Overview

overview

10

Static

static

1

ProtonVPN_v3.3.2.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    111s
  • max time network
    114s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    14/10/2024, 09:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ProtonVPN_v3.3.2.exe

  • Size

    80.8MB

  • MD5

    4c99447793516d7c703112dd7011ce86

  • SHA1

    58f8f8ebed2567ca3053c4fedfa5cad40dda856c

  • SHA256

    7a2e8ab8c661787d2df276eb4940b18334b5103927acee009ca2331754b75754

  • SHA512

    3e914ef5538bae9fa05c9763f10949c67ac5ba6765bbbef9f7b4df098775c084eda38455b00e6b6e97a86185c2e31a71c47e601fc765301e053440389fc8111c

  • SSDEEP

    1572864:02FMkwL90fhSIf6r2NWg4qa3Sdz3IjjjXPvAd974hGuxPFz:02FlULZqa3q3GDgd9sfpN

Score
10/10
discoverypersistenceprivilege_escalation

Malware Config

Signatures

  • Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
  • Drops file in Drivers directory 1 IoCs
  • Adds Run key to start application 2 TTPs 3 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Network Share Discovery 1 TTPs

    Attempt to gather information on host network.

    discovery
  • Drops file in System32 directory 16 IoCs
  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 35 IoCs
  • Executes dropped EXE 10 IoCs
  • Loads dropped DLL 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 4 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 50 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 42 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: LoadsDriver 3 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 19 IoCs
  • Suspicious use of SendNotifyMessage 16 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3288
      • C:\Users\Admin\AppData\Local\Temp\ProtonVPN_v3.3.2.exe
        "C:\Users\Admin\AppData\Local\Temp\ProtonVPN_v3.3.2.exe"
        2⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:3372
        • C:\Users\Admin\AppData\Local\Temp\is-HM5GE.tmp\ProtonVPN_v3.3.2.tmp
          "C:\Users\Admin\AppData\Local\Temp\is-HM5GE.tmp\ProtonVPN_v3.3.2.tmp" /SL5="$50102,83693934,1033216,C:\Users\Admin\AppData\Local\Temp\ProtonVPN_v3.3.2.exe"
          3⤵
          • Suspicious use of NtCreateUserProcessOtherParentProcess
          • Drops file in Program Files directory
          • Executes dropped EXE
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          • Modifies registry class
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of WriteProcessMemory
          PID:4448
          • C:\Program Files\Proton\VPN\ProtonVPN.Launcher.exe
            "C:\Program Files\Proton\VPN\ProtonVPN.Launcher.exe" /lang en-US
            4⤵
            • Executes dropped EXE
            • Suspicious use of WriteProcessMemory
            PID:2732
            • C:\Program Files\Proton\VPN\v3.3.2\ProtonVPN.exe
              "v3.3.2\ProtonVPN.exe" /lang en-US
              5⤵
              • Adds Run key to start application
              • Executes dropped EXE
              • Loads dropped DLL
              • Modifies registry class
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of FindShellTrayWindow
              • Suspicious use of SendNotifyMessage
              • Suspicious use of WriteProcessMemory
              PID:1364
              • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
                "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=ProtonVPN.exe --user-data-dir="C:\Users\Admin\AppData\Local\ProtonVPN\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=1364.3440.3497832692936449402
                6⤵
                • Enumerates system info in registry
                • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                • Suspicious use of FindShellTrayWindow
                • Suspicious use of WriteProcessMemory
                PID:3904
                • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
                  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\ProtonVPN\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\ProtonVPN\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\ProtonVPN\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x1b4,0x7ffa60243cb8,0x7ffa60243cc8,0x7ffa60243cd8
                  7⤵
                    PID:2668
                  • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
                    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1920,14802317649617375640,6486219639488880875,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\ProtonVPN\EBWebView" --webview-exe-name=ProtonVPN.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2
                    7⤵
                    • System Network Configuration Discovery: Internet Connection Discovery
                    PID:2532
                  • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
                    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,14802317649617375640,6486219639488880875,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\ProtonVPN\EBWebView" --webview-exe-name=ProtonVPN.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2044 /prefetch:3
                    7⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:2164
                  • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
                    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,14802317649617375640,6486219639488880875,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\ProtonVPN\EBWebView" --webview-exe-name=ProtonVPN.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2480 /prefetch:8
                    7⤵
                    • System Network Configuration Discovery: Internet Connection Discovery
                    PID:3352
                  • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
                    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1920,14802317649617375640,6486219639488880875,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\ProtonVPN\EBWebView" --webview-exe-name=ProtonVPN.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3076 /prefetch:1
                    7⤵
                    • System Network Configuration Discovery: Internet Connection Discovery
                    PID:2028
                  • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
                    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1920,14802317649617375640,6486219639488880875,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\ProtonVPN\EBWebView" --webview-exe-name=ProtonVPN.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=4980 /prefetch:8
                    7⤵
                    • System Network Configuration Discovery: Internet Connection Discovery
                    • Suspicious behavior: EnumeratesProcesses
                    PID:124
        • C:\Program Files\Proton\VPN\v3.3.2\ProtonDrive.Downloader.exe
          C:\Program Files\Proton\VPN\v3.3.2\ProtonDrive.Downloader.exe
          2⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious use of WriteProcessMemory
          PID:1084
          • C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.6.2.exe
            "C:\Users\Admin\AppData\Local\Temp\Proton%20Drive%20Setup%201.6.2.exe" /quiet
            3⤵
            • Adds Run key to start application
            • Executes dropped EXE
            • Modifies registry class
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:3736
            • C:\Windows\TEMP\{5CEE46B5-4C41-4D19-B014-9C265FC37934}\.ba\wixprqba.exe
              "C:\Windows\TEMP\{5CEE46B5-4C41-4D19-B014-9C265FC37934}\.ba\wixprqba.exe" -burn.ba.apiver 569705357157400576 -burn.ba.pipe BurnPipe.{A7B35063-14CC-4099-9390-8982292ED887} {5DDF2238-84DC-4F7E-8210-D9EE0E6E21E0}
              4⤵
              • Executes dropped EXE
              PID:1036
            • C:\Windows\TEMP\{5CEE46B5-4C41-4D19-B014-9C265FC37934}\.ba\wixiuiba.exe
              "C:\Windows\TEMP\{5CEE46B5-4C41-4D19-B014-9C265FC37934}\.ba\wixiuiba.exe" -burn.ba.apiver 569705357157400576 -burn.ba.pipe BurnPipe.{2BBEE0D9-EFB7-4F96-8C08-A518366E9705} {FF38BE44-24FB-436B-92D9-B73ACB115E51}
              4⤵
              • Executes dropped EXE
              PID:4344
      • C:\Program Files\Proton\VPN\v3.3.2\ProtonVPNService.exe
        "C:\Program Files\Proton\VPN\v3.3.2\ProtonVPNService.exe"
        1⤵
        • Drops file in Windows directory
        • Executes dropped EXE
        • Modifies data under HKEY_USERS
        • Suspicious use of AdjustPrivilegeToken
        PID:3088
      • C:\Windows\system32\msiexec.exe
        C:\Windows\system32\msiexec.exe /V
        1⤵
        • Adds Run key to start application
        • Enumerates connected drives
        • Drops file in Windows directory
        • Modifies registry class
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:4688
        • C:\Windows\System32\MsiExec.exe
          C:\Windows\System32\MsiExec.exe -Embedding 57A722EA6EDD787A9B84B169818C4B2E
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2188
          • C:\Windows\system32\rundll32.exe
            rundll32.exe "C:\Windows\Installer\MSI3208.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240661062 2 ProtonDrive.Installer.Extensions!ProtonDrive.Installer.Extensions.CustomActions.QueryUserProgramFilesFolder
            3⤵
            • Drops file in Windows directory
            PID:640
          • C:\Windows\system32\rundll32.exe
            rundll32.exe "C:\Windows\Installer\MSI33FD.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240661515 6 ProtonDrive.Installer.Extensions!ProtonDrive.Installer.Extensions.CustomActions.HideCancelButton
            3⤵
            • Drops file in Windows directory
            PID:4924
          • C:\Windows\system32\rundll32.exe
            rundll32.exe "C:\Windows\Installer\MSI35B3.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240661937 11 ProtonDrive.Installer.Extensions!ProtonDrive.Installer.Extensions.CustomActions.DoPerMachineUpgradeSupportActions
            3⤵
            • Drops file in Windows directory
            PID:4484
        • C:\Users\Admin\AppData\Local\Programs\Proton\Drive\ProtonDrive.exe
          "C:\Users\Admin\AppData\Local\Programs\Proton\Drive\ProtonDrive.exe" -quiet
          2⤵
          • Executes dropped EXE
          • Modifies registry class
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          PID:3496
      • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
        "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
        1⤵
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:2064
      • C:\Windows\System32\CompPkgSrv.exe
        C:\Windows\System32\CompPkgSrv.exe -Embedding
        1⤵
          PID:5080
        • C:\Windows\System32\CompPkgSrv.exe
          C:\Windows\System32\CompPkgSrv.exe -Embedding
          1⤵
            PID:2616
          • C:\Program Files\Proton\VPN\v3.3.2\ProtonVPN.WireGuardService.exe
            "C:\Program Files\Proton\VPN\v3.3.2\ProtonVPN.WireGuardService.exe" "C:\Program Files\Proton\VPN\v3.3.2\ServiceData\WireGuard\ProtonVPN.conf" "udp"
            1⤵
            • Drops file in Windows directory
            • Executes dropped EXE
            • Checks SCSI registry key(s)
            PID:992
          • C:\Windows\system32\svchost.exe
            C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
            1⤵
            • Drops file in Windows directory
            • Checks SCSI registry key(s)
            PID:2084
            • C:\Windows\system32\DrvInst.exe
              DrvInst.exe "4" "9" "C:\Windows\Temp\b4baf7daea7384e330d25f7dfcdc7763736fee70e977e66d82becc95a8eb4650\wireguard.inf" "9" "4cb2ee927" "0000000000000150" "Service-0x0-3e7$\Default" "0000000000000160" "208" "C:\Windows\Temp\b4baf7daea7384e330d25f7dfcdc7763736fee70e977e66d82becc95a8eb4650"
              2⤵
              • Drops file in System32 directory
              • Drops file in Windows directory
              • Checks SCSI registry key(s)
              • Modifies data under HKEY_USERS
              PID:4588
            • C:\Windows\system32\DrvInst.exe
              DrvInst.exe "1" "0" "SWD\WireGuard\{EAB2262D-9AB1-5975-7D92-334D06F4972B}" "" "" "4bfae609f" "0000000000000000" "d79e"
              2⤵
              • Drops file in Drivers directory
              • Drops file in System32 directory
              • Drops file in Windows directory
              • Checks SCSI registry key(s)
              PID:944

