Analysis Overview
Threat Level: Likely malicious
The file https://www.mediafire.com/file/1d8kjmuxefrpopv/Zephyr.exe/file was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Loads dropped DLL
Obfuscated with Agile.Net obfuscator
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
Adds Run key to start application
Drops file in Windows directory
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2023-06-26 18:10
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-06-26 18:10
Reported
2023-06-26 18:14
Platform
win10v2004-20230621-en
Max time kernel
142s
Max time network
162s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Zephyr.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Zephyr.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Zephyr.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Zephyr.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Zephyr.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Zephyr.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Zephyr.exe | N/A |
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2178924671-3779044592-2825503497-1000\Software\Microsoft\Windows\CurrentVersion\Run | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Fonts\Azonix.otf | C:\Users\Admin\Downloads\Zephyr.exe | N/A |
| File opened for modification | C:\Windows\Fonts\Azonix.otf | C:\Users\Admin\Downloads\Zephyr.exe | N/A |
| File created | C:\Windows\Fonts\OpenSansLight.ttf | C:\Users\Admin\Downloads\Zephyr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133322766668905676" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.mediafire.com/file/1d8kjmuxefrpopv/Zephyr.exe/file
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffd1d19758,0x7fffd1d19768,0x7fffd1d19778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1828 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3256 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3240 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4932 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5112 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5232 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5444 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5520 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5616 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5712 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=6336 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6512 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6644 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6816 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6780 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5852 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6560 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7632 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7468 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=7800 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=7780 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=8996 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5884 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9252 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9116 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3528 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7136 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7932 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3288 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7600 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:8
C:\Users\Admin\Downloads\Zephyr.exe
"C:\Users\Admin\Downloads\Zephyr.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=2772 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7796 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=7808 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=5728 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=7552 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5964 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5380 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\Zephyr.exe
"C:\Users\Admin\Downloads\Zephyr.exe"
C:\Users\Admin\Downloads\Zephyr.exe
"C:\Users\Admin\Downloads\Zephyr.exe"
C:\Users\Admin\Downloads\Zephyr.exe
"C:\Users\Admin\Downloads\Zephyr.exe"
C:\Users\Admin\Downloads\Zephyr.exe
"C:\Users\Admin\Downloads\Zephyr.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 104.16.54.48:443 | www.mediafire.com | tcp |
| US | 104.16.54.48:443 | www.mediafire.com | tcp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 104.26.6.139:443 | btloader.com | tcp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| NL | 142.250.179.206:443 | fundingchoicesmessages.google.com | tcp |
| NL | 142.250.179.206:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 104.16.56.101:443 | static.cloudflareinsights.com | tcp |
| NL | 108.156.61.65:443 | cdn.amplitude.com | tcp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | 195.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.54.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.6.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.61.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.56.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.otnolatrnup.com | udp |
| US | 104.19.215.37:443 | cdn.otnolatrnup.com | tcp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| NL | 142.251.36.10:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| NL | 142.250.179.170:443 | translate.googleapis.com | tcp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| US | 34.237.83.209:443 | btlr.sharethrough.com | tcp |
| US | 34.237.83.209:443 | btlr.sharethrough.com | tcp |
| US | 34.237.83.209:443 | btlr.sharethrough.com | tcp |
| US | 34.237.83.209:443 | btlr.sharethrough.com | tcp |
| US | 34.237.83.209:443 | btlr.sharethrough.com | tcp |
