Malware Analysis Report

2024-11-30 19:06

Sample ID 240312-t7jd1adg2z
Target https://we.tl/t-laJQadT9pc
Tags
agilenet upx
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

Threat Level: Shows suspicious behavior

The file https://we.tl/t-laJQadT9pc was found to be: Shows suspicious behavior.

Malicious Activity Summary

agilenet upx

Checks computer location settings

Executes dropped EXE

UPX packed file

Obfuscated with Agile.Net obfuscator

Looks up external IP address via web service

Legitimate hosting services abused for malware hosting/C2

Program crash

Enumerates physical storage devices

Suspicious use of FindShellTrayWindow

Modifies registry class

Suspicious use of WriteProcessMemory

Suspicious behavior: LoadsDriver

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-12 16:41

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-12 16:41

Reported

2024-03-12 16:54

Platform

win10v2004-20231215-en

Max time kernel

519s

Max time network

518s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://we.tl/t-laJQadT9pc

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133547355643934429" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\psiphon\ = "URL:psiphon" C:\Users\Admin\Downloads\Mega2.7\pVPN.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\mega\ = "URL: mega Protocol" C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\psiphon\shell C:\Users\Admin\Downloads\Mega2.7\pVPN.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\psiphon C:\Users\Admin\Downloads\Mega2.7\pVPN.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\psiphon\ = "URL:psiphon" C:\Users\Admin\Downloads\Mega2.7\pVPN.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\psiphon C:\Users\Admin\Downloads\Mega2.7\pVPN.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\psiphon\shell\open\command\ = "\"C:\\Users\\Admin\\Downloads\\Mega2.7\\pVPN.exe\" -- \"%1\"" C:\Users\Admin\Downloads\Mega2.7\pVPN.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\psiphon C:\Users\Admin\Downloads\Mega2.7\pVPN.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\mega\URL Protocol C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\psiphon\ = "URL:psiphon" C:\Users\Admin\Downloads\Mega2.7\pVPN.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\psiphon\URL Protocol C:\Users\Admin\Downloads\Mega2.7\pVPN.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\psiphon\shell\open\command\ = "\"C:\\Users\\Admin\\Downloads\\Mega2.7\\pVPN.exe\" -- \"%1\"" C:\Users\Admin\Downloads\Mega2.7\pVPN.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\mega\shell\open\command C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\mega\shell\open C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\psiphon\shell\open\command\ = "\"C:\\Users\\Admin\\Downloads\\Mega2.7\\pVPN.exe\" -- \"%1\"" C:\Users\Admin\Downloads\Mega2.7\pVPN.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\mega C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\psiphon\shell\open\command C:\Users\Admin\Downloads\Mega2.7\pVPN.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\psiphon\URL Protocol C:\Users\Admin\Downloads\Mega2.7\pVPN.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\psiphon\shell\open\command C:\Users\Admin\Downloads\Mega2.7\pVPN.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\psiphon\URL Protocol C:\Users\Admin\Downloads\Mega2.7\pVPN.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\mega\shell C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\mega\shell\open\command\ = "\"C:\\Users\\Admin\\Downloads\\Mega2.7\\MegaDownloader.exe\" %1" C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\psiphon\shell\open\command C:\Users\Admin\Downloads\Mega2.7\pVPN.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\psiphon\shell\open C:\Users\Admin\Downloads\Mega2.7\pVPN.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\psiphon\ = "URL:psiphon" C:\Users\Admin\Downloads\Mega2.7\pVPN.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\psiphon\shell\open\command C:\Users\Admin\Downloads\Mega2.7\pVPN.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\psiphon C:\Users\Admin\Downloads\Mega2.7\pVPN.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\psiphon\shell\open\command\ = "\"C:\\Users\\Admin\\Downloads\\Mega2.7\\pVPN.exe\" -- \"%1\"" C:\Users\Admin\Downloads\Mega2.7\pVPN.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\psiphon\URL Protocol C:\Users\Admin\Downloads\Mega2.7\pVPN.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
N/A N/A C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
N/A N/A C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
N/A N/A C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
N/A N/A C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
N/A N/A C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
N/A N/A C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
N/A N/A C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
N/A N/A C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
N/A N/A C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
N/A N/A C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
N/A N/A C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
N/A N/A C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
N/A N/A C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
N/A N/A C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
N/A N/A C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
N/A N/A C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
N/A N/A C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
N/A N/A C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
N/A N/A C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
N/A N/A C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
N/A N/A C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
N/A N/A C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
N/A N/A C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
N/A N/A C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
N/A N/A C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
N/A N/A C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
N/A N/A C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
N/A N/A C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
N/A N/A C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
N/A N/A C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
N/A N/A C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
N/A N/A C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
N/A N/A C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
N/A N/A C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
N/A N/A C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
N/A N/A C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
N/A N/A C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
N/A N/A C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
N/A N/A C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
N/A N/A C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
N/A N/A C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
N/A N/A C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
N/A N/A C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
N/A N/A C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
N/A N/A C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
N/A N/A C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
N/A N/A C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
N/A N/A C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
N/A N/A C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
N/A N/A C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
N/A N/A C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
N/A N/A C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
N/A N/A C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
N/A N/A C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
N/A N/A C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
N/A N/A C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
N/A N/A C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
N/A N/A C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A
N/A N/A C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4660 wrote to memory of 3068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 3068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 3804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 3804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4660 wrote to memory of 696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://we.tl/t-laJQadT9pc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed3db9758,0x7ffed3db9768,0x7ffed3db9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1804,i,12764767079347942102,9087367282648241366,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1804,i,12764767079347942102,9087367282648241366,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2208 --field-trial-handle=1804,i,12764767079347942102,9087367282648241366,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2904 --field-trial-handle=1804,i,12764767079347942102,9087367282648241366,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2912 --field-trial-handle=1804,i,12764767079347942102,9087367282648241366,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=5028 --field-trial-handle=1804,i,12764767079347942102,9087367282648241366,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 --field-trial-handle=1804,i,12764767079347942102,9087367282648241366,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4840 --field-trial-handle=1804,i,12764767079347942102,9087367282648241366,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4664 --field-trial-handle=1804,i,12764767079347942102,9087367282648241366,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1884 --field-trial-handle=1804,i,12764767079347942102,9087367282648241366,131072 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x2f4 0x2f8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3940 --field-trial-handle=1804,i,12764767079347942102,9087367282648241366,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3896 --field-trial-handle=1804,i,12764767079347942102,9087367282648241366,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3640 --field-trial-handle=1804,i,12764767079347942102,9087367282648241366,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3844 --field-trial-handle=1804,i,12764767079347942102,9087367282648241366,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 --field-trial-handle=1804,i,12764767079347942102,9087367282648241366,131072 /prefetch:8

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Mega2.7\" -ad -an -ai#7zMap2265:76:7zEvent22294

C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe

"C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe"

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Users\Admin\Downloads\Mega2.7\updater.exe

"C:\Users\Admin\Downloads\Mega2.7\updater.exe" /s

C:\Users\Admin\Downloads\Mega2.7\pVPN.exe

"C:\Users\Admin\Downloads\Mega2.7\pVPN.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 2492 -ip 2492

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 1736

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Mega2.7\VPN\VpnConnection.bat" "

C:\Windows\system32\rasdial.exe

rasdial "VPN" vpnbook b7dh4n3 /phonebook:"F:\Escritorio\MegaDownloader\MegaDownloader\bin\Debug\VPN\VpnConnection.pbk"

