hxxps://astraltool[.]netlify[.]app

Analysis

max time kernel
267s
max time network
266s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
14-04-2023 01:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://astraltool.netlify.app

Score

7^/10

agilenet persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

Astral.exe

pid process

4264 Astral.exe
Loads dropped DLL 2 IoCs

Processes:

Astral.exe

pid process

4264 Astral.exe
4264 Astral.exe

pid	process
4264	Astral.exe

pid	process
4264	Astral.exe
4264	Astral.exe

Obfuscated with Agile.Net obfuscator 25 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

Processes:

resource	yara_rule
behavioral1/memory/4264-502-0x0000014552730000-0x00000145528F4000-memory.dmp	agile_net
behavioral1/memory/4264-503-0x0000014552730000-0x00000145528F4000-memory.dmp	agile_net
behavioral1/memory/4264-505-0x0000014552730000-0x00000145528F4000-memory.dmp	agile_net
behavioral1/memory/4264-507-0x0000014552730000-0x00000145528F4000-memory.dmp	agile_net
behavioral1/memory/4264-510-0x0000014552730000-0x00000145528F4000-memory.dmp	agile_net
behavioral1/memory/4264-512-0x0000014552730000-0x00000145528F4000-memory.dmp	agile_net
behavioral1/memory/4264-514-0x0000014552730000-0x00000145528F4000-memory.dmp	agile_net
behavioral1/memory/4264-516-0x0000014552730000-0x00000145528F4000-memory.dmp	agile_net
behavioral1/memory/4264-518-0x0000014552730000-0x00000145528F4000-memory.dmp	agile_net
behavioral1/memory/4264-520-0x0000014552730000-0x00000145528F4000-memory.dmp	agile_net
behavioral1/memory/4264-522-0x0000014552730000-0x00000145528F4000-memory.dmp	agile_net
behavioral1/memory/4264-524-0x0000014552730000-0x00000145528F4000-memory.dmp	agile_net
behavioral1/memory/4264-526-0x0000014552730000-0x00000145528F4000-memory.dmp	agile_net
behavioral1/memory/4264-528-0x0000014552730000-0x00000145528F4000-memory.dmp	agile_net
behavioral1/memory/4264-530-0x0000014552730000-0x00000145528F4000-memory.dmp	agile_net
behavioral1/memory/4264-532-0x0000014552730000-0x00000145528F4000-memory.dmp	agile_net
behavioral1/memory/4264-534-0x0000014552730000-0x00000145528F4000-memory.dmp	agile_net
behavioral1/memory/4264-536-0x0000014552730000-0x00000145528F4000-memory.dmp	agile_net
behavioral1/memory/4264-538-0x0000014552730000-0x00000145528F4000-memory.dmp	agile_net
behavioral1/memory/4264-540-0x0000014552730000-0x00000145528F4000-memory.dmp	agile_net
behavioral1/memory/4264-542-0x0000014552730000-0x00000145528F4000-memory.dmp	agile_net
behavioral1/memory/4264-544-0x0000014552730000-0x00000145528F4000-memory.dmp	agile_net
behavioral1/memory/4264-546-0x0000014552730000-0x00000145528F4000-memory.dmp	agile_net
behavioral1/memory/4264-548-0x0000014552730000-0x00000145528F4000-memory.dmp	agile_net
behavioral1/memory/4264-550-0x0000014552730000-0x00000145528F4000-memory.dmp	agile_net

Adds Run key to start application 2 TTPs 1 IoCs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Windows\CurrentVersion\Run chrome.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs

Processes:

Astral.exe

pid process

4264 Astral.exe
4264 Astral.exe
4264 Astral.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

pid	process
4264	Astral.exe
4264	Astral.exe
4264	Astral.exe

Drops file in Program Files directory 2 IoCs

Processes:

setup.exe

description	ioc	process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\6e9d2732-c4b9-4c60-a7c9-7cb0002c90e9.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230414040343.pma	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exemsedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133259184146634252"	chrome.exe

Modifies registry class 2 IoCs

Processes:

msedge.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1675742406-747946869-1029867430-1000\{FFF0653D-5414-48BA-B144-027C292836D8}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

chrome.exetaskmgr.exe

pid	process
4988	chrome.exe
4988	chrome.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
4988	chrome.exe
4988	chrome.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

taskmgr.exe

pid process

1472 taskmgr.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

chrome.exemsedge.exe

pid process

4988 chrome.exe
4988 chrome.exe
1300 msedge.exe
1300 msedge.exe
1300 msedge.exe
1300 msedge.exe
1300 msedge.exe
1300 msedge.exe
1300 msedge.exe

pid	process
1472	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exetaskmgr.exe

description	pid	process
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeDebugPrivilege	1472	taskmgr.exe
Token: SeSystemProfilePrivilege	1472	taskmgr.exe
Token: SeCreateGlobalPrivilege	1472	taskmgr.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exetaskmgr.exe

