Analysis Overview
Threat Level: Known bad
The file https://www.expressvpn.com/clients/latest/windows was found to be: Known bad.
Malicious Activity Summary
RevengeRAT
RevengeRat Executable
Downloads MZ/PE file
Blocklisted process makes network request
Loads dropped DLL
Executes dropped EXE
Registers COM server for autorun
Enumerates connected drives
Adds Run key to start application
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Modifies registry class
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Modifies system certificate store
Modifies data under HKEY_USERS
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-08-17 20:46
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-08-17 20:46
Reported
2023-08-17 21:00
Platform
win10v2004-20230703-en
Max time kernel
810s
Max time network
806s
Command Line
Signatures
RevengeRAT
RevengeRat Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Downloads MZ/PE file
Executes dropped EXE
Loads dropped DLL
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\WOW6432Node\CLSID\{c1a51ea5-665e-cac3-4426-32d306a827af}\LocalServer32 | C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\WOW6432Node\CLSID\{c1a51ea5-665e-cac3-4426-32d306a827af}\LocalServer32\ = "\"C:\\Program Files (x86)\\ExpressVPN\\expressvpn-ui\\ExpressVPNNotificationService.exe\" -ToastActivated" | C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{1b5f1335-d71c-41d7-b62a-26db1d5378b7} = "\"C:\\ProgramData\\Package Cache\\{1b5f1335-d71c-41d7-b62a-26db1d5378b7}\\ExpressVPN_12.55.0.27.exe\" /burn.runonce" | C:\Windows\Temp\{1E9E2474-6687-44DF-A143-66AB8F106EC4}\.be\ExpressVPN_12.55.0.27.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{d4cecf3b-b68f-4995-8840-52ea0fab646e} = "\"C:\\ProgramData\\Package Cache\\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\\VC_redist.x64.exe\" /burn.runonce" | C:\Windows\Temp\{2B46A6B7-4B45-4F53-A504-12242AC9A8C6}\.be\VC_redist.x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ExpressVPNNotificationService = "\"C:\\Program Files (x86)\\ExpressVPN\\expressvpn-ui\\ExpressVPNNotificationServiceStarter.exe\"" | C:\Windows\system32\msiexec.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\mfc140u.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140fra.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140kor.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140rus.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\msvcp140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\msvcp140_codecvt_ids.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\vcruntime140_1.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140jpn.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140ita.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140u.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfcm140u.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\vcruntime140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\vcamp140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140esn.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\vcomp140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfcm140u.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140deu.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140cht.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\vcomp140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\msvcp140_2.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\msvcp140_atomic_wait.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfcm140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\msvcp140_2.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\msvcp140_1.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\vccorlib140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140chs.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\concrt140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\msvcp140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140chs.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140enu.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140jpn.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140kor.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140rus.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\msvcp140_atomic_wait.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\msvcp140_codecvt_ids.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\concrt140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfcm140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140ita.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140enu.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140esn.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140fra.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\msvcp140_1.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\vcruntime140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140cht.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140deu.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\vcruntime140_1.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\vccorlib140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\vcamp140.dll | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.5\zh-Hans\ReachFramework.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.5\pt-BR\System.Windows.Forms.Primitives.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\ExpressVPN\expressvpn-ui\HtmlAgilityPack.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\ExpressVPN\services\Polly.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.5\System.Formats.Asn1.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.5\System.Core.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.5\es\UIAutomationProvider.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.5\ru\WindowsBase.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.5\UIAutomationClientSideProviders.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.5\ko\System.Windows.Input.Manipulations.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.5\pl\PresentationCore.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\ExpressVPN\expressvpn-ui\Microsoft.Extensions.Logging.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.5\System.Xml.XmlDocument.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.5\api-ms-win-core-synch-l1-2-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.5\pl\PresentationFramework.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\ExpressVPN\expressvpn-ui\Assets\en-US\70x70Logo.scale-100.png | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.BrowserHelper.runtimeconfig.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.Client.Installer.dll.config | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.Client.Installer.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.5\System.Net.Quic.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.5\api-ms-win-crt-conio-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.5\api-ms-win-crt-convert-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.5\System.Private.Uri.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.5\ko\UIAutomationProvider.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.5\tr\PresentationCore.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.5\pt-BR\WindowsBase.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\ExpressVPN\expressvpn-ui\Assets\en-US\70x70Logo.scale-200.png | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 6.0.5 (x64).swidtag | C:\Windows\Temp\{36981485-B1B9-461F-9EB5-9C9462F2361D}\.be\windowsdesktop-runtime-6.0.5-win-x64.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.5\api-ms-win-crt-heap-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\ExpressVPN\services\Serilog.Formatting.Compact.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\ExpressVPN\expressvpn-ui\System.Text.Json.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.NetworkUtils.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\ExpressVPN\services\Microsoft.Extensions.Hosting.Abstractions.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.5\api-ms-win-core-errorhandling-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.5\cs\System.Windows.Forms.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.5\api-ms-win-core-libraryloader-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.5\ko\ReachFramework.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.AppService.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\ExpressVPN\services\System.Diagnostics.EventLog.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.5\System.Collections.Immutable.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.5\api-ms-win-core-string-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.5\cs\WindowsFormsIntegration.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.5\fr\System.Windows.Forms.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.SystemService.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.5\zh-Hant\System.Windows.Forms.Primitives.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.5\System.Windows.Extensions.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.5\api-ms-win-core-fibers-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.5\api-ms-win-core-rtlsupport-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.5\api-ms-win-crt-stdio-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.5\tr\System.Windows.Controls.Ribbon.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.5\zh-Hans\PresentationFramework.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.VpnService.runtimeconfig.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.5\api-ms-win-core-file-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.5\System.Web.HttpUtility.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\ExpressVPN\expressvpn-ui\Microsoft.Extensions.Configuration.EnvironmentVariables.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.5\zh-Hans\System.Xaml.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.VpnService.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.5\System.Reflection.DispatchProxy.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\host\fxr\6.0.5\hostfxr.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.5\zh-Hant\System.Windows.Forms.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.5\zh-Hans\System.Windows.Controls.Ribbon.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\ExpressVPN\expressvpn-ui\Grpc.Core.Api.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.5\mscorlib.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.5\System.IO.Compression.Native.dll | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\MSIA9C3.tmp-\Microsoft.Extensions.Primitives.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSID2AB.tmp-\System.Reactive.Interfaces.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF84A.tmp-\Microsoft.Extensions.Logging.Abstractions.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF84A.tmp-\MissingLinq.Linq2Management.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIFFDD.tmp-\Grpc.Core.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIC0A8.tmp-\System.Management.Automation.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE4B0.tmp-\ExpressVpn.Common.Logging.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE8C8.tmp-\Microsoft.IdentityModel.JsonWebTokens.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF84A.tmp-\Grpc.Core.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF84A.tmp-\Microsoft.Extensions.Configuration.UserSecrets.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF84A.tmp-\Microsoft.Extensions.FileProviders.Abstractions.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF84A.tmp-\Microsoft.Extensions.Hosting.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF84A.tmp-\Microsoft.Extensions.Primitives.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIFFDD.tmp-\Microsoft.Extensions.Configuration.FileExtensions.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File created | C:\Windows\Installer\e59eef3.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI8781.tmp-\Microsoft.Extensions.Primitives.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9CA2.tmp-\MissingLinq.Linq2Management.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF4DE.tmp-\Microsoft.Extensions.DependencyInjection.Abstractions.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI47C0.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSID2AB.tmp-\Microsoft.Extensions.Logging.Configuration.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE8C8.tmp-\MissingLinq.Linq2Management.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA9C3.tmp-\Microsoft.Extensions.Configuration.Json.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA9C3.tmp-\Microsoft.Extensions.Hosting.Abstractions.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA9C3.tmp-\Newtonsoft.Json.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE8C8.tmp-\LaunchDarkly.JsonStream.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA9C3.tmp-\Microsoft.Extensions.FileSystemGlobbing.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIC0A8.tmp-\Grpc.Core.Api.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIDCC0.tmp-\Microsoft.Extensions.Configuration.FileExtensions.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9CA2.tmp-\LaunchDarkly.JsonStream.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA9C3.tmp-\System.Buffers.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSICBE4.tmp-\ManagedWifi.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSICBE4.tmp-\System.ValueTuple.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIDCC0.tmp-\ExpressVpn.Utils.Wmi.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE4B0.tmp-\LaunchDarkly.CommonSdk.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF4DE.tmp-\LaunchDarkly.Logging.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF84A.tmp-\Microsoft.IdentityModel.Logging.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF84A.tmp-\WixSharp.UI.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5409.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9CA2.tmp-\log4net.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9CA2.tmp-\Microsoft.Extensions.Primitives.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF84A.tmp-\Microsoft.Extensions.Logging.EventLog.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA9C3.tmp-\Google.Protobuf.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSICBE4.tmp-\Microsoft.Extensions.Hosting.Abstractions.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSID2AB.tmp-\Microsoft.Extensions.Configuration.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIDCC0.tmp-\Microsoft.Extensions.Configuration.UserSecrets.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF84A.tmp-\LaunchDarkly.Logging.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File created | C:\Windows\Installer\e59eee3.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIC0A8.tmp-\CustomAction.config | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSID2AB.tmp-\DeviceId.Windows.Wmi.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE4B0.tmp-\System.Numerics.Vectors.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE8C8.tmp-\log4net.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF4DE.tmp-\Microsoft.Extensions.Logging.Console.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF4DE.tmp-\System.ValueTuple.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF84A.tmp-\System.Collections.Immutable.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIFFDD.tmp-\Microsoft.Extensions.Logging.Console.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIC0A8.tmp-\Microsoft.Extensions.Configuration.FileExtensions.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA9C3.tmp-\log4net.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE8C8.tmp-\Microsoft.Extensions.DependencyInjection.Abstractions.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF84A.tmp-\LaunchDarkly.ClientSdk.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF84A.tmp-\Microsoft.Extensions.Options.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9CA2.tmp-\LaunchDarkly.EventSource.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSICBE4.tmp-\Microsoft.Extensions.Configuration.UserSecrets.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9CA2.tmp-\ExpressVpn.Client.Setup.CustomActions.pdb | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE8C8.tmp-\Microsoft.Extensions.Options.ConfigurationExtensions.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
