Analysis Overview
SHA256
6ff53b8187d0d3e287ad9ce3da20eca4f9dd105a2e3421ca1ad73b533ec4b91a
Threat Level: Likely malicious
The file Ambrosial.exe was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Loads dropped DLL
Executes dropped EXE
Obfuscated with Agile.Net obfuscator
Legitimate hosting services abused for malware hosting/C2
Drops file in Windows directory
Unsigned PE
Browser Information Discovery
Enumerates system info in registry
NTFS ADS
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2025-01-19 15:02
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-01-19 15:02
Reported
2025-01-19 15:05
Platform
win7-20240903-en
Max time kernel
119s
Max time network
120s
Command Line
Signatures
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Fonts\Azonix.otf | C:\Users\Admin\AppData\Local\Temp\Ambrosial.exe | N/A |
| File opened for modification | C:\Windows\Fonts\Azonix.otf | C:\Users\Admin\AppData\Local\Temp\Ambrosial.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1240 wrote to memory of 3036 | N/A | C:\Users\Admin\AppData\Local\Temp\Ambrosial.exe | C:\Windows\system32\WerFault.exe |
| PID 1240 wrote to memory of 3036 | N/A | C:\Users\Admin\AppData\Local\Temp\Ambrosial.exe | C:\Windows\system32\WerFault.exe |
| PID 1240 wrote to memory of 3036 | N/A | C:\Users\Admin\AppData\Local\Temp\Ambrosial.exe | C:\Windows\system32\WerFault.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\Ambrosial.exe
"C:\Users\Admin\AppData\Local\Temp\Ambrosial.exe"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1240 -s 592
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
Network
Files
memory/1240-0-0x000007FEF5573000-0x000007FEF5574000-memory.dmp
memory/1240-1-0x0000000000EB0000-0x0000000001E9A000-memory.dmp
memory/1240-2-0x0000000000550000-0x000000000056C000-memory.dmp
memory/1240-3-0x0000000000570000-0x000000000058A000-memory.dmp
memory/1240-4-0x000007FEF5570000-0x000007FEF5F5C000-memory.dmp
C:\Windows\Fonts\Azonix.otf
| MD5 | cdfe47b31e9184a55cf02eef1baf7240 |
| SHA1 | b8825c605434d572f5277be0283d5a9b2cde59e4 |
| SHA256 | 51a65e5c09bf27980adf640cb54cb2a5bbb217fdaab79b377e158f92533362a9 |
| SHA512 | a2e5141c0f7ca72bcf5b1a303fce1734953d83ad363d4c3c7d8786e1bfd872a6b96eeabce3740b547a5447e255415cdf688a0d2074cecfaa0c54c49d0f2882c5 |
memory/1240-11-0x000007FEF5573000-0x000007FEF5574000-memory.dmp
memory/1240-12-0x000007FEF5570000-0x000007FEF5F5C000-memory.dmp
memory/1240-13-0x000007FEF5570000-0x000007FEF5F5C000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2025-01-19 15:02
Reported
2025-01-19 15:06
Platform
win10v2004-20241007-en
Max time kernel
106s
Max time network
150s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Ambrosial.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Ambrosial.exe | N/A |
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Fonts\OpenSansLight.ttf | C:\Users\Admin\AppData\Local\Temp\Ambrosial.exe | N/A |
| File created | C:\Windows\Fonts\Azonix.otf | C:\Users\Admin\AppData\Local\Temp\Ambrosial.exe | N/A |
| File opened for modification | C:\Windows\Fonts\Azonix.otf | C:\Users\Admin\AppData\Local\Temp\Ambrosial.exe | N/A |
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 43088.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Ambrosial.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Ambrosial.exe