| NL | 142.250.179.206:443 | fundingchoicesmessages.google.com | udp |
| NL | 142.250.179.206:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 54.188.151.207:443 | api.amplitude.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | 189.211.227.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.215.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.2.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.63.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.83.237.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| NL | 216.58.214.14:443 | analytics.google.com | tcp |
| NL | 142.250.102.156:443 | stats.g.doubleclick.net | tcp |
| NL | 142.250.102.156:443 | stats.g.doubleclick.net | udp |
| NL | 142.251.36.10:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | cdn.prod.uidapi.com | udp |
| US | 104.22.53.86:443 | cdn.id5-sync.com | tcp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| NL | 52.222.141.36:443 | cdn.prod.uidapi.com | tcp |
| FR | 178.250.7.2:443 | static.criteo.net | tcp |
| NL | 52.222.139.7:443 | tags.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| US | 8.8.8.8:53 | 80437e6e6c60d26d706cd31e72f8f38c.safeframe.googlesyndication.com | udp |
| NL | 142.250.179.161:443 | 80437e6e6c60d26d706cd31e72f8f38c.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 207.151.188.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.146.102.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.53.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.141.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.7.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.139.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| DE | 162.19.138.118:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | oajs.openx.net | udp |
| US | 34.120.135.53:443 | oajs.openx.net | tcp |
| US | 2.18.121.70:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | esp.rtbhouse.com | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 35.190.39.111:443 | esp.rtbhouse.com | tcp |
| US | 52.202.150.89:443 | bcp.crwdcntrl.net | tcp |
| US | 35.190.39.111:443 | esp.rtbhouse.com | udp |
| US | 34.120.135.53:443 | oajs.openx.net | udp |
| NL | 142.250.179.161:443 | 80437e6e6c60d26d706cd31e72f8f38c.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| NL | 142.251.36.1:443 | tpc.googlesyndication.com | tcp |
| NL | 142.251.36.1:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| US | 34.98.64.218:443 | google-bidout-d.openx.net | tcp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| NL | 142.251.36.1:443 | tpc.googlesyndication.com | udp |
| NL | 142.250.179.161:443 | cdn.ampproject.org | tcp |
| NL | 142.250.179.161:443 | cdn.ampproject.org | tcp |
| NL | 142.250.179.161:443 | cdn.ampproject.org | tcp |
| NL | 142.250.179.161:443 | cdn.ampproject.org | tcp |
| NL | 142.250.179.161:443 | cdn.ampproject.org | tcp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | dsum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | 87.70.96.34.in-addr.arpa | udp |
| DE | 37.252.173.215:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | 161.179.250.142.in-addr.arpa | udp |
| NL | 142.250.179.162:443 | cm.g.doubleclick.net | tcp |
| NL | 142.250.179.162:443 | cm.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 118.138.19.162.in-addr.arpa | udp |
| CA | 185.80.39.216:443 | dsum-sec.casalemedia.com | tcp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.135.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.39.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.150.202.52.in-addr.arpa | udp |
| NL | 142.250.179.134:443 | s0.2mdn.net | tcp |
| US | 8.8.8.8:53 | 2.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.64.98.34.in-addr.arpa | udp |
| NL | 142.250.179.162:443 | cm.g.doubleclick.net | udp |
| DE | 37.252.173.215:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | cms.quantserve.com | udp |
| US | 8.8.8.8:53 | c1.adform.net | udp |
| CA | 185.80.39.216:443 | dsum-sec.casalemedia.com | tcp |
| US | 192.184.69.252:443 | cms.quantserve.com | tcp |
| DK | 37.157.2.234:443 | c1.adform.net | tcp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | googleads4.g.doubleclick.net | udp |
| NL | 142.250.179.130:443 | googleads4.g.doubleclick.net | tcp |
| NL | 142.250.179.130:443 | googleads4.g.doubleclick.net | tcp |
| NL | 142.250.179.134:443 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| NL | 173.223.112.20:443 | contextual.media.net | tcp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| DE | 23.218.208.200:443 | ads.pubmatic.com | tcp |
| US | 8.8.8.8:53 | 162.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.173.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.39.80.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.2.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.40.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.69.184.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | engagefront.theweathernetwork.com | udp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 34.120.23.223:443 | engagefront.theweathernetwork.com | tcp |
| NL | 213.19.162.80:443 | pixel.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | c21lg-d.media.net | udp |
| US | 8.8.8.8:53 | sync.go.sonobi.com | udp |
| US | 8.8.8.8:53 | dis.criteo.com | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | b1sync.zemanta.com | udp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| US | 8.8.8.8:53 | b1sync.zemanta.com | tcp |
| DE | 184.30.24.22:443 | c21lg-d.media.net | tcp |
| US | 8.8.8.8:53 | rtb.mfadsrvr.com | udp |
| US | 35.211.178.172:443 | x.bidswitch.net | tcp |
| US | 8.8.8.8:53 | creativecdn.com | udp |
| US | 69.166.1.10:443 | sync.go.sonobi.com | tcp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| US | 70.42.32.255:443 | b1sync.zemanta.com | tcp |
| US | 8.8.8.8:53 | cs.media.net | udp |
