | 3032 (vpn.tmp) |
| Type | PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows |
| MD5 | 92dc6ef532fbb4a5c3201469a5b5eb63 |
| SHA1 | 3e89ff837147c16b4e41c30d6c796374e0b8e62c |
| SHA256 | 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87 |
| CRC32 | AE2C3EC2 |
| ssdeep | 384:+Vm08QoKkiWZ76UJuP71W55iWHHoSHigH2euwsHTGHVb+VHHmnH+aHjHqLHxmoq1:2m08QotiCjJuPGw4 |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 84b5d0d89d618189_unins000.msg |
|---|---|
| Filepath | C:\Program Files (x86)\MaskVPN\unins000.msg |
| Size | 22.0KB |
| Processes | 3032 (vpn.tmp) |
| Type | data |
| MD5 | 1add80e0e62318e670a58dc52377cf9d |
| SHA1 | 704d05d5ab2fdc69f4e04d5cca2235ed274407a0 |
| SHA256 | 84b5d0d89d618189fd0678e0b5ef59cd1e2eaf93ebb5775c9dc7c700c823a58c |
| CRC32 | BB4A675D |
| ssdeep | 192:Ea1EjXgkg3Sqfxsfr69FT0AKanzLYfMa1GzvL7Vzo+Fc51USQDz6fbKJUfvo:R1ElvqfAr6fKVfMVRo+y1USQDza3o |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | a461b764e248d3e5_oemvista.inf |
|---|---|
| Filepath | c:\program files (x86)\maskvpn\driver\win732\oemvista.inf |
| Size | 7.3KB |
| Processes | 3032 (vpn.tmp) |
| Type | Windows setup INFormation, ASCII text, with CRLF line terminators |
| MD5 | 41884571579f88540326252b81d0a9f8 |
| SHA1 | cfd0ba5db827d21e4fa71663c045b5676d303d6e |
| SHA256 | a461b764e248d3e59a1a730ff94af7e61121f5a02004e02b3b866ac8fd1689be |
| CRC32 | 788FE2BB |
| ssdeep | 192:wr8tW9yCTi3l4vlZ2bjR+iAUC7bdYiio3DcNSj6jvKFkinuEQTXvzLd4Z:LWlGEWXo3DcNSj6jvKFkinuEQTXvzaZ |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 90344efa69152166_vpn.exe |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\vpn.exe |
| Size | 15.0MB |
| Processes | 2536 (Faster.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 4dd57eb8ea614ca43e679abeaf5351bf |
| SHA1 | 57b90c34640c810831c3b80fa7e9f952a6753aa6 |
| SHA256 | 90344efa69152166a3f894cbd0a41640a6bbbe9053a80585d2e98906ff74f44b |
| CRC32 | 2D2162C1 |
| ssdeep | 393216:+fAlhvR8PZ5ECts3Rztsr5PSL0g7+Pgkt7/7xU5:rlhv2O1tfZi7/FG |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 91ebea8ad199e978_tap0901.cat |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\{56058eb4-ba9e-325b-febb-584348e77d59}\tap0901.cat |
| Size | 19.0KB |
| Processes | 556 (tapinstall.exe) |
| Type | data |
| MD5 | c757503bc0c5a6679e07fe15b93324d6 |
| SHA1 | 6a81aa87e4b07c7fea176c8adf1b27ddcdd44573 |
| SHA256 | 91ebea8ad199e97832cf91ea77328ed7ff49a1b5c06ddaacb0e420097a9b079e |
| CRC32 | EE6251B3 |
| ssdeep | 384:fMych1MrYATK6jjNe6ZE6qeZsHLwdXFhz5:fwMrrKgJrq7m1hV |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 5c6aae8c345e5eda_tapinstall.exe |
|---|---|
| Filepath | c:\program files (x86)\maskvpn\driver\win732\tapinstall.exe |
| Size | 85.6KB |
| Processes | 3032 (vpn.tmp) |
| Type | PE32 executable (console) Intel 80386, for MS Windows |
| MD5 | bc2eb9be84d65e600bb4baebfc0d6c74 |
| SHA1 | dffa04b9399b8742e1536c5942b43df58a42980a |
