Analysis Overview
Threat Level: Shows suspicious behavior
The file https://we.tl/t-laJQadT9pc was found to be: Shows suspicious behavior.
Malicious Activity Summary
Checks computer location settings
Executes dropped EXE
UPX packed file
Obfuscated with Agile.Net obfuscator
Looks up external IP address via web service
Legitimate hosting services abused for malware hosting/C2
Program crash
Enumerates physical storage devices
Suspicious use of FindShellTrayWindow
Modifies registry class
Suspicious use of WriteProcessMemory
Suspicious behavior: LoadsDriver
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-12 16:41
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-12 16:41
Reported
2024-03-12 16:54
Platform
win10v2004-20231215-en
Max time kernel
519s
Max time network
518s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Mega2.7\updater.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Mega2.7\pVPN.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Mega2.7\pVPN.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Mega2.7\pVPN.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Mega2.7\pVPN.exe | N/A |
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Downloads\Mega2.7\pVPN.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Downloads\Mega2.7\pVPN.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Downloads\Mega2.7\pVPN.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Downloads\Mega2.7\pVPN.exe |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133547355643934429" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\psiphon\ = "URL:psiphon" | C:\Users\Admin\Downloads\Mega2.7\pVPN.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\mega\ = "URL: mega Protocol" | C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\psiphon\shell | C:\Users\Admin\Downloads\Mega2.7\pVPN.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\psiphon | C:\Users\Admin\Downloads\Mega2.7\pVPN.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\psiphon\ = "URL:psiphon" | C:\Users\Admin\Downloads\Mega2.7\pVPN.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\psiphon | C:\Users\Admin\Downloads\Mega2.7\pVPN.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\psiphon\shell\open\command\ = "\"C:\\Users\\Admin\\Downloads\\Mega2.7\\pVPN.exe\" -- \"%1\"" | C:\Users\Admin\Downloads\Mega2.7\pVPN.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\psiphon | C:\Users\Admin\Downloads\Mega2.7\pVPN.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\mega\URL Protocol | C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\psiphon\ = "URL:psiphon" | C:\Users\Admin\Downloads\Mega2.7\pVPN.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\psiphon\URL Protocol | C:\Users\Admin\Downloads\Mega2.7\pVPN.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\psiphon\shell\open\command\ = "\"C:\\Users\\Admin\\Downloads\\Mega2.7\\pVPN.exe\" -- \"%1\"" | C:\Users\Admin\Downloads\Mega2.7\pVPN.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\mega\shell\open\command | C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\mega\shell\open | C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\psiphon\shell\open\command\ = "\"C:\\Users\\Admin\\Downloads\\Mega2.7\\pVPN.exe\" -- \"%1\"" | C:\Users\Admin\Downloads\Mega2.7\pVPN.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\mega | C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\psiphon\shell\open\command | C:\Users\Admin\Downloads\Mega2.7\pVPN.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\psiphon\URL Protocol | C:\Users\Admin\Downloads\Mega2.7\pVPN.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\psiphon\shell\open\command | C:\Users\Admin\Downloads\Mega2.7\pVPN.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\psiphon\URL Protocol | C:\Users\Admin\Downloads\Mega2.7\pVPN.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\mega\shell | C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\mega\shell\open\command\ = "\"C:\\Users\\Admin\\Downloads\\Mega2.7\\MegaDownloader.exe\" %1" | C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\psiphon\shell\open\command | C:\Users\Admin\Downloads\Mega2.7\pVPN.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\psiphon\shell\open | C:\Users\Admin\Downloads\Mega2.7\pVPN.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\psiphon\ = "URL:psiphon" | C:\Users\Admin\Downloads\Mega2.7\pVPN.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\psiphon\shell\open\command | C:\Users\Admin\Downloads\Mega2.7\pVPN.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\psiphon | C:\Users\Admin\Downloads\Mega2.7\pVPN.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\psiphon\shell\open\command\ = "\"C:\\Users\\Admin\\Downloads\\Mega2.7\\pVPN.exe\" -- \"%1\"" | C:\Users\Admin\Downloads\Mega2.7\pVPN.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\psiphon\URL Protocol | C:\Users\Admin\Downloads\Mega2.7\pVPN.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Mega2.7\pVPN.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Mega2.7\pVPN.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Mega2.7\pVPN.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Mega2.7\pVPN.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Mega2.7\pVPN.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Mega2.7\pVPN.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Mega2.7\pVPN.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Mega2.7\pVPN.