          Network

          MITRE ATT&CK Enterprise v15

          Reconnaissance

          Resource Development

          Initial Access

          Execution

          Persistence

          Boot or Logon Autostart Execution

          1
          T1547

          Registry Run Keys / Startup Folder

          1
          T1547.001

          Event Triggered Execution

          1
          T1546

          Component Object Model Hijacking

          1
          T1546.015

          Privilege Escalation

          Boot or Logon Autostart Execution

          1
          T1547

          Registry Run Keys / Startup Folder

          1
          T1547.001

          Event Triggered Execution

          1
          T1546

          Component Object Model Hijacking

          1
          T1546.015

          Defense Evasion

          Modify Registry

          1
          T1112

          Credential Access

          Discovery

          Network Share Discovery

          1
          T1135

          Peripheral Device Discovery

          2
          T1120

          Query Registry

          4
          T1012

          System Information Discovery

          4
          T1082

          System Location Discovery

          1
          T1614

          System Language Discovery

          1
          T1614.001

          System Network Configuration Discovery

          1
          T1016

          Internet Connection Discovery

          1
          T1016.001

          Lateral Movement

          Collection

          Command and Control

          Exfiltration

          Impact

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Config.Msi\e583074.rbs
            Filesize

            14KB

            MD5

            05e9f4643dacc1330396dce04613d3f1

            SHA1

            7b5085ca0cd66b708962c2863737ee383e4f436d

            SHA256

            4e52cba632b9c54df8f0628a44d23601051262ba201e2453e696a2d2f44d067a

            SHA512

            0e6dc06c89c9e4fc8029687544b80a98824a61a9b84e75ebf0c1958071d88665302a62a83677331889ff85f7e2be4fcb33e4c13fbdcef55526b1ca2760e88a8a

            Download Submit

          • C:\Program Files\Proton\VPN\ProtonVPN.Launcher.exe
            Filesize

            16.6MB

            MD5

            bd45bba765fe0b500c7dac2f52683584

            SHA1

            77fac824ea19a646957cc2912ab009c3397d9cb5

            SHA256

            96db5684d45d50de02ea3ad74d3bf959ccdd0cf68b25b76ba7f79b45fcbfe2ed

            SHA512

            2b26027a5109459c7c740a37a1e26545f3548dbf62dc3c74f776a92e71f6d05ee4798e5ed022003092c777f256a9dd3cb7b74d6b39a77a800e8257deb54e21a3

            Download Submit

          • C:\Program Files\Proton\VPN\v3.3.2\DirectWriteForwarder.dll
            Filesize

            512KB

            MD5

            a44133e3dc3abd473f7c047538502a46

            SHA1

            c8666bec92653f233baf9e944a108bda3070d18d

            SHA256

            a32e39f506885feab67255700a797703040ecfdbefb4a80df81c17e8331e0964

            SHA512

            75afe85d74a7d6799df0fa9b05c4ecc515df28e81e667a41c03bf64d31d4f40af548d9afc88186ba7bace02e66b07b990b970406574c615fa918d13641ed2e12

            Download Submit

          • C:\Program Files\Proton\VPN\v3.3.2\Microsoft.Win32.Primitives.dll
            Filesize

            25KB

            MD5

            f2ee7789e09626a24bedaed958b85ea3

            SHA1

            a83f9ea943e8a0c90befe839e81ad52bd18c21c9

            SHA256

            9f2b9a9bc6be3d13cdd03ee3e860901e37ec348e7565b14f1bab13590ab0d3d6

            SHA512

            cf0597e39c4fd93b0a7449e64afd724cf3d3a388a3c502ebe944782d00efdbeabbfcc152403eb3ba8ded531b1d7cd37f4532e455af4a5f1c3a1573d89df5c7ae

            Download Submit

          • C:\Program Files\Proton\VPN\v3.3.2\Microsoft.Win32.Registry.dll
            Filesize

            85KB

            MD5

            cf19b89edcddff601aecc9212feb305e

            SHA1

            8643910ba840dc241b327210551e1b9944b9f7ad

            SHA256

            d59189746f362cd58d74de3585256242e9620ad67891d42dccf567ce2e0dec62

            SHA512

            19e1bb0be8a8d39425f61ef15e512664b18771233a8837c1920ed076c6ed18f7bb39456b58fab86e5af468382dcef1a65dc4d9047b7d6f15199ad454e673ebf0

            Download Submit

          • C:\Program Files\Proton\VPN\v3.3.2\PresentationCore.dll
            Filesize

            8.3MB

            MD5

            e6f19c31e8154784a873f5ef71cbe531

            SHA1

            9a43c006cc186005960b34b804267524ace6db85

            SHA256

            27c3507eea90e8f385a45376445c57e44f3e474b0937609ea40e758432cf37d2

            SHA512

            d12d07e08939051cb8746318a0f856a03d8315ea1973859627b80aa3fac80855daf5100c0c472a5cfc169b88ce27d566a70475095a02751ee870b0cf733853e0

            Download Submit

          • C:\Program Files\Proton\VPN\v3.3.2\PresentationFramework.dll
            Filesize

            15.5MB

            MD5

            0f050890212acdfc6d6d4f29ed0b2e6d

            SHA1

            2010f4bb2d7dd4836d3a56a5d2372615563d08eb

            SHA256

            ed36e1c734f596b33003cb3769b2570eb73529fabf791d0fa539a16640407008

            SHA512

            65d47a7f913dd714baef7093ab69ce4c26ab4e2631411d4fe48b04d5a1197d88da1992f17c3e697efbe54e646dfea99bc8d8dc730f5262872e5cd7048c385e5f

            Download Submit

          • C:\Program Files\Proton\VPN\v3.3.2\PresentationNative_cor3.dll
            Filesize

            1.2MB

            MD5

            aeffae9ee6610a1b941cae781422a177

            SHA1

            23767efd808cf1b0a19d8a4fe19998c74ad1e4b3

            SHA256

            2cdab1fc17ce70595586ab91b87c1c4b2dee7b2b462f180f22f4682fa4ddf4bb

            SHA512

            187c6a091fc305323bab2c1feee6e71461b06d13f93a02c8afa1850505d292f7ae7362d8e13c96c5b8058e8e246c28f76185f6f9f76ae91ba9b40514f069f858

            Download Submit

          • C:\Program Files\Proton\VPN\v3.3.2\ProtonDrive.Downloader.deps.json
            Filesize

            44KB

            MD5

            43b789de19f5f783536366ba13f83e4f

            SHA1

            8e7738347fe2ed0df59f199819ccbaa73d942c56

            SHA256

            39b1cb2dd9f4cb113b60e958e5272ae4f87c715bbe6287a0da524095cf1f1e1b

            SHA512

            73d147697c2ec1379c50bc682890948dff5dfc7fca429412c15c86ac2db99eb7cd1022fd0f59e223ccfd3b31834c840195635ded158995b65753d3ed3d3e28a7

            Download Submit

          • C:\Program Files\Proton\VPN\v3.3.2\ProtonDrive.Downloader.dll
            Filesize