| SHA256 | 5c6aae8c345e5eda7185cabafcf9270ef3d73f198290842654d8916f8321b150 |
| CRC32 | 464F4E6C |
| ssdeep | 768:AeFpBuMKzLkfKI4hHZv4zS5bhkt4JlX82BSOe9oKSJ2SLD0BEZWk3zoMrrKgp:TBuMN4VFESvkt4nXF4O7WcBvT |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 741b41f7467d312a_tap0901.sys |
|---|---|
| Filepath | c:\program files (x86)\maskvpn\driver\winxp32\tap0901.sys |
| Size | 34.5KB |
| Processes | 3032 (vpn.tmp) |
| Type | PE32 executable (native) Intel 80386, for MS Windows |
| MD5 | 432d9d823c4c26b6070c41bad4404ce4 |
| SHA1 | 5e562e4b8a04dc61614423d0440f2057a0e55059 |
| SHA256 | 741b41f7467d312af4cc733ea31f647fbcd06985cbb6a14117e8a87a6f7b06f5 |
| CRC32 | 5FA97BBF |
| ssdeep | 384:mfMsa/mI7L1ypn49O1U1dLn3kDPQXDg8rvfCVUR4KYRGcdq3zhZPvZDsr3549F4J:m09UUPL3sQXDg6iiWA3LZem4LSqKg |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 1d4110f975b3510c_temp_0.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\$inst\temp_0.tmp |
| Size | 2.4MB |
| Processes | 2340 (FastPC.exe) |
| Type | Microsoft Cabinet archive data, 2507216 bytes, 3 files |
| MD5 | d865f6501e80b164017a253fa0fae2fc |
| SHA1 | 6e43e94cc5062cbca05e0aed7c6c6438ad33482a |
| SHA256 | 1d4110f975b3510c352986c762665d88612c2785c6737b395ce05af4ef4168f6 |
| CRC32 | 61F21769 |
| ssdeep | 49152:ezsO7ffB0xr0VxVm2hX6UKUrC1xwfsBOZPFdMnUG9GAAyDy1BGKk:05rfB0xr0VF6U4xgsBKSG2DQGKk |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 13fb3e05dd3012d3_tunnle.dll |
|---|---|
| Filepath | c:\program files (x86)\maskvpn\tunnle.dll |
| Size | 5.8MB |
| Processes | 3032 (vpn.tmp) |
| Type | PE32 executable (DLL) (console) Intel 80386, for MS Windows |
| MD5 | f4f835bff26e3e85b955e25a46edf5b6 |
| SHA1 | 402e7279cc642cb6b9fd5382ae88b3befd197f1e |
| SHA256 | 13fb3e05dd3012d3bfdb2ac058d43e1192c262e83945a8005d45d35c6828dbc0 |
| CRC32 | FDD18204 |
| ssdeep | 98304:0X7QSKPo4at772BIIjXl8ht22rHthYxDlQ0:G7QSSc+jJ |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | b8109f63a7884709_uninstall.bat |
|---|---|
| Filepath | c:\program files (x86)\maskvpn\driver\win732\uninstall.bat |
| Size | 31.0B |
| Processes | 3032 (vpn.tmp) |
| Type | ASCII text, with CRLF line terminators |
| MD5 | 9133a44bfd841b8849bddead9957c2c3 |
| SHA1 | 3c1d92aa3f6247a2e7ceeaf0b811cf584ae87591 |
| SHA256 | b8109f63a788470925ea267f1b6032bba281b1ac3afdf0c56412cb753df58392 |
| CRC32 | D570D9D6 |
| ssdeep | 3:LrHt9QVVkUov:LkVVkxv |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 3146ff67f18f01ff_edit_background.png |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\is-UM7RA.tmp\edit_background.png |
| Size | 458.0B |
| Processes | 3032 (vpn.tmp) |
| Type | PNG image data, 298 x 24, 8-bit/color RGBA, non-interlaced |
| MD5 | 971f9cd6f860fa9a69f2729f621f1d3b |
| SHA1 | 93b7e12547ca7365b935278340774ee7274266c6 |
| SHA256 | 3146ff67f18f01ff28ceaf36189094fafa01bcfff9ac68a6b3fb53de7bdc3cc8 |
| CRC32 | 9080111D |
| ssdeep | 12:6v/7nGtdKqqbuf1OsSKwvq0ZCTnVHMOro3kFhWc:uGuqtO8QBMo3kX |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 0c22c5bd2e8ff9aa_uninstall.bat |
