Malware Analysis Report

2025-05-28 16:41

Sample ID 230626-wsbrqacb7w
Target https://www.mediafire.com/file/1d8kjmuxefrpopv/Zephyr.exe/file
Tags
agilenet persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://www.mediafire.com/file/1d8kjmuxefrpopv/Zephyr.exe/file was found to be: Likely malicious.

Malicious Activity Summary

agilenet persistence

Downloads MZ/PE file

Loads dropped DLL

Obfuscated with Agile.Net obfuscator

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Adds Run key to start application

Drops file in Windows directory

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-06-26 18:10

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-06-26 18:10

Reported

2023-06-26 18:14

Platform

win10v2004-20230621-en

Max time kernel

142s

Max time network

162s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.mediafire.com/file/1d8kjmuxefrpopv/Zephyr.exe/file

Signatures

Downloads MZ/PE file

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Zephyr.exe N/A
N/A N/A C:\Users\Admin\Downloads\Zephyr.exe N/A

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2178924671-3779044592-2825503497-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Fonts\Azonix.otf C:\Users\Admin\Downloads\Zephyr.exe N/A
File opened for modification C:\Windows\Fonts\Azonix.otf C:\Users\Admin\Downloads\Zephyr.exe N/A
File created C:\Windows\Fonts\OpenSansLight.ttf C:\Users\Admin\Downloads\Zephyr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133322766668905676" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1652 wrote to memory of 364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 3784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 3784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.mediafire.com/file/1d8kjmuxefrpopv/Zephyr.exe/file

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffd1d19758,0x7fffd1d19768,0x7fffd1d19778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1828 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3256 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3240 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4932 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5112 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5232 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5444 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5520 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5616 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5712 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=6336 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6512 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6644 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6816 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6780 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5852 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6560 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7632 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7468 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=7800 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=7780 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=8996 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5884 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9252 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9116 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3528 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7136 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7932 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3288 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7600 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:8

C:\Users\Admin\Downloads\Zephyr.exe

"C:\Users\Admin\Downloads\Zephyr.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=2772 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7796 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=7808 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=5728 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=7552 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5964 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5380 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\Zephyr.exe

"C:\Users\Admin\Downloads\Zephyr.exe"

C:\Users\Admin\Downloads\Zephyr.exe

"C:\Users\Admin\Downloads\Zephyr.exe"

C:\Users\Admin\Downloads\Zephyr.exe

"C:\Users\Admin\Downloads\Zephyr.exe"