| DE | 184.30.24.22:443 | cs.media.net | tcp |
| US | 35.207.24.140:443 | rtb.mfadsrvr.com | tcp |
| US | 8.8.8.8:53 | p.rfihub.com | udp |
| NL | 193.0.160.130:443 | p.rfihub.com | tcp |
| US | 8.8.8.8:53 | 200.208.218.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.112.223.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.23.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.162.19.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.24.30.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.8.184.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.1.166.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.178.211.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 255.32.42.70.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.160.0.193.in-addr.arpa | udp |
| NL | 142.250.179.130:443 | googleads4.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 140.24.207.35.in-addr.arpa | udp |
| US | 35.207.24.140:443 | rtb.mfadsrvr.com | udp |
| US | 8.8.8.8:53 | widget.us.criteo.com | udp |
| US | 74.119.119.150:443 | widget.us.criteo.com | tcp |
| US | 8.8.8.8:53 | stags.bluekai.com | udp |
| US | 8.8.8.8:53 | image6.pubmatic.com | udp |
| NL | 198.47.127.19:443 | image6.pubmatic.com | tcp |
| NL | 173.223.113.181:443 | stags.bluekai.com | tcp |
| CA | 185.80.39.216:443 | dsum-sec.casalemedia.com | tcp |
| CA | 185.80.39.216:443 | dsum-sec.casalemedia.com | tcp |
| US | 8.8.8.8:53 | us-u.openx.net | udp |
| US | 8.8.8.8:53 | eu-u.openx.net | udp |
| US | 8.8.8.8:53 | sync.mathtag.com | udp |
| CH | 185.29.132.241:443 | sync.mathtag.com | tcp |
| US | 8.8.8.8:53 | d5p.de17a.com | udp |
| SE | 213.155.156.181:443 | d5p.de17a.com | tcp |
| US | 8.8.8.8:53 | simage2.pubmatic.com | udp |
| US | 104.36.113.107:443 | simage2.pubmatic.com | tcp |
| US | 104.36.113.107:443 | simage2.pubmatic.com | tcp |
| US | 8.8.8.8:53 | image2.pubmatic.com | udp |
| GB | 185.64.191.210:443 | image2.pubmatic.com | tcp |
| US | 8.8.8.8:53 | 181.113.223.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.156.155.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.113.36.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.132.29.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.119.119.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| IE | 54.239.33.159:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | sync.crwdcntrl.net | udp |
| US | 44.194.133.102:443 | sync.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | cr.frontend.weborama.fr | udp |
| US | 8.8.8.8:53 | a.audrte.com | udp |
| US | 34.234.253.86:443 | a.audrte.com | tcp |
| US | 34.111.129.221:443 | cr.frontend.weborama.fr | tcp |
| US | 8.8.8.8:53 | um.simpli.fi | udp |
| NL | 34.91.62.186:443 | um.simpli.fi | tcp |
| US | 34.111.129.221:443 | cr.frontend.weborama.fr | udp |
| NL | 216.58.214.14:443 | analytics.google.com | udp |
| CA | 185.80.39.216:443 | dsum-sec.casalemedia.com | tcp |
| US | 8.8.8.8:53 | dmp.adform.net | udp |
| DK | 37.157.6.233:443 | dmp.adform.net | tcp |
| US | 8.8.8.8:53 | 159.33.239.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.129.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.191.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.133.194.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.62.91.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.6.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.253.234.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | simage4.pubmatic.com | udp |
| US | 104.36.113.111:443 | simage4.pubmatic.com | tcp |
| US | 104.19.215.37:443 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | download2390.mediafire.com | udp |
| US | 199.91.155.131:443 | download2390.mediafire.com | tcp |
| US | 8.8.8.8:53 | 111.113.36.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.155.91.199.in-addr.arpa | udp |
| NL | 142.250.179.170:443 | translate.googleapis.com | udp |
| US | 104.19.215.37:80 | otnolatrnup.com | tcp |
| US | 104.19.215.37:80 | otnolatrnup.com | tcp |
| US | 8.8.8.8:53 | woreppercomming.com | udp |
| US | 34.199.180.187:443 | woreppercomming.com | tcp |
| US | 8.8.8.8:53 | 187.180.199.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.biphic.com | udp |
| US | 104.21.12.132:443 | www.biphic.com | tcp |
| US | 8.8.8.8:53 | www.opera.com | udp |
| US | 3.18.242.21:443 | www.opera.com | tcp |
| US | 8.8.8.8:53 | www.googleoptimize.com | udp |
| US | 8.8.8.8:53 | cdn-production-opera-website.operacdn.com | udp |
| NL | 23.222.49.6:443 | cdn-production-opera-website.operacdn.com | tcp |
| US | 8.8.8.8:53 | 132.12.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.242.18.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.49.222.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www-static.operacdn.com | udp |
| NL | 23.222.49.6:443 | cdn-production-opera-website.operacdn.com | tcp |
| US | 8.8.8.8:53 | www.redditstatic.com | udp |
| US | 151.101.1.140:443 | www.redditstatic.com | tcp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| US | 8.8.8.8:53 | cdn.taboola.com | udp |
| US | 151.101.1.44:443 | cdn.taboola.com | tcp |
| NL | 52.222.139.19:443 | static.hotjar.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | s.yimg.com | udp |
| US | 8.8.8.8:53 | tags.creativecdn.com | udp |
| NL | 87.248.116.11:443 | s.yimg.com | tcp |
| US | 34.117.98.198:443 | tags.creativecdn.com | tcp |
| FR | 157.240.196.15:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 204.79.197.200:443 | bat.bing.com | tcp |
| US | 8.8.8.8:53 | script.hotjar.com | udp |
| NL | 13.227.219.71:443 | script.hotjar.com | tcp |
| US | 8.8.8.8:53 | trc.taboola.com | udp |
| NL | 87.248.116.11:443 | s.yimg.com | tcp |
| US | 8.8.8.8:53 | 140.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.139.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ams.creativecdn.com | udp |