C:\Users\Admin\Downloads\Mega2.7\pVPN.exe

"C:\Users\Admin\Downloads\Mega2.7\pVPN.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 32 -ip 32

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 32 -s 1700

C:\Users\Admin\Downloads\Mega2.7\pVPN.exe

"C:\Users\Admin\Downloads\Mega2.7\pVPN.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 1784 -ip 1784

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 1720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://paypal.me/CSoftware23?country.x=VE&locale.x=es_XC

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffebcb846f8,0x7ffebcb84708,0x7ffebcb84718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,1207214264572420344,10690027526172265798,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,1207214264572420344,10690027526172265798,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,1207214264572420344,10690027526172265798,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,1207214264572420344,10690027526172265798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,1207214264572420344,10690027526172265798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,1207214264572420344,10690027526172265798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4240 /prefetch:1

C:\Users\Admin\Downloads\Mega2.7\pVPN.exe

"C:\Users\Admin\Downloads\Mega2.7\pVPN.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 3064 -ip 3064

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 1708

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Mega2.7\VPN\VpnConnection.bat""

C:\Windows\system32\rasdial.exe

rasdial "VPN" vpnbook mvt9una /phonebook:"C:\Users\Admin\Downloads\Mega2.7\VPN\VpnConnection.pbk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Mega2.7\VPN\VpnDisconnect.bat""