            221KB

            MD5

            87f2f50550c09702276290532c721ee1

            SHA1

            e518a9de3156fbb10e59b7ce1b319cf6f7ff29e1

            SHA256

            fe5d23a002f4bd27bd26eb1ff30f3a70b92b434a2990bc5f3aad6407cf4bb9a5

            SHA512

            2d9718e52117eae743fe6597d4ab4d29694e61b5eccf2c8905bd1af6efe7bb501f534dead72ae6651e8caa3ffdd18298bcf9c35d7b727927372c95ba1fe43494

            Download Submit

          • C:\Program Files\Proton\VPN\v3.3.2\ProtonDrive.Downloader.exe
            Filesize

            322KB

            MD5

            9334372ac5a15469a97d0bfe0c6f0f57

            SHA1

            015313fbeceaac2c58f62277ff24ab2cf02f563e

            SHA256

            71333628268b23503078cd03685d0f67c114aec65297515d8d209b5a0360d6d6

            SHA512

            e8ff981b80508d274c5cc9dc59410d98b1991e0dad59f8113bebf9d868639c7923ec6711e0c2aafeea49e3b4befa7c3176d1fd5d293e136956ea1ed6e336ae9f

            Download Submit

          • C:\Program Files\Proton\VPN\v3.3.2\ProtonVPNService.deps.json
            Filesize

            172KB

            MD5

            5c2aaab2cfe293a37074968ddbceeaa8

            SHA1

            b072c680df8b185d0796f53a77456f850b2e77a6

            SHA256

            84202d819f780079c01c2c1386e08e0e7a985d2ed19e7ed5dd25cec12cb2d7a4

            SHA512

            26dfee238a0bf3142b454e2973db89d175b80f5b71b6ef4c3b8dba8f00d96a739cac8b0dab56aba30cc2fbfb70c2fad968ba00d5dae25a47d7b9cf8d2b938a41

            Download Submit

          • C:\Program Files\Proton\VPN\v3.3.2\ServiceData\ServiceSettings.json
            Filesize

            235B

            MD5

            ab36836786f0c9aa5c1695025e06c14d

            SHA1

            bd4c0ec4f69ae51fd8333f602097ed0544efbfcc

            SHA256

            54ffa2473cc9f10172a95500cb5f285b1641d24b00df0e4b85535b96dddcdb0d

            SHA512

            353ee57723b1beb56db5d0608ae338eb27c0c28822af11148a06f923d85487e807236bb9b9f8317c2bdd7114302a2620bc38fce897c2c8f1961363cf914c2cf7

            Download Submit

          • C:\Program Files\Proton\VPN\v3.3.2\System.Collections.NonGeneric.dll
            Filesize

            98KB

            MD5

            e2311907c521f46c510a34aa084ce5fb

            SHA1

            a16e6fb00b5e3f041a6f93797b94d0d0ea11b86f

            SHA256

            697d5886477da479a0003e7123ab715b7cdd5d524dde8cb839f08b328b7d055f

            SHA512

            95c4d8ec94ed2b3b74b7ace911cfe86068345699169ac77e2e24ec11ae86a2945deeb5b1741958c17a9c8cf7f4086a03654930eb2f8934565546ea86967d4332

            Download Submit

          • C:\Program Files\Proton\VPN\v3.3.2\System.Collections.Specialized.dll
            Filesize

            93KB

            MD5

            5b36825632c9c4832be5cab8d8d05f0c

            SHA1

            c2bcf188359ce8bbe8d8e25d89d32bbec858217d

            SHA256

            6f55e08ed6e942680552471d8c98f1f11ae25a38e7a1563d704444529e4110dc

            SHA512

            3176b5ad041a48b9c992670a5d69f46d82c0a5824139e1f8b38a7d9230b5a88996143ee9178a0713f2a563cb8740f2f952cefa725cba84215df66d5fbd8db9da

            Download Submit

          • C:\Program Files\Proton\VPN\v3.3.2\System.Collections.dll
            Filesize

            258KB

            MD5

            f687361f2dc8c90597557c311c4ee1f4

            SHA1

            2a7cfc6a7e9de416d63836d79b642f92b4ce490b

            SHA256

            bd70f91f77879c3f3e287ea1eb8e23b2413a938fc61459f766b03865a56fe1d8

            SHA512

            395c0ddbc977cd7021667907640c8ade41dbc5ba68ae7266303f8b49b7ccfbf226badcfef3bf24ba483793d3fd1b74187122c4645ac5cbe1b72b228390548817

            Download Submit

          • C:\Program Files\Proton\VPN\v3.3.2\System.ComponentModel.Primitives.dll
            Filesize

            73KB

            MD5

            de8b91cffb07571067c82b5b1ca8b9ef

            SHA1

            0f5725b846f7e1b9536d520e0dc40f31ac658c51

            SHA256

            0da88ac3e50fc1742ae33d254429cf77a575459f9b8cbf2e6d2790e0fc435123

            SHA512

            0c31f7ae813f9da5fba50971cfdc6371a9144aa5a4fb1b37a7d503961045bf80d7457526ec19b12b828afe275f51eea3dceb9d44db2fec7a3b200b05a807687f

            Download Submit

          • C:\Program Files\Proton\VPN\v3.3.2\System.Configuration.ConfigurationManager.dll
            Filesize

            415KB

            MD5

            8142dcde6449f3a02353dac33623d570

            SHA1

            6bb5c358694c7856f037b4bf9697ff210573cd84

            SHA256

            38cc76d6bfeff7201e8c4e55d05a1144949601d35fea156f915f4a0f3aff3660

            SHA512

            7408447e4f844f071e2bc294dabbee32c9c96a47ce055ee653735b6d332311d7d9c18bdbd86e04fe378efc75d0cd8fd8652b837174b3b6b7cd166ebb52412765

            Download Submit

          • C:\Program Files\Proton\VPN\v3.3.2\System.Diagnostics.Debug.dll
            Filesize

            15KB

            MD5

            3b28ad5ad2731fcb1f7b0d6961520e45

            SHA1

            3c748297ce5ab4a8dcbd57abfb0bf6f3c466f18c

            SHA256

            394eb8a62569f42ea6ce80a4d3ec892668f60a9330887b960daa0b34ade8e901

            SHA512

            be88d5e3f05dce597731989f44fa95077ad3bce47a2f1e2e026f35af3dbc69008642028e499169fb8bafde84681c2ccd1531349121f2317835bcf3258e4a3d46

            Download Submit

          • C:\Program Files\Proton\VPN\v3.3.2\System.Diagnostics.Process.dll
            Filesize

            283KB

            MD5

            df2bc26505a4ded327a20ba1363a4fd9

            SHA1

            4d62119c3f8c99374dca9a3643f580bb9148e446

            SHA256

            94990ec0b5a7264f13844c04340b69bd87f5ca06950e8199fed7122efc5dd66d

            SHA512

            7ac275be2da34776eb73569ce187041f277f83783497f69b22eb69725961f6077be2d3fdccf50fc89c93ca8bd8c4671bc62853f5960e2ace41aa76bfc08aeb74

            Download Submit

          • C:\Program Files\Proton\VPN\v3.3.2\System.IO.Packaging.dll
            Filesize

            273KB

            MD5

            e9bfc3fd7d2c442844de148c39f66280

            SHA1

            60a6acd88c984f10bbf27f5c31cb70d0e0f01a70

            SHA256

            86667c3caf04fa28013cb854d5f1a50ce56949e034754d88dfe743ee3439b4e4

            SHA512

            6f4168719b410b95946869a1ac1a370aaa2210d24fda2448cfe0295d78d37f3cc8da18a8a0317430e29aa958892882ee25e2f5dd8e0d1481feef394b88912e26

            Download Submit

          • C:\Program Files\Proton\VPN\v3.3.2\System.Private.CoreLib.dll
            Filesize

            10.1MB

            MD5

            cd1cbd2a66aca4e53419357e84837b32

            SHA1

            4ac5ca7cb6a9f8c4d58172188185abbe76dcc995

            SHA256

            eed65437df311c58937d34491bbe0b52a704aa5a900a5aa80bd2c20dc52989b6

            SHA512

            d785da82d5a0270b94ab05e8961bc86a47240990c3c27a9be48745ce9decf40361780eb7285ab4cba738242c30681e4235a0d6dd65ce64d56959a4bfb6ec283d

            Download Submit

          • C:\Program Files\Proton\VPN\v3.3.2\System.Private.Uri.dll
            Filesize

            246KB

            MD5

            3ce30c524db23de721215acc7d80b698

            SHA1

            f4beca55bad70305fb05d988cab7e7f0e9371613

            SHA256

            aff7c2c581e4a998d3c77bc537724e2e189532de249531d706d3fa51121b934f

            SHA512

            77894581ffa16223e32eb1075225f17375bce38eef1b8c7941acf8a0fc81fd3cff65371f0447229382e5c30c3acba4c5af1b482989ba83dba735aa02b539cac9

            Download Submit

          • C:\Program Files\Proton\VPN\v3.3.2\System.Runtime.CompilerServices.VisualC.dll
            Filesize