pid	process
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

chrome.exetaskmgr.exe

pid	process
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4988 wrote to memory of 1092	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 1092	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 2908	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 2908	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 2908	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 2908	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 2908	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 2908	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 2908	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 2908	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 2908	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 2908	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 2908	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 2908	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 2908	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 2908	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 2908	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 2908	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 2908	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 2908	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 2908	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 2908	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 2908	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 2908	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 2908	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 2908	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 2908	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 2908	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 2908	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 2908	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 2908	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 2908	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 2908	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 2908	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 2908	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 2908	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 2908	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 2908	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 2908	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 2908	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 448	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 448	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 212	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 212	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 212	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 212	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 212	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 212	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 212	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 212	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 212	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 212	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 212	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 212	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 212	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 212	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 212	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 212	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 212	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 212	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 212	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 212	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 212	4988	chrome.exe	chrome.exe
PID 4988 wrote to memory of 212	4988	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://astraltool.netlify.app
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc2fd79758,0x7ffc2fd79768,0x7ffc2fd79778
2⤵
PID:1092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1828 --field-trial-handle=1872,i,9831940063668270300,16557957293692325706,131072 /prefetch:2
2⤵
PID:2908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1872,i,9831940063668270300,16557957293692325706,131072 /prefetch:8
2⤵
PID:448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1308 --field-trial-handle=1872,i,9831940063668270300,16557957293692325706,131072 /prefetch:8
2⤵
PID:212

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3172 --field-trial-handle=1872,i,9831940063668270300,16557957293692325706,131072 /prefetch:1
2⤵
PID:984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3196 --field-trial-handle=1872,i,9831940063668270300,16557957293692325706,131072 /prefetch:1
2⤵
PID:1056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4516 --field-trial-handle=1872,i,9831940063668270300,16557957293692325706,131072 /prefetch:8
2⤵
PID:1756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4756 --field-trial-handle=1872,i,9831940063668270300,16557957293692325706,131072 /prefetch:8
2⤵
PID:4188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 --field-trial-handle=1872,i,9831940063668270300,16557957293692325706,131072 /prefetch:8
2⤵
PID:4500

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4992 --field-trial-handle=1872,i,9831940063668270300,16557957293692325706,131072 /prefetch:8
2⤵
PID:4368

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 --field-trial-handle=1872,i,9831940063668270300,16557957293692325706,131072 /prefetch:8
2⤵
PID:784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 --field-trial-handle=1872,i,9831940063668270300,16557957293692325706,131072 /prefetch:8
2⤵
PID:4464

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4124

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1472

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3456

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Astral\" -ad -an -ai#7zMap28673:74:7zEvent10208
1⤵
PID:4952

C:\Users\Admin\Downloads\Astral\ASTRAL 2.0\Astral.exe
"C:\Users\Admin\Downloads\Astral\ASTRAL 2.0\Astral.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:4264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/j5nrM22
2⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:1300

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0x11c,0x120,0x40,0x124,0x7ffc3f3446f8,0x7ffc3f344708,0x7ffc3f344718
3⤵
PID:1332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,15033141470084802172,3808811034668098863,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
3⤵
PID:4776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,15033141470084802172,3808811034668098863,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
3⤵
PID:4308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,15033141470084802172,3808811034668098863,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
3⤵
PID:3768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15033141470084802172,3808811034668098863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3648 /prefetch:1
3⤵
PID:5040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15033141470084802172,3808811034668098863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:1
3⤵
PID:4932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15033141470084802172,3808811034668098863,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
3⤵
PID:4928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2120,15033141470084802172,3808811034668098863,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3948 /prefetch:8
3⤵
PID:4820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2120,15033141470084802172,3808811034668098863,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3424 /prefetch:8
3⤵
- Modifies registry class
PID:4892

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,15033141470084802172,3808811034668098863,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5932 /prefetch:8
3⤵
PID:1924

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
3⤵
- Drops file in Program Files directory
PID:4676

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff710155460,0x7ff710155470,0x7ff710155480
4⤵
PID:4604

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,15033141470084802172,3808811034668098863,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5932 /prefetch:8
3⤵
PID:4452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15033141470084802172,3808811034668098863,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
3⤵
PID:1912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15033141470084802172,3808811034668098863,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
3⤵
PID:4160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15033141470084802172,3808811034668098863,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
3⤵
PID:2612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15033141470084802172,3808811034668098863,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
3⤵
PID:3552

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2436

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\2576ff77-a4fb-431e-888c-6701fa222e63.tmp
Filesize
6KB

MD5
973d46f237dd375cfef805f2ad162a23

SHA1
e73442e5ad7467526ce8ee20362fc152870d7f8e

SHA256
b2d6b3aa84702520f42e35b8f30b198d465273f9049a68d9b9bdb0fc0a7ff63c

SHA512
7ac8aa720c85ddf0f0e1e4cc499aa400ca6fe8c4d8f2431c3e8c61de841d301c3d026685d9c40a3c190fd2442d0d56db6459dc7cc973113602bf920a9a6e8d5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
264B