Enumerates physical storage devices
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133367788011191505" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\21 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections | C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.SystemService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@%SystemRoot%\system32\dnsapi.dll,-103 = "Domain Name System (DNS) Server Trust" | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,-124 = "Document Encryption" | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections | C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.VpnService.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\20 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\24 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\24 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\21 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\25 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections | C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.AppService.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1E\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1F | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\20 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\23 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1f | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\23 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\22 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ | C:\Windows\SysWOW64\rundll32.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.34,bundle\Dependents | C:\Windows\Temp\{2B46A6B7-4B45-4F53-A504-12242AC9A8C6}\.be\VC_redist.x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\{0f711ee3-eb88-456d-acb4-c2ee31add211} | C:\Windows\Temp\{36981485-B1B9-461F-9EB5-9C9462F2361D}\.be\windowsdesktop-runtime-6.0.5-win-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\10EA62E1536592372BC00B2945329E52\23B875EDA4807E94E855F6853A57870C | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\windowsdesktop_runtime_48.23.40699_x64\Dependents\{0f711ee3-eb88-456d-acb4-c2ee31add211} | C:\Windows\Temp\{36981485-B1B9-461F-9EB5-9C9462F2361D}\.be\windowsdesktop-runtime-6.0.5-win-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\{1b5f1335-d71c-41d7-b62a-26db1d5378b7} | C:\Windows\Temp\{1E9E2474-6687-44DF-A143-66AB8F106EC4}\.be\ExpressVPN_12.55.0.27.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1B242EAE62A0A584FBBE2029EEF930BC\SourceList\PackageName = "vc_runtimeAdditional_x64.msi" | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\INSTALLER\DEPENDENCIES\MICROSOFT.VS.VC_RUNTIMEADDITIONALVSU_AMD64,V14\DEPENDENTS\{57A73DF6-4BA9-4C1D-BBBB-517289FF6C13} | C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5E3C9B5EC98822F49A954F8B99D387C4\ProductIcon = "C:\\Windows\\Installer\\{E5B9C3E5-889C-4F22-A959-F4B8993D784C}\\app_icon.ico" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\5E3C9B5EC98822F49A954F8B6DDC8703\5E3C9B5EC98822F49A954F8B99D387C4 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14\ = "{CF4C347D-954E-4543-88D2-EC17F07F466F}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D743C4FCE4593454882DCE710FF764F6\Version = "237141179" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D771A980EA8959141A513D4C65318B57\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{089A177D-98AE-4195-A115-D3C45613B875}v48.23.40665\\" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\14DCC6E369B6DB74E8E17D5B39EC9E67\Version = "806854361" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B16A3B3F61CDA9242A06BDFA6E76149A\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.34,bundle | C:\Windows\Temp\{2B46A6B7-4B45-4F53-A504-12242AC9A8C6}\.be\VC_redist.x64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\INSTALLER\DEPENDENCIES\VC,REDIST.X64,AMD64,14.30,BUNDLE\DEPENDENTS\{57A73DF6-4BA9-4C1D-BBBB-517289FF6C13} | C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\expressvpn\shell\open\command | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{1b5f1335-d71c-41d7-b62a-26db1d5378b7}\ = "{1b5f1335-d71c-41d7-b62a-26db1d5378b7}" | C:\Windows\Temp\{1E9E2474-6687-44DF-A143-66AB8F106EC4}\.be\ExpressVPN_12.55.0.27.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1B242EAE62A0A584FBBE2029EEF930BC\Clients = 3a0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B16A3B3F61CDA9242A06BDFA6E76149A\ProductName = "Microsoft .NET Host - 6.0.5 (x64)" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\expressvpn\ = "URL:ExpressVPN Protocol" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\AppUserModelId\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}/ExpressVPN/expressvpn-ui/ExpressVPNNotificationService.exe\CustomActivator = "{c1a51ea5-665e-cac3-4426-32d306a827af}" | C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8800A266DCF6DD54E97A86760485EA5D\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\D743C4FCE4593454882DCE710FF764F6\VC_Runtime_Minimum | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{0f711ee3-eb88-456d-acb4-c2ee31add211}\Dependents\{0f711ee3-eb88-456d-acb4-c2ee31add211} | C:\Windows\Temp\{36981485-B1B9-461F-9EB5-9C9462F2361D}\.be\windowsdesktop-runtime-6.0.5-win-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\14DCC6E369B6DB74E8E17D5B39EC9E67\Provider | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\23B875EDA4807E94E855F6853A57870C\SourceList\Media\1 = ";" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\1B242EAE62A0A584FBBE2029EEF930BC\Servicing_Key | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1B242EAE62A0A584FBBE2029EEF930BC\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\14DCC6E369B6DB74E8E17D5B39EC9E67\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{3E6CCD41-6B96-47BD-8E1E-D7B593CEE976}v48.23.40665\\" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B16A3B3F61CDA9242A06BDFA6E76149A\AuthorizedLUAApp = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\23B875EDA4807E94E855F6853A57870C\Version = "806854395" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.34,bundle\Dependents\{d4cecf3b-b68f-4995-8840-52ea0fab646e} | C:\Windows\Temp\{2B46A6B7-4B45-4F53-A504-12242AC9A8C6}\.be\VC_redist.x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14\DisplayName = "Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.34.31931" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D743C4FCE4593454882DCE710FF764F6\AdvertiseFlags = "388" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\14DCC6E369B6DB74E8E17D5B39EC9E67\AdvertiseFlags = "388" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\14DCC6E369B6DB74E8E17D5B39EC9E67\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14\Version = "14.34.31931" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1B242EAE62A0A584FBBE2029EEF930BC\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\094F9C7997352096B7082D27C35AD959\B16A3B3F61CDA9242A06BDFA6E76149A | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\windowsdesktop_runtime_48.23.40699_x64\DisplayName = "Microsoft Windows Desktop Runtime - 6.0.5 (x64)" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5E3C9B5EC98822F49A954F8B99D387C4\InstanceType = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\1B242EAE62A0A584FBBE2029EEF930BC | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\14DCC6E369B6DB74E8E17D5B39EC9E67\SourceList\Media\1 = ";" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B16A3B3F61CDA9242A06BDFA6E76149A\InstanceType = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\14DCC6E369B6DB74E8E17D5B39EC9E67\Clients = 3a0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\23B875EDA4807E94E855F6853A57870C\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\XDeviceID\{d644612c-0716-4e6f-b1df-cec7d37c698c} | C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.Installer.Exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D743C4FCE4593454882DCE710FF764F6\Assignment = "1" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1B242EAE62A0A584FBBE2029EEF930BC\Version = "237141179" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\dotnet_runtime_48.23.40665_x64 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D771A980EA8959141A513D4C65318B57\PackageCode = "3C57FB7C5C8A52B40956C723EAB175C1" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\14DCC6E369B6DB74E8E17D5B39EC9E67 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5E3C9B5EC98822F49A954F8B99D387C4\AuthorizedLUAApp = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v14\Dependents\{d4cecf3b-b68f-4995-8840-52ea0fab646e} | C:\Windows\Temp\{2B46A6B7-4B45-4F53-A504-12242AC9A8C6}\.be\VC_redist.x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{c1a51ea5-665e-cac3-4426-32d306a827af}\RunAs = "Interactive User" | C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D743C4FCE4593454882DCE710FF764F6\AuthorizedLUAApp = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{E5B9C3E5-889C-4F22-A959-F4B8993D784C}\Dependents | C:\Windows\Temp\{1E9E2474-6687-44DF-A143-66AB8F106EC4}\.be\ExpressVPN_12.55.0.27.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{1b5f1335-d71c-41d7-b62a-26db1d5378b7}\Version = "12.55.0.27" | C:\Windows\Temp\{1E9E2474-6687-44DF-A143-66AB8F106EC4}\.be\ExpressVPN_12.55.0.27.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D743C4FCE4593454882DCE710FF764F6\InstanceType = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_HostFxr_48.23.40665_x64\Dependents | C:\Windows\Temp\{36981485-B1B9-461F-9EB5-9C9462F2361D}\.be\windowsdesktop-runtime-6.0.5-win-x64.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\23B875EDA4807E94E855F6853A57870C\Clients = 3a0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\AppUserModelId\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}/ExpressVPN/expressvpn-ui/ExpressVPNNotificationService.exe\IconBackgroundColor = "FFDDDDDD" | C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 | C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c0000000100000004000000000800001900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.expressvpn.com/clients/latest/windows
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f3d59758,0x7ff8f3d59768,0x7ff8f3d59778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 --field-trial-handle=1772,i,13472414582880991961,4109424661459038813,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2004 --field-trial-handle=1772,i,13472414582880991961,4109424661459038813,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2208 --field-trial-handle=1772,i,13472414582880991961,4109424661459038813,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2996 --field-trial-handle=1772,i,13472414582880991961,4109424661459038813,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3152 --field-trial-handle=1772,i,13472414582880991961,4109424661459038813,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3864 --field-trial-handle=1772,i,13472414582880991961,4109424661459038813,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5488 --field-trial-handle=1772,i,13472414582880991961,4109424661459038813,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5516 --field-trial-handle=1772,i,13472414582880991961,4109424661459038813,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 --field-trial-handle=1772,i,13472414582880991961,4109424661459038813,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4476 --field-trial-handle=1772,i,13472414582880991961,4109424661459038813,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6004 --field-trial-handle=1772,i,13472414582880991961,4109424661459038813,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6028 --field-trial-handle=1772,i,13472414582880991961,4109424661459038813,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 --field-trial-handle=1772,i,13472414582880991961,4109424661459038813,131072 /prefetch:8
C:\Users\Admin\Downloads\expressvpn_windows_12.55.0.27_release.exe
"C:\Users\Admin\Downloads\expressvpn_windows_12.55.0.27_release.exe"
C:\Windows\Temp\{90907AF7-96F0-48A8-8738-4636B7DA0D94}\.cr\expressvpn_windows_12.55.0.27_release.exe
"C:\Windows\Temp\{90907AF7-96F0-48A8-8738-4636B7DA0D94}\.cr\expressvpn_windows_12.55.0.27_release.exe" -burn.clean.room="C:\Users\Admin\Downloads\expressvpn_windows_12.55.0.27_release.exe" -burn.filehandle.attached=568 -burn.filehandle.self=576
C:\Windows\Temp\{1E9E2474-6687-44DF-A143-66AB8F106EC4}\.be\ExpressVPN_12.55.0.27.exe
"C:\Windows\Temp\{1E9E2474-6687-44DF-A143-66AB8F106EC4}\.be\ExpressVPN_12.55.0.27.exe" -q -burn.elevated BurnPipe.{49570176-4D22-432A-8D2B-0BFAC89CBDD7} {74782F81-BF4C-4CEE-BB42-7B28B0C6D19A} 4436
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=988 --field-trial-handle=1772,i,13472414582880991961,4109424661459038813,131072 /prefetch:2
C:\ProgramData\Package Cache\A176F140E942920B777F80DE89E16EA57EE32BE8\VC_redist.x64.exe
"C:\ProgramData\Package Cache\A176F140E942920B777F80DE89E16EA57EE32BE8\VC_redist.x64.exe" /install /quiet /norestart
C:\Windows\Temp\{01AB023E-EA9E-4443-A077-A920FB72CAAA}\.cr\VC_redist.x64.exe
"C:\Windows\Temp\{01AB023E-EA9E-4443-A077-A920FB72CAAA}\.cr\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\A176F140E942920B777F80DE89E16EA57EE32BE8\VC_redist.x64.exe" -burn.filehandle.attached=720 -burn.filehandle.self=560 /install /quiet /norestart
C:\Windows\Temp\{2B46A6B7-4B45-4F53-A504-12242AC9A8C6}\.be\VC_redist.x64.exe
"C:\Windows\Temp\{2B46A6B7-4B45-4F53-A504-12242AC9A8C6}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{B5EBB02E-B37A-40A2-8381-5118378C7431} {3E3DB672-9E2B-48B2-803B-DB1652A5781B} 1100
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={d4cecf3b-b68f-4995-8840-52ea0fab646e} -burn.filehandle.self=1072 -burn.embedded BurnPipe.{32D987DA-7954-4B7A-9B87-1283A0B0C8F0} {E3D29F4A-32C2-4291-910B-E40495B15A45} 216
C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.filehandle.attached=488 -burn.filehandle.self=564 -uninstall -quiet -burn.related.upgrade -burn.ancestors={d4cecf3b-b68f-4995-8840-52ea0fab646e} -burn.filehandle.self=1072 -burn.embedded BurnPipe.{32D987DA-7954-4B7A-9B87-1283A0B0C8F0} {E3D29F4A-32C2-4291-910B-E40495B15A45} 216