            19KB

            MD5

            a73e3c49bbe8244f2a99cc5d89c7c429

            SHA1

            a790c47d96bad3aa2cee60e8aa511dc4335dcf24

            SHA256

            111c4f4814f284a8e4befca0616cc58e310854cfaed4a1136bd7dd157f210ec5

            SHA512

            c5a5e618207952ab05f7e280fe77ad966a1c46a0a4cf0c72c4cba663990e7214761c716652cb61e574232a933a6208bdb85bcf0b194353f3aa54226f318a0435

            Download Submit

          • C:\Program Files\Proton\VPN\v3.3.2\System.Runtime.Extensions.dll
            Filesize

            17KB

            MD5

            bd30f3a1bf86a20ceeead4f4844387c7

            SHA1

            7c2c5f545358b234f49b9ffee78212436e210905

            SHA256

            d57b59997925b2e63cfd5b2845c459f8a6a923233bdd1e7ae78fd5870c669cf8

            SHA512

            510bdb64761d12c80c780741182891efe14e47cf02a042020533fbf56a628a5850dd68c52506426194a46f58ba19257c54b39aed39a364085eaa55f9228b83d2

            Download Submit

          • C:\Program Files\Proton\VPN\v3.3.2\System.Runtime.InteropServices.RuntimeInformation.dll
            Filesize

            31KB

            MD5

            5a2bda88d61e32384765e0b7ab387caa

            SHA1

            348a1f54cca7dd551013ffa22e6d27185451b85e

            SHA256

            affb47793654e5541da9f3dcffa6a0840f10594e3f6ef9bdfd902464b825732b

            SHA512

            de57d3e97337e677216bb5a7838e32c028fff1da2093d0200a757895de77d978000ab6a5d8bb232cfb65b2fe95f3b4cfb79d25cb4b1f30efdac731a4ce227801

            Download Submit

          • C:\Program Files\Proton\VPN\v3.3.2\System.Runtime.InteropServices.dll
            Filesize

            50KB

            MD5

            e58537b2b7f0143bda57d8fa16b062a3

            SHA1

            f2a32d67a73974b9576d9df455efe870005b8001

            SHA256

            4c94f80f91254c0c4e111707da05a2457913d000bec88d861bc1c8230ffd8d1b

            SHA512

            2301174328131910dc71f37de55ac9fc2e9751c2831e39b5be18e257a71bd67efc4f17eefa27d7ec9de3ade0753e039266dec2763fbaef383e5a8c8aebf8a767

            Download Submit

          • C:\Program Files\Proton\VPN\v3.3.2\System.Runtime.dll
            Filesize

            41KB

            MD5

            d493b2e3691e0f8c7ac457b096f3c1cb

            SHA1

            93f458d067249f9dd2efeb762c275d0311b2c7e5

            SHA256

            4ca447a6c7666de87f73a76ba2a22e347f7c8ff3461b93752c6f79f0ccfefb4b

            SHA512

            684283c7fa97a8964260c64893886f267fe1e8a6b6fc8d568ab3242855a80cdfff5b4ba8ce2805fbbb1a4852e88d926f1ed8d87ef3d9b3f70e40c3a4b37e7707

            Download Submit

          • C:\Program Files\Proton\VPN\v3.3.2\System.Threading.Thread.dll
            Filesize

            15KB

            MD5

            83e7664fa355134ed4baed691511123d

            SHA1

            3262e7ba09bac1fe57b83e8668debcdd532fd3af

            SHA256

            6d3316914fcf914df36ba297c7ff2d10c65752432c5c0c457cb48d85a9d0bff1

            SHA512

            62769a4cc68a4d546c288c41c38800c10165f9ee55284ba1b8cb0c8bae9169419f9515bb42617e473e227b6febebca4f29d28c7b0e9643a9254bbe938060eb0b

            Download Submit

          • C:\Program Files\Proton\VPN\v3.3.2\System.Threading.dll
            Filesize

            78KB

            MD5

            dc0cf475432fde4bc85a7f414b56cf17

            SHA1

            c3f4f2d84cc9ee4f8f7e3cd9d2b089d0c6a00fac

            SHA256

            8046a9a6c5e1ebc579ac97fba84831cbe94dd373727388702380ffd2e6037b00

            SHA512

            3f03ae7ecbd420948b4b90a907cb61ec1cbeb2dcbe521341aea282597f12d09500f2640e0870c8174dd63e48a633ba45f5106104f4f73cb307957c3e226b8a9b

            Download Submit

          • C:\Program Files\Proton\VPN\v3.3.2\System.Xaml.dll
            Filesize

            1.4MB

            MD5

            8a07d51f0e363121340429efb491822f

            SHA1

            5f8066d5605f813916b07c3cc06fa9f0ab9f5b8b

            SHA256

            326273fb9852103148f1a79b98d489c9af3115e04b4ce0ecde7a7a87276c4a16

            SHA512

            4cf736dd8d6a3e97dfcc86f7acc0a0ced19045109ad88a52c8327db325df226878a9bb0684b0e81590cadceda885002ed87f01a5e11d60d9437d7cd1908b2754

            Download Submit

          • C:\Program Files\Proton\VPN\v3.3.2\WindowsBase.dll
            Filesize

            2.2MB

            MD5

            050dc5a86523712f8872d099654b6a22

            SHA1

            bf82eddacae716060abcb3390abc7573fcd9a986

            SHA256

            c253cc56b761dffbce3619c842645b1eb5d7531301d085249984fc53b785d1f8

            SHA512

            c0c1bddb6c2411d0b0e0ca08509dffbfb87078ea03c1bddeac5da9aec13cc0029ce6eea53b4e34c0b2be67049f450e780661aa470bdc75976b16b22adaaf256c

            Download Submit

          • C:\Program Files\Proton\VPN\v3.3.2\clrjit.dll
            Filesize

            1.4MB

            MD5

            64926c3fa660f6f0dcb738335e61ec84

            SHA1

            5d97bd9d0f2c61b669730f872122a1a42f7fb5db

            SHA256

            20fbdc406e0f36d1320a44e76f0d4881b86cfb18947a7f8e4e7acf8798a1534d

            SHA512

            0cb4197a817699a2ace0ce6a3bd1bbd825bda72c2f29fae0a8bf234a8ae849a6e6fc75117b9fddc4ccaa71f6b18cea64938d0ebff7277f9aad712b25961d65a4

            Download Submit

          • C:\Program Files\Proton\VPN\v3.3.2\coreclr.dll
            Filesize

            4.9MB

            MD5

            6ffa88e2df9e2d543239985832c78181

            SHA1

            b6168e470c68095e803ca827fe35d59daf827bce

            SHA256

            7fc775e076b2cf7021fe38058ff782228926ed45ea79a687d99b6bb499c3b7f5

            SHA512

            1fb2958a6fb541d046801a8c2ce73cf8a39901c32b84aceace70c8d93fe0a9ca24cbac5ae93669e7fa4ff1978d124baa782e39750f64cbae99ed3ccfac352052

            Download Submit

          • C:\Program Files\Proton\VPN\v3.3.2\hostfxr.dll
            Filesize

            369KB

            MD5

            ee507878a7e2579d2bfda2d03fa84465

            SHA1

            4e9c9ff4f2672012612ff9f27ade39fa264d337b

            SHA256

            0b0aed1f8f291cc81d2334b649837ca1d0f13d14d58fbd19cf3a282e80f299e1

            SHA512

            569e1036c930a401983747eb9d7c1aeff71e359d7d2e0a301479c255f24fdfb9e41b3585b0918dbaac12e2b5afc3f5710455fae1222adde763850e0364cc01ea

            Download Submit

          • C:\Program Files\Proton\VPN\v3.3.2\hostpolicy.dll
            Filesize

            384KB

            MD5

            19167bb1ae169e319e62aa8a11bf2122

            SHA1

            4b7942151c595ffa3b23a2a954fe89823e34c8a7

            SHA256

            b6fd2e79738e993263efb4553ed9a94b98300c543f7c0d38a0bc7bceae9fc2ea

            SHA512

            599e1c792490b0e9a95be06224486c0c694bd2a6d5970459875c802a7143ebdd727f1f7f316282afd64934d5d6932b91fe22a518000f0ef930140a0e7aecfb2c

            Download Submit

          • C:\Program Files\Proton\VPN\v3.3.2\is-6RLQ5.tmp
            Filesize

            453B

            MD5

            0f699c934a98f229e08b805ced7e265d

            SHA1

            191e6e106081033b448d0ccb32b5d6a81d6c8d63

            SHA256

            a0eb69194b1819658ba615351a79859707d3a5cab440bdfc26e015a64ddc7b82

            SHA512

            0ad0d5fac9bde0eaeceff4b60be75df6e6f2745670d56da5674c96b179b609312ef1c66a94ae0aeb7566bf9ff22193556a3817fdd7a29c777322521db7aa239f