C:\Windows\system32\rasdial.exe

rasdial /d

Network

Country Destination Domain Proto
US 8.8.8.8:53 we.tl udp
FR 99.86.91.107:443 we.tl tcp
FR 99.86.91.107:443 we.tl tcp
US 8.8.8.8:53 202.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 107.91.86.99.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 51.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 193.78.101.95.in-addr.arpa udp
US 8.8.8.8:53 wetransfer.com udp
FR 18.164.52.7:443 wetransfer.com tcp
US 8.8.8.8:53 cdn.wetransfer.com udp
FR 18.164.52.7:443 cdn.wetransfer.com udp
US 8.8.8.8:53 7.52.164.18.in-addr.arpa udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 tagging.wetransfer.com udp
US 8.8.8.8:53 public.profitwell.com udp
FR 18.164.52.17:443 cdn.wetransfer.com udp
FR 13.32.145.59:443 tagging.wetransfer.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
FR 13.32.145.59:443 tagging.wetransfer.com tcp
US 8.8.8.8:53 auth-session-caching.wetransfer.net udp
IE 34.253.114.230:443 auth-session-caching.wetransfer.net tcp
US 8.8.8.8:53 17.52.164.18.in-addr.arpa udp
US 8.8.8.8:53 59.145.32.13.in-addr.arpa udp
US 8.8.8.8:53 14.25.17.104.in-addr.arpa udp
US 8.8.8.8:53 api.amplitude.com udp
US 8.8.8.8:53 api.lab.amplitude.com udp
US 34.210.109.95:443 api.amplitude.com tcp
US 8.8.8.8:53 230.114.253.34.in-addr.arpa udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
FR 18.155.129.23:443 public.profitwell.com tcp
FR 18.155.129.23:443 public.profitwell.com tcp
US 151.101.2.132:443 api.lab.amplitude.com tcp
US 8.8.8.8:53 95.109.210.34.in-addr.arpa udp
US 151.101.2.132:443 api.lab.amplitude.com tcp
US 8.8.8.8:53 132.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 23.129.155.18.in-addr.arpa udp
US 8.8.8.8:53 snowplow.wetransfer.com udp
IE 54.229.32.71:443 snowplow.wetransfer.com tcp
US 8.8.8.8:53 133.2.101.151.in-addr.arpa udp
NL 52.142.223.178:80 tcp
IE 54.229.32.71:443 snowplow.wetransfer.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 e-10220.adzerk.net udp
NL 172.217.23.194:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 194.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 71.32.229.54.in-addr.arpa udp
US 54.163.101.56:443 e-10220.adzerk.net tcp
US 8.8.8.8:53 194.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 56.101.163.54.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 192.178.49.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 3.49.178.192.in-addr.arpa udp
US 8.8.8.8:53 beacons3.gvt2.com udp
NL 172.217.168.227:443 beacons3.gvt2.com tcp
NL 172.217.168.227:443 beacons3.gvt2.com udp
US 8.8.8.8:53 227.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 api.amplitude.com udp
US 8.8.8.8:53 snowplow.wetransfer.com udp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 cdn.treasuredata.com udp
IE 54.194.187.82:443 snowplow.wetransfer.com tcp
US 204.79.197.200:443 bat.bing.com tcp
FR 157.240.195.15:443 connect.facebook.net tcp
US 8.8.8.8:53 nolan.wetransfer.net udp
FR 18.244.28.5:443 cdn.treasuredata.com tcp
US 8.8.8.8:53 static.ads-twitter.com udp
FR 52.222.201.32:443 nolan.wetransfer.net tcp
US 8.8.8.8:53 tagging.wetransfer.com udp
US 52.38.117.118:443 api.amplitude.com tcp
US 8.8.8.8:53 wetransfer.com udp
FR 199.232.168.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 17.53.126.40.in-addr.arpa udp
US 52.38.117.118:443 api.amplitude.com tcp
US 8.8.8.8:53 82.187.194.54.in-addr.arpa udp
US 204.79.197.200:443 bat.bing.com tcp
FR 18.164.52.36:443 wetransfer.com udp
US 8.8.8.8:53 eu01.in.treasuredata.com udp
FR 157.240.195.15:443 connect.facebook.net udp
US 8.8.8.8:53 t.co udp
US 8.8.8.8:53 analytics.twitter.com udp
DE 18.192.139.88:443 eu01.in.treasuredata.com tcp
DE 18.192.139.88:443 eu01.in.treasuredata.com tcp
DE 18.192.139.88:443 eu01.in.treasuredata.com tcp
DE 18.192.139.88:443 eu01.in.treasuredata.com tcp
DE 18.192.139.88:443 eu01.in.treasuredata.com tcp
DE 18.192.139.88:443 eu01.in.treasuredata.com tcp
US 8.8.8.8:53 15.195.240.157.in-addr.arpa udp
US 8.8.8.8:53 32.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 157.168.232.199.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 118.117.38.52.in-addr.arpa udp
US 8.8.8.8:53 88.139.192.18.in-addr.arpa udp
US 8.8.8.8:53 36.52.164.18.in-addr.arpa udp
US 104.244.42.195:443 analytics.twitter.com tcp
US 104.244.42.195:443 analytics.twitter.com tcp
US 104.244.42.69:443 t.co tcp
US 104.244.42.69:443 t.co tcp
US 8.8.8.8:53 cdn.brandmetrics.com udp
US 8.8.8.8:53 lebowski.wetransfer.com udp
IE 52.214.202.221:443 lebowski.wetransfer.com tcp
US 172.67.69.191:443 cdn.brandmetrics.com tcp
IE 52.214.202.221:443 lebowski.wetransfer.com tcp
US 8.8.8.8:53 collector.brandmetrics.com udp
GB 163.70.147.35:443 www.facebook.com tcp
NL 20.50.2.28:443 collector.brandmetrics.com tcp
US 8.8.8.8:53 195.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 221.202.214.52.in-addr.arpa udp
US 8.8.8.8:53 69.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 191.69.67.172.in-addr.arpa udp
FR 52.222.201.32:443 nolan.wetransfer.net tcp
US 8.8.8.8:53 www.datadoghq-browser-agent.com udp
FR 52.222.165.229:443 www.datadoghq-browser-agent.com tcp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 28.2.50.20.in-addr.arpa udp
US 8.8.8.8:53 203.33.253.131.in-addr.arpa udp
US 8.8.8.8:53 backgrounds.wetransfer.net udp
FR 99.86.91.62:443 backgrounds.wetransfer.net tcp
US 8.8.8.8:53 prod-cdn.wetransfer.net udp
FR 99.86.91.68:443 prod-cdn.wetransfer.net tcp
US 8.8.8.8:53 donny.wetransfer.com udp
IE 34.241.9.152:443 donny.wetransfer.com tcp
US 8.8.8.8:53 229.165.222.52.in-addr.arpa udp
US 8.8.8.8:53 62.91.86.99.in-addr.arpa udp
US 8.8.8.8:53 68.91.86.99.in-addr.arpa udp
US 8.8.8.8:53 152.9.241.34.in-addr.arpa udp
US 8.8.8.8:53 cdn.wetransfer.com udp
US 8.8.8.8:53 www.redditstatic.com udp
US 8.8.8.8:53 s.pinimg.com udp
US 8.8.8.8:53 js.adsrvr.org udp
GB 163.70.147.35:443 www.facebook.com udp
US 151.101.1.140:443 www.redditstatic.com tcp
GB 173.222.8.231:443 s.pinimg.com tcp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 wetransfer.pr.co udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.youtube.com udp
US 151.101.1.140:443 www.redditstatic.com tcp
US 8.8.8.8:53 alb.reddit.com udp
US 151.101.1.140:443 alb.reddit.com tcp
FR 18.164.52.7:443 cdn.wetransfer.com udp
NL 172.217.23.194:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 help.wetransfer.com udp
US 8.8.8.8:53 checkout.wetransfer.com udp
US 8.8.8.8:53 wetransfer.zendesk.com udp
US 8.8.8.8:53 140.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 231.8.222.173.in-addr.arpa udp
US 8.8.8.8:53 2.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 173.222.8.231:443 s.pinimg.com udp
NL 142.250.179.196:443 www.google.com tcp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 ct.pinterest.com udp
US 8.8.8.8:53 166.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 162.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 w3-reporting-nel.reddit.com udp
US 192.178.49.3:443 beacons.gcp.gvt2.com udp
US 151.101.1.140:443 w3-reporting-nel.reddit.com tcp
US 8.8.8.8:53 ct.pinterest.com udp
GB 163.70.147.35:443 www.facebook.com udp
GB 2.22.68.187:443 ct.pinterest.com tcp
US 8.8.8.8:53 187.68.22.2.in-addr.arpa udp
GB 2.22.68.187:443 ct.pinterest.com udp
US 8.8.8.8:53 ekstrom.wetransfer.net udp
FR 18.164.52.36:443 cdn.wetransfer.com udp
IE 99.80.147.40:443 ekstrom.wetransfer.net tcp
US 8.8.8.8:53 safety.wetransfer.com udp
US 8.8.8.8:53 40.147.80.99.in-addr.arpa udp
US 8.8.8.8:53 download.wetransfer.com udp
FR 18.164.52.104:443 download.wetransfer.com tcp
FR 18.164.52.104:443 download.wetransfer.com tcp
US 8.8.8.8:53 104.52.164.18.in-addr.arpa udp
US 192.178.49.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 www.google.co.uk udp
NL 172.217.23.195:443 www.google.co.uk tcp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 74.125.69.94:443 beacons2.gvt2.com tcp
US 8.8.8.8:53 snowplow.wetransfer.com udp
IE 54.229.32.71:443 snowplow.wetransfer.com tcp
US 8.8.8.8:53 195.23.217.172.in-addr.arpa udp
US 74.125.69.94:443 beacons2.gvt2.com udp
US 8.8.8.8:53 94.69.125.74.in-addr.arpa udp
US 8.8.8.8:53 z.moatads.com udp
US 8.8.8.8:53 cdn.lamp.avct.cloud udp
GB 96.16.109.251:443 z.moatads.com tcp
FR 18.155.129.63:443 cdn.lamp.avct.cloud tcp
US 8.8.8.8:53 251.109.16.96.in-addr.arpa udp
US 8.8.8.8:53 63.129.155.18.in-addr.arpa udp
US 192.178.49.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 measure.lamp.avct.cloud udp
IE 52.212.68.221:443 measure.lamp.avct.cloud tcp
US 8.8.8.8:53 apps.identrust.com udp
GB 96.17.179.184:80 apps.identrust.com tcp
US 8.8.8.8:53 221.68.212.52.in-addr.arpa udp
US 8.8.8.8:53 px.moatads.com udp
US 8.8.8.8:53 184.179.17.96.in-addr.arpa udp
NL 172.217.23.195:443 www.google.co.uk udp
US 8.8.8.8:53 25.73.42.20.in-addr.arpa udp
US 8.8.8.8:53 www.checkforupdates.ovh udp
US 8.8.8.8:53 www.mega.nz udp
LU 31.216.145.5:443 www.mega.nz tcp
US 8.8.8.8:53 mega.nz udp
LU 31.216.144.5:443 mega.nz tcp
US 8.8.8.8:53 5.145.216.31.in-addr.arpa udp
US 8.8.8.8:53 5.144.216.31.in-addr.arpa udp
US 8.8.8.8:53 bit.ly udp
US 67.199.248.11:443 bit.ly tcp
US 8.8.8.8:53 megadownloaderapp.blogspot.com udp
NL 142.250.179.161:443 megadownloaderapp.blogspot.com tcp
US 8.8.8.8:53 11.248.199.67.in-addr.arpa udp
US 8.8.8.8:53 161.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 paypal.me udp
US 151.101.129.21:443 paypal.me tcp
US 8.8.8.8:53 www.paypal.me udp
US 151.101.1.21:443 www.paypal.me tcp
US 8.8.8.8:53 21.129.101.151.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 www.paypal.com udp
US 8.8.8.8:53 www.paypalobjects.com udp
SE 192.229.221.25:443 www.paypalobjects.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 151.101.1.35:443 t.paypal.com tcp
US 151.101.1.35:443 t.paypal.com tcp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
US 8.8.8.8:53 api.ipify.org udp
US 104.26.12.205:443 api.ipify.org tcp
US 8.8.8.8:53 US1.vpnbook.com udp
US 8.8.8.8:53 205.12.26.104.in-addr.arpa udp

Files

\??\pipe\crashpad_4660_BRKTSPQGKBUTBBVX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 4600ebfc1ec179e21666d9a3c9bd899e
SHA1 252ea2eb86305546941a402601dffd7c95fe8200
SHA256 38f95189266ad7e97bb044d547dc8566e14f1bb204c09a744677fded7f231390
SHA512 66e9c24e7da8f77b35ba7297910e7b676ede550b203d1795f5020a0051fec230f1a693b1ec7debd22ba546c60a842d39ef571a8cbc76b87cb61d8570ca0e320f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 99fc46643d7424e1189147ed11076a10
SHA1 1762898248eb71422704f28fa047df7f615c9a3a
SHA256 3f7d3eb4dbb36f7d640db9f50304ae73cdda65aee340152ac5d31d4735208c9b
SHA512 68ed662d97ce91c1f99294129fcb810868b341edaacb1df04c242088028ddec4ddba1e01fe8a13a417a74dddd6a63811aee5aa5b2a0923e33876ddfa441ca963

