Analysis

  • max time kernel
    142s
  • max time network
    162s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230621-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/06/2023, 18:10

General

  • Target

    https://www.mediafire.com/file/1d8kjmuxefrpopv/Zephyr.exe/file

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 5 IoCs
  • Loads dropped DLL 2 IoCs
  • Obfuscated with Agile.Net obfuscator 32 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Drops file in Windows directory 3 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 51 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.mediafire.com/file/1d8kjmuxefrpopv/Zephyr.exe/file
    1⤵
    • Adds Run key to start application
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1652
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffd1d19758,0x7fffd1d19768,0x7fffd1d19778
      2⤵
        PID:364
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1828 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:2
        2⤵
          PID:980
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:8
          2⤵
            PID:3784
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:8
            2⤵
              PID:4176
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3256 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1
              2⤵
                PID:4704
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3240 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1
                2⤵
                  PID:4644
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4932 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1
                  2⤵
                    PID:2228
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5112 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1
                    2⤵
                      PID:4224
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5232 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1
                      2⤵
                        PID:4984
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5444 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1
                        2⤵
                          PID:2164
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5520 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1
                          2⤵
                            PID:2248
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5616 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1
                            2⤵
                              PID:936
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5712 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1
                              2⤵
                                PID:1068
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=6336 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1
                                2⤵
                                  PID:1496
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6512 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1
                                  2⤵
                                    PID:4960
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6644 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1
                                    2⤵
                                      PID:4348
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6816 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1
                                      2⤵
                                        PID:488
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6780 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1
                                        2⤵
                                          PID:4216
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5852 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1
                                          2⤵
                                            PID:1216
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6560 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1
                                            2⤵
                                              PID:2356
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7632 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:8
                                              2⤵
                                                PID:548
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7468 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:8
                                                2⤵
                                                  PID:4892
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=7800 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1
                                                  2⤵
                                                    PID:3380
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=7780 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1
                                                    2⤵
                                                      PID:1944
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=8996 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1
                                                      2⤵
                                                        PID:5440
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5884 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1
                                                        2⤵
                                                          PID:5552
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9252 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:8
                                                          2⤵
                                                            PID:5680
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9116 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:8
                                                            2⤵
                                                              PID:5764
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3528 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:8
                                                              2⤵
                                                                PID:6056
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7136 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:8
                                                                2⤵
                                                                  PID:6048
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7932 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:8
                                                                  2⤵
                                                                    PID:2988
                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3288 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:8
                                                                    2⤵
                                                                      PID:5188
                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7600 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:8
                                                                      2⤵
                                                                        PID:5180
                                                                      • C:\Users\Admin\Downloads\Zephyr.exe
                                                                        "C:\Users\Admin\Downloads\Zephyr.exe"
                                                                        2⤵
                                                                        • Executes dropped EXE
                                                                        • Loads dropped DLL
                                                                        • Drops file in Windows directory
                                                                        PID:5356
                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=2772 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1
                                                                        2⤵
                                                                          PID:5852
                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7796 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1
                                                                          2⤵
                                                                            PID:5732
                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=7808 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1
                                                                            2⤵
                                                                              PID:5996
                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=5728 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1
                                                                              2⤵
                                                                                PID:5824
                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=7552 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1
                                                                                2⤵
                                                                                  PID:5284
                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5964 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:8
                                                                                  2⤵
                                                                                    PID:456
                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5380 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:8
                                                                                    2⤵
                                                                                      PID:1820
                                                                                  • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                                                                    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                                                                    1⤵
                                                                                      PID:4484
                                                                                    • C:\Windows\System32\rundll32.exe
                                                                                      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                      1⤵
                                                                                        PID:744
                                                                                      • C:\Users\Admin\Downloads\Zephyr.exe
                                                                                        "C:\Users\Admin\Downloads\Zephyr.exe"
                                                                                        1⤵
                                                                                        • Executes dropped EXE
                                                                                        • Loads dropped DLL
                                                                                        PID:3848
                                                                                      • C:\Users\Admin\Downloads\Zephyr.exe
                                                                                        "C:\Users\Admin\Downloads\Zephyr.exe"
                                                                                        1⤵
                                                                                        • Executes dropped EXE
                                                                                        PID:6132
                                                                                      • C:\Users\Admin\Downloads\Zephyr.exe
                                                                                        "C:\Users\Admin\Downloads\Zephyr.exe"
                                                                                        1⤵
                                                                                        • Executes dropped EXE
                                                                                        PID:4336
                                                                                      • C:\Users\Admin\Downloads\Zephyr.exe
                                                                                        "C:\Users\Admin\Downloads\Zephyr.exe"
                                                                                        1⤵
                                                                                        • Executes dropped EXE
                                                                                        PID:3904

                                                                                      Network

                                                                                            MITRE ATT&CK Enterprise v6

                                                                                            Replay Monitor

                                                                                            Loading Replay Monitor...

                                                                                            Downloads

                                                                                            • C:\Users\Admin\AppData\Local\Ambrosial\assets\clients\1.19.3004.0\Zephyr Classic\launcherAssets\ProjectHalcyon.png

                                                                                              Filesize

                                                                                              54KB

                                                                                              MD5

                                                                                              cf4b10cab822fb4e563d5c1fc7757a30

                                                                                              SHA1

                                                                                              57328884b3e1ebf4eaeb4715a33bf93a52c95d53

                                                                                              SHA256

                                                                                              abb9e95c2b6bf7f7fad5f483b9e3e746bbca54a82ff79009d0760dcd2ff013cc

                                                                                              SHA512

                                                                                              f0607ac012b3e86a56f63b9778bde661424e56b3b048f24c8d82b693fe673e860bf0225863f4f71915a1c8c5c83f3caa0de796a0059860d62e378e0b98135eb0

                                                                                            • C:\Users\Admin\AppData\Local\Ambrosial\assets\clients\cachedclients.json

                                                                                              Filesize

                                                                                              22KB

                                                                                              MD5

                                                                                              3247e6bc53d0be2619dde6e003a7a03e

                                                                                              SHA1

                                                                                              d495da042dacdfc763992a32a8707616356d88b8

                                                                                              SHA256

                                                                                              aa8790dd7c8736ccc8f27a41a981537f8a2319b042bac44cbfeffcaa1606f8f2

                                                                                              SHA512

                                                                                              bf2b22d1b490a3806a518aa28f573066eaf66ce5cb186a090b58c1d9f3a2bea43ebee1ce85c58d89423e401656fa3e2ec75850fce956c749adcd7a9a92b33dc6

                                                                                            • C:\Users\Admin\AppData\Local\Ambrosial\assets\clients\cachedclients.json

                                                                                              Filesize

                                                                                              22KB

                                                                                              MD5

                                                                                              3247e6bc53d0be2619dde6e003a7a03e

                                                                                              SHA1

                                                                                              d495da042dacdfc763992a32a8707616356d88b8

                                                                                              SHA256

                                                                                              aa8790dd7c8736ccc8f27a41a981537f8a2319b042bac44cbfeffcaa1606f8f2

                                                                                              SHA512

                                                                                              bf2b22d1b490a3806a518aa28f573066eaf66ce5cb186a090b58c1d9f3a2bea43ebee1ce85c58d89423e401656fa3e2ec75850fce956c749adcd7a9a92b33dc6