MD5
47bf1e6337046d834686f358a8089625

SHA1
7d3317ecf7661a2b582ee627389cef2efd144be7

SHA256
6571a771f35e225c74e12488b56395ed192bd8fffc15e064d4c1949f18190029

SHA512
8c64c26dfec45c73750deef2d7dc5353a9ed0365f5bfc0e3a763c94cfea9e9240417394fe598e19c21b90acb9462377f8d79fa70cbbc1648d6b9b7da17b839db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
216B

MD5
f208cb8d3e069f73e532dae221126e34

SHA1
7f0945f8981024a5af1dd74216bfd78f488847d8

SHA256
f4685ee88833a3cd6058440ff5a0d68ecd4f0132c2a50f8ca621ed5927919b11

SHA512
74424d85fcccb5e8ee63fd9cd9c1513965e6ef582b96f319b3b05252eff5fbc6ae34b7c7f203a3a359ea3f36ad2573d85e60cdd2a387b52e322435994896a527

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
f3eb50e49c7a059f6a05602c4a7cbe82

SHA1
7d85b519ef0ad6f7ee065b0102a76e70b537fdd5

SHA256
a6222af4fe0865feead15c0188248143ba44020bc23bc47a5dda937093e8ce0c

SHA512
8bd5704f33e5d11784f83cd100363e07b1798de18994c4b3c3459cbb726dafd63491522090e13dc317cdeeb5ac2a2f9524f671d5eec280ab6d8f9de0a50eee1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
a65aae97f5092a89784e4a3b708dd6e0

SHA1
709f16a441e30af48dd3bb892b716aca9b9b26cd

SHA256
59a7fb83bb2045dea0ae27c0d09b6e134a4fb55a5b7a634696a5d8f72202f599

SHA512
5cb1cf0e18fe42b730f4c2f8524adcd5983e471de41eb843a8966b223e6db8289caff1e9f13b8525df9d94d85f27b44ffe2e7608be9c0ae59d5f5e31f9794ba5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
874B

MD5
a6270ac67983dc3f87928ca6b8924376

SHA1
fff1e06dcb759866ebe9e3a0042d4b746b8d546e

SHA256
e7ba2cb566819c20e73d953b67f2dc4695681559e462977694f029e3ec9eb90b

SHA512
00c48f80d3bed1725c63a32557bfaab421235319bf63063f4f4208c62ccb9dadd724afa70b1e67c56dc1043b98aaec97ca5c53a47744f7f00063bf5df6cb0f3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
874B

MD5
015818b54524504c608cb2865ef19932

SHA1
acf8e85d38871c336e909d21096fcbb8c9124dc1

SHA256
8aef7aa751a3713d6cffd63e801e95c14ec49e8eb1b51d25cfd5797edd65e3ba

SHA512
a90fde4dfd2efb8e4222450eee7d864ca67f225e1fe86bf5dbe22be4cd63be9a0e7d3e97f2a089406bf2d4be325da75248fa5073587fa5c12c956e4edf0b33bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
874B

MD5
c863201164f6b3fafb1c19786534eecf

SHA1
64f7b2c4d0aca8aae1c79ca3c23f4a578033de03

SHA256
8f4778813194968d71d850443eb90b8a4a4a52b2c16a5c85afe97641933d8d34

SHA512
23eba04af581fc4191100257a0b00ba1e2ffd5b637d8de3479bfad15e60c713d5964bdf141f7c549589de9cd1298fb4cfe1af7817094479b550d82a827ec1995

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
874B

MD5
98b9147163bed9aa93e67355ca51033a

SHA1
b9544f85c1c32a5b0b004fc690ada949c6bcb186

SHA256
680c89b2612de4b19529dcd07ef5c24c6262c33d70bc80ede4a6fa60becc88c9

SHA512
b6ad941c8055905a0632713d83adf6f88f4035d751a51b1689b90558eeab8e66a380b961f2187f35e97ef708649254ef59c8cf3966322bf23c8498f01a0a4135

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
0d10a1d07a5a6627e2f72f1ecac7cf01

SHA1
485a785a6fa29ce545b4eea968268decbc5885da

SHA256
d689ab9360d08ed22aee6a00344158854450e295623472bb0a72f1cfb1beab99

SHA512
b62264413ece98c7b02e85fce7a8ccb8886b0d60c78d46215b75c4cd03bc5b20c6000761557d7f110e83c0d8b4c96da26c8687eb2998b8aedaae44fad12f8bbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
24b8012cabbdd133d7d08ac96418aa80