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://we.tl/t-laJQadT9pc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed3db9758,0x7ffed3db9768,0x7ffed3db9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1804,i,12764767079347942102,9087367282648241366,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1804,i,12764767079347942102,9087367282648241366,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2208 --field-trial-handle=1804,i,12764767079347942102,9087367282648241366,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2904 --field-trial-handle=1804,i,12764767079347942102,9087367282648241366,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2912 --field-trial-handle=1804,i,12764767079347942102,9087367282648241366,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=5028 --field-trial-handle=1804,i,12764767079347942102,9087367282648241366,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 --field-trial-handle=1804,i,12764767079347942102,9087367282648241366,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4840 --field-trial-handle=1804,i,12764767079347942102,9087367282648241366,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4664 --field-trial-handle=1804,i,12764767079347942102,9087367282648241366,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1884 --field-trial-handle=1804,i,12764767079347942102,9087367282648241366,131072 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f4 0x2f8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3940 --field-trial-handle=1804,i,12764767079347942102,9087367282648241366,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3896 --field-trial-handle=1804,i,12764767079347942102,9087367282648241366,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3640 --field-trial-handle=1804,i,12764767079347942102,9087367282648241366,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3844 --field-trial-handle=1804,i,12764767079347942102,9087367282648241366,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 --field-trial-handle=1804,i,12764767079347942102,9087367282648241366,131072 /prefetch:8
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Mega2.7\" -ad -an -ai#7zMap2265:76:7zEvent22294
C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe
"C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe"
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Users\Admin\Downloads\Mega2.7\updater.exe
"C:\Users\Admin\Downloads\Mega2.7\updater.exe" /s
C:\Users\Admin\Downloads\Mega2.7\pVPN.exe
"C:\Users\Admin\Downloads\Mega2.7\pVPN.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 2492 -ip 2492
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 1736
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Mega2.7\VPN\VpnConnection.bat" "
C:\Windows\system32\rasdial.exe
rasdial "VPN" vpnbook b7dh4n3 /phonebook:"F:\Escritorio\MegaDownloader\MegaDownloader\bin\Debug\VPN\VpnConnection.pbk"
C:\Users\Admin\Downloads\Mega2.7\pVPN.exe
"C:\Users\Admin\Downloads\Mega2.7\pVPN.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 32 -ip 32
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 32 -s 1700
C:\Users\Admin\Downloads\Mega2.7\pVPN.exe
"C:\Users\Admin\Downloads\Mega2.7\pVPN.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 1784 -ip 1784
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 1720
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://paypal.me/CSoftware23?country.x=VE&locale.x=es_XC
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffebcb846f8,0x7ffebcb84708,0x7ffebcb84718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,1207214264572420344,10690027526172265798,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,1207214264572420344,10690027526172265798,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,1207214264572420344,10690027526172265798,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,1207214264572420344,10690027526172265798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,1207214264572420344,10690027526172265798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,1207214264572420344,10690027526172265798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4240 /prefetch:1
C:\Users\Admin\Downloads\Mega2.7\pVPN.exe
"C:\Users\Admin\Downloads\Mega2.7\pVPN.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 3064 -ip 3064
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 1708
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Mega2.7\VPN\VpnConnection.bat""
C:\Windows\system32\rasdial.exe
rasdial "VPN" vpnbook mvt9una /phonebook:"C:\Users\Admin\Downloads\Mega2.7\VPN\VpnConnection.pbk"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Mega2.7\VPN\VpnDisconnect.bat""
C:\Windows\system32\rasdial.exe
rasdial /d
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | we.tl | udp |
| FR | 99.86.91.107:443 | we.tl | tcp |
| FR | 99.86.91.107:443 | we.tl | tcp |
| US | 8.8.8.8:53 | 202.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.91.86.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.78.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wetransfer.com | udp |
| FR | 18.164.52.7:443 | wetransfer.com | tcp |
| US | 8.8.8.8:53 | cdn.wetransfer.com | udp |
| FR | 18.164.52.7:443 | cdn.wetransfer.com | udp |
| US | 8.8.8.8:53 | 7.52.164.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | tagging.wetransfer.com | udp |
| US | 8.8.8.8:53 | public.profitwell.com | udp |
| FR | 18.164.52.17:443 | cdn.wetransfer.com | udp |
| FR | 13.32.145.59:443 | tagging.wetransfer.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| FR | 13.32.145.59:443 | tagging.wetransfer.com | tcp |
| US | 8.8.8.8:53 | auth-session-caching.wetransfer.net | udp |
| IE | 34.253.114.230:443 | auth-session-caching.wetransfer.net | tcp |
| US | 8.8.8.8:53 | 17.52.164.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.145.32.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.25.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 8.8.8.8:53 | api.lab.amplitude.com | udp |
| US | 34.210.109.95:443 | api.amplitude.com | tcp |
| US | 8.8.8.8:53 | 230.114.253.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.36.251.142.in-addr.arpa | udp |
| FR | 18.155.129.23:443 | public.profitwell.com | tcp |
| FR | 18.155.129.23:443 | public.profitwell.com | tcp |
| US | 151.101.2.132:443 | api.lab.amplitude.com | tcp |
| US | 8.8.8.8:53 | 95.109.210.34.in-addr.arpa | udp |
| US | 151.101.2.132:443 | api.lab.amplitude.com | tcp |
| US | 8.8.8.8:53 | 132.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.129.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | snowplow.wetransfer.com | udp |
| IE | 54.229.32.71:443 | snowplow.wetransfer.com | tcp |
| US | 8.8.8.8:53 | 133.2.101.151.in-addr.arpa | udp |
| NL | 52.142.223.178:80 | tcp | |
| IE | 54.229.32.71:443 | snowplow.wetransfer.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | e-10220.adzerk.net | udp |