                                                                                            • C:\Users\Admin\AppData\Local\Ambrosial\assets\clients\cachedclients.json

                                                                                              Filesize

                                                                                              22KB

                                                                                              MD5

                                                                                              3247e6bc53d0be2619dde6e003a7a03e

                                                                                              SHA1

                                                                                              d495da042dacdfc763992a32a8707616356d88b8

                                                                                              SHA256

                                                                                              aa8790dd7c8736ccc8f27a41a981537f8a2319b042bac44cbfeffcaa1606f8f2

                                                                                              SHA512

                                                                                              bf2b22d1b490a3806a518aa28f573066eaf66ce5cb186a090b58c1d9f3a2bea43ebee1ce85c58d89423e401656fa3e2ec75850fce956c749adcd7a9a92b33dc6

                                                                                            • C:\Users\Admin\AppData\Local\Ambrosial\assets\clients\cachedclients.json

                                                                                              Filesize

                                                                                              22KB

                                                                                              MD5

                                                                                              3247e6bc53d0be2619dde6e003a7a03e

                                                                                              SHA1

                                                                                              d495da042dacdfc763992a32a8707616356d88b8

                                                                                              SHA256

                                                                                              aa8790dd7c8736ccc8f27a41a981537f8a2319b042bac44cbfeffcaa1606f8f2

                                                                                              SHA512

                                                                                              bf2b22d1b490a3806a518aa28f573066eaf66ce5cb186a090b58c1d9f3a2bea43ebee1ce85c58d89423e401656fa3e2ec75850fce956c749adcd7a9a92b33dc6

                                                                                            • C:\Users\Admin\AppData\Local\Ambrosial\assets\clients\cachedclients.json

                                                                                              Filesize

                                                                                              22KB

                                                                                              MD5

                                                                                              3247e6bc53d0be2619dde6e003a7a03e

                                                                                              SHA1

                                                                                              d495da042dacdfc763992a32a8707616356d88b8

                                                                                              SHA256

                                                                                              aa8790dd7c8736ccc8f27a41a981537f8a2319b042bac44cbfeffcaa1606f8f2

                                                                                              SHA512

                                                                                              bf2b22d1b490a3806a518aa28f573066eaf66ce5cb186a090b58c1d9f3a2bea43ebee1ce85c58d89423e401656fa3e2ec75850fce956c749adcd7a9a92b33dc6

                                                                                            • C:\Users\Admin\AppData\Local\Ambrosial\log.txt

                                                                                              Filesize

                                                                                              2KB

                                                                                              MD5

                                                                                              e986a8ed39c97c020f7ccebb9bf13b55

                                                                                              SHA1

                                                                                              33d3b7b13af6a736a444a460ef0fba2b247648e9

                                                                                              SHA256

                                                                                              ac1419b61cd1e31b25756ea33c5af14f5d897e6c071a7b1bb11c5adbcd9995ae

                                                                                              SHA512

                                                                                              503be690f615a04d78ea442dc20f4660b8932d4db307b9b1f613b01346a28aedfc41bdeb9d301a761d430a1cd3f79463a3e7fd45cba8dbd26f48a3a8f62be002

                                                                                            • C:\Users\Admin\AppData\Local\Ambrosial\log.txt

                                                                                              Filesize

                                                                                              7KB

                                                                                              MD5

                                                                                              fc894506dd5e5551083afa9561b77d2e

                                                                                              SHA1

                                                                                              000b3300f6bcd47333100e3712dc7947dd67a596

                                                                                              SHA256

                                                                                              d802265463d8ccdeded7b7ce027f2c6fedebfd7dd9db59e2fc63e89ebc08d54f

                                                                                              SHA512

                                                                                              5d736535572df80ee5ec7112f76a4f4b36e48909554bc1c953b4e6a4207557a7b3a7cd5a2c206a0fe7a15f17eed433b8f883c8dee0fce8788e7aeb731c2cd6e2

                                                                                            • C:\Users\Admin\AppData\Local\Ambrosial\log.txt

                                                                                              Filesize

                                                                                              7KB

                                                                                              MD5

                                                                                              fc894506dd5e5551083afa9561b77d2e

                                                                                              SHA1

                                                                                              000b3300f6bcd47333100e3712dc7947dd67a596

                                                                                              SHA256

                                                                                              d802265463d8ccdeded7b7ce027f2c6fedebfd7dd9db59e2fc63e89ebc08d54f

                                                                                              SHA512

                                                                                              5d736535572df80ee5ec7112f76a4f4b36e48909554bc1c953b4e6a4207557a7b3a7cd5a2c206a0fe7a15f17eed433b8f883c8dee0fce8788e7aeb731c2cd6e2

                                                                                            • C:\Users\Admin\AppData\Local\Ambrosial\log.txt

                                                                                              Filesize

                                                                                              20KB

                                                                                              MD5

                                                                                              e789b19841c377dbf06609fb6690f37f

                                                                                              SHA1

                                                                                              4de9791a1d51953ce88762980e617bcf36fbb269

                                                                                              SHA256

                                                                                              61c9acbe33d087b4dee62712c62bebdc869fec29b06ea724a582a3e2bdf446e9

                                                                                              SHA512

                                                                                              ebbbd6fd2cc663a2316abe541b0c65c8d664c6e91fda2e7ac9ccc0cfd0db0703ccb3530c57b9e38f26e447e8271b01f9c38184b0ee391418ac1f7ce533daacaa

                                                                                            • C:\Users\Admin\AppData\Local\Ambrosial\log.txt

                                                                                              Filesize

                                                                                              253B

                                                                                              MD5

                                                                                              992863f4abe161a1320a4cfcd8efb3bc

                                                                                              SHA1

                                                                                              0d5f089a174543f564c28cd45d42c9def8e152de

                                                                                              SHA256

                                                                                              06892a0ce79de3b7380a8f66566654f456d5dd4c9434f7061ae542d4919c35ff

                                                                                              SHA512

                                                                                              725d986596c3e6014a8a39631315e386cb9f770d552070427d12e131c95528f12f98705b24f104f48b15485a7812078f7cde7f72bc1b103a83b2a7093771a36a

                                                                                            • C:\Users\Admin\AppData\Local\Ambrosial\log.txt

                                                                                              Filesize

                                                                                              513B

                                                                                              MD5

                                                                                              c51a8c76c59b041835dc0bf1bcf9769f

                                                                                              SHA1

                                                                                              97b442ab5da63350279bae9fecdf50784120c164

                                                                                              SHA256

                                                                                              49545eda5995edf1bef71576ffb58371c5e95e85c16e75c828c78b369e9fe617

                                                                                              SHA512

                                                                                              29b2fa7b901c22d1b0af978b002f67e917c1d4c1aef7511764b2a06f51d696231ac5749d571d95b97a19f6d4c461a7828e9f4c02cd287ffd0fe35f23b86b0c0e