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a5760fd68621aedb647cf0d93098ac1d
SHA1 5f448bc6bba201a4629f81cfdddd5abf5561a05c
SHA256 5939ce1089b607377dc7b06f2705e8a6640eed80109bc31cc46188ae5ee8f893
SHA512 1ccd29b98d73c37c2be8f449be4214ced7dd1d12714049a4b502325620f5834f8cf892ccb5d7fd4abb4cc454147d0ac062179f4208f8da428b565084d00cf2c0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 115673cff995f167b5a48cbe3f793462
SHA1 43836a177084b0ff0d70dfe767f116f279b02b1e
SHA256 df2a6ba5b156d6841d53d55f4b20c310358baedc1f3c745a6b65f0706256248d
SHA512 bb40d6530109104c8b1911a828234548f84b8a7cd785d23665f40021ea9f0d11dd585b3c73d4dd7d6c675bf6e97ef4b5bedc5fc98b20a568094b5ac796c4a10d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 da91b1b6c7fb60d48c6322d369d2c2f4
SHA1 c9b9e8278ef241b1ec037d0bd4b69861cbe1f10b
SHA256 89067215334235d8a7a6c86640fab26add44741df1516203a6ad7d2f0d2de64c
SHA512 cce2f10bf102b85e1c9f8a7aa708a4aaee084db97b747facaa14e7e0d3f106d3e85b00790ad3a821c6001c30d227e6f29dc0ce3c06c354998bdfa04f7defe9d4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 921cf7ad5ebc97a592559884e152ebd7
SHA1 df729416af6760de328f51027ca46adb3c22b232
SHA256 a829edb239eb1437903c1d61dc45f2f53224b8bcc8f8d83c5399c48f663209ad
SHA512 8127e2fea51f24b62f02290517f6dfddd3faa8d3412de40092989356a3d20f5628e39b0277906cbf37affeb6eefcd9fec156b66bf6b99bca3e3079563344cb50

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 cb2fcb2eda2c879b084700772a82f1fb
SHA1 42b3d934a6f796bfb7be550ea1aa4fc4272002b6
SHA256 a9f67fbe75bcbeb2b58faf687ef79831176f53ded31cc667890ce66fd4a3379e
SHA512 54cf51f4927f4bb35f5b9c3edcc6d280364325dfa573a9dd50dd7e7aecea26bce3b0c965599d25e52647c3be5f661cac213bf128ca2f50b4b4ad5316bd66e7a0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2666e8762e62b1d4fed129ea3a4ba463
SHA1 7ae0b9906cd3e6af139532a422368cc580735e63
SHA256 c0d8b7b38aaad3f4e2073098a200442ba63d7bdf4bbf7780c4542efc42d0baac
SHA512 c0de3b307a59c7d59e9edf3fc9e3a5fc22e4f7054532110df62ca8b916dc921ed4a06d488cc3537577b188877652074fa5f16dfba6d2d3b986561be0a01d81a1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 750365a0dcc8e5d66a1bb2bf399f3cbe
SHA1 71373861c3f1d41036361936f21d5f5fa1e0eebe
SHA256 922e7aa623e0c4f8ba4e18f289a32dd83e840d14973ed0d0e3791e9c9feb6718
SHA512 26b882cb0189957da79815debe7ab7d698834a932191a3645f7c65a2cf92ad371b94a3c1414dde5f4b0db58e8520b367df7629802ed06603b0a72fd8f8e064c8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 7f03d16c102979fea72ab053d22b1fb0
SHA1 4ea3173c988ea5dec5507e0fbdc373961915a175
SHA256 92d6c779e3dbab2ea2363a98ec5fa7c6515c2d03055a1efdc4b534485185d70a
SHA512 58d36d194aa8f77b2f4179f7a9f2dc400fd844b435da09fa118bd7a02036ebc90b07aa47979bb67c52588d8ba1fbc1deddef43b3fb2c8a10d18d6c9a38526e37

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ccd8cdf732dee8be24f7b337ef1f782c
SHA1 4225257c97d4fe9a240cb974043c45fe1e845714
SHA256 9745968029dda838dba9796ecde3fff62022d25aef568810f155d03c219d9dfe
SHA512 27c91504ee065de175d9d2feff2268616199e268112e87f31249ff84dba99697fe16761cdf0c7a1306d980bd485ec752d34b709c0554c1edf6b745ba71beb2ca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 7528be90b222e6dbad017f10572946a4
SHA1 5e682c65e00bc8a96ecb8d84c9a356327cc599a6
SHA256 d90cebeed433ebfa959c60dafcdb041f7a6bc5b74e3df3f793f115b4db659572
SHA512 256af8845c7895aae8391fbd2c3eebec1525d8b29b504bb892d195ee58dd2092813c5bedade6921a4b623bc64f74a4d20414f592770b12baf9a7dfe8d52e7f09

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5ab9db.TMP

MD5 15aae3d086c49f7487547bee70118661
SHA1 66d19d73ccf7c7d7b6f5753ce087c6e521a6b383
SHA256 dcfac324338864470d088230e47a803c689b8bf0cccbb2788fc61352d8b28151
SHA512 b5a7ee8052932dfc505c97e04e07cc819790fb6d15297828f941ddc7ddd3d5f50c966f4d110bf56bc778491e0ee7c6f38a3fb9b460488b476c00d10402980d60

C:\Users\Admin\Downloads\Mega2.7.zip

MD5 b06ff1af98e5d519b9279964329ea5a6
SHA1 4549a68343dd031c65761ff3134a89d9e1af651e
SHA256 ab4724ad2cf545b27139e184ebbd15409fc69f2a1d3f021e1d47850d3c196af0
SHA512 820e1104ce9220b7fa9a3555dc9976f5822507b2306ca83501ed2a2413ca7eeef94e317326da621222fcae1540f91ce7208daa3fa8d3611d2456cb7d49406d4e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ae6b9497016927d12778bbd88f6572cc
SHA1 c0db28b4b264673bc5c66be8b7a6e610e5e58ca5
SHA256 7892191b6f4964cd9c43232ab433ac358041fa345094cdeef98f58e6e5784441
SHA512 dd572272e71b821bfa478bb66d3f597cc173d3217061a594eee916b5a9d1519b44f3d106d1902abbcc61b401d0bca2de08ab779be3deca3b33dc5995756ed27e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2ded11884af07e5990549aef21afcc0e
SHA1 087994bdd0b93b744723cffbf435edbe0dfe39e3
SHA256 764b565a46c5767823872d1cf01012187c4d6394aaf66ddb9d5ddc7bc1b7f8d0
SHA512 7284f3a04425a81b7934697668cab0009de22911d3665f611f93213135c1dc203fa373db71ba37e550002ec56f4ed921c931e49bbab45b255ff795321c01a037

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 6080d63ab1cbadbfc178f3544ddd26bb
SHA1 a51be72b6bc1106590b13fcf51491d2e5e83f9d0
SHA256 1636eca5b04502b0ca39c4ebb98130e731c1a2d35950cf6de780ce82d64e33f8
SHA512 2bf1c8f1e15fe7636a86811504e3d60f06483bc23d2ff4f7cf525e4056163b10978f957a3582c2f0687a70822f7e9cd29b5c21608de9e13fafb5a110b7552bcd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 907a882e180b47593727f6d9da208ca5
SHA1 f2b1bae369399e516535030d2a65b4161de1e2fc
SHA256 d34c2807060731a7048c066f494e02356c1b74413c50a2de38b0e3205ae0e567
SHA512 5c9a8f3d5552aad20082747e5f2097c69e0ca933858d5e2c638a1fbd4b866bbb9480237f189e91f0e8334373d5780a47fda655bd47a63598eaff70591d4207ca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 12c1df9363a1086ef902860b19219b28
SHA1 2f9cd46181bb4e070aa6a664a51fe5fdb5bdd6ca
SHA256 1fb055ab87eee53a96bce880a93a52a44fce729f6411359db4eb08de481be93a
SHA512 7a58f46d7a57fcc40ff20d58852789a21a93e5a03d8952a6e6582de1a5909715511726b9cec806395964b428ff733dc7ea1d26aec0775d6dca610615bd46cbde