SHA1
814daec11f8abe12ca4e5c23c92f59fd8ccae093

SHA256
c590d2df68a27c697b91378f09c84b7b58a08aca90a9f1aa2e3c7da385d2792c

SHA512
2f189e1bf8a47a254d71b6fc2200e1d5d3dc55b1671126afb91237716d2dfaee2ce70bf140dda3d98d53d5e2af0bb3fe9d3523d1b4c8d881c466014054d122b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
5c41b741307b3c4b5a2bc703572c774d

SHA1
7909646613d88f567b1234dd88892e3647bc8584

SHA256
5842f325168f943932e08d71d48b546d17443d9237ce86d5fc7411047ee426f7

SHA512
d3e9ebf80caea47f55a9d12b8a43e536d3511249b4c93438c1c188281d40038b9609685b4f6d90927e78a1f20075d9ac90936c997bbdab02877e01bef405e2fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
64de274c6e27c85d836ac31226a9fd54

SHA1
86f5ebb764eeb95b2332388ffc4c5b4dda826a6a

SHA256
303c4cb31af59705b8571abfe398c23e8eddddbaef76a257ff52d067cef2aff5

SHA512
d71f4cdaba8c88b0fa2b41ff6e87937bf2a500b088503adc64f066309e62ab226099ddafd32a7d413aa0b046e183b1f304b028e5b7d9cbf607fe89c5e76acca4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ee558ad2-028f-4ac6-b4e9-800ac1d7f2a3.tmp
Filesize
15KB

MD5
163313bb8fc3f0679005f0a0926da75f

SHA1
4dd986d1c6ed83a6b46f0fe29ec7bf27d7b86f80

SHA256
e50837d52b861c95f7f0c38ea410bf0f330b6353d152f64d7306b4e28f1c8ef4

SHA512
192a25d48d2bd98ec0df92eb90cdff1b244697f07e1726656186046c89b76b545a1a8cfddd51b5fb68193b7905574c9c73d962e2cb2d997a13bfb5c5d232beac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1
Filesize
264KB

MD5
56e5025ed2a33b049c96c1257775906a

SHA1
2f6423fdfb76049b935c693091453154cd9fd346

SHA256
2991ddcc9ad76ae3b1e82c17ce94eb5f8b7ea3a1fc15f34e725ec104f7e4b79e

SHA512
c1c96f37cdf59a95341b89588ef6557c34fdff8f24bb2befe0e257d496b4a0a66091ddc2345f93b65788de9a9717e0f36dd19bea3219d5a144fc82c08ae4b593

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
72KB

MD5
070a2ac25d6df0b00df300ec5acc4bfc

SHA1
bceed2b6755f4085f3d4aa8bdc60bf043e0c616a

SHA256
caf83f4026d62e1e85f39570567e52973ff79e21cd9fbde6efb11911ad15df2e

SHA512
3970230972c449d2a389599a24586e934b22e2abd574138af533137caf5b3b1a44f19fdfc86edcf5e53e0e892e81e22478ce00f93776927639817e9b83eeda7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
201KB

MD5
0fb17406dceeac214a6ebc1238bc837a

SHA1
bd957beefa2d8e66b0ffcffb1f139c28ea479ce1

SHA256
8ef1004406a5bc9bdb4fd5b9d178942e27256d9b31526d4b2767803205b8feee

SHA512
2515a1d92a37bd062d8fd0c40e82ab1886890ae7edc7fbd695612d22566b4da659c1d263a55ce807a028df0764389b9ec7380cde11b41e3e1fed2dff1364db2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
207KB

MD5
3dcf98d3dba3d016d9c07fc8c7742f2d

SHA1
8f05b16538490df91112597aa17d5de46dc10e08

SHA256
d24dace255e961806a6068eb4d492cebb8269c4dc88edef43e404e864f7a376e

SHA512
06e06508a0e823a143da6bb9d6218c6ec6164f62820b458977d6535465eb9f15d58b67f5a1a3dfb443b673d71ff335145c199f260ebc7819ddd592cc48b88944

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
201KB

MD5
bd61a015be6791d01de43f9cede46bf1

SHA1
19e21aba2b38bee00f7716bd04c248fdb8d7ac8e

SHA256
8709085365feebe192e2aa1e955d5f9d75c9bd983c11d7a5865886687285c914

SHA512
3c0ea5a291f8a11577b1acd2f6d31f982d4e833fa91dc6a085ce9b329226086bcd498d81443514d68d94004d60f9fb2f55575bd9f21e6a1881ec0d58fe249411

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
202KB

MD5
cb5d7d91b573d86fd235d399d8616a80

SHA1
d572c8c7cd0386988ee4df67e1dedc6ce70c5710

SHA256
a9b81c89e33ca1050f2b2d79b59347af21052c5b6c4fdd50bc0100fcf44a2a2d

SHA512
808a47f34eeb467d3ed69e1e384931644e6d59e3a68a6c271e80a0b86116c22fc4d4b54ef47ce81cd53517121d7b3c02a0b08fedcd0877cad39459d977eea5f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
201KB