| NL | 172.217.23.194:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 194.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.32.229.54.in-addr.arpa | udp |
| US | 54.163.101.56:443 | e-10220.adzerk.net | tcp |
| US | 8.8.8.8:53 | 194.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.101.163.54.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 192.178.49.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 3.49.178.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| NL | 172.217.168.227:443 | beacons3.gvt2.com | tcp |
| NL | 172.217.168.227:443 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | 227.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 8.8.8.8:53 | snowplow.wetransfer.com | udp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | cdn.treasuredata.com | udp |
| IE | 54.194.187.82:443 | snowplow.wetransfer.com | tcp |
| US | 204.79.197.200:443 | bat.bing.com | tcp |
| FR | 157.240.195.15:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | nolan.wetransfer.net | udp |
| FR | 18.244.28.5:443 | cdn.treasuredata.com | tcp |
| US | 8.8.8.8:53 | static.ads-twitter.com | udp |
| FR | 52.222.201.32:443 | nolan.wetransfer.net | tcp |
| US | 8.8.8.8:53 | tagging.wetransfer.com | udp |
| US | 52.38.117.118:443 | api.amplitude.com | tcp |
| US | 8.8.8.8:53 | wetransfer.com | udp |
| FR | 199.232.168.157:443 | static.ads-twitter.com | tcp |
| US | 8.8.8.8:53 | 17.53.126.40.in-addr.arpa | udp |
| US | 52.38.117.118:443 | api.amplitude.com | tcp |
| US | 8.8.8.8:53 | 82.187.194.54.in-addr.arpa | udp |
| US | 204.79.197.200:443 | bat.bing.com | tcp |
| FR | 18.164.52.36:443 | wetransfer.com | udp |
| US | 8.8.8.8:53 | eu01.in.treasuredata.com | udp |
| FR | 157.240.195.15:443 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | t.co | udp |
| US | 8.8.8.8:53 | analytics.twitter.com | udp |
| DE | 18.192.139.88:443 | eu01.in.treasuredata.com | tcp |
| DE | 18.192.139.88:443 | eu01.in.treasuredata.com | tcp |
| DE | 18.192.139.88:443 | eu01.in.treasuredata.com | tcp |
| DE | 18.192.139.88:443 | eu01.in.treasuredata.com | tcp |
| DE | 18.192.139.88:443 | eu01.in.treasuredata.com | tcp |
| DE | 18.192.139.88:443 | eu01.in.treasuredata.com | tcp |
| US | 8.8.8.8:53 | 15.195.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.168.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.117.38.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.139.192.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.52.164.18.in-addr.arpa | udp |
| US | 104.244.42.195:443 | analytics.twitter.com | tcp |
| US | 104.244.42.195:443 | analytics.twitter.com | tcp |
| US | 104.244.42.69:443 | t.co | tcp |
| US | 104.244.42.69:443 | t.co | tcp |
| US | 8.8.8.8:53 | cdn.brandmetrics.com | udp |
| US | 8.8.8.8:53 | lebowski.wetransfer.com | udp |
| IE | 52.214.202.221:443 | lebowski.wetransfer.com | tcp |
| US | 172.67.69.191:443 | cdn.brandmetrics.com | tcp |
| IE | 52.214.202.221:443 | lebowski.wetransfer.com | tcp |
| US | 8.8.8.8:53 | collector.brandmetrics.com | udp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| NL | 20.50.2.28:443 | collector.brandmetrics.com | tcp |
| US | 8.8.8.8:53 | 195.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.202.214.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.69.67.172.in-addr.arpa | udp |
| FR | 52.222.201.32:443 | nolan.wetransfer.net | tcp |
| US | 8.8.8.8:53 | www.datadoghq-browser-agent.com | udp |
| FR | 52.222.165.229:443 | www.datadoghq-browser-agent.com | tcp |
| US | 8.8.8.8:53 | 35.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.2.50.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.33.253.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | backgrounds.wetransfer.net | udp |
| FR | 99.86.91.62:443 | backgrounds.wetransfer.net | tcp |
| US | 8.8.8.8:53 | prod-cdn.wetransfer.net | udp |
| FR | 99.86.91.68:443 | prod-cdn.wetransfer.net | tcp |
| US | 8.8.8.8:53 | donny.wetransfer.com | udp |
| IE | 34.241.9.152:443 | donny.wetransfer.com | tcp |
| US | 8.8.8.8:53 | 229.165.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.91.86.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.91.86.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.9.241.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.wetransfer.com | udp |
| US | 8.8.8.8:53 | www.redditstatic.com | udp |
| US | 8.8.8.8:53 | s.pinimg.com | udp |
| US | 8.8.8.8:53 | js.adsrvr.org | udp |
| GB | 163.70.147.35:443 | www.facebook.com | udp |
| US | 151.101.1.140:443 | www.redditstatic.com | tcp |
| GB | 173.222.8.231:443 | s.pinimg.com | tcp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | wetransfer.pr.co | udp |
| US | 8.8.8.8:53 | www.instagram.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 151.101.1.140:443 | www.redditstatic.com | tcp |
| US | 8.8.8.8:53 | alb.reddit.com | udp |
| US | 151.101.1.140:443 | alb.reddit.com | tcp |
| FR | 18.164.52.7:443 | cdn.wetransfer.com | udp |
| NL | 172.217.23.194:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | help.wetransfer.com | udp |
| US | 8.8.8.8:53 | checkout.wetransfer.com | udp |
| US | 8.8.8.8:53 | wetransfer.zendesk.com | udp |
| US | 8.8.8.8:53 | 140.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.8.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 173.222.8.231:443 | s.pinimg.com | udp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | ct.pinterest.com | udp |
| US | 8.8.8.8:53 | 166.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | w3-reporting-nel.reddit.com | udp |
| US | 192.178.49.3:443 | beacons.gcp.gvt2.com | udp |
| US | 151.101.1.140:443 | w3-reporting-nel.reddit.com | tcp |
| US | 8.8.8.8:53 | ct.pinterest.com | udp |
| GB | 163.70.147.35:443 | www.facebook.com | udp |
| GB | 2.22.68.187:443 | ct.pinterest.com | tcp |
| US | 8.8.8.8:53 | 187.68.22.2.in-addr.arpa | udp |
| GB | 2.22.68.187:443 | ct.pinterest.com | udp |
| US | 8.8.8.8:53 | ekstrom.wetransfer.net | udp |
| FR | 18.164.52.36:443 | cdn.wetransfer.com | udp |
| IE | 99.80.147.40:443 | ekstrom.wetransfer.net | tcp |
| US | 8.8.8.8:53 | safety.wetransfer.com | udp |