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 528ae81e784fbdd9f475797985ed1a3d
SHA1 ef1d66dd155757528ccc6a106f6c58c6395cd874
SHA256 84b375ad5e52b007c01244dbaad1cde2d7882c7039e46148200e77e9fc1d1ca0
SHA512 84d3f7e4d6ea6049af37a6c7bf35366bbe137060362f436e1e2451a61f3251477ff4b4f001252a05319d5a588773e8e883fa1533c189644ff5f037eb460bd977

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 cf7994b5fd2208c356c1cee82d17e8cc
SHA1 161d96b9ea096b2b4a49848929a9e8155df96c8b
SHA256 06bf077ddc85271d148cf670bc5fa17a21264ae4f3128f5322d67a0283c52278
SHA512 89c2a66067276b6151f67b2d980f37c41edc40e240feb4c863b12fb84560a4e4e24e7895213e4b9b670fa7263b8b054942a874e2d914bf0c7c0d401b3ec2d091

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2d4517716a8bc4e642ef49a30c51d27b
SHA1 94ac0fba57f340e216d6c2775dbc62eaed6f81fa
SHA256 774a284bab7fbc7a310d7e2fc57749627a3f326a51250ff62a90dc59b4b06dd5
SHA512 abdb56e1c2720de746d0401304934d029c02f98776c1760058d4964c07aa3f5fd301fa6ee86266ccd8eb9c66882a30bd2a7838fed494e71a1af883df4ec4217f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 29990493c5e30a3884e31a2475739e74
SHA1 e30bf261a9eccb386791ffa6d7d6e24ce2efad2f
SHA256 9865912f43f39ade3ee0c7a50bd810245202a6ef36b1cd2c947049cdbec6f7ee
SHA512 8b9edd75371e2ad8ddbba0f41783315faf5624c8836cb1ab57e885688882b379984ebd22e310a83d3efd36638389491a8ed77f8abaaff07b219da7cf0c5aad63

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 70809b9fe146d76650763dbd06566418
SHA1 a7d7c7cd3056bea06d7fa0931be79be13e34e867
SHA256 12037148a5b6c7fbdd23c054f27e844e0393f786f1a227ce41a30bd624333b24
SHA512 5dd6607917b36b2d964a368c8aa4185f3254629286164d306bdfe50082e5e240eaa469a055314a4e96b7e8db93f8633a39fe69f88b69ac7b5396748c231df78b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7023a2e7bbeaa650bb31c785028bb2e8
SHA1 e52363caec5d73d4e94fbd9ba559502be0cc17c4
SHA256 69fa2930687da42413576f308936550583924f7e30aba5e14561feed7470f8b2
SHA512 ecba5ced730df5dffb88f1b5ea6d537cc7cafce340f67be10f501c8514c1aaf701f8471bb236a283851e50834b8217fb14b51b0817c9f3b38b78efc3faca9e74

C:\Users\Admin\Downloads\Mega2.7.zip

MD5 90e951865f805bee7e41b4dcdcbe21d6
SHA1 91956612a4c3d100b7fe0b949e12b14c70b07c9e
SHA256 1f62b8e0d6b7340c7b9d82153c69006ab446b29df4e0ca4df44e9b850a8367ef
SHA512 d9d02ec78b5bd60bb92c1903f650a18390ba51382cf215aa57f4d0f806093e47fb3495e9a64a78bacbdf2f2f7abbbaed38a780f20e8187d40abbabb1d7dd10f6

C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe

MD5 34d30b2437e9a925f6f5a637caf44319
SHA1 85667cd3d9f98b71003a24c6703a1df3e8cdf13e
SHA256 41317840ff3fdecf12cabc31be45cbc7eab0d26dc75c34bec32c965be177ea9b
SHA512 80a7c208d948416c827a3b3c1d21bbde91fb3a149a226217a1cab2a730996d85c32220b19ec3893a2137d3f252a896866ca036e86800ae0d2810771d9c8b42ca

C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe

MD5 e623f754f59cb7901403779a669e1e21
SHA1 d5a4f29718e618e78e29f6470fb28bbc8f8e6bfd
SHA256 e7b89ee3b6588295f98eda96e4f44e05308d88d9675c55e9979bc60d4e182428
SHA512 604841aff4a3f4a529d0675474cacc6b76ef040c1e9ff057898fadee8568c031b9853e46a879b4b34c1339d3f1b7763ed710665d7686f2b22ad075fccd513f78

C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe.config

MD5 c8b38d73df4c949fd1b72789aca72aa7
SHA1 df881ef9b99ef6e9d232583ba5c94f551b30e02f
SHA256 e75c9ce0563f560e123d714ba7576ecbb06efa342dafe9671d0f7bb73dc0ee26
SHA512 517494afc0900bee9bf6022452fb9ab90da1918faee2855eda5a43cc66a82138793e4d43032ee6bdefe9b23d76a57fb06854c11b035eac1dbcb950ff878a2f92

memory/4684-645-0x0000022FCDE00000-0x0000022FCE3DC000-memory.dmp

memory/4684-646-0x00007FFEC0BB0000-0x00007FFEC1671000-memory.dmp

memory/4684-647-0x0000022FE8AA0000-0x0000022FE8AB0000-memory.dmp

C:\Users\Admin\Downloads\Mega2.7\DevExpress.Utils.v23.1.dll

MD5 6e14957f00ba10cf4cf5c465aa020584
SHA1 1ef03dceb54a969f85883f8aac5724f62497ac5a
SHA256 94cef3c0c6a00aa645949e156a326e0498b2c407dece09a46ef1e1d1d1288cea
SHA512 b315e42322faadc50bc12d325db6b60a81eb6f72c6f54cbe9568e490d5a7089ecc53be619d9093e962531ce0a11a2758557c0f41186339a8e7f35a0451d60934

memory/4684-649-0x0000022FE9E70000-0x0000022FEB222000-memory.dmp

C:\Users\Admin\Downloads\Mega2.7\DevExpress.Data.v23.1.dll

MD5 28db7913150d484715d8a9112f924c43
SHA1 5ca532f26f0b6f6716e934468f39106f81599566
SHA256 ca0996895de66017d8d3c68555059eae8bcc840c85466abff900acb2810ba6bb
SHA512 7eec0422454a9dcef088bf2cc3ac64c5096235aab1b0b532ad22fbbd92340083b2862dd60766f3c6e9fc5b664bc2622683f1e19a565532ecd60f728d87bb6b6f

memory/4684-651-0x0000022FE9000000-0x0000022FE9550000-memory.dmp

C:\Users\Admin\Downloads\Mega2.7\DevExpress.BonusSkins.v23.1.dll

MD5 8d618707cdcd581d7d300075d0af1089
SHA1 35173bae6f914cafb9650cb009c6ea7b537e523c
SHA256 afc76e431df30326a4a2d6695c646ca70dba4127022d15f37de0118ef4703562
SHA512 10b5553a1418f3ae49186032bce95e5dee9e4079a1618780db757dc4b35511af046f2a3b10ed067b450b7ffd2cdbcc2814edc227b96b18e2b4fc26a165b3857a