            Download Submit

          • C:\Program Files\Proton\VPN\v3.3.2\is-TPRBK.tmp
            Filesize

            540B

            MD5

            fceeafc460df5609a1f10921b03da7d7

            SHA1

            dc281c4a126df181e4330a4cdfd9e43bf39997c3

            SHA256

            1b8a0096c02b3f1ddf6756a3b112b4e5a3ff7698b8500eadd28298837387c60b

            SHA512

            b5ea390511370f27e761269c8bc25f1f2fd0befcce9c1cc6a919f319220a440c1203954703eddb373d35e96ef73aeb3a02b35ee530b63496735cc877bc7d186e

            Download Submit

          • C:\Program Files\Proton\VPN\v3.3.2\mscorrc.dll
            Filesize

            143KB

            MD5

            4e9dfc286b3d1a5123e68aa937da21cf

            SHA1

            faeef31d79135c8e38744b5b0d08fdaa101776d0

            SHA256

            642f650fd5d3520dec37c6ecb96f6566d45b81ea196cd4a293bc33c12a612743

            SHA512

            32b77bb9fb0cd5b7057663dfb8c750db266965de7df866212600d1afae14d106c26ddba9c1f60b191f42db0ca01e3e9ebf0d429f47f5dccdf72a6f5c2306e704

            Download Submit

          • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
            Filesize

            10KB

            MD5

            e5d46a9305488adc492a63040068063c

            SHA1

            a2f40d4bd407204e47cbff5773d1f68ae470b62b

            SHA256

            71c23d88a446ed74b7d5d3e140b48126c8bd1fd3c3d252d15877e56365c8e042

            SHA512

            85b11e1a883bbf0a2deae953fd354b75e34abbd3f2c8bf0e50ec9c6d92659723bf7f51a317d7e98f402928e1a2f9ccb4254567038c2f8b6de46eda2a46173fe6

            Download Submit

          • C:\Users\Admin\AppData\Local\ProtonVPN\EBWebView\Crashpad\settings.dat
            Filesize

            152B

            MD5

            51568eefc4675ababf7a183115724a54

            SHA1

            f2caa9a16be129d423bf0f506c9c67c84f35a637

            SHA256

            952246b80514851f974092c72108b346d40fca3f6796716458a546896726f90f

            SHA512

            47b993a60eed52fd6ddd073e7ecead449505b81d7cb24acd2e08b6b2576112d26549958e65791a12171dff45d15f290e0bec0e912fe8dd53c0bc3c3cacdf335e

            Download Submit

          • C:\Users\Admin\AppData\Local\ProtonVPN\EBWebView\Crashpad\settings.dat
            Filesize

            152B

            MD5

            df2f5e7d06a1e4d6736ebbd4143e4fa7

            SHA1

            587d53eac20d872fc09e292cb53627c59d342618

            SHA256

            84b401053a5ff9d0c10a26c9e43cf1119fa73a58a8474cb5f115710dc7ed0513

            SHA512

            34dd027c39bd9982df477f2c95e9dd52742a4c999ce4654a7150f87f603b48f41afc5485fcf0c7a12cf555e8e05989a69dba49ad7f609857292faec1964433c0

            Download Submit

          • C:\Users\Admin\AppData\Local\ProtonVPN\EBWebView\Default\Code Cache\js\index-dir\the-real-index
            Filesize

            96B

            MD5

            ef72f76c754b022c6b89f20a96ad8489

            SHA1

            96aa59e61d3ba1d90a430a1dec7851b9dccb9eee

            SHA256

            808531fdadba3e355e5a65340505fba37f2292d923b3ed1c6353409f61eed3a8

            SHA512

            6db15489a648edca1dc00caa876034796209f585486e1de50f99943175fa6135fcbcda3f9b2a290085aa958af22734cbcad78263ad3a775d44457d16d0cae45c

            Download Submit

          • C:\Users\Admin\AppData\Local\ProtonVPN\EBWebView\Default\Code Cache\js\index-dir\the-real-index~RFe5925fd.TMP
            Filesize

            48B

            MD5

            6b2d54034d57f7c866882c4b209b568c

            SHA1

            118d4a51c88c257fd3ea470ea868ea12e19ba7c0

            SHA256

            e11f856a45f2541fbb7061a3eaae1362fd43a25bf3b119b787135921ec6976d4

            SHA512

            96987a7574918d68de5d312f40f1c6019f56d31342b567e6719da760e41a12bedb20ebe9e35d4d2eae34f59f3db1431a38c3eb205fd3fcb76d5c582a7b30e7c8

            Download Submit

          • C:\Users\Admin\AppData\Local\ProtonVPN\EBWebView\Default\Local Storage\leveldb\MANIFEST-000001
            Filesize

            41B

            MD5

            5af87dfd673ba2115e2fcf5cfdb727ab

            SHA1

            d5b5bbf396dc291274584ef71f444f420b6056f1

            SHA256

            f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

            SHA512

            de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

            Download Submit

          • C:\Users\Admin\AppData\Local\ProtonVPN\EBWebView\Default\Preferences
            Filesize

            3KB

            MD5

            09ce1164c214006b79e7668a948209ab

            SHA1

            c3b00bd73eafe5af7f031b7f6606c08896507008

            SHA256

            774f72e91afc7c8b9c03294207153f40483881e8a298e5b9dd5a29bee5d26194

            SHA512

            b5ead6fe82ea84015a20118f78d83daab40ab0ca011d853bea1ace6297eb3a82cb5411181674e77398daa4eb25be9fb0ca03172afeffb37f4b1009380a1b6082

            Download Submit

          • C:\Users\Admin\AppData\Local\ProtonVPN\EBWebView\Default\Preferences~RFe592b0e.TMP
            Filesize

            3KB

            MD5

            af0d697a3b3a3c20e3ff6ea9f00bb303

            SHA1

            1696a2ac9a64110240345434508a87356d868211

            SHA256

            755518891682c2ec948c1c96f7ecdec3c53858a6ef205f6de9ed9684d6bb904f

            SHA512

            002a6c5c2892081c0aea3f979bcc4406e03f252804ea9a62775db7738fb8b8b5856bea4fac769be93f7734fd32966183845cfd4c0a5cef3fce0a994364e12147

            Download Submit

          • C:\Users\Admin\AppData\Local\ProtonVPN\EBWebView\Default\Sync Data\LevelDB\CURRENT
            Filesize

            16B

            MD5

            46295cac801e5d4857d09837238a6394

            SHA1

            44e0fa1b517dbf802b18faf0785eeea6ac51594b

            SHA256

            0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

            SHA512

            8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

            Download Submit

          • C:\Users\Admin\AppData\Local\ProtonVPN\EBWebView\Default\data_reduction_proxy_leveldb\CURRENT
            Filesize

            16B

            MD5

            206702161f94c5cd39fadd03f4014d98

            SHA1

            bd8bfc144fb5326d21bd1531523d9fb50e1b600a

            SHA256

            1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

            SHA512

            0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

            Download Submit

          • C:\Users\Admin\AppData\Local\ProtonVPN\EBWebView\Local State
            Filesize

            8KB

            MD5

            384f3a1101b4d9e1daaa705a964ba39a

            SHA1

            38283c11da47cde67b0004d73baf39d296395233

            SHA256

            504f480fee72cc139ec9748f5adf637f5d482404766892864a43a2cf77a6d66c

            SHA512

            39786476cfcc477c35d2fcd914b83eb0c99134de5a8428abdca1c82322ce66b8a620de3606931e539f86a581c8dc06af9cd98fccc43d22ee9ae14f9191e5692a

            Download Submit

          • C:\Users\Admin\AppData\Local\ProtonVPN\EBWebView\Local State~RFe592b0e.TMP
            Filesize

            8KB

            MD5

            0a1b02dff921339fc1bf6ce5fcf0a9df

            SHA1

            2c894c8124abb004d67d8e9579f0b9629ed8045b

            SHA256

            b193d485d3411f7ff210a1373539981559e608ed7d6bb2e5de73c1f34f10fc16

            SHA512

            453b6d61231578587311e9311441731b98137554648705ca67115b9a419c5cc74fa06008f0d287314547be4d794911c71c83e067b64cbf7a8667b3648dba1ed6

            Download Submit

          • C:\Users\Admin\AppData\Local\ProtonVPN\ProtonVPN_Url_cmnccr2xp2ofmvhglly0haihuyzzqh0i\3.3.2.0\2ajshww2.newcfg
            Filesize

            1KB

            MD5

            2da029c1458f8b87fdc3779d5d543d03

            SHA1

            73863146a0223232be916741a326e4b8b99a9ce4

            SHA256

            f88b1e90a422197ddee5865c0d6e92b7297bf2cd1b676f6f4081e3838597aeb4

            SHA512

            cfb70677b6ed4bb950bb489daf4477ca87e2f6d526d694857beb7797761b53e8dc1bd79394ba952ea4a6c00e92ea46fa7e36e5e0be91b961da5bf021054e1c37