C:\Users\Admin\Downloads\Zephyr.exe

"C:\Users\Admin\Downloads\Zephyr.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.mediafire.com udp
US 104.16.54.48:443 www.mediafire.com tcp
US 104.16.54.48:443 www.mediafire.com tcp
US 8.8.8.8:53 btloader.com udp
US 104.26.6.139:443 btloader.com tcp
US 8.8.8.8:53 translate.google.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
NL 142.250.179.206:443 fundingchoicesmessages.google.com tcp
NL 142.250.179.206:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 cdn.amplitude.com udp
US 104.16.56.101:443 static.cloudflareinsights.com tcp
NL 108.156.61.65:443 cdn.amplitude.com tcp
US 8.8.8.8:53 static.mediafire.com udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 48.54.16.104.in-addr.arpa udp
US 8.8.8.8:53 200.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 139.6.26.104.in-addr.arpa udp
US 8.8.8.8:53 206.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 65.61.156.108.in-addr.arpa udp
US 8.8.8.8:53 101.56.16.104.in-addr.arpa udp
US 8.8.8.8:53 194.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 cdn.otnolatrnup.com udp
US 104.19.215.37:443 cdn.otnolatrnup.com tcp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 ad-delivery.net udp
US 130.211.23.194:443 api.btloader.com tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
NL 142.251.36.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 translate.googleapis.com udp
NL 142.250.179.170:443 translate.googleapis.com tcp
US 8.8.8.8:53 prebid.media.net udp
US 34.120.63.153:443 prebid.media.net tcp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 34.237.83.209:443 btlr.sharethrough.com tcp
US 34.237.83.209:443 btlr.sharethrough.com tcp
US 34.237.83.209:443 btlr.sharethrough.com tcp
US 34.237.83.209:443 btlr.sharethrough.com tcp
US 34.237.83.209:443 btlr.sharethrough.com tcp
NL 142.250.179.206:443 fundingchoicesmessages.google.com udp
NL 142.250.179.206:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 api.amplitude.com udp
US 54.188.151.207:443 api.amplitude.com tcp
US 130.211.23.194:443 api.btloader.com udp
US 8.8.8.8:53 otnolatrnup.com udp
US 8.8.8.8:53 189.211.227.13.in-addr.arpa udp
US 8.8.8.8:53 37.215.19.104.in-addr.arpa udp
US 8.8.8.8:53 198.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 70.2.26.104.in-addr.arpa udp
US 8.8.8.8:53 10.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 206.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 170.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 153.63.120.34.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 209.83.237.34.in-addr.arpa udp
US 8.8.8.8:53 analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
NL 216.58.214.14:443 analytics.google.com tcp
NL 142.250.102.156:443 stats.g.doubleclick.net tcp
NL 142.250.102.156:443 stats.g.doubleclick.net udp
NL 142.251.36.10:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 oa.openxcdn.net udp
US 34.102.146.192:443 oa.openxcdn.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 cdn.prod.uidapi.com udp
US 104.22.53.86:443 cdn.id5-sync.com tcp
US 8.8.8.8:53 tags.crwdcntrl.net udp
NL 52.222.141.36:443 cdn.prod.uidapi.com tcp
FR 178.250.7.2:443 static.criteo.net tcp
NL 52.222.139.7:443 tags.crwdcntrl.net tcp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
US 8.8.8.8:53 80437e6e6c60d26d706cd31e72f8f38c.safeframe.googlesyndication.com udp
NL 142.250.179.161:443 80437e6e6c60d26d706cd31e72f8f38c.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 207.151.188.54.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 156.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 192.146.102.34.in-addr.arpa udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 86.53.22.104.in-addr.arpa udp
US 8.8.8.8:53 36.141.222.52.in-addr.arpa udp
US 8.8.8.8:53 2.7.250.178.in-addr.arpa udp
US 8.8.8.8:53 7.139.222.52.in-addr.arpa udp
US 8.8.8.8:53 id5-sync.com udp
DE 162.19.138.118:443 id5-sync.com tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 oajs.openx.net udp
US 34.120.135.53:443 oajs.openx.net tcp
US 2.18.121.70:80 apps.identrust.com tcp
US 8.8.8.8:53 esp.rtbhouse.com udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 35.190.39.111:443 esp.rtbhouse.com tcp
US 52.202.150.89:443 bcp.crwdcntrl.net tcp
US 35.190.39.111:443 esp.rtbhouse.com udp
US 34.120.135.53:443 oajs.openx.net udp
NL 142.250.179.161:443 80437e6e6c60d26d706cd31e72f8f38c.safeframe.googlesyndication.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 www.googletagservices.com udp
NL 142.251.36.1:443 tpc.googlesyndication.com tcp
NL 142.251.36.1:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 google-bidout-d.openx.net udp
US 34.98.64.218:443 google-bidout-d.openx.net tcp
US 8.8.8.8:53 cdn.ampproject.org udp
NL 142.251.36.1:443 tpc.googlesyndication.com udp
NL 142.250.179.161:443 cdn.ampproject.org tcp
NL 142.250.179.161:443 cdn.ampproject.org tcp
NL 142.250.179.161:443 cdn.ampproject.org tcp
NL 142.250.179.161:443 cdn.ampproject.org tcp
NL 142.250.179.161:443 cdn.ampproject.org tcp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 dsum-sec.casalemedia.com udp
US 8.8.8.8:53 s0.2mdn.net udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 87.70.96.34.in-addr.arpa udp
DE 37.252.173.215:443 ib.adnxs.com tcp
US 8.8.8.8:53 161.179.250.142.in-addr.arpa udp
NL 142.250.179.162:443 cm.g.doubleclick.net tcp
NL 142.250.179.162:443 cm.g.doubleclick.net tcp
US 8.8.8.8:53 118.138.19.162.in-addr.arpa udp
CA 185.80.39.216:443 dsum-sec.casalemedia.com tcp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 53.135.120.34.in-addr.arpa udp
US 8.8.8.8:53 70.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 111.39.190.35.in-addr.arpa udp
US 8.8.8.8:53 89.150.202.52.in-addr.arpa udp
NL 142.250.179.134:443 s0.2mdn.net tcp
US 8.8.8.8:53 2.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 1.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 218.64.98.34.in-addr.arpa udp
NL 142.250.179.162:443 cm.g.doubleclick.net udp
DE 37.252.173.215:443 ib.adnxs.com tcp
US 8.8.8.8:53 cms.quantserve.com udp
US 8.8.8.8:53 c1.adform.net udp
CA 185.80.39.216:443 dsum-sec.casalemedia.com tcp
US 192.184.69.252:443 cms.quantserve.com tcp
DK 37.157.2.234:443 c1.adform.net tcp
US 8.8.8.8:53 match.adsrvr.org udp
US 52.223.40.198:443 match.adsrvr.org tcp
US 8.8.8.8:53 gum.criteo.com udp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 googleads4.g.doubleclick.net udp
NL 142.250.179.130:443 googleads4.g.doubleclick.net tcp
NL 142.250.179.130:443 googleads4.g.doubleclick.net tcp
NL 142.250.179.134:443 s0.2mdn.net udp
US 8.8.8.8:53 contextual.media.net udp
NL 173.223.112.20:443 contextual.media.net tcp
US 8.8.8.8:53 ads.pubmatic.com udp
DE 23.218.208.200:443 ads.pubmatic.com tcp
US 8.8.8.8:53 162.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 215.173.252.37.in-addr.arpa udp
US 8.8.8.8:53 216.39.80.185.in-addr.arpa udp
US 8.8.8.8:53 134.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.2.157.37.in-addr.arpa udp
US 8.8.8.8:53 198.40.223.52.in-addr.arpa udp
US 8.8.8.8:53 252.69.184.192.in-addr.arpa udp
US 8.8.8.8:53 engagefront.theweathernetwork.com udp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 34.120.23.223:443 engagefront.theweathernetwork.com tcp
NL 213.19.162.80:443 pixel.rubiconproject.com tcp
US 8.8.8.8:53 c21lg-d.media.net udp
US 8.8.8.8:53 sync.go.sonobi.com udp
US 8.8.8.8:53 dis.criteo.com udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 b1sync.zemanta.com udp
NL 178.250.1.9:443 dis.criteo.com tcp
US 8.8.8.8:53 b1sync.zemanta.com tcp
DE 184.30.24.22:443 c21lg-d.media.net tcp
US 8.8.8.8:53 rtb.mfadsrvr.com udp
US 35.211.178.172:443 x.bidswitch.net tcp
US 8.8.8.8:53 creativecdn.com udp
US 69.166.1.10:443 sync.go.sonobi.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
US 70.42.32.255:443 b1sync.zemanta.com tcp
US 8.8.8.8:53 cs.media.net udp
DE 184.30.24.22:443 cs.media.net tcp
US 35.207.24.140:443 rtb.mfadsrvr.com tcp
US 8.8.8.8:53 p.rfihub.com udp