"C:\Users\Admin\AppData\Local\Temp\Ambrosial.exe"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe1bb146f8,0x7ffe1bb14708,0x7ffe1bb14718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe1bb146f8,0x7ffe1bb14708,0x7ffe1bb14718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,600676056778126613,16555734010317300708,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,600676056778126613,16555734010317300708,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,600676056778126613,16555734010317300708,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,600676056778126613,16555734010317300708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,600676056778126613,16555734010317300708,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1564,13114782920973478193,5588765550275965881,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,600676056778126613,16555734010317300708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,600676056778126613,16555734010317300708,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,600676056778126613,16555734010317300708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,600676056778126613,16555734010317300708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,600676056778126613,16555734010317300708,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3508 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,600676056778126613,16555734010317300708,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3508 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,600676056778126613,16555734010317300708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,600676056778126613,16555734010317300708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,600676056778126613,16555734010317300708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,600676056778126613,16555734010317300708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,600676056778126613,16555734010317300708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,600676056778126613,16555734010317300708,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,600676056778126613,16555734010317300708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,600676056778126613,16555734010317300708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2156,600676056778126613,16555734010317300708,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4648 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2156,600676056778126613,16555734010317300708,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6392 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2156,600676056778126613,16555734010317300708,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6480 /prefetch:8
C:\Users\Admin\Downloads\Ambrosial.exe
"C:\Users\Admin\Downloads\Ambrosial.exe"
C:\Users\Admin\Downloads\Ambrosial.exe
"C:\Users\Admin\Downloads\Ambrosial.exe"
C:\Users\Admin\Downloads\Ambrosial.exe
"C:\Users\Admin\Downloads\Ambrosial.exe"
C:\Users\Admin\Downloads\Ambrosial.exe
"C:\Users\Admin\Downloads\Ambrosial.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 216.87.200.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.173.78.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.8.8:53 | picsum.photos | udp |
| US | 172.67.74.163:443 | picsum.photos | tcp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.135.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.74.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fastly.picsum.photos | udp |