|---|---|
| Filepath | c:\program files (x86)\maskvpn\driver\winxp32\uninstall.bat |
| Size | 27.0B |
| Processes | 3032 (vpn.tmp) |
| Type | ASCII text, with CRLF line terminators |
| MD5 | f969d91a3745320e2527d820a59372b9 |
| SHA1 | cd6607633993ce2903d2d8050e4cf7ffd001e1fd |
| SHA256 | 0c22c5bd2e8ff9aa38b73552f3d3767af074ec04ef60682dcc7b703a97b9dd39 |
| CRC32 | 54B262C5 |
| ssdeep | 3:/eXt9QVVkUov:/LVVkxv |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | f3f66f68f10dd029_fast_.exe |
|---|---|
| Filepath | C:\Program Files (x86)\FastPc\FastPc\Fast_.exe |
| Size | 103.2KB |
| Processes | 2340 (FastPC.exe) |
| Type | PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | bb7db2a053187c745dbafd790698bb40 |
| SHA1 | 59c2abc023c9e7d6ffe37253cd6b3b041be694af |
| SHA256 | f3f66f68f10dd0291956577ad36fc5a3a1fb25114128fa61206b00e274315bf3 |
| CRC32 | 49A21A84 |
| ssdeep | 1536:Hwr21036I0cOVHTEGnN0D0wp71nqdHrzGHosugwfsbd6vRe6x0fVcOdVk9DrmV:QrN6IUHh0D0Qx+rzGygwfkgRhcf61mV |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | e801fa1870275373_maskvpn.exe |
|---|---|
| Filepath | c:\program files (x86)\maskvpn\maskvpn.exe |
| Size | 8.7MB |
| Processes | 3032 (vpn.tmp) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | a220528f31dceddc955b791b13ac4989 |
| SHA1 | 57a83b83a11b6e27c9e88a7835d8a84744d79bdd |
| SHA256 | e801fa187027537337d8b4e4bde3a7da95499172f6b1477830a216d0a385518b |
| CRC32 | 5065A9DA |
| ssdeep | 196608:fydxmtRumiOzJeoQp4HFXxLf7GPso2k0kyqjj:f8xmtRumFzJp/Lf7Er |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 370520b2b95364a3_icon.db |
|---|---|
| Filepath | c:\program files (x86)\maskvpn\icon.db |
| Size | 128.0KB |
| Processes | 3032 (vpn.tmp) |
| Type | data |
| MD5 | e28fb893ec092c9d607db372646b2aed |
| SHA1 | 31b51b52294fc463e0d516f44ac7d5a336b72471 |
| SHA256 | 370520b2b95364a3372299b6f4f83c9a656d4161e0d03f7201fd6eeba219abf9 |
| CRC32 | 1A25527B |
| ssdeep | 3072:d6bJK3OkO6e2WtuDpA7okGAlYP7YUIG6xmBZdvC8FHu8I2GT:diJWO6e2OuDpNFMdYvC8GhT |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | f55cdf703b8a508d_list.dat |
|---|---|
| Filepath | c:\program files (x86)\maskvpn\list.dat |
| Size | 296.0B |
| Processes | 3032 (vpn.tmp) |
| Type | TIM image, (12463,64817) |
| MD5 | 344f8a56e943f18af8a3f3b457d88479 |
| SHA1 | 5fb7855ffcb78ca4ec133b804107f589373febf3 |
| SHA256 | f55cdf703b8a508d2ed8f8257bf18f46627bf5140c1dee0c9bc29173a2cc8f3d |
| CRC32 | 2EA5C87C |
| ssdeep | 6:Jgh+AeQgt3WpqAvBAFvHx1nFgqr7o9INZPRHlIkQXvSsV:uNeQ+3uqA+LFJ49eZPZl7MS0 |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 6afa2d104be6efe3_InnoCallback.dll |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\is-UM7RA.tmp\InnoCallback.dll |
| Size | 63.5KB |
| Processes | 3032 (vpn.tmp) |
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows |
| MD5 | 1c55ae5ef9980e3b1028447da6105c75 |