C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{25ABA227-945E-4218-85FA-7C3A350D584B} {40D400FC-5686-4F47-8B68-EFBD18C51864} 4724
C:\ProgramData\Package Cache\B5B1819CCA753B070181F50411375B80412860A3\windowsdesktop-runtime-6.0.5-win-x64.exe
"C:\ProgramData\Package Cache\B5B1819CCA753B070181F50411375B80412860A3\windowsdesktop-runtime-6.0.5-win-x64.exe" /install /quiet /norestart -burn.filehandle.self=1660 -burn.embedded BurnPipe.{A9F003A4-199F-473D-AF63-FA549F2C5F71} {68FCF115-DBF0-4BC8-B758-9ECB8CB9696B} 1548
C:\Windows\Temp\{CF9FF220-1487-4972-9DDE-A7686E67B971}\.cr\windowsdesktop-runtime-6.0.5-win-x64.exe
"C:\Windows\Temp\{CF9FF220-1487-4972-9DDE-A7686E67B971}\.cr\windowsdesktop-runtime-6.0.5-win-x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\B5B1819CCA753B070181F50411375B80412860A3\windowsdesktop-runtime-6.0.5-win-x64.exe" -burn.filehandle.attached=568 -burn.filehandle.self=676 /install /quiet /norestart -burn.filehandle.self=1660 -burn.embedded BurnPipe.{A9F003A4-199F-473D-AF63-FA549F2C5F71} {68FCF115-DBF0-4BC8-B758-9ECB8CB9696B} 1548
C:\Windows\Temp\{36981485-B1B9-461F-9EB5-9C9462F2361D}\.be\windowsdesktop-runtime-6.0.5-win-x64.exe
"C:\Windows\Temp\{36981485-B1B9-461F-9EB5-9C9462F2361D}\.be\windowsdesktop-runtime-6.0.5-win-x64.exe" -q -burn.elevated BurnPipe.{FB5F31C5-13CE-4E4D-ABD9-3128C344C452} {D3B180D4-0CB3-4798-9868-766EB010B781} 2056
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 3DBCC8C5C68112DB4C0AE0EF917307B8
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 6904288F2478AF809E5A8F8653F5F723
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding F18C62E7909EB4DEE9ECF4DDCB0B7FD6
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 827A87254247BEE8B1B1165A6F2E3829
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 7711E5AE571DEFE9F3C0FA5ED3A16DED
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Windows\Installer\MSI8781.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240814109 26 ExpressVpn.Client.Setup.CustomActions!ExpressVpn.Client.Setup.CustomActions.Actions.CloseMainApp
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Windows\Installer\MSI9CA2.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240819359 38 ExpressVpn.Client.Setup.CustomActions!ExpressVpn.Client.Setup.CustomActions.Actions.SaveDogfoodWasInstalled
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 80F3D2076ECA4576E03F26C6005249BC E Global\MSI0000
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Windows\Installer\MSIA9C3.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240823125 42 ExpressVpn.Client.Setup.CustomActions!ExpressVpn.Client.Setup.CustomActions.Actions.RemoveData
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Windows\Installer\MSIC0A8.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240828593 49 ExpressVpn.Client.Setup.CustomActions!ExpressVpn.Client.Setup.CustomActions.Actions.SetBrowserHelperPath
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Windows\Installer\MSICBE4.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240831609 53 ExpressVpn.Client.Setup.CustomActions!ExpressVpn.Client.Setup.CustomActions.Actions.CreateAccessTokens
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Windows\Installer\MSID2AB.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240833218 57 ExpressVpn.Client.Setup.CustomActions!ExpressVpn.Client.Setup.CustomActions.Actions.CreateDefaultPortConfiguration
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Windows\Installer\MSID76F.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240834406 61 ExpressVpn.Client.Setup.CustomActions!ExpressVpn.Client.Setup.CustomActions.Actions.CreateServiceCredentials
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Windows\Installer\MSIDCC0.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240835765 65 ExpressVpn.Client.Setup.CustomActions!ExpressVpn.Client.Setup.CustomActions.Actions.InitializeProteusId
C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.Installer.Exe
"C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.Installer.Exe"
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Windows\Installer\MSIE4B0.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240837812 69 ExpressVpn.Client.Setup.CustomActions!ExpressVpn.Client.Setup.CustomActions.Actions.SetServicesFailureActions
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Windows\Installer\MSIE8C8.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240838859 73 ExpressVpn.Client.Setup.CustomActions!ExpressVpn.Client.Setup.CustomActions.Actions.AddErrorReportingKeys
C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.SystemService.exe
"C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.SystemService.exe"
C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.VpnService.exe
"C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.VpnService.exe"
C:\Program Files (x86)\ExpressVPN\services\lightway.exe
"C:\Program Files (x86)\ExpressVPN\services\lightway.exe" --version
C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.AppService.exe
"C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.AppService.exe"
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Windows\Installer\MSIF4DE.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240841953 77 ExpressVpn.Client.Setup.CustomActions!ExpressVpn.Client.Setup.CustomActions.Actions.RemoveLegacyRegistryData
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Windows\Installer\MSIF84A.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240842828 81 ExpressVpn.Client.Setup.CustomActions!ExpressVpn.Client.Setup.CustomActions.Actions.RemoveUserFolderData
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Windows\Installer\MSIFFDD.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240844765 91 ExpressVpn.Client.Setup.CustomActions!ExpressVpn.Client.Setup.CustomActions.Actions.DeleteBinaries
C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe
"C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe" install
C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe
"C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe"
C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe
"C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe" uihaslaunched
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.ujsrxts.com/order?utm_source=windows_app&utm_medium=apps&utm_campaign=app_buy_subscription&utm_content=not_activated_buy_a_subscription
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8de1146f8,0x7ff8de114708,0x7ff8de114718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,5056166272283147975,850399216042904812,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,5056166272283147975,850399216042904812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,5056166272283147975,850399216042904812,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,5056166272283147975,850399216042904812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,5056166272283147975,850399216042904812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,5056166272283147975,850399216042904812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.expressvpn.com | udp |
| NL | 108.156.60.109:443 | www.expressvpn.com | tcp |
| US | 8.8.8.8:53 | 109.60.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.expressvpn.works | udp |
| NL | 13.227.219.119:443 | www.expressvpn.works | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 189.211.227.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.219.227.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.49.247.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.13.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.129.54.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.121.231.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download.visualstudio.microsoft.com | udp |
| US | 93.184.215.201:443 | download.visualstudio.microsoft.com | tcp |
| US | 8.8.8.8:53 | 201.215.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.16.208.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.15.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.14.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | o137163.ingest.sentry.io | udp |
| US | 34.120.195.249:443 | o137163.ingest.sentry.io | tcp |
| US | 34.120.195.249:443 | o137163.ingest.sentry.io | tcp |
| US | 8.8.8.8:53 | www.msftncsi.com | udp |
| NL | 92.122.101.11:80 | www.msftncsi.com | tcp |
| US | 8.8.8.8:53 | 249.195.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.101.122.92.in-addr.arpa | udp |
| US | 34.120.195.249:443 | o137163.ingest.sentry.io | tcp |
| US | 8.8.8.8:53 | clientstream.launchdarkly.com | udp |
| US | 13.248.151.210:443 | clientstream.launchdarkly.com | tcp |
| US | 8.8.8.8:53 | 210.151.248.13.in-addr.arpa | udp |
| NL | 92.122.101.11:80 | www.msftncsi.com | tcp |
| US | 8.8.8.8:53 | mobile.launchdarkly.com | udp |
| US | 34.195.138.232:443 | mobile.launchdarkly.com | tcp |
| N/A | 127.0.0.1:2021 | tcp | |
| N/A | 127.0.0.1:2022 | tcp | |
| NL | 92.122.101.11:80 | www.msftncsi.com | tcp |
| N/A | 127.0.0.1:2020 | tcp | |
| US | 34.195.138.232:443 | mobile.launchdarkly.com | tcp |
| US | 8.8.8.8:53 | 232.138.195.34.in-addr.arpa | udp |
| N/A | 127.0.0.1:2020 | tcp | |
| US | 8.8.8.8:53 | www.msftncsi.com | udp |
| NL | 92.122.101.25:80 | www.msftncsi.com | tcp |
| US | 8.8.8.8:53 | 25.101.122.92.in-addr.arpa | udp |
| NL | 92.122.101.25:80 | www.msftncsi.com | tcp |
| US | 8.8.8.8:53 | www.ujsrxts.com | udp |
| NL | 108.156.60.37:443 | www.ujsrxts.com | tcp |
| US | 8.8.8.8:53 | 37.60.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.expressvpn.com | udp |
| NL | 108.156.60.8:443 | www.expressvpn.com | tcp |
| US | 8.8.8.8:53 | xvp.imgix.net | udp |
| NL | 199.232.150.208:443 | xvp.imgix.net | tcp |
| NL | 199.232.150.208:443 | xvp.imgix.net | tcp |
| NL | 199.232.150.208:443 | xvp.imgix.net | tcp |
| NL | 199.232.150.208:443 | xvp.imgix.net | tcp |
| NL | 199.232.150.208:443 | xvp.imgix.net | tcp |
| NL | 199.232.150.208:443 | xvp.imgix.net | tcp |
| NL | 199.232.150.208:443 | xvp.imgix.net | tcp |
| NL | 199.232.150.208:443 | xvp.imgix.net | tcp |
| NL | 199.232.150.208:443 | xvp.imgix.net | tcp |
| US | 8.8.8.8:53 | storage.googleapis.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| NL | 157.240.201.15:443 | connect.facebook.net | tcp |
| NL | 142.250.179.176:443 | storage.googleapis.com | tcp |
| US | 8.8.8.8:53 | 8.60.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.150.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.201.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | js.chargebee.com | udp |
| US | 8.8.8.8:53 | js.braintreegateway.com | udp |
| NL | 52.222.139.127:443 | js.chargebee.com | tcp |
| US | 151.101.2.133:443 | js.braintreegateway.com | tcp |
| US | 151.101.2.133:443 | js.braintreegateway.com | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| NL | 142.250.102.155:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | cdn3.forter.com | udp |
| US | 8.8.8.8:53 | 6f72b696c74a40d2a055546e9c5798b5-5e03eac5ed10.cdn.forter.com | udp |
| US | 8.8.8.8:53 | cdn9.forter.com | udp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 54.80.130.168:443 | cdn3.forter.com | tcp |
| US | 204.79.197.200:443 | bat.bing.com | tcp |
| DE | 143.204.98.64:443 | cdn9.forter.com | tcp |
| US | 54.158.164.13:443 | 6f72b696c74a40d2a055546e9c5798b5-5e03eac5ed10.cdn.forter.com | tcp |
| US | 8.8.8.8:53 | 127.139.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.98.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.130.80.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.164.158.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.msftncsi.com | udp |
| NL | 92.122.101.25:80 | www.msftncsi.com | tcp |
| NL | 92.122.101.25:80 | www.msftncsi.com | tcp |
| US | 8.8.8.8:53 | www.msftncsi.com | udp |
| NL | 92.122.101.11:80 | www.msftncsi.com | tcp |
| NL | 92.122.101.11:80 | www.msftncsi.com | tcp |
| US | 8.8.8.8:53 | www.msftncsi.com | udp |
| NL | 92.122.101.11:80 | www.msftncsi.com | tcp |
| NL | 92.122.101.11:80 | www.msftncsi.com | tcp |
| US | 8.8.8.8:53 | www.msftncsi.com | udp |
| NL | 92.122.101.11:80 | www.msftncsi.com | tcp |
| NL | 92.122.101.11:80 | www.msftncsi.com | tcp |
| US | 8.8.8.8:53 | www.msftncsi.com | udp |
| NL | 92.122.101.11:80 | www.msftncsi.com | tcp |
| NL | 92.122.101.11:80 | www.msftncsi.com | tcp |
| US | 8.8.8.8:53 | www.msftncsi.com | udp |
| NL | 92.122.101.11:80 | www.msftncsi.com | tcp |
| US | 8.8.8.8:53 | www.msftncsi.com | udp |
| NL | 92.122.101.11:80 | www.msftncsi.com | tcp |
| NL | 92.122.101.11:80 | www.msftncsi.com | tcp |
| US | 8.8.8.8:53 | www.msftncsi.com | udp |
| NL | 92.122.101.11:80 | www.msftncsi.com | tcp |
| NL | 92.122.101.11:80 | www.msftncsi.com | tcp |
| US | 8.8.8.8:53 | www.msftncsi.com | udp |
| NL | 92.122.101.25:80 | www.msftncsi.com | tcp |
| NL | 92.122.101.25:80 | www.msftncsi.com | tcp |
| US | 8.8.8.8:53 | www.msftncsi.com | udp |
| NL | 92.122.101.11:80 | www.msftncsi.com | tcp |
| NL | 92.122.101.11:80 | www.msftncsi.com | tcp |
| US | 8.8.8.8:53 | www.msftncsi.com | udp |
| NL | 92.122.101.11:80 | www.msftncsi.com | tcp |
| NL | 92.122.101.11:80 | www.msftncsi.com | tcp |
| US | 8.8.8.8:53 | www.msftncsi.com | udp |
| NL | 92.122.101.25:80 | www.msftncsi.com | tcp |
| NL | 92.122.101.25:80 | www.msftncsi.com | tcp |
| US | 8.8.8.8:53 | www.msftncsi.com | udp |
| NL | 92.122.101.11:80 | www.msftncsi.com | tcp |
| NL | 92.122.101.11:80 | www.msftncsi.com | tcp |
| US | 8.8.8.8:53 | www.msftncsi.com | udp |
| NL | 92.122.101.11:80 | www.msftncsi.com | tcp |
| NL | 92.122.101.11:80 | www.msftncsi.com | tcp |
| US | 8.8.8.8:53 | www.msftncsi.com | udp |
| NL | 92.122.101.11:80 | www.msftncsi.com | tcp |
| NL | 92.122.101.11:80 | www.msftncsi.com | tcp |
| US | 8.8.8.8:53 | www.msftncsi.com | udp |
| NL | 92.122.101.25:80 | www.msftncsi.com | tcp |
| US | 8.8.8.8:53 | www.msftncsi.com | udp |
| NL | 92.122.101.25:80 | www.msftncsi.com | tcp |
| US | 8.8.8.8:53 | www.msftncsi.com | udp |
| NL | 92.122.101.25:80 | www.msftncsi.com | tcp |
| NL | 92.122.101.25:80 | www.msftncsi.com | tcp |
| US | 8.8.8.8:53 | www.msftncsi.com | udp |
| NL | 92.122.101.11:80 | www.msftncsi.com | tcp |
| NL | 92.122.101.11:80 | www.msftncsi.com | tcp |
| US | 8.8.8.8:53 | www.msftncsi.com | udp |
| NL | 92.122.101.11:80 | www.msftncsi.com | tcp |
Files
\??\pipe\crashpad_1080_TEZVTEOLBXBXUBAM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | f6e21b8843e15f82c66959017406868d |
| SHA1 | 76c89aac50989b264635b147a81357479a6b3ce7 |
| SHA256 | a0c639cc86d90c56530daa377c2d3f95658fd604d589812a5320b45a1589392e |
| SHA512 | bdffa0fb12044a43c08f67ad05c6d3afee2143bd8c46388fe6c4d160bd2308d5ec7cae9d8575013ab7e703fdc3e239f2fd79abf7aaa2dd7e6a559f523844ae8c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\f610a724-3d24-451a-bf3c-950ab31886df.tmp
| MD5 | 6132e73021472da2952c305a724dfaad |
| SHA1 | 044ce37a73cb1a9ae2d710b045a81933e3e1bdd5 |
| SHA256 | 74abfd79eb47586e8d2956e6cd58d268e4e65f1d7ca9965786d4fb141b219ea1 |
| SHA512 | 44a3df231150e72f45caa7d8046efe1a83e3b4577afe27cdc142f8d0ff7d4c20d80e5dca43ce5a3053667c3959d58de6f5a4f4f019e470ce3ab1e0597e8283f7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ce7f78d3260a56f2903c984daf6c46f3 |