NL 193.0.160.130:443 p.rfihub.com tcp
US 8.8.8.8:53 200.208.218.23.in-addr.arpa udp
US 8.8.8.8:53 130.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 20.112.223.173.in-addr.arpa udp
US 8.8.8.8:53 223.23.120.34.in-addr.arpa udp
US 8.8.8.8:53 80.162.19.213.in-addr.arpa udp
US 8.8.8.8:53 9.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 22.24.30.184.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
US 8.8.8.8:53 10.1.166.69.in-addr.arpa udp
US 8.8.8.8:53 172.178.211.35.in-addr.arpa udp
US 8.8.8.8:53 255.32.42.70.in-addr.arpa udp
US 8.8.8.8:53 130.160.0.193.in-addr.arpa udp
NL 142.250.179.130:443 googleads4.g.doubleclick.net udp
US 8.8.8.8:53 140.24.207.35.in-addr.arpa udp
US 35.207.24.140:443 rtb.mfadsrvr.com udp
US 8.8.8.8:53 widget.us.criteo.com udp
US 74.119.119.150:443 widget.us.criteo.com tcp
US 8.8.8.8:53 stags.bluekai.com udp
US 8.8.8.8:53 image6.pubmatic.com udp
NL 198.47.127.19:443 image6.pubmatic.com tcp
NL 173.223.113.181:443 stags.bluekai.com tcp
CA 185.80.39.216:443 dsum-sec.casalemedia.com tcp
CA 185.80.39.216:443 dsum-sec.casalemedia.com tcp
US 8.8.8.8:53 us-u.openx.net udp
US 8.8.8.8:53 eu-u.openx.net udp
US 8.8.8.8:53 sync.mathtag.com udp
CH 185.29.132.241:443 sync.mathtag.com tcp
US 8.8.8.8:53 d5p.de17a.com udp
SE 213.155.156.181:443 d5p.de17a.com tcp
US 8.8.8.8:53 simage2.pubmatic.com udp
US 104.36.113.107:443 simage2.pubmatic.com tcp
US 104.36.113.107:443 simage2.pubmatic.com tcp
US 8.8.8.8:53 image2.pubmatic.com udp
GB 185.64.191.210:443 image2.pubmatic.com tcp
US 8.8.8.8:53 181.113.223.173.in-addr.arpa udp
US 8.8.8.8:53 181.156.155.213.in-addr.arpa udp
US 8.8.8.8:53 107.113.36.104.in-addr.arpa udp
US 8.8.8.8:53 241.132.29.185.in-addr.arpa udp
US 8.8.8.8:53 19.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 150.119.119.74.in-addr.arpa udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
IE 54.239.33.159:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 sync.crwdcntrl.net udp
US 44.194.133.102:443 sync.crwdcntrl.net tcp
US 8.8.8.8:53 cr.frontend.weborama.fr udp
US 8.8.8.8:53 a.audrte.com udp
US 34.234.253.86:443 a.audrte.com tcp
US 34.111.129.221:443 cr.frontend.weborama.fr tcp
US 8.8.8.8:53 um.simpli.fi udp
NL 34.91.62.186:443 um.simpli.fi tcp
US 34.111.129.221:443 cr.frontend.weborama.fr udp
NL 216.58.214.14:443 analytics.google.com udp
CA 185.80.39.216:443 dsum-sec.casalemedia.com tcp
US 8.8.8.8:53 dmp.adform.net udp
DK 37.157.6.233:443 dmp.adform.net tcp
US 8.8.8.8:53 159.33.239.54.in-addr.arpa udp
US 8.8.8.8:53 221.129.111.34.in-addr.arpa udp
US 8.8.8.8:53 210.191.64.185.in-addr.arpa udp
US 8.8.8.8:53 102.133.194.44.in-addr.arpa udp
US 8.8.8.8:53 186.62.91.34.in-addr.arpa udp
US 8.8.8.8:53 233.6.157.37.in-addr.arpa udp
US 8.8.8.8:53 86.253.234.34.in-addr.arpa udp
US 8.8.8.8:53 simage4.pubmatic.com udp
US 104.36.113.111:443 simage4.pubmatic.com tcp
US 104.19.215.37:443 otnolatrnup.com udp
US 8.8.8.8:53 download2390.mediafire.com udp
US 199.91.155.131:443 download2390.mediafire.com tcp
US 8.8.8.8:53 111.113.36.104.in-addr.arpa udp
US 8.8.8.8:53 131.155.91.199.in-addr.arpa udp
NL 142.250.179.170:443 translate.googleapis.com udp
US 104.19.215.37:80 otnolatrnup.com tcp
US 104.19.215.37:80 otnolatrnup.com tcp
US 8.8.8.8:53 woreppercomming.com udp
US 34.199.180.187:443 woreppercomming.com tcp
US 8.8.8.8:53 187.180.199.34.in-addr.arpa udp
US 8.8.8.8:53 www.biphic.com udp
US 104.21.12.132:443 www.biphic.com tcp
US 8.8.8.8:53 www.opera.com udp
US 3.18.242.21:443 www.opera.com tcp
US 8.8.8.8:53 www.googleoptimize.com udp
US 8.8.8.8:53 cdn-production-opera-website.operacdn.com udp
NL 23.222.49.6:443 cdn-production-opera-website.operacdn.com tcp
US 8.8.8.8:53 132.12.21.104.in-addr.arpa udp
US 8.8.8.8:53 21.242.18.3.in-addr.arpa udp
US 8.8.8.8:53 6.49.222.23.in-addr.arpa udp
US 8.8.8.8:53 www-static.operacdn.com udp
NL 23.222.49.6:443 cdn-production-opera-website.operacdn.com tcp
US 8.8.8.8:53 www.redditstatic.com udp
US 151.101.1.140:443 www.redditstatic.com tcp
US 8.8.8.8:53 static.hotjar.com udp
US 8.8.8.8:53 cdn.taboola.com udp
US 151.101.1.44:443 cdn.taboola.com tcp
NL 52.222.139.19:443 static.hotjar.com tcp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 s.yimg.com udp
US 8.8.8.8:53 tags.creativecdn.com udp
NL 87.248.116.11:443 s.yimg.com tcp
US 34.117.98.198:443 tags.creativecdn.com tcp
FR 157.240.196.15:443 connect.facebook.net tcp
US 8.8.8.8:53 bat.bing.com udp
US 204.79.197.200:443 bat.bing.com tcp
US 8.8.8.8:53 script.hotjar.com udp
NL 13.227.219.71:443 script.hotjar.com tcp
US 8.8.8.8:53 trc.taboola.com udp
NL 87.248.116.11:443 s.yimg.com tcp
US 8.8.8.8:53 140.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 44.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 19.139.222.52.in-addr.arpa udp
US 8.8.8.8:53 ams.creativecdn.com udp
US 8.8.8.8:53 11.116.248.87.in-addr.arpa udp
NL 185.184.8.90:443 ams.creativecdn.com tcp
US 8.8.8.8:53 198.98.117.34.in-addr.arpa udp
US 8.8.8.8:53 15.196.240.157.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 71.219.227.13.in-addr.arpa udp
US 8.8.8.8:53 alb.reddit.com udp
US 151.101.1.140:443 alb.reddit.com tcp
FR 157.240.196.15:443 connect.facebook.net udp
US 8.8.8.8:53 sp.analytics.yahoo.com udp
IE 212.82.100.181:443 sp.analytics.yahoo.com tcp
US 8.8.8.8:53 vc.hotjar.io udp
NL 52.222.139.17:443 vc.hotjar.io tcp
US 8.8.8.8:53 www.facebook.com udp
NL 157.240.247.35:443 www.facebook.com tcp
US 8.8.8.8:53 181.100.82.212.in-addr.arpa udp
US 8.8.8.8:53 17.139.222.52.in-addr.arpa udp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
NL 157.240.247.35:443 www.facebook.com udp
US 8.8.8.8:53 trc-events.taboola.com udp
US 141.226.124.48:443 trc-events.taboola.com tcp
US 8.8.8.8:53 48.124.226.141.in-addr.arpa udp
US 8.8.8.8:53 ade.googlesyndication.com udp
NL 142.251.36.34:443 ade.googlesyndication.com tcp
NL 142.251.36.34:443 ade.googlesyndication.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 34.36.251.142.in-addr.arpa udp
US 13.89.179.8:443 tcp
NL 142.251.36.34:443 ade.googlesyndication.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.130.233:443 cdn.discordapp.com tcp
US 8.8.8.8:53 onetag-sys.com udp
DE 51.75.86.98:443 onetag-sys.com tcp
US 8.8.8.8:53 match.deepintent.com udp
US 169.197.150.8:443 match.deepintent.com tcp
US 8.8.8.8:53 233.130.159.162.in-addr.arpa udp
US 8.8.8.8:53 98.86.75.51.in-addr.arpa udp
US 8.8.8.8:53 8.150.197.169.in-addr.arpa udp
US 8.8.8.8:53 pixel-eu.rubiconproject.com udp
DE 37.252.173.215:443 ib.adnxs.com tcp
US 8.8.8.8:53 ssbsync-global.smartadserver.com udp
US 8.8.8.8:53 id.rlcdn.com udp
US 8.8.8.8:53 image8.pubmatic.com udp
NL 213.19.162.80:443 pixel-eu.rubiconproject.com tcp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
FR 185.86.138.154:443 ssbsync-global.smartadserver.com tcp
US 8.8.8.8:53 hbx.media.net udp
US 35.190.60.146:443 id.rlcdn.com tcp
GB 185.64.190.79:443 image8.pubmatic.com tcp
DE 3.75.62.37:443 ups.analytics.yahoo.com tcp
US 8.8.8.8:53 s.amazon-adsystem.com udp
DE 184.30.24.22:443 hbx.media.net tcp
US 52.46.155.104:443 s.amazon-adsystem.com tcp
US 35.190.60.146:443 id.rlcdn.com udp
US 8.8.8.8:53 146.60.190.35.in-addr.arpa udp
US 8.8.8.8:53 154.138.86.185.in-addr.arpa udp
US 8.8.8.8:53 79.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 37.62.75.3.in-addr.arpa udp
US 8.8.8.8:53 104.155.46.52.in-addr.arpa udp
US 8.8.8.8:53 44.8.109.52.in-addr.arpa udp
US 93.184.221.240:80 tcp
US 8.8.8.8:53 w3-reporting-nel.reddit.com udp
US 151.101.1.140:443 w3-reporting-nel.reddit.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 192.178.49.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 e2c6.gcp.gvt2.com udp
IN 34.93.91.7:443 e2c6.gcp.gvt2.com tcp
US 8.8.8.8:53 3.49.178.192.in-addr.arpa udp
IN 34.93.91.7:443 e2c6.gcp.gvt2.com tcp
US 8.8.8.8:53 7.91.93.34.in-addr.arpa udp
US 93.184.221.240:80 tcp
US 192.178.49.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 185.199.111.133:443 raw.githubusercontent.com tcp