                                                                                            • C:\Users\Admin\AppData\Local\Ambrosial\log.txt

                                                                                              Filesize

                                                                                              16KB

                                                                                              MD5

                                                                                              14c29dd2f4a7bc27cb182ec49efc1227

                                                                                              SHA1

                                                                                              9285696cc33085ffefbf197a29e2989f875d00bc

                                                                                              SHA256

                                                                                              17a6fa358e181db21e5d986f567d8866308de02688ef58ce678ba6c041e501a3

                                                                                              SHA512

                                                                                              6fc181b1491645a3704626c5f382d74d49ca9a30dd15220d220cbe93786747ca28452843625bd18d40aec06cac613513c97f8274db4404cee2c8dd446c91a669

                                                                                            • C:\Users\Admin\AppData\Local\Ambrosial\log.txt

                                                                                              Filesize

                                                                                              16KB

                                                                                              MD5

                                                                                              14c29dd2f4a7bc27cb182ec49efc1227

                                                                                              SHA1

                                                                                              9285696cc33085ffefbf197a29e2989f875d00bc

                                                                                              SHA256

                                                                                              17a6fa358e181db21e5d986f567d8866308de02688ef58ce678ba6c041e501a3

                                                                                              SHA512

                                                                                              6fc181b1491645a3704626c5f382d74d49ca9a30dd15220d220cbe93786747ca28452843625bd18d40aec06cac613513c97f8274db4404cee2c8dd446c91a669

                                                                                            • C:\Users\Admin\AppData\Local\Ambrosial\log.txt

                                                                                              Filesize

                                                                                              16KB

                                                                                              MD5

                                                                                              14c29dd2f4a7bc27cb182ec49efc1227

                                                                                              SHA1

                                                                                              9285696cc33085ffefbf197a29e2989f875d00bc

                                                                                              SHA256

                                                                                              17a6fa358e181db21e5d986f567d8866308de02688ef58ce678ba6c041e501a3

                                                                                              SHA512

                                                                                              6fc181b1491645a3704626c5f382d74d49ca9a30dd15220d220cbe93786747ca28452843625bd18d40aec06cac613513c97f8274db4404cee2c8dd446c91a669

                                                                                            • C:\Users\Admin\AppData\Local\Ambrosial\log.txt

                                                                                              Filesize

                                                                                              16KB

                                                                                              MD5

                                                                                              cca2fbf55652db066704177aebf13702

                                                                                              SHA1

                                                                                              e83d3bd72c58e785b69537b6c9a7f87879b0e64f

                                                                                              SHA256

                                                                                              9df860ecfc34d53037fa4324be520d179d1ab1ecf06fc227f60fbf859a61ee14

                                                                                              SHA512

                                                                                              996af9a153873664b0aa5033026b7f6bc892bc5f2cb84dc99048c84f8a546e7bf072fb94b0b13a6a85e6d1da589ef7d3aa21d963110e7473960b041bf871da8c

                                                                                            • C:\Users\Admin\AppData\Local\Ambrosial\log.txt

                                                                                              Filesize

                                                                                              16KB

                                                                                              MD5

                                                                                              cca2fbf55652db066704177aebf13702

                                                                                              SHA1

                                                                                              e83d3bd72c58e785b69537b6c9a7f87879b0e64f

                                                                                              SHA256

                                                                                              9df860ecfc34d53037fa4324be520d179d1ab1ecf06fc227f60fbf859a61ee14

                                                                                              SHA512

                                                                                              996af9a153873664b0aa5033026b7f6bc892bc5f2cb84dc99048c84f8a546e7bf072fb94b0b13a6a85e6d1da589ef7d3aa21d963110e7473960b041bf871da8c

                                                                                            • C:\Users\Admin\AppData\Local\Ambrosial\log.txt

                                                                                              Filesize

                                                                                              409B

                                                                                              MD5

                                                                                              a7a11c2fc4783475ec08816283f79a10

                                                                                              SHA1

                                                                                              27e3e683f1d0fc8d24f5530f2607d8c2b3e3edb4

                                                                                              SHA256

                                                                                              f86da4f3ebc4fe94f2215e97868f28f7933b6b4e8120f8989ba16072148da019

                                                                                              SHA512

                                                                                              f162f246a471435d79a852f36c6d599e541a5dc5169012e919965d005eef5171de831cc3b2b07cb6ff00f84c3af4a4bcf69d815b11ea06f26bf5bdc3e89bab5f

                                                                                            • C:\Users\Admin\AppData\Local\Ambrosial\log.txt

                                                                                              Filesize

                                                                                              409B

                                                                                              MD5

                                                                                              a7a11c2fc4783475ec08816283f79a10

                                                                                              SHA1

                                                                                              27e3e683f1d0fc8d24f5530f2607d8c2b3e3edb4

                                                                                              SHA256

                                                                                              f86da4f3ebc4fe94f2215e97868f28f7933b6b4e8120f8989ba16072148da019

                                                                                              SHA512

                                                                                              f162f246a471435d79a852f36c6d599e541a5dc5169012e919965d005eef5171de831cc3b2b07cb6ff00f84c3af4a4bcf69d815b11ea06f26bf5bdc3e89bab5f

                                                                                            • C:\Users\Admin\AppData\Local\Ambrosial\log.txt

                                                                                              Filesize

                                                                                              15KB

                                                                                              MD5

                                                                                              ac0ca68287e669d5e03c5395dd3c0385

                                                                                              SHA1

                                                                                              87a7605f62befacfa84e4ab8b7f97de45b719f53

                                                                                              SHA256

                                                                                              a59f4ebb55227879253a42c2dde54b1a4e45c0728417e8c6676a629d34bc258f

                                                                                              SHA512

                                                                                              2cf311b146ce95909271ae1ecbb8c5009e43f3b71c5ea855311b1d93af574fc61d09edc7074ea5644bd144fa76aae0c6d9eb7e7abb9bdcb1a35e31d2b3a6edfd

                                                                                            • C:\Users\Admin\AppData\Local\Ambrosial\log.txt

                                                                                              Filesize

                                                                                              15KB

                                                                                              MD5

                                                                                              ac0ca68287e669d5e03c5395dd3c0385

                                                                                              SHA1

                                                                                              87a7605f62befacfa84e4ab8b7f97de45b719f53

                                                                                              SHA256

                                                                                              a59f4ebb55227879253a42c2dde54b1a4e45c0728417e8c6676a629d34bc258f

                                                                                              SHA512

                                                                                              2cf311b146ce95909271ae1ecbb8c5009e43f3b71c5ea855311b1d93af574fc61d09edc7074ea5644bd144fa76aae0c6d9eb7e7abb9bdcb1a35e31d2b3a6edfd

                                                                                            • C:\Users\Admin\AppData\Local\Ambrosial\log.txt

                                                                                              Filesize

                                                                                              16KB

                                                                                              MD5

                                                                                              26f6278d6a5024d6d29466d322bce197

                                                                                              SHA1

                                                                                              cc928d4375e790c53c4dc4b6e140333a4666212a

                                                                                              SHA256

                                                                                              a9bcb455b40e2bf7c91480952168be1aa85377dee76b8d821aafb24c4b71d5a4

                                                                                              SHA512

                                                                                              11437f83b19c374e803e2508f39252a80eff89138c8af4a5a86085289884f97520295838d2efea7b24443ee56611247c9edf806dd9387744f5aac27ae920642a

