| Name | 9d38b26507120c8c_Microsoft.Extensions.Options.ConfigurationExtensions.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.Extensions.Options.ConfigurationExtensions.dll |
| Size | 18.4KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | 40a801619f536846ff777beadcd62f27 |
| SHA1 | 5a3c722df02ffc81d813224d98af375ab7b09cf9 |
| SHA256 | 9d38b26507120c8cbefacbf6d2ddb5e89a53db475efefcfde221685b8eed0803 |
| CRC32 | 7020726F |
| ssdeep | 384:SAiOi2iF62mrA2TqxWxQ+ZWzK0W4dHRN7kuBClGsKVo:SAiOi2ihlG3fMnVo |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | c85cf85783322abe_Microsoft.Extensions.DependencyInjection.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.Extensions.DependencyInjection.dll |
| Size | 74.4KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | 43976c7dd59919e767527398d3fd7e01 |
| SHA1 | b7913d30630356b814da0533f126d75e64594849 |
| SHA256 | c85cf85783322abea6532c10f63f7dd6745398ff875486ab869ee542ee731fea |
| CRC32 | 545FDCEA |
| ssdeep | 1536:cNOvcLxIFcvKln7wrSWp+1utn7Q3lFkmidDGwlF0TCOjzrT:cD1Is4mSWp+18Q3lFkm4ETCW |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | a401a225addaf891_mbapreq.png |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\mbapreq.png |
| Size | 797.0B |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PNG image data, 63 x 63, 8-bit/color RGBA, non-interlaced |
| MD5 | a356956fd269567b8f4612a33802637b |
| SHA1 | 75ae41181581fd6376ca9ca88147011e48bf9a30 |
| SHA256 | a401a225addaf89110b4b0f6e8cf94779e7c0640bcdd2d670ffcf05aab0dad03 |
| CRC32 | D108E74E |
| ssdeep | 12:6v/7rW3M/jDYAlFTzdvhKZ7e/cbp4/82UNb6MjmlKPNXheD1H0oJodqSXaTbutak:lQD1lldv8Z7g04/82Y6+Pxi19mDoqt5 |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 42f3673bf53dae52_Microsoft.IdentityModel.Abstractions.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.IdentityModel.Abstractions.dll |
| Size | 19.4KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | 71ec67d91460b04b084f3f7c946f7939 |
| SHA1 | ec545499d76113eb82883af617d67ad11aaea8de |
| SHA256 | 42f3673bf53dae529e0328a0090ec4c0240f4758690ac8de159f40105ecb8ac4 |
| CRC32 | E68E0669 |
| ssdeep | 384:VjwSPsN2OEyQ1V9k/cjzWd+oWu72HRN72mzDX+iR9zzKFf:tbFl7KcrCitzDuO9zWV |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 9d323750d80e7458_Sentry.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Sentry.dll |
| Size | 408.8KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | c71dc625dd9deac32cebc8d08a4ac84c |
| SHA1 | 5b10e9985a1a30f0ba2bb1b63be4a1886d0eef67 |
| SHA256 | 9d323750d80e7458d0bd12b98af2f13d4207aa0651923d688f71a8ae8fdb92f1 |
| CRC32 | B4762B1D |
| ssdeep | 6144:KeAPK1QqjDBiDXg+YphwjNXvA741URO1UUQ5xB2fv1TRCy8:xqKyqj6XzYawxaTEV |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 9dfa1bc5d2ab4c65_mbahost.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\mbahost.dll |
| Size | 119.4KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows |
| MD5 | c59832217903ce88793a6c40888e3cae |
| SHA1 | 6d9facabf41dcf53281897764d467696780623b8 |
| SHA256 | 9dfa1bc5d2ab4c652304976978749141b8c312784b05cb577f338a0aa91330db |
| CRC32 | E3C48A10 |
| ssdeep | 3072:iyjfrCvv4JR5zsemsABCF0TPSLNegl/+b:xrrCYRsehsIX/E |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 3cadcb6b8a733514_System.Runtime.CompilerServices.Unsafe.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\System.Runtime.CompilerServices.Unsafe.dll |
| Size | 16.4KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | 9a341540899dcc5630886f2d921be78f |
| SHA1 | bab44612721c3dc91ac3d9dfca7c961a3a511508 |
| SHA256 | 3cadcb6b8a7335141c7c357a1d77af1ff49b59b872df494f5025580191d1c0d5 |
| CRC32 | 23D92AA6 |
| ssdeep | 192:erLXx0hyLsbb3rxVj7WU2WLTYoW4GD5dHnhWgN7acWlbAkWD7DiqnajKs3WoHpZ:Ih06sbbVVPWU2WPY7dHRN77RGlGs3jJZ |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | e2bfdb2cf3beae2e_mbapreq.wxl |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\2070\mbapreq.wxl |
| Size | 2.2KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators |
| MD5 | 8a278e519ef81b2847490efb070219bc |
| SHA1 | 7365edf6e4f9e66b6cee47933b6c70ff0b9ecff8 |
| SHA256 | e2bfdb2cf3beae2e988827c52c58006d7eead4aba5312b5eae1f6ccf3863c385 |
| CRC32 | 71AF17B8 |
| ssdeep | 48:cxX7DbT8QGls54nK3znI5zKDj4NLkdoN3mMNYsEPbpK2Aegeu9A5g:8LXTUasJnYdi59som6 |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | ecb5c22e6c2423ca_mbapreq.wxl |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\1046\mbapreq.wxl |
| Size | 2.1KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators |
| MD5 | bd39adb6b872163fd2d570028e9f3213 |
| SHA1 | 688b8a109688d3ea483548f29de2e57a8a56c868 |
| SHA256 | ecb5c22e6c2423caf07aebe69f4faf22450164eee9587b64ef45a2d7f658ca15 |
| CRC32 | 3537066D |
| ssdeep | 48:cxX7DuoT85b0s/4TDoYDj4NF5j2hN3mMNYskPDXKIMaKcP9A5g:8L1TmBHjs59M8r6 |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | a7e1a4601fa280ad_Microsoft.Extensions.Logging.Console.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.Extensions.Logging.Console.dll |
| Size | 50.4KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | f8536e13697fc017c0c4038a4db6074a |
| SHA1 | 1cde865ebae9bd7d000bd29872d692a1d9dba0f0 |
| SHA256 | a7e1a4601fa280ad97e4a94069157b057c2d5158388e57058f87cd9f8915337c |
| CRC32 | BCB9919E |
| ssdeep | 768:rY5b4nl0pGF1Mb89eNqWHX2B/am55GImjf7nDOoBa1lSeK/7szb7HOCSH:U7fNq6X2NaMIDOoMvKOLRSH |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 599a79d25958eae6_System.Diagnostics.DiagnosticSource.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\System.Diagnostics.DiagnosticSource.dll |
| Size | 95.9KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | ccb6a65fa77074cdb0cb00478a89aecc |
| SHA1 | be6e62302419bfcd9fd9842a9084e64367580970 |
| SHA256 | 599a79d25958eae655ddae7337477d16ebc4f013b6896bbd60719c85b37db88c |
| CRC32 | 58979353 |
| ssdeep | 1536:qCDoXrtUaK/XIg+rZAXj8s9HaWt9LuOw9VHHV55aTwWbxp:jitRK/XIgIZAXjD96WfLtGdM5b |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | ccdcdb111efa152c_mbapreq.wxl |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\1041\mbapreq.wxl |
| Size | 2.5KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators |
| MD5 | db0f5bab42403fd67c0a18e35e6880ec |
| SHA1 | c0a18c8c5bcd7b88c384b5304b56eeb85a0da3dc |
| SHA256 | ccdcdb111efa152c5f9ff4930033698b843390a549699ae802098d87431f16fe |
| CRC32 | 49BCD237 |
| ssdeep | 48:cxX7DpcYT86WyscLpTIFw6tnOUjsj/D3NIgHcQN3mKN/WPOhT0SXsDay+z8QZEcE:8L1TccOFw6tnOUjsjpICnlOO934apWz |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | cb7ffe9529a8b376_System.Diagnostics.EventLog.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\System.Diagnostics.EventLog.dll |
| Size | 28.4KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | 99d20839c3093294a60c204090d751a7 |
| SHA1 | 090751322aa7068fc20c1ab3db2ca9ee117a5c88 |
| SHA256 | cb7ffe9529a8b376269882e3622593c1b46d9b159c46afaa1f87e0ff62e7d403 |
| CRC32 | F20E9B1F |
| ssdeep | 384:uWzbTA9W/wni8vV1K65x0mRh+HbNQ1OaXI7tUWjvWpdHRN7IqJXlGsN:STi8MmL+7NQ1OaY7by7E |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | e054e111ed510390_LaunchDarkly.JsonStream.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\LaunchDarkly.JsonStream.dll |
| Size | 41.3KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | 68e2771aff2173111f978788762c0160 |
| SHA1 | 07796440c7c5577dfe54adbd8bf4cfbf5eb6888a |
| SHA256 | e054e111ed5103902cd63c07ac9b19701bb6e2766f76271d530b9759bb266a6b |
| CRC32 | 7FDF6CA1 |
| ssdeep | 768:sI4TeRcnyVeMzwjMjqsLI2atBnmbSVQAp4KsS7TWYjNxaYi5AMxkEJB:sI4TeRcnyVeMzwILXavnmGn4nLoxa7h9 |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 3fe6ab43e42d5c34_Sentry.Extensions.Logging.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Sentry.Extensions.Logging.dll |