Files

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 86d6876b99a4152001ce7228020c3e87
SHA1 4081536aa6b7f680ca665f4facd438f28af5986b
SHA256 acad0537cb8687e0e3d8c3987fd4b78286541a91fce011a6dece022c6cb538a9
SHA512 67af1c211340014fcdd87897ea1e35d8dcd9a6adf7659ba38d820b3f6a600b7f8718b7296d1c1aac57853b220cd77dd35068c61e9c6347debf0ea8037542394a

\??\pipe\crashpad_1652_JSARBZFJDZIDIYXL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 201cf9a396abc4a9153cf62939776b0f
SHA1 01fc222d3b615e8dbc12eda325a8b9c4c007fc5c
SHA256 d67bf397ba31c32e53fb08bcb13e6fa07dc801ddff1ade3a02e0f4481eb4a2d9
SHA512 54745cc09f6d441565461fe3547c3e042a3d3afa80f8d870521c719b331938de17404f93f30ef4a30399a274dc6e21b81729566665f16c9c6f766baa17848a5e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d5f88fe034717ab16ab6d20b2328780b
SHA1 de0b41fd6a1f91d7a7cccab09ffd77b43b50bfcb
SHA256 550ae954c3ca334848052d1f3a7d86756207a6a275125c6bd7514d0aad8b7a6e
SHA512 b719c5d4587ddf347e5ccda25ac4c6f8469ba10322943811137d629f90dd93558a4f3c89cc234de847798ab75b0b2dbb479b085bb8923126a38d24f358409b74

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a4503d131fef5beed287790be687cf56
SHA1 89d5245a6714dc0dea0314c0dd030f06b77ebd0e
SHA256 decf9ff7b235c8a7c1cd2c8c1c6c811edb7536c07f4d1aa9d9b326e6d9395e48
SHA512 f84ccbd474403cdb3ca2bc4c495f34cbf29add0abf8c13e686605bf9482fda821fbfc34ecf9b068334777cd8d83522b9b7484fc0afa8eb39d92c597518668c9f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 68f986c93411cdaa63b218585a7c1cb5
SHA1 0f6d198f160392dff97be19414ab11632de08a70
SHA256 92bf3a04fd7bc61c2e001da96f59331d68882cc4ecbae2081fe497ad86cb2be9
SHA512 d3649470f6b5cb2a5928778254f8b877c5bf6fd3750ad25a90f3daee6f304fc5189e5628c7c3839de6baa7750e97bbe0172994ad798d11958dda1c208e71f2f2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 53940c3a638b70b6937aafd746f20109
SHA1 52c0a5ffbaf4374c17ba835f9f1f1cb90a2130f7
SHA256 d8ebd0bc29150157c3caa04b93118152a0a5a82713626fcb72543516cdabd466
SHA512 0098fc1f1b00d483ee50c675896027f67a64adc329f8f0b858e781107e3b8b7ed16029911e593b2c783209c6b2453fe7078ea6804a93b7c6c3c2562e0a085f93

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2e61c4fbd979402471d19ef978ac1f62
SHA1 b94feaace17aedc3c32c96840817fcfc5b80df11
SHA256 caa5bb39473073469f73cda1485a030c47e5b2ab9396df09ba5a8d625ce34358
SHA512 fc54e311097d005ac43936bd0c04b87686fefab1ffb992e302424021245bff1b829ae94ef01d8b44126050089e4b75f4c2acdad71a695d2f9131fb1aac9f1297

C:\Users\Admin\Downloads\Zephyr.exe

MD5 596b0f4684d45de83c204967c06e48a3
SHA1 933dc2dc29a17a9447c944289fed4f98e0eb5e5f
SHA256 6ff53b8187d0d3e287ad9ce3da20eca4f9dd105a2e3421ca1ad73b533ec4b91a
SHA512 8f50098d120d32a84347a8337dee27061a6914d66b951f930d491a81a9804317318f25f80467684fd4fecea6bccc6de38b2df3ee2742a54805f2cdb4413d3830

C:\Users\Admin\Downloads\Zephyr.exe

MD5 596b0f4684d45de83c204967c06e48a3
SHA1 933dc2dc29a17a9447c944289fed4f98e0eb5e5f
SHA256 6ff53b8187d0d3e287ad9ce3da20eca4f9dd105a2e3421ca1ad73b533ec4b91a
SHA512 8f50098d120d32a84347a8337dee27061a6914d66b951f930d491a81a9804317318f25f80467684fd4fecea6bccc6de38b2df3ee2742a54805f2cdb4413d3830

C:\Users\Admin\Downloads\Zephyr.exe

MD5 596b0f4684d45de83c204967c06e48a3
SHA1 933dc2dc29a17a9447c944289fed4f98e0eb5e5f
SHA256 6ff53b8187d0d3e287ad9ce3da20eca4f9dd105a2e3421ca1ad73b533ec4b91a
SHA512 8f50098d120d32a84347a8337dee27061a6914d66b951f930d491a81a9804317318f25f80467684fd4fecea6bccc6de38b2df3ee2742a54805f2cdb4413d3830

memory/5356-452-0x00000241E9E80000-0x00000241EAE6A000-memory.dmp

memory/5356-453-0x00000241ECB50000-0x00000241ECB6A000-memory.dmp

C:\Users\Admin\Downloads\Azonix.otf

MD5 cdfe47b31e9184a55cf02eef1baf7240
SHA1 b8825c605434d572f5277be0283d5a9b2cde59e4
SHA256 51a65e5c09bf27980adf640cb54cb2a5bbb217fdaab79b377e158f92533362a9
SHA512 a2e5141c0f7ca72bcf5b1a303fce1734953d83ad363d4c3c7d8786e1bfd872a6b96eeabce3740b547a5447e255415cdf688a0d2074cecfaa0c54c49d0f2882c5

C:\Windows\Fonts\OpenSansLight.ttf

MD5 1bf71be111189e76987a4bb9b3115cb7
SHA1 40442c189568184b6e6c27a25d69f14d91b65039
SHA256 cf5f5184c1441a1660aa52526328e9d5c2793e77b6d8d3a3ad654bdb07ab8424
SHA512 cb18b69e98a194af5e3e3d982a75254f3a20bd94c68816a15f38870b9be616cef0c32033f253219cca9146b2b419dd6df28cc4ceeff80d01f400aa0ed101e061

memory/5356-478-0x00000241ED560000-0x00000241ED570000-memory.dmp

memory/5356-483-0x00000241ED2B0000-0x00000241ED2D2000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3e6aabf83748d57015aba15ae80a5c8b
SHA1 ae1ed356187487dc05aed2f092c9ed5fb453db3e
SHA256 7b6a9cbc5627fd94ed85c1d774c3b676c1fb6aadf3322c7dc3916e6755b616c9
SHA512 519039e79a49466094a33d17ef666d5f2412ebfefe05e94050aff96e00f2201eb5137a556f7116a1d42cb115a00713d9c742e04780338a51173f8a2bfe723a57

C:\Users\Admin\AppData\Local\Ambrosial\log.txt

MD5 e986a8ed39c97c020f7ccebb9bf13b55
SHA1 33d3b7b13af6a736a444a460ef0fba2b247648e9
SHA256 ac1419b61cd1e31b25756ea33c5af14f5d897e6c071a7b1bb11c5adbcd9995ae
SHA512 503be690f615a04d78ea442dc20f4660b8932d4db307b9b1f613b01346a28aedfc41bdeb9d301a761d430a1cd3f79463a3e7fd45cba8dbd26f48a3a8f62be002