| US | 8.8.8.8:53 | 40.147.80.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download.wetransfer.com | udp |
| FR | 18.164.52.104:443 | download.wetransfer.com | tcp |
| FR | 18.164.52.104:443 | download.wetransfer.com | tcp |
| US | 8.8.8.8:53 | 104.52.164.18.in-addr.arpa | udp |
| US | 192.178.49.3:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| NL | 172.217.23.195:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 74.125.69.94:443 | beacons2.gvt2.com | tcp |
| US | 8.8.8.8:53 | snowplow.wetransfer.com | udp |
| IE | 54.229.32.71:443 | snowplow.wetransfer.com | tcp |
| US | 8.8.8.8:53 | 195.23.217.172.in-addr.arpa | udp |
| US | 74.125.69.94:443 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | 94.69.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | z.moatads.com | udp |
| US | 8.8.8.8:53 | cdn.lamp.avct.cloud | udp |
| GB | 96.16.109.251:443 | z.moatads.com | tcp |
| FR | 18.155.129.63:443 | cdn.lamp.avct.cloud | tcp |
| US | 8.8.8.8:53 | 251.109.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.129.155.18.in-addr.arpa | udp |
| US | 192.178.49.3:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | measure.lamp.avct.cloud | udp |
| IE | 52.212.68.221:443 | measure.lamp.avct.cloud | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 96.17.179.184:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 221.68.212.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | px.moatads.com | udp |
| US | 8.8.8.8:53 | 184.179.17.96.in-addr.arpa | udp |
| NL | 172.217.23.195:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | 25.73.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.checkforupdates.ovh | udp |
| US | 8.8.8.8:53 | www.mega.nz | udp |
| LU | 31.216.145.5:443 | www.mega.nz | tcp |
| US | 8.8.8.8:53 | mega.nz | udp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| US | 8.8.8.8:53 | 5.145.216.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.144.216.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bit.ly | udp |
| US | 67.199.248.11:443 | bit.ly | tcp |
| US | 8.8.8.8:53 | megadownloaderapp.blogspot.com | udp |
| NL | 142.250.179.161:443 | megadownloaderapp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 11.248.199.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | paypal.me | udp |
| US | 151.101.129.21:443 | paypal.me | tcp |
| US | 8.8.8.8:53 | www.paypal.me | udp |
| US | 151.101.1.21:443 | www.paypal.me | tcp |
| US | 8.8.8.8:53 | 21.129.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.paypal.com | udp |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | t.paypal.com | udp |
| US | 151.101.1.35:443 | t.paypal.com | tcp |
| US | 151.101.1.35:443 | t.paypal.com | tcp |
| US | 151.101.1.35:443 | t.paypal.com | tcp |
| US | 8.8.8.8:53 | 25.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.121.231.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.ipify.org | udp |
| US | 104.26.12.205:443 | api.ipify.org | tcp |
| US | 8.8.8.8:53 | US1.vpnbook.com | udp |
| US | 8.8.8.8:53 | 205.12.26.104.in-addr.arpa | udp |
Files
\??\pipe\crashpad_4660_BRKTSPQGKBUTBBVX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 4600ebfc1ec179e21666d9a3c9bd899e |
| SHA1 | 252ea2eb86305546941a402601dffd7c95fe8200 |
| SHA256 | 38f95189266ad7e97bb044d547dc8566e14f1bb204c09a744677fded7f231390 |
| SHA512 | 66e9c24e7da8f77b35ba7297910e7b676ede550b203d1795f5020a0051fec230f1a693b1ec7debd22ba546c60a842d39ef571a8cbc76b87cb61d8570ca0e320f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 99fc46643d7424e1189147ed11076a10 |
| SHA1 | 1762898248eb71422704f28fa047df7f615c9a3a |
| SHA256 | 3f7d3eb4dbb36f7d640db9f50304ae73cdda65aee340152ac5d31d4735208c9b |
| SHA512 | 68ed662d97ce91c1f99294129fcb810868b341edaacb1df04c242088028ddec4ddba1e01fe8a13a417a74dddd6a63811aee5aa5b2a0923e33876ddfa441ca963 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a5760fd68621aedb647cf0d93098ac1d |
| SHA1 | 5f448bc6bba201a4629f81cfdddd5abf5561a05c |
| SHA256 | 5939ce1089b607377dc7b06f2705e8a6640eed80109bc31cc46188ae5ee8f893 |
| SHA512 | 1ccd29b98d73c37c2be8f449be4214ced7dd1d12714049a4b502325620f5834f8cf892ccb5d7fd4abb4cc454147d0ac062179f4208f8da428b565084d00cf2c0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 115673cff995f167b5a48cbe3f793462 |
| SHA1 | 43836a177084b0ff0d70dfe767f116f279b02b1e |
| SHA256 | df2a6ba5b156d6841d53d55f4b20c310358baedc1f3c745a6b65f0706256248d |
| SHA512 | bb40d6530109104c8b1911a828234548f84b8a7cd785d23665f40021ea9f0d11dd585b3c73d4dd7d6c675bf6e97ef4b5bedc5fc98b20a568094b5ac796c4a10d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | da91b1b6c7fb60d48c6322d369d2c2f4 |
| SHA1 | c9b9e8278ef241b1ec037d0bd4b69861cbe1f10b |
| SHA256 | 89067215334235d8a7a6c86640fab26add44741df1516203a6ad7d2f0d2de64c |
| SHA512 | cce2f10bf102b85e1c9f8a7aa708a4aaee084db97b747facaa14e7e0d3f106d3e85b00790ad3a821c6001c30d227e6f29dc0ce3c06c354998bdfa04f7defe9d4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 921cf7ad5ebc97a592559884e152ebd7 |
| SHA1 | df729416af6760de328f51027ca46adb3c22b232 |
| SHA256 | a829edb239eb1437903c1d61dc45f2f53224b8bcc8f8d83c5399c48f663209ad |
| SHA512 | 8127e2fea51f24b62f02290517f6dfddd3faa8d3412de40092989356a3d20f5628e39b0277906cbf37affeb6eefcd9fec156b66bf6b99bca3e3079563344cb50 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | cb2fcb2eda2c879b084700772a82f1fb |
| SHA1 | 42b3d934a6f796bfb7be550ea1aa4fc4272002b6 |
| SHA256 | a9f67fbe75bcbeb2b58faf687ef79831176f53ded31cc667890ce66fd4a3379e |
| SHA512 | 54cf51f4927f4bb35f5b9c3edcc6d280364325dfa573a9dd50dd7e7aecea26bce3b0c965599d25e52647c3be5f661cac213bf128ca2f50b4b4ad5316bd66e7a0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2666e8762e62b1d4fed129ea3a4ba463 |
| SHA1 | 7ae0b9906cd3e6af139532a422368cc580735e63 |
| SHA256 | c0d8b7b38aaad3f4e2073098a200442ba63d7bdf4bbf7780c4542efc42d0baac |
| SHA512 | c0de3b307a59c7d59e9edf3fc9e3a5fc22e4f7054532110df62ca8b916dc921ed4a06d488cc3537577b188877652074fa5f16dfba6d2d3b986561be0a01d81a1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 750365a0dcc8e5d66a1bb2bf399f3cbe |
| SHA1 | 71373861c3f1d41036361936f21d5f5fa1e0eebe |