| US | 151.101.65.91:443 | fastly.picsum.photos | tcp |
| US | 8.8.8.8:53 | 91.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| FR | 2.16.165.91:443 | www.bing.com | tcp |
| FR | 2.16.165.91:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 91.165.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| FR | 2.16.11.66:443 | r.bing.com | tcp |
| FR | 2.16.11.66:443 | r.bing.com | tcp |
| US | 95.100.153.157:443 | th.bing.com | tcp |
| US | 95.100.153.157:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 66.11.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.153.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.129.81.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 40.126.32.72:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 8.153.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.111.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.111.199.185.in-addr.arpa | udp |
| US | 185.199.108.133:443 | user-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.108.133:443 | objects.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | objects.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | objects.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | objects.githubusercontent.com | tcp |
Files
memory/3916-0-0x00007FFE236D3000-0x00007FFE236D5000-memory.dmp
memory/3916-1-0x0000020660BC0000-0x0000020661BAA000-memory.dmp
memory/3916-2-0x0000020661F40000-0x0000020661F5C000-memory.dmp
memory/3916-3-0x0000020661FA0000-0x0000020661FBA000-memory.dmp
memory/3916-12-0x00007FFE236D0000-0x00007FFE24191000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Azonix.otf
| MD5 | cdfe47b31e9184a55cf02eef1baf7240 |
| SHA1 | b8825c605434d572f5277be0283d5a9b2cde59e4 |
| SHA256 | 51a65e5c09bf27980adf640cb54cb2a5bbb217fdaab79b377e158f92533362a9 |
| SHA512 | a2e5141c0f7ca72bcf5b1a303fce1734953d83ad363d4c3c7d8786e1bfd872a6b96eeabce3740b547a5447e255415cdf688a0d2074cecfaa0c54c49d0f2882c5 |
C:\Windows\Fonts\OpenSansLight.ttf
| MD5 | 1bf71be111189e76987a4bb9b3115cb7 |
| SHA1 | 40442c189568184b6e6c27a25d69f14d91b65039 |
| SHA256 | cf5f5184c1441a1660aa52526328e9d5c2793e77b6d8d3a3ad654bdb07ab8424 |
| SHA512 | cb18b69e98a194af5e3e3d982a75254f3a20bd94c68816a15f38870b9be616cef0c32033f253219cca9146b2b419dd6df28cc4ceeff80d01f400aa0ed101e061 |
memory/3916-26-0x000002067C040000-0x000002067C0F0000-memory.dmp
memory/3916-34-0x000002067C110000-0x000002067C132000-memory.dmp
C:\Users\Admin\AppData\Local\Ambrosial\log.txt
| MD5 | f9574c5c7118433e904ac5e3e40db148 |
| SHA1 | 2651920933730c5126ae77897b9d082025e06e64 |
| SHA256 | c6af61074a9886be4231b6ec1013e90c080af2a52f3a8a0186ef98954e441b1e |
| SHA512 | 1f5e1986caf2ce206ad73a8e3d81af1228a5f280e72618c671210bd90562790b8a0d23618ed1f977e44dea5ff2fc4e51daa0a013ef0ca3a754d0b706c1955069 |
memory/3916-168-0x00007FFE236D3000-0x00007FFE236D5000-memory.dmp
memory/3916-191-0x00007FFE236D0000-0x00007FFE24191000-memory.dmp
memory/3916-262-0x000002067D5B0000-0x000002067D798000-memory.dmp
memory/3916-280-0x000002067D5B0000-0x000002067D794000-memory.dmp
memory/3916-282-0x000002067D5B0000-0x000002067D794000-memory.dmp
memory/3916-312-0x000002067D5B0000-0x000002067D794000-memory.dmp
memory/3916-326-0x000002067D5B0000-0x000002067D794000-memory.dmp