MD5
b6956f535a2e5399fde9df5698887a13

SHA1
9a1dbbce32040141343b4c6abc207c262366077a

SHA256
42fa41528308ec677ff001854f88d2f823a2226aad1026bc123738ad1709b3a0

SHA512
7bd3d006738b3be27b9212e6e0cfaff5acb75c37f6ef7a6b8474b07d9dc35ea4b6337b0e86a399fe16200f65ddcb7b4bd57ac4ee82e7cdfde9525f260a8af000

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
207KB

MD5
3dcf98d3dba3d016d9c07fc8c7742f2d

SHA1
8f05b16538490df91112597aa17d5de46dc10e08

SHA256
d24dace255e961806a6068eb4d492cebb8269c4dc88edef43e404e864f7a376e

SHA512
06e06508a0e823a143da6bb9d6218c6ec6164f62820b458977d6535465eb9f15d58b67f5a1a3dfb443b673d71ff335145c199f260ebc7819ddd592cc48b88944

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
201KB

MD5
b1451e54a7cc2ba7e3de342fa11125d0

SHA1
f76dce6f0560b33be92c56dd625b385a650f5372

SHA256
0811ade72702ca0c3a236e46bef1b333f60544fcace44cc9d5cc09f11cf3772d

SHA512
5a475b6e0a7b01aa0ae7e4e4ec346ec5375c102934361afc59800b47782e47b770deffc4558cb47cbf72917974af56526a13583cdfc8531a425edecb7edb5857

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
cd4f5fe0fc0ab6b6df866b9bfb9dd762

SHA1
a6aaed363cd5a7b6910e9b3296c0093b0ac94759

SHA256
3b803b53dbd3d592848fc66e5715f39f6bc02cbc95fb2452cd5822d98c6b8f81

SHA512
7072630ec28cf6a8d5b072555234b5150c1e952138e5cdc29435a6242fda4b4217b81fb57acae927d2b908fa06f36414cb3fab35110d63107141263e3bba9676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1d40312629d09d2420e992fdb8a78c1c

SHA1
903950d5ba9d64ec21c9f51264272ca8dfae9540

SHA256
1e7c6aa575c3ec46cd1fdf6df51063113d277012ed28f5f6b37aea95cd3a64ac

SHA512
a7073247ae95e451ed32ceeae91c6638192c15eaad718875c1272eff51c0564016d9f84690543f27df509a7d579de329d101fbf82fed7cbeb27af57393de24ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
408B

MD5
61ff681f5ba775fdb8972dbc79f44f6b

SHA1
946bfaf50ea92125af1a5c2af6e6e145c433197c

SHA256
b094459e10bd9aa4ff8737effedc888694bb825500a2a28d43db2d6684f2b6ad

SHA512
c8518ca9d4d0028618fc73a28c10cb99ab8d85c83d7cb13b30096e95bb8318ad14ab8f9c5ebc92f718a416f8a7ebec1faf5d73830f06f59bf3c4eb17daf97f85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5a6dbf.TMP
Filesize
48B

MD5
7326747a6415818f09d5bc3bc11e6a94

SHA1
5520c9c7f5635d740fad894a74dbdb1b082d8bf5

SHA256
7f4751c6eff374343c3f1e921d01aa0464981811826404065cfdff4e46fb92fc

SHA512
a4204107b8e5c8475fdc0a833ed9940ac98dbd91b9c1c63d52bf5d343d3e1bb4dcb931f91d32c9b9c0ecede54b82e24352eeb3efcf883e94f90ac65be052b0fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
Filesize
2KB

MD5
a4d80c48b49048f3d56514b598e8e3c8

SHA1
91d110de0f38c47128f874e75d3ea8c2fc277e49

SHA256
fa1aac809a62ab29896aab1bf030a59646963d264a67cedda15d46e887082e7c

SHA512
118c7d5e9d3eaf1708c60ac3e4156bffbade6222cd0ee5d08b55dcb741d6ef31e46156ecda6670ce9bc4d89358bfc7d4f08a7b3b01269cb985562415bebdffe9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
656B

MD5
91a73594ad62afea191b74094214454e

SHA1
c36173fb00fd8ccdc9059c82c95d78653a9d883c

SHA256
115b4feb0b4d4b1edc346a5ee9d407e2eb3911cb604081010e65dd1ced8dcab2

SHA512
6a5afeb35df7fa19421a34ca72251322396db50af43566c6cb6dd8b19ffd93edce69a57582ee62264f14505912af7979119b44aa98add0f5d3a82925ee260a78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
1ed77eab01232b1a8af29ac1fc5e1040

SHA1
e202830be5dc142df74ba43faf760937dc1fd1d2

SHA256
f9a76e14c3a3914ad68589b3f61527512a4b0a5e469dad9b5e6783785d40c4b5

SHA512
613ef3eee300d0e0d021622a8ac1b3286a42c90d9a2647f00f592420b5f2201e83d9e8aea600d05fc86d460e6ef19f4fa3ecadc9208a328cb92d0e2e6b2cfce3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
4KB