| SHA256 | 922e7aa623e0c4f8ba4e18f289a32dd83e840d14973ed0d0e3791e9c9feb6718 |
| SHA512 | 26b882cb0189957da79815debe7ab7d698834a932191a3645f7c65a2cf92ad371b94a3c1414dde5f4b0db58e8520b367df7629802ed06603b0a72fd8f8e064c8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 7f03d16c102979fea72ab053d22b1fb0 |
| SHA1 | 4ea3173c988ea5dec5507e0fbdc373961915a175 |
| SHA256 | 92d6c779e3dbab2ea2363a98ec5fa7c6515c2d03055a1efdc4b534485185d70a |
| SHA512 | 58d36d194aa8f77b2f4179f7a9f2dc400fd844b435da09fa118bd7a02036ebc90b07aa47979bb67c52588d8ba1fbc1deddef43b3fb2c8a10d18d6c9a38526e37 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ccd8cdf732dee8be24f7b337ef1f782c |
| SHA1 | 4225257c97d4fe9a240cb974043c45fe1e845714 |
| SHA256 | 9745968029dda838dba9796ecde3fff62022d25aef568810f155d03c219d9dfe |
| SHA512 | 27c91504ee065de175d9d2feff2268616199e268112e87f31249ff84dba99697fe16761cdf0c7a1306d980bd485ec752d34b709c0554c1edf6b745ba71beb2ca |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 7528be90b222e6dbad017f10572946a4 |
| SHA1 | 5e682c65e00bc8a96ecb8d84c9a356327cc599a6 |
| SHA256 | d90cebeed433ebfa959c60dafcdb041f7a6bc5b74e3df3f793f115b4db659572 |
| SHA512 | 256af8845c7895aae8391fbd2c3eebec1525d8b29b504bb892d195ee58dd2092813c5bedade6921a4b623bc64f74a4d20414f592770b12baf9a7dfe8d52e7f09 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5ab9db.TMP
| MD5 | 15aae3d086c49f7487547bee70118661 |
| SHA1 | 66d19d73ccf7c7d7b6f5753ce087c6e521a6b383 |
| SHA256 | dcfac324338864470d088230e47a803c689b8bf0cccbb2788fc61352d8b28151 |
| SHA512 | b5a7ee8052932dfc505c97e04e07cc819790fb6d15297828f941ddc7ddd3d5f50c966f4d110bf56bc778491e0ee7c6f38a3fb9b460488b476c00d10402980d60 |
C:\Users\Admin\Downloads\Mega2.7.zip
| MD5 | b06ff1af98e5d519b9279964329ea5a6 |
| SHA1 | 4549a68343dd031c65761ff3134a89d9e1af651e |
| SHA256 | ab4724ad2cf545b27139e184ebbd15409fc69f2a1d3f021e1d47850d3c196af0 |
| SHA512 | 820e1104ce9220b7fa9a3555dc9976f5822507b2306ca83501ed2a2413ca7eeef94e317326da621222fcae1540f91ce7208daa3fa8d3611d2456cb7d49406d4e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ae6b9497016927d12778bbd88f6572cc |
| SHA1 | c0db28b4b264673bc5c66be8b7a6e610e5e58ca5 |
| SHA256 | 7892191b6f4964cd9c43232ab433ac358041fa345094cdeef98f58e6e5784441 |
| SHA512 | dd572272e71b821bfa478bb66d3f597cc173d3217061a594eee916b5a9d1519b44f3d106d1902abbcc61b401d0bca2de08ab779be3deca3b33dc5995756ed27e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2ded11884af07e5990549aef21afcc0e |
| SHA1 | 087994bdd0b93b744723cffbf435edbe0dfe39e3 |
| SHA256 | 764b565a46c5767823872d1cf01012187c4d6394aaf66ddb9d5ddc7bc1b7f8d0 |
| SHA512 | 7284f3a04425a81b7934697668cab0009de22911d3665f611f93213135c1dc203fa373db71ba37e550002ec56f4ed921c931e49bbab45b255ff795321c01a037 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 6080d63ab1cbadbfc178f3544ddd26bb |
| SHA1 | a51be72b6bc1106590b13fcf51491d2e5e83f9d0 |
| SHA256 | 1636eca5b04502b0ca39c4ebb98130e731c1a2d35950cf6de780ce82d64e33f8 |
| SHA512 | 2bf1c8f1e15fe7636a86811504e3d60f06483bc23d2ff4f7cf525e4056163b10978f957a3582c2f0687a70822f7e9cd29b5c21608de9e13fafb5a110b7552bcd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 907a882e180b47593727f6d9da208ca5 |
| SHA1 | f2b1bae369399e516535030d2a65b4161de1e2fc |
| SHA256 | d34c2807060731a7048c066f494e02356c1b74413c50a2de38b0e3205ae0e567 |
| SHA512 | 5c9a8f3d5552aad20082747e5f2097c69e0ca933858d5e2c638a1fbd4b866bbb9480237f189e91f0e8334373d5780a47fda655bd47a63598eaff70591d4207ca |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 12c1df9363a1086ef902860b19219b28 |
| SHA1 | 2f9cd46181bb4e070aa6a664a51fe5fdb5bdd6ca |
| SHA256 | 1fb055ab87eee53a96bce880a93a52a44fce729f6411359db4eb08de481be93a |
| SHA512 | 7a58f46d7a57fcc40ff20d58852789a21a93e5a03d8952a6e6582de1a5909715511726b9cec806395964b428ff733dc7ea1d26aec0775d6dca610615bd46cbde |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 528ae81e784fbdd9f475797985ed1a3d |
| SHA1 | ef1d66dd155757528ccc6a106f6c58c6395cd874 |
| SHA256 | 84b375ad5e52b007c01244dbaad1cde2d7882c7039e46148200e77e9fc1d1ca0 |
| SHA512 | 84d3f7e4d6ea6049af37a6c7bf35366bbe137060362f436e1e2451a61f3251477ff4b4f001252a05319d5a588773e8e883fa1533c189644ff5f037eb460bd977 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | cf7994b5fd2208c356c1cee82d17e8cc |
| SHA1 | 161d96b9ea096b2b4a49848929a9e8155df96c8b |
| SHA256 | 06bf077ddc85271d148cf670bc5fa17a21264ae4f3128f5322d67a0283c52278 |
| SHA512 | 89c2a66067276b6151f67b2d980f37c41edc40e240feb4c863b12fb84560a4e4e24e7895213e4b9b670fa7263b8b054942a874e2d914bf0c7c0d401b3ec2d091 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2d4517716a8bc4e642ef49a30c51d27b |
| SHA1 | 94ac0fba57f340e216d6c2775dbc62eaed6f81fa |
| SHA256 | 774a284bab7fbc7a310d7e2fc57749627a3f326a51250ff62a90dc59b4b06dd5 |
| SHA512 | abdb56e1c2720de746d0401304934d029c02f98776c1760058d4964c07aa3f5fd301fa6ee86266ccd8eb9c66882a30bd2a7838fed494e71a1af883df4ec4217f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 29990493c5e30a3884e31a2475739e74 |
| SHA1 | e30bf261a9eccb386791ffa6d7d6e24ce2efad2f |
| SHA256 | 9865912f43f39ade3ee0c7a50bd810245202a6ef36b1cd2c947049cdbec6f7ee |
| SHA512 | 8b9edd75371e2ad8ddbba0f41783315faf5624c8836cb1ab57e885688882b379984ebd22e310a83d3efd36638389491a8ed77f8abaaff07b219da7cf0c5aad63 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 70809b9fe146d76650763dbd06566418 |
| SHA1 | a7d7c7cd3056bea06d7fa0931be79be13e34e867 |
| SHA256 | 12037148a5b6c7fbdd23c054f27e844e0393f786f1a227ce41a30bd624333b24 |
| SHA512 | 5dd6607917b36b2d964a368c8aa4185f3254629286164d306bdfe50082e5e240eaa469a055314a4e96b7e8db93f8633a39fe69f88b69ac7b5396748c231df78b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7023a2e7bbeaa650bb31c785028bb2e8 |
| SHA1 | e52363caec5d73d4e94fbd9ba559502be0cc17c4 |
| SHA256 | 69fa2930687da42413576f308936550583924f7e30aba5e14561feed7470f8b2 |
| SHA512 | ecba5ced730df5dffb88f1b5ea6d537cc7cafce340f67be10f501c8514c1aaf701f8471bb236a283851e50834b8217fb14b51b0817c9f3b38b78efc3faca9e74 |
C:\Users\Admin\Downloads\Mega2.7.zip
| MD5 | 90e951865f805bee7e41b4dcdcbe21d6 |
| SHA1 | 91956612a4c3d100b7fe0b949e12b14c70b07c9e |