C:\Users\Admin\AppData\Local\Ambrosial\log.txt

MD5 fc894506dd5e5551083afa9561b77d2e
SHA1 000b3300f6bcd47333100e3712dc7947dd67a596
SHA256 d802265463d8ccdeded7b7ce027f2c6fedebfd7dd9db59e2fc63e89ebc08d54f
SHA512 5d736535572df80ee5ec7112f76a4f4b36e48909554bc1c953b4e6a4207557a7b3a7cd5a2c206a0fe7a15f17eed433b8f883c8dee0fce8788e7aeb731c2cd6e2

C:\Users\Admin\AppData\Local\Ambrosial\assets\clients\1.19.3004.0\Zephyr Classic\launcherAssets\ProjectHalcyon.png

MD5 cf4b10cab822fb4e563d5c1fc7757a30
SHA1 57328884b3e1ebf4eaeb4715a33bf93a52c95d53
SHA256 abb9e95c2b6bf7f7fad5f483b9e3e746bbca54a82ff79009d0760dcd2ff013cc
SHA512 f0607ac012b3e86a56f63b9778bde661424e56b3b048f24c8d82b693fe673e860bf0225863f4f71915a1c8c5c83f3caa0de796a0059860d62e378e0b98135eb0

C:\Users\Admin\AppData\Local\Ambrosial\log.txt

MD5 fc894506dd5e5551083afa9561b77d2e
SHA1 000b3300f6bcd47333100e3712dc7947dd67a596
SHA256 d802265463d8ccdeded7b7ce027f2c6fedebfd7dd9db59e2fc63e89ebc08d54f
SHA512 5d736535572df80ee5ec7112f76a4f4b36e48909554bc1c953b4e6a4207557a7b3a7cd5a2c206a0fe7a15f17eed433b8f883c8dee0fce8788e7aeb731c2cd6e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c4fcc8fa78fc157bf0cf4308e17bb6ff
SHA1 3bbdde8b00423181f81ca715f6d22d4f7c001628
SHA256 61a18416d4b9cb4e3d5133b317cdd6273f7224b757da3c90c504223b33b2d8d4
SHA512 10dfef44489ec5056348baab5c8670a2015d962c9048df3e17654bc751a90c778234a157a68516c2291ea9e59e2365b13795a4db82fe6572a9ecfb9e9eb86a36

C:\Users\Admin\AppData\Local\Temp\0e1a63fc-9228-4b4f-96fc-fee060f96e92\GunaDotNetRT64.dll

MD5 9c43f77cb7cff27cb47ed67babe3eda5
SHA1 b0400cf68249369d21de86bd26bb84ccffd47c43
SHA256 f25b9288fe370dcfcb4823fb4e44ab88c7f5fce6e137d0dba389a3dba07d621e
SHA512 cde6fb6cf8db6f9746e69e6c10214e60b3646700d70b49668a2a792e309714dd2d4c5a5241977a833a95fcde8318abcc89eb9968a5039a0b75726bbfa27125a7

C:\Users\Admin\AppData\Local\Temp\0e1a63fc-9228-4b4f-96fc-fee060f96e92\GunaDotNetRT64.dll

MD5 9c43f77cb7cff27cb47ed67babe3eda5
SHA1 b0400cf68249369d21de86bd26bb84ccffd47c43
SHA256 f25b9288fe370dcfcb4823fb4e44ab88c7f5fce6e137d0dba389a3dba07d621e
SHA512 cde6fb6cf8db6f9746e69e6c10214e60b3646700d70b49668a2a792e309714dd2d4c5a5241977a833a95fcde8318abcc89eb9968a5039a0b75726bbfa27125a7

memory/5356-706-0x00000241EDF50000-0x00000241EE134000-memory.dmp

memory/5356-707-0x00000241EDF50000-0x00000241EE134000-memory.dmp

memory/5356-705-0x00007FFFC34C0000-0x00007FFFC360E000-memory.dmp

memory/5356-709-0x00007FFFC37F0000-0x00007FFFC3817000-memory.dmp

memory/5356-710-0x00000241EDF50000-0x00000241EE134000-memory.dmp

memory/5356-712-0x00000241EDF50000-0x00000241EE134000-memory.dmp

memory/5356-714-0x00000241EDF50000-0x00000241EE134000-memory.dmp

memory/5356-716-0x00000241EDF50000-0x00000241EE134000-memory.dmp

memory/5356-718-0x00000241EDF50000-0x00000241EE134000-memory.dmp

memory/5356-721-0x00000241EDF50000-0x00000241EE134000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 efc6a463686adb4233bc6b344d7aa760
SHA1 085f982372942f7fa77926cf585dd46935ffba3f
SHA256 963bf915975122e993bc283243bd7aa68d1f89fdda2a609a8b5ad1adc2e64c30
SHA512 fc23491520df400de344342a3fa23105c9a6a7278a446a1618fe594bdd51e3ced157595e411d68968d157405c059b37e209391ec6168b9c04416536a1adca006

memory/5356-723-0x00000241EDF50000-0x00000241EE134000-memory.dmp

memory/5356-729-0x00000241EDF50000-0x00000241EE134000-memory.dmp

memory/5356-731-0x00000241EDF50000-0x00000241EE134000-memory.dmp

memory/5356-733-0x00000241EDF50000-0x00000241EE134000-memory.dmp

memory/5356-735-0x00000241EDF50000-0x00000241EE134000-memory.dmp

memory/5356-737-0x00000241EDF50000-0x00000241EE134000-memory.dmp

memory/5356-739-0x00000241EDF50000-0x00000241EE134000-memory.dmp

memory/5356-741-0x00000241EDF50000-0x00000241EE134000-memory.dmp

memory/5356-743-0x00000241EDF50000-0x00000241EE134000-memory.dmp

memory/5356-745-0x00000241EDF50000-0x00000241EE134000-memory.dmp

memory/5356-747-0x00000241EDF50000-0x00000241EE134000-memory.dmp

memory/5356-749-0x00000241EDF50000-0x00000241EE134000-memory.dmp

memory/5356-751-0x00000241EDF50000-0x00000241EE134000-memory.dmp

memory/5356-753-0x00000241EDF50000-0x00000241EE134000-memory.dmp

memory/5356-755-0x00000241EDF50000-0x00000241EE134000-memory.dmp

memory/5356-757-0x00000241EDF50000-0x00000241EE134000-memory.dmp

memory/5356-759-0x00000241EDF50000-0x00000241EE134000-memory.dmp

memory/5356-761-0x00000241EDF50000-0x00000241EE134000-memory.dmp

memory/5356-763-0x00000241EDF50000-0x00000241EE134000-memory.dmp

memory/5356-765-0x00000241EDF50000-0x00000241EE134000-memory.dmp

memory/5356-767-0x00000241EDF50000-0x00000241EE134000-memory.dmp

memory/5356-769-0x00000241EDF50000-0x00000241EE134000-memory.dmp

memory/5356-771-0x00000241EDF50000-0x00000241EE134000-memory.dmp

memory/5356-773-0x00000241EDF50000-0x00000241EE134000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8db45014a6e8ef3a4c92df35cde28072
SHA1 28e0311c84e53095c1f16080597714d6ed4f184a
SHA256 cd67b3c6d781f6c0eaa2e36f8486b23f47f2105b2c74860596dc5c0f863df86c
SHA512 5a02eb06863103c08eb102dd1d7a1bbf3ba415c3e5d86e6eee277e0b22a31758b78c388c260d39c1c78fef2db50594a8cc68f81191e23f4278bc795e8f42ad67