| Size | 59.8KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | 58a43f7e0da70358195c9ec79c898d1a |
| SHA1 | 2df6c1558493aac3de31be1fc218ca2121e27db2 |
| SHA256 | 3fe6ab43e42d5c34385aede61882136f75c5b3b53991b372e39398f08ac8a80d |
| CRC32 | F750EC8E |
| ssdeep | 768:RE6aHrFRF4RGxF1qQY3jjul3ghuNJ6/7HLFJIEz7fkHHXUd1dVih8kTYiqAMxkEi:R69xFAfnTuNJ6/7DIA77oT7IxG |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 46451e1168dd11d4_System.Reflection.Metadata.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\System.Reflection.Metadata.dll |
| Size | 451.9KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | c4ea65bd802f1ccd3ea2ad1841fd85c2 |
| SHA1 | 2364d6dd5dd3b566e06e6b1dc960533d2b3017b7 |
| SHA256 | 46451e1168dd11d450aa9b6119f17cec9a70928a40ac3c752abf61ce809cba6f |
| CRC32 | 35AE985C |
| ssdeep | 6144:6GQpCbBfTdCUG6Af0AQu/uePT78Wz3g8V51G3tTkd72ipc5/cSAy/B:6GhBK0AQuueVLm9g7iky5 |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 2c7435257690ac95_System.Text.Json.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\System.Text.Json.dll |
| Size | 347.4KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | 38470ca21414a8827c24d8fe0438e84b |
| SHA1 | 1c394a150c5693c69f85403f201caa501594b7ab |
| SHA256 | 2c7435257690ac95dc03b45a236005124097f08519adf3134b1d1ece4190e64c |
| CRC32 | 98B9E981 |
| ssdeep | 3072:USOCU3QYmd1QhS1h2pCUoUJeXq7YAAEP1VIGm/0aW/49rZbpQ2M6R:Q7MQMh2pCUreatAJhrZlh |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | ef46212bf5959a97_DeviceId.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\DeviceId.dll |
| Size | 32.3KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | f536e4787e1b834a8eb1df50e0ccbe56 |
| SHA1 | c20b8d0d52f7530c17e1611116818f68524a7bbe |
| SHA256 | ef46212bf5959a973cf784821078155c54d28c22c973ee1ecaaa020bc87e81d2 |
| CRC32 | 3D61FF36 |
| ssdeep | 768:Rs4WDeMQu0ePkkS9IjAknOAysvRbeylxMJ0A1UEYicAMxkE:RNrM3jckS90AsReaMJ0A1UE76x |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 200aba7859ecfb04_Microsoft.Extensions.DependencyInjection.Abstractions.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.Extensions.DependencyInjection.Abstractions.dll |
| Size | 43.4KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | 7a9b8793552ce40160a6d273b22f807e |
| SHA1 | 1c302ea0a44f517b97af19252140ec710d5d3bfb |
| SHA256 | 200aba7859ecfb045d43a8e2bf9abce4c929507364b7714388f59affe708fb06 |
| CRC32 | 30CDCD52 |
| ssdeep | 768:gQnUmCQ0dQ8d2TN7uxgoXvM4s8w0woFY9SP8:MmC3dQ88Tk+8vM2fBO9I8 |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 41545ac1247b61c3_mbapreq.wxl |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\1044\mbapreq.wxl |
| Size | 2.1KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators |
| MD5 | 5454f724c9cdab8172678a1cc7057220 |
| SHA1 | 241a57018ace1210881583a9cf646e7d2e51412f |
| SHA256 | 41545ac1247b61c3c3e2a7e4659d9fad2bcca8347c69f2eb7b9d0cf5fc31e113 |
| CRC32 | DCBDAF22 |
| ssdeep | 48:cxX7DTeT8uUbnFdsLnFHv+Gpm1qL5DQNDDaoN3mpZfN15dPnfuOOg5wZ5uAq8fAS:8L+Tec1x8Siule4S |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 06bfb6dfbc38105c_mbapreq.wxl |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\1055\mbapreq.wxl |
| Size | 2.2KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators |
| MD5 | 01b200e06ba600a4ef00c00f7aac5ce4 |
| SHA1 | 22234426c42637e069a46217019551e4434a4ab6 |
| SHA256 | 06bfb6dfbc38105c699dea226a029df3ef673c33e4b8928dc4ec7fb8f761487d |
| CRC32 | 80DA48EC |
| ssdeep | 48:cxX7DNcYT8anOSMsHEqGpcBztpvrJlrs2ZmNI2+Yo6irN3m22NFcPc+4Trzrdgc7:8LZHTE7APaTI9sq6yEbgg |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | ce241f96331ca11e_Microsoft.Extensions.Logging.Debug.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.Extensions.Logging.Debug.dll |
| Size | 16.4KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | 523731ef0c75f3cf36d17e0c0f7c6ee7 |
| SHA1 | 50e24c55d1399ea6550652e3de8d80de7d1d02f7 |
| SHA256 | ce241f96331ca11eacac64c683e11fe659e5ac157eaa224c9fe742d20b1ce983 |
| CRC32 | 18F43380 |
| ssdeep | 192:zvfd1aMqiPDrQJ9lK+bc0WJuVMWLMW4GD5dHnhWgN7aQWmX008Cw7qnajKsV9f:DsKqc0WJuVMWjdHRN770uw7lGsV9 |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | bf3fb84664f4097f_System.Memory.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\System.Memory.dll |
| Size | 138.9KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | f09441a1ee47fb3e6571a3a448e05baf |
| SHA1 | 3c5c5df5f8f8db3f0a35c5ed8d357313a54e3cde |
| SHA256 | bf3fb84664f4097f1a8a9bc71a51dcf8cf1a905d4080a4d290da1730866e856f |
| CRC32 | 73135722 |
| ssdeep | 3072:nUGrszKKLB8a9DvrJeeesIf3amN32AW/rcyw/s:OB8l3/aK32qU |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 1acb904f6eee86f3_Microsoft.Extensions.FileSystemGlobbing.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.Extensions.FileSystemGlobbing.dll |
| Size | 38.9KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | f8dc23b883576fb84eccd1b7b56490d3 |
| SHA1 | c447b48529380954c878f1d933a10ef1bc402bb6 |
| SHA256 | 1acb904f6eee86f33b507a7e7cf8f2112d34d1b34daf1532df4d800795d328bc |
| CRC32 | 921EBEE8 |
| ssdeep | 768:W3+ioGsPTI6Fp6xw4XuR6GUOK/YMO9De0AHP:WOioxv6W4Xdg/9De0+ |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | c63de5f309502f92_mbapreq.wxl |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\mbapreq.wxl |
| Size | 2.4KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | XML 1.0 document, ASCII text, with CRLF line terminators |
| MD5 | 4d2c8d10c5dcca6b938b71c8f02ca8a8 |
| SHA1 | 11577021465379e9d1ff4260e607149ba5dfa6b3 |
| SHA256 | c63de5f309502f9272402587a6be22624d1bc2feacd1bd33fb11e44cd6614b96 |
| CRC32 | AAB98835 |
| ssdeep | 48:cxX7DxMT8dbCsK19Wqq8+JIDxN3Wm2WcN3miNlLPDHXsmkaYXfXQ2BmGA7b1fABP:8LuTY1xmmmTerNR0AT1O |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | be04791965e067d0_Polly.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Polly.dll |
| Size | 278.8KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | 71f3055b844f4bedb9e979c0a3cf5714 |
| SHA1 | 6f407a3c0555702194902c4880f7ad635e1c2797 |
| SHA256 | be04791965e067d060adf6d82aa131dd99b294eee38c9878cb55f1bc170bd9e7 |
| CRC32 | 84F53156 |
| ssdeep | 3072:TZAWDkTmokB1QmoA5XoQAUk27ZGasJMaRtWct14ClZv3YpsPluH:TZU0B5jTAUkGwBXbt1Tz3YWa |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | ac464ea84539c60c_System.Reactive.Core.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\System.Reactive.Core.dll |
| Size | 112.2KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | f20967beae947a5d54156b5cb40d0c04 |
| SHA1 | c5ea57f70835e22cbaf08ac5262716de3de16f2b |
| SHA256 | ac464ea84539c60cbdb498dd787f6fb90b2f11067a5acc9e1ed4f8f62cb7bc7a |
| CRC32 | 2530733B |
| ssdeep | 1536:M4lSZORCIxxmvpy76ut1mg9EoVVXfrZ3FdTMN731RsYkRSTzEf:M4lS8Crv868DDFTMNL1R9kRSTm |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | b8aebf51e54cd837_LaunchDarkly.InternalSdk.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\LaunchDarkly.InternalSdk.dll |
| Size | 70.8KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | c2d294bb38a2423513a882cfcad6fe45 |
| SHA1 | ef502ed8e5d6d285b9800c87bf29a30c66382cf3 |
| SHA256 | b8aebf51e54cd837a4c08b9d3576e896bbfba0e5afbe71eaa4df26b1f12a9a4b |
| CRC32 | F1C063E0 |
| ssdeep | 768:yGD5Svl45bLEL9msEGe9pGU6yOAuJy9BQggy2kqvc7iWPkppW3T3h11YiPAMxkEC:b5oQaELGU6yOAyy3QggxcDkjW7j17PxG |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 3c73e28a9f3e9e06_grpc_csharp_ext.x64.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\grpc_csharp_ext.x64.dll |
| Size | 9.1MB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32+ executable (DLL) (GUI) x86-64, for MS Windows |
| MD5 | 36639c8b49aad64b03173f1307f45ace |
| SHA1 | 61209b755c5f6d788a4085b92f29785ec852062a |
| SHA256 | 3c73e28a9f3e9e060468ba91e0da85f09f34ea2c68e76a045bc610620fb1b2fd |