MD5
603b596ea3608081099903224f69cd59

SHA1
821f2ef7071ed0a6c2633661e83432769237c6e5

SHA256
92b4d8b9d407fa3d3cdb2e3caa8605216087eb1db80bc36dec2920dae71342d3

SHA512
13a3d23d6fcd3e6761ad62e4d7968f7e30f109042b77117aeba0c44f4ceb54add2e2748d3826dcedb975e1d33179ce499f586a6b3d0f86df8349ea915f91c54a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
1463bf2a54e759c40d9ad64228bf7bec

SHA1
2286d0ac3cfa9f9ca6c0df60699af7c49008a41f

SHA256
9b4fd2eea856352d8fff054b51ea5d6141a540ca253a2e4dc28839bc92cbf4df

SHA512
33e0c223b45acac2622790dda4b59a98344a89094c41ffdb2531d7f1c0db86a0ea4f1885fea7c696816aa4ceab46de6837cc081cd8e63e3419d9fcb8c5a0eb66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\eadbf45e-53e3-44f3-b366-9b672b5da9d7.tmp
Filesize
6KB

MD5
de93c9fc887a495c7af0b80928da17a3

SHA1
832711b18b7ba000a65cf477c44f7c1b2820125e

SHA256
99c808b13d25550812fa89f0adf0585b57948442fecdb6e76e661ba3fb5c8b67

SHA512
577ecc5c3648b91c4589f98c732ee009f93c1d002cd763587f85bbf596a49bbb8cd5fd1e8472093221eeccc8140345d486e5f97bad5ce3b342e1a100cba87f29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
9KB

MD5
581bc393b1e5294dcb38c74b54b534f7

SHA1
234c3a4b4bd921ce9fb078f249b5dfdf2f877946

SHA256
d580d044c194fe698e71a5f936cd303dcd02d7ca4f7c3878b76239cf7cdee10f

SHA512
217acb14eaca7f5259adef7a3689342015cc1ed976e3c5d174b143a7193c0c8aa480f0c587a70a78ecf467d4979b7a19d961b57c1404c04f00c6a8c1ec82683c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
cf1d51bc610ecb2854aa04101b445791

SHA1
7a8da83b821b09cf4897e0f35f8768cd44b3e5c2

SHA256
ac13fa5f73787af4eded59eb8615130ffa4fe2604c04ef76ed272f6bea8b2dfd

SHA512
1aa3abc1cf51c6fd4df313a0a5c9d14b52e4a9f2af64de1f0da2521116774590023f52c010f8642cc4bf52146e9f66b71b63c9be029c81f15a86727f0a599f03

Download Submit
C:\Users\Admin\AppData\Local\Temp\cf4f3925-9c0a-450a-9184-9807a418352a\GunaDotNetRT64.dll
Filesize
142KB

MD5
9c43f77cb7cff27cb47ed67babe3eda5

SHA1
b0400cf68249369d21de86bd26bb84ccffd47c43

SHA256
f25b9288fe370dcfcb4823fb4e44ab88c7f5fce6e137d0dba389a3dba07d621e

SHA512
cde6fb6cf8db6f9746e69e6c10214e60b3646700d70b49668a2a792e309714dd2d4c5a5241977a833a95fcde8318abcc89eb9968a5039a0b75726bbfa27125a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\cf4f3925-9c0a-450a-9184-9807a418352a\GunaDotNetRT64.dll
Filesize
142KB

MD5
9c43f77cb7cff27cb47ed67babe3eda5

SHA1
b0400cf68249369d21de86bd26bb84ccffd47c43

SHA256
f25b9288fe370dcfcb4823fb4e44ab88c7f5fce6e137d0dba389a3dba07d621e

SHA512
cde6fb6cf8db6f9746e69e6c10214e60b3646700d70b49668a2a792e309714dd2d4c5a5241977a833a95fcde8318abcc89eb9968a5039a0b75726bbfa27125a7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
3KB

MD5
09e123e4bc30cd833878d61f1f64f152

SHA1
df9c958ade71c06e5fc7b0eb65de3bec9dba6a1a

SHA256
6ec1f9dae80fe7da4d64d11aea4fa8d7ff79bf65364ae1cb889224f20d8de653

SHA512
505cc5067eb85ad4ff736aade3fe5e5aa9bc699f9855866804459d8d3edafaa13c8c63eb43679881b54f82735303293f41ebb5adf3dbb1c0aa24cd6c548fd80f