                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

                                                                                              Filesize

                                                                                              40B

                                                                                              MD5

                                                                                              efc6a463686adb4233bc6b344d7aa760

                                                                                              SHA1

                                                                                              085f982372942f7fa77926cf585dd46935ffba3f

                                                                                              SHA256

                                                                                              963bf915975122e993bc283243bd7aa68d1f89fdda2a609a8b5ad1adc2e64c30

                                                                                              SHA512

                                                                                              fc23491520df400de344342a3fa23105c9a6a7278a446a1618fe594bdd51e3ced157595e411d68968d157405c059b37e209391ec6168b9c04416536a1adca006

                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                              Filesize

                                                                                              1KB

                                                                                              MD5

                                                                                              c4fcc8fa78fc157bf0cf4308e17bb6ff

                                                                                              SHA1

                                                                                              3bbdde8b00423181f81ca715f6d22d4f7c001628

                                                                                              SHA256

                                                                                              61a18416d4b9cb4e3d5133b317cdd6273f7224b757da3c90c504223b33b2d8d4

                                                                                              SHA512

                                                                                              10dfef44489ec5056348baab5c8670a2015d962c9048df3e17654bc751a90c778234a157a68516c2291ea9e59e2365b13795a4db82fe6572a9ecfb9e9eb86a36

                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

                                                                                              Filesize

                                                                                              264KB

                                                                                              MD5

                                                                                              d6c20517032a51ca84d23d1e851d629c

                                                                                              SHA1

                                                                                              872110867cdce8b8a7e5d6993c7f54931ef527b7

                                                                                              SHA256

                                                                                              ab6ee7c0a420d1477a0af092af461abfdd9e6df504ca6796f01aedb8af841297

                                                                                              SHA512

                                                                                              84ee423d035d49d3190e73e04abcd536983ed586a0c6818d80b7ed2ba91df88eb9d02bd8586345254c9ef0c252a8730fae98db0b805b15f68b180b8d91115ec4

                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                              Filesize

                                                                                              14KB

                                                                                              MD5

                                                                                              b548a862228e0ccec48ae798eb6d72c5

                                                                                              SHA1

                                                                                              1e000f2229ce4ad3349f174a5ece3152f7b67b5a

                                                                                              SHA256

                                                                                              eb0dc8b4602be07fcc3c59a689c2233771929d24bf6400e392fbcd8ae14ccfce

                                                                                              SHA512

                                                                                              3a196493da6ead5151d018af6e24167110dba340d660e68ad6bbbbe177d02378c8f1fd59dac32c4b5821b3bb217ae8d83c38bc695737a54cae11b13997b04cc8

                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                              Filesize

                                                                                              3KB

                                                                                              MD5

                                                                                              a4503d131fef5beed287790be687cf56

                                                                                              SHA1

                                                                                              89d5245a6714dc0dea0314c0dd030f06b77ebd0e

                                                                                              SHA256

                                                                                              decf9ff7b235c8a7c1cd2c8c1c6c811edb7536c07f4d1aa9d9b326e6d9395e48

                                                                                              SHA512

                                                                                              f84ccbd474403cdb3ca2bc4c495f34cbf29add0abf8c13e686605bf9482fda821fbfc34ecf9b068334777cd8d83522b9b7484fc0afa8eb39d92c597518668c9f

                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                              Filesize

                                                                                              5KB

                                                                                              MD5

                                                                                              7c2e5fc9dfdd0714b935698b0e0de219

                                                                                              SHA1

                                                                                              a1af63bd7355c1f968a8023f44ec622b7acb51f8

                                                                                              SHA256

                                                                                              efbc04fc4519dc6fdc79f301b6e6bc78ad13a41672e5b597fc536a66441c79fc

                                                                                              SHA512

                                                                                              11b40fea2d22870f9d0e3157573403b7a7e7324bde9a0c3be136ced632a1802df0b0322781b522b9d43ad4f8f1df43c3a3f9be7c8dede468d00516582f1dd549

                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                              Filesize

                                                                                              5KB

                                                                                              MD5

                                                                                              2f8cfdeaf9dd24b3a717282b2e800ab8

                                                                                              SHA1

                                                                                              169c76a439cd43a1f11d0215f0b6d55a90393cba

                                                                                              SHA256

                                                                                              95f8cf6aa440972f8729574098b7a970dc049b8d10413db3de5956e0f0e6a6db

                                                                                              SHA512

                                                                                              6f364c31c35897b2dc8768d08adde122fbe6b7506bd707fdccdd29383066484906f3c2310406a713dc22bb0184555fe8aad893abdb35d6daa454a1e8ede4634d

                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                              Filesize

                                                                                              5KB

                                                                                              MD5

                                                                                              2e61c4fbd979402471d19ef978ac1f62

                                                                                              SHA1

                                                                                              b94feaace17aedc3c32c96840817fcfc5b80df11

                                                                                              SHA256

                                                                                              caa5bb39473073469f73cda1485a030c47e5b2ab9396df09ba5a8d625ce34358

                                                                                              SHA512

                                                                                              fc54e311097d005ac43936bd0c04b87686fefab1ffb992e302424021245bff1b829ae94ef01d8b44126050089e4b75f4c2acdad71a695d2f9131fb1aac9f1297

                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                              Filesize

                                                                                              6KB

                                                                                              MD5

                                                                                              68f986c93411cdaa63b218585a7c1cb5

                                                                                              SHA1

                                                                                              0f6d198f160392dff97be19414ab11632de08a70

                                                                                              SHA256

                                                                                              92bf3a04fd7bc61c2e001da96f59331d68882cc4ecbae2081fe497ad86cb2be9

                                                                                              SHA512

                                                                                              d3649470f6b5cb2a5928778254f8b877c5bf6fd3750ad25a90f3daee6f304fc5189e5628c7c3839de6baa7750e97bbe0172994ad798d11958dda1c208e71f2f2

                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                              Filesize

                                                                                              6KB

                                                                                              MD5

                                                                                              3e6aabf83748d57015aba15ae80a5c8b

                                                                                              SHA1

                                                                                              ae1ed356187487dc05aed2f092c9ed5fb453db3e

                                                                                              SHA256

                                                                                              7b6a9cbc5627fd94ed85c1d774c3b676c1fb6aadf3322c7dc3916e6755b616c9

                                                                                              SHA512

                                                                                              519039e79a49466094a33d17ef666d5f2412ebfefe05e94050aff96e00f2201eb5137a556f7116a1d42cb115a00713d9c742e04780338a51173f8a2bfe723a57

                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                              Filesize

                                                                                              6KB

                                                                                              MD5

                                                                                              8db45014a6e8ef3a4c92df35cde28072

                                                                                              SHA1

                                                                                              28e0311c84e53095c1f16080597714d6ed4f184a

                                                                                              SHA256

                                                                                              cd67b3c6d781f6c0eaa2e36f8486b23f47f2105b2c74860596dc5c0f863df86c

                                                                                              SHA512

                                                                                              5a02eb06863103c08eb102dd1d7a1bbf3ba415c3e5d86e6eee277e0b22a31758b78c388c260d39c1c78fef2db50594a8cc68f81191e23f4278bc795e8f42ad67

                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                              Filesize