| CRC32 | E441E821 |
| ssdeep | 49152:LJxynY5uKmtzmVkxBAOmWc2BToykJn2DBDCoeUkQZJt4RYtVNdkNWT0iMjrtswdU:LhYYYZ2WunULydru2vLa3C+EyJHfp/ |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | da005e408ac85c4f_Google.Protobuf.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Google.Protobuf.dll |
| Size | 381.1KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | 25647dfce0e91490e97f8c6366b2632a |
| SHA1 | 8b812d8418143e0e8bc782e6687583dee13710bd |
| SHA256 | da005e408ac85c4fafae30aa79ab7c18ddfa9fb5b23cd7fb2228a88413388c54 |
| CRC32 | 5941945F |
| ssdeep | 6144:plJSjUMQl6IAYtYaPE2uHHxD3EmLOMcnWXcjVDAAAXAAaAAAXAAUAAAXAA0AAAXk:GUMQl6IAYtlMxzLXgDAAAXAAaAAAXAAw |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 3ea9860d740a3949_DeviceId.Windows.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\DeviceId.Windows.dll |
| Size | 16.8KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | 0937f34c55616f41380a3e1494d477cd |
| SHA1 | 78e112bff83393c5463065a89f490e93d6ab173a |
| SHA256 | 3ea9860d740a394982eed3596a53425b29688e7d0e6106942585b2eeceae1dad |
| CRC32 | 9F43D355 |
| ssdeep | 384:oJSO8HEyEwgIoxUsIYiARuefAM+o/8E9VF0Ny083E:0hjjIV9Yi8lfAMxkEaGE |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 873b7debc4411c27_Grpc.Core.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Grpc.Core.dll |
| Size | 459.1KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | 832a45191b8711adc888d8d45b26f0f8 |
| SHA1 | a90d87c10f3e5ed48a80f8e1cf0e883a07830c8d |
| SHA256 | 873b7debc4411c2707b48de1454d2ff437d9d56d44ad603c6487a8fb69b4413c |
| CRC32 | 4984D850 |
| ssdeep | 6144:EUVJOfGX4sRztpBWXdA7M8f9Zsm5plXqXmRrcMBHADwYCuMslic:v/+GoqBWS7vZT5LAmRrcMOb |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | e30e9619fe1729b8_System.IdentityModel.Tokens.Jwt.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\System.IdentityModel.Tokens.Jwt.dll |
| Size | 82.5KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | 16a8605a86e9c65618af2db77a0b742a |
| SHA1 | 94da6c84c9daed2348fb71cfbedebafec86e82c8 |
| SHA256 | e30e9619fe1729b826fed66122c03f06cc92f19118ff06ba578dfbc47dc48e18 |
| CRC32 | 8E83D91F |
| ssdeep | 1536:wfzoIRl7Kr0aYTGC7ok5pc/ukfApnqk5p/rqXTqA88ZmrJ3niwyBempzr:2zvRlWrock5pc/ukfe/rqXTqA88Z03iv |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | a40c94eb33f8841c_mbapreq.wxl |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\1040\mbapreq.wxl |
| Size | 2.2KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators |
| MD5 | 50261379b89457b1980ff19cfabe6a08 |
| SHA1 | f80b1f416539d33206ce3c24ba3b14b799a84813 |
| SHA256 | a40c94eb33f8841c79e9f6958433affd517f97b4570f731666af572e63178bb7 |
| CRC32 | 2895C5D4 |
| ssdeep | 48:cxX7DQyT81ebRcesyB+lY25ukVpkXJM2DJNXhpXZoN3mMhNTM+POYO/n1YxXlcI5:8LFTzLtkfwWKXHZi37MIDp |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | f2c2b3ce2df70a32_BootstrapperCore.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\BootstrapperCore.dll |
| Size | 87.9KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | b0d10a2a622a322788780e7a3cbb85f3 |
| SHA1 | 04d90b16fa7b47a545c1133d5c0ca9e490f54633 |
| SHA256 | f2c2b3ce2df70a3206f3111391ffc7b791b32505fa97aef22c0c2dbf6f3b0426 |
| CRC32 | 1C23FD1E |
| ssdeep | 768:9BgPxZlx0MBps+j7ejaab0Y6OwE7v10WHSp5fh06iG27N9k+6ybJ1ErEgtCmYjhm:HHMBp/GRbgi5ofpiG2pq+51EogsmYI |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | d5f7cd54e4aa3b02_Microsoft.Extensions.Configuration.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.Extensions.Configuration.dll |
| Size | 29.9KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | 4ae4c4004b28a9c7286ce1b4f2bbf415 |
| SHA1 | 423c11f0e71b51378f39eb275093aa223c49f848 |
| SHA256 | d5f7cd54e4aa3b02bd445bd5b8ff4786cb6463ec976cbfe820fced5e272ec572 |
| CRC32 | D14EDD08 |
| ssdeep | 384:POTlsDQPlmHavPPjHFhWPMyZYCDQUp6Dv9Lw0pM8yL2lUDxgopXJXBVWJuVYWEdA:PcWDElmHavPPjHyPMyZYiuDB+rBJYY |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 5da295c08aba9257_Microsoft.Extensions.Configuration.Abstractions.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.Extensions.Configuration.Abstractions.dll |
| Size | 19.9KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | baa7644ed2f322d1d2c953220987c4a9 |
| SHA1 | 3860c3d54413837fd23e9a7081c15d27ab2ed4f0 |
| SHA256 | 5da295c08aba9257c8f27a39a3d21e0ee82c4e55c098794688305c270b4983b6 |
| CRC32 | 59B8036B |
| ssdeep | 384:mxyePWsFAWKNbXTG/nBEzRjz6PyM86HfVvWsaNWvdHRN7DaBClGsKVz:mxXe29VE6DKVz |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 5ee4134c25d7c95d_Microsoft.Extensions.Configuration.EnvironmentVariables.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.Extensions.Configuration.EnvironmentVariables.dll |
| Size | 19.4KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | f502afa74d2f363e79f3cb93c07b3655 |
| SHA1 | 5c3aadc3ee63e726f840d9f2c0ac44744dd0fa19 |
| SHA256 | 5ee4134c25d7c95dadf2d3681949a8b61f72358542edcdb4f2a56fbb469a69ea |
| CRC32 | A6F7EAB6 |
| ssdeep | 384:mtH8+HJ3oKUqmiNTlMkKozKjzNwAF8o4EWUKeWvdHRN74iQ1IlGsd:yrHJ3oxPBDA14JJ |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | c86b4625d3a35b6f_System.Reactive.Interfaces.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\System.Reactive.Interfaces.dll |
| Size | 23.7KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | 0a471405a43ace8273b6e266f819901f |
| SHA1 | bb7c4d3930358fa574136248cc1da6c9bcf5f192 |
| SHA256 | c86b4625d3a35b6f600d8f0d129b82eb73928e5d4f9df1a028e527aac86ee4e4 |
| CRC32 | 9DB67119 |
| ssdeep | 384:2xo70qTXAtw26teWJ2/zX0GftpBjTH3HRN7ZhjlSCIqqeH4:QITAw/PiBHZhfq7 |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 221c6c8fbdcf28e0_Microsoft.Extensions.Logging.EventSource.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.Extensions.Logging.EventSource.dll |
| Size | 29.4KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | 3a6dda95bb1aa1e413008d68b957bca2 |
| SHA1 | ac364ffc2cb711ffd43131ac9c6e86f1c408de65 |
| SHA256 | 221c6c8fbdcf28e01aebd74ac8d39cdf230d9eb51138102b443b8c8cc1c0d74b |
| CRC32 | 32B62438 |
| ssdeep | 384:8OQ4+VQ1StKwxVXq5dioEzKeG3h3lXYNVsVU2+dqeHqnweseisdW3aUWhdHRN7I1:8OQ4XqJohh3lrJm |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | f8c3a03f47f0b9b3_mbapreq.thm |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\mbapreq.thm |
| Size | 3.8KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | XML 1.0 document, ASCII text, with CRLF line terminators |
| MD5 | a20778ec90a094a62a6c3a6ab2a6dc7d |
| SHA1 | 74c131b5fd80446ffdf2afad723762dd36621309 |
| SHA256 | f8c3a03f47f0b9b3c20f0522a2481da28c77fecdbb302f8dd8fbed87758cbaea |
| CRC32 | 44760318 |
| ssdeep | 48:cecHddpXBT2E/zPHWgtpmAPH8TSJmBP+NPHrM/O8YpQbFUuhJ3PK7usPH4Lr:wHdHxS4Z9UG4BmNjCOhpsB3PswP |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | dabae732fa2b9cdb_Microsoft.Extensions.Configuration.CommandLine.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.Extensions.Configuration.CommandLine.dll |
| Size | 22.4KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | 2d3b7a8112a2f148c75ed0820ee2a568 |
| SHA1 | e34f939e35591d03b982fe963a6532b427f6c844 |
| SHA256 | dabae732fa2b9cdb25bdd6e6f6c804fbd7c512380abcd1e0b8b0e3e32bfed7d9 |
| CRC32 | 86C1024A |
| ssdeep | 384:1MN/hWor0HA6P0lZZmVtWKIW96nWgdHRN7Y/hl3sCGc:1qJBrkaK2Do9Z |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 88e7ddacd6b714d9_mbapreq.wxl |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\1036\mbapreq.wxl |
| Size | 2.3KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators |
| MD5 | aa32a059aadd42431f7837cb1be7257f |
| SHA1 | 4cd21661e341080fb8c2defd9f32f134561fc3ba |
| SHA256 | 88e7ddacd6b714d94d5322876bd50051479b7a0c686dc2e9eb06b3b7a0bc06c9 |
| CRC32 | D317E7F4 |