| SHA256 | 1f62b8e0d6b7340c7b9d82153c69006ab446b29df4e0ca4df44e9b850a8367ef |
| SHA512 | d9d02ec78b5bd60bb92c1903f650a18390ba51382cf215aa57f4d0f806093e47fb3495e9a64a78bacbdf2f2f7abbbaed38a780f20e8187d40abbabb1d7dd10f6 |
C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe
| MD5 | 34d30b2437e9a925f6f5a637caf44319 |
| SHA1 | 85667cd3d9f98b71003a24c6703a1df3e8cdf13e |
| SHA256 | 41317840ff3fdecf12cabc31be45cbc7eab0d26dc75c34bec32c965be177ea9b |
| SHA512 | 80a7c208d948416c827a3b3c1d21bbde91fb3a149a226217a1cab2a730996d85c32220b19ec3893a2137d3f252a896866ca036e86800ae0d2810771d9c8b42ca |
C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe
| MD5 | e623f754f59cb7901403779a669e1e21 |
| SHA1 | d5a4f29718e618e78e29f6470fb28bbc8f8e6bfd |
| SHA256 | e7b89ee3b6588295f98eda96e4f44e05308d88d9675c55e9979bc60d4e182428 |
| SHA512 | 604841aff4a3f4a529d0675474cacc6b76ef040c1e9ff057898fadee8568c031b9853e46a879b4b34c1339d3f1b7763ed710665d7686f2b22ad075fccd513f78 |
C:\Users\Admin\Downloads\Mega2.7\MegaDownloader.exe.config
| MD5 | c8b38d73df4c949fd1b72789aca72aa7 |
| SHA1 | df881ef9b99ef6e9d232583ba5c94f551b30e02f |
| SHA256 | e75c9ce0563f560e123d714ba7576ecbb06efa342dafe9671d0f7bb73dc0ee26 |
| SHA512 | 517494afc0900bee9bf6022452fb9ab90da1918faee2855eda5a43cc66a82138793e4d43032ee6bdefe9b23d76a57fb06854c11b035eac1dbcb950ff878a2f92 |
memory/4684-645-0x0000022FCDE00000-0x0000022FCE3DC000-memory.dmp
memory/4684-646-0x00007FFEC0BB0000-0x00007FFEC1671000-memory.dmp
memory/4684-647-0x0000022FE8AA0000-0x0000022FE8AB0000-memory.dmp
C:\Users\Admin\Downloads\Mega2.7\DevExpress.Utils.v23.1.dll
| MD5 | 6e14957f00ba10cf4cf5c465aa020584 |
| SHA1 | 1ef03dceb54a969f85883f8aac5724f62497ac5a |
| SHA256 | 94cef3c0c6a00aa645949e156a326e0498b2c407dece09a46ef1e1d1d1288cea |
| SHA512 | b315e42322faadc50bc12d325db6b60a81eb6f72c6f54cbe9568e490d5a7089ecc53be619d9093e962531ce0a11a2758557c0f41186339a8e7f35a0451d60934 |
memory/4684-649-0x0000022FE9E70000-0x0000022FEB222000-memory.dmp
C:\Users\Admin\Downloads\Mega2.7\DevExpress.Data.v23.1.dll
| MD5 | 28db7913150d484715d8a9112f924c43 |
| SHA1 | 5ca532f26f0b6f6716e934468f39106f81599566 |
| SHA256 | ca0996895de66017d8d3c68555059eae8bcc840c85466abff900acb2810ba6bb |
| SHA512 | 7eec0422454a9dcef088bf2cc3ac64c5096235aab1b0b532ad22fbbd92340083b2862dd60766f3c6e9fc5b664bc2622683f1e19a565532ecd60f728d87bb6b6f |
memory/4684-651-0x0000022FE9000000-0x0000022FE9550000-memory.dmp
C:\Users\Admin\Downloads\Mega2.7\DevExpress.BonusSkins.v23.1.dll
| MD5 | 8d618707cdcd581d7d300075d0af1089 |
| SHA1 | 35173bae6f914cafb9650cb009c6ea7b537e523c |
| SHA256 | afc76e431df30326a4a2d6695c646ca70dba4127022d15f37de0118ef4703562 |
| SHA512 | 10b5553a1418f3ae49186032bce95e5dee9e4079a1618780db757dc4b35511af046f2a3b10ed067b450b7ffd2cdbcc2814edc227b96b18e2b4fc26a165b3857a |
memory/4684-653-0x0000022FEC7D0000-0x0000022FEDD66000-memory.dmp
C:\Users\Admin\Downloads\Mega2.7\DevExpress.Drawing.v23.1.dll
| MD5 | 5f60ed5fdfceb8e8a09bd8e7252c15ea |
| SHA1 | 82357c7e7433119277a43d20e4639e7e13353966 |
| SHA256 | 31911e9bae6264b05cb463c5f6d6eea70570706f7e01a52d40f38979e4adba4a |
| SHA512 | 2bc428b87e451f467b7a8cdd0b8a125ae0a6245ad33d031ff0c13c34db4717d5195236bfe4a80363353315eb68c06ca69313e079590b26ab8931b795d78f2109 |
memory/4684-655-0x0000022FE8CE0000-0x0000022FE8DCA000-memory.dmp
memory/4684-657-0x0000022FE8DD0000-0x0000022FE8EB8000-memory.dmp
C:\Users\Admin\Downloads\Mega2.7\DevExpress.Data.Desktop.v23.1.dll
| MD5 | 0b2f610f72370cf4bcc0d43a9fbdf7a8 |
| SHA1 | 38ac909ad9b20fa341a0831f971f68468cbe2b1e |
| SHA256 | caccc9136721cea2b24e137d4523f0af77230717b185b2a94783f71ab8d65eaa |
| SHA512 | 7f3814b5ef94f31d3926539d46307b9a67e02b4f879c7f01b0b124431671ccf7fdacf0efd868ed100d3b706cde4c6dea39d78b7cd1d8c0b78d8730761b976e93 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 37665db942811d97c9483e3334da1939 |
| SHA1 | b7203248c1acc4131f8736c756bceb1c0b004a02 |
| SHA256 | 7daa41821b2f63c65488f48d068e535a12f6c3030782144990be5a07e6aecbee |
| SHA512 | db7af2efc475f398dd9da9d2acf27dbe03d583bda2a07a9b9768c62726a6c805ef7ee9331aefb8b84dc96a9af3ef4776a55d2c9ae2474d3dda168a5423d97fc8 |
memory/4684-668-0x0000022FEC300000-0x0000022FEC35A000-memory.dmp
C:\Users\Admin\Downloads\Mega2.7\Bunifu.UI.WinForms.1.5.3.dll
| MD5 | 41c216d27c71a227774e680e95e99f31 |
| SHA1 | 0a2a93d4ecbf4bbec2faf110066c6b4472b0dbf5 |
| SHA256 | 012d717b4ac00c3686a772757f49c1908e223624e3974314cdb9fc9291073305 |
| SHA512 | e355ba11e41b668e4459f709e87c3e212c8986ea894791d9155791ea9d7315372fb51531eb69204ed2ee38e242de7629e4a2f090c05bf9deeea9ea965ffaf651 |
memory/4684-670-0x0000022FEC560000-0x0000022FEC5CE000-memory.dmp
C:\Users\Admin\Downloads\Mega2.7\ObjectListView.dll
| MD5 | 17c2c609a19272baf4dd006bad1b2453 |
| SHA1 | 64d90f05fa2a2b8fb46d75497f02a12dbad580e6 |
| SHA256 | cdc41a79d711fcc36e97911f37d66a010bae997ecd3712a4eb44003473a10dab |
| SHA512 | 436bc7996e78932482f0ab295f1aeb96eb539d5fb76a7338de191534671b9c26140eac27a9eb1bcdaafd0f2efd98026a3e6755b6efb1aed999e140697f10a9fc |
C:\Users\Admin\Downloads\Mega2.7\DevExpress.XtraEditors.v23.1.dll
| MD5 | 8ee1408d30b95c75494810240654f214 |
| SHA1 | df1fade4e5511e48c3a932d1d6999885b7ac140d |
| SHA256 | 1fee97badf776708c6ff57b825fe110a346ec645893da1bda46d5fe4f6ea5016 |
| SHA512 | ec1630ee59156889008fadac845fc551f200596eace878048e84dbb3c10cb62a22c9c6a1d4131f7ef78fd8db11d048da1585b3a9a7db3300e9d2c52ecec935c9 |
memory/4684-674-0x0000022FE9DB0000-0x0000022FE9E2C000-memory.dmp
C:\Users\Admin\Downloads\Mega2.7\SharpCompress.dll
| MD5 | 8dfd5f8e773b0018ddc344e69e91d0c0 |
| SHA1 | e63128fc83172906a2ec2508bd5e721819948311 |
| SHA256 | d24d637f0920b7c94bded7905c562cb3bb1b8f1b6f8ade8f84c25f749112343b |
| SHA512 | 9cbd8e5e40546a4b2d4f31795273d0512a10b7035e9d7984f3ec9dc8a6b7513c82007f8edfb23e91c451b7d87902803b12eac11dbb586ecd00ff6a4d019dfa1c |
C:\Users\Admin\Downloads\Mega2.7\DevExpress.XtraBars.v23.1.dll
| MD5 | 1bf1ec7493849a460a6607208022824a |
| SHA1 | b1c731d575d0f34ee99e19054b95ab8d692a9d4d |
| SHA256 | 7320cb6deaa366dddb3be07589ad4a5c4e96f6f4a335039b387cfc13ba85be70 |
| SHA512 | fdc122ef0e9d412d33c7233e3ad135da88f85f321d76f19e450773af397b4ffb3eb7a239e79a6a3ec6f6e9808e8a3df8407cf7278af29d524d8c89766f116451 |