| SHA1 | 02c811db66f911d48c487fc889e98199e171c714 |
| SHA256 | 09de4087cb0574d266d574a68d794eccc5177eb546de80b05f8193096e4f9830 |
| SHA512 | 9612de6ae90c6ac8cda87aa7598ed8f43b9ba8520cb250b44e1f9aa812ccf4ae692b6cb3c56831e40f16abcf4619dce07b87ecac44bdd0876acf2c8d3b87485a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 7bc0aa3dc1755878e7b72cb57bb68917 |
| SHA1 | 77904e2aa18ee878687d560e36d8f7334b855504 |
| SHA256 | 571a42a566201e1bb034ae8b3bc1ff8aaee1239e72503265e62681f66b30e81e |
| SHA512 | 824d51bedf3cc6d61664bf75102c4835fb60f5570f674174316cb151ed409f3fcf984b179cf7a558d125e1632f729d9e2ebad561aef65e5a4dbd885314ccb7ba |
C:\Users\Admin\Downloads\expressvpn_windows_12.55.0.27_release.exe
| MD5 | 01ea6bbb71d93bb90ff3eabddf487bd0 |
| SHA1 | 251cddc2dfebc6adca191ba2f11fff3a4fef8746 |
| SHA256 | 8644aab58a88f3490f6a1989b679d2e8a74309b8909d6fb4168470bc7023d0bc |
| SHA512 | fbaaf23bd4cc2bd238c0b4f6634e70e769ae30e2ce8ff67d34898a1fc24da264b4cc5afbd5f740970d5614c5e9d7407a7e6009f4e3728de9db19bf4af0ad9be6 |
C:\Users\Admin\Downloads\expressvpn_windows_12.55.0.27_release.exe
| MD5 | 01ea6bbb71d93bb90ff3eabddf487bd0 |
| SHA1 | 251cddc2dfebc6adca191ba2f11fff3a4fef8746 |
| SHA256 | 8644aab58a88f3490f6a1989b679d2e8a74309b8909d6fb4168470bc7023d0bc |
| SHA512 | fbaaf23bd4cc2bd238c0b4f6634e70e769ae30e2ce8ff67d34898a1fc24da264b4cc5afbd5f740970d5614c5e9d7407a7e6009f4e3728de9db19bf4af0ad9be6 |
C:\Users\Admin\Downloads\expressvpn_windows_12.55.0.27_release.exe
| MD5 | 01ea6bbb71d93bb90ff3eabddf487bd0 |
| SHA1 | 251cddc2dfebc6adca191ba2f11fff3a4fef8746 |
| SHA256 | 8644aab58a88f3490f6a1989b679d2e8a74309b8909d6fb4168470bc7023d0bc |
| SHA512 | fbaaf23bd4cc2bd238c0b4f6634e70e769ae30e2ce8ff67d34898a1fc24da264b4cc5afbd5f740970d5614c5e9d7407a7e6009f4e3728de9db19bf4af0ad9be6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 36a1da194454da90f8c62f635e68726b |
| SHA1 | 39b4a9a04009485ebea2ae9af154f939b46b1ea5 |
| SHA256 | 2ffaf5ed242f4887194dd3447a84ffa7a2d62f92535db4e40fef6708afdda0c5 |
| SHA512 | b2e01059ab5f5ffe107220f95205b18be830afa90cc7fc404f733736e4e4f4506b7ce9bb62e4979156132de1b8e05fa994b8beb0a3056656f8498510f4fbe3cc |
C:\Windows\Temp\{90907AF7-96F0-48A8-8738-4636B7DA0D94}\.cr\expressvpn_windows_12.55.0.27_release.exe
| MD5 | b63f7c2aef96808ed27afbc2d07e7319 |
| SHA1 | 69f3cdefab1a690b0f4adc8e7bb98ef9fa3300d9 |
| SHA256 | c7388b14c3c5cd82252a60ee13844e7bbc81b6b635759475685f210e965fe9b5 |
| SHA512 | 7d5ab33f55df2cfc9224f4acd67a86cbb15ec83d3ff8e5b04c5de442c75f303f0c64d44ddd01baf97f82905ffd45c773116bd8bd1eafd5bdd7d1aa5a49e5f526 |
C:\Windows\Temp\{90907AF7-96F0-48A8-8738-4636B7DA0D94}\.cr\expressvpn_windows_12.55.0.27_release.exe
| MD5 | b63f7c2aef96808ed27afbc2d07e7319 |
| SHA1 | 69f3cdefab1a690b0f4adc8e7bb98ef9fa3300d9 |
| SHA256 | c7388b14c3c5cd82252a60ee13844e7bbc81b6b635759475685f210e965fe9b5 |
| SHA512 | 7d5ab33f55df2cfc9224f4acd67a86cbb15ec83d3ff8e5b04c5de442c75f303f0c64d44ddd01baf97f82905ffd45c773116bd8bd1eafd5bdd7d1aa5a49e5f526 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 4bb0458b9b1b42c00439821eac340def |
| SHA1 | 006ed827271441fccb504d8b9568800e50ca1bdb |
| SHA256 | e1d1c1440d48c4c1b0ea879230b3c0043c4f5889891a093b78ba327c3075d467 |
| SHA512 | c7afa3973b1471f01b64eeb7e47b2be24a4e4c2c429aeaac70205880aa596418bb2077ec423bf2fd524d6940d13e0be90483087bd4d5da3e4166f2adb89fc205 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe589555.TMP
| MD5 | e25cea4b2d4c5079d056c470514225f2 |
| SHA1 | 03d041f755a7fe5e40305bf3c5d04709113e3e4a |
| SHA256 | 2a76cba7a192dcb96f62261ebb310bbcec7c5910468a30e3e63c946528c373e5 |
| SHA512 | f1052398a2b6e29f2f99507293b98bfcf9052910cd645688976afe1ad90fb0ded3cd4d5ebea81f61621225a4c48b82c4521f2c11559d55d24e09d1582643ab89 |
C:\Windows\Temp\{1E9E2474-6687-44DF-A143-66AB8F106EC4}\.ba\mbahost.dll
| MD5 | c59832217903ce88793a6c40888e3cae |
| SHA1 | 6d9facabf41dcf53281897764d467696780623b8 |
| SHA256 | 9dfa1bc5d2ab4c652304976978749141b8c312784b05cb577f338a0aa91330db |
| SHA512 | 1b1f4cb2e3fa57cb481e28a967b19a6fefa74f3c77a3f3214a6b09e11ceb20ae428d036929f000710b4eb24a2c57d5d7dfe39661d5a1f48ee69a02d83381d1a9 |
memory/4436-349-0x0000000073DA0000-0x0000000074550000-memory.dmp
C:\Windows\Temp\{1E9E2474-6687-44DF-A143-66AB8F106EC4}\.ba\BootstrapperCore.dll
| MD5 | b0d10a2a622a322788780e7a3cbb85f3 |
| SHA1 | 04d90b16fa7b47a545c1133d5c0ca9e490f54633 |
| SHA256 | f2c2b3ce2df70a3206f3111391ffc7b791b32505fa97aef22c0c2dbf6f3b0426 |
| SHA512 | 62b0aa09234067e67969c5f785736d92cd7907f1f680a07f6b44a1caf43bfeb2df96f29034016f3345c4580c6c9bc1b04bea932d06e53621da4fcf7b8c0a489f |
C:\Windows\Temp\{1E9E2474-6687-44DF-A143-66AB8F106EC4}\.ba\BootstrapperCore.dll
| MD5 | b0d10a2a622a322788780e7a3cbb85f3 |
| SHA1 | 04d90b16fa7b47a545c1133d5c0ca9e490f54633 |
| SHA256 | f2c2b3ce2df70a3206f3111391ffc7b791b32505fa97aef22c0c2dbf6f3b0426 |
| SHA512 | 62b0aa09234067e67969c5f785736d92cd7907f1f680a07f6b44a1caf43bfeb2df96f29034016f3345c4580c6c9bc1b04bea932d06e53621da4fcf7b8c0a489f |
memory/4436-355-0x00000000066A0000-0x00000000066B0000-memory.dmp
memory/4436-356-0x00000000066A0000-0x00000000066B0000-memory.dmp
memory/4436-354-0x0000000006560000-0x0000000006578000-memory.dmp
C:\Windows\Temp\{1E9E2474-6687-44DF-A143-66AB8F106EC4}\.ba\BootstrapperCore.config
| MD5 | a591cca57a0534087061bb7509208f80 |
| SHA1 | b16c4f3651308cbb6a01efc16ee376f6ef5068e0 |
| SHA256 | d1f7224eae4295cb89e21d4aaf6aff5f8cfe912090350d8c7a25c3022ee9f75a |
| SHA512 | e416b4cb1b860c99dc5121dcf81bf38b8973d262e810f447ad5dcba33a6e2d485c62a675fc29e259a943174cf7a91d96a74af40787bb2db3336eefb2d41d94ae |
C:\Windows\Temp\{1E9E2474-6687-44DF-A143-66AB8F106EC4}\.ba\WixSharp Setup.exe
| MD5 | 306c76e7c9ebb185392f05089abe813c |
| SHA1 | 739fd057d6b90b84b3a7a887990de7e947ddb2d6 |
| SHA256 | 64c8180576126a5284cac1478cfe5f9301c5da75c8435855a706ebf9a628d368 |
| SHA512 | 8808069101cfb7c1d894797aec62c43c95358f71186b6472cda86f4e56cd8adb278971e3b22d0b5cd5a778e3af3cc7cc526bfd15f429696dee4f0b3256a6bd87 |
C:\Windows\Temp\{1E9E2474-6687-44DF-A143-66AB8F106EC4}\.ba\WixSharp Setup.exe
| MD5 | 306c76e7c9ebb185392f05089abe813c |
| SHA1 | 739fd057d6b90b84b3a7a887990de7e947ddb2d6 |
| SHA256 | 64c8180576126a5284cac1478cfe5f9301c5da75c8435855a706ebf9a628d368 |
| SHA512 | 8808069101cfb7c1d894797aec62c43c95358f71186b6472cda86f4e56cd8adb278971e3b22d0b5cd5a778e3af3cc7cc526bfd15f429696dee4f0b3256a6bd87 |
memory/4436-363-0x0000000006B40000-0x0000000006CCA000-memory.dmp
C:\Windows\Temp\{1E9E2474-6687-44DF-A143-66AB8F106EC4}\.ba\ExpressVpn.Client.Setup.Shared.dll
| MD5 | e2ca3d32206d27ef62097196320b5149 |
| SHA1 | 7eccaf65b4a4d27a40fae7bf74975cfc03e0f21a |
| SHA256 | 91227073892d648c36205f21dcdb8c77c619e8e88776d91721c9bc7aa338e1fa |
| SHA512 | 4f5bce725c9534db02c4afa4ed9638220a1ffd779bb4114334fa6eece36f630b5198d1ed168d5ecea7387cf29c7c9e14809ff452f0ae8bcb52ddb5b85dc44930 |
C:\Windows\Temp\{1E9E2474-6687-44DF-A143-66AB8F106EC4}\.ba\ExpressVpn.Client.Setup.Shared.dll
| MD5 | e2ca3d32206d27ef62097196320b5149 |
| SHA1 | 7eccaf65b4a4d27a40fae7bf74975cfc03e0f21a |
| SHA256 | 91227073892d648c36205f21dcdb8c77c619e8e88776d91721c9bc7aa338e1fa |
| SHA512 | 4f5bce725c9534db02c4afa4ed9638220a1ffd779bb4114334fa6eece36f630b5198d1ed168d5ecea7387cf29c7c9e14809ff452f0ae8bcb52ddb5b85dc44930 |
memory/4436-367-0x0000000006AC0000-0x0000000006AC8000-memory.dmp
C:\Windows\Temp\{1E9E2474-6687-44DF-A143-66AB8F106EC4}\.ba\Microsoft.Extensions.DependencyInjection.Abstractions.dll
| MD5 | 405bf969e7e50ef47422e54fa33605c8 |
| SHA1 | 4f3c5c8803212719ee74c60813b9ae08604684b3 |
| SHA256 | 95a7c66abd60ba45a2020ac3d42702fd9823f7b6db2ceec6a37c9e9b0602fed1 |
| SHA512 | d04978227453e3341fbdc6a8730da193f1c5e19a2635e02cb5d6eb6fef7c3ea53cf7df5df16230c12693cdaaccc90add812c5ad0a6ed0749e8de75c03602502a |
C:\Windows\Temp\{1E9E2474-6687-44DF-A143-66AB8F106EC4}\.ba\Microsoft.Extensions.DependencyInjection.Abstractions.dll
| MD5 | 405bf969e7e50ef47422e54fa33605c8 |
| SHA1 | 4f3c5c8803212719ee74c60813b9ae08604684b3 |
| SHA256 | 95a7c66abd60ba45a2020ac3d42702fd9823f7b6db2ceec6a37c9e9b0602fed1 |
| SHA512 | d04978227453e3341fbdc6a8730da193f1c5e19a2635e02cb5d6eb6fef7c3ea53cf7df5df16230c12693cdaaccc90add812c5ad0a6ed0749e8de75c03602502a |
memory/4436-371-0x0000000006AE0000-0x0000000006AF0000-memory.dmp
C:\Windows\Temp\{1E9E2474-6687-44DF-A143-66AB8F106EC4}\.ba\ExpressVpn.Common.Logging.dll
| MD5 | 0fb9bb66f522eabafe83121c422d66c5 |
| SHA1 | 492ddeb7dde8283d549222d0966d3e23aa98fd8a |
| SHA256 | 0490afdd9b00d111362a104b07c553abfc6f53292336325b79f1649059940fdd |
| SHA512 | ceeb40c2d3a35e404ee93f8e13f7e772353f1736d13efa5c878ec371cf462188a419aa8e6ac2e080b2f58fcea01eb45fd9425f4ba39b419a91965629ef500594 |
C:\Windows\Temp\{1E9E2474-6687-44DF-A143-66AB8F106EC4}\.ba\ExpressVpn.Common.Logging.dll
| MD5 | 0fb9bb66f522eabafe83121c422d66c5 |
| SHA1 | 492ddeb7dde8283d549222d0966d3e23aa98fd8a |
| SHA256 | 0490afdd9b00d111362a104b07c553abfc6f53292336325b79f1649059940fdd |
| SHA512 | ceeb40c2d3a35e404ee93f8e13f7e772353f1736d13efa5c878ec371cf462188a419aa8e6ac2e080b2f58fcea01eb45fd9425f4ba39b419a91965629ef500594 |
memory/4436-375-0x0000000006B10000-0x0000000006B28000-memory.dmp
C:\Windows\Temp\{1E9E2474-6687-44DF-A143-66AB8F106EC4}\.ba\ExpressVPN.Common.Shared.dll
| MD5 | dd0a1c213076c88de018a6f3646564be |
| SHA1 | 01d5477fae492568f062305fd6ac3d17d9227b7c |
| SHA256 | abc21001f94e57821c6fb89fe5f3f2aeebf2b2b236f41e6f520cdb9e9f9c2c77 |
| SHA512 | 8c4d6218f9ac2e45faccf49b16361117c36eb54c4bb18a4213f4ffb9ccaf479baefbd0695a6a7e395e814eb5cf3a4cf6bf4bfc535ce2f5e5696d52329d8c72f4 |
C:\Windows\Temp\{1E9E2474-6687-44DF-A143-66AB8F106EC4}\.ba\ExpressVPN.Common.Shared.dll
| MD5 | dd0a1c213076c88de018a6f3646564be |
| SHA1 | 01d5477fae492568f062305fd6ac3d17d9227b7c |
| SHA256 | abc21001f94e57821c6fb89fe5f3f2aeebf2b2b236f41e6f520cdb9e9f9c2c77 |
| SHA512 | 8c4d6218f9ac2e45faccf49b16361117c36eb54c4bb18a4213f4ffb9ccaf479baefbd0695a6a7e395e814eb5cf3a4cf6bf4bfc535ce2f5e5696d52329d8c72f4 |
memory/4436-379-0x0000000006CD0000-0x0000000006CEC000-memory.dmp
memory/4436-380-0x0000000006CF0000-0x0000000006D0A000-memory.dmp
C:\Windows\Temp\{1E9E2474-6687-44DF-A143-66AB8F106EC4}\.ba\ExpressVPN.Utils.dll
| MD5 | 05b0fc5cb5b7a3aba8d0aa7a7b4afeca |
| SHA1 | 8ac8c654a53f00b7e7a5ee6801a122e17ac65a4c |
| SHA256 | 5328eedb03cefbb184915d01c1667e7b9c3fac0a91d52532f4fbddfb490de2ea |
| SHA512 | 7eb613f4f5f88867df493b184ac5c7f101008addc61bf3d14c2eda5ce46241bc77a41aff5a70ca324bfd06abea1607639b531ac6a32a954abb88d670aea25171 |
C:\Windows\Temp\{1E9E2474-6687-44DF-A143-66AB8F106EC4}\.ba\ExpressVPN.Utils.dll
| MD5 | 05b0fc5cb5b7a3aba8d0aa7a7b4afeca |
| SHA1 | 8ac8c654a53f00b7e7a5ee6801a122e17ac65a4c |
| SHA256 | 5328eedb03cefbb184915d01c1667e7b9c3fac0a91d52532f4fbddfb490de2ea |
| SHA512 | 7eb613f4f5f88867df493b184ac5c7f101008addc61bf3d14c2eda5ce46241bc77a41aff5a70ca324bfd06abea1607639b531ac6a32a954abb88d670aea25171 |
memory/4436-384-0x0000000006D30000-0x0000000006D50000-memory.dmp
C:\Windows\Temp\{1E9E2474-6687-44DF-A143-66AB8F106EC4}\.ba\Microsoft.Extensions.DependencyInjection.dll
| MD5 | f2a9c263e730b94057d26d8e6562e342 |
| SHA1 | e36e4c8100585db5c7dbd07ff66f4adad8ccd37f |
| SHA256 | d6de20035b25367a82da6180c45511d9077374c5f96f6cc5fedd2107d61efb9c |
| SHA512 | 976fff499e641484a176801ca904221270220d07a1ffe14c03a9b3f32372a264ebe25e704dc63ec18f1bc2a430afa6a098847c327d695a3d19359422a300d4e9 |
C:\Windows\Temp\{1E9E2474-6687-44DF-A143-66AB8F106EC4}\.ba\Microsoft.Extensions.DependencyInjection.dll
| MD5 | f2a9c263e730b94057d26d8e6562e342 |
| SHA1 | e36e4c8100585db5c7dbd07ff66f4adad8ccd37f |
| SHA256 | d6de20035b25367a82da6180c45511d9077374c5f96f6cc5fedd2107d61efb9c |
| SHA512 | 976fff499e641484a176801ca904221270220d07a1ffe14c03a9b3f32372a264ebe25e704dc63ec18f1bc2a430afa6a098847c327d695a3d19359422a300d4e9 |
memory/4436-388-0x0000000006E50000-0x0000000006E68000-memory.dmp
C:\Windows\Temp\{1E9E2474-6687-44DF-A143-66AB8F106EC4}\.ba\Microsoft.Bcl.AsyncInterfaces.dll
| MD5 | 48efe61d6ca3054309907b532d576d2a |
| SHA1 | f36403aabb16540c93fb35245ec0b4e435628aae |
| SHA256 | 295af2142d9214f3fd84eafe4778dca119be7e0229f14b6ba8d5269c2f1e2e78 |
| SHA512 | 778e7c4675d8fde9e083230213d2efa19aa6924fe892ed74fa1ea2ec16743bb14b99b51856e75eaef632d57be7f36dd1bc7ce39a7c2b0435b2f3211bb19836a3 |
C:\Windows\Temp\{1E9E2474-6687-44DF-A143-66AB8F106EC4}\.ba\Microsoft.Bcl.AsyncInterfaces.dll
| MD5 | 48efe61d6ca3054309907b532d576d2a |
| SHA1 | f36403aabb16540c93fb35245ec0b4e435628aae |
| SHA256 | 295af2142d9214f3fd84eafe4778dca119be7e0229f14b6ba8d5269c2f1e2e78 |
| SHA512 | 778e7c4675d8fde9e083230213d2efa19aa6924fe892ed74fa1ea2ec16743bb14b99b51856e75eaef632d57be7f36dd1bc7ce39a7c2b0435b2f3211bb19836a3 |
memory/4436-392-0x0000000006B30000-0x0000000006B3A000-memory.dmp
C:\Windows\Temp\{1E9E2474-6687-44DF-A143-66AB8F106EC4}\.ba\System.Threading.Tasks.Extensions.dll
| MD5 | e1e9d7d46e5cd9525c5927dc98d9ecc7 |
| SHA1 | 2242627282f9e07e37b274ea36fac2d3cd9c9110 |
| SHA256 | 4f81ffd0dc7204db75afc35ea4291769b07c440592f28894260eea76626a23c6 |
| SHA512 | da7ab8c0100e7d074f0e680b28d241940733860dfbdc5b8c78428b76e807f27e44d1c5ec95ee80c0b5098e8c5d5da4d48bce86800164f9734a05035220c3ff11 |
C:\Windows\Temp\{1E9E2474-6687-44DF-A143-66AB8F106EC4}\.ba\System.Threading.Tasks.Extensions.dll
| MD5 | e1e9d7d46e5cd9525c5927dc98d9ecc7 |
| SHA1 | 2242627282f9e07e37b274ea36fac2d3cd9c9110 |
| SHA256 | 4f81ffd0dc7204db75afc35ea4291769b07c440592f28894260eea76626a23c6 |
| SHA512 | da7ab8c0100e7d074f0e680b28d241940733860dfbdc5b8c78428b76e807f27e44d1c5ec95ee80c0b5098e8c5d5da4d48bce86800164f9734a05035220c3ff11 |
memory/4436-396-0x0000000006D10000-0x0000000006D1A000-memory.dmp
C:\Windows\Temp\{1E9E2474-6687-44DF-A143-66AB8F106EC4}\.ba\Microsoft.Extensions.Logging.Abstractions.dll
| MD5 | 1237591a98cea80b03eaa68dbbcb2176 |
| SHA1 | 5761dfe8070d1e273c20bf6ce50eb46a8780e065 |
| SHA256 | ce8a3129430b92e206d59720adff91ebae0af7c8a808ba81b2ecf9ce680260e1 |
| SHA512 | 1446308e87aaf15ac1b3f79d8f4620b2172fb4c5f34059df75fae0ab244015cae6ac46faa86a0ab91b71d51bf91476dc407f473016ed0b71526ff6e446bbda07 |
C:\Windows\Temp\{1E9E2474-6687-44DF-A143-66AB8F106EC4}\.ba\Microsoft.Extensions.Logging.Abstractions.dll
| MD5 | 1237591a98cea80b03eaa68dbbcb2176 |
| SHA1 | 5761dfe8070d1e273c20bf6ce50eb46a8780e065 |
| SHA256 | ce8a3129430b92e206d59720adff91ebae0af7c8a808ba81b2ecf9ce680260e1 |
| SHA512 | 1446308e87aaf15ac1b3f79d8f4620b2172fb4c5f34059df75fae0ab244015cae6ac46faa86a0ab91b71d51bf91476dc407f473016ed0b71526ff6e446bbda07 |
memory/4436-400-0x0000000006E80000-0x0000000006E90000-memory.dmp
C:\Windows\Temp\{1E9E2474-6687-44DF-A143-66AB8F106EC4}\.ba\Newtonsoft.Json.dll
| MD5 | 715a1fbee4665e99e859eda667fe8034 |
| SHA1 | e13c6e4210043c4976dcdc447ea2b32854f70cc6 |
| SHA256 | c5c83bbc1741be6ff4c490c0aee34c162945423ec577c646538b2d21ce13199e |
| SHA512 | bf9744ccb20f8205b2de39dbe79d34497b4d5c19b353d0f95e87ea7ef7fa1784aea87e10efcef11e4c90451eaa47a379204eb0533aa3018e378dd3511ce0e8ad |
C:\Windows\Temp\{1E9E2474-6687-44DF-A143-66AB8F106EC4}\.ba\Newtonsoft.Json.dll
| MD5 | 715a1fbee4665e99e859eda667fe8034 |
| SHA1 | e13c6e4210043c4976dcdc447ea2b32854f70cc6 |
| SHA256 | c5c83bbc1741be6ff4c490c0aee34c162945423ec577c646538b2d21ce13199e |
| SHA512 | bf9744ccb20f8205b2de39dbe79d34497b4d5c19b353d0f95e87ea7ef7fa1784aea87e10efcef11e4c90451eaa47a379204eb0533aa3018e378dd3511ce0e8ad |