| ssdeep | 48:cxX7DyBT81BbKBswAL1xV1wjRcDSNwDXoN3mSZfNhkLPkQpznsdMEodAY:8LwTK5KHsijmEXY |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 075ce79e84041137_Microsoft.Bcl.AsyncInterfaces.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.Bcl.AsyncInterfaces.dll |
| Size | 20.4KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | 1ee251645b8a54a116d6d06c83a2bd85 |
| SHA1 | 5dbf1534ffbff016cc45559eb5eff3dc4252a522 |
| SHA256 | 075ce79e84041137c78885b3738c1b5a03547d0ae2a79916e844196a9d0ec1db |
| CRC32 | B95090A5 |
| ssdeep | 384:69P2wZOXm7YJVHTe+0VJI0vrdaVemxO/f7vWeq/WIdHRN7bg30uw7lGsV9W+:u2zmYrHCV9cIL6TbtCSW |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | b8e90e20edf110aa_mbapreq.wxl |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\1032\mbapreq.wxl |
| Size | 3.3KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators |
| MD5 | 074d5921af07e6126049cb45814246ed |
| SHA1 | 91d4bdda8d2b703879cfe2c28550e0a46074fa57 |
| SHA256 | b8e90e20edf110aaaaea54fbc8533872831777be5589e380cfdd17e1f93147b5 |
| CRC32 | 61FAD742 |
| ssdeep | 48:cxX7D8jVT8dUk9Ug/usOo2pNSBIbESvR2drdESPzghC76DeN2hL0eLoN3mOLSNIx:8L45TCyop5riGzH7xgJit8IqSsBwqk |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 646d3b52a4898078_System.Collections.Immutable.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\System.Collections.Immutable.dll |
| Size | 184.9KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | c598080fa777d6e63dfd0370e97ec8f3 |
| SHA1 | 9d1236dcfb3caa07278a6d4ec751798d67d73cc2 |
| SHA256 | 646d3b52a4898078f46534727bdb06ff23b72523441458b9f49ecc315bf3ef5c |
| CRC32 | EBC55521 |
| ssdeep | 3072:MHutEkGE0frJeOAY1tn/DuunP0F9QFg3QuxvkaHFckod:eu501WY9/DuOP0F9QFgwkm |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 0706cedcd984a247_Microsoft.Extensions.FileProviders.Abstractions.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.Extensions.FileProviders.Abstractions.dll |
| Size | 16.4KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | 9b981dcb9329e9043987eb2c24371714 |
| SHA1 | c3c45b42a67525cbf8596cf6ef9a56d103bb70f9 |
| SHA256 | 0706cedcd984a2478f10a9e57bb06e81bae2e0a1271507b26e91fb8f8c3413fe |
| CRC32 | 13D391AD |
| ssdeep | 384:bAGbOzYSBrRMno7OQmWs6hWydHRN7A3JXlGsN:bAGiTFSoNXTA5E |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | c5c83bbc1741be6f_Newtonsoft.Json.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Newtonsoft.Json.dll |
| Size | 695.3KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | 715a1fbee4665e99e859eda667fe8034 |
| SHA1 | e13c6e4210043c4976dcdc447ea2b32854f70cc6 |
| SHA256 | c5c83bbc1741be6ff4c490c0aee34c162945423ec577c646538b2d21ce13199e |
| CRC32 | 5260BC10 |
| ssdeep | 12288:WBARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTU+:WBA/ZTvQD0XY0AJBSjRlXP36RMG7 |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | b7d9528f29761c82_mbapreq.wxl |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\1035\mbapreq.wxl |
| Size | 2.2KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators |
| MD5 | e338408f1101499eb22507a3451f7b06 |
| SHA1 | 83b42f9d7307265a108fc339d0460d36b66a8b94 |
| SHA256 | b7d9528f29761c82c3d926efe5e0d5036a0e0d83eb4cca7282846c86a9d6f9f3 |
| CRC32 | 52CA6338 |
| ssdeep | 48:cxX7DE+T8Z+bm5snwETMAoQEATN27uNBDReq4N3mJeNHNP64NsFKJJem4vyAs:8LZTDkZ7+2IBCht6J8neHs |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 9a0bae48ec2e9c46_BootstrapperApplicationData.xml |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\BootstrapperApplicationData.xml |
| Size | 8.8KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | XML 1.0 document, Little-endian UTF-16 Unicode text, with very long lines, with CRLF line terminators |
| MD5 | 00abeda968e7fcd277c2f0ff79cbdfd8 |
| SHA1 | 9e123ea983047f5c734ce889796965bb795c151f |
| SHA256 | 9a0bae48ec2e9c4675772195f15a959b8df2caa92504e13b197cfa9fa6fb3a9d |
| CRC32 | 2E9E1799 |
| ssdeep | 96:X7loe8n66eSq1UdycUVPn6Bee9tUcycHVan6l7dUgycGn6el9Uhyczn68Zp0wFyn:X+RhunPaAsaOaJVPwvUvweY3rcGusC |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | c015247d022bdc10_mbapreq.wxl |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\1060\mbapreq.wxl |
| Size | 2.1KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators |
| MD5 | 5836f0c655bdd97093f68aaf69ab2bab |
| SHA1 | b6842e816f9e0dcc559a5692e4d26101d10b4b16 |
| SHA256 | c015247d022bdc108b4ffcae89cb55d1e313034d7e6eed18744c1bb55f108f8c |
| CRC32 | 6FBB1028 |
| ssdeep | 48:cxX7DZ0T8obZsw9g5gS56K97D7NCt2VoN3mQXNJPOhP58vqc1qwueo3RAL:8LyTLlS9h9hCtsihdxOh+NL |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 2789cbbe66e7ed1f_Microsoft.IdentityModel.Logging.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.IdentityModel.Logging.dll |
| Size | 37.9KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | 2c187e4c9dbedf4cecae8cc6604b0bef |
| SHA1 | 43c83d60e993da5ad5c6c5de5f7d91e87df98df9 |
| SHA256 | 2789cbbe66e7ed1f44f2b67e832e3158345b4a696aaa19cd5a610d11249c409d |
| CRC32 | 8FB5CE1F |
| ssdeep | 768:dBYCu44LF0bK23C8HSzUtbSjwgVrZQiats89z:dBo4O0bbHFw9NlSz |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 6dd61cc6b87b53ea_mbapreq.wxl |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\1053\mbapreq.wxl |
| Size | 2.1KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators |
| MD5 | d95e81164c57b6fd75e7c3022454192e |
| SHA1 | 5d5acbc56e7078af4d04c45b78c0ff090c02ee6a |
| SHA256 | 6dd61cc6b87b53eaf28430068a2a459730fd4b2bcf876ccdf040212d04c4fe7d |
| CRC32 | 61D80120 |
| ssdeep | 48:cxX7DviT8NFLbu9sM2vECjf26axBZYXcqADCNKTbkoN3maT6NWOjEXPauOOKYnhf:8LmTAcRnQXFPK0iHMsfb2Ws3M |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 493a0db6cfd181fd_ExpressVpn.Common.Logging.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\ExpressVpn.Common.Logging.dll |
| Size | 79.8KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | 9fa9c889d55d827a4759d3d83f871eb6 |
| SHA1 | 3d605332f8e175dc932c729fd3bfd50815b6582a |
| SHA256 | 493a0db6cfd181fdac41164c4445b61075103f05e5487bafd9472b576d1a5c02 |
| CRC32 | E0CC324D |
| ssdeep | 1536:fuIddSICsqGrGFskWU3CUTVvgJ+CoEr4UBvdG774xka:2IhGFsLU3CUTVvYrL+7A |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 82d38a64dae70f74_WixSharp Setup.exe |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\WixSharp Setup.exe |
| Size | 1.6MB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | b4c4c3c93922e2ec1bfef8490a6e41c3 |
| SHA1 | e51e22b62292430d4f070cb716bfa0937ea2def9 |
| SHA256 | 82d38a64dae70f7402f301a4b7bfce0513604332eaa84d37cd09445029a3f777 |
| CRC32 | DAD4B2FD |
| ssdeep | 49152:7XynwqynK5pEyn/pynUynZynNynoynqHynKynxynNynGNjynkbynRynTyn7:7YU |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 59284783aea8cbda_NLog.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\NLog.dll |
| Size | 868.8KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | 7275f30262cb1202eb52f3d8dfa12b88 |
| SHA1 | a3cdf56dcee4dc3099467d5009f272208095ac0f |
| SHA256 | 59284783aea8cbda8ae0961f7c993f06419106ebb47978bd74370dce8443544a |
| CRC32 | FDB83AEF |
| ssdeep | 24576:LtVlTtN9vFtt9LIOK3AbsV59cxtqrHUsQ:LtVlTtN9vFtt9L2Iq |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | c91c9e87ab4a6db0_mbapreq.wxl |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\1049\mbapreq.wxl |
| Size | 2.8KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators |
| MD5 | daf167af4031ef47e562056a7d51aa73 |
| SHA1 | 0156b230cadd6169ac2820865e3c031ed79785ef |
| SHA256 | c91c9e87ab4a6db078f1991f4a2cdc726b58a40e47bce49d39168a8f8f151c3b |
| CRC32 | 8A30533C |
| ssdeep | 48:cxX7DkTT8fjtEeusogrohY2Ar7DHNnjTh53oN3miRMNKrdPin+/uYcbSkuEIcOvG:8LYT8EeHMMJRNi1Ruwi3OwL |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | baaf045f1255f225_ExpressVPN.Utils.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\ExpressVPN.Utils.dll |