                                                                                              5KB

                                                                                              MD5

                                                                                              d5f88fe034717ab16ab6d20b2328780b

                                                                                              SHA1

                                                                                              de0b41fd6a1f91d7a7cccab09ffd77b43b50bfcb

                                                                                              SHA256

                                                                                              550ae954c3ca334848052d1f3a7d86756207a6a275125c6bd7514d0aad8b7a6e

                                                                                              SHA512

                                                                                              b719c5d4587ddf347e5ccda25ac4c6f8469ba10322943811137d629f90dd93558a4f3c89cc234de847798ab75b0b2dbb479b085bb8923126a38d24f358409b74

                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                              Filesize

                                                                                              6KB

                                                                                              MD5

                                                                                              3ddcd466d25f784503626cb551b26c9d

                                                                                              SHA1

                                                                                              1f23a35008d30972cbf731230f9b61fcc9dcf307

                                                                                              SHA256

                                                                                              f8db4fc901b4df85041ee7ff839a66b2748d3f7cab4efcfe0967a69226c23a71

                                                                                              SHA512

                                                                                              3c29fe9db9d6161eb2e5a3cd3f2b9c2c2d2876103d244236ff14c9332a927b71c532761d75a59aa86f86e999ef5a44214e21da1b818278c1e465715ff986a308

                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                              Filesize

                                                                                              175KB

                                                                                              MD5

                                                                                              201cf9a396abc4a9153cf62939776b0f

                                                                                              SHA1

                                                                                              01fc222d3b615e8dbc12eda325a8b9c4c007fc5c

                                                                                              SHA256

                                                                                              d67bf397ba31c32e53fb08bcb13e6fa07dc801ddff1ade3a02e0f4481eb4a2d9

                                                                                              SHA512

                                                                                              54745cc09f6d441565461fe3547c3e042a3d3afa80f8d870521c719b331938de17404f93f30ef4a30399a274dc6e21b81729566665f16c9c6f766baa17848a5e

                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                              Filesize

                                                                                              89KB

                                                                                              MD5

                                                                                              86d6876b99a4152001ce7228020c3e87

                                                                                              SHA1

                                                                                              4081536aa6b7f680ca665f4facd438f28af5986b

                                                                                              SHA256

                                                                                              acad0537cb8687e0e3d8c3987fd4b78286541a91fce011a6dece022c6cb538a9

                                                                                              SHA512

                                                                                              67af1c211340014fcdd87897ea1e35d8dcd9a6adf7659ba38d820b3f6a600b7f8718b7296d1c1aac57853b220cd77dd35068c61e9c6347debf0ea8037542394a

                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                              Filesize

                                                                                              174KB

                                                                                              MD5

                                                                                              a60477433ba5ffe257a49b352a0d99df

                                                                                              SHA1

                                                                                              be0c24252d69ca8af8f9fdc7a05d2ba6e04797f6

                                                                                              SHA256

                                                                                              4e0ad62c635fad7a638839767a5460138f37304452ee7d9bc6d7deefc184d221

                                                                                              SHA512

                                                                                              d34c396d12df8e1555709257dbb51f2774c042b0a9e95846c3b50a7288ed05d39dca2465ffd408cedc9b85c00426d25c1d9fa331aff6654bcf71e6fdb28ce106

                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                              Filesize

                                                                                              175KB

                                                                                              MD5

                                                                                              53940c3a638b70b6937aafd746f20109

                                                                                              SHA1

                                                                                              52c0a5ffbaf4374c17ba835f9f1f1cb90a2130f7

                                                                                              SHA256

                                                                                              d8ebd0bc29150157c3caa04b93118152a0a5a82713626fcb72543516cdabd466

                                                                                              SHA512

                                                                                              0098fc1f1b00d483ee50c675896027f67a64adc329f8f0b858e781107e3b8b7ed16029911e593b2c783209c6b2453fe7078ea6804a93b7c6c3c2562e0a085f93

                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                              Filesize

                                                                                              175KB

                                                                                              MD5

                                                                                              15971893cc915e883cc1ce6a6d9ea9d8

                                                                                              SHA1

                                                                                              007ac1fcb2297e435624e675ba93b16eb987a6c8

                                                                                              SHA256

                                                                                              89a178116b250779a5972a1f0d7c67f01b4000e3ad6cb05ba438349b3a8c0556

                                                                                              SHA512

                                                                                              25e2eb0659027f55147ecabecc253e63ffa2a93ec64bb663e405c0569cd111f0f151cc35d388d21ef231ebe8cdf5bd31f6dff4d4a95c9b7ac949b24c3366d6dc

                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                              Filesize

                                                                                              175KB

                                                                                              MD5

                                                                                              bfcbe2d28d8c54d313e596e2db5e3207

                                                                                              SHA1

                                                                                              899b092123b98751a06118ccf7b3e3b6b4b2dd45

                                                                                              SHA256

                                                                                              8e76c07b2675d3da437bd9b0a881ba3869b4f8e654c25b1ca65bc6e470a09624

                                                                                              SHA512

                                                                                              7eed88ecb32246cdaf710aaedda701325beb54676e9540a48d4dbd779009cad9a6339746050bc59ceee4a774a179439e91e30b5ef59d79bc042fbca51d7cb1f6

                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                              Filesize

                                                                                              175KB

                                                                                              MD5

                                                                                              9f1ba0cbb53b11275b963d58b7d7dbe4

                                                                                              SHA1

                                                                                              b086073e715e2650242c8e59d8e3b706ca893540

                                                                                              SHA256

                                                                                              bebb48962b894b4c2178fcb377d4fa7c9b9e59d7e6303aa909cc3e8cbee98e64

                                                                                              SHA512

                                                                                              72ac844c037d887780c125d362db7efa92461c640aedaa6ed6afb0d9f280c97eb408ccd6def760d245ea20cfb150e3c236305ee8fc3ae05d22ffead008b3b7aa

                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                              Filesize

                                                                                              175KB

                                                                                              MD5

                                                                                              52f5a3935958d9066874492bf6103293

                                                                                              SHA1

                                                                                              818c27cad5f2f2fab5afdcf5249591d79aeab4f8

                                                                                              SHA256

                                                                                              dcafc7ba296d3cd9fca7bd246aba1b1a3367d98eae8d32859df7ae09af32ca2d

                                                                                              SHA512

                                                                                              5f85aa44a70cbdc2e8795b05e85cd08714ddc63eb3d7b1e65ffa4f34c9987b87f0d1a6dadc0e988727467cf4ad3b1d8ee008440b7a0b3838dcb82b0065154cda

                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                              Filesize

                                                                                              198KB

                                                                                              MD5

                                                                                              adf1a1f80d85bcc620fb695bba35b212

                                                                                              SHA1

                                                                                              c5eff53f7d301a6bacb829178eec5b83fe61078e

                                                                                              SHA256

                                                                                              02177fda3bb90cc0aff9b8cbc96004bae7c176ea2324457bc2c9b5397b7513e8

                                                                                              SHA512

                                                                                              de692779bacc67dda207bd57badef99214ba823dda7d95cbac05feb843c9112543cbf053655cf6848aa3065bae9dfb28410e721954d775120381d99ed8fac4d4

                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                                                                              Filesize

                                                                                              2B

                                                                                              MD5

                                                                                              99914b932bd37a50b983c5e7c90ae93b

                                                                                              SHA1

                                                                                              bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                                                              SHA256

                                                                                              44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                                                              SHA512