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 15971893cc915e883cc1ce6a6d9ea9d8
SHA1 007ac1fcb2297e435624e675ba93b16eb987a6c8
SHA256 89a178116b250779a5972a1f0d7c67f01b4000e3ad6cb05ba438349b3a8c0556
SHA512 25e2eb0659027f55147ecabecc253e63ffa2a93ec64bb663e405c0569cd111f0f151cc35d388d21ef231ebe8cdf5bd31f6dff4d4a95c9b7ac949b24c3366d6dc

memory/5356-980-0x00000241ED560000-0x00000241ED570000-memory.dmp

memory/5356-1152-0x00007FFFC37F0000-0x00007FFFC3817000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2f8cfdeaf9dd24b3a717282b2e800ab8
SHA1 169c76a439cd43a1f11d0215f0b6d55a90393cba
SHA256 95f8cf6aa440972f8729574098b7a970dc049b8d10413db3de5956e0f0e6a6db
SHA512 6f364c31c35897b2dc8768d08adde122fbe6b7506bd707fdccdd29383066484906f3c2310406a713dc22bb0184555fe8aad893abdb35d6daa454a1e8ede4634d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 a60477433ba5ffe257a49b352a0d99df
SHA1 be0c24252d69ca8af8f9fdc7a05d2ba6e04797f6
SHA256 4e0ad62c635fad7a638839767a5460138f37304452ee7d9bc6d7deefc184d221
SHA512 d34c396d12df8e1555709257dbb51f2774c042b0a9e95846c3b50a7288ed05d39dca2465ffd408cedc9b85c00426d25c1d9fa331aff6654bcf71e6fdb28ce106

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 b548a862228e0ccec48ae798eb6d72c5
SHA1 1e000f2229ce4ad3349f174a5ece3152f7b67b5a
SHA256 eb0dc8b4602be07fcc3c59a689c2233771929d24bf6400e392fbcd8ae14ccfce
SHA512 3a196493da6ead5151d018af6e24167110dba340d660e68ad6bbbbe177d02378c8f1fd59dac32c4b5821b3bb217ae8d83c38bc695737a54cae11b13997b04cc8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 9f1ba0cbb53b11275b963d58b7d7dbe4
SHA1 b086073e715e2650242c8e59d8e3b706ca893540
SHA256 bebb48962b894b4c2178fcb377d4fa7c9b9e59d7e6303aa909cc3e8cbee98e64
SHA512 72ac844c037d887780c125d362db7efa92461c640aedaa6ed6afb0d9f280c97eb408ccd6def760d245ea20cfb150e3c236305ee8fc3ae05d22ffead008b3b7aa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7c2e5fc9dfdd0714b935698b0e0de219
SHA1 a1af63bd7355c1f968a8023f44ec622b7acb51f8
SHA256 efbc04fc4519dc6fdc79f301b6e6bc78ad13a41672e5b597fc536a66441c79fc
SHA512 11b40fea2d22870f9d0e3157573403b7a7e7324bde9a0c3be136ced632a1802df0b0322781b522b9d43ad4f8f1df43c3a3f9be7c8dede468d00516582f1dd549

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 bfcbe2d28d8c54d313e596e2db5e3207
SHA1 899b092123b98751a06118ccf7b3e3b6b4b2dd45
SHA256 8e76c07b2675d3da437bd9b0a881ba3869b4f8e654c25b1ca65bc6e470a09624
SHA512 7eed88ecb32246cdaf710aaedda701325beb54676e9540a48d4dbd779009cad9a6339746050bc59ceee4a774a179439e91e30b5ef59d79bc042fbca51d7cb1f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 52f5a3935958d9066874492bf6103293
SHA1 818c27cad5f2f2fab5afdcf5249591d79aeab4f8
SHA256 dcafc7ba296d3cd9fca7bd246aba1b1a3367d98eae8d32859df7ae09af32ca2d
SHA512 5f85aa44a70cbdc2e8795b05e85cd08714ddc63eb3d7b1e65ffa4f34c9987b87f0d1a6dadc0e988727467cf4ad3b1d8ee008440b7a0b3838dcb82b0065154cda

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 adf1a1f80d85bcc620fb695bba35b212
SHA1 c5eff53f7d301a6bacb829178eec5b83fe61078e
SHA256 02177fda3bb90cc0aff9b8cbc96004bae7c176ea2324457bc2c9b5397b7513e8
SHA512 de692779bacc67dda207bd57badef99214ba823dda7d95cbac05feb843c9112543cbf053655cf6848aa3065bae9dfb28410e721954d775120381d99ed8fac4d4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3ddcd466d25f784503626cb551b26c9d
SHA1 1f23a35008d30972cbf731230f9b61fcc9dcf307
SHA256 f8db4fc901b4df85041ee7ff839a66b2748d3f7cab4efcfe0967a69226c23a71
SHA512 3c29fe9db9d6161eb2e5a3cd3f2b9c2c2d2876103d244236ff14c9332a927b71c532761d75a59aa86f86e999ef5a44214e21da1b818278c1e465715ff986a308

C:\Users\Admin\Downloads\Zephyr.exe

MD5 596b0f4684d45de83c204967c06e48a3
SHA1 933dc2dc29a17a9447c944289fed4f98e0eb5e5f
SHA256 6ff53b8187d0d3e287ad9ce3da20eca4f9dd105a2e3421ca1ad73b533ec4b91a
SHA512 8f50098d120d32a84347a8337dee27061a6914d66b951f930d491a81a9804317318f25f80467684fd4fecea6bccc6de38b2df3ee2742a54805f2cdb4413d3830

C:\Users\Admin\AppData\Local\Ambrosial\log.txt

MD5 e789b19841c377dbf06609fb6690f37f
SHA1 4de9791a1d51953ce88762980e617bcf36fbb269
SHA256 61c9acbe33d087b4dee62712c62bebdc869fec29b06ea724a582a3e2bdf446e9
SHA512 ebbbd6fd2cc663a2316abe541b0c65c8d664c6e91fda2e7ac9ccc0cfd0db0703ccb3530c57b9e38f26e447e8271b01f9c38184b0ee391418ac1f7ce533daacaa

memory/3848-6569-0x0000018EB2380000-0x0000018EB2390000-memory.dmp

C:\Users\Admin\AppData\Local\Ambrosial\assets\clients\cachedclients.json

MD5 3247e6bc53d0be2619dde6e003a7a03e
SHA1 d495da042dacdfc763992a32a8707616356d88b8
SHA256 aa8790dd7c8736ccc8f27a41a981537f8a2319b042bac44cbfeffcaa1606f8f2
SHA512 bf2b22d1b490a3806a518aa28f573066eaf66ce5cb186a090b58c1d9f3a2bea43ebee1ce85c58d89423e401656fa3e2ec75850fce956c749adcd7a9a92b33dc6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

MD5 d6c20517032a51ca84d23d1e851d629c
SHA1 872110867cdce8b8a7e5d6993c7f54931ef527b7
SHA256 ab6ee7c0a420d1477a0af092af461abfdd9e6df504ca6796f01aedb8af841297
SHA512 84ee423d035d49d3190e73e04abcd536983ed586a0c6818d80b7ed2ba91df88eb9d02bd8586345254c9ef0c252a8730fae98db0b805b15f68b180b8d91115ec4