| Size | 112.8KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | b45df5e0bd5663e11021cc0aea0f86da |
| SHA1 | feea390ce14f80d2b5f8b328723bbf1b717ed13f |
| SHA256 | baaf045f1255f225f9e19db589c2aba308b3f499b4c9af589cdffabbc9f287e4 |
| CRC32 | 916C35D6 |
| ssdeep | 1536:QkC3f31/Rl7T1jbnlh2DymI+c6joL3Ean9bSsj9dMkofwtMi/L7Yxf:Qzv1RF+9joL/9bSq9dMkof2Ls |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 719f009db051d804_grpc_csharp_ext.x86.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\grpc_csharp_ext.x86.dll |
| Size | 7.0MB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows |
| MD5 | c39645d6f8be26280a327dd08a245f23 |
| SHA1 | 5a9a4260748e6e426ab994aa073ceb1b86676848 |
| SHA256 | 719f009db051d804d062ab0337b7e9a5a1c0ea7b2d6631cf08ab6d0713365a15 |
| CRC32 | 7AC1D15B |
| ssdeep | 49152:Ujp00PoL1acLCtfewSdt9AKEl4ux6f9/xLrH7G4mI58tKMwLbCHjGrlVxU4VdTat:8G1acGmrPAKEavrH7GIugdTZS6 |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | e6026501ad4056ff_System.IO.FileSystem.AccessControl.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\System.IO.FileSystem.AccessControl.dll |
| Size | 27.9KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | 3409c581f0c5083f0c2a93a7a5ac9790 |
| SHA1 | 18ea7bd41d31247148abf184527c9368a26f39e7 |
| SHA256 | e6026501ad4056ff2f1655b0afdfe8923bc6e8fbad67e1e9ef56e3002f49fbb9 |
| CRC32 | 2F9A68AD |
| ssdeep | 384:nmjoB5y+MLi9VYp/OiRc715ZkSAcE1l2Yd5zqNz8TWgVbWqdHRN7NfVlGsa9x:yCN9VYp/OiRcnZIfk8PpET |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 1b93556f07c35ac0_mbapreq.wxl |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\1028\mbapreq.wxl |
| Size | 2.0KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators |
| MD5 | 1d4b831f77efec96ffbc70bc4b59b8b5 |
| SHA1 | 1b3ed82655aec8a52daec60f8674bc7e07f8cfeb |
| SHA256 | 1b93556f07c35ac0564d57e0743ccba231950962c6506c8d4a74a31cd66fd04c |
| CRC32 | 4D05D825 |
| ssdeep | 48:cxX7DTAT8tMBCus9T3FVWmHdniarRFeOrw8Nhv2VyfN3mKNWFP44SBWWW1GyfiPq:8L4T2RJhfHP8+VYuTmQUc2mE |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 631d46cb048fb6cf_mbapreq.wxl |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\1031\mbapreq.wxl |
| Size | 2.4KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators |
| MD5 | c8e7e0b4e63b3076047b7f49c76d56e1 |
| SHA1 | 4e44e656a0d552b2ffd65911cb45245364e5dbf3 |
| SHA256 | 631d46cb048fb6cf0b9a1362f8e5a1854c46e9525a0260c7841a04b2316c8295 |
| CRC32 | 4A99111D |
| ssdeep | 48:cxX7DASTcCwit/soJy9hkVByUZN+29N3mfN65PS9CvZwZi7uuASD:8LxT8itGeVB97+gyC9BdaSD |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | d51aa6159a8b53e7_log4net.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\log4net.dll |
| Size | 274.3KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | 8f132266d95a5e375d2bcdf23a468033 |
| SHA1 | d84cafbf5c250765db351c836d057258843451ed |
| SHA256 | d51aa6159a8b53e7ff371634fe5f5e365432fbc37a58433ca21f4fd301cecdb7 |
| CRC32 | 1EF22448 |
| ssdeep | 3072:1Lnygex/pGiYUEtdH1mhMM8Jc629LFmsSQ775zfVJc6ZhSGCkMekLn7GUYaQy7KP:1l6kXmaM8kHlda6ZhS1neaYaQT |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | c4b2b98c21b24b88_Microsoft.Extensions.Logging.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.Extensions.Logging.dll |
| Size | 41.9KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | 73eab96c0898a78a61d89782ef6fab83 |
| SHA1 | 07541eed457b5977890c13622d4fc4cabebc67fb |
| SHA256 | c4b2b98c21b24b88640bc0be5dcd335d82df129dcaa0dcc778d91a759a037524 |
| CRC32 | D8472C8D |
| ssdeep | 768:4h6vD0G7mTf+gzUfLKd5zu3koojbs3a0E:4shm7ALkC0oojA3a0 |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 601e2c40c930dcd5_Microsoft.Extensions.Hosting.Abstractions.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.Extensions.Hosting.Abstractions.dll |
| Size | 26.9KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | e4e839b5661a74bb03505202231b56d4 |
| SHA1 | 31b10ca90a0e492945dbec6cf530389504a7a462 |
| SHA256 | 601e2c40c930dcd582d421f8f887b62eeadf8a675b77aaa2f98f532d8d97e24b |
| CRC32 | FEB3BE48 |
| ssdeep | 384:Dq4K8OqGTdRA43GZXwlARAWTrBv1AF76Cxwaw0dXFVfCQkHOOEHBufk8G/uI0WiD:8A3IF76C6abUEz8G/uIjLI8pMJ |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | b3b33688de8f3224_ManagedWifi.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\ManagedWifi.dll |
| Size | 39.3KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | 6d973026c5df0f2eb147bbf1730d7f23 |
| SHA1 | bb47ecb05661f05b52bfa35d31628db75e8ace9d |
| SHA256 | b3b33688de8f32248f0b72e00ed22bebdf54cbe5cd3be389432845e150041845 |
| CRC32 | 09A4C31B |
| ssdeep | 768:g+0+i5TvnA8/Tl76T6kRm1vYi2AMxkE/v:RviRfvLl0Rm1v7Exz |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 974e6e03911ab591_LaunchDarkly.EventSource.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\LaunchDarkly.EventSource.dll |
| Size | 49.8KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | 3675ce520d63da7f5bd39c2d0a02634d |
| SHA1 | 8ff66eb7bb28a47ab1d6e53c0ab12e732c26dd24 |
| SHA256 | 974e6e03911ab591730a7f91cad612b89ac5d787ca49b0d49958db1270be98d7 |
| CRC32 | E1E8B722 |
| ssdeep | 768:s1Gy8UIq0DbbsMkeM44XevqqO5FB2WBNeB7Z/UJuI2npu3RYiRAMxkERhoR:MlIHxMluCqQvRXeti72pu3R75xFCR |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 5c177ae2c173b86b_LaunchDarkly.ClientSdk.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\LaunchDarkly.ClientSdk.dll |
| Size | 113.8KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | 825d768f440263297ba986e08c4cc662 |
| SHA1 | 4dc1b8ad2809251926b4ce8085eb428f45388316 |
| SHA256 | 5c177ae2c173b86bae9116079a92fa67ad120998be110f6a51476ca79e624435 |
| CRC32 | 38402995 |
| ssdeep | 3072:rUQvfSuBlz1zcV/R9wJy3vndX210Q+v4SzszW/zD:rUQvfSuBlz1zcJQUx210QT |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 3f05c08f3b2688e7_Kape.Braze.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Kape.Braze.dll |
| Size | 79.3KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | 09f37d6cf3cf1bf804d71d73ac86abc8 |
| SHA1 | ee5e1d9d5619b58551123d6cfca3cdefbb4407b6 |
| SHA256 | 3f05c08f3b2688e7c2ad806a43918658b38bf730dba820e2ee82f8e8809a3a5a |
| CRC32 | 7B15DE32 |
| ssdeep | 1536:4zAJyC53oc/5yGNNsYF9yy55Zjoty7Hx:wlQB/5yGNNsYGy5Qty |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | f37d9d422435240c_BootstrapperCore.config |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\BootstrapperCore.config |
| Size | 1.3KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | XML 1.0 document, ASCII text, with CRLF line terminators |
| MD5 | cb3353acf22b14d09e1516a377806693 |
| SHA1 | ed7f7a50cd36bb319ef9ea58c715626f67a22dc7 |
| SHA256 | f37d9d422435240c4c2224cbc7b02716e724ba2be4d81bdbc71ca4af655e4543 |
| CRC32 | 8ACA27BD |
| ssdeep | 24:2di7RtYrx9itYhmhV3WAdU3KPF7NhOXrRH2/dVQ7uH2/F9r:c+Rt0Pitv/m67O7RgdSagFt |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 21fad2983b4b2f95_System.Reactive.Linq.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\System.Reactive.Linq.dll |
| Size | 692.2KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | 317dce13b2316abee548a2b013f26471 |
| SHA1 | 3123573b2291a0f01badb10b149f741bcb9eb0f7 |
| SHA256 | 21fad2983b4b2f95049e975c9f26a77bfe9281d8ed18e380c9017fc82137a1d9 |
| CRC32 | 11F39CA0 |
| ssdeep | 12288:3O/kEaXWNpvdXRrYIRH40rdpeuRC4wm1h9UC1hNUDpEa8xSrtZ5Z5Z5Zhc+vOJ:y7tFwmOxRmJ |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 31fa4150197ba0d4_Microsoft.IdentityModel.Tokens.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.IdentityModel.Tokens.dll |
| Size | 283.9KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | d0dcf04474c465f2ae91ff8a67959942 |
| SHA1 | b22418887a2ddaf715147f959f70887220aa1b2a |
| SHA256 | 31fa4150197ba0d4917cedaa967d222a0d1aaa55babd50316c182819824ea8ea |
| CRC32 | BB784926 |