memory/3916-322-0x000002067D5B0000-0x000002067D794000-memory.dmp
memory/3916-332-0x000002067D5B0000-0x000002067D794000-memory.dmp
memory/3916-330-0x000002067D5B0000-0x000002067D794000-memory.dmp
memory/3916-328-0x000002067D5B0000-0x000002067D794000-memory.dmp
memory/3916-324-0x000002067D5B0000-0x000002067D794000-memory.dmp
memory/3916-316-0x000002067D5B0000-0x000002067D794000-memory.dmp
memory/3916-314-0x000002067D5B0000-0x000002067D794000-memory.dmp
memory/3916-320-0x000002067D5B0000-0x000002067D794000-memory.dmp
memory/3916-318-0x000002067D5B0000-0x000002067D794000-memory.dmp
memory/3916-311-0x000002067D5B0000-0x000002067D794000-memory.dmp
memory/3916-308-0x000002067D5B0000-0x000002067D794000-memory.dmp
memory/3916-306-0x000002067D5B0000-0x000002067D794000-memory.dmp
memory/3916-304-0x000002067D5B0000-0x000002067D794000-memory.dmp
memory/3916-302-0x000002067D5B0000-0x000002067D794000-memory.dmp
memory/3916-300-0x000002067D5B0000-0x000002067D794000-memory.dmp
memory/3916-292-0x000002067D5B0000-0x000002067D794000-memory.dmp
memory/3916-290-0x000002067D5B0000-0x000002067D794000-memory.dmp
memory/3916-298-0x000002067D5B0000-0x000002067D794000-memory.dmp
memory/3916-296-0x000002067D5B0000-0x000002067D794000-memory.dmp
memory/3916-294-0x000002067D5B0000-0x000002067D794000-memory.dmp
memory/3916-288-0x000002067D5B0000-0x000002067D794000-memory.dmp
memory/3916-278-0x000002067D5B0000-0x000002067D794000-memory.dmp
memory/3916-276-0x000002067D5B0000-0x000002067D794000-memory.dmp
memory/3916-272-0x000002067D5B0000-0x000002067D794000-memory.dmp
memory/3916-270-0x00007FFE21F80000-0x00007FFE220CE000-memory.dmp
memory/3916-286-0x000002067D5B0000-0x000002067D794000-memory.dmp
memory/3916-284-0x000002067D5B0000-0x000002067D794000-memory.dmp
memory/3916-274-0x000002067D5B0000-0x000002067D794000-memory.dmp
memory/3916-271-0x000002067D5B0000-0x000002067D794000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\0e1a63fc-9228-4b4f-96fc-fee060f96e92\GunaDotNetRT64.dll
| MD5 | 9c43f77cb7cff27cb47ed67babe3eda5 |
| SHA1 | b0400cf68249369d21de86bd26bb84ccffd47c43 |
| SHA256 | f25b9288fe370dcfcb4823fb4e44ab88c7f5fce6e137d0dba389a3dba07d621e |
| SHA512 | cde6fb6cf8db6f9746e69e6c10214e60b3646700d70b49668a2a792e309714dd2d4c5a5241977a833a95fcde8318abcc89eb9968a5039a0b75726bbfa27125a7 |
memory/3916-269-0x00007FFE2A3D0000-0x00007FFE2A3F7000-memory.dmp
memory/3916-2928-0x00007FFE2A3D0000-0x00007FFE2A3F7000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 34d2c4f40f47672ecdf6f66fea242f4a |
| SHA1 | 4bcad62542aeb44cae38a907d8b5a8604115ada2 |
| SHA256 | b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33 |
| SHA512 | 50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8749e21d9d0a17dac32d5aa2027f7a75 |
| SHA1 | a5d555f8b035c7938a4a864e89218c0402ab7cde |
| SHA256 | 915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304 |
| SHA512 | c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a |
\??\pipe\LOCAL\crashpad_3968_URBGXWRKGOBBNNRL
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d36e88bafd7cab6cde903b695a2cbdce |
| SHA1 | b8d9760daef5f30656900594c00b265683adfef7 |
| SHA256 | 18c4790d13a274e77fff49b459aa70949f3aeaa6bc993d5015504ade57cf129a |
| SHA512 | 190dc5843c64ef659b05ce771922daebb857c0fff39e6769a378680d5ccad8ca0f1f237e96557e1cdbd93a1822c1993f7c574a740d5b6f38a1f83b5d500e82ba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 04438e2e28496ba90e5948fc1284bd11 |