C:\Users\Admin\AppData\Local\Ambrosial\log.txt

MD5 cca2fbf55652db066704177aebf13702
SHA1 e83d3bd72c58e785b69537b6c9a7f87879b0e64f
SHA256 9df860ecfc34d53037fa4324be520d179d1ab1ecf06fc227f60fbf859a61ee14
SHA512 996af9a153873664b0aa5033026b7f6bc892bc5f2cb84dc99048c84f8a546e7bf072fb94b0b13a6a85e6d1da589ef7d3aa21d963110e7473960b041bf871da8c

C:\Users\Admin\AppData\Local\Temp\0e1a63fc-9228-4b4f-96fc-fee060f96e92\GunaDotNetRT64.dll

MD5 9c43f77cb7cff27cb47ed67babe3eda5
SHA1 b0400cf68249369d21de86bd26bb84ccffd47c43
SHA256 f25b9288fe370dcfcb4823fb4e44ab88c7f5fce6e137d0dba389a3dba07d621e
SHA512 cde6fb6cf8db6f9746e69e6c10214e60b3646700d70b49668a2a792e309714dd2d4c5a5241977a833a95fcde8318abcc89eb9968a5039a0b75726bbfa27125a7

C:\Users\Admin\AppData\Local\Temp\0e1a63fc-9228-4b4f-96fc-fee060f96e92\GunaDotNetRT64.dll

MD5 9c43f77cb7cff27cb47ed67babe3eda5
SHA1 b0400cf68249369d21de86bd26bb84ccffd47c43
SHA256 f25b9288fe370dcfcb4823fb4e44ab88c7f5fce6e137d0dba389a3dba07d621e
SHA512 cde6fb6cf8db6f9746e69e6c10214e60b3646700d70b49668a2a792e309714dd2d4c5a5241977a833a95fcde8318abcc89eb9968a5039a0b75726bbfa27125a7

memory/3848-6774-0x00007FFFC37F0000-0x00007FFFC3817000-memory.dmp

memory/3848-7029-0x0000018EB2380000-0x0000018EB2390000-memory.dmp

C:\Users\Admin\Downloads\Zephyr.exe

MD5 596b0f4684d45de83c204967c06e48a3
SHA1 933dc2dc29a17a9447c944289fed4f98e0eb5e5f
SHA256 6ff53b8187d0d3e287ad9ce3da20eca4f9dd105a2e3421ca1ad73b533ec4b91a
SHA512 8f50098d120d32a84347a8337dee27061a6914d66b951f930d491a81a9804317318f25f80467684fd4fecea6bccc6de38b2df3ee2742a54805f2cdb4413d3830

C:\Users\Admin\Downloads\Zephyr.exe

MD5 596b0f4684d45de83c204967c06e48a3
SHA1 933dc2dc29a17a9447c944289fed4f98e0eb5e5f
SHA256 6ff53b8187d0d3e287ad9ce3da20eca4f9dd105a2e3421ca1ad73b533ec4b91a
SHA512 8f50098d120d32a84347a8337dee27061a6914d66b951f930d491a81a9804317318f25f80467684fd4fecea6bccc6de38b2df3ee2742a54805f2cdb4413d3830

C:\Users\Admin\AppData\Local\Ambrosial\log.txt

MD5 cca2fbf55652db066704177aebf13702
SHA1 e83d3bd72c58e785b69537b6c9a7f87879b0e64f
SHA256 9df860ecfc34d53037fa4324be520d179d1ab1ecf06fc227f60fbf859a61ee14
SHA512 996af9a153873664b0aa5033026b7f6bc892bc5f2cb84dc99048c84f8a546e7bf072fb94b0b13a6a85e6d1da589ef7d3aa21d963110e7473960b041bf871da8c

memory/6132-7096-0x00000158CEA20000-0x00000158CEA30000-memory.dmp

memory/3848-7093-0x00007FFFC37F0000-0x00007FFFC3817000-memory.dmp

C:\Users\Admin\AppData\Local\Ambrosial\log.txt

MD5 992863f4abe161a1320a4cfcd8efb3bc
SHA1 0d5f089a174543f564c28cd45d42c9def8e152de
SHA256 06892a0ce79de3b7380a8f66566654f456d5dd4c9434f7061ae542d4919c35ff
SHA512 725d986596c3e6014a8a39631315e386cb9f770d552070427d12e131c95528f12f98705b24f104f48b15485a7812078f7cde7f72bc1b103a83b2a7093771a36a

C:\Users\Admin\Downloads\Zephyr.exe

MD5 596b0f4684d45de83c204967c06e48a3
SHA1 933dc2dc29a17a9447c944289fed4f98e0eb5e5f
SHA256 6ff53b8187d0d3e287ad9ce3da20eca4f9dd105a2e3421ca1ad73b533ec4b91a
SHA512 8f50098d120d32a84347a8337dee27061a6914d66b951f930d491a81a9804317318f25f80467684fd4fecea6bccc6de38b2df3ee2742a54805f2cdb4413d3830

memory/4336-7137-0x000001CAFF810000-0x000001CAFF820000-memory.dmp

C:\Users\Admin\AppData\Local\Ambrosial\log.txt

MD5 c51a8c76c59b041835dc0bf1bcf9769f
SHA1 97b442ab5da63350279bae9fecdf50784120c164
SHA256 49545eda5995edf1bef71576ffb58371c5e95e85c16e75c828c78b369e9fe617
SHA512 29b2fa7b901c22d1b0af978b002f67e917c1d4c1aef7511764b2a06f51d696231ac5749d571d95b97a19f6d4c461a7828e9f4c02cd287ffd0fe35f23b86b0c0e

C:\Users\Admin\AppData\Local\Ambrosial\assets\clients\cachedclients.json

MD5 3247e6bc53d0be2619dde6e003a7a03e
SHA1 d495da042dacdfc763992a32a8707616356d88b8
SHA256 aa8790dd7c8736ccc8f27a41a981537f8a2319b042bac44cbfeffcaa1606f8f2
SHA512 bf2b22d1b490a3806a518aa28f573066eaf66ce5cb186a090b58c1d9f3a2bea43ebee1ce85c58d89423e401656fa3e2ec75850fce956c749adcd7a9a92b33dc6

C:\Users\Admin\AppData\Local\Ambrosial\log.txt

MD5 14c29dd2f4a7bc27cb182ec49efc1227
SHA1 9285696cc33085ffefbf197a29e2989f875d00bc
SHA256 17a6fa358e181db21e5d986f567d8866308de02688ef58ce678ba6c041e501a3
SHA512 6fc181b1491645a3704626c5f382d74d49ca9a30dd15220d220cbe93786747ca28452843625bd18d40aec06cac613513c97f8274db4404cee2c8dd446c91a669

memory/3904-7291-0x00000209741E0000-0x00000209741F0000-memory.dmp

C:\Users\Admin\AppData\Local\Ambrosial\assets\clients\cachedclients.json

MD5 3247e6bc53d0be2619dde6e003a7a03e
SHA1 d495da042dacdfc763992a32a8707616356d88b8
SHA256 aa8790dd7c8736ccc8f27a41a981537f8a2319b042bac44cbfeffcaa1606f8f2
SHA512 bf2b22d1b490a3806a518aa28f573066eaf66ce5cb186a090b58c1d9f3a2bea43ebee1ce85c58d89423e401656fa3e2ec75850fce956c749adcd7a9a92b33dc6

C:\Users\Admin\AppData\Local\Ambrosial\log.txt

MD5 14c29dd2f4a7bc27cb182ec49efc1227
SHA1 9285696cc33085ffefbf197a29e2989f875d00bc
SHA256 17a6fa358e181db21e5d986f567d8866308de02688ef58ce678ba6c041e501a3
SHA512 6fc181b1491645a3704626c5f382d74d49ca9a30dd15220d220cbe93786747ca28452843625bd18d40aec06cac613513c97f8274db4404cee2c8dd446c91a669