memory/4436-404-0x00000000070A0000-0x0000000007152000-memory.dmp
memory/4436-407-0x00000000066A0000-0x00000000066B0000-memory.dmp
memory/4436-408-0x000000007F7A0000-0x000000007F7B0000-memory.dmp
memory/4436-409-0x0000000007060000-0x0000000007082000-memory.dmp
memory/4436-412-0x00000000066A0000-0x00000000066B0000-memory.dmp
memory/4436-413-0x0000000009AF0000-0x0000000009AF8000-memory.dmp
memory/4436-414-0x000000000A000000-0x000000000A038000-memory.dmp
memory/4436-415-0x0000000009FE0000-0x0000000009FEE000-memory.dmp
C:\Windows\Temp\{1E9E2474-6687-44DF-A143-66AB8F106EC4}\.be\ExpressVPN_12.55.0.27.exe
| MD5 | b63f7c2aef96808ed27afbc2d07e7319 |
| SHA1 | 69f3cdefab1a690b0f4adc8e7bb98ef9fa3300d9 |
| SHA256 | c7388b14c3c5cd82252a60ee13844e7bbc81b6b635759475685f210e965fe9b5 |
| SHA512 | 7d5ab33f55df2cfc9224f4acd67a86cbb15ec83d3ff8e5b04c5de442c75f303f0c64d44ddd01baf97f82905ffd45c773116bd8bd1eafd5bdd7d1aa5a49e5f526 |
memory/4436-419-0x000000000A230000-0x000000000A238000-memory.dmp
C:\Windows\Temp\{1E9E2474-6687-44DF-A143-66AB8F106EC4}\.be\ExpressVPN_12.55.0.27.exe
| MD5 | b63f7c2aef96808ed27afbc2d07e7319 |
| SHA1 | 69f3cdefab1a690b0f4adc8e7bb98ef9fa3300d9 |
| SHA256 | c7388b14c3c5cd82252a60ee13844e7bbc81b6b635759475685f210e965fe9b5 |
| SHA512 | 7d5ab33f55df2cfc9224f4acd67a86cbb15ec83d3ff8e5b04c5de442c75f303f0c64d44ddd01baf97f82905ffd45c773116bd8bd1eafd5bdd7d1aa5a49e5f526 |
C:\Windows\Temp\{1E9E2474-6687-44DF-A143-66AB8F106EC4}\.be\ExpressVPN_12.55.0.27.exe
| MD5 | b63f7c2aef96808ed27afbc2d07e7319 |
| SHA1 | 69f3cdefab1a690b0f4adc8e7bb98ef9fa3300d9 |
| SHA256 | c7388b14c3c5cd82252a60ee13844e7bbc81b6b635759475685f210e965fe9b5 |
| SHA512 | 7d5ab33f55df2cfc9224f4acd67a86cbb15ec83d3ff8e5b04c5de442c75f303f0c64d44ddd01baf97f82905ffd45c773116bd8bd1eafd5bdd7d1aa5a49e5f526 |
memory/4436-429-0x0000000073DA0000-0x0000000074550000-memory.dmp
memory/4436-430-0x00000000066A0000-0x00000000066B0000-memory.dmp
memory/4436-431-0x00000000066A0000-0x00000000066B0000-memory.dmp
memory/4436-441-0x00000000066A0000-0x00000000066B0000-memory.dmp
memory/4436-442-0x00000000066A0000-0x00000000066B0000-memory.dmp
memory/4436-443-0x000000007F7A0000-0x000000007F7B0000-memory.dmp
memory/4436-444-0x00000000066A0000-0x00000000066B0000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | d10aca532765fa131b55eb54e1c7828d |
| SHA1 | 63edc327a1baaf251cd9bd4c514392429a47e811 |
| SHA256 | 70db290029b0ff2a364c6e6665629aba372ed98607af15bd210be1a7a45411a2 |
| SHA512 | 8ade296b54631a63b661c7a75cf199862ad94be54447cce49ae0ba88d0e4fb9fbd8161d5063dcdf5c5beaff4feda291a76e82c2bd7dc388e8990b0c113b1997f |
C:\Windows\Temp\{1E9E2474-6687-44DF-A143-66AB8F106EC4}\VCRedist64
| MD5 | 703bd677778f2a1ba1eb4338bac3b868 |
| SHA1 | a176f140e942920b777f80de89e16ea57ee32be8 |
| SHA256 | 2257b3fbe3c7559de8b31170155a433faf5b83829e67c589d5674ff086b868b9 |
| SHA512 | a66ea382d8bdd31491627fd698242d2eda38b1d9df762c402923ef40bbca6aa2f43f22fa811c5fc894b529f9e77fcdd5ced9cd8af4a19f53845fce3780e8c041 |
C:\Windows\Temp\{1E9E2474-6687-44DF-A143-66AB8F106EC4}\Net6DesktopRuntime64
| MD5 | 26d558f92be15a50d59b8261123de56b |
| SHA1 | b5b1819cca753b070181f50411375b80412860a3 |
| SHA256 | 1b305b1ae89b2391a4411bb2c5edb6b059a7bf7955275c57b43d1f2a94ce3f62 |
| SHA512 | 5eb1537295cdb513197419c311777229fd43af6cea0ef6134f9990b32b8ac26aa51139f2c0b63d9cdfb6d753dd9db6f243b887ec511f15866157aa9e127b5cea |
C:\Windows\Temp\{1E9E2474-6687-44DF-A143-66AB8F106EC4}\MainMsi
| MD5 | 3651558f6176021868c2c1d5f3e93fdc |
| SHA1 | adfd4a85ea2d5b3305bb9f14e926c6b9fffef653 |
| SHA256 | 551c605ea377acd967c5cf8d1d4b61bcbd4c3f3c738e49ad69c3ed1fbbafa4a7 |
| SHA512 | bfa8983b6b96833c345c0a969c96433e99fe264c4b2630c6847a723a172351ed7d1fb38f713d4fc4d8f11e705cd212bfb5808b0cb9e903d57b568438a170c5e2 |
C:\ProgramData\Package Cache\A176F140E942920B777F80DE89E16EA57EE32BE8\VC_redist.x64.exe
| MD5 | 703bd677778f2a1ba1eb4338bac3b868 |
| SHA1 | a176f140e942920b777f80de89e16ea57ee32be8 |
| SHA256 | 2257b3fbe3c7559de8b31170155a433faf5b83829e67c589d5674ff086b868b9 |
| SHA512 | a66ea382d8bdd31491627fd698242d2eda38b1d9df762c402923ef40bbca6aa2f43f22fa811c5fc894b529f9e77fcdd5ced9cd8af4a19f53845fce3780e8c041 |
C:\Windows\Temp\{01AB023E-EA9E-4443-A077-A920FB72CAAA}\.cr\VC_redist.x64.exe
| MD5 | 848da6b57cb8acc151a8d64d15ba383d |
| SHA1 | 8f4d4a1afa9fd985c67642213b3e7ccf415591da |
| SHA256 | 5a61f9775032457db28edd41f98f08c874e759f344ea8475c9ac8abbba68de12 |
| SHA512 | ff8b87e7746ecf19a150874dedd6ea4c51c76cfc291c5a80d9e5073a9bbbb2bd6ed7d10425b083578dc8d28d0d905e379fa3f919a60979e5b5c44ebc0ac613e6 |
C:\Windows\Temp\{01AB023E-EA9E-4443-A077-A920FB72CAAA}\.cr\VC_redist.x64.exe
| MD5 | 848da6b57cb8acc151a8d64d15ba383d |
| SHA1 | 8f4d4a1afa9fd985c67642213b3e7ccf415591da |
| SHA256 | 5a61f9775032457db28edd41f98f08c874e759f344ea8475c9ac8abbba68de12 |
| SHA512 | ff8b87e7746ecf19a150874dedd6ea4c51c76cfc291c5a80d9e5073a9bbbb2bd6ed7d10425b083578dc8d28d0d905e379fa3f919a60979e5b5c44ebc0ac613e6 |
C:\Windows\Temp\{2B46A6B7-4B45-4F53-A504-12242AC9A8C6}\.ba\wixstdba.dll
| MD5 | eab9caf4277829abdf6223ec1efa0edd |
| SHA1 | 74862ecf349a9bedd32699f2a7a4e00b4727543d |
| SHA256 | a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041 |
| SHA512 | 45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2 |
C:\Windows\Temp\{2B46A6B7-4B45-4F53-A504-12242AC9A8C6}\.ba\logo.png
| MD5 | d6bd210f227442b3362493d046cea233 |
| SHA1 | ff286ac8370fc655aea0ef35e9cf0bfcb6d698de |
| SHA256 | 335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef |
| SHA512 | 464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b |
C:\Windows\Temp\{2B46A6B7-4B45-4F53-A504-12242AC9A8C6}\.be\VC_redist.x64.exe
| MD5 | 848da6b57cb8acc151a8d64d15ba383d |
| SHA1 | 8f4d4a1afa9fd985c67642213b3e7ccf415591da |
| SHA256 | 5a61f9775032457db28edd41f98f08c874e759f344ea8475c9ac8abbba68de12 |
| SHA512 | ff8b87e7746ecf19a150874dedd6ea4c51c76cfc291c5a80d9e5073a9bbbb2bd6ed7d10425b083578dc8d28d0d905e379fa3f919a60979e5b5c44ebc0ac613e6 |
C:\Windows\Temp\{2B46A6B7-4B45-4F53-A504-12242AC9A8C6}\.be\VC_redist.x64.exe
| MD5 | 848da6b57cb8acc151a8d64d15ba383d |
| SHA1 | 8f4d4a1afa9fd985c67642213b3e7ccf415591da |
| SHA256 | 5a61f9775032457db28edd41f98f08c874e759f344ea8475c9ac8abbba68de12 |
| SHA512 | ff8b87e7746ecf19a150874dedd6ea4c51c76cfc291c5a80d9e5073a9bbbb2bd6ed7d10425b083578dc8d28d0d905e379fa3f919a60979e5b5c44ebc0ac613e6 |
C:\Windows\Temp\{2B46A6B7-4B45-4F53-A504-12242AC9A8C6}\.be\VC_redist.x64.exe
| MD5 | 848da6b57cb8acc151a8d64d15ba383d |
| SHA1 | 8f4d4a1afa9fd985c67642213b3e7ccf415591da |
| SHA256 | 5a61f9775032457db28edd41f98f08c874e759f344ea8475c9ac8abbba68de12 |
| SHA512 | ff8b87e7746ecf19a150874dedd6ea4c51c76cfc291c5a80d9e5073a9bbbb2bd6ed7d10425b083578dc8d28d0d905e379fa3f919a60979e5b5c44ebc0ac613e6 |
C:\ProgramData\Package Cache\{1b5f1335-d71c-41d7-b62a-26db1d5378b7}\state.rsm
| MD5 | f1159fe4e3d7cb4dd0b7bd911c3138ed |
| SHA1 | 8baab94ed08e0501ecd7acb664650f5c74bd9664 |
| SHA256 | 0210f5bfda323e7ea0528cb331538be50e82b7d381a305e94151e326700ebcea |
| SHA512 | 83407666a55c92ee29a08ab3387877577b10fd93fa7128bb16ebc8da9cd33caf637ab47cd5d67488cdb90a5ee036ffe8453e4524a712ceb9f401768101671f28 |
C:\ProgramData\Package Cache\{1b5f1335-d71c-41d7-b62a-26db1d5378b7}\ExpressVPN_12.55.0.27.exe
| MD5 | b63f7c2aef96808ed27afbc2d07e7319 |
| SHA1 | 69f3cdefab1a690b0f4adc8e7bb98ef9fa3300d9 |
| SHA256 | c7388b14c3c5cd82252a60ee13844e7bbc81b6b635759475685f210e965fe9b5 |
| SHA512 | 7d5ab33f55df2cfc9224f4acd67a86cbb15ec83d3ff8e5b04c5de442c75f303f0c64d44ddd01baf97f82905ffd45c773116bd8bd1eafd5bdd7d1aa5a49e5f526 |
C:\Windows\Temp\{2B46A6B7-4B45-4F53-A504-12242AC9A8C6}\vcRuntimeMinimum_x64
| MD5 | df77fc41aa2f85ca423919e397084137 |
| SHA1 | 5b87cd2dfb661df49f9557e2fc3b95c7833c9b0b |
| SHA256 | 51b6a928f7becbf525cbeff180442b05533f8ea8f8494cc97a491e29bdd4b7c2 |
| SHA512 | a36b093011b9534db0881eb72de4638e39be67a9844b14fcd3e40539aafd9aa9ce7b14d3968aedb092ecf9bca9ac0918a65f65632643782edafefa36fc12c3e2 |
C:\Windows\Temp\{2B46A6B7-4B45-4F53-A504-12242AC9A8C6}\vcRuntimeAdditional_x64
| MD5 | c214a9e931bbdd960bb48ac1a2b91945 |
| SHA1 | a640c55dd522e01d0be4307a5eee9a40f779a6cc |
| SHA256 | 1dbd3e4e71c6678e640c289c1c64bbb12c70f65f52b27191680a9e4141d64b11 |
| SHA512 | d25fef3bdd3cd18035892618602e27621e9fb3a913e7972ec7bb624d593ae4b766e718fd2e2c7342c589e9a97beb03d2fedef22e824c6b539b83f199cb967933 |
C:\Windows\Temp\{2B46A6B7-4B45-4F53-A504-12242AC9A8C6}\cab5046A8AB272BF37297BB7928664C9503
| MD5 | 45c9c674c0ba87f57168d6ab852e9641 |
| SHA1 | 73ace24362f14dc58d4099dae6e4e62902e9e950 |
| SHA256 | d14f231d1ab0d928e309b067622b5389e0dc6c4f0d3671632066f6586c442c76 |
| SHA512 | 5bb06ca9c966c9edd30944523a84efd3c13b8eb9f6a5c6cfd961a0c82a1cb193e7b58baf888dede7b740ed42ce76ab20c3e41a684c4dd9d818ff8b0d9e52e684 |
C:\Windows\Temp\{2B46A6B7-4B45-4F53-A504-12242AC9A8C6}\cab2C04DDC374BD96EB5C8EB8208F2C7C92
| MD5 | 62bc0f466e65d9219281cf75c8f91380 |
| SHA1 | 0826a1591b81acf0fe30d58e19b0a87df2a49a3e |
| SHA256 | 534dd81be6b7a23a745c36eda87e6387c5d146c3a96c84793d0edc7eb85b40f3 |
| SHA512 | 17713f4228c0c2793c622bbb0a90bd5688d98a6576a695cb956fa233238c4c6e5b0cb43510be4f072613ad575d0b44e7c847f48b785a161cc337a9e6fdca3bb5 |
C:\Users\Admin\AppData\Local\Temp\dd_vcredist_amd64_20230817204854_000_vcRuntimeMinimum_x64.log
| MD5 | c3f8fc0445c51d4aaf914f9b74dbcca9 |
| SHA1 | 31e1b694f39ba2193cd175bca9d670b8638b6aaf |
| SHA256 | e4fdd176e20b03cb4503421ff0615ff72db7c49355d8bc720ed43e3ae1868ab5 |
| SHA512 | 34c443f68834916cd09aa6501cb06c984dc9242b9d1d643d9661ce03bb1e9719b3f90d009958e5f307294abeeeb2b32723f6523091846cc9bb80fd1d7af5b3da |
C:\Windows\Installer\e59eecd.msi
| MD5 | df77fc41aa2f85ca423919e397084137 |
| SHA1 | 5b87cd2dfb661df49f9557e2fc3b95c7833c9b0b |
| SHA256 | 51b6a928f7becbf525cbeff180442b05533f8ea8f8494cc97a491e29bdd4b7c2 |
| SHA512 | a36b093011b9534db0881eb72de4638e39be67a9844b14fcd3e40539aafd9aa9ce7b14d3968aedb092ecf9bca9ac0918a65f65632643782edafefa36fc12c3e2 |
C:\Config.Msi\e59eec0.rbs
| MD5 | 998e128cdbbd55abe22590f84e45f13e |
| SHA1 | 931e9b2ba456cefdba69211886b197aa07400bda |
| SHA256 | fc5e94af150eb6b7ac7e6e4ea6e3d24c199caf4d4a2fec9f27d2b49393c99aa1 |
| SHA512 | a3b9dd02b445ac972ec652d7eabbe4ce7c9291277f0a85c3aefa455fc9d245b8a4c62266c3819f9c24736661c357ba46f731c40b8d5934544c3f8ca59b150331 |
C:\Config.Msi\e59eecc.rbs
| MD5 | cf9477ffc8bbe84be16aa503dacaf5f1 |
| SHA1 | e2c30a81711f30cfa72dfa2b40c8baa1ccd39df0 |
| SHA256 | 8348baea025939e685ebafbb50341a75d861d24793272ffce9d3ad65131942d8 |
| SHA512 | 23ed11f9b40ee1616f5c44a65453edf7031793e75cc9eb36222c5b2865cc61627ed55cb1b698b05c5e58b1e7848acc680926a93b838a37e7e79a1732f8e1efed |
C:\Users\Admin\AppData\Local\Temp\dd_vcredist_amd64_20230817204854_001_vcRuntimeAdditional_x64.log
| MD5 | 60db71d20f1cacfa883a922f0efbc6ce |
| SHA1 | 28ac029be18fa2e9e47b3a97af1bd10b2fea1701 |
| SHA256 | 4b4d9c8dbe5e7f9360064cee91924689723e96102cc084059940e1110813adff |
| SHA512 | 8b35f32e45905c498613a834cc231f86bfc00f7c0f64071d6ff8c3dea35583fb1462bdb732c8a4b142f8dac798fcaf9ea234dcdc29684a93106f6a39b13fac49 |
C:\Config.Msi\e59eed3.rbs
| MD5 | 47e53f6d36afb89ccdc1ce8c44790256 |
| SHA1 | 24a01f041402f59ff910bc4e8c1615b00f616ab3 |
| SHA256 | 53bc550c3c8a8054449da977661a73c5349250caee2330d5e20c4758d1f64d00 |
| SHA512 | 221d8e1bcf4599ba4a9db7a4b8cb962b7cb1922f98137a0c60a72fe60385d884ec05359d79a4126d11ebb3c385ed51de5d74c5dc79102d54885714547504aca2 |
C:\Config.Msi\e59eee2.rbs
| MD5 | f6be4125c66c9f0eeb1230c83a737848 |
| SHA1 | d1a2b06b1c9311e44bd215035cefbd2f8e0b33c3 |
| SHA256 | 67cad6121c6a0dbdb7152035d17ecae62b653ceaf51875bb7ad95df3831f2f75 |
| SHA512 | 08c9ce66a8b0de53a7e9ad431066b69a61de027a6c2558440f926f8e9b5680ec24375708c7676219ea6eb55267b314ba29e1bf11702beeaadf0dff6d4b56ab6f |
C:\Windows\Temp\{DFD81883-D135-4600-A5E3-F963BE013C6F}\.ba\wixstdba.dll
| MD5 | eab9caf4277829abdf6223ec1efa0edd |
| SHA1 | 74862ecf349a9bedd32699f2a7a4e00b4727543d |
| SHA256 | a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041 |
| SHA512 | 45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2 |
C:\Windows\Temp\{DFD81883-D135-4600-A5E3-F963BE013C6F}\.ba\wixstdba.dll
| MD5 | eab9caf4277829abdf6223ec1efa0edd |
| SHA1 | 74862ecf349a9bedd32699f2a7a4e00b4727543d |
| SHA256 | a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041 |
| SHA512 | 45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2 |
C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe
| MD5 | 848da6b57cb8acc151a8d64d15ba383d |
| SHA1 | 8f4d4a1afa9fd985c67642213b3e7ccf415591da |
| SHA256 | 5a61f9775032457db28edd41f98f08c874e759f344ea8475c9ac8abbba68de12 |
| SHA512 | ff8b87e7746ecf19a150874dedd6ea4c51c76cfc291c5a80d9e5073a9bbbb2bd6ed7d10425b083578dc8d28d0d905e379fa3f919a60979e5b5c44ebc0ac613e6 |
C:\Windows\Temp\{36981485-B1B9-461F-9EB5-9C9462F2361D}\.ba\bg.png
| MD5 | 9eb0320dfbf2bd541e6a55c01ddc9f20 |
| SHA1 | eb282a66d29594346531b1ff886d455e1dcd6d99 |
| SHA256 | 9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79 |
| SHA512 | 9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d |
C:\Windows\Temp\{36981485-B1B9-461F-9EB5-9C9462F2361D}\.be\windowsdesktop-runtime-6.0.5-win-x64.exe
| MD5 | 987433e22c318ff3bfd596f6b7bb3d0d |
| SHA1 | 7b8b48d30370bf1cc8e1c2c68b96622a6051d08e |
| SHA256 | ea4484732f4415318ad0a403f8768129f1d4e6f871602881f3d339bcf7a2fa73 |
| SHA512 | 8dcf1535cb673983f916d2c6d255f9a0f2ff708d9a356c5d02e0e326ce967353878a1019e686db0cb7e88e6a8cf78e4c73949fb831ca885241e0c5bce3934d46 |
C:\Windows\Installer\e59eee8.msi
| MD5 | abf5dbc0196845d9c906189aa70d07ec |
| SHA1 | 4a6879976ca9d64a151e1679d0b08d975883a7b2 |
| SHA256 | f8f96b0c0a444a391d1a5c02d217d530905c32895166251d16a1b5903b6815f1 |
| SHA512 | 035fffdf011e5d30b06ca3b78b37ceb90c1773b08244efc0ca8f7e8b7c4ef83b1b0c5273431e752d0f7dc83a49ccf5fbb733f8235825bf5b8ded32f7b51939e3 |
C:\Config.Msi\e59eee7.rbs
| MD5 | 70427fb27377d03955dbe48fecea68db |
| SHA1 | 25f52910550c3f9a1963f79761d615bc9dcd4a78 |
| SHA256 | 19d8a67bcd9fb0b349e92318fec1fc27c5ebcaa9a4df50899de2bc32fabe17c8 |
| SHA512 | e9b0f650569e33401135601a9ce4d4a9feaadaec314c2401528f6551d961918746628a8ba6ff28109c8858e4894cd25b97910a9492f30271fd7a6de86b5a1a6b |
C:\Windows\Installer\MSI47C0.tmp
| MD5 | d711da8a6487aea301e05003f327879f |
| SHA1 | 548d3779ed3ab7309328f174bfb18d7768d27747 |
| SHA256 | 3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283 |
| SHA512 | c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681 |
C:\Windows\Installer\e59eee9.msi
| MD5 | eef7d4eaa530df3288c03b8e6463aaa3 |
| SHA1 | 4d94b0073d5afeb1642a2f0da5c178f5765857b3 |
| SHA256 | cbdda269bf97e5e990d909fc503149005e4cd70e68d565c0fd4fbed3222d7711 |
| SHA512 | 2be6dbc2c4d2a8d68653ffd8cb56196178c4ecea2f247a8d6f6cf3061917a43ff814ce48ab2939b475ae0d69df8fe41e0864ebaa282adcfb3e578ca0da10f823 |
C:\Config.Msi\e59eeec.rbs
| MD5 | bc8b70d8a5c5e76595c6dbdf1e33a884 |
| SHA1 | 99dad2f9e9991b8e8f447a59afa07c5e15fb703b |
| SHA256 | 26a533369c9c4f8295a86922e9d0425d773b9def557bb4df6f6c38a172a838cf |
| SHA512 | d346389856313bfad70a4ffef98ad778c3b381a3fe95901f773274ea1cbcaa208ca1e1b4785351c3498a26f7a1333103baf179482326efa3040bcb5008e815fc |
C:\Program Files\dotnet\LICENSE.txt
| MD5 | 31c5a77b3c57c8c2e82b9541b00bcd5a |
| SHA1 | 153d4bc14e3a2c1485006f1752e797ca8684d06d |
| SHA256 | 7f6839a61ce892b79c6549e2dc5a81fdbd240a0b260f8881216b45b7fda8b45d |