            Download Submit

          • C:\Users\Admin\AppData\Local\ProtonVPN\ProtonVPN_Url_cmnccr2xp2ofmvhglly0haihuyzzqh0i\3.3.2.0\2e3htc0a.newcfg
            Filesize

            1KB

            MD5

            3b91fd3bd0feda7e04e0de704b8ac0c1

            SHA1

            cd663369c71c9521fe3bc529dc0ae542b675bf41

            SHA256

            c7c82d084c0babbc4d03c97c42df69d1fe597a08f8746cdba5dd5f8d65ff9dbf

            SHA512

            7915b58fc94444b5ecf542e4169db3f708ba4e225b31162554a5c115411833380a7fa22596b750d9e1c2e628088ec66825634189957c28be53c40e5f301a04e2

            Download Submit

          • C:\Users\Admin\AppData\Local\ProtonVPN\ProtonVPN_Url_cmnccr2xp2ofmvhglly0haihuyzzqh0i\3.3.2.0\2gctqvw5.newcfg
            Filesize

            1KB

            MD5

            fb2dde856ce42fb351cb05c33c99f686

            SHA1

            1a9b7deee116cec34e6aefc10def0bf933a030c5

            SHA256

            8d755fc4784871bf04ba9ca073bac2c2c51eb4eadbc25896efc540c402147bb3

            SHA512

            eb49eceedd3a8bc998df13e3402b6f3105ea724d65d08d027815d36fa74e23aa4de28492d1aad14515864da04c558d629881150209d24905a169aff974c3d915

            Download Submit

          • C:\Users\Admin\AppData\Local\ProtonVPN\ProtonVPN_Url_cmnccr2xp2ofmvhglly0haihuyzzqh0i\3.3.2.0\4cabn50j.newcfg
            Filesize

            1KB

            MD5

            88157f0cdd9aa6f46e45174d6cd660c1

            SHA1

            af5e3230197d063a8f73c37627dac5a983a7e169

            SHA256

            f16ab1e6ce03995ae76a75df6fefc4e5a6e27587c2c28d373e58f8fdbcb7be9d

            SHA512

            930d36da431bd0cae5157554eacb505c0e6c420ecfe875db8709ba0d08613c96204a1ff32941324f85cbd324b60ee67b1f180b76d82c096155a368af3637e40c

            Download Submit

          • C:\Users\Admin\AppData\Local\ProtonVPN\ProtonVPN_Url_cmnccr2xp2ofmvhglly0haihuyzzqh0i\3.3.2.0\ar3pikzn.newcfg
            Filesize

            1KB

            MD5

            c48c0cf9811b5da5b045f29474414832

            SHA1

            fa62631fc6c99ceb79796bbec3403071821fd9fd

            SHA256

            d7741720d5be0754253ad308a04adac1718391c8900d22572c73b23e586860a5

            SHA512

            fd0be166611c96e29f8726d704ad0ad908e5adbb2c26c2753eb1dbb2481972d97a67fb3a7e455605d5e36de06bc785ec83c11bba81857c574882e5f804559d7f

            Download Submit

          • C:\Users\Admin\AppData\Local\ProtonVPN\ProtonVPN_Url_cmnccr2xp2ofmvhglly0haihuyzzqh0i\3.3.2.0\au3zytth.newcfg
            Filesize

            1KB

            MD5

            fd3e913be074267fd91998bfa0f9cead

            SHA1

            8bbccec679b632e5839a755429da834c04b581f2

            SHA256

            83e14e8908b34435b07535655a28f3a1de0958ac583b612c1dcb15f4119ec705

            SHA512

            735f53eb28819ea32d53f5e3340a9373a1f8aa428415289fb851cb13c4f06ff94c784cb132255aa700cc01a9e4dd8e8d55260e65459edeeb5a5627b53e19a562

            Download Submit

          • C:\Users\Admin\AppData\Local\ProtonVPN\ProtonVPN_Url_cmnccr2xp2ofmvhglly0haihuyzzqh0i\3.3.2.0\emmdtzgk.newcfg
            Filesize

            1KB

            MD5

            8ac3e8394d745089ecfc81740e69d9eb

            SHA1

            d3fd478887354651f4bf657bc51f94ec232a0ce1

            SHA256

            86751b0f11433bd3ecb3bc2a08b3d8aaac1a4bf045a3f76f1a2c62104a57c4e1

            SHA512

            f3cd626228e24912a198af2829232363d9521344dee91029e1baed511eb02e69c18779f95d2ec08a761b00e181e95adb13e029cd43a51bc881729dc2d05d22e3

            Download Submit

          • C:\Users\Admin\AppData\Local\ProtonVPN\ProtonVPN_Url_cmnccr2xp2ofmvhglly0haihuyzzqh0i\3.3.2.0\eoetewj3.newcfg
            Filesize

            1KB

            MD5

            dc173d009ff9156d75a0dd5f37f40d01

            SHA1

            ae1a40260d600281c7fdc757012a459e982fb177

            SHA256

            73adc3850e8cca7df5e299d4d9c7aed97a36e2e9418bbab85da16f1f9d871eb7

            SHA512

            812bc34d4ccb35c73d444bc3e2506e3bc186f2a36ef4a7073c52508fd23a6c7fd46189064c3dd278c5146f070fd11bbccada11e594a9cae78ffb8fd4fda161ee

            Download Submit

          • C:\Users\Admin\AppData\Local\ProtonVPN\ProtonVPN_Url_cmnccr2xp2ofmvhglly0haihuyzzqh0i\3.3.2.0\jbxii3xj.newcfg
            Filesize

            1KB

            MD5

            e7e71486015b073bf9ae104a0dbbe86a

            SHA1

            1195d1d67ad0199c8ac18e5a806ed89b688c8d23

            SHA256

            df0c2ad5778ff20e2863c07cda5a4eda626c61dcef4f53506ae9bc9ea62e045d

            SHA512

            1eb4fe1cbfd7f304a71c86598299592c483c8a8ea2ee5137cc66f38ac6bd633d69bc7733baec9b3f4177c4b8647a0762770e0cd24adca6c5a4c498653d2359b5

            Download Submit

          • C:\Users\Admin\AppData\Local\ProtonVPN\ProtonVPN_Url_cmnccr2xp2ofmvhglly0haihuyzzqh0i\3.3.2.0\k11tqxby.newcfg
            Filesize

            1KB

            MD5

            097d722b12cfb8fdfcab86577fc023a2

            SHA1

            493487d24b1db3ac42d440751b3cad9747c10467

            SHA256

            ae4adb1244685d9cfc256cd2e7979effc6c0a0f4a481118b3e738fef29175341

            SHA512

            80951477c6d148523c2173582f7a988af6245b25e393f81810d469323693dcc791d56cb005b05a1ee0d1f18934dfcfb6e89231d5f3a6f19a26b7397ca4031a32

            Download Submit

          • C:\Users\Admin\AppData\Local\ProtonVPN\ProtonVPN_Url_cmnccr2xp2ofmvhglly0haihuyzzqh0i\3.3.2.0\n22k425u.newcfg
            Filesize

            1KB

            MD5

            03ee9fe0730c146c7db36997364214aa

            SHA1

            4ff5a8b24cace6450a7d62dc253ac48c55ee1893

            SHA256

            8e96a178e6a65d80cd436d4760d978e67997d5268edc941c5517247562902dad

            SHA512

            0c551ba11ff167a337c06b87978452452db2f7e01d18fdb50b56c4ddb77bbc78e727a5020f55a6818db0b9d7e4da5f3b892af116d593a7bb8ca508b991a83daa

            Download Submit

          • C:\Users\Admin\AppData\Local\ProtonVPN\ProtonVPN_Url_cmnccr2xp2ofmvhglly0haihuyzzqh0i\3.3.2.0\ogk2qunl.newcfg
            Filesize

            9KB

            MD5

            02d7a937193643be9a674dafb0390f0d

            SHA1

            3d4381f731218f75668eb009606bd69a89aa8b8b

            SHA256

            e04f9cd81f0c421ad0471a6ad6dce58b6b4ac91ed1fe21224ab7c020ca993e99

            SHA512

            bfa666f62c6be75f02546cd6de8838101645b272a4293db7d7e2b4e151d2ff201192024d8e88942f8be8f0da1373448d7fa01b6e1833a11863fe63aebf31e3ac

            Download Submit

          • C:\Users\Admin\AppData\Local\ProtonVPN\ProtonVPN_Url_cmnccr2xp2ofmvhglly0haihuyzzqh0i\3.3.2.0\rqdef1bk.newcfg
            Filesize

            1KB

            MD5

            279df96ad715489586b1cacd164a1bc0

            SHA1

            b065a12231fc9a3ff646d8e376073968a33a3a4a

            SHA256

            140cb691cbfe39a2cc8697b17eddfbe149c59d427aa871b4984541fcd7de526a

            SHA512

            cf184284e9c1f5224d604ff6456722a607985d1d42be57560ed64dd444dd669ca0fecf6a6059fd511e25a35abc195b15bd3bffa772d460ca47c17f1374241131