                                                                                              27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                                                            • C:\Users\Admin\AppData\Local\Temp\0e1a63fc-9228-4b4f-96fc-fee060f96e92\GunaDotNetRT64.dll

                                                                                              Filesize

                                                                                              142KB

                                                                                              MD5

                                                                                              9c43f77cb7cff27cb47ed67babe3eda5

                                                                                              SHA1

                                                                                              b0400cf68249369d21de86bd26bb84ccffd47c43

                                                                                              SHA256

                                                                                              f25b9288fe370dcfcb4823fb4e44ab88c7f5fce6e137d0dba389a3dba07d621e

                                                                                              SHA512

                                                                                              cde6fb6cf8db6f9746e69e6c10214e60b3646700d70b49668a2a792e309714dd2d4c5a5241977a833a95fcde8318abcc89eb9968a5039a0b75726bbfa27125a7

                                                                                            • C:\Users\Admin\AppData\Local\Temp\0e1a63fc-9228-4b4f-96fc-fee060f96e92\GunaDotNetRT64.dll

                                                                                              Filesize

                                                                                              142KB

                                                                                              MD5

                                                                                              9c43f77cb7cff27cb47ed67babe3eda5

                                                                                              SHA1

                                                                                              b0400cf68249369d21de86bd26bb84ccffd47c43

                                                                                              SHA256

                                                                                              f25b9288fe370dcfcb4823fb4e44ab88c7f5fce6e137d0dba389a3dba07d621e

                                                                                              SHA512

                                                                                              cde6fb6cf8db6f9746e69e6c10214e60b3646700d70b49668a2a792e309714dd2d4c5a5241977a833a95fcde8318abcc89eb9968a5039a0b75726bbfa27125a7

                                                                                            • C:\Users\Admin\AppData\Local\Temp\0e1a63fc-9228-4b4f-96fc-fee060f96e92\GunaDotNetRT64.dll

                                                                                              Filesize

                                                                                              142KB

                                                                                              MD5

                                                                                              9c43f77cb7cff27cb47ed67babe3eda5

                                                                                              SHA1

                                                                                              b0400cf68249369d21de86bd26bb84ccffd47c43

                                                                                              SHA256

                                                                                              f25b9288fe370dcfcb4823fb4e44ab88c7f5fce6e137d0dba389a3dba07d621e

                                                                                              SHA512

                                                                                              cde6fb6cf8db6f9746e69e6c10214e60b3646700d70b49668a2a792e309714dd2d4c5a5241977a833a95fcde8318abcc89eb9968a5039a0b75726bbfa27125a7

                                                                                            • C:\Users\Admin\AppData\Local\Temp\0e1a63fc-9228-4b4f-96fc-fee060f96e92\GunaDotNetRT64.dll

                                                                                              Filesize

                                                                                              142KB

                                                                                              MD5

                                                                                              9c43f77cb7cff27cb47ed67babe3eda5

                                                                                              SHA1

                                                                                              b0400cf68249369d21de86bd26bb84ccffd47c43

                                                                                              SHA256

                                                                                              f25b9288fe370dcfcb4823fb4e44ab88c7f5fce6e137d0dba389a3dba07d621e

                                                                                              SHA512

                                                                                              cde6fb6cf8db6f9746e69e6c10214e60b3646700d70b49668a2a792e309714dd2d4c5a5241977a833a95fcde8318abcc89eb9968a5039a0b75726bbfa27125a7

                                                                                            • C:\Users\Admin\AppData\Local\Temp\0e1a63fc-9228-4b4f-96fc-fee060f96e92\GunaDotNetRT64.dll

                                                                                              Filesize

                                                                                              142KB

                                                                                              MD5

                                                                                              9c43f77cb7cff27cb47ed67babe3eda5

                                                                                              SHA1

                                                                                              b0400cf68249369d21de86bd26bb84ccffd47c43

                                                                                              SHA256

                                                                                              f25b9288fe370dcfcb4823fb4e44ab88c7f5fce6e137d0dba389a3dba07d621e

                                                                                              SHA512

                                                                                              cde6fb6cf8db6f9746e69e6c10214e60b3646700d70b49668a2a792e309714dd2d4c5a5241977a833a95fcde8318abcc89eb9968a5039a0b75726bbfa27125a7

                                                                                            • C:\Users\Admin\AppData\Local\Temp\0e1a63fc-9228-4b4f-96fc-fee060f96e92\GunaDotNetRT64.dll

                                                                                              Filesize

                                                                                              142KB

                                                                                              MD5

                                                                                              9c43f77cb7cff27cb47ed67babe3eda5

                                                                                              SHA1

                                                                                              b0400cf68249369d21de86bd26bb84ccffd47c43

                                                                                              SHA256

                                                                                              f25b9288fe370dcfcb4823fb4e44ab88c7f5fce6e137d0dba389a3dba07d621e

                                                                                              SHA512

                                                                                              cde6fb6cf8db6f9746e69e6c10214e60b3646700d70b49668a2a792e309714dd2d4c5a5241977a833a95fcde8318abcc89eb9968a5039a0b75726bbfa27125a7

                                                                                            • C:\Users\Admin\Downloads\Azonix.otf

                                                                                              Filesize

                                                                                              11KB

                                                                                              MD5

                                                                                              cdfe47b31e9184a55cf02eef1baf7240

                                                                                              SHA1

                                                                                              b8825c605434d572f5277be0283d5a9b2cde59e4

                                                                                              SHA256

                                                                                              51a65e5c09bf27980adf640cb54cb2a5bbb217fdaab79b377e158f92533362a9

                                                                                              SHA512

                                                                                              a2e5141c0f7ca72bcf5b1a303fce1734953d83ad363d4c3c7d8786e1bfd872a6b96eeabce3740b547a5447e255415cdf688a0d2074cecfaa0c54c49d0f2882c5

                                                                                            • C:\Users\Admin\Downloads\YuGothL.ttc

                                                                                              Filesize

                                                                                              13.2MB

                                                                                              MD5

                                                                                              0fd31d088de3a9062313bbe326e2b0f8

                                                                                              SHA1

                                                                                              9691c2a7714878a75fe2171bb482c032ba55d2f4

                                                                                              SHA256

                                                                                              536a19fa3e895ec798da3adbbeb6ea5a061230ac6a3b1b89bf4424f71d844303

                                                                                              SHA512

                                                                                              be700ee2122fc6e535743ae719c9a726cd6082dbf771ae56ae0ba21fbd078f1741334bf0762208cb96e434124e7e7562fb1ab7c78c2f47b3628a5c0c20150236

                                                                                            • C:\Users\Admin\Downloads\Zephyr.exe

                                                                                              Filesize

                                                                                              15.9MB

                                                                                              MD5

                                                                                              596b0f4684d45de83c204967c06e48a3

                                                                                              SHA1

                                                                                              933dc2dc29a17a9447c944289fed4f98e0eb5e5f

                                                                                              SHA256

                                                                                              6ff53b8187d0d3e287ad9ce3da20eca4f9dd105a2e3421ca1ad73b533ec4b91a

                                                                                              SHA512

                                                                                              8f50098d120d32a84347a8337dee27061a6914d66b951f930d491a81a9804317318f25f80467684fd4fecea6bccc6de38b2df3ee2742a54805f2cdb4413d3830