memory/4684-653-0x0000022FEC7D0000-0x0000022FEDD66000-memory.dmp

C:\Users\Admin\Downloads\Mega2.7\DevExpress.Drawing.v23.1.dll

MD5 5f60ed5fdfceb8e8a09bd8e7252c15ea
SHA1 82357c7e7433119277a43d20e4639e7e13353966
SHA256 31911e9bae6264b05cb463c5f6d6eea70570706f7e01a52d40f38979e4adba4a
SHA512 2bc428b87e451f467b7a8cdd0b8a125ae0a6245ad33d031ff0c13c34db4717d5195236bfe4a80363353315eb68c06ca69313e079590b26ab8931b795d78f2109

memory/4684-655-0x0000022FE8CE0000-0x0000022FE8DCA000-memory.dmp

memory/4684-657-0x0000022FE8DD0000-0x0000022FE8EB8000-memory.dmp

C:\Users\Admin\Downloads\Mega2.7\DevExpress.Data.Desktop.v23.1.dll

MD5 0b2f610f72370cf4bcc0d43a9fbdf7a8
SHA1 38ac909ad9b20fa341a0831f971f68468cbe2b1e
SHA256 caccc9136721cea2b24e137d4523f0af77230717b185b2a94783f71ab8d65eaa
SHA512 7f3814b5ef94f31d3926539d46307b9a67e02b4f879c7f01b0b124431671ccf7fdacf0efd868ed100d3b706cde4c6dea39d78b7cd1d8c0b78d8730761b976e93

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 37665db942811d97c9483e3334da1939
SHA1 b7203248c1acc4131f8736c756bceb1c0b004a02
SHA256 7daa41821b2f63c65488f48d068e535a12f6c3030782144990be5a07e6aecbee
SHA512 db7af2efc475f398dd9da9d2acf27dbe03d583bda2a07a9b9768c62726a6c805ef7ee9331aefb8b84dc96a9af3ef4776a55d2c9ae2474d3dda168a5423d97fc8

memory/4684-668-0x0000022FEC300000-0x0000022FEC35A000-memory.dmp

C:\Users\Admin\Downloads\Mega2.7\Bunifu.UI.WinForms.1.5.3.dll

MD5 41c216d27c71a227774e680e95e99f31
SHA1 0a2a93d4ecbf4bbec2faf110066c6b4472b0dbf5
SHA256 012d717b4ac00c3686a772757f49c1908e223624e3974314cdb9fc9291073305
SHA512 e355ba11e41b668e4459f709e87c3e212c8986ea894791d9155791ea9d7315372fb51531eb69204ed2ee38e242de7629e4a2f090c05bf9deeea9ea965ffaf651

memory/4684-670-0x0000022FEC560000-0x0000022FEC5CE000-memory.dmp

C:\Users\Admin\Downloads\Mega2.7\ObjectListView.dll

MD5 17c2c609a19272baf4dd006bad1b2453
SHA1 64d90f05fa2a2b8fb46d75497f02a12dbad580e6
SHA256 cdc41a79d711fcc36e97911f37d66a010bae997ecd3712a4eb44003473a10dab
SHA512 436bc7996e78932482f0ab295f1aeb96eb539d5fb76a7338de191534671b9c26140eac27a9eb1bcdaafd0f2efd98026a3e6755b6efb1aed999e140697f10a9fc

C:\Users\Admin\Downloads\Mega2.7\DevExpress.XtraEditors.v23.1.dll

MD5 8ee1408d30b95c75494810240654f214
SHA1 df1fade4e5511e48c3a932d1d6999885b7ac140d
SHA256 1fee97badf776708c6ff57b825fe110a346ec645893da1bda46d5fe4f6ea5016
SHA512 ec1630ee59156889008fadac845fc551f200596eace878048e84dbb3c10cb62a22c9c6a1d4131f7ef78fd8db11d048da1585b3a9a7db3300e9d2c52ecec935c9

memory/4684-674-0x0000022FE9DB0000-0x0000022FE9E2C000-memory.dmp

C:\Users\Admin\Downloads\Mega2.7\SharpCompress.dll

MD5 8dfd5f8e773b0018ddc344e69e91d0c0
SHA1 e63128fc83172906a2ec2508bd5e721819948311
SHA256 d24d637f0920b7c94bded7905c562cb3bb1b8f1b6f8ade8f84c25f749112343b
SHA512 9cbd8e5e40546a4b2d4f31795273d0512a10b7035e9d7984f3ec9dc8a6b7513c82007f8edfb23e91c451b7d87902803b12eac11dbb586ecd00ff6a4d019dfa1c

C:\Users\Admin\Downloads\Mega2.7\DevExpress.XtraBars.v23.1.dll

MD5 1bf1ec7493849a460a6607208022824a
SHA1 b1c731d575d0f34ee99e19054b95ab8d692a9d4d
SHA256 7320cb6deaa366dddb3be07589ad4a5c4e96f6f4a335039b387cfc13ba85be70
SHA512 fdc122ef0e9d412d33c7233e3ad135da88f85f321d76f19e450773af397b4ffb3eb7a239e79a6a3ec6f6e9808e8a3df8407cf7278af29d524d8c89766f116451

memory/4684-672-0x0000022FEE550000-0x0000022FEED24000-memory.dmp

memory/4684-687-0x0000022FEED30000-0x0000022FEF3E4000-memory.dmp

memory/4684-688-0x0000022FE8AA0000-0x0000022FE8AB0000-memory.dmp

memory/4684-692-0x0000022FE8AA0000-0x0000022FE8AB0000-memory.dmp

memory/4684-702-0x0000022FEE050000-0x0000022FEE0A0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5816379172d184fc8c761638af45cbcb
SHA1 d5b7d835499cb3e6743dd918b69fd74f253ee90d
SHA256 1c13bfe04c82bce9486daedd5c0f612a3e35b7c837783b4557580ac52aab1a9a
SHA512 2af4d4f6112dc60d3360085b4b75c3b0e88f2aee124cc014521a1d60050309513625beb39317a77cca3e8e810d1be4b4d6cc48f37898d0c64543131a80b3ba1a

memory/4684-714-0x00007FFEC0BB0000-0x00007FFEC1671000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 088ddb373fe5af5e87b8171bd276d76c
SHA1 a630cdef58a04b19c36c5b9218b0d4074a767c6f
SHA256 1cffcf1c4e438a55ba6e4bb267b550b91be372c4f39e84bae67380fb971246e7
SHA512 6c44e01fb2d0951ccc39e9dcf73146a84b7ff1241a7506e34c444f1ece5523596af549c5a336443fb84e78cfbddd03be17e0c97b315846db2f846367ac16f803