| ssdeep | 6144:CZ3UobOqRzoWgl6BjTOwhh8hbqt/DjoqJK4X1PuEWD5m:S3VnVwQ |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 81331f71f4aae1a2_DeviceId.Windows.Wmi.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\DeviceId.Windows.Wmi.dll |
| Size | 20.3KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | 821ef34e631510a565aaf1b7797738c6 |
| SHA1 | 168749c5a85bbaebd88a33c7b7d222a520c155e2 |
| SHA256 | 81331f71f4aae1a2d0ef11195391c4da258d67010611ae695d70611cce8f1991 |
| CRC32 | D79798FA |
| ssdeep | 384:vpGYFuK9uj1EQ9SEgjEDkLeApIXXtLeIYiAjkAM+o/8E9VF0Nyuun:xTsKuj1VgY1AOXJzYidAMxkE |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | d7db4f05aa422b58_Polly.Contrib.WaitAndRetry.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Polly.Contrib.WaitAndRetry.dll |
| Size | 24.8KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | da1c03db9f4e75157c509b9cd1aa1812 |
| SHA1 | fd4353f8960f806710ad1effb02039522a721b33 |
| SHA256 | d7db4f05aa422b58922fce4fc1642ccb930aa9d38e09e32c8319637608e0ae21 |
| CRC32 | 02EC5A33 |
| ssdeep | 384:g6si6djz4siC4W+7nJ/K8qP7fliAvTLHTWSXd3Mf9hegjrIiOVIYiASQOAM+o/8N:4cW+75KnayNiYiJAMxkEm |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 1e6db70692177971_Grpc.Core.Api.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Grpc.Core.Api.dll |
| Size | 52.1KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | 33e82bfceee2a76c34edee46091bafc8 |
| SHA1 | 55c8e27e8efa1e08e87f96424c574ec581335910 |
| SHA256 | 1e6db7069217797180cf7664e555994a9993db0155c9761be8012860bb82f8a2 |
| CRC32 | 137A6BCE |
| ssdeep | 1536:IEQewtKM/3Ro//6ESW2Vskl0y+yDYGdl:6ewMM/y/clVskx+yDYG/ |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | f4aa983e39fb29c9_mbapreq.wxl |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\1045\mbapreq.wxl |
| Size | 2.3KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators |
| MD5 | 96acaaa5aef7798e9048baff4c3fa8d3 |
| SHA1 | e76629973f6c1cfc06f60ba64fe9f237b2db9698 |
| SHA256 | f4aa983e39fb29c95e3306082f034b3a43e1d26489c997b8e6697b6a3b2f9f3c |
| CRC32 | 2E2AA59C |
| ssdeep | 48:cxX7Du4OT82gXusarwkfpYrKD8DTNkbNuoN3mjbsNniIPh8ynN1NYd4iYuffAL:8LKTsXgpYr2IyoiiOffpT3L |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 55cf62d54efb7980_mbapreq.wxl |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\1038\mbapreq.wxl |
| Size | 2.3KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators |
| MD5 | 17fb605a2f02da203df06f714d1cc6de |
| SHA1 | 3a71d13d4cca06116b111625c90dd1c451ea9228 |
| SHA256 | 55cf62d54efb79801a9d94b24b3c9ba221c2465417a068950d40a67c52ba66ef |
| CRC32 | 1C38A15D |
| ssdeep | 48:cxX7DwzT8cSwvs48mF7GD/g1v0wH7N3wwJxL99oN3m/ZNRUYPBZRT1XESW3o/ULG:8LQT2wpFGbgT3wMN2QRj/y/LKr |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | edf13ebf2d45152e_System.Text.Encodings.Web.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\System.Text.Encodings.Web.dll |
| Size | 66.9KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | e8cdacfd2ef2f4b3d1a8e6d59b6e3027 |
| SHA1 | 9a85d938d8430a73255a65ea002a7709c81a4cf3 |
| SHA256 | edf13ebf2d45152e26a16b947cd953aeb7a42602fa48e53fd7673934e5acea30 |
| CRC32 | C16A2A16 |
| ssdeep | 1536:czy/zOmekrEZa8frFpd3hQi/+sBzFLknqPO:TzOmekwZa8zdR+sBpSYO |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | accccfbe45d9f08f_System.Buffers.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\System.Buffers.dll |
| Size | 20.4KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | ecdfe8ede869d2ccc6bf99981ea96400 |
| SHA1 | 2f410a0396bc148ed533ad49b6415fb58dd4d641 |
| SHA256 | accccfbe45d9f08ffeed9916e37b33e98c65be012cfff6e7fa7b67210ce1fefb |
| CRC32 | 959571EB |
| ssdeep | 384:/rMdp9yXOfPfAxR5zwWvYW8a2cyHRN7vCvlbLg:/rMcXP6N6e |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 37c5e90a7ca880a4_LaunchDarkly.Logging.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\LaunchDarkly.Logging.dll |
| Size | 24.3KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | 774d8803e650a0c01987055b6ead3dfc |
| SHA1 | 390829d8c8bfa2c2b210135c6ea4622a10e98b44 |
| SHA256 | 37c5e90a7ca880a4fbc7ac87e947f4e5a58c1814f1c561a8027b520a9240e589 |
| CRC32 | 1472C54F |
| ssdeep | 384:Ca5qRtFdi1rq+aIhjgGORLb6IYiA4qE5VAM+o/8E9VF0Ny+Ynd:H5WF0YQiPHYilHAMxkELd |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 459ac045abf24ecc_ExpressVpn.Client.Setup.Shared.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\ExpressVpn.Client.Setup.Shared.dll |
| Size | 19.3KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | 2ab058e1b86da8718a44e5d501c9ae87 |
| SHA1 | 3c9da00f3e5888f78f6676578b46a268ff1a9db6 |
| SHA256 | 459ac045abf24ecc789ec475424218108ed4d0931d2d3628fcd7582442a01f0e |
| CRC32 | 5B837CD0 |
| ssdeep | 384:gOPgkK8zJaWGIYiAVBZT8DRAM+o/8E9VF0NysS:gOPgj6JzbYi2ZTcAMxkEP |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 2c355909c0c6415d_Microsoft.Extensions.Hosting.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.Extensions.Hosting.dll |
| Size | 41.4KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | 39d2e1cf94347200c4e2d0f5415dec53 |
| SHA1 | 0c2e97003acd0c2c0bc516c5b4c892de382239de |
| SHA256 | 2c355909c0c6415de0a8a8cc09ee5d6a4538fc19ede1fcff8baab3b1bdf5242b |
| CRC32 | F5A579E0 |
| ssdeep | 768:IA8C8cwxHQeipQ23fBc2IOW/cNW5wpnbRx3NF2TYkrpwUL:IA8bcwNQdPl1gcNWsnbr2VpZL |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 6bda4bddedfbb902_Microsoft.Extensions.FileProviders.Physical.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.Extensions.FileProviders.Physical.dll |
| Size | 34.9KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | 4e153e7492eae30cd0aa49a3140c1ebe |
| SHA1 | 55c123a2f3d1c7e24c4ed5edc54043cd9c37810a |
| SHA256 | 6bda4bddedfbb9023a5330dc1fd528e851cf2c869e53f3248e704927cec107cc |
| CRC32 | D1F0A7B6 |
| ssdeep | 768:7q2Xew/m9Y6WKK5G+zjcYypdUO/Wxt+kBeC0J7c:VXT/mq6WKKkZvpdUGtkgC0J7c |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 76152e774b2bd9c5_Microsoft.Extensions.Primitives.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.Extensions.Primitives.dll |
| Size | 41.4KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | d833ddcb52e5c6d6da71bae25395a911 |
| SHA1 | 17ce025ad7a0175c467f5a7108ca81a813e4ac21 |
| SHA256 | 76152e774b2bd9c5a0d301e92e253d8bf55fa90e191d0155dfd86b2b84766ae8 |
| CRC32 | 9D1A6EDB |
| ssdeep | 768:JOOIfEU9x6KssdVRRw0OPyWPmD4RuiMvybcfMRJ:JOOgV9xss/RRw0OPysm0RuiMvMkMRJ |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 92182678c59bff33_Microsoft.Extensions.Logging.Configuration.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.Extensions.Logging.Configuration.dll |
| Size | 19.9KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | 2ca8343993aa0c8d6d619cc2dcab3539 |
| SHA1 | d6f6dca968ea17998b7c98585f9d04f2d60f615d |
| SHA256 | 92182678c59bff339c919c6d37c94e57904987ac2b1a7f8edbc7a198f0f802f7 |
| CRC32 | 3132776A |
| ssdeep | 384:lhwDB3brmhBTpwbsf2Xo9Wxs+U7RWrdHRN7wDJXlGsN7z:zwl3vmG0p+U7WwFEg |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | b884c4abb8867553_mbapreq.wxl |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\3082\mbapreq.wxl |
| Size | 2.3KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators |
| MD5 | 1024aa88ae01bc7ba797193cc6023375 |
| SHA1 | 9252a309c1cb32573f4d58a595a78660fdf54b2f |
| SHA256 | b884c4abb8867553c1ffadd6721c2135ec5f9f1455c3f668d711ccea65363d1a |
| CRC32 | 2E4AD29A |
| ssdeep | 48:cxX7DLT8/OusS2V8j4Lq+7dKzCLdqaaD6NJaXFoN3mRNLo3PWKWnRcsB9A8:8LfTz+8EPqKqTJiFikUgk8 |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | ce8a3129430b92e2_Microsoft.Extensions.Logging.Abstractions.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.Extensions.Logging.Abstractions.dll |
| Size | 51.4KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | 1237591a98cea80b03eaa68dbbcb2176 |
| SHA1 | 5761dfe8070d1e273c20bf6ce50eb46a8780e065 |