| US | 8.8.8.8:53 | 11.116.248.87.in-addr.arpa | udp |
| NL | 185.184.8.90:443 | ams.creativecdn.com | tcp |
| US | 8.8.8.8:53 | 198.98.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.196.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.219.227.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | alb.reddit.com | udp |
| US | 151.101.1.140:443 | alb.reddit.com | tcp |
| FR | 157.240.196.15:443 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | sp.analytics.yahoo.com | udp |
| IE | 212.82.100.181:443 | sp.analytics.yahoo.com | tcp |
| US | 8.8.8.8:53 | vc.hotjar.io | udp |
| NL | 52.222.139.17:443 | vc.hotjar.io | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| NL | 157.240.247.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 181.100.82.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.139.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.247.240.157.in-addr.arpa | udp |
| NL | 157.240.247.35:443 | www.facebook.com | udp |
| US | 8.8.8.8:53 | trc-events.taboola.com | udp |
| US | 141.226.124.48:443 | trc-events.taboola.com | tcp |
| US | 8.8.8.8:53 | 48.124.226.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| NL | 142.251.36.34:443 | ade.googlesyndication.com | tcp |
| NL | 142.251.36.34:443 | ade.googlesyndication.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 34.36.251.142.in-addr.arpa | udp |
| US | 13.89.179.8:443 | tcp | |
| NL | 142.251.36.34:443 | ade.googlesyndication.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| DE | 51.75.86.98:443 | onetag-sys.com | tcp |
| US | 8.8.8.8:53 | match.deepintent.com | udp |
| US | 169.197.150.8:443 | match.deepintent.com | tcp |
| US | 8.8.8.8:53 | 233.130.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.86.75.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.150.197.169.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pixel-eu.rubiconproject.com | udp |
| DE | 37.252.173.215:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | ssbsync-global.smartadserver.com | udp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| NL | 213.19.162.80:443 | pixel-eu.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| FR | 185.86.138.154:443 | ssbsync-global.smartadserver.com | tcp |
| US | 8.8.8.8:53 | hbx.media.net | udp |
| US | 35.190.60.146:443 | id.rlcdn.com | tcp |
| GB | 185.64.190.79:443 | image8.pubmatic.com | tcp |
| DE | 3.75.62.37:443 | ups.analytics.yahoo.com | tcp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| DE | 184.30.24.22:443 | hbx.media.net | tcp |
| US | 52.46.155.104:443 | s.amazon-adsystem.com | tcp |
| US | 35.190.60.146:443 | id.rlcdn.com | udp |
| US | 8.8.8.8:53 | 146.60.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.138.86.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.62.75.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.155.46.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.8.109.52.in-addr.arpa | udp |
| US | 93.184.221.240:80 | tcp | |
| US | 8.8.8.8:53 | w3-reporting-nel.reddit.com | udp |
| US | 151.101.1.140:443 | w3-reporting-nel.reddit.com | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 192.178.49.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | e2c6.gcp.gvt2.com | udp |
| IN | 34.93.91.7:443 | e2c6.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 3.49.178.192.in-addr.arpa | udp |
| IN | 34.93.91.7:443 | e2c6.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 7.91.93.34.in-addr.arpa | udp |
| US | 93.184.221.240:80 | tcp | |
| US | 192.178.49.3:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
Files
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 86d6876b99a4152001ce7228020c3e87 |
| SHA1 | 4081536aa6b7f680ca665f4facd438f28af5986b |
| SHA256 | acad0537cb8687e0e3d8c3987fd4b78286541a91fce011a6dece022c6cb538a9 |
| SHA512 | 67af1c211340014fcdd87897ea1e35d8dcd9a6adf7659ba38d820b3f6a600b7f8718b7296d1c1aac57853b220cd77dd35068c61e9c6347debf0ea8037542394a |
\??\pipe\crashpad_1652_JSARBZFJDZIDIYXL
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 201cf9a396abc4a9153cf62939776b0f |
| SHA1 | 01fc222d3b615e8dbc12eda325a8b9c4c007fc5c |
| SHA256 | d67bf397ba31c32e53fb08bcb13e6fa07dc801ddff1ade3a02e0f4481eb4a2d9 |
| SHA512 | 54745cc09f6d441565461fe3547c3e042a3d3afa80f8d870521c719b331938de17404f93f30ef4a30399a274dc6e21b81729566665f16c9c6f766baa17848a5e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d5f88fe034717ab16ab6d20b2328780b |
| SHA1 | de0b41fd6a1f91d7a7cccab09ffd77b43b50bfcb |
| SHA256 | 550ae954c3ca334848052d1f3a7d86756207a6a275125c6bd7514d0aad8b7a6e |
| SHA512 | b719c5d4587ddf347e5ccda25ac4c6f8469ba10322943811137d629f90dd93558a4f3c89cc234de847798ab75b0b2dbb479b085bb8923126a38d24f358409b74 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a4503d131fef5beed287790be687cf56 |
| SHA1 | 89d5245a6714dc0dea0314c0dd030f06b77ebd0e |
| SHA256 | decf9ff7b235c8a7c1cd2c8c1c6c811edb7536c07f4d1aa9d9b326e6d9395e48 |
| SHA512 | f84ccbd474403cdb3ca2bc4c495f34cbf29add0abf8c13e686605bf9482fda821fbfc34ecf9b068334777cd8d83522b9b7484fc0afa8eb39d92c597518668c9f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 68f986c93411cdaa63b218585a7c1cb5 |
| SHA1 | 0f6d198f160392dff97be19414ab11632de08a70 |
| SHA256 | 92bf3a04fd7bc61c2e001da96f59331d68882cc4ecbae2081fe497ad86cb2be9 |
| SHA512 | d3649470f6b5cb2a5928778254f8b877c5bf6fd3750ad25a90f3daee6f304fc5189e5628c7c3839de6baa7750e97bbe0172994ad798d11958dda1c208e71f2f2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 53940c3a638b70b6937aafd746f20109 |
| SHA1 | 52c0a5ffbaf4374c17ba835f9f1f1cb90a2130f7 |
| SHA256 | d8ebd0bc29150157c3caa04b93118152a0a5a82713626fcb72543516cdabd466 |
| SHA512 | 0098fc1f1b00d483ee50c675896027f67a64adc329f8f0b858e781107e3b8b7ed16029911e593b2c783209c6b2453fe7078ea6804a93b7c6c3c2562e0a085f93 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2e61c4fbd979402471d19ef978ac1f62 |