| SHA512 | ad33e3c0c3b060ad44c5b1b712c991b2d7042f6a60dc691c014d977c922a7e3a783ba9bade1a34de853c271fde1fb75bc2c47869acd863a40be3a6c6d754c0a6 |
C:\Program Files\dotnet\ThirdPartyNotices.txt
| MD5 | f77a4aecfaf4640d801eb6dcdfddc478 |
| SHA1 | 7424710f255f6205ef559e4d7e281a3b701183bb |
| SHA256 | d5db0ed54363e40717ae09e746dec99ad5b09223cc1273bb870703176dd226b7 |
| SHA512 | 1b729dfa561899980ba8b15128ea39bc1e609fe07b30b283001fd9cf9da62885d78c18082d0085edd81f09203f878549b48f7f888a8486a2a526b134c849fd6b |
C:\Config.Msi\e59eef1.rbs
| MD5 | 5012289fabd186231a13819de413dc41 |
| SHA1 | 6db4accecd8502326a38e9d353f12d8cdc707e61 |
| SHA256 | 4d7d5282bba69e01e639fca0e04d0e6fef4511578f43540a2b1f720b855e9d67 |
| SHA512 | b4a0baaaa0a10d046d85cef56ba46498e27774f7112cc0292e78b73070a8d7a3e5496375e7694f1ec1764ca9a53bc8dbfe55fffbf522d2de1d2d4882cc543163 |
C:\Windows\Installer\e59eef7.msi
| MD5 | bf16e0cb45daf8f291ecfa351cb0c3c2 |
| SHA1 | 1491de942eec40921a35f35aa377c2f8f7332c5b |
| SHA256 | 0c3b15d1e680e29377a08ec0577d87d222dda47b84c955f4e834497b59041f9c |
| SHA512 | a69a495b265e6e16fbc4a06455a02baabe35c6ad4abf499ca99a4b5cc9dfe2bcf337b6a60d32bfb15eca03b4c08710a095111ec637b2fbef0279c26d9e9e9ae8 |
C:\Config.Msi\e59eef6.rbs
| MD5 | 2b85adcfc0f4776617d4d19157feec55 |
| SHA1 | 816c3b56dbdd60e07753afe89181cc4d26a74c49 |
| SHA256 | ab5e64aef1189d89b09436216e592ca5dfccbcd6f03feda2f86eca30e9a2236e |
| SHA512 | 99f1a4bb34078dce62c06f54348808e1156ccccf10afc8a96b70d9cece53addf4d35fa56d52ec5b0f6fcc448b7ba0bf8798cfdea540bec0646c32e382ef50a80 |
C:\Windows\Installer\MSI8781.tmp-\Newtonsoft.Json.dll
| MD5 | 715a1fbee4665e99e859eda667fe8034 |
| SHA1 | e13c6e4210043c4976dcdc447ea2b32854f70cc6 |
| SHA256 | c5c83bbc1741be6ff4c490c0aee34c162945423ec577c646538b2d21ce13199e |
| SHA512 | bf9744ccb20f8205b2de39dbe79d34497b4d5c19b353d0f95e87ea7ef7fa1784aea87e10efcef11e4c90451eaa47a379204eb0533aa3018e378dd3511ce0e8ad |
memory/4636-1572-0x0000000004F00000-0x0000000004F2E000-memory.dmp
memory/4636-1573-0x0000000073DA0000-0x0000000074550000-memory.dmp
memory/4636-1576-0x0000000004F50000-0x0000000004F68000-memory.dmp
memory/4636-1579-0x0000000004F40000-0x0000000004F48000-memory.dmp
memory/4636-1580-0x0000000004FA0000-0x0000000004FB0000-memory.dmp
memory/4636-1577-0x0000000004FA0000-0x0000000004FB0000-memory.dmp
memory/4636-1574-0x0000000004FA0000-0x0000000004FB0000-memory.dmp
memory/4636-1582-0x0000000004FB0000-0x0000000004FC8000-memory.dmp
memory/4636-1585-0x0000000004FF0000-0x000000000500C000-memory.dmp
memory/4636-1587-0x00000000050A0000-0x0000000005110000-memory.dmp
memory/4636-1589-0x0000000005050000-0x0000000005070000-memory.dmp
memory/4636-1591-0x0000000005040000-0x000000000504A000-memory.dmp
memory/4636-1593-0x0000000005070000-0x000000000507C000-memory.dmp
C:\Windows\Installer\MSI8781.tmp-\Microsoft.Extensions.DependencyInjection.Abstractions.dll
| MD5 | 405bf969e7e50ef47422e54fa33605c8 |
| SHA1 | 4f3c5c8803212719ee74c60813b9ae08604684b3 |
| SHA256 | 95a7c66abd60ba45a2020ac3d42702fd9823f7b6db2ceec6a37c9e9b0602fed1 |
| SHA512 | d04978227453e3341fbdc6a8730da193f1c5e19a2635e02cb5d6eb6fef7c3ea53cf7df5df16230c12693cdaaccc90add812c5ad0a6ed0749e8de75c03602502a |
C:\Windows\Installer\MSI8781.tmp-\Microsoft.Bcl.AsyncInterfaces.dll
| MD5 | 48efe61d6ca3054309907b532d576d2a |
| SHA1 | f36403aabb16540c93fb35245ec0b4e435628aae |
| SHA256 | 295af2142d9214f3fd84eafe4778dca119be7e0229f14b6ba8d5269c2f1e2e78 |
| SHA512 | 778e7c4675d8fde9e083230213d2efa19aa6924fe892ed74fa1ea2ec16743bb14b99b51856e75eaef632d57be7f36dd1bc7ce39a7c2b0435b2f3211bb19836a3 |
C:\Windows\Installer\MSI8781.tmp-\Microsoft.Extensions.DependencyInjection.dll
| MD5 | f2a9c263e730b94057d26d8e6562e342 |
| SHA1 | e36e4c8100585db5c7dbd07ff66f4adad8ccd37f |
| SHA256 | d6de20035b25367a82da6180c45511d9077374c5f96f6cc5fedd2107d61efb9c |
| SHA512 | 976fff499e641484a176801ca904221270220d07a1ffe14c03a9b3f32372a264ebe25e704dc63ec18f1bc2a430afa6a098847c327d695a3d19359422a300d4e9 |
C:\Windows\Installer\MSI8781.tmp-\Microsoft.Extensions.Logging.Abstractions.dll
| MD5 | 1237591a98cea80b03eaa68dbbcb2176 |
| SHA1 | 5761dfe8070d1e273c20bf6ce50eb46a8780e065 |
| SHA256 | ce8a3129430b92e206d59720adff91ebae0af7c8a808ba81b2ecf9ce680260e1 |
| SHA512 | 1446308e87aaf15ac1b3f79d8f4620b2172fb4c5f34059df75fae0ab244015cae6ac46faa86a0ab91b71d51bf91476dc407f473016ed0b71526ff6e446bbda07 |
C:\Windows\Installer\MSI8781.tmp-\System.Threading.Tasks.Extensions.dll
| MD5 | e1e9d7d46e5cd9525c5927dc98d9ecc7 |
| SHA1 | 2242627282f9e07e37b274ea36fac2d3cd9c9110 |
| SHA256 | 4f81ffd0dc7204db75afc35ea4291769b07c440592f28894260eea76626a23c6 |
| SHA512 | da7ab8c0100e7d074f0e680b28d241940733860dfbdc5b8c78428b76e807f27e44d1c5ec95ee80c0b5098e8c5d5da4d48bce86800164f9734a05035220c3ff11 |
memory/4636-1700-0x0000000073DA0000-0x0000000074550000-memory.dmp
C:\Windows\Installer\MSI9CA2.tmp-\Microsoft.Deployment.WindowsInstaller.dll
| MD5 | 1a5caea6734fdd07caa514c3f3fb75da |
| SHA1 | f070ac0d91bd337d7952abd1ddf19a737b94510c |
| SHA256 | cf06d4ed4a8baf88c82d6c9ae0efc81c469de6da8788ab35f373b350a4b4cdca |
| SHA512 | a22dd3b7cf1c2edcf5b540f3daa482268d8038d468b8f00ca623d1c254affbbc1446e5bd42adc3d8e274be3ba776b0034e179faccd9ac8612ccd75186d1e3bf1 |
C:\Windows\Installer\MSI9CA2.tmp-\CustomAction.config
| MD5 | c9c40af1656f8531eaa647caceb1e436 |
| SHA1 | 907837497508de13d5a7e60697fc9d050e327e19 |
| SHA256 | 1a67f60962ca1cbf19873b62a8518efe8c701a09cd609af4c50ecc7f0b468bb8 |
| SHA512 | 0f7033686befa3f4acf3ed355c1674eaa6e349fba97e906446c8a7000be6876f157bc015bf5d3011fbbdc2c771bcbaea97918b8d24c064cbbd302741cc70cbc7 |
memory/2592-1795-0x0000000073DA0000-0x0000000074550000-memory.dmp
memory/2592-1797-0x0000000004D30000-0x0000000004D40000-memory.dmp
C:\Windows\Installer\MSI9CA2.tmp-\ExpressVpn.Client.Setup.CustomActions.dll
| MD5 | 03d920190ba3822b3dc32d4006d9a87f |
| SHA1 | 4dba2d46a5af7fb21f8e9b0543e94ace9ff19429 |
| SHA256 | 0683d6a7cb8dd2614ddde42b3a1361499f922c399c2a3642f3c5a9f2d5a5445c |
| SHA512 | 6795cfd33366d700e9343f3f59f234e9522c3fb07947cfc28c3e894a8822bd78a36575ec6f10575a6f5453ca25708e4f95a4fa45ef16c4688f4b63f17bd1dc79 |
memory/2592-1796-0x0000000004D30000-0x0000000004D40000-memory.dmp
C:\Windows\Installer\MSI9CA2.tmp-\ExpressVpn.Common.Logging.dll
| MD5 | 900704a24f798bf083d74850ed71853e |
| SHA1 | 918406236a746f4a6ec92e1222a0fab74efefb57 |
| SHA256 | e366870c224e8867494da86ff94897446f0d5f41da14911235651d2e1f36aba8 |
| SHA512 | 9624bce2d9be94c748b79459beb2447a65f2da99a016e640eb28325c5bc4ffc31cea076498a42dfbbedd39b89e1321ae6b975596288fb88bed8695df8190801f |
memory/2592-1800-0x0000000004D30000-0x0000000004D40000-memory.dmp
C:\Windows\Installer\MSI9CA2.tmp-\ExpressVpn.Client.Setup.Shared.dll
| MD5 | 52e6a0ca8ee05559add49d35f886f49b |
| SHA1 | 4888a15718e15303bfa5606358c88a3421c4819b |
| SHA256 | b314994c9cc8025cb07728f29529c06b9a38f294701104c8fe7f6e00d7f4f7ee |
| SHA512 | 37ae18b67ec65bd5d4b8dbc8a50993b61439d775fe47e78af4fd4c7ca4fb4b6ea8fd66caacbf7f0c97210686c58e7dfde9d1e539bf773ba013ce59cef46dd508 |
memory/2592-1803-0x0000000004D30000-0x0000000004D40000-memory.dmp
C:\Windows\Installer\MSI9CA2.tmp-\ExpressVPN.Common.Shared.dll
| MD5 | ee342d63e82a68cfdc81d8e44aa05e30 |
| SHA1 | 6eed17e5382c0b74c138f6843cd0dc27ffc8324f |
| SHA256 | 4e56e13a8d2851813b9fb6679a6c9452d6828ed43c7cfab5760df4d1f6dfdb97 |
| SHA512 | 794bcc03f49016d235aa2c8a2f6145469d8f9028bcc99fec0d5ad8255f2ccb525c0520140934249b06a31346c71d6a51f3034ebdc406da957fb828794f1fe1d2 |
C:\Windows\Installer\MSI9CA2.tmp-\WixSharp.dll
| MD5 | 6c3dcc803bdc616fc4041137cfd62b78 |
| SHA1 | 92d7b3b497c6ddc13bd1bb2ae083118017be0cbd |
| SHA256 | 0a82e4db427a80e111016bdf04477556e82773a21f143131563cda3f08c004fe |
| SHA512 | 7af9d3af8ebdc7cc9fa7453d998a89d973019df97231d3b1761e215b36e9e34a277d9a97aad99ed175027c5593ba74105368188555cc42342473717065cf01a7 |
C:\Windows\Installer\MSI9CA2.tmp-\ExpressVPN.Utils.dll
| MD5 | 892080d10eb9a120bc616826fff9f2ae |
| SHA1 | a695ecca342055c80691301668e09fd13ce112f2 |
| SHA256 | 6cc4e6979e68baa126af5b6a5bd2b98d3f0ec8131dc0532daec460f1bd25d4b6 |
| SHA512 | 53ffedc92bbe7174ae0a0afa5d6d1b2c5677d64d84ba144642c27ef1959cf1db23495edb85a5fd3a8d80a51212bb0b247b67adcdd9e98be9a92a064458baccb7 |
C:\Windows\Installer\MSI9CA2.tmp-\ExpressVpn.Utils.Wmi.dll
| MD5 | 21c4acf5d8472b092feca231973d5a01 |
| SHA1 | b46a14545c2b3a5563547edce55fc8b574ec5540 |
| SHA256 | f57daadf9b51276aa7d584d8d52fa50ec25cad212d0c5e03be83b68d7e651571 |
| SHA512 | 1985d9c53066b16f1151ffe01feb60c71bcc606e7931ec640066e21612d49b4f0b123c267a202cdacc3e66ecbaacf85cc1556fb776a8cccd4504d32efaeff793 |
C:\Windows\Installer\MSI9CA2.tmp-\ExpressVPN.Client.Installer.dll
| MD5 | 617af2c8f57fd0315d3825736b347626 |
| SHA1 | 294bf003ae5f528e5a129fca43667a145e752f61 |
| SHA256 | 61191e86b9696207187cac6651e3ed7d0d2c462c9dd5e29e464f915a74aced6d |
| SHA512 | c5b55cdff5d652b15ecf7c66e6380783513a7d0e96bc07b0f2ea9c60c7181fe3b7e83027e6d7a6fa5f085418742c57bc9070ed9dda72688444fcfe03cf1f24d2 |
memory/2592-1914-0x0000000073DA0000-0x0000000074550000-memory.dmp
C:\Windows\Installer\MSIA9C3.tmp
| MD5 | fd22b9c9f88759e68069b48bee372444 |
| SHA1 | 1d73a4a455020098ff260aea775dd072cd75d1a8 |
| SHA256 | 7c7a41dfb4e389161e378301cc813ac2e2c10f3ce6ebfd9c67a2446d106d7a15 |
| SHA512 | 59fba4e973687929b101f1cdad777ffe16cab621dcacdb4b2a004d68830412e6993304430e4b7117ee42d520a2e026d0e19ed03508270de780877cfeeb071c20 |
C:\Windows\Installer\MSIA9C3.tmp-\BootstrapperCore.dll
| MD5 | b0d10a2a622a322788780e7a3cbb85f3 |
| SHA1 | 04d90b16fa7b47a545c1133d5c0ca9e490f54633 |
| SHA256 | f2c2b3ce2df70a3206f3111391ffc7b791b32505fa97aef22c0c2dbf6f3b0426 |
| SHA512 | 62b0aa09234067e67969c5f785736d92cd7907f1f680a07f6b44a1caf43bfeb2df96f29034016f3345c4580c6c9bc1b04bea932d06e53621da4fcf7b8c0a489f |
memory/2632-2013-0x0000000000A90000-0x0000000000AA0000-memory.dmp
memory/2632-2012-0x0000000073DA0000-0x0000000074550000-memory.dmp
memory/2632-2017-0x0000000000A90000-0x0000000000AA0000-memory.dmp
memory/2632-2021-0x0000000000A90000-0x0000000000AA0000-memory.dmp
memory/2632-2126-0x0000000073DA0000-0x0000000074550000-memory.dmp
C:\Program Files (x86)\ExpressVPN\expressvpn-ui\Google.Protobuf.dll
| MD5 | 25647dfce0e91490e97f8c6366b2632a |
| SHA1 | 8b812d8418143e0e8bc782e6687583dee13710bd |
| SHA256 | da005e408ac85c4fafae30aa79ab7c18ddfa9fb5b23cd7fb2228a88413388c54 |
| SHA512 | 5c0947cceb867f765ef4e77a73c2e2cea11f80ed83cdd43f3f5816ac2c27403fa74ea6a7edd648061d14d3e480d0f5e8271b754688d8da62e8653ae7581bb910 |
C:\Program Files (x86)\ExpressVPN\expressvpn-ui\Grpc.Core.Api.dll
| MD5 | 33e82bfceee2a76c34edee46091bafc8 |
| SHA1 | 55c8e27e8efa1e08e87f96424c574ec581335910 |
| SHA256 | 1e6db7069217797180cf7664e555994a9993db0155c9761be8012860bb82f8a2 |
| SHA512 | 2818f76c324cfa556c5c9b68cba712c57d12da2f1bf6cf6defd314c0a5dbe4f504e20c04deaf9b69be6a56b01f47fe341ffbca2a431df9a71b28d38c9e1ec6bc |
C:\Program Files (x86)\ExpressVPN\expressvpn-ui\Grpc.Core.dll
| MD5 | 832a45191b8711adc888d8d45b26f0f8 |
| SHA1 | a90d87c10f3e5ed48a80f8e1cf0e883a07830c8d |
| SHA256 | 873b7debc4411c2707b48de1454d2ff437d9d56d44ad603c6487a8fb69b4413c |
| SHA512 | 94fe9bad110671a1bd965f4847609ed20955f082f96c049b1679634fbc878b189edaf952914137316a3a7ee65996df020ed2c65dcce0b7ba55db853f48132ef4 |
C:\Program Files (x86)\ExpressVPN\expressvpn-ui\Microsoft.Extensions.Configuration.Abstractions.dll
| MD5 | baa7644ed2f322d1d2c953220987c4a9 |
| SHA1 | 3860c3d54413837fd23e9a7081c15d27ab2ed4f0 |
| SHA256 | 5da295c08aba9257c8f27a39a3d21e0ee82c4e55c098794688305c270b4983b6 |
| SHA512 | 034cb63f8a8ccf99d2cb182c72e7e5ad67cd23baaca376dff3444c13e9c0bb78e1e5643ed82999130e9398fbd643cd86a875249401a49438b7d7976329d2ac74 |
C:\Program Files (x86)\ExpressVPN\expressvpn-ui\Microsoft.Extensions.Configuration.Binder.dll
| MD5 | b825099a89c81fe4127ee2628596d5d1 |
| SHA1 | 8e69faa62f82dd042a51a345eea19b959442e985 |
| SHA256 | f2f6d158380c32a50bdb827b4d63f97c364f221813641daf74c257034484b507 |
| SHA512 | 5c8dd2275702daa09bee2a8dac563d1292eef6735cd0a3a250f633afb3ac7823769435c4a29796b0b3522d72312497bac86b5ca71cbba2fbe31ce9cc24557068 |
C:\Program Files (x86)\ExpressVPN\expressvpn-ui\Microsoft.Extensions.Configuration.CommandLine.dll
| MD5 | 2d3b7a8112a2f148c75ed0820ee2a568 |
| SHA1 | e34f939e35591d03b982fe963a6532b427f6c844 |
| SHA256 | dabae732fa2b9cdb25bdd6e6f6c804fbd7c512380abcd1e0b8b0e3e32bfed7d9 |
| SHA512 | aa270196c7d56679ba47c9c8e0cf0a9e34fafbb15a7ccae2478f7b3410e5c9a4863d48b55fa6d4ca0c91b5563075ecc54969953c32808eec26385c2dc32ffc12 |
C:\Program Files (x86)\ExpressVPN\expressvpn-ui\Microsoft.Extensions.Configuration.dll
| MD5 | 4ae4c4004b28a9c7286ce1b4f2bbf415 |
| SHA1 | 423c11f0e71b51378f39eb275093aa223c49f848 |
| SHA256 | d5f7cd54e4aa3b02bd445bd5b8ff4786cb6463ec976cbfe820fced5e272ec572 |
| SHA512 | 7bf95813a0c66425dcf3e4d7e0078f72e97a3df9baff9cc525f2292f5cdbbe1cb52fd674089d1be15516770f214b9e7bc937de314eb9042441bf0ef1be28b044 |
C:\Program Files (x86)\ExpressVPN\expressvpn-ui\Microsoft.Extensions.Configuration.EnvironmentVariables.dll
| MD5 | f502afa74d2f363e79f3cb93c07b3655 |
| SHA1 | 5c3aadc3ee63e726f840d9f2c0ac44744dd0fa19 |
| SHA256 | 5ee4134c25d7c95dadf2d3681949a8b61f72358542edcdb4f2a56fbb469a69ea |
| SHA512 | 3630e378e93548762fabfda06a2cb2189e450e16a67583b207c70fbe836e257e0551f829dec10f6ba040e7d95caaccbe3db576266c6e8fc6a3e59e623c6b81d8 |
C:\Program Files (x86)\ExpressVPN\expressvpn-ui\Microsoft.Extensions.Configuration.FileExtensions.dll
| MD5 | 8be2c97bbbe81795e3042602a21965e6 |
| SHA1 | cf89501075ac6713c091ca773dad2ba946b7c6ea |
| SHA256 | 385ec618612990af5b4d8ec6edffb13fbb5ff5a03e7786033b42ea061ee3976e |
| SHA512 | d89a13ac0e3639acbb26f43739cd7a01ddb07fb03d7e0db5940dd28624d76014ba5e420b45f2d35b1acf0d9b3117a06f41f56109066fc95e9bb438d7516afc04 |
C:\Program Files (x86)\ExpressVPN\expressvpn-ui\Microsoft.Extensions.Configuration.Json.dll
| MD5 | ae4d8069218e6a793e4cb461e09d4d9e |
| SHA1 | cba0b162d94d80def76020a36c855543e8787ef9 |
| SHA256 | dfa8ce0bbd09c898957dc08ca9d3e1db2e87edd5d940c78f6b0becc6243d9d9e |
| SHA512 | 6c838cbba6623ec3f9168f79f27ba651073a96cda48cdce244883caba27004ac72f76c77f5012f0b044877fd3d90c1b9425465fc1782f0b5dc37d33c9f124e3e |
C:\Program Files (x86)\ExpressVPN\expressvpn-ui\Microsoft.Extensions.Configuration.UserSecrets.dll
| MD5 | 313cfefa5ac9c9f5d76382a4d738bf3c |
| SHA1 | 0bbcd9de636b6c9133a4030f42c0c04aaf51ddf1 |
| SHA256 | bc707ac67c82cbf3d7eefdcce641e061227267ddf7a66e08d68be37db5c896ee |
| SHA512 | fc4c2dd62e85a0bb1e62c9702bd9fbec2b93388fc890da3265a13855fabd65b3a64032fa2e1e38bc6be3f1c450b85475843138a4716eefaf404aef8e112904f9 |
C:\Program Files (x86)\ExpressVPN\expressvpn-ui\Microsoft.Extensions.FileProviders.Abstractions.dll
| MD5 | 9b981dcb9329e9043987eb2c24371714 |
| SHA1 | c3c45b42a67525cbf8596cf6ef9a56d103bb70f9 |
| SHA256 | 0706cedcd984a2478f10a9e57bb06e81bae2e0a1271507b26e91fb8f8c3413fe |
| SHA512 | 566bf7d258d3306742c3c585d04d19b338a8e1224e29ec7af35770e6827bf597a613775223cf93aa9afcb4ea3da0ca53b99493d9b3c6684da815907c8629b03e |
C:\Program Files (x86)\ExpressVPN\expressvpn-ui\Microsoft.Extensions.FileProviders.Physical.dll
| MD5 | 4e153e7492eae30cd0aa49a3140c1ebe |
| SHA1 | 55c123a2f3d1c7e24c4ed5edc54043cd9c37810a |
| SHA256 | 6bda4bddedfbb9023a5330dc1fd528e851cf2c869e53f3248e704927cec107cc |
| SHA512 | ba25bbbba4c3e454f4ec064195f5f5e9d0cc4c217b9b4ee538fd31d138224a12c58c0b97c588ea4ea482b2303b0afa04125c30bed102b7c5f2aa645d8e7c03bf |
C:\Program Files (x86)\ExpressVPN\expressvpn-ui\Microsoft.Extensions.FileSystemGlobbing.dll