| SHA256 | ce8a3129430b92e206d59720adff91ebae0af7c8a808ba81b2ecf9ce680260e1 |
| CRC32 | F4D8C0FC |
| ssdeep | 1536:cpl8B+QlLqS+hEKKKKKsfQ88888foDLPz:cpl8EQl5UL |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 431b1dfb5fbd7063_Microsoft.IdentityModel.JsonWebTokens.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.IdentityModel.JsonWebTokens.dll |
| Size | 125.4KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | b109c256b79009f61e7d67dc9d98ea6a |
| SHA1 | 08bbe61c9276a521840a22cf3910f6d133c57fa8 |
| SHA256 | 431b1dfb5fbd70635538ea2b1877e64902899f0856daffb701d950869be26a85 |
| CRC32 | C3904EDA |
| ssdeep | 3072:cVHpSdaJ+plFYcC0oRr/kyN9XNEgfpXaXr0iMJgBGILkDzVZl0+88niFF2G5m5MC:+HpSdxa/kwaBFYWw |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 97f6d53966086a22_Microsoft.Extensions.Logging.EventLog.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.Extensions.Logging.EventLog.dll |
| Size | 21.9KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | fc9949be824804ec4875dfcb0eda5057 |
| SHA1 | 85a10da292711b68ed97d493bb04cf6552b7d998 |
| SHA256 | 97f6d53966086a22da7cff8c6bfa38dd5469f8faed34cbaeb0922e5ba576421f |
| CRC32 | 678F4361 |
| ssdeep | 384:26pG+8MGx8YbW5aHh1VMxjWHqW2qFW7dHRN7OnjfVlGsa9:h98N8AhtHBm8S |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 1fda491eebdb19ea_System.Security.AccessControl.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\System.Security.AccessControl.dll |
| Size | 32.9KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | 996aab294e1d369b148d732e5ec0dfdc |
| SHA1 | 28465fd34680a082506f160107f350b46140a1aa |
| SHA256 | 1fda491eebdb19ea0a83cf6c16ab5dd004a1bfdfc845ede017ebe0945beb927f |
| CRC32 | 9C8534BC |
| ssdeep | 384:jFGa3siuaS/bRSqtesyvaMAdB+w3G5h9MCZYsMfpcrqmf9wEJqIxVRvFNgfBkyNp:jAa3FuQwetxWBkyNE0MXwVP |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 70dab4e760c996a6_Microsoft.Extensions.Http.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.Extensions.Http.dll |
| Size | 61.4KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | 1129546f4edbff1a420986dd25bec97a |
| SHA1 | d01664a6749cc7fdf4d5997abdf72951a45f487c |
| SHA256 | 70dab4e760c996a618bd86fd514061f76296c70dc9a9e0da327635ffe6ee88d5 |
| CRC32 | DAE1D69E |
| ssdeep | 1536:yzZ4un68EScwNY8sssYYYYDVwnukgbEw0dPJ:K4u68ES2VwnTw |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 3e8e196692d2d2ab_System.ServiceProcess.ServiceController.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\System.ServiceProcess.ServiceController.dll |
| Size | 17.9KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | 91120e76acb34bed1375a6d0fe3b5f43 |
| SHA1 | 726acbb88b23b30d2cfe05952bc95134fdfc2b20 |
| SHA256 | 3e8e196692d2d2ab5782b82243e4d57a1402c85049ab79bf1d32b060e2757f95 |
| CRC32 | 04B31C6C |
| ssdeep | 384:TzCBXLB4YAAnmWVKupaW6dHRN7jmGlGs3/:HCBXNPPa0 |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | dc445e2457ed31ab_mbapreq.wxl |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\1029\mbapreq.wxl |
| Size | 2.4KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators |
| MD5 | cc8c6d04dc707b38e0f0c08ba16fe49b |
| SHA1 | 95ea7f570677aea52393d02fdb21cebb218a7343 |
| SHA256 | dc445e2457ed31abf536871f90ff7cc96800a40b6bc033f37d45e3156a3b4fa9 |
| CRC32 | A18CE942 |
| ssdeep | 48:cxX7DTZT8u9cktosM6re4mSTcIIyfI7sh/DMNwIHWAoN3mepNRfKPnWZ0hqAQZfC:8LxTK23f33AwIViRrRynRuZfiMS |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 84daf08bcbfb0089_expressvpn_20240626213154.log |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\ExpressVPN_20240626213154.log |
| Size | 2.3KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | ASCII text, with CRLF line terminators |
| MD5 | 8942b638bfd831d23600c63bd5a80ab3 |
| SHA1 | aa2c2863b0ccd6f1df0e76ad1572566d83efbba0 |
| SHA256 | 84daf08bcbfb0089f510637e9f7f831a1e4fcc70e66c30491fb3fd92bdcb3128 |
| CRC32 | 5C79C45C |
| ssdeep | 48:gzEju6zEMN83zEixNzE3YLzE3kwzE4OpzEqzEX4zEzFzELNzEFCzEiHzEuazEeUA:zaRS0iRgQBr+u7DA2BXZFA6 |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 385ec618612990af_Microsoft.Extensions.Configuration.FileExtensions.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.Extensions.Configuration.FileExtensions.dll |
| Size | 24.9KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | 8be2c97bbbe81795e3042602a21965e6 |
| SHA1 | cf89501075ac6713c091ca773dad2ba946b7c6ea |
| SHA256 | 385ec618612990af5b4d8ec6edffb13fbb5ff5a03e7786033b42ea061ee3976e |
| CRC32 | F96C37A0 |
| ssdeep | 384:hKEkEIiyoaWkLK010avD0DHbdWq66WxdHRN7lfVlGsa9w:hKrEgTUHbYDM |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | cf06d4ed4a8baf88_Microsoft.Deployment.WindowsInstaller.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.Deployment.WindowsInstaller.dll |
| Size | 179.9KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | 1a5caea6734fdd07caa514c3f3fb75da |
| SHA1 | f070ac0d91bd337d7952abd1ddf19a737b94510c |
| SHA256 | cf06d4ed4a8baf88c82d6c9ae0efc81c469de6da8788ab35f373b350a4b4cdca |
| CRC32 | 6668346B |
| ssdeep | 3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | b4d8e15adc235d0e_System.Security.Principal.Windows.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\System.Security.Principal.Windows.dll |
| Size | 17.9KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | be2962225b441cc23575456f32a9cf6a |
| SHA1 | 9a5be1fcf410fe5934d720329d36a2377e83747e |
| SHA256 | b4d8e15adc235d0e858e39b5133e5d00a4baa8c94f4f39e3b5e791b0f9c0c806 |
| CRC32 | C2197383 |
| ssdeep | 384:cEwo6eTs14YY4cWpOW6dHRN7FYpJAlGspU:VwDdT463 |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | c54c22e06933bf39_LaunchDarkly.CommonSdk.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\LaunchDarkly.CommonSdk.dll |
| Size | 49.3KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | 05b2ac166880779628606622a8683023 |
| SHA1 | 868c076b17832218d056de1964a581afaf8a342f |
| SHA256 | c54c22e06933bf39dc4d88a9cf0c9ff6387ac1d4413cb16867f0c50497ee60c8 |
| CRC32 | ABD807EA |
| ssdeep | 768:0u6W1Hg7xs/j2BGiJ+Px1UZNiR1L469bvo7YiyAMxkE7:U7Sn7PJk6vo77QxX |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | cac263e0e90a4087_mbapreq.wxl |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\1030\mbapreq.wxl |
| Size | 2.2KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators |
| MD5 | 7c6e4ce87870b3b5e71d3ef4555500f8 |
| SHA1 | e831e8978a48beafa04aad52a564b7eaded4311d |
| SHA256 | cac263e0e90a4087446a290055257b1c39f17e11f065598cb2286df4332c7696 |
| CRC32 | 31F17E6E |
| ssdeep | 48:cxX7DCrT81tbzjamsjFq7LhzqGgdRDJNbqoN3mpN+ELPnfyOwYxPyzraXnAF:8LaTOkaEOiGd/BwF |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | bc707ac67c82cbf3_Microsoft.Extensions.Configuration.UserSecrets.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.Extensions.Configuration.UserSecrets.dll |
| Size | 23.4KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | 313cfefa5ac9c9f5d76382a4d738bf3c |
| SHA1 | 0bbcd9de636b6c9133a4030f42c0c04aaf51ddf1 |
| SHA256 | bc707ac67c82cbf3d7eefdcce641e061227267ddf7a66e08d68be37db5c896ee |
| CRC32 | 72329C12 |
| ssdeep | 384:QnkV0disTyePIbv7QjOCWM961l1uFSFQaHCEC1nC1I0gW9qCW/dHRN7Mh0uw7lGS:wk+RTy11e8i0exMqCS |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 8308eaadabd8b550_ExpressVPN.Common.Shared.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\ExpressVPN.Common.Shared.dll |
| Size | 2.9MB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | 91be817761bde5102f899d1405def171 |
| SHA1 | 93c0cae320b611b737a31189a06194e6026ba4c7 |
| SHA256 | 8308eaadabd8b55035a9101094899438c13530f66ee03eac46112d1225a689c2 |
| CRC32 | 46ECCB09 |
| ssdeep | 49152:Ez2KtOZzjbtPYmEYTS00K77EJwmebSfK022zDiRLjKBFq8iDtav7SxlE/: |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 1d3ef8698281e7cf_System.Numerics.Vectors.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\System.Numerics.Vectors.dll |