C:\Users\Admin\AppData\Local\MegaDownloader\Language\en-US.xml

MD5 93e68a613f33169bc0ef56c39f8e5b66
SHA1 80e3d00cbd49791703098ff6fa683b5be81238aa
SHA256 bc758d067d03984110c21cc76115807be4831bbd0fec92ca4076773d5417f51e
SHA512 2b6e65853ad27130797f7f765d8b68b353ac9946d8893eae80a9e213ee680f4b4619bf5bf747f1e7570e494f73ffdf445b3cb4a4d7207d904d28115004da8eb0

memory/4684-734-0x0000022FE8AA0000-0x0000022FE8AB0000-memory.dmp

memory/4684-736-0x0000022FE8AA0000-0x0000022FE8AB0000-memory.dmp

memory/4684-739-0x0000022FE8AA0000-0x0000022FE8AB0000-memory.dmp

C:\Users\Admin\Downloads\Mega2.7\HttpServer.dll

MD5 41e52d7c2e40f9cce8f853cb2c747f10
SHA1 03b61198c5616c29a8997f104dd8d90800bafa74
SHA256 93e47857cecd7bc9842788e445584e43073e2438facb2d76e7837b6c40d87144
SHA512 04bc2daf29bf9effed3d4019001658f700bff6b91df2fccd3018a0f9363463a8345b10d894ef951d94d1865c64dbd7a9b46d1978388f1e74acef942321d9d72d

memory/4684-744-0x0000022FEC730000-0x0000022FEC756000-memory.dmp

C:\Users\Admin\Downloads\Mega2.7\updater.exe

MD5 6d2ce417d4ceccfa285becb8e2f67942
SHA1 41ddca742d6744f6ec9b1cedb6f8f9d49d7dd27b
SHA256 b30df763bbf463c582b1a2847f7b7b5a48f188a2ec8c2620a39e7f44ffe5052a
SHA512 a22f0ed06194f154c34fc2a08becb01bf91614298b0077377f5731b321843b5bda011b6a610d3fe39c15660bc576f7fa738be3b558b7c968675b02aea958c1e0

C:\Users\Admin\Downloads\Mega2.7\updater.exe.config

MD5 1723c30fa0bc288779f22d047f9dec4e
SHA1 17377560673d239f256b56762cb4b2f0a8e78c45
SHA256 d5a5377273b8b52373d60283f321eee6c3b16d36b920101fa9a18af946deca79
SHA512 88bf9988a72f2f12e805d1e41b95be4dee4bfbb970ff69a66854b8e82a7b475e1f094fc74140277e81b4f9e39dc1e350b7a12d301c7bfa24291fbd793c74f4c8

memory/4080-749-0x00007FFEC0BB0000-0x00007FFEC1671000-memory.dmp

memory/4080-750-0x0000029114A60000-0x0000029114ABA000-memory.dmp

memory/4080-752-0x0000029116630000-0x0000029116640000-memory.dmp

C:\Users\Admin\Downloads\Mega2.7\AltoHttp.dll

MD5 84c7c781e502fec273d4049be8614830
SHA1 dfd529deaa203ee23e2d5273fc34c41082e5f649
SHA256 e9b8a179bc8ce0711a7163690c629dee7406ee213c960da85cd54b412af39643
SHA512 e19095cbb262c62cc5b031d25ad0e916d4fd067da5a760269db98c7caf27df80af7dc99b664f52fe8e1fd3d84595989c44e5aa3471156fc0bdea8338d5003068

memory/4080-753-0x0000029116760000-0x0000029116770000-memory.dmp

memory/4080-754-0x0000029132380000-0x00000291328A8000-memory.dmp

C:\Users\Admin\Downloads\Mega2.7\passvpn

MD5 592f4263bc3a9623b511657bce40780f
SHA1 e1478fbd85ecb185cffa49b55b47da79899fe9ef
SHA256 8314062dff32305d2b4789ad7ca68c1a49600ee6329c69072c1905e7f552188e
SHA512 f311eb509cadae81acc0a47c8ec2248f24d64461076fc50cb6199d532ff21beb6ca2db218af4eb1af3aae9d919abef9b9e91c514a48eadd9ad3f76f93bca97bd

C:\Users\Admin\Downloads\Mega2.7\pVPN.exe

MD5 e4691a70cdbda5e5662d0d8fd66796cf
SHA1 b1bb7bdd52064b04b31db5b200d5f91a6cfca850
SHA256 95bf12d8ca061b59c9e32bdc9aee7fcdc4b91a3580dd7f04af91d2cbeaf556d4
SHA512 549b90b476cf70b114a01c6d75fec70782c17f0e739a4b054cceb975d7ac6ebc54a10732dff93d1f1f23ac64d37a88a3e059f8c94cc6810475f568bc10d75278

memory/2492-772-0x0000000000FC0000-0x000000000261F000-memory.dmp

memory/2492-783-0x0000000000FC0000-0x000000000261F000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 876efa43db552e01a327174d20392ff8
SHA1 8bbca24d407ca989b176fbeb8a4d1051bfa7e91d
SHA256 905a03c3ce28233a07e721877e344638e68c83a6482f20b11bcb579dcdf1f374
SHA512 fc3f542ea1983ae59926087072434468c74980008d4273909db730da7442b0838dc0abee9ab36378efec4175daf63efaca2caacaf9a9a739b6b547328da54259

memory/4080-793-0x00007FFEC0BB0000-0x00007FFEC1671000-memory.dmp

memory/4080-794-0x0000029116760000-0x0000029116770000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 631d2c5b3fd6d8cd7ed25d722c57380b
SHA1 1ee00adfe1da44a361c7a8691bb1fe081450130b
SHA256 2c4e88b2e138e313debf2dcc763a2f22fb171dd807afbe273111a655ebb0747b
SHA512 1268a1439f8ad06b90ea9c5d5421eb661fab3391a7c1e9ba31e23aa3b0014fd85443ff68f28995c9a8fe732234dd2648613d80579a6ab53b43e9443aabcdff3e

C:\Users\Admin\Downloads\Mega2.7\VPN\VpnConnection.bat

MD5 4a6add7ac3bf14c93496ff328149c3fc
SHA1 1c4b41f47a4b707c6a06ef198c973501c5a1cce8
SHA256 1b784647fcf872adec1c91b540c9b7de36c876a9a9b0830d96de5b9d7afbcffd
SHA512 ee6197830d16d4c5e9e3d251304dfbbe0d7eb611ca7eb4eb42d0d591961b151ba94d521157e9d81b6c0ed04db9776f5f66df9352ed52d0b2641664de2af8ff0b

memory/32-807-0x0000000000FC0000-0x000000000261F000-memory.dmp

memory/32-809-0x0000000000FC0000-0x000000000261F000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a277e84556293f107e9a1454232070b3
SHA1 f99cba8fa7e78c9f53aaabbce313aedf045b8663
SHA256 c7338b509cce9c0a626d3c70d4d7bb787a33fd27bcd0bba1c9874714d77e4d9c
SHA512 cbd93b80f2a5f6006fac26dbb5b735d00d5243d1c391504a49e0e573482c58a737265b4e54aa3634d7f06b960b433fca4267ffeb77a3eb6f50531e8e4e33f339

memory/1784-821-0x0000000000FC0000-0x000000000261F000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4d6e17218d9a99976d1a14c6f6944c96
SHA1 9e54a19d6c61d99ac8759c5f07b2f0d5faab447f
SHA256 32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93
SHA512 3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ff86d7203b23de5031e8d8bf11dd501d
SHA1 b78035b0f86dc81cf0a2b7765d8923d4d175a25b
SHA256 fbd1ee8f46ff4dd5b295306032d59318d0e6d1ee694e70ea5920a99ceabedfc2
SHA512 3e6d82cf2fe9769c04fc0ee7b39dd55c2f8d6fece364fa772eaeff66acc102887ee648dda61e373a35b1573701684e61c67aa717cad26f0d2906f47f20cac2e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 82133788827e3056beeaa43b5e117b3a
SHA1 f4fbaf3286407c3377050ceb3acf48db44ace155
SHA256 b3e3afa57d8188c058fec95ced3a83e8009dc090eff00fa69e6cdf21d8904450
SHA512 ac1d78130cb979e75bd5351995f452d0cfcb137127087dc71ac21dfdb0f4f91ba6ae5fb2a908f3e275bf913dfc1f73a237aec3625b3fcf2c01bc14abd58adfc1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 1c7ec27d94da04714401b9adf0b17756
SHA1 3e18d51664cd7c8036552c1557391ae0e7d3363d
SHA256 57be391e5772faf9845cc18c3b6c5e428c1181feaa56c5dd4c4d16472c9ebb52
SHA512 067ce3414a4fdadf8b1fbc79cd0abfdbde43e60b848d9f06e1310f3c1192ab2135347d570baa9c1eee1da941f70e66a85ff4a82fcd6286268c542c97a5f2ba24