| SHA1 | f85218e10e6aa23b2f5a3ed512895b437e41b45c |
| SHA256 | 6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f |
| CRC32 | 85DF9C3B |
| ssdeep | 1536:+VqUE7JhgAzj/ZuhnOwKWSAXvze/V2C0mswp91:gWgAnB3XDAqt/p91 |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | f694cc21bace3afa_progressbar_foreground.png |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\is-UM7RA.tmp\progressbar_foreground.png |
| Size | 3.0KB |
| Processes | 3032 (vpn.tmp) |
| Type | PNG image data, 520 x 3, 8-bit/color RGBA, non-interlaced |
| MD5 | 3cfbcab19d1faf241a4a0af8a04f06c5 |
| SHA1 | 8573be23a70f1645caecff3ca0f41f2dd9f750e9 |
| SHA256 | f694cc21bace3afa188483c3d0d6f3b93c90cdc6a306d7bbd9a35dacc758333b |
| CRC32 | B1FE4A7B |
| ssdeep | 48:Y/6qbllck+itY5vm7I6Wzv9UAOb57C1cSMIg6lc3d+0UWHdVG/jJtFo3/d7wHQv:YSMllcHitlIxv9vk7C1+I4wWHLihk/xl |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 5b56d8b121fc9a7f_install.bat |
|---|---|
| Filepath | c:\program files (x86)\maskvpn\driver\win764\install.bat |
| Size | 91.0B |
| Processes | 3032 (vpn.tmp) |
| Type | ASCII text, with CRLF line terminators |
| MD5 | 3a05ce392d84463b43858e26c48f9cbf |
| SHA1 | 78f624e2c81c3d745a45477d61749b8452c129f1 |
| SHA256 | 5b56d8b121fc9a7f2d4e90edb1b29373cd2d06bac1c54ada8f6cb559b411180b |
| CRC32 | BD004040 |
| ssdeep | 3:EqLASFi6d0Ab0+8RAXyiVYrcLVLyBELMb1VUoa:f0Y0+lXHVYYLV3Gxa |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 2900d536923740fe_ApiTool.dll |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\is-UM7RA.tmp\ApiTool.dll |
| Size | 959.4KB |
| Processes | 3032 (vpn.tmp) |
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed |
| MD5 | b5e330f90e1bab5e5ee8ccb04e679687 |
| SHA1 | 3360a68276a528e4b651c9019b6159315c3acca8 |
| SHA256 | 2900d536923740fe530891f481e35e37262db5283a4b98047fe5335eacaf3441 |
| CRC32 | 384C4E71 |
| ssdeep | 24576:V3tkAn6E+TuSVqyXvmZexbpU3QCbJhrVLk47Vl3e6y+XV27:RP6HiSMyOQppUQCrV/7D33V27 |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 55029269b1433efa_install.bat |
|---|---|
| Filepath | c:\program files (x86)\maskvpn\driver\winxp32\install.bat |
| Size | 85.0B |
| Processes | 3032 (vpn.tmp) |
| Type | ASCII text, with CRLF line terminators |
| MD5 | 571bdd8b24c9bcf292c8fd99d2793baf |
| SHA1 | 83e2099e70ab7001adfc75e6d1899a31618cde58 |
| SHA256 | 55029269b1433efac5f0b0cfc6affc1568858818e1bc692ce315c4b8d7af8fec |
| CRC32 | 1002EA28 |
| ssdeep | 3:EqLASFi6d0Ab0+8RAXy2ZMLVLzMLXFpVUov:f0Y0+lXzyLV3MLlxv |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | a51e25acc489948b_devcon.exe |
|---|---|
| Filepath | c:\program files (x86)\maskvpn\driver\winxp64\devcon.exe |
| Size | 80.0KB |
| Processes | 3032 (vpn.tmp) |
| Type | PE32+ executable (console) x86-64, for MS Windows |
| MD5 | 3904d0698962e09da946046020cbcb17 |
| SHA1 | edae098e7e8452ca6c125cf6362dda3f4d78f0ae |
| SHA256 | a51e25acc489948b31b1384e1dc29518d19b421d6bc0ced90587128899275289 |
| CRC32 | 01DC48E1 |