                                                                                            • C:\Users\Admin\Downloads\Zephyr.exe

                                                                                              Filesize

                                                                                              15.9MB

                                                                                              MD5

                                                                                              596b0f4684d45de83c204967c06e48a3

                                                                                              SHA1

                                                                                              933dc2dc29a17a9447c944289fed4f98e0eb5e5f

                                                                                              SHA256

                                                                                              6ff53b8187d0d3e287ad9ce3da20eca4f9dd105a2e3421ca1ad73b533ec4b91a

                                                                                              SHA512

                                                                                              8f50098d120d32a84347a8337dee27061a6914d66b951f930d491a81a9804317318f25f80467684fd4fecea6bccc6de38b2df3ee2742a54805f2cdb4413d3830

                                                                                            • C:\Users\Admin\Downloads\Zephyr.exe

                                                                                              Filesize

                                                                                              15.9MB

                                                                                              MD5

                                                                                              596b0f4684d45de83c204967c06e48a3

                                                                                              SHA1

                                                                                              933dc2dc29a17a9447c944289fed4f98e0eb5e5f

                                                                                              SHA256

                                                                                              6ff53b8187d0d3e287ad9ce3da20eca4f9dd105a2e3421ca1ad73b533ec4b91a

                                                                                              SHA512

                                                                                              8f50098d120d32a84347a8337dee27061a6914d66b951f930d491a81a9804317318f25f80467684fd4fecea6bccc6de38b2df3ee2742a54805f2cdb4413d3830

                                                                                            • C:\Users\Admin\Downloads\Zephyr.exe

                                                                                              Filesize

                                                                                              15.9MB

                                                                                              MD5

                                                                                              596b0f4684d45de83c204967c06e48a3

                                                                                              SHA1

                                                                                              933dc2dc29a17a9447c944289fed4f98e0eb5e5f

                                                                                              SHA256

                                                                                              6ff53b8187d0d3e287ad9ce3da20eca4f9dd105a2e3421ca1ad73b533ec4b91a

                                                                                              SHA512

                                                                                              8f50098d120d32a84347a8337dee27061a6914d66b951f930d491a81a9804317318f25f80467684fd4fecea6bccc6de38b2df3ee2742a54805f2cdb4413d3830

                                                                                            • C:\Users\Admin\Downloads\Zephyr.exe

                                                                                              Filesize

                                                                                              15.9MB

                                                                                              MD5

                                                                                              596b0f4684d45de83c204967c06e48a3

                                                                                              SHA1

                                                                                              933dc2dc29a17a9447c944289fed4f98e0eb5e5f

                                                                                              SHA256

                                                                                              6ff53b8187d0d3e287ad9ce3da20eca4f9dd105a2e3421ca1ad73b533ec4b91a

                                                                                              SHA512

                                                                                              8f50098d120d32a84347a8337dee27061a6914d66b951f930d491a81a9804317318f25f80467684fd4fecea6bccc6de38b2df3ee2742a54805f2cdb4413d3830

                                                                                            • C:\Users\Admin\Downloads\Zephyr.exe

                                                                                              Filesize

                                                                                              15.9MB

                                                                                              MD5

                                                                                              596b0f4684d45de83c204967c06e48a3

                                                                                              SHA1

                                                                                              933dc2dc29a17a9447c944289fed4f98e0eb5e5f

                                                                                              SHA256

                                                                                              6ff53b8187d0d3e287ad9ce3da20eca4f9dd105a2e3421ca1ad73b533ec4b91a

                                                                                              SHA512

                                                                                              8f50098d120d32a84347a8337dee27061a6914d66b951f930d491a81a9804317318f25f80467684fd4fecea6bccc6de38b2df3ee2742a54805f2cdb4413d3830

                                                                                            • C:\Users\Admin\Downloads\Zephyr.exe

                                                                                              Filesize

                                                                                              15.9MB

                                                                                              MD5

                                                                                              596b0f4684d45de83c204967c06e48a3

                                                                                              SHA1

                                                                                              933dc2dc29a17a9447c944289fed4f98e0eb5e5f

                                                                                              SHA256

                                                                                              6ff53b8187d0d3e287ad9ce3da20eca4f9dd105a2e3421ca1ad73b533ec4b91a

                                                                                              SHA512

                                                                                              8f50098d120d32a84347a8337dee27061a6914d66b951f930d491a81a9804317318f25f80467684fd4fecea6bccc6de38b2df3ee2742a54805f2cdb4413d3830

                                                                                            • C:\Windows\Fonts\OpenSansLight.ttf

                                                                                              Filesize

                                                                                              217KB

                                                                                              MD5

                                                                                              1bf71be111189e76987a4bb9b3115cb7

                                                                                              SHA1

                                                                                              40442c189568184b6e6c27a25d69f14d91b65039

                                                                                              SHA256

                                                                                              cf5f5184c1441a1660aa52526328e9d5c2793e77b6d8d3a3ad654bdb07ab8424

                                                                                              SHA512

                                                                                              cb18b69e98a194af5e3e3d982a75254f3a20bd94c68816a15f38870b9be616cef0c32033f253219cca9146b2b419dd6df28cc4ceeff80d01f400aa0ed101e061