| SHA1 | 5c808de5730daa7f8ad25025ad2e4dd562f430ba |
| SHA256 | 4ca2e5eec530a268967421f6533902e9153bfd7e971965b0103e15f49bb0bae6 |
| SHA512 | d17012bd023532898a8ac7b79c820745df9e146b5d4d33a506849cfceac63c9a14da3421846e6ef281975e53acc6a53ab051497a710c78f08eb0877be8a74d29 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9b2031977dcf02fe08972fb8338a474a |
| SHA1 | dd36a29688244a692e659563508a8da0d72d698f |
| SHA256 | 04e821351a2c3142817fe706dfc0f480fb8698c6879ab182e2a4367baaee7658 |
| SHA512 | bd83a6d9fd23d5f7de6cdd4936819b20ff4633dc39412ae0c8b9e226d12a23fedbee391d42f1904bbff9881ea05c11109d5728c8d944b86a7543cc640ff656ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8340afb98f7f2b6ecc9e6cec32bd65cc |
| SHA1 | 1308b2c7bd046ad3abbc760a0753bb0d3cfef9e4 |
| SHA256 | 192bfaabdd6ac86eab2dd825f7316dd2c4cb59072cbef42d9843cc640b907366 |
| SHA512 | 16c3d078b6ff6294a8737c064fa27745187a16efccb43e89ea3b1cf9afa31c74137f02294a258fac7c165b1d848a69727096cfa4ecb91ab471e81110ee157219 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c6d9d60fe995cc5dbf3d675d6665ea6d |
| SHA1 | 9d7a0dec0e4645f7785270d5224b5a86b9ae756a |
| SHA256 | 88ff72e338617aaad56b5de81f7235e8754f7de942abd4367187ce11c372368d |
| SHA512 | 0b24f9b341b96f4fc8e1160f3546b7b58fe673dffbaa976f740f6e2d1a6791bb62193dcbba9ed6ecbf7bc7e0dc4f501238012c7449592f47291b3e9b3c1ce726 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
memory/3916-11712-0x00007FFE236D0000-0x00007FFE24191000-memory.dmp
C:\Users\Admin\AppData\Local\Ambrosial\assets\clients\1.19.5002.0\Zephyr Classic\launcherAssets\ProjectHalcyon.png
| MD5 | c3976282c3350adf85c8bc519268b056 |
| SHA1 | 78695379b61af4f7e9a71ac7801b2d511681723f |
| SHA256 | da53d6057450a3cc60c38586baa5e35d07f6851775a51a3d5bc173b84f9e4ad2 |
| SHA512 | 044b88578124b5e22dda82435360c4b7d1e25dfc188416df9a71c7ac1b213a5ae06e1889aabc6902231c90b25d4d3d1d8bb81deea320e226b1f7607b137cb474 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c1c1a0db90be06fb73855929b410d239 |
| SHA1 | be1463a31255cfe2f8066e51d715ed86782adbcc |
| SHA256 | 1568ea70a3b1728d30fe449201357e347260c616a44081d96f8369b759bd1609 |
| SHA512 | 07e172fd68526a7245db5e52e5628e0fcc7ee6d81095a0433d859ede5c3b95ed171b7d2717ab74ef0b83b188901d31438b4f77a4d0f7d8613f0cfdcbc6b04cbd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
memory/3916-12029-0x00007FFE236D0000-0x00007FFE24191000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 764bc61e345f173c6359859bda681ff9 |
| SHA1 | 3084be03e7fbacd2e454d24ad8c8e9e3cd5b84cc |
| SHA256 | 9adeaf9dd8fb0514a0e5bfe08689a0837c7ab64f6ddf6cc4839a7e004148dc90 |
| SHA512 | b15795a9e59357f25e796e282ac63fa6cb3918fa3049636d2a7e77190a6606c9561bf6c700e9427b7da5886e3e0cffa0554b6ab04d305ddb77bdf2d25bddf4f8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58bfd0.TMP
| MD5 | 6bd0a0a7d4724e40b1534b3ee467041a |
| SHA1 | 921dfd5ba643f95f0980733de3e0951859530e32 |
| SHA256 | 4ef5f1eae0da1a9ac37700e8941e2065c52798d86e6c2f24fcfbce626ef49db2 |
| SHA512 | d7c30a4f04d2a517c8868f8efb89ff393840e529bfa7fbc6732d9a34a3f606fe945cccc27a899e086d2458d2c2adcb0d6be2f0bbe4444741d67e50f6bcf487c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c67de1e2ed905c3796ba5a7cfb655c64 |
| SHA1 | c542e109feb33bc6ff2dea20e40ff79f0b220d13 |