| ssdeep | 1536:MP2K0pa0WfEYp9Y/XQhpgnbP212YCJpDhiF4O7W:MePOYe4bu1epDh8RW |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 1282b6ac8eff1cdf_background_wizardform_normal.png |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\is-UM7RA.tmp\background_wizardform_normal.png |
| Size | 1.9KB |
| Processes | 3032 (vpn.tmp) |
| Type | PNG image data, 560 x 400, 8-bit/color RGBA, non-interlaced |
| MD5 | f71d5b564de9dadbf2d1a61370273c1e |
| SHA1 | bc6611244d993aab97f0c66b77fecebdc0c3e77d |
| SHA256 | 1282b6ac8eff1cdfe3a24d9c945bad30e67086dd674d3456111477f06ef5719c |
| CRC32 | 27944DEF |
| ssdeep | 24:6OyiLmLmLmLmLmLmLmLmLmLmLmLmLmLmLmLmLmLmLmLmLmLmLmLmLmLmLmLmLmJz:1yGzlg1 |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 2c9a7cacb813df62_e0f5c59f9fa661f6f4c50b87fef3a15a |
|---|---|
| Filepath | C:\Users\test22\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A |
| Size | 252.0B |
| Processes | 2536 (Faster.exe) |
| Type | data |
| MD5 | c288a11c9c325328e0e86970475bf5c0 |
| SHA1 | b0694d2e817c395d38bf4c180feb77e926b9ae03 |
| SHA256 | 2c9a7cacb813df62af80a3e7b93ec07daeda2a21c72c3a5959cd58e6656e7f2d |
| CRC32 | 9605E324 |
| ssdeep | 3:kkFklGklfllXlE/vDkRkzHllPlzRkwWBARLNDU+ZMlKlBkvclcMlVHblB1yAbq8h:kKbV4CLliBAIdQZV7QAuDkl |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 800e396be60133b5_devcon.exe |
|---|---|
| Filepath | c:\program files (x86)\maskvpn\driver\winxp32\devcon.exe |
| Size | 76.0KB |
| Processes | 3032 (vpn.tmp) |
| Type | PE32 executable (console) Intel 80386, for MS Windows |
| MD5 | b40fe65431b18a52e6452279b88954af |
| SHA1 | c25de80f00014e129ff290bf84ddf25a23fdfc30 |
| SHA256 | 800e396be60133b5ab7881872a73936e24cbebd7a7953cee1479f077ffcf745e |
| CRC32 | CD071481 |
| ssdeep | 768:3zrhT5+KybRpnE8K74kca7NerB8iXpYmRRXvdi82BSOe9oKSJ2SLD0BEZWkA:3+KY04RMmSCYmBiF4O7WT |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 4bbf00f2d30951cc_image_wizardform_logo.png |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\is-UM7RA.tmp\image_wizardform_logo.png |
| Size | 28.1KB |
| Processes | 3032 (vpn.tmp) |
| Type | PNG image data, 330 x 96, 8-bit/color RGBA, non-interlaced |
| MD5 | 042c062ff9bb0e02519755c1c89d3f61 |
| SHA1 | 84855a3062714d1ed526674b2405c8ed2402f314 |
| SHA256 | 4bbf00f2d30951cca4be2ee904fd068cf4561b413984044ab7e88b2eac005192 |
| CRC32 | 2453D0D1 |
| ssdeep | 768:BOr30kCzHlocBrrhwZnFtzrik5S2lRmgFz/BjH:UrmGga0ks2lzLBjH |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 07c9dcc78f339d98_uninstall.bat |
|---|---|
| Filepath | c:\program files (x86)\maskvpn\driver\winxp64\uninstall.bat |
| Size | 25.0B |
| Processes | 3032 (vpn.tmp) |
| Type | ASCII text, with no line terminators |
| MD5 | c8e8d953e9bf3009790eed2a5af4db0d |
| SHA1 | a50de69ba9cf47109f98584f13808cbd1ed22a52 |
| SHA256 | 07c9dcc78f339d982a7c4974e4a85551c27f512845f5f55c126e64c001e9aefd |
| CRC32 | 569A7336 |
| ssdeep | 3:/eXt9QVVkUn:/LVVkU |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 8892d224ae879cc3_oemwin2k.inf |