                                                                                            • memory/3848-7029-0x0000018EB2380000-0x0000018EB2390000-memory.dmp

                                                                                              Filesize

                                                                                              64KB

                                                                                            • memory/3848-7093-0x00007FFFC37F0000-0x00007FFFC3817000-memory.dmp

                                                                                              Filesize

                                                                                              156KB

                                                                                            • memory/3848-6569-0x0000018EB2380000-0x0000018EB2390000-memory.dmp

                                                                                              Filesize

                                                                                              64KB

                                                                                            • memory/3848-6774-0x00007FFFC37F0000-0x00007FFFC3817000-memory.dmp

                                                                                              Filesize

                                                                                              156KB

                                                                                            • memory/3904-7291-0x00000209741E0000-0x00000209741F0000-memory.dmp

                                                                                              Filesize

                                                                                              64KB

                                                                                            • memory/3904-8157-0x00007FFFC37F0000-0x00007FFFC3817000-memory.dmp

                                                                                              Filesize

                                                                                              156KB

                                                                                            • memory/3904-7941-0x00000209741E0000-0x00000209741F0000-memory.dmp

                                                                                              Filesize

                                                                                              64KB

                                                                                            • memory/3904-7728-0x00007FFFC37F0000-0x00007FFFC3817000-memory.dmp

                                                                                              Filesize

                                                                                              156KB

                                                                                            • memory/4336-8031-0x00007FFFC37F0000-0x00007FFFC3817000-memory.dmp

                                                                                              Filesize

                                                                                              156KB

                                                                                            • memory/4336-7137-0x000001CAFF810000-0x000001CAFF820000-memory.dmp

                                                                                              Filesize

                                                                                              64KB

                                                                                            • memory/4336-7895-0x000001CAFF810000-0x000001CAFF820000-memory.dmp

                                                                                              Filesize

                                                                                              64KB

                                                                                            • memory/4336-7493-0x00007FFFC37F0000-0x00007FFFC3817000-memory.dmp

                                                                                              Filesize

                                                                                              156KB

                                                                                            • memory/5356-709-0x00007FFFC37F0000-0x00007FFFC3817000-memory.dmp

                                                                                              Filesize

                                                                                              156KB

                                                                                            • memory/5356-739-0x00000241EDF50000-0x00000241EE134000-memory.dmp

                                                                                              Filesize

                                                                                              1.9MB

                                                                                            • memory/5356-980-0x00000241ED560000-0x00000241ED570000-memory.dmp

                                                                                              Filesize

                                                                                              64KB

                                                                                            • memory/5356-773-0x00000241EDF50000-0x00000241EE134000-memory.dmp

                                                                                              Filesize

                                                                                              1.9MB

                                                                                            • memory/5356-771-0x00000241EDF50000-0x00000241EE134000-memory.dmp

                                                                                              Filesize

                                                                                              1.9MB

                                                                                            • memory/5356-769-0x00000241EDF50000-0x00000241EE134000-memory.dmp

                                                                                              Filesize

                                                                                              1.9MB

                                                                                            • memory/5356-767-0x00000241EDF50000-0x00000241EE134000-memory.dmp

                                                                                              Filesize

                                                                                              1.9MB

                                                                                            • memory/5356-765-0x00000241EDF50000-0x00000241EE134000-memory.dmp

                                                                                              Filesize

                                                                                              1.9MB

                                                                                            • memory/5356-763-0x00000241EDF50000-0x00000241EE134000-memory.dmp

                                                                                              Filesize

                                                                                              1.9MB

                                                                                            • memory/5356-761-0x00000241EDF50000-0x00000241EE134000-memory.dmp

                                                                                              Filesize

                                                                                              1.9MB

                                                                                            • memory/5356-759-0x00000241EDF50000-0x00000241EE134000-memory.dmp

                                                                                              Filesize

                                                                                              1.9MB

                                                                                            • memory/5356-757-0x00000241EDF50000-0x00000241EE134000-memory.dmp

                                                                                              Filesize

                                                                                              1.9MB

                                                                                            • memory/5356-755-0x00000241EDF50000-0x00000241EE134000-memory.dmp

                                                                                              Filesize

                                                                                              1.9MB

                                                                                            • memory/5356-452-0x00000241E9E80000-0x00000241EAE6A000-memory.dmp

                                                                                              Filesize

                                                                                              15.9MB

                                                                                            • memory/5356-753-0x00000241EDF50000-0x00000241EE134000-memory.dmp

                                                                                              Filesize

                                                                                              1.9MB

                                                                                            • memory/5356-751-0x00000241EDF50000-0x00000241EE134000-memory.dmp

                                                                                              Filesize

                                                                                              1.9MB

                                                                                            • memory/5356-749-0x00000241EDF50000-0x00000241EE134000-memory.dmp

                                                                                              Filesize

                                                                                              1.9MB

                                                                                            • memory/5356-747-0x00000241EDF50000-0x00000241EE134000-memory.dmp

                                                                                              Filesize

                                                                                              1.9MB

                                                                                            • memory/5356-745-0x00000241EDF50000-0x00000241EE134000-memory.dmp

                                                                                              Filesize

                                                                                              1.9MB

                                                                                            • memory/5356-743-0x00000241EDF50000-0x00000241EE134000-memory.dmp

                                                                                              Filesize

                                                                                              1.9MB

                                                                                            • memory/5356-741-0x00000241EDF50000-0x00000241EE134000-memory.dmp

                                                                                              Filesize

                                                                                              1.9MB

                                                                                            • memory/5356-1152-0x00007FFFC37F0000-0x00007FFFC3817000-memory.dmp

                                                                                              Filesize

                                                                                              156KB

                                                                                            • memory/5356-737-0x00000241EDF50000-0x00000241EE134000-memory.dmp

                                                                                              Filesize

                                                                                              1.9MB

                                                                                            • memory/5356-735-0x00000241EDF50000-0x00000241EE134000-memory.dmp

                                                                                              Filesize

                                                                                              1.9MB

                                                                                            • memory/5356-733-0x00000241EDF50000-0x00000241EE134000-memory.dmp

                                                                                              Filesize

                                                                                              1.9MB

                                                                                            • memory/5356-731-0x00000241EDF50000-0x00000241EE134000-memory.dmp

                                                                                              Filesize

                                                                                              1.9MB

                                                                                            • memory/5356-729-0x00000241EDF50000-0x00000241EE134000-memory.dmp

                                                                                              Filesize

                                                                                              1.9MB

                                                                                            • memory/5356-723-0x00000241EDF50000-0x00000241EE134000-memory.dmp

                                                                                              Filesize

                                                                                              1.9MB

                                                                                            • memory/5356-721-0x00000241EDF50000-0x00000241EE134000-memory.dmp

                                                                                              Filesize

                                                                                              1.9MB

                                                                                            • memory/5356-453-0x00000241ECB50000-0x00000241ECB6A000-memory.dmp

                                                                                              Filesize

                                                                                              104KB

                                                                                            • memory/5356-718-0x00000241EDF50000-0x00000241EE134000-memory.dmp

                                                                                              Filesize

                                                                                              1.9MB

                                                                                            • memory/5356-716-0x00000241EDF50000-0x00000241EE134000-memory.dmp

                                                                                              Filesize

                                                                                              1.9MB

                                                                                            • memory/5356-714-0x00000241EDF50000-0x00000241EE134000-memory.dmp

                                                                                              Filesize

                                                                                              1.9MB

                                                                                            • memory/5356-712-0x00000241EDF50000-0x00000241EE134000-memory.dmp

                                                                                              Filesize

                                                                                              1.9MB

                                                                                            • memory/5356-710-0x00000241EDF50000-0x00000241EE134000-memory.dmp

                                                                                              Filesize

                                                                                              1.9MB

                                                                                            • memory/5356-705-0x00007FFFC34C0000-0x00007FFFC360E000-memory.dmp

                                                                                              Filesize

                                                                                              1.3MB

                                                                                            • memory/5356-707-0x00000241EDF50000-0x00000241EE134000-memory.dmp

                                                                                              Filesize

                                                                                              1.9MB

                                                                                            • memory/5356-706-0x00000241EDF50000-0x00000241EE134000-memory.dmp

                                                                                              Filesize

                                                                                              1.9MB

                                                                                            • memory/5356-478-0x00000241ED560000-0x00000241ED570000-memory.dmp

                                                                                              Filesize

                                                                                              64KB

                                                                                            • memory/5356-483-0x00000241ED2B0000-0x00000241ED2D2000-memory.dmp

                                                                                              Filesize

                                                                                              136KB

                                                                                            • memory/6132-7851-0x00000158CEA20000-0x00000158CEA30000-memory.dmp

                                                                                              Filesize

                                                                                              64KB

                                                                                            • memory/6132-7986-0x00007FFFC37F0000-0x00007FFFC3817000-memory.dmp

                                                                                              Filesize

                                                                                              156KB

                                                                                            • memory/6132-7333-0x00007FFFC37F0000-0x00007FFFC3817000-memory.dmp

                                                                                              Filesize

                                                                                              156KB

                                                                                            • memory/6132-7096-0x00000158CEA20000-0x00000158CEA30000-memory.dmp

                                                                                              Filesize

                                                                                              64KB