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 bd70d1f832727ce0b36eb6e27bb414ef
SHA1 d532a3c77c2270cb4dbe49c45dbfdb82e2638f25
SHA256 e89cef4ce98fceca622d5564caa7589fb473793bc1f332140cf47fa32e8b249c
SHA512 b97cb217d5addf2f8898a120f39deaa9b68b181d9a206e7b825616e47b530ad1aebcd5b68443726b39ebbc73c9b0a84df01ac8c33936fa0f06512fd4f3e04bc3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 906f65a44e6ba9142c7485e8b58185c7
SHA1 aa029cd8c628079513ad26281cbb0e2377c085c7
SHA256 e2f4531d40f01207dd0117bb282fc839955db98a6d594a6e20c0f618a1134cfc
SHA512 16df714f72f83af44cbe4f74c013bf1075f9fdb13127c46d121857de59aa5dd865a2b3010e443a7d10c81789e08b2942a0c860a575d2eeeff17d16a6f09d789a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 700cfd749a2736a079febc1f7fa493ef
SHA1 73b4901f2d097d68adc3d077e58514554f47b270
SHA256 d3e74ba5446915b54d4493912c2838277e79aa5977ca40940792f032efc07c11
SHA512 08c9837f4481c96ed48b4313b7b9dd9293a3ab290c6f25cc324186f03079a2ca392926382f0d244c03473f9bca229eee4c357bf6641c7a44e318cc5a51935c02

C:\Users\Admin\Downloads\Mega2.7\Bunifu.UI.WinForms.BunifuTransition.dll

MD5 db7e06b950f15c1a799d2a049122aa5d
SHA1 445ebb73a64bf910bea401192784446d298bf106
SHA256 c6e038ab3cc0b56551e3613506a5b4028b796a6424ef3c66ef310c901c12f8d7
SHA512 b8f9c9b9e487565f0920dba28a6fec75ff9dcf20ec16988d63f2df7ff2a935e117b98f74f780c6f6806a58d217687cbf4bfcd5de19de2a121998f7291900d119

memory/4684-1010-0x0000022FEDDF0000-0x0000022FEDE0C000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7e44d1c4761e9d434046e5e0a4e66f1e
SHA1 443d35ec376263762826419f789e6c6f90d6faab
SHA256 d07b949e30d37da2949176cca7ef17034d957edff39b68c9566df6381e10c639
SHA512 af174479b7f865b266ca9ac2c1c8c07de9cad68de392b44aeb266aee663c454c9d8df98fca51743bf9ce786f7eb719760b1ae9b88c15f47039ae4212b025475f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 fd0493bedb248fc605c2d0d1c51a3b92
SHA1 e788daba6c9b95093802a010a9ef9ed7326fa2ea
SHA256 16bbfff03e5704ca4e7dca28fba14f9d2dd3a4cdaea92b8c457efe4476a4a178
SHA512 f586a84119ed25555fd761781e7200d7889db9a76a923925d52fa74c2110ed8bb71cf1f90489c2461116d4cfeef1304e4bdc4d683dd95ef6ab12a5e07bf25209

memory/3064-1031-0x0000000000FC0000-0x000000000261F000-memory.dmp

memory/3064-1033-0x0000000000FC0000-0x000000000261F000-memory.dmp

C:\Users\Admin\Downloads\Mega2.7\MegaVPN.exe

MD5 ba1a3c2720f6e18edd51fbfae8b1d929
SHA1 6afeb3ad6c46df7de16b9bf64d7a961bd40b3be3
SHA256 2875813b92678b25d009bd15d8e4f13179c52678ac7d50364700e92d53e76239
SHA512 dac8936923395befd3cbc750c50a856401e6b77d872c38cae13ba24dba149fd94a1380cf33f033c003b61f48d7ad68558f8f671d7e6ab27ee77285a3c606ea72

memory/4684-1035-0x0000022FEE500000-0x0000022FEE540000-memory.dmp

memory/4684-1036-0x0000022FEE0C0000-0x0000022FEE0E0000-memory.dmp

memory/4684-1037-0x0000022FEF740000-0x0000022FEF7EA000-memory.dmp

C:\Users\Admin\Downloads\Mega2.7\VPN\VpnConnection.pbk

MD5 a06841990bf706d15e228ac0521bb123
SHA1 cdd518c1586aeae6641c51989827d1a20da832e6
SHA256 4797458957a6ee0035aa2030c1d7bfdfdd3a8c7137f4f06c7c173943d34ff3ca
SHA512 e1642c1579012a0f0079266bbf4e7cd1efa89619aff1e96bedd6ed3499e5797008aa6296ace172dbd92222d33375f52a91aafc048ccfc3d2b86ddd0c095a8aee

C:\Users\Admin\Downloads\Mega2.7\VPN\VpnConnection.bat

MD5 d2a642c54f4930d4ca621651066befed
SHA1 f57864656d57c409954f03cedde827e6f6b36663
SHA256 61ba02d42d69be551acab0df2659d1e978758672180da25cdba1346e74e22dd5
SHA512 448bd4e8c7c0632229e567c4aabeb43a361af4c33385f8f29fd07e796304dc85c8a600a590fa96e3d0fdb1019b24669df8d6bb7ed47d1a47265530c349dff8d4

C:\Users\Admin\Downloads\Mega2.7\VPN\VpnDisconnect.bat

MD5 b1bc049f9647b3749a0c62ff63df5a2b
SHA1 2cb59b5ec0c8e1a495ecaf03e929b71692d23a8e
SHA256 a8111c2a65db858aecbbf3e44aa29e139778a57ebf2ba6deb047e16559d42732
SHA512 997e91f1ba12fff5fcf242672bcfb8c0556171e20e4869fda8a7f9c82a28e6b6bcee25be3ad7922a5f851348f12c9c99af63821495a15caf501c60892505caf4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7b28b1a35fab4cba0272de94a6a03857
SHA1 c31318c2b2cc62f4d82ec598fc45e5a5f24f447f
SHA256 10ef0393f150ad5fc9bb48f4c341b7165edb68d2845e0f81ca317039b3de935c
SHA512 a0fbc3ef3d5e7a810b822dff4df71703269421ed01c12fbc2b0a4041184c29bc8d2614b695924836553ed28f66a5392ee101dcbbff5ce8eeef4e4584a1211f11

memory/4684-1064-0x0000022FE8AA0000-0x0000022FE8AB0000-memory.dmp

memory/4684-1065-0x0000022FE8AA0000-0x0000022FE8AB0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5e08d9c6eb21982902b744e78171c631
SHA1 8cdc94cd414e96a120457ed18e123af9f3285870
SHA256 74c1f8b0214e666ed1900fd31aab322b527c8cf3a01a98f907cc51c4d767a02e
SHA512 2078bd49f6e9d08ec607109e2d441f8545d67adb912c372ec1ef164fe9870ee1cbd87ba92e4917a537a24579631100e616b4b7631ad2b959cc782a3f7f2300a5