| MD5 | f8dc23b883576fb84eccd1b7b56490d3 |
| SHA1 | c447b48529380954c878f1d933a10ef1bc402bb6 |
| SHA256 | 1acb904f6eee86f33b507a7e7cf8f2112d34d1b34daf1532df4d800795d328bc |
| SHA512 | 2604147c8a3664e2abeeafe9503cbed07866c763581c7587f59f8472718995c7d17782385826d70ab515a73bf4efc57e91ec5738d09363689305592c38fdb6db |
C:\Program Files (x86)\ExpressVPN\expressvpn-ui\Microsoft.Extensions.Hosting.Abstractions.dll
| MD5 | e4e839b5661a74bb03505202231b56d4 |
| SHA1 | 31b10ca90a0e492945dbec6cf530389504a7a462 |
| SHA256 | 601e2c40c930dcd582d421f8f887b62eeadf8a675b77aaa2f98f532d8d97e24b |
| SHA512 | a304a0e18865edd8225ee25ff99ac72843acb9970089e2328cdea8d116a839998d98a58310956b1f8c03caf15e57b91fcf7c2e65672839892fca700fb33f54eb |
C:\Program Files (x86)\ExpressVPN\expressvpn-ui\Microsoft.Extensions.Hosting.dll
| MD5 | 39d2e1cf94347200c4e2d0f5415dec53 |
| SHA1 | 0c2e97003acd0c2c0bc516c5b4c892de382239de |
| SHA256 | 2c355909c0c6415de0a8a8cc09ee5d6a4538fc19ede1fcff8baab3b1bdf5242b |
| SHA512 | ea6b8deb8e807f87e52d6e06eae62afe595a83d247566a6210155aec9dfa7f9602da789e0985ae87157a56ef26f57bd458bb77f6f3bc34752139f6633f6db712 |
C:\Program Files (x86)\ExpressVPN\expressvpn-ui\Microsoft.Extensions.Http.dll
| MD5 | 1129546f4edbff1a420986dd25bec97a |
| SHA1 | d01664a6749cc7fdf4d5997abdf72951a45f487c |
| SHA256 | 70dab4e760c996a618bd86fd514061f76296c70dc9a9e0da327635ffe6ee88d5 |
| SHA512 | a219d16ff2c9b4a5acbb07169b081d4a684355201469591dd75fd5cdee5103e5158c4e11fa32b4f81318aefb6363fa4d2cb61dc39e1b07d01b2d02161fb86d9f |
C:\Program Files (x86)\ExpressVPN\expressvpn-ui\Microsoft.Extensions.Logging.Configuration.dll
| MD5 | 2ca8343993aa0c8d6d619cc2dcab3539 |
| SHA1 | d6f6dca968ea17998b7c98585f9d04f2d60f615d |
| SHA256 | 92182678c59bff339c919c6d37c94e57904987ac2b1a7f8edbc7a198f0f802f7 |
| SHA512 | 804337f7a9311d1a7ac364131a095a3c93784ec5c0dc147ee4abedc804170a742f8e3aba4b326c795ca18d43cab76113d9c231f2d0c6023a7a0ea44228984fef |
C:\Program Files (x86)\ExpressVPN\expressvpn-ui\Microsoft.Extensions.Logging.Console.dll
| MD5 | f8536e13697fc017c0c4038a4db6074a |
| SHA1 | 1cde865ebae9bd7d000bd29872d692a1d9dba0f0 |
| SHA256 | a7e1a4601fa280ad97e4a94069157b057c2d5158388e57058f87cd9f8915337c |
| SHA512 | fd061d0ba67fc6983479bf579d7dba71ac8cf1f3372ee97438b2e455344d56111f6f8ef601e9769d9d9a18789a174a96d7a47f04ca719b189bb56b42922ec061 |
C:\Program Files (x86)\ExpressVPN\expressvpn-ui\Microsoft.Extensions.Logging.Debug.dll
| MD5 | 523731ef0c75f3cf36d17e0c0f7c6ee7 |
| SHA1 | 50e24c55d1399ea6550652e3de8d80de7d1d02f7 |
| SHA256 | ce241f96331ca11eacac64c683e11fe659e5ac157eaa224c9fe742d20b1ce983 |
| SHA512 | 727539dbcacb28b23a21e037d439bc8c506ac2aaccf1d1a7a76f6d91c6739f0c317a3e1ee2e6bff3f3f1eee172daacbce21fd35b4bff3ad4459de405167cfa7e |
C:\Program Files (x86)\ExpressVPN\expressvpn-ui\Microsoft.Extensions.Logging.dll
| MD5 | 73eab96c0898a78a61d89782ef6fab83 |
| SHA1 | 07541eed457b5977890c13622d4fc4cabebc67fb |
| SHA256 | c4b2b98c21b24b88640bc0be5dcd335d82df129dcaa0dcc778d91a759a037524 |
| SHA512 | 90e8b699f451667d18762cbeb0f050f5462e97186b2b495b5de737ae565a7e1667c0ae5d89442ad93c08f2b5db5459b7febb63b1667466e13908f24cf1e3c075 |
C:\Program Files (x86)\ExpressVPN\expressvpn-ui\Microsoft.Extensions.Logging.EventLog.dll
| MD5 | fc9949be824804ec4875dfcb0eda5057 |
| SHA1 | 85a10da292711b68ed97d493bb04cf6552b7d998 |
| SHA256 | 97f6d53966086a22da7cff8c6bfa38dd5469f8faed34cbaeb0922e5ba576421f |
| SHA512 | 13cb04ea01094fcb904640d7bcb552bc8f523581932a5dd2a5660e362e92e21dc73e285663ab91ee2128b0cdb4b067f3e2e3a8cc798df333fdc5fe5cacc29a91 |
C:\Program Files (x86)\ExpressVPN\expressvpn-ui\Microsoft.Extensions.Logging.EventSource.dll
| MD5 | 3a6dda95bb1aa1e413008d68b957bca2 |
| SHA1 | ac364ffc2cb711ffd43131ac9c6e86f1c408de65 |
| SHA256 | 221c6c8fbdcf28e01aebd74ac8d39cdf230d9eb51138102b443b8c8cc1c0d74b |
| SHA512 | 2e4960640d3aaf7c4c9318f29fedfe3ca3c004681acbb69581c6a2b5803d57ea453a1db153a8c22482c2b490e58d721ebf32190abb4296df6f62466ee10272fd |
C:\Program Files (x86)\ExpressVPN\expressvpn-ui\Microsoft.Extensions.Options.ConfigurationExtensions.dll
| MD5 | 40a801619f536846ff777beadcd62f27 |
| SHA1 | 5a3c722df02ffc81d813224d98af375ab7b09cf9 |
| SHA256 | 9d38b26507120c8cbefacbf6d2ddb5e89a53db475efefcfde221685b8eed0803 |
| SHA512 | d2ad123ebe1e3c41a5ce58e54b3c7847236e99ca3d30ba92f75df432fd94276d185e982fc6d72c2cd2d4d22eff5094b92ddea7b9d5615df14c2d1aab90936a01 |
C:\Program Files (x86)\ExpressVPN\expressvpn-ui\Microsoft.Extensions.Options.dll
| MD5 | 3ddea0033ead23660b51921146dda017 |
| SHA1 | 5708c44aa5326da0a69072a9b0e48715112a4bdd |
| SHA256 | c4673c6000602e76844bad63feecbe42d88fc72639b1fd64d2acde48955be970 |
| SHA512 | d57e25a2412f2685770e3fd1d6650ee433ed28d337221941841eb9589dbf3868a27efb0d488f960f75785e60357cd2914b0eece1da62aa9ffe77219340c03576 |
C:\Program Files (x86)\ExpressVPN\expressvpn-ui\Microsoft.Extensions.Primitives.dll
| MD5 | d833ddcb52e5c6d6da71bae25395a911 |
| SHA1 | 17ce025ad7a0175c467f5a7108ca81a813e4ac21 |
| SHA256 | 76152e774b2bd9c5a0d301e92e253d8bf55fa90e191d0155dfd86b2b84766ae8 |
| SHA512 | fd963a9fa5bdd10a1c54ce8fcba862b59786280ca5d668fa041b30b80d7fa2b84230d33b1c0541423534c764e7432213039d5f586d0427d542c0faf703081a79 |
C:\Program Files (x86)\ExpressVPN\expressvpn-ui\Microsoft.IdentityModel.Abstractions.dll
| MD5 | 4a33568984c97ab8db98b56f55b88b93 |
| SHA1 | 368abcd3d56dbeaf66392575914f9bbd2e7cc85d |
| SHA256 | 2a621fb5b3c3dc83c989667527570c62a4f6e65bbd239753410ea0857777e1ac |
| SHA512 | eea1e09319bd92d1e079b32779b9635d8d698a8785d05fcd2dfd1ec9bdba5cb866f4c9e4f4fd03a46dff68daf2ef872ac537f4b6fbee14059bbb7756b048ebef |
C:\Program Files (x86)\ExpressVPN\expressvpn-ui\Microsoft.IdentityModel.JsonWebTokens.dll
| MD5 | 7bd1e91ad4273dbcde6e373597fd83af |
| SHA1 | b0b3b60aa2a7423f82464f69215c2e051cc7e940 |
| SHA256 | 53164e2aeaff7159ac8ab382c932c9ff744478ac4012bd5652f70c7ae4829fb9 |
| SHA512 | 0a4b04ef1eb85f74f19490c420a4434632e44c110abe427bf30d301f0bc633048bc3b52c480e14bccbe51afbd33413b84d948ba04d6af4261a8b390cb414d734 |
C:\Program Files (x86)\ExpressVPN\expressvpn-ui\Microsoft.IdentityModel.Logging.dll
| MD5 | a588b379588e876fd4332007a7b0b959 |
| SHA1 | 5c4df46b6de81d96062eab5b9ef1d65132a03960 |
| SHA256 | e53c9d284acb1ea6d3e9f107e0f438d3254d4f773ea24b9258f6a7bec77a3652 |
| SHA512 | 12b0f872a74d670ce0bd24b65817b75e99d0f79569ff18b50ae0f472410d70d58e74fa8f897dbaffa2f450bb461831c080f0530aa59817aef3272d48b7746604 |
C:\Program Files (x86)\ExpressVPN\expressvpn-ui\Microsoft.IdentityModel.Tokens.dll
| MD5 | 6c80eaf13c1d1f82ebec05b199546940 |
| SHA1 | 62d69b4d752e5d689bb8f9e413c911e796b0aa01 |
| SHA256 | dc7a38cbaa808bc20fd529d174cbfd83b66fc814cbb63704e2d9f350e7fe0bf5 |
| SHA512 | 78b512313740ff15f12d4cfde7c3c06484db47661e26d959983acf5b8ef16ab347a8d5af0be9ccd6602823d3f6ec6d8b38ec545b2c17c7f9b3aba82814375c69 |
C:\Program Files (x86)\ExpressVPN\expressvpn-ui\System.Buffers.dll
| MD5 | ecdfe8ede869d2ccc6bf99981ea96400 |
| SHA1 | 2f410a0396bc148ed533ad49b6415fb58dd4d641 |
| SHA256 | accccfbe45d9f08ffeed9916e37b33e98c65be012cfff6e7fa7b67210ce1fefb |
| SHA512 | 5fc7fee5c25cb2eee19737068968e00a00961c257271b420f594e5a0da0559502d04ee6ba2d8d2aad77f3769622f6743a5ee8dae23f8f993f33fb09ed8db2741 |
C:\Program Files (x86)\ExpressVPN\expressvpn-ui\System.Collections.Immutable.dll
| MD5 | c598080fa777d6e63dfd0370e97ec8f3 |
| SHA1 | 9d1236dcfb3caa07278a6d4ec751798d67d73cc2 |
| SHA256 | 646d3b52a4898078f46534727bdb06ff23b72523441458b9f49ecc315bf3ef5c |
| SHA512 | 8a5b4afb4363732008c97d53f13ee430401e4a17677af37123da035f15f9e9409a2aeb74ae238379291fd5de07c3cd4e3de2778da5edf83a42649fa5b281cb32 |
C:\Program Files (x86)\ExpressVPN\expressvpn-ui\System.Diagnostics.DiagnosticSource.dll
| MD5 | ccb6a65fa77074cdb0cb00478a89aecc |
| SHA1 | be6e62302419bfcd9fd9842a9084e64367580970 |
| SHA256 | 599a79d25958eae655ddae7337477d16ebc4f013b6896bbd60719c85b37db88c |
| SHA512 | 0495c13ced63266fe1adbabc0e2c86e7d6ce1b1dc3065f42a40607239ae88c92c39eba07a02dc0c68e200883b65a8541fd7b5c3dea58cb4c6d494dee0946d605 |
C:\Program Files (x86)\ExpressVPN\expressvpn-ui\System.IdentityModel.Tokens.Jwt.dll
| MD5 | f82c0055ab6c947dc914e6590ebecc06 |
| SHA1 | a13340f024502a3a22cc29598ffcaa5c1b167be4 |
| SHA256 | 552ed472029e12788877041719164261eccceaded535228933191449425e3870 |
| SHA512 | 49360174e430fc35edcd4cc437ef93d4626896b1e652f5680b720424e5220a61a0d3a1cf1595eeaf19d58be5549860c4d9c9dced66414554a48bec1238e3c4fa |
C:\Program Files (x86)\ExpressVPN\expressvpn-ui\System.Numerics.Vectors.dll
| MD5 | aaa2cbf14e06e9d3586d8a4ed455db33 |
| SHA1 | 3d216458740ad5cb05bc5f7c3491cde44a1e5df0 |
| SHA256 | 1d3ef8698281e7cf7371d1554afef5872b39f96c26da772210a33da041ba1183 |
| SHA512 | 0b14a039ca67982794a2bb69974ef04a7fbee3686d7364f8f4db70ea6259d29640cbb83d5b544d92fa1d3676c7619cd580ff45671a2bb4753ed8b383597c6da8 |
C:\Program Files (x86)\ExpressVPN\expressvpn-ui\System.Reactive.Core.dll
| MD5 | f20967beae947a5d54156b5cb40d0c04 |
| SHA1 | c5ea57f70835e22cbaf08ac5262716de3de16f2b |
| SHA256 | ac464ea84539c60cbdb498dd787f6fb90b2f11067a5acc9e1ed4f8f62cb7bc7a |
| SHA512 | 7f1fd97ac58bfe5194e348a141595bb261870bed0cdab0e491aec40da7a930d2d821457aa2e44c80da276bbce98dd3a08e344de3539037367977815055a79435 |
C:\Program Files (x86)\ExpressVPN\expressvpn-ui\System.Reactive.Interfaces.dll
| MD5 | 0a471405a43ace8273b6e266f819901f |
| SHA1 | bb7c4d3930358fa574136248cc1da6c9bcf5f192 |
| SHA256 | c86b4625d3a35b6f600d8f0d129b82eb73928e5d4f9df1a028e527aac86ee4e4 |
| SHA512 | 27da5c7d98cac39525b845f40f128cbbdec6a693c1f20be689a1bc2ec0a2fa33a1a82605dad06e410371cf069304663bd6bf1c4a5864d99921e0584243b33997 |
C:\Program Files (x86)\ExpressVPN\expressvpn-ui\System.Reactive.Linq.dll
| MD5 | 317dce13b2316abee548a2b013f26471 |
| SHA1 | 3123573b2291a0f01badb10b149f741bcb9eb0f7 |
| SHA256 | 21fad2983b4b2f95049e975c9f26a77bfe9281d8ed18e380c9017fc82137a1d9 |
| SHA512 | 3444f813632f5f397b5c27e0314479a404b7ade058a5e6c540331fa4fd5fa798ba7352b1bf58d6f977e5e61912ed9620a1ec1350901d0b00fad2ace3eaeb6163 |
C:\Program Files (x86)\ExpressVPN\expressvpn-ui\System.Reflection.Metadata.dll
| MD5 | c4ea65bd802f1ccd3ea2ad1841fd85c2 |
| SHA1 | 2364d6dd5dd3b566e06e6b1dc960533d2b3017b7 |
| SHA256 | 46451e1168dd11d450aa9b6119f17cec9a70928a40ac3c752abf61ce809cba6f |
| SHA512 | fc4c18ea6a6f38d8c4b4f2e02d3d077cc729b531ca08cf9602c65e22aadc0be770e441660cc980cbfed3b27bd783e65f793838532673e2845276390b4b22d730 |
C:\Program Files (x86)\ExpressVPN\expressvpn-ui\System.Text.Encodings.Web.dll
| MD5 | e8cdacfd2ef2f4b3d1a8e6d59b6e3027 |
| SHA1 | 9a85d938d8430a73255a65ea002a7709c81a4cf3 |
| SHA256 | edf13ebf2d45152e26a16b947cd953aeb7a42602fa48e53fd7673934e5acea30 |
| SHA512 | ee1005270305b614236d68e427263b4b4528ad3842057670fad061867286815577ec7d3ed8176e6683d723f9f592abcbf28d24935ce8a34571ab7f1720e2ffc5 |
C:\Program Files (x86)\ExpressVPN\expressvpn-ui\System.Text.Json.dll
| MD5 | 38470ca21414a8827c24d8fe0438e84b |
| SHA1 | 1c394a150c5693c69f85403f201caa501594b7ab |
| SHA256 | 2c7435257690ac95dc03b45a236005124097f08519adf3134b1d1ece4190e64c |
| SHA512 | 079f7320cc2f3b97a5733725d3b13dff17b595465159daabca5a166d39777100e5a2d9af2a75989dfabdb2f29eac0710e16c3bb2660621344b7a63c5dbb87ef8 |
C:\Program Files (x86)\ExpressVPN\expressvpn-ui\System.ValueTuple.dll
| MD5 | 23ee4302e85013a1eb4324c414d561d5 |
| SHA1 | d1664731719e85aad7a2273685d77feb0204ec98 |
| SHA256 | e905d102585b22c6df04f219af5cbdbfa7bc165979e9788b62df6dcc165e10f4 |
| SHA512 | 6b223ce7f580a40a8864a762e3d5cccf1d34a554847787551e8a5d4d05d7f7a5f116f2de8a1c793f327a64d23570228c6e3648a541dd52f93d58f8f243591e32 |
C:\Windows\Installer\MSIC0A8.tmp-\System.IO.FileSystem.AccessControl.dll
| MD5 | 3409c581f0c5083f0c2a93a7a5ac9790 |
| SHA1 | 18ea7bd41d31247148abf184527c9368a26f39e7 |
| SHA256 | e6026501ad4056ff2f1655b0afdfe8923bc6e8fbad67e1e9ef56e3002f49fbb9 |
| SHA512 | ae877c6fddad0e4133274e6372d783eaa4dd6bdcbbf40ab66302fb89bd2f76b215130001186b5c9a135abd16336c5bfd4d414177704d7d359539da91918e82ed |
C:\Windows\Installer\MSIC0A8.tmp-\System.Memory.dll
| MD5 | 6fb95a357a3f7e88ade5c1629e2801f8 |
| SHA1 | 19bf79600b716523b5317b9a7b68760ae5d55741 |
| SHA256 | 8e76318e8b06692abf7dab1169d27d15557f7f0a34d36af6463eff0fe21213c7 |
| SHA512 | 293d8c709bc68d2c980a0df423741ce06d05ff757077e63986d34cb6459f9623a024d12ef35a280f50d3d516d98abe193213b9ca71bfde2a9fe8753b1a6de2f0 |
C:\Windows\Installer\MSIC0A8.tmp-\System.Runtime.CompilerServices.Unsafe.dll
| MD5 | c610e828b54001574d86dd2ed730e392 |
| SHA1 | 180a7baafbc820a838bbaca434032d9d33cceebe |
| SHA256 | 37768488e8ef45729bc7d9a2677633c6450042975bb96516e186da6cb9cd0dcf |
| SHA512 | 441610d2b9f841d25494d7c82222d07e1d443b0da07f0cf735c25ec82f6cce99a3f3236872aec38cc4df779e615d22469666066ccefed7fe75982eefada46396 |
C:\Windows\Installer\MSIC0A8.tmp-\System.Security.AccessControl.dll
| MD5 | 996aab294e1d369b148d732e5ec0dfdc |
| SHA1 | 28465fd34680a082506f160107f350b46140a1aa |
| SHA256 | 1fda491eebdb19ea0a83cf6c16ab5dd004a1bfdfc845ede017ebe0945beb927f |
| SHA512 | 5e6b172d2de5928915b38ec80c7b76f42430aac959f04aa3521c63495b6f3c4f82df139c275e9fc5024b1a0a4f307daade6130b6028779f98f456282ae8b61cd |
C:\Windows\Installer\MSIC0A8.tmp-\System.Security.Principal.Windows.dll
| MD5 | be2962225b441cc23575456f32a9cf6a |
| SHA1 | 9a5be1fcf410fe5934d720329d36a2377e83747e |
| SHA256 | b4d8e15adc235d0e858e39b5133e5d00a4baa8c94f4f39e3b5e791b0f9c0c806 |
| SHA512 | 3f7692e94419bffe3465d54c0e25c207330cd1368fcdfad71dbeed1ee842474b5abcb03dba5bc124bd10033263f22dc9f462f12c20f866aebc5c91eb151af2e6 |
memory/2864-2473-0x0000000073DA0000-0x0000000074550000-memory.dmp
memory/2864-2476-0x0000000005170000-0x0000000005180000-memory.dmp
memory/2864-2478-0x0000000005170000-0x0000000005180000-memory.dmp
memory/2864-2481-0x0000000005170000-0x0000000005180000-memory.dmp
memory/2864-2484-0x0000000005170000-0x0000000005180000-memory.dmp
memory/2864-2489-0x0000000005490000-0x0000000005506000-memory.dmp
memory/2864-2490-0x0000000005520000-0x000000000553E000-memory.dmp
memory/2864-2595-0x0000000073DA0000-0x0000000074550000-memory.dmp
C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe
| MD5 | f5d8469bd89262b9d97d73528f23b2d7 |
| SHA1 | 73295f57edf95daa10f76f7328b54cabe542e673 |
| SHA256 | 3bfc2015f604ac3b1b36ef6baa47dd70e65daf97b38ac804dd7859b368043030 |
| SHA512 | 06bc31c5fa17bc7adee0a842f22194d0adc93f6e302ba2a08cbd86ddca8be90f73bae17ea1e95d5436d07e31957248d8c649722352a42c7901a298727ddb3077 |
C:\Windows\Installer\MSICBE4.tmp-\ExpressVpn.Client.Setup.CustomActions.pdb
| MD5 | 00096f7c8e737a6207fe6b3ffb9316e8 |
| SHA1 | b60d4537ceb99baac24c08867893ca05a40c6ea1 |
| SHA256 | 6f3116718dde1f784037740231e72aaa2b53b6a8cadf7284dece924e1faccaab |
| SHA512 | 29a69511864bbda009a2d2b9f1e68c219723e4227d302bd40107a201550132017524a23f443e9dbaa05e271a94ab91bef6dfb84f5dd7e89012ce0b9c407678b4 |
C:\Windows\Installer\MSICBE4.tmp-\DeviceId.Windows.Wmi.dll
| MD5 | 6b8de9e5016f4e51b7f5556ae0130af4 |
| SHA1 | 799f150da2f5c484e29c7384f9637870e43aad79 |
| SHA256 | fb445433c07fecc6ad26033fa89d45430ab7726db5beb465feb197440dbc0e35 |
| SHA512 | 89d6b9160bfb4e5e73f965b4cb5f6da22b4477bdc96dfb033b0be67a902848c0f1fecda827949ce0f66cb02397f534e5586084f0900e928907ecdddef9479a5c |
C:\Windows\Installer\MSICBE4.tmp-\DeviceId.Windows.dll
| MD5 | 31df7c0f440942989a0d57d7cadcc7f8 |
| SHA1 | 451641929eee0b222c62d4310847a8fa24c34c96 |
| SHA256 | 258ed9e94210dc983f1b4b6b2dbc651c36e4806877233ee82a63f4059d0517c1 |