| SHA1 | b94feaace17aedc3c32c96840817fcfc5b80df11 |
| SHA256 | caa5bb39473073469f73cda1485a030c47e5b2ab9396df09ba5a8d625ce34358 |
| SHA512 | fc54e311097d005ac43936bd0c04b87686fefab1ffb992e302424021245bff1b829ae94ef01d8b44126050089e4b75f4c2acdad71a695d2f9131fb1aac9f1297 |
C:\Users\Admin\Downloads\Zephyr.exe
| MD5 | 596b0f4684d45de83c204967c06e48a3 |
| SHA1 | 933dc2dc29a17a9447c944289fed4f98e0eb5e5f |
| SHA256 | 6ff53b8187d0d3e287ad9ce3da20eca4f9dd105a2e3421ca1ad73b533ec4b91a |
| SHA512 | 8f50098d120d32a84347a8337dee27061a6914d66b951f930d491a81a9804317318f25f80467684fd4fecea6bccc6de38b2df3ee2742a54805f2cdb4413d3830 |
C:\Users\Admin\Downloads\Zephyr.exe
| MD5 | 596b0f4684d45de83c204967c06e48a3 |
| SHA1 | 933dc2dc29a17a9447c944289fed4f98e0eb5e5f |
| SHA256 | 6ff53b8187d0d3e287ad9ce3da20eca4f9dd105a2e3421ca1ad73b533ec4b91a |
| SHA512 | 8f50098d120d32a84347a8337dee27061a6914d66b951f930d491a81a9804317318f25f80467684fd4fecea6bccc6de38b2df3ee2742a54805f2cdb4413d3830 |
C:\Users\Admin\Downloads\Zephyr.exe
| MD5 | 596b0f4684d45de83c204967c06e48a3 |
| SHA1 | 933dc2dc29a17a9447c944289fed4f98e0eb5e5f |
| SHA256 | 6ff53b8187d0d3e287ad9ce3da20eca4f9dd105a2e3421ca1ad73b533ec4b91a |
| SHA512 | 8f50098d120d32a84347a8337dee27061a6914d66b951f930d491a81a9804317318f25f80467684fd4fecea6bccc6de38b2df3ee2742a54805f2cdb4413d3830 |
memory/5356-452-0x00000241E9E80000-0x00000241EAE6A000-memory.dmp
memory/5356-453-0x00000241ECB50000-0x00000241ECB6A000-memory.dmp
C:\Users\Admin\Downloads\Azonix.otf
| MD5 | cdfe47b31e9184a55cf02eef1baf7240 |
| SHA1 | b8825c605434d572f5277be0283d5a9b2cde59e4 |
| SHA256 | 51a65e5c09bf27980adf640cb54cb2a5bbb217fdaab79b377e158f92533362a9 |
| SHA512 | a2e5141c0f7ca72bcf5b1a303fce1734953d83ad363d4c3c7d8786e1bfd872a6b96eeabce3740b547a5447e255415cdf688a0d2074cecfaa0c54c49d0f2882c5 |
C:\Windows\Fonts\OpenSansLight.ttf
| MD5 | 1bf71be111189e76987a4bb9b3115cb7 |
| SHA1 | 40442c189568184b6e6c27a25d69f14d91b65039 |
| SHA256 | cf5f5184c1441a1660aa52526328e9d5c2793e77b6d8d3a3ad654bdb07ab8424 |
| SHA512 | cb18b69e98a194af5e3e3d982a75254f3a20bd94c68816a15f38870b9be616cef0c32033f253219cca9146b2b419dd6df28cc4ceeff80d01f400aa0ed101e061 |
memory/5356-478-0x00000241ED560000-0x00000241ED570000-memory.dmp
memory/5356-483-0x00000241ED2B0000-0x00000241ED2D2000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3e6aabf83748d57015aba15ae80a5c8b |
| SHA1 | ae1ed356187487dc05aed2f092c9ed5fb453db3e |
| SHA256 | 7b6a9cbc5627fd94ed85c1d774c3b676c1fb6aadf3322c7dc3916e6755b616c9 |
| SHA512 | 519039e79a49466094a33d17ef666d5f2412ebfefe05e94050aff96e00f2201eb5137a556f7116a1d42cb115a00713d9c742e04780338a51173f8a2bfe723a57 |
C:\Users\Admin\AppData\Local\Ambrosial\log.txt
| MD5 | e986a8ed39c97c020f7ccebb9bf13b55 |
| SHA1 | 33d3b7b13af6a736a444a460ef0fba2b247648e9 |
| SHA256 | ac1419b61cd1e31b25756ea33c5af14f5d897e6c071a7b1bb11c5adbcd9995ae |
| SHA512 | 503be690f615a04d78ea442dc20f4660b8932d4db307b9b1f613b01346a28aedfc41bdeb9d301a761d430a1cd3f79463a3e7fd45cba8dbd26f48a3a8f62be002 |
C:\Users\Admin\AppData\Local\Ambrosial\log.txt
| MD5 | fc894506dd5e5551083afa9561b77d2e |
| SHA1 | 000b3300f6bcd47333100e3712dc7947dd67a596 |
| SHA256 | d802265463d8ccdeded7b7ce027f2c6fedebfd7dd9db59e2fc63e89ebc08d54f |
| SHA512 | 5d736535572df80ee5ec7112f76a4f4b36e48909554bc1c953b4e6a4207557a7b3a7cd5a2c206a0fe7a15f17eed433b8f883c8dee0fce8788e7aeb731c2cd6e2 |
C:\Users\Admin\AppData\Local\Ambrosial\assets\clients\1.19.3004.0\Zephyr Classic\launcherAssets\ProjectHalcyon.png
| MD5 | cf4b10cab822fb4e563d5c1fc7757a30 |
| SHA1 | 57328884b3e1ebf4eaeb4715a33bf93a52c95d53 |
| SHA256 | abb9e95c2b6bf7f7fad5f483b9e3e746bbca54a82ff79009d0760dcd2ff013cc |
| SHA512 | f0607ac012b3e86a56f63b9778bde661424e56b3b048f24c8d82b693fe673e860bf0225863f4f71915a1c8c5c83f3caa0de796a0059860d62e378e0b98135eb0 |
C:\Users\Admin\AppData\Local\Ambrosial\log.txt
| MD5 | fc894506dd5e5551083afa9561b77d2e |
| SHA1 | 000b3300f6bcd47333100e3712dc7947dd67a596 |
| SHA256 | d802265463d8ccdeded7b7ce027f2c6fedebfd7dd9db59e2fc63e89ebc08d54f |
| SHA512 | 5d736535572df80ee5ec7112f76a4f4b36e48909554bc1c953b4e6a4207557a7b3a7cd5a2c206a0fe7a15f17eed433b8f883c8dee0fce8788e7aeb731c2cd6e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c4fcc8fa78fc157bf0cf4308e17bb6ff |
| SHA1 | 3bbdde8b00423181f81ca715f6d22d4f7c001628 |
| SHA256 | 61a18416d4b9cb4e3d5133b317cdd6273f7224b757da3c90c504223b33b2d8d4 |
| SHA512 | 10dfef44489ec5056348baab5c8670a2015d962c9048df3e17654bc751a90c778234a157a68516c2291ea9e59e2365b13795a4db82fe6572a9ecfb9e9eb86a36 |
C:\Users\Admin\AppData\Local\Temp\0e1a63fc-9228-4b4f-96fc-fee060f96e92\GunaDotNetRT64.dll
| MD5 | 9c43f77cb7cff27cb47ed67babe3eda5 |
| SHA1 | b0400cf68249369d21de86bd26bb84ccffd47c43 |
| SHA256 | f25b9288fe370dcfcb4823fb4e44ab88c7f5fce6e137d0dba389a3dba07d621e |
| SHA512 | cde6fb6cf8db6f9746e69e6c10214e60b3646700d70b49668a2a792e309714dd2d4c5a5241977a833a95fcde8318abcc89eb9968a5039a0b75726bbfa27125a7 |
C:\Users\Admin\AppData\Local\Temp\0e1a63fc-9228-4b4f-96fc-fee060f96e92\GunaDotNetRT64.dll
| MD5 | 9c43f77cb7cff27cb47ed67babe3eda5 |
| SHA1 | b0400cf68249369d21de86bd26bb84ccffd47c43 |
| SHA256 | f25b9288fe370dcfcb4823fb4e44ab88c7f5fce6e137d0dba389a3dba07d621e |
| SHA512 | cde6fb6cf8db6f9746e69e6c10214e60b3646700d70b49668a2a792e309714dd2d4c5a5241977a833a95fcde8318abcc89eb9968a5039a0b75726bbfa27125a7 |
memory/5356-706-0x00000241EDF50000-0x00000241EE134000-memory.dmp
memory/5356-707-0x00000241EDF50000-0x00000241EE134000-memory.dmp
memory/5356-705-0x00007FFFC34C0000-0x00007FFFC360E000-memory.dmp
memory/5356-709-0x00007FFFC37F0000-0x00007FFFC3817000-memory.dmp
memory/5356-710-0x00000241EDF50000-0x00000241EE134000-memory.dmp
memory/5356-712-0x00000241EDF50000-0x00000241EE134000-memory.dmp
memory/5356-714-0x00000241EDF50000-0x00000241EE134000-memory.dmp
memory/5356-716-0x00000241EDF50000-0x00000241EE134000-memory.dmp