            Download Submit

          • C:\Users\Admin\AppData\Local\ProtonVPN\ProtonVPN_Url_cmnccr2xp2ofmvhglly0haihuyzzqh0i\3.3.2.0\smyoy5im.newcfg
            Filesize

            1KB

            MD5

            e29c586c5c5ddbcf3c31a17a7d16817b

            SHA1

            576b3b4d3abe7a55281c7917198ff53b214874f3

            SHA256

            9c052cae02fc95e395a3c2008e7e0cf37cbeb4b4b72ac9dea96e682e41f0ff00

            SHA512

            ece11664f5de84b53f1660c8238bf40a4883c5672f8086942959100d2d9ccf2f98e8184d6b87f87060689c63cb5332ba12cc6a9753bdfe87abaacaf6270b00f2

            Download Submit

          • C:\Users\Admin\AppData\Local\ProtonVPN\ProtonVPN_Url_cmnccr2xp2ofmvhglly0haihuyzzqh0i\3.3.2.0\user.config
            Filesize

            1KB

            MD5

            772a8c41c3cea7a6fe854822304afc78

            SHA1

            1d3ae91357651d6fe7c31ebd54cf5c5f4cdb06c2

            SHA256

            6956d5255aff8dfced8d41c9705597842ef85ba2d5a412b330ffa5702f407203

            SHA512

            7e7e228d963b6e85d99e38704fc8a52b83e3ff140fc560a6799414b31cbe9322896ab7acbf939ee95360907d8e151a6944d42117e0eb743b95c99c66fdf5cce1

            Download Submit

          • C:\Users\Admin\AppData\Local\ProtonVPN\ProtonVPN_Url_cmnccr2xp2ofmvhglly0haihuyzzqh0i\3.3.2.0\v1d4vplw.newcfg
            Filesize

            1KB

            MD5

            fca0a67776db205f0d18df9abaf79b56

            SHA1

            43eb0d9f6fc9ef3edb7cf48e2d3ef91e4f0585cb

            SHA256

            c544a585b6ebe26fb8b59642ddd19bd5eda279e4a710444afe7392562857824c

            SHA512

            ca6269c1f22ff02aa1b3e6508d26eb567a2c7162553ea7afc691c5d2a8e8bf750b17f85559d1d1ebbfb76b58e682432ee1a238cddc1400b1945e573627baadd9

            Download Submit

          • C:\Users\Admin\AppData\Local\ProtonVPN\ProtonVPN_Url_cmnccr2xp2ofmvhglly0haihuyzzqh0i\3.3.2.0\w00h5lkv.newcfg
            Filesize

            2KB

            MD5

            585bbdbb8f11f23ab235ce3ade8bbf64

            SHA1

            94c7a19c9d0dbace3e8c225e221457dc40a748a2

            SHA256

            a4535161c929bc341eb8deffcfe8615d76ac7bd77a9adbbcb2ce0f3dabdef336

            SHA512

            ef7b890fbc6843d79778a742fb1f09ef4486a7df258a9e97d51a5358ac8e390234d3e4361d93261d40fd343223f93f1545b21fbd677c5c761db6cb91377f4da8

            Download Submit

          • C:\Users\Admin\AppData\Local\ProtonVPN\ProtonVPN_Url_cmnccr2xp2ofmvhglly0haihuyzzqh0i\3.3.2.0\x1ger0jo.newcfg
            Filesize

            1KB

            MD5

            1093f5cb274cf052f4c7cced9689048f

            SHA1

            53ff507748bea922938f0adfc391d2fbf52ac0f1

            SHA256

            af297f3558e5d14af89c5954f76620c168d677080da4bb63845ab085457ffe49

            SHA512

            65df07daed0155ec88c488e147770fb8679a13b2c51e028e2dd6d47b259b85e005af8e9e4947947fd2520d07ac02fd1a477fba8abd565d05154565b7dc6f9387

            Download Submit

          • C:\Users\Admin\AppData\Local\ProtonVPN\ProtonVPN_Url_cmnccr2xp2ofmvhglly0haihuyzzqh0i\3.3.2.0\x1sonx1y.newcfg
            Filesize

            1KB

            MD5

            12e1bf9231d06507c0efbd2bced00719

            SHA1

            16b099635240aa5760e87a99e5a5b8ba1bad1bfb

            SHA256

            ef1fb3b92f6da225f98bda454d87e47c4ba7bc1855e7e4779d91dc50fcb787c8

            SHA512

            341f34a0334a1f3183d56e8b1c4843ea855908abded5a68b51c0bfe55b1ccebcf00ce2e37c972ab6ef8970439279699fb68af6667620a8af2ced0cd763a28252

            Download Submit

          • C:\Users\Admin\AppData\Local\ProtonVPN\ProtonVPN_Url_cmnccr2xp2ofmvhglly0haihuyzzqh0i\3.3.2.0\x1yedohn.newcfg
            Filesize

            1KB

            MD5

            ef3527fcceee830fe1246d3f0b4dfa09

            SHA1

            5b742705c02a40d2686885068231467a53907b3d

            SHA256

            1a6079c298249a3de18b3121659a1c70cba430601a92d0d9ca5e7b8af0b25c8b

            SHA512

            a0cec738b9d3ed50450b57c2f7bfa4c591944a71dff3cd4603d7359e884fefc7042df1ef4f2ef9f5003ad27c12ae88559266cc46112dc465a9ac47ab0c2f7429

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\Setup Log 2024-10-14 #001.txt
            Filesize

            209KB

            MD5

            c8e6918cda80b1b2842a49e50419ce4b

            SHA1

            0a874b231c0c5044c6e73df385ae6e9b0ba05ec2

            SHA256

            8d969c217d0148fedb2e5a93400e6d39544a4d8291b1ba0e9a5ac5e4b2cd4ef9

            SHA512

            ca5597237c60525ff6723c962dee7ff3fb1aeb05481c7a50c95ec2538801ccd4b7f56f6209035faffaddb375e7908149757ffe0f25bad23faa9fb86c7d36dd42

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\is-7RJSV.tmp\ProtonVPN.InstallActions.x86.dll
            Filesize

            565KB

            MD5

            5372cfad6f664b137cc29caa9c1f11e8

            SHA1

            0d0e26840f872366aba319c84cfa3b66f75cd744

            SHA256

            9feea50330e6ecc2a0dd8e38313801ca8e43033a15c54a72cbde672c06cd6dd9

            SHA512

            1e564bef1101ce24f203e38e2df66ead5515e782b160ac4f21bdc1f70a52bc1762e75cb20112f0e850a760d6a06ad9861e780131748c8ac95169bf97a6df4ff6

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\is-HM5GE.tmp\ProtonVPN_v3.3.2.tmp
            Filesize

            3.2MB

            MD5

            eaaf0a48c689dc165dc5e13aff88e5b9

            SHA1

            68ed13650bcdd295789c3b89dd0a2f37aa132aee

            SHA256

            6e5416fcb5f477e5a8c8335f499c3f5963ff9b8e461437bcc660b830e2aab132

            SHA512

            6b57ecd795f574ad75c5b259864f3626bd48e4994ff0e960486c65a474f4b8cc752348424644be5b887367cafce9f60e39a1528e6cf2f21bedcb0d4770f149f1

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Proton\Proton Drive.lnk
            Filesize

            1KB

            MD5

            e85c998678e85e89182f47309d68ce1f

            SHA1

            13245bf9f0b7bcada1970e6c780e06370988dd13

            SHA256

            c59226a685d548a294690294decb180da2c888ffd73404025b9cb810cdb02d4a

            SHA512

            6bc8aa61bd518a567f2412f38d3b2c0e28c0784fc650746c9c38cdef94bdb222f28fff20e50d977500334b025eaa652bef86b59cc80c28cfddd34ccb0d39dada

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Proton\Proton Drive.lnk~RFe583ee8.TMP
            Filesize

            1KB

            MD5

            9a6ce3b57dfaa4c74dcbff751c9534ad

            SHA1

            1cd9be875b808b00d1d2513caf87c1c2203eebc6

            SHA256

            3341873a6dbfd52f0de58e1f7741dfe1593b792326455645d585ae626853a0ac

            SHA512

            5328517cbce7d1d35800d049bc8432345a3ba11493965284dcd4fc49e4b4749819d847ec64b8c46ef197a622afe8640c8594e00b95bab45b21885e5e17dd29b3

            Download Submit

          • C:\Users\Admin\Desktop\Proton Drive.lnk
            Filesize

            1KB

            MD5

            08ac266f3757aed9d30a209b25dd1559

            SHA1

            4180ffb278c27ddf248fc728332b44c207222f1d

            SHA256

            7a62514cb188f24edc7148c2df16dc68f82cb2a1d496d57283db11ddf6c0844a

            SHA512

            de22b02b94ed7904bbbd65365662d45b7a83f2baa411a2583ddd94ffe43716d1ec5c9a23a7efee6b4b88608a42849c1572cdc8cf46e3213ac826eba5a5c47792