| Size | 113.1KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | aaa2cbf14e06e9d3586d8a4ed455db33 |
| SHA1 | 3d216458740ad5cb05bc5f7c3491cde44a1e5df0 |
| SHA256 | 1d3ef8698281e7cf7371d1554afef5872b39f96c26da772210a33da041ba1183 |
| CRC32 | 0A801312 |
| ssdeep | 1536:nPOw0SUUKw+GbgjMV+fCY1UiiGZ6qetMXIAMZ2zstK/hV+sUwS:nWw0SUUKBM8aOUiiGw7qa9tK/bJS |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | c4673c6000602e76_Microsoft.Extensions.Options.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.Extensions.Options.dll |
| Size | 53.9KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | 3ddea0033ead23660b51921146dda017 |
| SHA1 | 5708c44aa5326da0a69072a9b0e48715112a4bdd |
| SHA256 | c4673c6000602e76844bad63feecbe42d88fc72639b1fd64d2acde48955be970 |
| CRC32 | F4BB62E2 |
| ssdeep | 768:h/P8hAZUWHrOTqmJj6kdMyDP63GbMnPvbFGOw:h8Lbqmp6kKyr63GbMnJGOw |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | f2f6d158380c32a5_Microsoft.Extensions.Configuration.Binder.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.Extensions.Configuration.Binder.dll |
| Size | 27.4KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | b825099a89c81fe4127ee2628596d5d1 |
| SHA1 | 8e69faa62f82dd042a51a345eea19b959442e985 |
| SHA256 | f2f6d158380c32a50bdb827b4d63f97c364f221813641daf74c257034484b507 |
| CRC32 | 21DB1CA8 |
| ssdeep | 384:/SpaW1HHk/Q+KJ2dSTA/QzgGAiqgex5PG5P3xWiqoW1dHRN7RZ5Q3klGsWO:/SpaW1H4VKgsZW5r0f0pRW |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 89c559c6765f8d64_mbapreq.wxl |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\2052\mbapreq.wxl |
| Size | 1.9KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators |
| MD5 | a34dcf7771198c779648b89156483e83 |
| SHA1 | a6e0fa91cd50048511c7bef1be3a8d32b42b6d1f |
| SHA256 | 89c559c6765f8d643469e3c8f4aa93023f09369b0395ea647fad5af3c2893eb6 |
| CRC32 | 6BE387C5 |
| ssdeep | 48:cxX7DjQT8tOBousi+zq+frUR2ropNV2rfN3msNUqPPT9T+DwZ9f5wDTAV:8L4TGUGw3V8N3RykV |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | a221ca3afbf0acf9_expressvpn_windows_12.82.0.89_release (1).exe |
|---|---|
| Filepath | C:\Windows\Temp\{D0448D13-C2A5-4408-90DD-966C9D37B77C}\.cr\expressvpn_windows_12.82.0.89_release (1).exe |
| Size | 11.6MB |
| Processes | 2688 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | b5ce19b581e7d61e428ba8414c2cbbe9 |
| SHA1 | 6f5d47368e239ab48a09a5a805e2eaeb6b6785fa |
| SHA256 | a221ca3afbf0acf98b1d78d68f6b469cf371333f56e63b66a85ebe947b12fa74 |
| CRC32 | 719F0AB1 |
| ssdeep | 196608:9TAQSDLnlo5W1fd5RuNcHgJIyB4jWsY2tSRRgExpP0zv6ZlT8dU6LZdhCpCVwRoa:R5Slo5W1VGcHohB4Cr2ARRgAh0zv6ZV5 |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | b864da9d88414877_Microsoft.Xaml.Behaviors.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.Xaml.Behaviors.dll |
| Size | 141.9KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | ec5a1abee150abe698689211b07cd1ec |
| SHA1 | affc3cb47da8fe76986d271cdc3e7ea345cc04e5 |
| SHA256 | b864da9d88414877cea9b1a016146265a5fb9d0e12f4dbb1dccc0cc998119a54 |
| CRC32 | 971AA058 |
| ssdeep | 3072:UAyazS96IT0O6gAf+LwCMe1u051dXcr9/soMEs5r/j9:tyhYIT0O65cwCMyE |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | d22f6ada97dbffc1_mbapreq.wxl |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\1042\mbapreq.wxl |
| Size | 2.2KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators |
| MD5 | 442f8463ef5ca42b99b2efaca696bd01 |
| SHA1 | 67496db91cbaa85ac0727b12fc2d35e990537dac |
| SHA256 | d22f6ada97dbffc1e7548e52163807f982b30b11a2a5109e71f42985102cccbd |
| CRC32 | 13CA2993 |
| ssdeep | 48:cxX7D3sT8ZeusKOwOWGyKCstFmhENI2Y+kN3mp4iNmi6IPa0dDaoIunvZqIHU5UH:8LQTXvRFhIzl44wmgko04U5TY |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 4f81ffd0dc7204db_System.Threading.Tasks.Extensions.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\System.Threading.Tasks.Extensions.dll |
| Size | 25.4KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | e1e9d7d46e5cd9525c5927dc98d9ecc7 |
| SHA1 | 2242627282f9e07e37b274ea36fac2d3cd9c9110 |
| SHA256 | 4f81ffd0dc7204db75afc35ea4291769b07c440592f28894260eea76626a23c6 |
| CRC32 | 9F7C2735 |
| ssdeep | 384:1R973o62/KqcAnb05J3w0I5eUGef8s72XBWdvVW2JW8aJcyHRN7WEimpplex:1RZ4nNxnYTb6Blha |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | f3f7a884256b1a56_System.Management.Automation.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\System.Management.Automation.dll |
| Size | 2.1MB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | 5f6c5bf95b8a535e39a7a1682704ec33 |
| SHA1 | 0603deee01be9044ab3d2c35eeaffa0d07e36a6e |
| SHA256 | f3f7a884256b1a56aad7929261cf98fccd3bfa1bf14a4b291d12c08f95eb76dc |
| CRC32 | 06A8FB75 |
| ssdeep | 24576:+3dPYuwtMF/KQiSaSic7z5EdRbX1mLPXqBvQVOmh3E21rcxg9wXOpI0wN5sRnC:+NPYuwuHhic7z5WMLPtgxg9wXOpI0U5 |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 2bea14d70943a42d_mbapreq.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\mbapreq.dll |
| Size | 184.4KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows |
| MD5 | fe7e0bd53f52e6630473c31299a49fdd |
| SHA1 | f706f45768bfb95f4c96dfa0be36df57aa863898 |
| SHA256 | 2bea14d70943a42d344e09b7c9de5562fa7e109946e1c615dd584da30d06cc80 |
| CRC32 | E2378217 |
| ssdeep | 3072:iaVVzf0r2vM357+pwnohBIiv8+2kt2GOTALPN2obXbE7PKPU9+Wxhsz7CMD:iaLzfpIsHhBIqgGOTALFdbz7f |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 4a7fdf4a9033fe05_mbapreq.wxl |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\1051\mbapreq.wxl |
| Size | 2.3KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators |
| MD5 | 016c278e515f87f589ad22c856b201f7 |
| SHA1 | f20c7db38b3161b143dec4e578ce71d7f585f436 |
| SHA256 | 4a7fdf4a9033fe05c31f565ed3ae5b8c67d324b7aeadb737ce95dbb416d46868 |
| CRC32 | A0E9EF21 |
| ssdeep | 48:cxX7D+cT8muPusz2qs1u+Vh1TqDINHZJoN3m8fN0vPp3OAwa2ywSODAm:8L1TuPdKNzfifFmcatm |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | dfa8ce0bbd09c898_Microsoft.Extensions.Configuration.Json.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.Extensions.Configuration.Json.dll |
| Size | 24.4KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | ae4d8069218e6a793e4cb461e09d4d9e |
| SHA1 | cba0b162d94d80def76020a36c855543e8787ef9 |
| SHA256 | dfa8ce0bbd09c898957dc08ca9d3e1db2e87edd5d940c78f6b0becc6243d9d9e |
| CRC32 | 30F29DC6 |
| ssdeep | 384:SS25Ya7xS6sh24xTudzcknzHTgYRgFOaUkEK979TZDWk62WqdHRN7tlWopJAlGsp:L25YKxS6sh24xTudYc+FO2GQt403 |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | e905d102585b22c6_System.ValueTuple.dll |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\System.ValueTuple.dll |
| Size | 24.6KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | 23ee4302e85013a1eb4324c414d561d5 |
| SHA1 | d1664731719e85aad7a2273685d77feb0204ec98 |
| SHA256 | e905d102585b22c6df04f219af5cbdbfa7bc165979e9788b62df6dcc165e10f4 |
| CRC32 | E786300A |
| ssdeep | 384:VyPa16oAL4D+wW9IWmDIW4IWYDMFm0GftpBjMIraQHRN7VlmTpF0:VWs6oqDjADKeDYViG+LN |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 226b778604236931_mbapreq.wxl |
|---|---|
| Filepath | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\1043\mbapreq.wxl |
| Size | 2.3KB |
| Processes | 2784 (expressvpn_windows_12.82.0.89_release (1).exe) |
| Type | XML 1.0 document, ASCII text, with CRLF line terminators |
| MD5 | 67f28bcdb3ba6774cd66aa198b06ff38 |
| SHA1 | 85d843b7248a5e1173ff9bd59cb73bb505f69b66 |
| SHA256 | 226b778604236931b4ae45f6f272586c884a11517444a34bf45cd5cae49be62e |
| CRC32 | 4083F126 |
| ssdeep | 48:cxX7DK1T8u7hbU7Asd7MqpSwzCcHGFN9OsNN3mvoNBC7hPFtO7+xw7t0Yza2Al:8LcTtpGLFSwJHmPnnKhEBtsl |
| Yara | None matched |
| VirusTotal | Search for analysis |