memory/5356-718-0x00000241EDF50000-0x00000241EE134000-memory.dmp
memory/5356-721-0x00000241EDF50000-0x00000241EE134000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | efc6a463686adb4233bc6b344d7aa760 |
| SHA1 | 085f982372942f7fa77926cf585dd46935ffba3f |
| SHA256 | 963bf915975122e993bc283243bd7aa68d1f89fdda2a609a8b5ad1adc2e64c30 |
| SHA512 | fc23491520df400de344342a3fa23105c9a6a7278a446a1618fe594bdd51e3ced157595e411d68968d157405c059b37e209391ec6168b9c04416536a1adca006 |
memory/5356-723-0x00000241EDF50000-0x00000241EE134000-memory.dmp
memory/5356-729-0x00000241EDF50000-0x00000241EE134000-memory.dmp
memory/5356-731-0x00000241EDF50000-0x00000241EE134000-memory.dmp
memory/5356-733-0x00000241EDF50000-0x00000241EE134000-memory.dmp
memory/5356-735-0x00000241EDF50000-0x00000241EE134000-memory.dmp
memory/5356-737-0x00000241EDF50000-0x00000241EE134000-memory.dmp
memory/5356-739-0x00000241EDF50000-0x00000241EE134000-memory.dmp
memory/5356-741-0x00000241EDF50000-0x00000241EE134000-memory.dmp
memory/5356-743-0x00000241EDF50000-0x00000241EE134000-memory.dmp
memory/5356-745-0x00000241EDF50000-0x00000241EE134000-memory.dmp
memory/5356-747-0x00000241EDF50000-0x00000241EE134000-memory.dmp
memory/5356-749-0x00000241EDF50000-0x00000241EE134000-memory.dmp
memory/5356-751-0x00000241EDF50000-0x00000241EE134000-memory.dmp
memory/5356-753-0x00000241EDF50000-0x00000241EE134000-memory.dmp
memory/5356-755-0x00000241EDF50000-0x00000241EE134000-memory.dmp
memory/5356-757-0x00000241EDF50000-0x00000241EE134000-memory.dmp
memory/5356-759-0x00000241EDF50000-0x00000241EE134000-memory.dmp
memory/5356-761-0x00000241EDF50000-0x00000241EE134000-memory.dmp
memory/5356-763-0x00000241EDF50000-0x00000241EE134000-memory.dmp
memory/5356-765-0x00000241EDF50000-0x00000241EE134000-memory.dmp
memory/5356-767-0x00000241EDF50000-0x00000241EE134000-memory.dmp
memory/5356-769-0x00000241EDF50000-0x00000241EE134000-memory.dmp
memory/5356-771-0x00000241EDF50000-0x00000241EE134000-memory.dmp
memory/5356-773-0x00000241EDF50000-0x00000241EE134000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8db45014a6e8ef3a4c92df35cde28072 |
| SHA1 | 28e0311c84e53095c1f16080597714d6ed4f184a |
| SHA256 | cd67b3c6d781f6c0eaa2e36f8486b23f47f2105b2c74860596dc5c0f863df86c |
| SHA512 | 5a02eb06863103c08eb102dd1d7a1bbf3ba415c3e5d86e6eee277e0b22a31758b78c388c260d39c1c78fef2db50594a8cc68f81191e23f4278bc795e8f42ad67 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 15971893cc915e883cc1ce6a6d9ea9d8 |
| SHA1 | 007ac1fcb2297e435624e675ba93b16eb987a6c8 |
| SHA256 | 89a178116b250779a5972a1f0d7c67f01b4000e3ad6cb05ba438349b3a8c0556 |
| SHA512 | 25e2eb0659027f55147ecabecc253e63ffa2a93ec64bb663e405c0569cd111f0f151cc35d388d21ef231ebe8cdf5bd31f6dff4d4a95c9b7ac949b24c3366d6dc |
memory/5356-980-0x00000241ED560000-0x00000241ED570000-memory.dmp
memory/5356-1152-0x00007FFFC37F0000-0x00007FFFC3817000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2f8cfdeaf9dd24b3a717282b2e800ab8 |
| SHA1 | 169c76a439cd43a1f11d0215f0b6d55a90393cba |
| SHA256 | 95f8cf6aa440972f8729574098b7a970dc049b8d10413db3de5956e0f0e6a6db |
| SHA512 | 6f364c31c35897b2dc8768d08adde122fbe6b7506bd707fdccdd29383066484906f3c2310406a713dc22bb0184555fe8aad893abdb35d6daa454a1e8ede4634d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a60477433ba5ffe257a49b352a0d99df |
| SHA1 | be0c24252d69ca8af8f9fdc7a05d2ba6e04797f6 |
| SHA256 | 4e0ad62c635fad7a638839767a5460138f37304452ee7d9bc6d7deefc184d221 |
| SHA512 | d34c396d12df8e1555709257dbb51f2774c042b0a9e95846c3b50a7288ed05d39dca2465ffd408cedc9b85c00426d25c1d9fa331aff6654bcf71e6fdb28ce106 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | b548a862228e0ccec48ae798eb6d72c5 |
| SHA1 | 1e000f2229ce4ad3349f174a5ece3152f7b67b5a |
| SHA256 | eb0dc8b4602be07fcc3c59a689c2233771929d24bf6400e392fbcd8ae14ccfce |
| SHA512 | 3a196493da6ead5151d018af6e24167110dba340d660e68ad6bbbbe177d02378c8f1fd59dac32c4b5821b3bb217ae8d83c38bc695737a54cae11b13997b04cc8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 9f1ba0cbb53b11275b963d58b7d7dbe4 |
| SHA1 | b086073e715e2650242c8e59d8e3b706ca893540 |
| SHA256 | bebb48962b894b4c2178fcb377d4fa7c9b9e59d7e6303aa909cc3e8cbee98e64 |
| SHA512 | 72ac844c037d887780c125d362db7efa92461c640aedaa6ed6afb0d9f280c97eb408ccd6def760d245ea20cfb150e3c236305ee8fc3ae05d22ffead008b3b7aa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7c2e5fc9dfdd0714b935698b0e0de219 |
| SHA1 | a1af63bd7355c1f968a8023f44ec622b7acb51f8 |
| SHA256 | efbc04fc4519dc6fdc79f301b6e6bc78ad13a41672e5b597fc536a66441c79fc |
| SHA512 | 11b40fea2d22870f9d0e3157573403b7a7e7324bde9a0c3be136ced632a1802df0b0322781b522b9d43ad4f8f1df43c3a3f9be7c8dede468d00516582f1dd549 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | bfcbe2d28d8c54d313e596e2db5e3207 |
| SHA1 | 899b092123b98751a06118ccf7b3e3b6b4b2dd45 |
| SHA256 | 8e76c07b2675d3da437bd9b0a881ba3869b4f8e654c25b1ca65bc6e470a09624 |
| SHA512 | 7eed88ecb32246cdaf710aaedda701325beb54676e9540a48d4dbd779009cad9a6339746050bc59ceee4a774a179439e91e30b5ef59d79bc042fbca51d7cb1f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 52f5a3935958d9066874492bf6103293 |
| SHA1 | 818c27cad5f2f2fab5afdcf5249591d79aeab4f8 |
| SHA256 | dcafc7ba296d3cd9fca7bd246aba1b1a3367d98eae8d32859df7ae09af32ca2d |
| SHA512 | 5f85aa44a70cbdc2e8795b05e85cd08714ddc63eb3d7b1e65ffa4f34c9987b87f0d1a6dadc0e988727467cf4ad3b1d8ee008440b7a0b3838dcb82b0065154cda |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | adf1a1f80d85bcc620fb695bba35b212 |
| SHA1 | c5eff53f7d301a6bacb829178eec5b83fe61078e |
| SHA256 | 02177fda3bb90cc0aff9b8cbc96004bae7c176ea2324457bc2c9b5397b7513e8 |
| SHA512 | de692779bacc67dda207bd57badef99214ba823dda7d95cbac05feb843c9112543cbf053655cf6848aa3065bae9dfb28410e721954d775120381d99ed8fac4d4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3ddcd466d25f784503626cb551b26c9d |
| SHA1 | 1f23a35008d30972cbf731230f9b61fcc9dcf307 |