memory/4684-672-0x0000022FEE550000-0x0000022FEED24000-memory.dmp
memory/4684-687-0x0000022FEED30000-0x0000022FEF3E4000-memory.dmp
memory/4684-688-0x0000022FE8AA0000-0x0000022FE8AB0000-memory.dmp
memory/4684-692-0x0000022FE8AA0000-0x0000022FE8AB0000-memory.dmp
memory/4684-702-0x0000022FEE050000-0x0000022FEE0A0000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5816379172d184fc8c761638af45cbcb |
| SHA1 | d5b7d835499cb3e6743dd918b69fd74f253ee90d |
| SHA256 | 1c13bfe04c82bce9486daedd5c0f612a3e35b7c837783b4557580ac52aab1a9a |
| SHA512 | 2af4d4f6112dc60d3360085b4b75c3b0e88f2aee124cc014521a1d60050309513625beb39317a77cca3e8e810d1be4b4d6cc48f37898d0c64543131a80b3ba1a |
memory/4684-714-0x00007FFEC0BB0000-0x00007FFEC1671000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 088ddb373fe5af5e87b8171bd276d76c |
| SHA1 | a630cdef58a04b19c36c5b9218b0d4074a767c6f |
| SHA256 | 1cffcf1c4e438a55ba6e4bb267b550b91be372c4f39e84bae67380fb971246e7 |
| SHA512 | 6c44e01fb2d0951ccc39e9dcf73146a84b7ff1241a7506e34c444f1ece5523596af549c5a336443fb84e78cfbddd03be17e0c97b315846db2f846367ac16f803 |
C:\Users\Admin\AppData\Local\MegaDownloader\Language\en-US.xml
| MD5 | 93e68a613f33169bc0ef56c39f8e5b66 |
| SHA1 | 80e3d00cbd49791703098ff6fa683b5be81238aa |
| SHA256 | bc758d067d03984110c21cc76115807be4831bbd0fec92ca4076773d5417f51e |
| SHA512 | 2b6e65853ad27130797f7f765d8b68b353ac9946d8893eae80a9e213ee680f4b4619bf5bf747f1e7570e494f73ffdf445b3cb4a4d7207d904d28115004da8eb0 |
memory/4684-734-0x0000022FE8AA0000-0x0000022FE8AB0000-memory.dmp
memory/4684-736-0x0000022FE8AA0000-0x0000022FE8AB0000-memory.dmp
memory/4684-739-0x0000022FE8AA0000-0x0000022FE8AB0000-memory.dmp
C:\Users\Admin\Downloads\Mega2.7\HttpServer.dll
| MD5 | 41e52d7c2e40f9cce8f853cb2c747f10 |
| SHA1 | 03b61198c5616c29a8997f104dd8d90800bafa74 |
| SHA256 | 93e47857cecd7bc9842788e445584e43073e2438facb2d76e7837b6c40d87144 |
| SHA512 | 04bc2daf29bf9effed3d4019001658f700bff6b91df2fccd3018a0f9363463a8345b10d894ef951d94d1865c64dbd7a9b46d1978388f1e74acef942321d9d72d |
memory/4684-744-0x0000022FEC730000-0x0000022FEC756000-memory.dmp
C:\Users\Admin\Downloads\Mega2.7\updater.exe
| MD5 | 6d2ce417d4ceccfa285becb8e2f67942 |
| SHA1 | 41ddca742d6744f6ec9b1cedb6f8f9d49d7dd27b |
| SHA256 | b30df763bbf463c582b1a2847f7b7b5a48f188a2ec8c2620a39e7f44ffe5052a |
| SHA512 | a22f0ed06194f154c34fc2a08becb01bf91614298b0077377f5731b321843b5bda011b6a610d3fe39c15660bc576f7fa738be3b558b7c968675b02aea958c1e0 |
C:\Users\Admin\Downloads\Mega2.7\updater.exe.config
| MD5 | 1723c30fa0bc288779f22d047f9dec4e |
| SHA1 | 17377560673d239f256b56762cb4b2f0a8e78c45 |
| SHA256 | d5a5377273b8b52373d60283f321eee6c3b16d36b920101fa9a18af946deca79 |
| SHA512 | 88bf9988a72f2f12e805d1e41b95be4dee4bfbb970ff69a66854b8e82a7b475e1f094fc74140277e81b4f9e39dc1e350b7a12d301c7bfa24291fbd793c74f4c8 |
memory/4080-749-0x00007FFEC0BB0000-0x00007FFEC1671000-memory.dmp
memory/4080-750-0x0000029114A60000-0x0000029114ABA000-memory.dmp
memory/4080-752-0x0000029116630000-0x0000029116640000-memory.dmp
C:\Users\Admin\Downloads\Mega2.7\AltoHttp.dll
| MD5 | 84c7c781e502fec273d4049be8614830 |
| SHA1 | dfd529deaa203ee23e2d5273fc34c41082e5f649 |
| SHA256 | e9b8a179bc8ce0711a7163690c629dee7406ee213c960da85cd54b412af39643 |
| SHA512 | e19095cbb262c62cc5b031d25ad0e916d4fd067da5a760269db98c7caf27df80af7dc99b664f52fe8e1fd3d84595989c44e5aa3471156fc0bdea8338d5003068 |
memory/4080-753-0x0000029116760000-0x0000029116770000-memory.dmp
memory/4080-754-0x0000029132380000-0x00000291328A8000-memory.dmp
C:\Users\Admin\Downloads\Mega2.7\passvpn
| MD5 | 592f4263bc3a9623b511657bce40780f |
| SHA1 | e1478fbd85ecb185cffa49b55b47da79899fe9ef |
| SHA256 | 8314062dff32305d2b4789ad7ca68c1a49600ee6329c69072c1905e7f552188e |
| SHA512 | f311eb509cadae81acc0a47c8ec2248f24d64461076fc50cb6199d532ff21beb6ca2db218af4eb1af3aae9d919abef9b9e91c514a48eadd9ad3f76f93bca97bd |
C:\Users\Admin\Downloads\Mega2.7\pVPN.exe
| MD5 | e4691a70cdbda5e5662d0d8fd66796cf |
| SHA1 | b1bb7bdd52064b04b31db5b200d5f91a6cfca850 |
| SHA256 | 95bf12d8ca061b59c9e32bdc9aee7fcdc4b91a3580dd7f04af91d2cbeaf556d4 |
| SHA512 | 549b90b476cf70b114a01c6d75fec70782c17f0e739a4b054cceb975d7ac6ebc54a10732dff93d1f1f23ac64d37a88a3e059f8c94cc6810475f568bc10d75278 |
memory/2492-772-0x0000000000FC0000-0x000000000261F000-memory.dmp
memory/2492-783-0x0000000000FC0000-0x000000000261F000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 876efa43db552e01a327174d20392ff8 |
| SHA1 | 8bbca24d407ca989b176fbeb8a4d1051bfa7e91d |
| SHA256 | 905a03c3ce28233a07e721877e344638e68c83a6482f20b11bcb579dcdf1f374 |
| SHA512 | fc3f542ea1983ae59926087072434468c74980008d4273909db730da7442b0838dc0abee9ab36378efec4175daf63efaca2caacaf9a9a739b6b547328da54259 |
memory/4080-793-0x00007FFEC0BB0000-0x00007FFEC1671000-memory.dmp
memory/4080-794-0x0000029116760000-0x0000029116770000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 631d2c5b3fd6d8cd7ed25d722c57380b |
| SHA1 | 1ee00adfe1da44a361c7a8691bb1fe081450130b |
| SHA256 | 2c4e88b2e138e313debf2dcc763a2f22fb171dd807afbe273111a655ebb0747b |
| SHA512 | 1268a1439f8ad06b90ea9c5d5421eb661fab3391a7c1e9ba31e23aa3b0014fd85443ff68f28995c9a8fe732234dd2648613d80579a6ab53b43e9443aabcdff3e |
C:\Users\Admin\Downloads\Mega2.7\VPN\VpnConnection.bat
| MD5 | 4a6add7ac3bf14c93496ff328149c3fc |
| SHA1 | 1c4b41f47a4b707c6a06ef198c973501c5a1cce8 |
| SHA256 | 1b784647fcf872adec1c91b540c9b7de36c876a9a9b0830d96de5b9d7afbcffd |
| SHA512 | ee6197830d16d4c5e9e3d251304dfbbe0d7eb611ca7eb4eb42d0d591961b151ba94d521157e9d81b6c0ed04db9776f5f66df9352ed52d0b2641664de2af8ff0b |
memory/32-807-0x0000000000FC0000-0x000000000261F000-memory.dmp
memory/32-809-0x0000000000FC0000-0x000000000261F000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a277e84556293f107e9a1454232070b3 |
| SHA1 | f99cba8fa7e78c9f53aaabbce313aedf045b8663 |
| SHA256 | c7338b509cce9c0a626d3c70d4d7bb787a33fd27bcd0bba1c9874714d77e4d9c |
| SHA512 | cbd93b80f2a5f6006fac26dbb5b735d00d5243d1c391504a49e0e573482c58a737265b4e54aa3634d7f06b960b433fca4267ffeb77a3eb6f50531e8e4e33f339 |
memory/1784-821-0x0000000000FC0000-0x000000000261F000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4d6e17218d9a99976d1a14c6f6944c96 |