Download Submit
C:\Users\Admin\Downloads\Astral.rar
Filesize
15.4MB

MD5
c8e7dc1384f8ec1fe1d704d0a8cb102c

SHA1
79cbafd1d35586a0ecf8c059e9eb61824c7bc6a9

SHA256
0e173c2a2d3d5e7b98d3e93423e6f3cb906459ff9a61d9e7c451787411995612

SHA512
1c02f5311db38d7297c6dfc6c8f9f55ae9d38cd73f3c17a5adadea8003c2a020a13b33f09c79c1749f24c80516349536939404c66891fb0768b934739e64b199

Download Submit
C:\Users\Admin\Downloads\Astral\ASTRAL 2.0\Astral.exe
Filesize
12.8MB

MD5
1ee5f98fbb806a712f1b604fc4c4c28a

SHA1
cdad412d23992b37dacb37286e9c149cef5fd05f

SHA256
566fed7c0f5027414066594ef3580224795683be610d005d414ef1bdd6ae455d

SHA512
01e261de6fce9309798d56cfba21dfe535bfee555c47a42fbbd9dce8dcb3c2e6144200a14bf01aa9bcc53a32116fd7b522f120cdcc708b3874e829f7cfd58b0f

Download Submit
C:\Users\Admin\Downloads\Astral\ASTRAL 2.0\Astral.exe
Filesize
12.8MB

MD5
1ee5f98fbb806a712f1b604fc4c4c28a

SHA1
cdad412d23992b37dacb37286e9c149cef5fd05f

SHA256
566fed7c0f5027414066594ef3580224795683be610d005d414ef1bdd6ae455d

SHA512
01e261de6fce9309798d56cfba21dfe535bfee555c47a42fbbd9dce8dcb3c2e6144200a14bf01aa9bcc53a32116fd7b522f120cdcc708b3874e829f7cfd58b0f

Download Submit
C:\Users\Admin\Downloads\Astral\ASTRAL 2.0\DNGRTx64.dll
Filesize
5.3MB

MD5
a428c3e775add87c7915381a88061888

SHA1
aaf1ef5d8924e92961bf81d07c2d6886e1e01585

SHA256
ddeb3041ff32da6d6a98e90941ec18f45b7a8afb2b738394de3073d774dfde4a

SHA512
29f8d8787e41370e0373bd01021783190fb752f6b37881462ebf7edd9bda9f530f59c125c3ca1ba8f88dde1200a3015868eaf718a9ad09ffc2ad6396a0f098d1

Download Submit
C:\Users\Admin\Downloads\Astral\ASTRAL 2.0\DNGRTx64.dll
Filesize
5.3MB

MD5
a428c3e775add87c7915381a88061888

SHA1
aaf1ef5d8924e92961bf81d07c2d6886e1e01585

SHA256
ddeb3041ff32da6d6a98e90941ec18f45b7a8afb2b738394de3073d774dfde4a

SHA512
29f8d8787e41370e0373bd01021783190fb752f6b37881462ebf7edd9bda9f530f59c125c3ca1ba8f88dde1200a3015868eaf718a9ad09ffc2ad6396a0f098d1

Download Submit
\??\PIPE\wkssvc
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\LOCAL\crashpad_1300_TWYDITFEXKUGDDNI
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\crashpad_4988_DOHWZHNWSSSQNEPL
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1472-222-0x0000022A2F6E0000-0x0000022A2F6E1000-memory.dmp