| SHA256 | f8db4fc901b4df85041ee7ff839a66b2748d3f7cab4efcfe0967a69226c23a71 |
| SHA512 | 3c29fe9db9d6161eb2e5a3cd3f2b9c2c2d2876103d244236ff14c9332a927b71c532761d75a59aa86f86e999ef5a44214e21da1b818278c1e465715ff986a308 |
C:\Users\Admin\Downloads\Zephyr.exe
| MD5 | 596b0f4684d45de83c204967c06e48a3 |
| SHA1 | 933dc2dc29a17a9447c944289fed4f98e0eb5e5f |
| SHA256 | 6ff53b8187d0d3e287ad9ce3da20eca4f9dd105a2e3421ca1ad73b533ec4b91a |
| SHA512 | 8f50098d120d32a84347a8337dee27061a6914d66b951f930d491a81a9804317318f25f80467684fd4fecea6bccc6de38b2df3ee2742a54805f2cdb4413d3830 |
C:\Users\Admin\AppData\Local\Ambrosial\log.txt
| MD5 | e789b19841c377dbf06609fb6690f37f |
| SHA1 | 4de9791a1d51953ce88762980e617bcf36fbb269 |
| SHA256 | 61c9acbe33d087b4dee62712c62bebdc869fec29b06ea724a582a3e2bdf446e9 |
| SHA512 | ebbbd6fd2cc663a2316abe541b0c65c8d664c6e91fda2e7ac9ccc0cfd0db0703ccb3530c57b9e38f26e447e8271b01f9c38184b0ee391418ac1f7ce533daacaa |
memory/3848-6569-0x0000018EB2380000-0x0000018EB2390000-memory.dmp
C:\Users\Admin\AppData\Local\Ambrosial\assets\clients\cachedclients.json
| MD5 | 3247e6bc53d0be2619dde6e003a7a03e |
| SHA1 | d495da042dacdfc763992a32a8707616356d88b8 |
| SHA256 | aa8790dd7c8736ccc8f27a41a981537f8a2319b042bac44cbfeffcaa1606f8f2 |
| SHA512 | bf2b22d1b490a3806a518aa28f573066eaf66ce5cb186a090b58c1d9f3a2bea43ebee1ce85c58d89423e401656fa3e2ec75850fce956c749adcd7a9a92b33dc6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
| MD5 | d6c20517032a51ca84d23d1e851d629c |
| SHA1 | 872110867cdce8b8a7e5d6993c7f54931ef527b7 |
| SHA256 | ab6ee7c0a420d1477a0af092af461abfdd9e6df504ca6796f01aedb8af841297 |
| SHA512 | 84ee423d035d49d3190e73e04abcd536983ed586a0c6818d80b7ed2ba91df88eb9d02bd8586345254c9ef0c252a8730fae98db0b805b15f68b180b8d91115ec4 |
C:\Users\Admin\AppData\Local\Ambrosial\log.txt
| MD5 | cca2fbf55652db066704177aebf13702 |
| SHA1 | e83d3bd72c58e785b69537b6c9a7f87879b0e64f |
| SHA256 | 9df860ecfc34d53037fa4324be520d179d1ab1ecf06fc227f60fbf859a61ee14 |
| SHA512 | 996af9a153873664b0aa5033026b7f6bc892bc5f2cb84dc99048c84f8a546e7bf072fb94b0b13a6a85e6d1da589ef7d3aa21d963110e7473960b041bf871da8c |
C:\Users\Admin\AppData\Local\Temp\0e1a63fc-9228-4b4f-96fc-fee060f96e92\GunaDotNetRT64.dll
| MD5 | 9c43f77cb7cff27cb47ed67babe3eda5 |
| SHA1 | b0400cf68249369d21de86bd26bb84ccffd47c43 |
| SHA256 | f25b9288fe370dcfcb4823fb4e44ab88c7f5fce6e137d0dba389a3dba07d621e |
| SHA512 | cde6fb6cf8db6f9746e69e6c10214e60b3646700d70b49668a2a792e309714dd2d4c5a5241977a833a95fcde8318abcc89eb9968a5039a0b75726bbfa27125a7 |
C:\Users\Admin\AppData\Local\Temp\0e1a63fc-9228-4b4f-96fc-fee060f96e92\GunaDotNetRT64.dll
| MD5 | 9c43f77cb7cff27cb47ed67babe3eda5 |
| SHA1 | b0400cf68249369d21de86bd26bb84ccffd47c43 |
| SHA256 | f25b9288fe370dcfcb4823fb4e44ab88c7f5fce6e137d0dba389a3dba07d621e |
| SHA512 | cde6fb6cf8db6f9746e69e6c10214e60b3646700d70b49668a2a792e309714dd2d4c5a5241977a833a95fcde8318abcc89eb9968a5039a0b75726bbfa27125a7 |
memory/3848-6774-0x00007FFFC37F0000-0x00007FFFC3817000-memory.dmp
memory/3848-7029-0x0000018EB2380000-0x0000018EB2390000-memory.dmp
C:\Users\Admin\Downloads\Zephyr.exe
| MD5 | 596b0f4684d45de83c204967c06e48a3 |
| SHA1 | 933dc2dc29a17a9447c944289fed4f98e0eb5e5f |
| SHA256 | 6ff53b8187d0d3e287ad9ce3da20eca4f9dd105a2e3421ca1ad73b533ec4b91a |
| SHA512 | 8f50098d120d32a84347a8337dee27061a6914d66b951f930d491a81a9804317318f25f80467684fd4fecea6bccc6de38b2df3ee2742a54805f2cdb4413d3830 |
C:\Users\Admin\Downloads\Zephyr.exe
| MD5 | 596b0f4684d45de83c204967c06e48a3 |
| SHA1 | 933dc2dc29a17a9447c944289fed4f98e0eb5e5f |
| SHA256 | 6ff53b8187d0d3e287ad9ce3da20eca4f9dd105a2e3421ca1ad73b533ec4b91a |
| SHA512 | 8f50098d120d32a84347a8337dee27061a6914d66b951f930d491a81a9804317318f25f80467684fd4fecea6bccc6de38b2df3ee2742a54805f2cdb4413d3830 |
C:\Users\Admin\AppData\Local\Ambrosial\log.txt
| MD5 | cca2fbf55652db066704177aebf13702 |
| SHA1 | e83d3bd72c58e785b69537b6c9a7f87879b0e64f |
| SHA256 | 9df860ecfc34d53037fa4324be520d179d1ab1ecf06fc227f60fbf859a61ee14 |
| SHA512 | 996af9a153873664b0aa5033026b7f6bc892bc5f2cb84dc99048c84f8a546e7bf072fb94b0b13a6a85e6d1da589ef7d3aa21d963110e7473960b041bf871da8c |
memory/6132-7096-0x00000158CEA20000-0x00000158CEA30000-memory.dmp
memory/3848-7093-0x00007FFFC37F0000-0x00007FFFC3817000-memory.dmp
C:\Users\Admin\AppData\Local\Ambrosial\log.txt
| MD5 | 992863f4abe161a1320a4cfcd8efb3bc |
| SHA1 | 0d5f089a174543f564c28cd45d42c9def8e152de |
| SHA256 | 06892a0ce79de3b7380a8f66566654f456d5dd4c9434f7061ae542d4919c35ff |
| SHA512 | 725d986596c3e6014a8a39631315e386cb9f770d552070427d12e131c95528f12f98705b24f104f48b15485a7812078f7cde7f72bc1b103a83b2a7093771a36a |
C:\Users\Admin\Downloads\Zephyr.exe
| MD5 | 596b0f4684d45de83c204967c06e48a3 |
| SHA1 | 933dc2dc29a17a9447c944289fed4f98e0eb5e5f |
| SHA256 | 6ff53b8187d0d3e287ad9ce3da20eca4f9dd105a2e3421ca1ad73b533ec4b91a |
| SHA512 | 8f50098d120d32a84347a8337dee27061a6914d66b951f930d491a81a9804317318f25f80467684fd4fecea6bccc6de38b2df3ee2742a54805f2cdb4413d3830 |
memory/4336-7137-0x000001CAFF810000-0x000001CAFF820000-memory.dmp
C:\Users\Admin\AppData\Local\Ambrosial\log.txt
| MD5 | c51a8c76c59b041835dc0bf1bcf9769f |
| SHA1 | 97b442ab5da63350279bae9fecdf50784120c164 |
| SHA256 | 49545eda5995edf1bef71576ffb58371c5e95e85c16e75c828c78b369e9fe617 |
| SHA512 | 29b2fa7b901c22d1b0af978b002f67e917c1d4c1aef7511764b2a06f51d696231ac5749d571d95b97a19f6d4c461a7828e9f4c02cd287ffd0fe35f23b86b0c0e |
C:\Users\Admin\AppData\Local\Ambrosial\assets\clients\cachedclients.json
| MD5 | 3247e6bc53d0be2619dde6e003a7a03e |
| SHA1 | d495da042dacdfc763992a32a8707616356d88b8 |
| SHA256 | aa8790dd7c8736ccc8f27a41a981537f8a2319b042bac44cbfeffcaa1606f8f2 |
| SHA512 | bf2b22d1b490a3806a518aa28f573066eaf66ce5cb186a090b58c1d9f3a2bea43ebee1ce85c58d89423e401656fa3e2ec75850fce956c749adcd7a9a92b33dc6 |
C:\Users\Admin\AppData\Local\Ambrosial\log.txt