C:\Users\Admin\AppData\Local\Ambrosial\log.txt

MD5 14c29dd2f4a7bc27cb182ec49efc1227
SHA1 9285696cc33085ffefbf197a29e2989f875d00bc
SHA256 17a6fa358e181db21e5d986f567d8866308de02688ef58ce678ba6c041e501a3
SHA512 6fc181b1491645a3704626c5f382d74d49ca9a30dd15220d220cbe93786747ca28452843625bd18d40aec06cac613513c97f8274db4404cee2c8dd446c91a669

C:\Users\Admin\Downloads\YuGothL.ttc

MD5 0fd31d088de3a9062313bbe326e2b0f8
SHA1 9691c2a7714878a75fe2171bb482c032ba55d2f4
SHA256 536a19fa3e895ec798da3adbbeb6ea5a061230ac6a3b1b89bf4424f71d844303
SHA512 be700ee2122fc6e535743ae719c9a726cd6082dbf771ae56ae0ba21fbd078f1741334bf0762208cb96e434124e7e7562fb1ab7c78c2f47b3628a5c0c20150236

C:\Users\Admin\AppData\Local\Ambrosial\log.txt

MD5 a7a11c2fc4783475ec08816283f79a10
SHA1 27e3e683f1d0fc8d24f5530f2607d8c2b3e3edb4
SHA256 f86da4f3ebc4fe94f2215e97868f28f7933b6b4e8120f8989ba16072148da019
SHA512 f162f246a471435d79a852f36c6d599e541a5dc5169012e919965d005eef5171de831cc3b2b07cb6ff00f84c3af4a4bcf69d815b11ea06f26bf5bdc3e89bab5f

C:\Users\Admin\AppData\Local\Ambrosial\log.txt

MD5 a7a11c2fc4783475ec08816283f79a10
SHA1 27e3e683f1d0fc8d24f5530f2607d8c2b3e3edb4
SHA256 f86da4f3ebc4fe94f2215e97868f28f7933b6b4e8120f8989ba16072148da019
SHA512 f162f246a471435d79a852f36c6d599e541a5dc5169012e919965d005eef5171de831cc3b2b07cb6ff00f84c3af4a4bcf69d815b11ea06f26bf5bdc3e89bab5f

C:\Users\Admin\AppData\Local\Temp\0e1a63fc-9228-4b4f-96fc-fee060f96e92\GunaDotNetRT64.dll

MD5 9c43f77cb7cff27cb47ed67babe3eda5
SHA1 b0400cf68249369d21de86bd26bb84ccffd47c43
SHA256 f25b9288fe370dcfcb4823fb4e44ab88c7f5fce6e137d0dba389a3dba07d621e
SHA512 cde6fb6cf8db6f9746e69e6c10214e60b3646700d70b49668a2a792e309714dd2d4c5a5241977a833a95fcde8318abcc89eb9968a5039a0b75726bbfa27125a7

memory/6132-7333-0x00007FFFC37F0000-0x00007FFFC3817000-memory.dmp

C:\Users\Admin\AppData\Local\Ambrosial\log.txt

MD5 ac0ca68287e669d5e03c5395dd3c0385
SHA1 87a7605f62befacfa84e4ab8b7f97de45b719f53
SHA256 a59f4ebb55227879253a42c2dde54b1a4e45c0728417e8c6676a629d34bc258f
SHA512 2cf311b146ce95909271ae1ecbb8c5009e43f3b71c5ea855311b1d93af574fc61d09edc7074ea5644bd144fa76aae0c6d9eb7e7abb9bdcb1a35e31d2b3a6edfd

C:\Users\Admin\AppData\Local\Ambrosial\log.txt

MD5 ac0ca68287e669d5e03c5395dd3c0385
SHA1 87a7605f62befacfa84e4ab8b7f97de45b719f53
SHA256 a59f4ebb55227879253a42c2dde54b1a4e45c0728417e8c6676a629d34bc258f
SHA512 2cf311b146ce95909271ae1ecbb8c5009e43f3b71c5ea855311b1d93af574fc61d09edc7074ea5644bd144fa76aae0c6d9eb7e7abb9bdcb1a35e31d2b3a6edfd

C:\Users\Admin\AppData\Local\Temp\0e1a63fc-9228-4b4f-96fc-fee060f96e92\GunaDotNetRT64.dll

MD5 9c43f77cb7cff27cb47ed67babe3eda5
SHA1 b0400cf68249369d21de86bd26bb84ccffd47c43
SHA256 f25b9288fe370dcfcb4823fb4e44ab88c7f5fce6e137d0dba389a3dba07d621e
SHA512 cde6fb6cf8db6f9746e69e6c10214e60b3646700d70b49668a2a792e309714dd2d4c5a5241977a833a95fcde8318abcc89eb9968a5039a0b75726bbfa27125a7

memory/4336-7493-0x00007FFFC37F0000-0x00007FFFC3817000-memory.dmp

C:\Users\Admin\AppData\Local\Ambrosial\log.txt

MD5 26f6278d6a5024d6d29466d322bce197
SHA1 cc928d4375e790c53c4dc4b6e140333a4666212a
SHA256 a9bcb455b40e2bf7c91480952168be1aa85377dee76b8d821aafb24c4b71d5a4
SHA512 11437f83b19c374e803e2508f39252a80eff89138c8af4a5a86085289884f97520295838d2efea7b24443ee56611247c9edf806dd9387744f5aac27ae920642a

C:\Users\Admin\AppData\Local\Ambrosial\assets\clients\cachedclients.json

MD5 3247e6bc53d0be2619dde6e003a7a03e
SHA1 d495da042dacdfc763992a32a8707616356d88b8
SHA256 aa8790dd7c8736ccc8f27a41a981537f8a2319b042bac44cbfeffcaa1606f8f2
SHA512 bf2b22d1b490a3806a518aa28f573066eaf66ce5cb186a090b58c1d9f3a2bea43ebee1ce85c58d89423e401656fa3e2ec75850fce956c749adcd7a9a92b33dc6

C:\Users\Admin\AppData\Local\Ambrosial\assets\clients\cachedclients.json

MD5 3247e6bc53d0be2619dde6e003a7a03e
SHA1 d495da042dacdfc763992a32a8707616356d88b8
SHA256 aa8790dd7c8736ccc8f27a41a981537f8a2319b042bac44cbfeffcaa1606f8f2
SHA512 bf2b22d1b490a3806a518aa28f573066eaf66ce5cb186a090b58c1d9f3a2bea43ebee1ce85c58d89423e401656fa3e2ec75850fce956c749adcd7a9a92b33dc6

memory/3904-7728-0x00007FFFC37F0000-0x00007FFFC3817000-memory.dmp

memory/6132-7851-0x00000158CEA20000-0x00000158CEA30000-memory.dmp

memory/4336-7895-0x000001CAFF810000-0x000001CAFF820000-memory.dmp

memory/3904-7941-0x00000209741E0000-0x00000209741F0000-memory.dmp

memory/6132-7986-0x00007FFFC37F0000-0x00007FFFC3817000-memory.dmp

memory/4336-8031-0x00007FFFC37F0000-0x00007FFFC3817000-memory.dmp

memory/3904-8157-0x00007FFFC37F0000-0x00007FFFC3817000-memory.dmp