| SHA1 | 9e54a19d6c61d99ac8759c5f07b2f0d5faab447f |
| SHA256 | 32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93 |
| SHA512 | 3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ff86d7203b23de5031e8d8bf11dd501d |
| SHA1 | b78035b0f86dc81cf0a2b7765d8923d4d175a25b |
| SHA256 | fbd1ee8f46ff4dd5b295306032d59318d0e6d1ee694e70ea5920a99ceabedfc2 |
| SHA512 | 3e6d82cf2fe9769c04fc0ee7b39dd55c2f8d6fece364fa772eaeff66acc102887ee648dda61e373a35b1573701684e61c67aa717cad26f0d2906f47f20cac2e8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 82133788827e3056beeaa43b5e117b3a |
| SHA1 | f4fbaf3286407c3377050ceb3acf48db44ace155 |
| SHA256 | b3e3afa57d8188c058fec95ced3a83e8009dc090eff00fa69e6cdf21d8904450 |
| SHA512 | ac1d78130cb979e75bd5351995f452d0cfcb137127087dc71ac21dfdb0f4f91ba6ae5fb2a908f3e275bf913dfc1f73a237aec3625b3fcf2c01bc14abd58adfc1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 1c7ec27d94da04714401b9adf0b17756 |
| SHA1 | 3e18d51664cd7c8036552c1557391ae0e7d3363d |
| SHA256 | 57be391e5772faf9845cc18c3b6c5e428c1181feaa56c5dd4c4d16472c9ebb52 |
| SHA512 | 067ce3414a4fdadf8b1fbc79cd0abfdbde43e60b848d9f06e1310f3c1192ab2135347d570baa9c1eee1da941f70e66a85ff4a82fcd6286268c542c97a5f2ba24 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | bd70d1f832727ce0b36eb6e27bb414ef |
| SHA1 | d532a3c77c2270cb4dbe49c45dbfdb82e2638f25 |
| SHA256 | e89cef4ce98fceca622d5564caa7589fb473793bc1f332140cf47fa32e8b249c |
| SHA512 | b97cb217d5addf2f8898a120f39deaa9b68b181d9a206e7b825616e47b530ad1aebcd5b68443726b39ebbc73c9b0a84df01ac8c33936fa0f06512fd4f3e04bc3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 906f65a44e6ba9142c7485e8b58185c7 |
| SHA1 | aa029cd8c628079513ad26281cbb0e2377c085c7 |
| SHA256 | e2f4531d40f01207dd0117bb282fc839955db98a6d594a6e20c0f618a1134cfc |
| SHA512 | 16df714f72f83af44cbe4f74c013bf1075f9fdb13127c46d121857de59aa5dd865a2b3010e443a7d10c81789e08b2942a0c860a575d2eeeff17d16a6f09d789a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 700cfd749a2736a079febc1f7fa493ef |
| SHA1 | 73b4901f2d097d68adc3d077e58514554f47b270 |
| SHA256 | d3e74ba5446915b54d4493912c2838277e79aa5977ca40940792f032efc07c11 |
| SHA512 | 08c9837f4481c96ed48b4313b7b9dd9293a3ab290c6f25cc324186f03079a2ca392926382f0d244c03473f9bca229eee4c357bf6641c7a44e318cc5a51935c02 |
C:\Users\Admin\Downloads\Mega2.7\Bunifu.UI.WinForms.BunifuTransition.dll
| MD5 | db7e06b950f15c1a799d2a049122aa5d |
| SHA1 | 445ebb73a64bf910bea401192784446d298bf106 |
| SHA256 | c6e038ab3cc0b56551e3613506a5b4028b796a6424ef3c66ef310c901c12f8d7 |
| SHA512 | b8f9c9b9e487565f0920dba28a6fec75ff9dcf20ec16988d63f2df7ff2a935e117b98f74f780c6f6806a58d217687cbf4bfcd5de19de2a121998f7291900d119 |
memory/4684-1010-0x0000022FEDDF0000-0x0000022FEDE0C000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7e44d1c4761e9d434046e5e0a4e66f1e |
| SHA1 | 443d35ec376263762826419f789e6c6f90d6faab |
| SHA256 | d07b949e30d37da2949176cca7ef17034d957edff39b68c9566df6381e10c639 |
| SHA512 | af174479b7f865b266ca9ac2c1c8c07de9cad68de392b44aeb266aee663c454c9d8df98fca51743bf9ce786f7eb719760b1ae9b88c15f47039ae4212b025475f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | fd0493bedb248fc605c2d0d1c51a3b92 |
| SHA1 | e788daba6c9b95093802a010a9ef9ed7326fa2ea |
| SHA256 | 16bbfff03e5704ca4e7dca28fba14f9d2dd3a4cdaea92b8c457efe4476a4a178 |
| SHA512 | f586a84119ed25555fd761781e7200d7889db9a76a923925d52fa74c2110ed8bb71cf1f90489c2461116d4cfeef1304e4bdc4d683dd95ef6ab12a5e07bf25209 |
memory/3064-1031-0x0000000000FC0000-0x000000000261F000-memory.dmp
memory/3064-1033-0x0000000000FC0000-0x000000000261F000-memory.dmp
C:\Users\Admin\Downloads\Mega2.7\MegaVPN.exe
| MD5 | ba1a3c2720f6e18edd51fbfae8b1d929 |
| SHA1 | 6afeb3ad6c46df7de16b9bf64d7a961bd40b3be3 |
| SHA256 | 2875813b92678b25d009bd15d8e4f13179c52678ac7d50364700e92d53e76239 |
| SHA512 | dac8936923395befd3cbc750c50a856401e6b77d872c38cae13ba24dba149fd94a1380cf33f033c003b61f48d7ad68558f8f671d7e6ab27ee77285a3c606ea72 |
memory/4684-1035-0x0000022FEE500000-0x0000022FEE540000-memory.dmp
memory/4684-1036-0x0000022FEE0C0000-0x0000022FEE0E0000-memory.dmp
memory/4684-1037-0x0000022FEF740000-0x0000022FEF7EA000-memory.dmp
C:\Users\Admin\Downloads\Mega2.7\VPN\VpnConnection.pbk
| MD5 | a06841990bf706d15e228ac0521bb123 |
| SHA1 | cdd518c1586aeae6641c51989827d1a20da832e6 |
| SHA256 | 4797458957a6ee0035aa2030c1d7bfdfdd3a8c7137f4f06c7c173943d34ff3ca |
| SHA512 | e1642c1579012a0f0079266bbf4e7cd1efa89619aff1e96bedd6ed3499e5797008aa6296ace172dbd92222d33375f52a91aafc048ccfc3d2b86ddd0c095a8aee |
C:\Users\Admin\Downloads\Mega2.7\VPN\VpnConnection.bat
| MD5 | d2a642c54f4930d4ca621651066befed |
| SHA1 | f57864656d57c409954f03cedde827e6f6b36663 |
| SHA256 | 61ba02d42d69be551acab0df2659d1e978758672180da25cdba1346e74e22dd5 |
| SHA512 | 448bd4e8c7c0632229e567c4aabeb43a361af4c33385f8f29fd07e796304dc85c8a600a590fa96e3d0fdb1019b24669df8d6bb7ed47d1a47265530c349dff8d4 |
C:\Users\Admin\Downloads\Mega2.7\VPN\VpnDisconnect.bat
| MD5 | b1bc049f9647b3749a0c62ff63df5a2b |
| SHA1 | 2cb59b5ec0c8e1a495ecaf03e929b71692d23a8e |
| SHA256 | a8111c2a65db858aecbbf3e44aa29e139778a57ebf2ba6deb047e16559d42732 |
| SHA512 | 997e91f1ba12fff5fcf242672bcfb8c0556171e20e4869fda8a7f9c82a28e6b6bcee25be3ad7922a5f851348f12c9c99af63821495a15caf501c60892505caf4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7b28b1a35fab4cba0272de94a6a03857 |
| SHA1 | c31318c2b2cc62f4d82ec598fc45e5a5f24f447f |
| SHA256 | 10ef0393f150ad5fc9bb48f4c341b7165edb68d2845e0f81ca317039b3de935c |
| SHA512 | a0fbc3ef3d5e7a810b822dff4df71703269421ed01c12fbc2b0a4041184c29bc8d2614b695924836553ed28f66a5392ee101dcbbff5ce8eeef4e4584a1211f11 |
memory/4684-1064-0x0000022FE8AA0000-0x0000022FE8AB0000-memory.dmp
memory/4684-1065-0x0000022FE8AA0000-0x0000022FE8AB0000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5e08d9c6eb21982902b744e78171c631 |
| SHA1 | 8cdc94cd414e96a120457ed18e123af9f3285870 |
| SHA256 | 74c1f8b0214e666ed1900fd31aab322b527c8cf3a01a98f907cc51c4d767a02e |
| SHA512 | 2078bd49f6e9d08ec607109e2d441f8545d67adb912c372ec1ef164fe9870ee1cbd87ba92e4917a537a24579631100e616b4b7631ad2b959cc782a3f7f2300a5 |