| MD5 | 14c29dd2f4a7bc27cb182ec49efc1227 |
| SHA1 | 9285696cc33085ffefbf197a29e2989f875d00bc |
| SHA256 | 17a6fa358e181db21e5d986f567d8866308de02688ef58ce678ba6c041e501a3 |
| SHA512 | 6fc181b1491645a3704626c5f382d74d49ca9a30dd15220d220cbe93786747ca28452843625bd18d40aec06cac613513c97f8274db4404cee2c8dd446c91a669 |
memory/3904-7291-0x00000209741E0000-0x00000209741F0000-memory.dmp
C:\Users\Admin\AppData\Local\Ambrosial\assets\clients\cachedclients.json
| MD5 | 3247e6bc53d0be2619dde6e003a7a03e |
| SHA1 | d495da042dacdfc763992a32a8707616356d88b8 |
| SHA256 | aa8790dd7c8736ccc8f27a41a981537f8a2319b042bac44cbfeffcaa1606f8f2 |
| SHA512 | bf2b22d1b490a3806a518aa28f573066eaf66ce5cb186a090b58c1d9f3a2bea43ebee1ce85c58d89423e401656fa3e2ec75850fce956c749adcd7a9a92b33dc6 |
C:\Users\Admin\AppData\Local\Ambrosial\log.txt
| MD5 | 14c29dd2f4a7bc27cb182ec49efc1227 |
| SHA1 | 9285696cc33085ffefbf197a29e2989f875d00bc |
| SHA256 | 17a6fa358e181db21e5d986f567d8866308de02688ef58ce678ba6c041e501a3 |
| SHA512 | 6fc181b1491645a3704626c5f382d74d49ca9a30dd15220d220cbe93786747ca28452843625bd18d40aec06cac613513c97f8274db4404cee2c8dd446c91a669 |
C:\Users\Admin\AppData\Local\Ambrosial\log.txt
| MD5 | 14c29dd2f4a7bc27cb182ec49efc1227 |
| SHA1 | 9285696cc33085ffefbf197a29e2989f875d00bc |
| SHA256 | 17a6fa358e181db21e5d986f567d8866308de02688ef58ce678ba6c041e501a3 |
| SHA512 | 6fc181b1491645a3704626c5f382d74d49ca9a30dd15220d220cbe93786747ca28452843625bd18d40aec06cac613513c97f8274db4404cee2c8dd446c91a669 |
C:\Users\Admin\Downloads\YuGothL.ttc
| MD5 | 0fd31d088de3a9062313bbe326e2b0f8 |
| SHA1 | 9691c2a7714878a75fe2171bb482c032ba55d2f4 |
| SHA256 | 536a19fa3e895ec798da3adbbeb6ea5a061230ac6a3b1b89bf4424f71d844303 |
| SHA512 | be700ee2122fc6e535743ae719c9a726cd6082dbf771ae56ae0ba21fbd078f1741334bf0762208cb96e434124e7e7562fb1ab7c78c2f47b3628a5c0c20150236 |
C:\Users\Admin\AppData\Local\Ambrosial\log.txt
| MD5 | a7a11c2fc4783475ec08816283f79a10 |
| SHA1 | 27e3e683f1d0fc8d24f5530f2607d8c2b3e3edb4 |
| SHA256 | f86da4f3ebc4fe94f2215e97868f28f7933b6b4e8120f8989ba16072148da019 |
| SHA512 | f162f246a471435d79a852f36c6d599e541a5dc5169012e919965d005eef5171de831cc3b2b07cb6ff00f84c3af4a4bcf69d815b11ea06f26bf5bdc3e89bab5f |
C:\Users\Admin\AppData\Local\Ambrosial\log.txt
| MD5 | a7a11c2fc4783475ec08816283f79a10 |
| SHA1 | 27e3e683f1d0fc8d24f5530f2607d8c2b3e3edb4 |
| SHA256 | f86da4f3ebc4fe94f2215e97868f28f7933b6b4e8120f8989ba16072148da019 |
| SHA512 | f162f246a471435d79a852f36c6d599e541a5dc5169012e919965d005eef5171de831cc3b2b07cb6ff00f84c3af4a4bcf69d815b11ea06f26bf5bdc3e89bab5f |
C:\Users\Admin\AppData\Local\Temp\0e1a63fc-9228-4b4f-96fc-fee060f96e92\GunaDotNetRT64.dll
| MD5 | 9c43f77cb7cff27cb47ed67babe3eda5 |
| SHA1 | b0400cf68249369d21de86bd26bb84ccffd47c43 |
| SHA256 | f25b9288fe370dcfcb4823fb4e44ab88c7f5fce6e137d0dba389a3dba07d621e |
| SHA512 | cde6fb6cf8db6f9746e69e6c10214e60b3646700d70b49668a2a792e309714dd2d4c5a5241977a833a95fcde8318abcc89eb9968a5039a0b75726bbfa27125a7 |
memory/6132-7333-0x00007FFFC37F0000-0x00007FFFC3817000-memory.dmp
C:\Users\Admin\AppData\Local\Ambrosial\log.txt
| MD5 | ac0ca68287e669d5e03c5395dd3c0385 |
| SHA1 | 87a7605f62befacfa84e4ab8b7f97de45b719f53 |
| SHA256 | a59f4ebb55227879253a42c2dde54b1a4e45c0728417e8c6676a629d34bc258f |
| SHA512 | 2cf311b146ce95909271ae1ecbb8c5009e43f3b71c5ea855311b1d93af574fc61d09edc7074ea5644bd144fa76aae0c6d9eb7e7abb9bdcb1a35e31d2b3a6edfd |
C:\Users\Admin\AppData\Local\Ambrosial\log.txt
| MD5 | ac0ca68287e669d5e03c5395dd3c0385 |
| SHA1 | 87a7605f62befacfa84e4ab8b7f97de45b719f53 |
| SHA256 | a59f4ebb55227879253a42c2dde54b1a4e45c0728417e8c6676a629d34bc258f |
| SHA512 | 2cf311b146ce95909271ae1ecbb8c5009e43f3b71c5ea855311b1d93af574fc61d09edc7074ea5644bd144fa76aae0c6d9eb7e7abb9bdcb1a35e31d2b3a6edfd |
C:\Users\Admin\AppData\Local\Temp\0e1a63fc-9228-4b4f-96fc-fee060f96e92\GunaDotNetRT64.dll
| MD5 | 9c43f77cb7cff27cb47ed67babe3eda5 |
| SHA1 | b0400cf68249369d21de86bd26bb84ccffd47c43 |
| SHA256 | f25b9288fe370dcfcb4823fb4e44ab88c7f5fce6e137d0dba389a3dba07d621e |
| SHA512 | cde6fb6cf8db6f9746e69e6c10214e60b3646700d70b49668a2a792e309714dd2d4c5a5241977a833a95fcde8318abcc89eb9968a5039a0b75726bbfa27125a7 |
memory/4336-7493-0x00007FFFC37F0000-0x00007FFFC3817000-memory.dmp
C:\Users\Admin\AppData\Local\Ambrosial\log.txt
| MD5 | 26f6278d6a5024d6d29466d322bce197 |
| SHA1 | cc928d4375e790c53c4dc4b6e140333a4666212a |
| SHA256 | a9bcb455b40e2bf7c91480952168be1aa85377dee76b8d821aafb24c4b71d5a4 |
| SHA512 | 11437f83b19c374e803e2508f39252a80eff89138c8af4a5a86085289884f97520295838d2efea7b24443ee56611247c9edf806dd9387744f5aac27ae920642a |
C:\Users\Admin\AppData\Local\Ambrosial\assets\clients\cachedclients.json
| MD5 | 3247e6bc53d0be2619dde6e003a7a03e |
| SHA1 | d495da042dacdfc763992a32a8707616356d88b8 |
| SHA256 | aa8790dd7c8736ccc8f27a41a981537f8a2319b042bac44cbfeffcaa1606f8f2 |
| SHA512 | bf2b22d1b490a3806a518aa28f573066eaf66ce5cb186a090b58c1d9f3a2bea43ebee1ce85c58d89423e401656fa3e2ec75850fce956c749adcd7a9a92b33dc6 |
C:\Users\Admin\AppData\Local\Ambrosial\assets\clients\cachedclients.json
| MD5 | 3247e6bc53d0be2619dde6e003a7a03e |
| SHA1 | d495da042dacdfc763992a32a8707616356d88b8 |
| SHA256 | aa8790dd7c8736ccc8f27a41a981537f8a2319b042bac44cbfeffcaa1606f8f2 |
| SHA512 | bf2b22d1b490a3806a518aa28f573066eaf66ce5cb186a090b58c1d9f3a2bea43ebee1ce85c58d89423e401656fa3e2ec75850fce956c749adcd7a9a92b33dc6 |
memory/3904-7728-0x00007FFFC37F0000-0x00007FFFC3817000-memory.dmp
memory/6132-7851-0x00000158CEA20000-0x00000158CEA30000-memory.dmp
memory/4336-7895-0x000001CAFF810000-0x000001CAFF820000-memory.dmp
memory/3904-7941-0x00000209741E0000-0x00000209741F0000-memory.dmp
memory/6132-7986-0x00007FFFC37F0000-0x00007FFFC3817000-memory.dmp
memory/4336-8031-0x00007FFFC37F0000-0x00007FFFC3817000-memory.dmp
memory/3904-8157-0x00007FFFC37F0000-0x00007FFFC3817000-memory.dmp