Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | June 26, 2024, 7:11 p.m. | June 26, 2024, 7:12 p.m. |
-
expressvpn_windows_12.82.0.89_release (1).exe "C:\Users\test22\AppData\Local\Temp\expressvpn_windows_12.82.0.89_release (1).exe"
2688-
expressvpn_windows_12.82.0.89_release (1).exe "C:\Windows\Temp\{D0448D13-C2A5-4408-90DD-966C9D37B77C}\.cr\expressvpn_windows_12.82.0.89_release (1).exe" -burn.clean.room="C:\Users\test22\AppData\Local\Temp\expressvpn_windows_12.82.0.89_release (1).exe" -burn.filehandle.attached=200 -burn.filehandle.self=208
2784
-
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
IP Address | Status | Action |
---|---|---|
164.124.101.2 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
pdb_path | C:\agent\_work\66\s\build\ship\x86\burn.pdb |
section | .wixburn |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.Deployment.WindowsInstaller.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\System.Text.Encodings.Web.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.Extensions.Configuration.Abstractions.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\LaunchDarkly.CommonSdk.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\ExpressVpn.Common.Logging.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.Extensions.Options.ConfigurationExtensions.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\System.Security.AccessControl.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.Extensions.Logging.Console.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\System.IO.FileSystem.AccessControl.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.Extensions.Options.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\BootstrapperCore.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\NLog.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\System.Diagnostics.DiagnosticSource.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\ExpressVPN.Common.Shared.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.Extensions.Primitives.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\System.Reactive.Linq.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.Extensions.Configuration.CommandLine.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\LaunchDarkly.ClientSdk.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Grpc.Core.Api.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\System.Numerics.Vectors.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.Bcl.AsyncInterfaces.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.Extensions.Configuration.Json.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.IdentityModel.Abstractions.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\System.Threading.Tasks.Extensions.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\LaunchDarkly.JsonStream.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.Extensions.Http.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\LaunchDarkly.Logging.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.Extensions.Hosting.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\System.Reactive.Core.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.Extensions.Logging.Debug.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.IdentityModel.Tokens.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\System.Memory.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\System.IdentityModel.Tokens.Jwt.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Google.Protobuf.dll |
file | C:\Windows\Temp\{D0448D13-C2A5-4408-90DD-966C9D37B77C}\.cr\expressvpn_windows_12.82.0.89_release (1).exe |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Sentry.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.Extensions.FileProviders.Physical.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\System.Security.Principal.Windows.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.Extensions.Configuration.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.Extensions.Logging.Abstractions.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\grpc_csharp_ext.x86.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\System.Text.Json.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\WixSharp Setup.exe |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.IdentityModel.Logging.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.Extensions.Hosting.Abstractions.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\mbapreq.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.Extensions.FileProviders.Abstractions.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\System.ServiceProcess.ServiceController.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.IdentityModel.JsonWebTokens.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.Extensions.Logging.Configuration.dll |
file | C:\Windows\Temp\{D0448D13-C2A5-4408-90DD-966C9D37B77C}\.cr\expressvpn_windows_12.82.0.89_release (1).exe |
MaxSecure | Win.MxResIcn.Heur.Gen |
file | C:\Windows\Temp\{D0448D13-C2A5-4408-90DD-966C9D37B77C}\.cr\expressvpn_windows_12.82.0.89_release (1).exe |
file | C:\Windows\Temp\{D0448D13-C2A5-4408-90DD-966C9D37B77C}\.cr\expressvpn_windows_12.82.0.89_release (1).exe |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.Deployment.WindowsInstaller.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\1046\mbapreq.wxl |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\System.Text.Encodings.Web.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.Extensions.Configuration.Abstractions.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\1049\mbapreq.wxl |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\LaunchDarkly.CommonSdk.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\ExpressVpn.Common.Logging.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\1044\mbapreq.wxl |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.Extensions.Options.ConfigurationExtensions.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\System.Security.AccessControl.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.Extensions.Logging.Console.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\System.IO.FileSystem.AccessControl.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\1035\mbapreq.wxl |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.Extensions.Options.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\System.Security.Principal.Windows.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\BootstrapperCore.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\NLog.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\System.Diagnostics.DiagnosticSource.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\ExpressVPN.Common.Shared.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\1045\mbapreq.wxl |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\mbapreq.thm |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.Extensions.Primitives.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\1060\mbapreq.wxl |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\System.Reactive.Linq.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.Extensions.Configuration.CommandLine.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\LaunchDarkly.ClientSdk.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Grpc.Core.Api.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\System.Numerics.Vectors.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\1031\mbapreq.wxl |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.Bcl.AsyncInterfaces.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.Extensions.Configuration.Json.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\BootstrapperApplicationData.xml |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.IdentityModel.Abstractions.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\System.Threading.Tasks.Extensions.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\LaunchDarkly.JsonStream.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\1055\mbapreq.wxl |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\1029\mbapreq.wxl |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.Extensions.Http.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\3082\mbapreq.wxl |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\LaunchDarkly.Logging.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.Extensions.Hosting.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\System.Reactive.Core.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Microsoft.Extensions.Logging.Debug.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\1041\mbapreq.wxl |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\System.Memory.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\System.IdentityModel.Tokens.Jwt.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Google.Protobuf.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\Sentry.dll |
file | C:\Windows\Temp\{0D634914-1775-4DDE-B564-E8C773D3DBD0}\.ba\BootstrapperCore.config |