|---|---|
| Filepath | c:\program files (x86)\maskvpn\driver\winxp32\oemwin2k.inf |
| Size | 7.1KB |
| Processes | 3032 (vpn.tmp) |
| Type | Windows setup INFormation, ASCII text, with CRLF line terminators |
| MD5 | 35589b966c65a52a1c95791bbcd80543 |
| SHA1 | d65994dd38de0e1971f8c99a048c46acc284e8bf |
| SHA256 | 8892d224ae879cc35ffe216691fc6ba3266d88b6239838f7d38b3a4ff4ad74b6 |
| CRC32 | A0EF364A |
| ssdeep | 192:nr8tW9yCTi394vlFKbjR+iAUC7bd9io3DcNSj6jvKFkinuEQTXvzLd4Z:aWlGcWo3DcNSj6jvKFkinuEQTXvzaZ |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 31d75aa807c4fe91_background_wizardform_large.png |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\is-UM7RA.tmp\background_wizardform_large.png |
| Size | 2.0KB |
| Processes | 3032 (vpn.tmp) |
| Type | PNG image data, 560 x 440, 8-bit/color RGBA, non-interlaced |
| MD5 | 19b010ecc1f4d3b811f47593103c3c08 |
| SHA1 | 6f312c3addecce1541f13a5a78a7341cc49f057d |
| SHA256 | 31d75aa807c4fe917d2ba440cf3b97bc0ac2b92ed39f701dc14101d96a31d02f |
| CRC32 | 386B8BE9 |
| ssdeep | 48:nIJwllllllllllllllllllllllllllllsB+llllllllllKlllllllllllR:IBH |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | ab49b745a5230767_progressbar_background.png |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\is-UM7RA.tmp\progressbar_background.png |
| Size | 2.7KB |
| Processes | 3032 (vpn.tmp) |
| Type | PNG image data, 520 x 3, 8-bit/color RGB, non-interlaced |
| MD5 | 0dd63836a6538dbb5c9e902acce7c38b |
| SHA1 | ad7ca4536e959e1d0ce84c339e34de61be987882 |
| SHA256 | ab49b745a52307675fe8cfbaf6451866e0f27eacccbb3013399f1e3294115ccd |
| CRC32 | DB6ECA41 |
| ssdeep | 48:bbllck+itY5vm7I6Wzv9UAOb57C1cSMIg6lc3d+0UWHdVG/jJtFo3/d7T+:/llcHitlIxv9vk7C1+I4wWHLihk/x6 |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 8027ca1658df07d0_polstore.dll |
|---|---|
| Filepath | c:\program files (x86)\maskvpn\polstore.dll |
| Size | 101.0KB |
| Processes | 3032 (vpn.tmp) |
| Type | PE32 executable (DLL) (console) Intel 80386, for MS Windows |
| MD5 | 4e50a8a52dc5aac3c9d3e70d792e9e0c |
| SHA1 | eec22b1e8f114ac69a18f2b3c7c87fe6b97db1cb |
| SHA256 | 8027ca1658df07d0a4e64fe45897293ee357bdfbafdbf55b055c745d7da5fbe0 |
| CRC32 | 7EEC3697 |
| ssdeep | 3072:JC2PhydMnNf1WHY+XLuTcfdcMCL6Cl5Yn/WPoRd6icZQB7o6lMqZFhDD3:JC2PhydMnNf1WH1XLuAfdclvl5m/Td6Y |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 3d6e3266eb203e2a_dberr.txt |
|---|---|
| Filepath | C:\Windows\System32\catroot2\dberr.txt |
| Size | 40.2KB |
| Processes | 556 (tapinstall.exe) |
| Type | ISO-8859 text, with CRLF line terminators |
| MD5 | 493704d644cdd074b944df7594e734a5 |
| SHA1 | 0492d2d2c69fe9cd5ed351a0e114b530bb74dc4e |
| SHA256 | 3d6e3266eb203e2a0079871765f62042a006082604cece98ee5c2af40959affb |
| CRC32 | A3C54194 |
| ssdeep | 768:QNxOFGSuSGcucI1ywzwNwz6+62n+n23+30cDL3fpRJBpR91Guay2oToFPTPIC+4g:1GSuSGcucI1ywzwNwz6+62n+n23+30ch |
| Yara |
|
| VirusTotal | Search for analysis |