Filesize
4KB

Download
memory/1472-221-0x0000022A2F6E0000-0x0000022A2F6E1000-memory.dmp

Filesize
4KB

Download
memory/1472-220-0x0000022A2F6E0000-0x0000022A2F6E1000-memory.dmp

Filesize
4KB

Download
memory/1472-219-0x0000022A2F6E0000-0x0000022A2F6E1000-memory.dmp

Filesize
4KB

Download
memory/1472-218-0x0000022A2F6E0000-0x0000022A2F6E1000-memory.dmp

Filesize
4KB

Download
memory/1472-214-0x0000022A2F6E0000-0x0000022A2F6E1000-memory.dmp

Filesize
4KB

Download
memory/1472-213-0x0000022A2F6E0000-0x0000022A2F6E1000-memory.dmp

Filesize
4KB

Download
memory/1472-212-0x0000022A2F6E0000-0x0000022A2F6E1000-memory.dmp

Filesize
4KB

Download
memory/1472-223-0x0000022A2F6E0000-0x0000022A2F6E1000-memory.dmp

Filesize
4KB

Download
memory/1472-224-0x0000022A2F6E0000-0x0000022A2F6E1000-memory.dmp

Filesize
4KB

Download
memory/4264-508-0x00007FFC30A00000-0x00007FFC30A27000-memory.dmp

Filesize
156KB

Download
memory/4264-530-0x0000014552730000-0x00000145528F4000-memory.dmp

Filesize
1.8MB

Download
memory/4264-532-0x0000014552730000-0x00000145528F4000-memory.dmp

Filesize
1.8MB

Download
memory/4264-534-0x0000014552730000-0x00000145528F4000-memory.dmp

Filesize
1.8MB

Download
memory/4264-536-0x0000014552730000-0x00000145528F4000-memory.dmp

Filesize
1.8MB

Download
memory/4264-538-0x0000014552730000-0x00000145528F4000-memory.dmp

Filesize
1.8MB

Download
memory/4264-540-0x0000014552730000-0x00000145528F4000-memory.dmp

Filesize
1.8MB

Download
memory/4264-542-0x0000014552730000-0x00000145528F4000-memory.dmp

Filesize
1.8MB

Download
memory/4264-544-0x0000014552730000-0x00000145528F4000-memory.dmp

Filesize
1.8MB

Download
memory/4264-546-0x0000014552730000-0x00000145528F4000-memory.dmp

Filesize
1.8MB

Download
memory/4264-548-0x0000014552730000-0x00000145528F4000-memory.dmp

Filesize
1.8MB

Download
memory/4264-550-0x0000014552730000-0x00000145528F4000-memory.dmp

Filesize
1.8MB

Download
memory/4264-1098-0x0000014551990000-0x00000145519A0000-memory.dmp

Filesize
64KB

Download
memory/4264-1303-0x00007FFC30A00000-0x00007FFC30A27000-memory.dmp

Filesize
156KB

Download
memory/4264-11006-0x0000014551990000-0x00000145519A0000-memory.dmp

Filesize
64KB

Download
memory/4264-11005-0x0000014551990000-0x00000145519A0000-memory.dmp

Filesize
64KB

Download
memory/4264-11007-0x0000014551990000-0x00000145519A0000-memory.dmp

Filesize
64KB

Download
memory/4264-11008-0x0000014551990000-0x00000145519A0000-memory.dmp

Filesize
64KB

Download
memory/4264-11009-0x0000014551990000-0x00000145519A0000-memory.dmp

Filesize
64KB

Download
memory/4264-11010-0x0000014551990000-0x00000145519A0000-memory.dmp

Filesize
64KB

Download
memory/4264-11011-0x0000014551990000-0x00000145519A0000-memory.dmp

Filesize
64KB

Download
memory/4264-11012-0x0000014551990000-0x00000145519A0000-memory.dmp

Filesize
64KB

Download
memory/4264-528-0x0000014552730000-0x00000145528F4000-memory.dmp

Filesize
1.8MB

Download
memory/4264-526-0x0000014552730000-0x00000145528F4000-memory.dmp

Filesize
1.8MB

Download
memory/4264-524-0x0000014552730000-0x00000145528F4000-memory.dmp

Filesize
1.8MB

Download
memory/4264-522-0x0000014552730000-0x00000145528F4000-memory.dmp

Filesize
1.8MB

Download
memory/4264-520-0x0000014552730000-0x00000145528F4000-memory.dmp

Filesize
1.8MB

Download
memory/4264-518-0x0000014552730000-0x00000145528F4000-memory.dmp

Filesize
1.8MB

Download
memory/4264-516-0x0000014552730000-0x00000145528F4000-memory.dmp

Filesize
1.8MB

Download
memory/4264-514-0x0000014552730000-0x00000145528F4000-memory.dmp

Filesize
1.8MB

Download
memory/4264-512-0x0000014552730000-0x00000145528F4000-memory.dmp

Filesize
1.8MB

Download
memory/4264-510-0x0000014552730000-0x00000145528F4000-memory.dmp

Filesize
1.8MB

Download
memory/4264-507-0x0000014552730000-0x00000145528F4000-memory.dmp

Filesize
1.8MB

Download
memory/4264-11151-0x00007FFC30A00000-0x00007FFC30A27000-memory.dmp

Filesize
156KB

Download
memory/4264-505-0x0000014552730000-0x00000145528F4000-memory.dmp

Filesize
1.8MB

Download
memory/4264-503-0x0000014552730000-0x00000145528F4000-memory.dmp

Filesize
1.8MB

Download
memory/4264-501-0x00007FFC2F250000-0x00007FFC2F39E000-memory.dmp

Filesize
1.3MB

Download
memory/4264-502-0x0000014552730000-0x00000145528F4000-memory.dmp

Filesize
1.8MB

Download
memory/4264-493-0x0000014551990000-0x00000145519A0000-memory.dmp

Filesize
64KB

Download
memory/4264-492-0x0000014537820000-0x0000014537821000-memory.dmp

Filesize
4KB

Download
memory/4264-488-0x00007FFC29D10000-0x00007FFC2A5F2000-memory.dmp

Filesize
8.9MB

Download
memory/4264-487-0x00007FFC4D620000-0x00007FFC4D622000-memory.dmp

Filesize
8KB

Download
memory/4264-486-0x00007FFC4D610000-0x00007FFC4D612000-memory.dmp

Filesize
8KB

Download
memory/4264-483-0x00000145367F0000-0x00000145374C0000-memory.dmp

Filesize
12.8MB

Download