| SHA512 | 6d862009c90db51f1b852226eebd8c71878fadc21f2904b0de29b6aa79e49d856dcf0423bdcb7e5f31f5cb8f83dac7aec13f52e6b1c7ad566cd69d7da5411f36 |
C:\Windows\Installer\MSICBE4.tmp-\DeviceId.dll
| MD5 | e2ba8ce4b851abca137f65aa9ccc6ea0 |
| SHA1 | da5bd6c757c51beab86803ea071b24cae6ef5318 |
| SHA256 | 1ed1250f4245e1a582d395ecda9bff3dcf3d28fa54d79e74d35dfc40d8f7d01e |
| SHA512 | b8b4d58fc78da6c22a07e5c26173b4944704e2f711461f4fc45418bd067a3b491eb52714d33f8e041aaeda6ab4ea0db1a21c855175898298515b874d32dae8d3 |
C:\Windows\Installer\MSICBE4.tmp-\Kape.Braze.dll
| MD5 | 9fb574eb92af344a849fc2cb4a80530f |
| SHA1 | 9eb0c493e4eb8ac0fc72970d00515340170374a0 |
| SHA256 | 390282dbe1d5d7d053fed0df1ba434582554e4f5f5c64629d186f7c00d88ae6f |
| SHA512 | 5d25699cfae84f6d546e3b3bbea9569128f507c76502149c9b5a75924d6ee5252bee8112f21e42734826b8eb9efd61e7049c714a5fcae711893b61fe0ec0d586 |
C:\Windows\Installer\MSICBE4.tmp-\LaunchDarkly.ClientSdk.dll
| MD5 | 105cf915b3150eac9d79288fdd964760 |
| SHA1 | a22104651ac3b0ade82b2b62ca47892f369361bf |
| SHA256 | e277ec049e104842d499529996eb7b804c5db1376453d47e1e276bc54e0b8cc2 |
| SHA512 | d1f552476c24a3363e8c994ac202d2d3aa3c6490a3a477617773d13ceb22fb75e7284b7137866d352270588dc0092ead0dcd8ea61e336eb80d534a4a4d466121 |
C:\Windows\Installer\MSICBE4.tmp-\LaunchDarkly.CommonSdk.dll
| MD5 | 82f45ad67c0e60d6c696fc92241322bb |
| SHA1 | a8146019d19a665a1272845aba288a257da708bd |
| SHA256 | 8b038e0b6f40f9900932d965f69b651dc7d64e729a5b0423d816c345e97b56eb |
| SHA512 | e4752c8a319d684f8b3e7866cb9ddba926cf60881fb777b7c52d4aa5df6bf57c620e2e0330c2d6794663bd50385e64dce05202f2e0ed6ea3f7425d25e9922db7 |
C:\Windows\Installer\MSICBE4.tmp-\ManagedWifi.dll
| MD5 | 26cffce5c0c23e56163bb7bf364179ed |
| SHA1 | e8aadf70075d08738a83fe44fb7abe1bde3921fd |
| SHA256 | 8230d3431ff724e9d4c52dd1b2ac64aff945071088aeedeb47a81eacfd66eea6 |
| SHA512 | 38aa464328f33c506b3ef43da06c2b0b5dba4b823e96bbdf1daeb69082fb7e735653c7422576fcb7139cd9482f80c3865dbc4a1feca1d2288bf04c98916c5b15 |
C:\Windows\Installer\MSICBE4.tmp-\log4net.dll
| MD5 | 2b7439a34d462a7ea2351a8f9e9f24ab |
| SHA1 | 7003aabfc4e068920f5e42ff6fab7c93f0c64301 |
| SHA256 | ac4e610da23819631fbade66b0107e969fbdb9ace02d1f57a6238aa3e1ecafa0 |
| SHA512 | ea6c35e015f47b2726f05a421cb3971245ec6b82f565e85be7317676187ba55d2becc973762fc73eec3b92ede1bb8704d74ae79fa094a7020baa2447259d4ded |
C:\Windows\Installer\MSICBE4.tmp-\LaunchDarkly.Logging.dll
| MD5 | e253422ce4ac1d0a52b265b0cdce9c2d |
| SHA1 | a0f1eba97e0542ee365a736fa05aa12ada3c4ab6 |
| SHA256 | edecc0f29377e9527823b472c6fae9cb0d998035ca93c08b1e8ab64adb0e8c05 |
| SHA512 | ef0f0c9b5afc8ad039653d9edf1edcfccc5093c3ad99c976a6770a3ae61895e41c8b9b09ce7122fa536de154091ab0c6a0d56deee27911dc63fc5ce362c96ccc |
C:\Windows\Installer\MSICBE4.tmp-\LaunchDarkly.JsonStream.dll
| MD5 | 3e1eb4509f8ef686e98b31b4b13a3323 |
| SHA1 | a63e9dd6945245e940a6d6a1d19e9bc013b6da80 |
| SHA256 | 9a24cae456f1b47049895767f1e56dcfd4f73d8e38300527422a6f5b01292acf |
| SHA512 | a6dac2ee3e5ae678f23d45683823d46a0a874141a1b723919e9798cf1ade318b065ea74e6904d154108a3f8cb1b619280ba79cc476aefad55d89cd191d84bd47 |
C:\Windows\Installer\MSICBE4.tmp-\LaunchDarkly.InternalSdk.dll
| MD5 | faba806124d4ec72859a830f2e4b4faf |
| SHA1 | c8013402680e1d95a01c5ed58512d80527ccb212 |
| SHA256 | eae38132da2108217be77dea0f736b63f12bf5f5f3453b4466f3e87cabdd4ea4 |
| SHA512 | 40ab40d0a3f29b8cbba178d60f80208f1f817adbb661d539a7e0b12933da7a54287513cf39fa4ec08c2e576a6398e773147e2ff8888513a2a9218a9f1b63321c |
C:\Windows\Installer\MSICBE4.tmp-\LaunchDarkly.EventSource.dll
| MD5 | 6cb1a37a829e88fb45271fe24f084cbe |
| SHA1 | c02660751838a9c20cc61d084a9bf59ddc465499 |
| SHA256 | b82a52a25349da5811dbc8e08fb33aa1afc5e0c7cb25300d67b28df355e9aab7 |
| SHA512 | 607608062053e30112d7c7c7cde29c92dc976260455e40bc6e66346c42acf70e077b1e5789feb31e772ee52df9c547458c500d6be592944ea38d7531187fd7ce |
C:\Windows\Installer\MSICBE4.tmp-\MissingLinq.Linq2Management.dll
| MD5 | d9234f27c88f2c2e1337442f75110e60 |
| SHA1 | ff797534ccd06e95a504ae5c974e3699b074511e |
| SHA256 | ea3e76179efbe2cc85ee498acb2cac88ce7535d3c3fa7c8202ea6502c44bc628 |
| SHA512 | 7c7a403efce0bcafb8529c8144b1908d7c07b7c9d963f0c4489d39dfd208fb968a601debaf991fb2e8c65a6374ca5d99bf70ce4d8d3a15b55d310d90093ec9b4 |
C:\Windows\Installer\MSICBE4.tmp-\Sentry.Extensions.Logging.dll
| MD5 | e7bc74aeee3f139d980f39dae10c2dcd |
| SHA1 | 0270a471e762200d7cbf369012d54f2173772533 |
| SHA256 | 32f1baebe359c543dc77fbc3da95ab38113ae1d9edc1d4520a5d7fe6f5defa5d |
| SHA512 | a0d110f07fee3fc1eb800420f5a653866c67b9073e63a5129d9130f25774a678541161e8696a3d17cd09689f8e4f7738b1c0e546a535b751f027d28e66c519b5 |
C:\Windows\Installer\MSICBE4.tmp-\Sentry.dll
| MD5 | 38b3781747ae1025772ac4b1962b55dd |
| SHA1 | dfb0a301e2ea5646567a92e2a73c4573ab0cdd5c |
| SHA256 | 812a61bf1a21074ee22305f82a37b7c850bba67eb631489411cc36698285a006 |
| SHA512 | 7df26469373eac24ed679fd93efeca67894e48da196cc215ef5132e8cbb4fef5e148302c1708b94917a7dc715d8bc6d37b161ac0a078fd134743c1d0d3d5b615 |
C:\Windows\Installer\MSICBE4.tmp-\Polly.dll
| MD5 | 849d66e555f24c7cb254fa83267d35d6 |
| SHA1 | a1ff49590625758a0ee098f5b4a2edeea4e19333 |
| SHA256 | 0fe08a755cdf1ebb6c64b635cb3956b74425f28e40656e9eccdca4de8cc05e3d |
| SHA512 | fa7d29044ce2a6e7cdc69189d38ce9b3ab29ff9a55a106b5dd9ec6aeafce200d050b7885df7d7b3ac55126caf09acdb347655fdaeb6690d4de796e74312d4d63 |
C:\Windows\Installer\MSICBE4.tmp-\Polly.Contrib.WaitAndRetry.dll
| MD5 | d5e62b0b549534de633d7fe7c3b9e34c |
| SHA1 | 0848c14f7324b533e704b1ca004af33f6102dc28 |
| SHA256 | f6a0d6c7a1f679e8282236662450eb6df04bab68e6c807e0afb18f65be4f0d28 |
| SHA512 | 933efb45a6721f8e1a6fc33ee3c45a92c2de1e56e33e49e53ffc2562ae51521d05cb620b587e1545113c865a4eef1c4be73b08d03171034779d65172adf27641 |
C:\Windows\Installer\MSICBE4.tmp-\NLog.dll
| MD5 | 2ad4b728eb088cb528d63ea03f73f8ec |
| SHA1 | 1951d820f29f7b96c2511c2f3a3f5a312aba66ce |
| SHA256 | 09e07a6d2cf754e2409c98ed95e19ed1029bb3a04b02b04473af7a947ddc0fca |
| SHA512 | 99e938c392d238f0e6d586c585b2eb0278a0bdcef1c3890fb3092615c95176cbbe580b4f75d847a109e71a9ab89526aba238f1b0c01ab5bdb65d2edf18b2424a |
C:\Windows\Installer\MSICBE4.tmp-\System.Management.Automation.dll
| MD5 | d5d6edd5d2ac9ae59c4c0e59d408eb04 |
| SHA1 | 0ec49c3538807fa30531c18cb3d5d909470664ca |
| SHA256 | b1324e206cf35b8ce0a631affd9927ed9bdf02f742e89140c0aa1af5f5d97600 |
| SHA512 | 603f215e727f0f0704f26addd65c092bb6df7a17bc227b82e72afe068eae479ce33e6ff523000f24b0857dc72c816245fe05ed6549c7c004e48b1ca3640eb016 |
C:\Windows\Installer\MSICBE4.tmp-\WixSharp.UI.dll
| MD5 | 73a49586775676e27bba42b7d4877aa1 |
| SHA1 | 9a989f850f26605f989bc88658e14ebb80ab9a96 |
| SHA256 | 017b7e5848aaa5151345c0ff95b3df866e26cc89e958a28fa9d962b99353084f |
| SHA512 | b74a23f53336d36f3aa45b1d55f262c9e0903f25295596f837cbf2606c1185e885dbf9c554eb8ae4e40c157b4845956ddafb31f46beee32c2958e1b2b82b3670 |
C:\Windows\Installer\MSICBE4.tmp-\WixSharp.Msi.dll
| MD5 | f640c7e477a3b1524328c5680e1fd837 |
| SHA1 | b263ed19ce10de352f525dd026245d5f3fd62793 |
| SHA256 | 34dbd8a746a6e017712094988864a47d131c1a5743770c0d5b25c583b2c8af78 |
| SHA512 | dc395b7635afaaded4487d9c04085652dac0e6b6bfc3912e850f6a3f2cf6eafc8546ecc3389a3068f1abac894087690ada51a836cac9efa32e9e1d87a9f2a367 |
C:\Windows\Installer\e59eefc.msi
| MD5 | 3651558f6176021868c2c1d5f3e93fdc |
| SHA1 | adfd4a85ea2d5b3305bb9f14e926c6b9fffef653 |
| SHA256 | 551c605ea377acd967c5cf8d1d4b61bcbd4c3f3c738e49ad69c3ed1fbbafa4a7 |
| SHA512 | bfa8983b6b96833c345c0a969c96433e99fe264c4b2630c6847a723a172351ed7d1fb38f713d4fc4d8f11e705cd212bfb5808b0cb9e903d57b568438a170c5e2 |
C:\ProgramData\ExpressVPN\Config\p3d0hfrs.bin
| MD5 | 2de105f1f7c26b2b3bec11fbaba43138 |
| SHA1 | 82d343188b0d6fd00b4666a53d8c72fa5e7fa828 |
| SHA256 | b5218708c03fdf4a47b64199c5ff68ac5ab433c10d934f92f105e1d42592559d |
| SHA512 | 0dc42127e781b150bc69193e482d770ba63a7ffce05540c0447b5ad09be04af549a86576b497544c8ceabb436cf9bfc5b09a26afcdcd68579ee9e3a01b843864 |
C:\Config.Msi\e59eefb.rbs
| MD5 | 594c062abe8d506fba0d935dd9e48918 |
| SHA1 | eea9f2c56f6c6e02e7bb9754ee88c0b62204dc9a |
| SHA256 | 41e90dd163f212629786b47b506522bb8c40268874c21ab5e4d3e18b3a1165d6 |
| SHA512 | 1dbcb20f716e64c9b62b0488fe2504bac6001fc4d380a64e0c76cb497b4b829f28428381cd8bab7fc021c90a3066d31ea335853720ee4dc36ba28e94c4e8d9b6 |
C:\Windows\Installer\MSI404.tmp
| MD5 | a3ae5d86ecf38db9427359ea37a5f646 |
| SHA1 | eb4cb5ff520717038adadcc5e1ef8f7c24b27a90 |
| SHA256 | c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74 |
| SHA512 | 96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0 |
C:\Users\Admin\AppData\Local\Temp\DEL9E1.tmp
| MD5 | e2ca3d32206d27ef62097196320b5149 |
| SHA1 | 7eccaf65b4a4d27a40fae7bf74975cfc03e0f21a |
| SHA256 | 91227073892d648c36205f21dcdb8c77c619e8e88776d91721c9bc7aa338e1fa |
| SHA512 | 4f5bce725c9534db02c4afa4ed9638220a1ffd779bb4114334fa6eece36f630b5198d1ed168d5ecea7387cf29c7c9e14809ff452f0ae8bcb52ddb5b85dc44930 |
C:\Users\Admin\AppData\Local\Temp\DEL9E2.tmp
| MD5 | 0fb9bb66f522eabafe83121c422d66c5 |
| SHA1 | 492ddeb7dde8283d549222d0966d3e23aa98fd8a |
| SHA256 | 0490afdd9b00d111362a104b07c553abfc6f53292336325b79f1649059940fdd |
| SHA512 | ceeb40c2d3a35e404ee93f8e13f7e772353f1736d13efa5c878ec371cf462188a419aa8e6ac2e080b2f58fcea01eb45fd9425f4ba39b419a91965629ef500594 |
C:\Users\Admin\AppData\Local\Temp\DEL9E4.tmp
| MD5 | 05b0fc5cb5b7a3aba8d0aa7a7b4afeca |
| SHA1 | 8ac8c654a53f00b7e7a5ee6801a122e17ac65a4c |
| SHA256 | 5328eedb03cefbb184915d01c1667e7b9c3fac0a91d52532f4fbddfb490de2ea |
| SHA512 | 7eb613f4f5f88867df493b184ac5c7f101008addc61bf3d14c2eda5ce46241bc77a41aff5a70ca324bfd06abea1607639b531ac6a32a954abb88d670aea25171 |
C:\Users\Admin\AppData\Local\Temp\DEL9E3.tmp
| MD5 | dd0a1c213076c88de018a6f3646564be |
| SHA1 | 01d5477fae492568f062305fd6ac3d17d9227b7c |
| SHA256 | abc21001f94e57821c6fb89fe5f3f2aeebf2b2b236f41e6f520cdb9e9f9c2c77 |
| SHA512 | 8c4d6218f9ac2e45faccf49b16361117c36eb54c4bb18a4213f4ffb9ccaf479baefbd0695a6a7e395e814eb5cf3a4cf6bf4bfc535ce2f5e5696d52329d8c72f4 |
C:\Users\Admin\AppData\Local\Temp\DEL9FA.tmp
| MD5 | 306c76e7c9ebb185392f05089abe813c |
| SHA1 | 739fd057d6b90b84b3a7a887990de7e947ddb2d6 |
| SHA256 | 64c8180576126a5284cac1478cfe5f9301c5da75c8435855a706ebf9a628d368 |
| SHA512 | 8808069101cfb7c1d894797aec62c43c95358f71186b6472cda86f4e56cd8adb278971e3b22d0b5cd5a778e3af3cc7cc526bfd15f429696dee4f0b3256a6bd87 |
C:\Users\Admin\AppData\Local\ExpressVPN\ExpressVPN.exe_Url_gwqkjzvdy3xpznw2dfneavuubxdnvnis\12.55.0.27\user.config
| MD5 | df2ea154c113c86c064714b3b0b5555a |
| SHA1 | c0b1a1a0a78a372d9fdd7ba4a029cdee42a0de65 |
| SHA256 | c2cf2a4af9784fca26bb94e650209bfdf1decee29f02e1398b902ad49182588d |
| SHA512 | c7cbbe4c79af3c2a246ba361842d1adcdd541e1eeadffa1ea55e9be75ce5099b90d020864def8f449b8fe472a3576454809f036533404e706b1baa142402a0fe |
C:\Users\Admin\AppData\Local\ExpressVPN\ExpressVPN.exe_Url_gwqkjzvdy3xpznw2dfneavuubxdnvnis\12.55.0.27\kcskq5jg.newcfg
| MD5 | 26e3e068ccf44f130f40a158db8c4526 |
| SHA1 | c5f43d44ddadff0fd11a4f6285b54329196d668f |
| SHA256 | 18c2b162e66a3fe5edfb24eb6215dda7c075cc8afa9eb69cd2bcb0785f400e79 |
| SHA512 | 7720c82b2464879668763cad16963de5d4ecc5ac377b641cc8675d113c91a462c46733396be023417be05ac3b3eca3a8749c1e91fe191bd697db092df14e6856 |
C:\Users\Admin\AppData\Local\ExpressVPN\ExpressVPN.exe_Url_gwqkjzvdy3xpznw2dfneavuubxdnvnis\12.55.0.27\lzpqr4is.newcfg
| MD5 | 286c05e5e213d7e97069184c0c44c85b |
| SHA1 | 009b760165d9332fc7af6bfa05a826fb87964f9e |
| SHA256 | d29a7bc5b1f30f8d9dde55e417e89eb86b5339613910e293405b5aaf50fea7ed |
| SHA512 | eaf3ebf413e08b111a6937947da7b29100737d6c1b4c21783392d1093db3ec9e28371f1afe203c3335f866bb09a213000d48a60e71a7c54d2750b1582c033b1c |
C:\Users\Admin\AppData\Local\ExpressVPN\ExpressVPN.exe_Url_gwqkjzvdy3xpznw2dfneavuubxdnvnis\12.55.0.27\rzg1ph0w.newcfg
| MD5 | 0b5a51b4d5c666f5df3161ed1bc62511 |
| SHA1 | 362568ee7b81c337f4abbc2179682346445785bb |
| SHA256 | 95eaf9af9ccb14c33daeb04c498cad14f7b4eca49e890cb0c6debdb189a0538c |
| SHA512 | 947d1717325db18bbd7782929b018ac54660a8465d52c9264fa0d4b2521682ffcadb15bcc93c9bd141ffa3c7d9ee3397b4b7fcae74a9511bb404d244eb660b12 |
C:\Users\Admin\AppData\Local\ExpressVPN\ExpressVPN.exe_Url_gwqkjzvdy3xpznw2dfneavuubxdnvnis\12.55.0.27\uv321azx.newcfg
| MD5 | 703e7a5ec48599d9a161492047423735 |
| SHA1 | 475998aa1b1fbaab8f54216a060abb877bf4dc16 |
| SHA256 | 8b1d0f75ae5b37fb0abe4b4ceadc9849767d5cca1a3c3e91a05e5f749ed02c27 |
| SHA512 | c6bf062fb4957b83b12012a4eac160475907142ddbe2302bf3725ad5f08d5ffa66f3e4ff6ad8690a4377edc46126f73b8b849d272df21977de3bda99d9fc103c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a7ad9bb1054aa03e39b3554833d0c3ec |
| SHA1 | cbd5b99ca100bc2f1292df23bf8e2a5a6f9640d9 |
| SHA256 | 0c3eae39386b4117ad26187afc4933e254468cd12d813271f4b7420cee73c189 |
| SHA512 | d1d0b77e0bc412b4ee687e849531a7c9b70200d45d0bdbf38357b6fc59af835522e749b2fd8c2d4cde73518970568c38d73416c97381a11cc6029c14b1678276 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 150c03cea19b64d00ab236c243dd83bc |
| SHA1 | ee43833e25b421c2cff4a5b7fc8c94964d1879d2 |
| SHA256 | 79a60e4c88cfafb899a7b67c8cfe2a00c548dd728dfa67d8f2250e8812d22cc4 |
| SHA512 | c99b7b9e85c82a50a43c56d15b81a9e858b9b86454abe4fde03f92c4eddc37b7c1e8eae462857c2616efd28e8be2593f8dcf39f8991d0afe759e23b4dd1ace74 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 53804b84c0f5204075ca67e198ef3133 |
| SHA1 | 813d9317d432c690e1dcc98c014c482b288b3d78 |
| SHA256 | 472a8f1d159be9bc99271dc4a53c13c0caf1307d83589543ca0e42abc11ad424 |
| SHA512 | 3af0f81ef2bd3b08a56f7482d7ea270f9e2444c2d42ec765aae7a7ff35b3f29685d96058a8d425cf03c6a9d679b56c6c317d7a0a54efee9ff7df6a1e3679943d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8b17df88f36cadd3bd7a465903dc31bf |
| SHA1 | d9ac225bd61d636b2be17da39b46a4bfc8eafd1f |
| SHA256 | 33b94be4b2e687a4dd480b58081f8326bd6edca936105eaf4ad1bef5312f4da6 |
| SHA512 | e5c26ad9edc742e825dd405a777bf4997767314669cc8d2649153eac08b853fb82a5ca545488bb29cfdc4875e7b1393513f0b215ebc842b7b1b5bc7284849c71 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 93eb1af1234a6df8eeb1f0e595513272 |
| SHA1 | 4cb8c68f765ce83f4e8afa6304de0c3a217de798 |
| SHA256 | c58bd4a8484436c06195230566d4d9b720a4f92b00940c67f46d4a3b19f217ec |
| SHA512 | 481bb6de15f6ed1889a0b6c08fcb9932b507128bd1b6407765e3f6e986d66359c8eaa39a78f69d8f8a0768c849cc4bd9a6223827f20a4a270d6e096b22377488 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 2816b0ac86deb18ed9d903725dcae378 |
| SHA1 | 10c507eaedc2c140aa365341a1bbf4638d16cc07 |
| SHA256 | 842334ac74ca1a5a0feb28c1f969434eda950a12701147fac6485fe5215b80f2 |
| SHA512 | f620bbecf185b4fee3409a715774c24839b238dd84e0dda21179d4387b7c0c239411da68a77c8977e17479e556c98efde55f52ac2ff12c9fef01384184157e0c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 1ecce6bc5082434a5c600857ff8925a0 |
| SHA1 | 8e9a46bb9ef7f565cc134270990e59d9a3ef33b6 |
| SHA256 | 0d00cda85a328f667c4bdd4dd8ffa5dceb3f06ff8dc67da5db037fb154839b06 |
| SHA512 | 57230c8d4fddf96efaf84da30567843806c08770df8092659a5da093f268910a5a4d9d821279cc4443a037de1ec99408b0ba7dfb9ac9ec0b6394eb8fd896a79d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | ba21fb31bfee4981a105a3df2345545b |
| SHA1 | df021e222c049b34db8525af6bd127a8ef2c59ad |
| SHA256 | d170e85934fd0224d87586aa5ae8ce9ed361d1106b2f1cb084768404f7c95ba1 |
| SHA512 | 2607dece7e40ad83ae3fd895e5f8a994e7871c18983b945d20512065aeac3c8b46953078bb7a43fdbbf7edf1cc5d6b22548b5212f48ccac765e17ce30326ff99 |