            Download Submit

          • C:\Users\Admin\Desktop\Proton Drive.lnk~RFe583f94.TMP
            Filesize

            1KB

            MD5

            bb3cd8359706e451a71afc504d0820c6

            SHA1

            b09de149cd8c50264f7a261f16f743e27b657231

            SHA256

            3880e2d12796554dd6b9e07989dd0146f70e66581c58e76bbe9037498380f60c

            SHA512

            2f43672cb323158623353da3cdba26b1a03806913d149433ff6a9c34f62ebeabf8a96d00669f6c972f9b279824381529dba965961a991868065d6da28c39f4b7

            Download Submit

          • C:\Windows\Installer\MSI35B3.tmp
            Filesize

            328KB

            MD5

            6eef54d8b528ae16a05bc1555466ce66

            SHA1

            3dcd61205714f63d2aac7b7a6c91b12bdc445010

            SHA256

            152c7ed1a77153ff88126b73fcd9424ef245e1d4c5978ded4da98b30ef1da865

            SHA512

            10b6673c9c0cb14c0155910dc709969279a63191279f51a403967cc662a3fe7f4ff40845df3a8f49cab5bd05e49a8a20bd052d8e9e3df3d6caa2c7b18220a36a

            Download Submit

          • C:\Windows\Installer\MSI378B.tmp
            Filesize

            394KB

            MD5

            44e75952b658ffe4869cd40db1299c8f

            SHA1

            6bb94bf54f401772d2aa21a37f17b319fe0417b3

            SHA256

            50bbf22db97433456a4307211b99641740f20a6421bcee32216fa888feaa7b2c

            SHA512

            bca6f5b4bc1f301191f713c7ecb5161ad8eedba6503ddee0ffc41b6e48c617c4fec19de22a63e139055ddba4fe4dae51505bb005b5cdad72d6684dfecd55c8a6

            Download Submit

          • C:\Windows\Installer\SFXCA6F27E194F642C409D4DC8FD4AD229920\CustomAction.config
            Filesize

            959B

            MD5

            ee9a8381338b060d86c58e2415f481f3

            SHA1

            200f3ed7c773f50c80644f3976e09e876f45993f

            SHA256

            7e1096d6f39ebe04d6e38bc714983af05ed92cc2bb4d3365ed4c85e733cb145c

            SHA512

            26b9108b9522574e08560bc45a6470f85ca149317bd763f3a357040e0f0e743fd7bfc05e0ce2d9fb52bf89e22c61d221ddf8a7163f5143848717ca3d56847ef1

            Download Submit

          • C:\Windows\Installer\SFXCA6F27E194F642C409D4DC8FD4AD229920\ProtonDrive.Installer.Extensions.dll
            Filesize

            7KB

            MD5

            c667d83c6b648634a169be1c698d36d9

            SHA1

            04a703ec1b34509c46f672b50f0c48a94b448faa

            SHA256

            608889a252b1302389f7355c24adffe604072b43f3391b8c361dffece850f897

            SHA512

            397736f69d0d3505901bd417ea57526a8a63e76fe9fb5f13c20ed0166620c89c37c694bb55b78c00cfd931322081a9317fea7db35760aeb10fb2539a28061149

            Download Submit

          • C:\Windows\Installer\SFXCA6F27E194F642C409D4DC8FD4AD229920\WixToolset.Dtf.WindowsInstaller.dll
            Filesize

            195KB

            MD5

            195e24ce1176fcf271b12c208638a6f9

            SHA1

            3e0f5d607a6e866fb26ea3d652de3ff2764af2d8

            SHA256

            04ff498139c67cccb791ce0a6a2dc38792149fa94516736689bc224f026bde35

            SHA512

            91deb84f9a4577de7c133f9c18544b70c3e1aa8e99cfc6e2673864a744382120493c9424b7a88aa6a403a4ff88af96dc5628c4473fe37d4e1b9ff7b28724da56

            Download Submit

          • C:\Windows\System32\DriverStore\Temp\{1b609a8c-a27d-1f47-a654-de692a01ee6f}\wireguard.cat
            Filesize

            9KB

            MD5

            be8c17a323efda06d86df34119ebe1c9

            SHA1

            e0ea2dfe6bd5ae19c6ed07ce674421ee7a26fcc0

            SHA256

            6beb0344558df571234365d925c9d1ff0661b4806d87a3a7ed10f86cbe1e16a4

            SHA512

            4462c25d2a710a5bbd1a35057e395e6f678b7845cb7ac4232886b8f5a65aa15d56a3ba064ded20a21b1a42fe4fa722e444c3fd2d5ce6646684bdc4d07c4b38b3

            Download Submit

          • C:\Windows\System32\DriverStore\Temp\{1b609a8c-a27d-1f47-a654-de692a01ee6f}\wireguard.sys
            Filesize

            477KB

            MD5

            f6092ec8f7abdb3c2c089bfb3279b65f

            SHA1

            432d2cdd982ee82fb0cfe2df025327c3692ef1a0

            SHA256

            94def0c6290dbc32ebb9a6e72d2f76d0ffe66365606efeef952834768e47f1d8

            SHA512

            6b62a0ce9f4bcc7c07afe2fe8c632f3a6bcdff73c3f1eeb5a4a8aebc2823f6f7edcd6d5ffd6c2d0b1adca486889b508271862217b553e5f2ee7eb9ba8e88b57f

            Download Submit

          • C:\Windows\Temp\b4baf7daea7384e330d25f7dfcdc7763736fee70e977e66d82becc95a8eb4650\wireguard.inf
            Filesize

            2KB

            MD5

            945faa0eff8b1a73afd3255e1f28aa3a

            SHA1

            cfde5c7ce0f79fece868606bf68493949a35d38b

            SHA256

            079e58e9b00de894557bae8feb40cc578070376a52971bd733d74e8955b3b126

            SHA512

            3f0850e254679e98769de5339a0114e44697108ef079bb3fdc1698d1a27fb63aec240ca17ecc72026a4c9d0f85b54ae1b31625691b656cbc962c15b4c78de213

            Download Submit

          • C:\Windows\Temp\{5CEE46B5-4C41-4D19-B014-9C265FC37934}\.be\Proton Drive Setup 1.6.2 (f16b5a37).exe
            Filesize

            1.3MB

            MD5

            ce6d2b9c4ab51cf3491119293b68c1ce

            SHA1

            550b34378706eef64c4cf97017691d640c2d91ff

            SHA256

            631b04a8d968d7cb07d18db7edf9bd56e0452d7089c6cb62df1a5e94a0ab6ea6

            SHA512

            bb9e30260be90c6a1dd420c4492b86b53f7d84e166f4d42c51166893078e4a1fcd5d865345a644fbad80794e8d1173feb4918973a94b65aea4ffe864a648d4b7

            Download Submit

          • memory/640-1646-0x0000021BBF710000-0x0000021BBF744000-memory.dmp

            Filesize

            208KB

            Download

          • memory/640-1648-0x0000021BBF6D0000-0x0000021BBF6D6000-memory.dmp

            Filesize

            24KB

            Download

          • memory/1084-1236-0x00007FFA6375B000-0x00007FFA6375C000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2028-1929-0x000001227E0D0000-0x000001227E17E000-memory.dmp

            Filesize

            696KB

            Download

          • memory/2532-1923-0x000002014E400000-0x000002014E4AE000-memory.dmp

            Filesize

            696KB

            Download

          • memory/2532-1798-0x00007FFA820F0000-0x00007FFA820F1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3088-2951-0x00007FFA56C50000-0x00007FFA5709E000-memory.dmp

            Filesize

            4.3MB

            Download

          • memory/3088-2950-0x000001C7012E0000-0x000001C701309000-memory.dmp

            Filesize

            164KB

            Download

          • memory/3352-1924-0x00000229F7D00000-0x00000229F7DAE000-memory.dmp

            Filesize

            696KB

            Download

          • memory/3372-1280-0x0000000000400000-0x000000000050A000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/3372-2-0x0000000000401000-0x00000000004A9000-memory.dmp

            Filesize

            672KB

            Download

          • memory/3372-13-0x0000000000400000-0x000000000050A000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/3372-0-0x0000000000400000-0x000000000050A000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/4448-12-0x0000000002630000-0x0000000002770000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/4448-14-0x0000000000400000-0x000000000073D000-memory.dmp

            Filesize

            3.2MB

            Download

          • memory/4448-6-0x0000000000400000-0x000000000073D000-memory.dmp

            Filesize

            3.2MB

            Download

          • memory/4448-1273-0x0000000000400000-0x000000000073D000-memory.dmp

            Filesize

            3.2MB

            Download

          • memory/4448-16-0x0000000000400000-0x000000000073D000-memory.dmp

            Filesize

            3.2MB

            Download

          • memory/4448-15-0x0000000000400000-0x000000000073D000-memory.dmp

            Filesize

            3.2MB

            Download

          • memory/4448-669-0x0000000000400000-0x000000000073D000-memory.dmp

            Filesize

            3.2MB

            Download