| SHA256 | ca5f8467b55aec1821e314006a3c93be449acdc29f3a1322caaac3560ce847bc |
| SHA512 | d8941600f8e093362522fae89b2bf1ed8baa64071a4b944c40ab4f867555065e71d8ad7bc0aa11bdb140af43a39b108028245346dda918e301dd2cd938102f6c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c27ec9e3-a523-4193-b7db-a4f068cdbc1e.tmp
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\Downloads\Unconfirmed 43088.crdownload
| MD5 | 596b0f4684d45de83c204967c06e48a3 |
| SHA1 | 933dc2dc29a17a9447c944289fed4f98e0eb5e5f |
| SHA256 | 6ff53b8187d0d3e287ad9ce3da20eca4f9dd105a2e3421ca1ad73b533ec4b91a |
| SHA512 | 8f50098d120d32a84347a8337dee27061a6914d66b951f930d491a81a9804317318f25f80467684fd4fecea6bccc6de38b2df3ee2742a54805f2cdb4413d3830 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 437e350df44148da6fbd41d099269a4e |
| SHA1 | ca7a370a60a6863c2b9cf84b2bc6cc524b96a250 |
| SHA256 | d33dd47cd75261013f269e768970429fe2d468a105c0efa6b15f1a61659e688e |
| SHA512 | 44f71a6b2eaadc986224150ef401aeefc2574191d2fe263b254145227e50bc1c67531f77cd9b6b7090f5a176269e1d858edd2d109f16abc9070210d18926d40a |
C:\Users\Admin\Downloads\Ambrosial.exe
| MD5 | 5887c4bf1b3c95bdd33d9abb2e824343 |
| SHA1 | 6bc4052d579cbc698caed2e9f40704e2130df763 |
| SHA256 | 7d248c5c6c93ad5df698dca8809e1f1ae5bb6df1980a0e0860840635aa4cda0b |
| SHA512 | eca3ee8c4bc454e6d39fd54f9f1139122395bdc671c9c7767d43d855c16f6e52d4bfe570fc0bb24e585dd5d78f94361b3b6cdec9adca61d7caa7400cf60ffe80 |
C:\Users\Admin\Downloads\Ambrosial.exe
| MD5 | 73775ed8bca29d4d1e7654c5f26b5d17 |
| SHA1 | 51f4b27a0738bde97b28b53e8aa738f823fe0ad6 |
| SHA256 | 0c7215a6db84afec1c4d7b674a2a2dc268c242f870a95ab3241bf5835d49d676 |
| SHA512 | 8f894772e5c5bc648f50860fe8d221b2c68aa1d8f848756c9bbbea3fedf0a7126742b09a4fe52c96f65957e92de26f23d1e92c449f82eb815fabd1d99a1d75b5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f8885f6ede8e3a006e1d7be08c298b30 |
| SHA1 | 90683ef6e6dbc461498865c20adef76b1b7057db |
| SHA256 | a5c059d0e39b3b4f484aed02b9f19f25ff2e8eb7c8ea83bdc14d48c1eb34d7d9 |
| SHA512 | fc39ea071274a8326473f03dd45d750ba92407193aeae5b727107f6ad59d6f18659d7e8f990106b5dcc6a5c5c7a062ba125ac4ca703dcfca67760857b4175fa8 |
C:\Users\Admin\Downloads\Ambrosial.exe
| MD5 | ec1392d697089d9e2f1f648181953c27 |
| SHA1 | 4378c90358d3e8af1f891b97767c82d287b920fa |
| SHA256 | c9e50ff559c8a2a4d50f1ffb1a66e9b8f58f8a4c7eb443dc27e52ccddb61c869 |
| SHA512 | 06bfe3fe8c0623b9dfb7ceb3e4902a9bcd5d514c09d35d7755992d48f9ecc3443ffe92443aaa7bccd2ed4f336010ef67985bd33f17161a22ca08b9c40397bf8e |
C:\Users\Admin\AppData\Local\Ambrosial\log.txt
| MD5 | 8bbf1c4091f1eb64288b09fc9709b024 |
| SHA1 | 74f79318721b3f99214b59196e2b8ffa39ca6d75 |
| SHA256 | 3a4cf7022f07cef7da1eda0846f5bc6fbfdb8a1bc87e898497fe144e98fcf8cf |
| SHA512 | 84d85be3116c98604f690647f63aca36a9411f0a66341622f16bb9dfdc126d8faea617d6163105de36de17316349c5ac87234580a0c30b79dcbcbe943cd34b03 |
C:\Users\Admin\AppData\Local\Ambrosial\log.txt
| MD5 | cdd754ea3dd2f092f15ce8efc9f78e26 |
| SHA1 | 6a93b3cc8d45d59ff2eb98f02ebeadf4e0c711eb |
| SHA256 | bab88d9bf8f7831bdd38111d0c164af4503c0373bfb901cb12ff4c2c066c4eda |
| SHA512 | 058155f7a00afd5dbc384ddeb38edf27b8517bd50176ec510689db56aeea9575eaad18bb144f9f181c762374500c63a15fbcd6521d06b00e65928f6cc0a8c525 |
C:\Users\Admin\AppData\Local\Ambrosial\log.txt
| MD5 | a03d35371e49e030f55a9bd901d06188 |
| SHA1 | dff283eeaf64aa1fb3c207ba2bdea11ed7a176e3 |
| SHA256 | 63215d82315cef7ac5f1f8021c5d1908b614a874fec8ab986146454c23ad33db |
| SHA512 | b6186f2d015bf965ae550d7c903c69598af367fa5b41210479ea9446da3d496a063bda5fe68d8558d65a60e1cc0d2a3bb8142fd95d2f4efac7025c61356b43a0 |
C:\Users\Admin\AppData\Local\Ambrosial\log.txt
| MD5 | 38daeabb012e4f17646b8e3639a49840 |
| SHA1 | 011999bfc903cb25282903aad156e1bc6458af3e |
| SHA256 | f55edd244c2579fe82f2c17724889e5230a35de629d1cd05b854da8f1a3341f0 |
| SHA512 | e085292fb0aeec00139fdd0ae81756674c0f9b8a0347c63b7df38b10293acaba0f49cb7ec7d15b4c633ccef9ffe7c6b3bddbd03a62505635d8bbd3d5bcbf17e7 |
C:\Users\Admin\AppData\Local\Ambrosial\log.txt
| MD5 | 82613d0cddd127c30bbc4ed5a808cbd8 |
| SHA1 | 6e96bf3b652f9b13200adfbcaf86b278493c17b0 |
| SHA256 | 39b7d166df532b792646344d46c4201aacf2111df9328e2ec3ef5a49aa1b6bf9 |
| SHA512 | 439d14869d160227f95b1d5b11cd2bc342fd096aef3db71632f01940a67678ea2c99066490ee118398110ba8e278447ae26fb39672d0c1f4d472ff75c045504e |
C:\Users\Admin\Downloads\YuGothL.ttc
| MD5 | d87c503953d6720bc16b797e4e9853ac |
| SHA1 | 84d5a135965b630d69280fc5cb04a59f644d2ff8 |
| SHA256 | 3ffa4549d7aba555bf42022a6fcdb2a39bdac8dafbbea2953f73749ed80e9c81 |
| SHA512 | 909c2cd96d0488c2b6cf8c35a9ab2a7c33c38f2909053ee485e96c43c75c18674573108a2ed818a1e3de24391b603c7432a1aa35b03a05eddd364f06ea59d0b4 |
C:\Users\Admin\AppData\Local\Ambrosial\log.txt
| MD5 | b5e1adac675cc2718ca53e0f6d4af04a |
| SHA1 | e97e0bfc35b0b458a6a3d22470eeaecdea21f4c2 |
| SHA256 | 59e86a2d45b2401c7f684f1f8e854bfddb23963ccd5b9e09cf6b56198c34431f |
| SHA512 | 5468590cebda306e7ac4ce2ab7028cc012794c0238e45d0000ffb93628896e68bcd29622161c1caf18a4127a2bd178a9d5553c595624fe46f41f2eadd0c499a9 |
C:\Users\Admin\AppData\Local\Ambrosial\assets\clients\cachedclients.json
| MD5 | 3247e6bc53d0be2619dde6e003a7a03e |
| SHA1 | d495da042dacdfc763992a32a8707616356d88b8 |
| SHA256 | aa8790dd7c8736ccc8f27a41a981537f8a2319b042bac44cbfeffcaa1606f8f2 |
| SHA512 | bf2b22d1b490a3806a518aa28f573066eaf66ce5cb186a090b58c1d9f3a2bea43ebee1ce85c58d89423e401656fa3e2ec75850fce956c749adcd7a9a92b33dc6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ea61ca76e5205749e37093869d20c3a1 |
| SHA1 | 70380c734f5a1b59b7c5306154678fb63490f1b8 |
| SHA256 | 5f9049d2ad6d92aeaa5c90c1b2f8e44506ec9f331166550043864e6ea7855085 |
| SHA512 | e99eb6c5d8f5cfc9311d619a7402a69536819c44587d4e3283bd90f168643046d280f29a8680861ccd1bfa45b0979e9a52bb020c4b03bb36c8759942cfb31ba5 |
C:\Users\Admin\AppData\Local\Ambrosial\log.txt
| MD5 | 9581a9faea93b733768420ed61776e0f |
| SHA1 | 57a4e46c239e480417f30273639b42a2986cb299 |
| SHA256 | e5eb0fdfbfd6771ae97838d5512a783652f22eafed576854f00baa43d7a6c170 |
| SHA512 | 03a90bd9f678bc42ea9c706b7b3a2d12fc82477cab239cd2968e20e0b070647bc89ff25bac04ef9c85dbf25f174803a20a0ba60c05dc748e8c3d97faef5e9f35 |
C:\Users\Admin\AppData\Local\Ambrosial\log.txt
| MD5 | 54afb65b920fc00f60118178657ed96b |
| SHA1 | f9af6726f86109f1ac3b0cce3604f2185d901e39 |
| SHA256 | f903d52e7db7c61745ab0a5bff4e2b5ae93a0b0136088b921595e04ba29e1f1f |
| SHA512 | a9a121e1c6640af92e5427c64937608ffe4d48c33c38c999d726047030111fe5896621b4826f24b9645e725494557e0fab76371f5525f9db0160bf8a7cc68df6 |
C:\Users\Admin\AppData\Local\Ambrosial\log.txt
| MD5 | b1148699e6868bc48e67068853467738 |
| SHA1 | e589ec451fa094d8b3ca048e8006ae8acbd116c8 |
| SHA256 | fc3a79e4245e813b218bef3e46b135ad1c7a24c1f40255d1b2f91539e81adf7e |
| SHA512 | 771835016094866eda8b6bfe45b1eb9f8471dc193cc8464c61d7a6508957719c2c3491618018b94f5c1c089a570d78aa7c444cc87270fcda097c8cf7fc8d4c7f |
C:\Users\Admin\AppData\Local\Ambrosial\log.txt
| MD5 | dcd7db4241fa010fe5a3e647e80ba1a7 |
| SHA1 | 04b0870fdbf9881643354c0aa2d7274aa00d54f3 |
| SHA256 | 68ca75fd521b00680d09cc8b2504f8dee7352cb1abcc926dcdbcd0ac02bcbb83 |
| SHA512 | bddb92571927ca14cafba7f9b0d00d5460432c23fbc2ce073aa2d961df31823e18e21609380fa05ea1f81b3e2d17c5ff49903182dfb1761d280a635fb4b55cde |
memory/1536-12552-0x00007FFE2A3D0000-0x00007FFE2A3F7000-memory.dmp
memory/5592-12608-0x00007FFE2A3D0000-0x00007FFE2A3F7000-memory.dmp
memory/368-12607-0x00007FFE2A3D0000-0x00007FFE2A3F7000-memory.dmp
C:\Users\Admin\AppData\Local\Ambrosial\log.txt
| MD5 | 1e3f68a951f3c1224ee2559e3f5e5d87 |
| SHA1 | 8ce20d8b85ccd175d96b99f5bf1de4fc52ce8355 |
| SHA256 | 2ba5991328598a7366374d4ba99515489bb342402afe980747b2b10bee709e30 |
| SHA512 | 94cc234d087184533d9ca31611b861f81f3b8074fcd3025a2e8b2acd517fe55587fe231f3e7d300953f83df9d4336372baa15ea882259c875f8b19c1a3519c37 |
memory/5696-13569-0x00007FFE2A3D0000-0x00007FFE2A3F7000-memory.dmp
memory/368-16124-0x00007FFE2A3D0000-0x00007FFE2A3F7000-memory.dmp
memory/1536-16698-0x00007FFE2A3D0000-0x00007FFE2A3F7000-memory.dmp
C:\Users\Admin\AppData\Local\Ambrosial\log.txt
| MD5 | 25254f33943150d091648de1ce607682 |
| SHA1 | 6d3cc75de0d55153f006542a1ce4835b77f9084f |
| SHA256 | 0d0d49aaca1172e2031b2841382c417a392229da393c65ef8b37ac6a6427dd46 |
| SHA512 | 9b3e11474827124fdb118839ca7b60b3a5b33b6a1bc97b35b64f6a0730968eaa0c19a33ebb5ddb99a1643f45518940a3dbb964e9b2b20e3b02d1b3954f72a83e |
memory/5592-17296-0x00007FFE2A3D0000-0x00007FFE2A3F7000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 70efd289b1fec1af99d89caa333531fd |
| SHA1 | 044ea99705d738304a8a7357cdecc1edbaca041b |
| SHA256 | dd98b8c2d5c2d1ad73651d71c56580a7e8f5c1182c87706b0977e95629894a84 |
| SHA512 | 787761a235f9cb5a0885215d36e9ad015119c9ad107e71be12d1a3352ca086fc2adc3a31d1368ef163f8ad6c096678a95d19e2d3a976822ac4820ca4e67e6990 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 254dd77436b4d86fcdafeaf28bc4b979 |
| SHA1 | 3daeedf236104b26bc1d7d8b5ee5e586b77dd023 |
| SHA256 | 61e859ef90caa0b740bc853402341fc16e0f8940c6324b3e5699d3039b647105 |
| SHA512 | cff4abd0c4d39ca65c5fce08b40a7c8946d88bee0b67a961acf8521b7a92db7db30c239ba213f6cbc004d54b8218a8789725b99179de30ff610e32b75fa7dd54 |
memory/3916-18350-0x00007FFE2A3D0000-0x00007FFE2A3F7000-memory.dmp
memory/3916-18349-0x00007FFE236D0000-0x00007FFE24191000-memory.dmp
memory/5696-18584-0x00007FFE2A3D0000-0x00007FFE2A3F7000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 02e2ee09dbaba5bd1ba57b5ad0eef1e0 |
| SHA1 | ce8df352f4d91e299a738fd256e60baa1800224f |
| SHA256 | 69d7579d9893e28fa694ce3e338ee24a63a57c795dcb95ab86f38450beca75ed |
| SHA512 | 73b9e4bd141b10b218cd48edc2fbd844f83f47a8ffa29f9a30e3963968747727d9a612643f2cf3c3fc1f7c8edb73a22c2596a1b67f0fdc6936a52d5e15da8998 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 56753b2ec70e87ec7b9f748bdb74ee50 |
| SHA1 | f74daf98d0b71c1e43f188fcb19982c248593ff8 |
| SHA256 | f49dc8011b42001bf9cabebb89c91b3e56aa78326f4ad9127e6a516ab21dab87 |
| SHA512 | 4f7c881e87a351d553b5df9d7f68c09c037c08cbde509b0755d703dadf9972bc710f1a941b6cb614715094b546adb7d1867b1f9bfb85b00e3f3b9b07ba1feaf9 |