Malware Analysis Report

2025-06-15 21:44

Sample ID 230414-cehtbsfe46
Target https://astraltool.netlify.app
Tags
agilenet persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

Threat Level: Shows suspicious behavior

The file https://astraltool.netlify.app was found to be: Shows suspicious behavior.

Malicious Activity Summary

agilenet persistence

Loads dropped DLL

Executes dropped EXE

Obfuscated with Agile.Net obfuscator

Legitimate hosting services abused for malware hosting/C2

Adds Run key to start application

Suspicious use of NtSetInformationThreadHideFromDebugger

Drops file in Program Files directory

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Checks SCSI registry key(s)

Modifies data under HKEY_USERS

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-04-14 01:59

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-04-14 01:59

Reported

2023-04-14 02:03

Platform

win10v2004-20230220-en

Max time kernel

267s

Max time network

266s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://astraltool.netlify.app

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Astral\ASTRAL 2.0\Astral.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Astral\ASTRAL 2.0\Astral.exe N/A
N/A N/A C:\Users\Admin\Downloads\Astral\ASTRAL 2.0\Astral.exe N/A

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Legitimate hosting services abused for malware hosting/C2

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Astral\ASTRAL 2.0\Astral.exe N/A
N/A N/A C:\Users\Admin\Downloads\Astral\ASTRAL 2.0\Astral.exe N/A
N/A N/A C:\Users\Admin\Downloads\Astral\ASTRAL 2.0\Astral.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\6e9d2732-c4b9-4c60-a7c9-7cb0002c90e9.tmp C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230414040343.pma C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133259184146634252" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1675742406-747946869-1029867430-1000\{FFF0653D-5414-48BA-B144-027C292836D8} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4988 wrote to memory of 1092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 1092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 2908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 2908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 2908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 2908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 2908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 2908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 2908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 2908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 2908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 2908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 2908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 2908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 2908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 2908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 2908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 2908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 2908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 2908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 2908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 2908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 2908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 2908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 2908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 2908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 2908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 2908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 2908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 2908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 2908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 2908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 2908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 2908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 2908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 2908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 2908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 2908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 2908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 2908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 448 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 448 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4988 wrote to memory of 212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://astraltool.netlify.app

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc2fd79758,0x7ffc2fd79768,0x7ffc2fd79778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1828 --field-trial-handle=1872,i,9831940063668270300,16557957293692325706,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1872,i,9831940063668270300,16557957293692325706,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1308 --field-trial-handle=1872,i,9831940063668270300,16557957293692325706,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3172 --field-trial-handle=1872,i,9831940063668270300,16557957293692325706,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3196 --field-trial-handle=1872,i,9831940063668270300,16557957293692325706,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4516 --field-trial-handle=1872,i,9831940063668270300,16557957293692325706,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4756 --field-trial-handle=1872,i,9831940063668270300,16557957293692325706,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 --field-trial-handle=1872,i,9831940063668270300,16557957293692325706,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4992 --field-trial-handle=1872,i,9831940063668270300,16557957293692325706,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 --field-trial-handle=1872,i,9831940063668270300,16557957293692325706,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 --field-trial-handle=1872,i,9831940063668270300,16557957293692325706,131072 /prefetch:8

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Astral\" -ad -an -ai#7zMap28673:74:7zEvent10208

C:\Users\Admin\Downloads\Astral\ASTRAL 2.0\Astral.exe

"C:\Users\Admin\Downloads\Astral\ASTRAL 2.0\Astral.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/j5nrM22

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0x11c,0x120,0x40,0x124,0x7ffc3f3446f8,0x7ffc3f344708,0x7ffc3f344718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,15033141470084802172,3808811034668098863,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,15033141470084802172,3808811034668098863,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,15033141470084802172,3808811034668098863,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15033141470084802172,3808811034668098863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15033141470084802172,3808811034668098863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15033141470084802172,3808811034668098863,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2120,15033141470084802172,3808811034668098863,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3948 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2120,15033141470084802172,3808811034668098863,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3424 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,15033141470084802172,3808811034668098863,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5932 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff710155460,0x7ff710155470,0x7ff710155480

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,15033141470084802172,3808811034668098863,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5932 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15033141470084802172,3808811034668098863,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15033141470084802172,3808811034668098863,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15033141470084802172,3808811034668098863,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15033141470084802172,3808811034668098863,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1

Network

Country Destination Domain Proto
US 52.152.110.14:443 tcp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 astraltool.netlify.app udp
SG 34.124.149.177:443 astraltool.netlify.app tcp
SG 34.124.149.177:443 astraltool.netlify.app tcp
SG 34.124.149.177:443 astraltool.netlify.app tcp
US 8.8.8.8:53 250.255.255.239.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 138.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 177.149.124.34.in-addr.arpa udp
US 8.8.8.8:53 kit.fontawesome.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
NL 142.251.36.10:443 ajax.googleapis.com tcp
US 104.18.23.52:443 kit.fontawesome.com tcp
US 8.8.8.8:53 52.23.18.104.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 ka-f.fontawesome.com udp
US 172.64.100.10:443 ka-f.fontawesome.com tcp
US 172.64.100.10:443 ka-f.fontawesome.com tcp
US 172.64.100.10:443 ka-f.fontawesome.com tcp
US 172.64.100.10:443 ka-f.fontawesome.com udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 10.100.64.172.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 5.233.140.95.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 assets.msn.com udp
GB 95.101.143.105:443 assets.msn.com tcp
US 8.8.8.8:53 105.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 151.122.125.40.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
IE 13.69.239.72:443 tcp
US 8.8.8.8:53 astraltool.netlify.app udp
US 209.197.3.8:80 tcp
NL 173.223.113.164:443 tcp
NL 173.223.113.131:80 tcp
US 131.253.33.203:80 tcp
US 8.8.8.8:53 clients2.google.com udp
NL 142.251.36.46:443 clients2.google.com tcp
US 8.8.8.8:53 46.36.251.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 73.254.224.20.in-addr.arpa udp
US 93.184.221.240:80 tcp
US 8.8.8.8:53 pastebin.com udp
US 172.67.34.170:443 pastebin.com tcp
US 8.8.8.8:53 170.34.67.172.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 108.211.229.192.in-addr.arpa udp
US 8.8.8.8:53 discord.gg udp
US 162.159.135.234:443 discord.gg tcp
US 162.159.135.234:443 discord.gg tcp
US 8.8.8.8:53 discord.com udp
US 162.159.135.232:443 discord.com tcp
US 8.8.8.8:53 234.135.159.162.in-addr.arpa udp
US 8.8.8.8:53 232.135.159.162.in-addr.arpa udp
US 162.159.135.232:443 discord.com udp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.134.233:443 cdn.discordapp.com tcp
N/A 127.0.0.1:6463 tcp
US 8.8.8.8:53 233.134.159.162.in-addr.arpa udp
N/A 127.0.0.1:6464 tcp
N/A 127.0.0.1:6465 tcp
N/A 127.0.0.1:6466 tcp
US 8.8.8.8:53 9.73.50.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 070a2ac25d6df0b00df300ec5acc4bfc
SHA1 bceed2b6755f4085f3d4aa8bdc60bf043e0c616a
SHA256 caf83f4026d62e1e85f39570567e52973ff79e21cd9fbde6efb11911ad15df2e
SHA512 3970230972c449d2a389599a24586e934b22e2abd574138af533137caf5b3b1a44f19fdfc86edcf5e53e0e892e81e22478ce00f93776927639817e9b83eeda7e

\??\pipe\crashpad_4988_DOHWZHNWSSSQNEPL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b1451e54a7cc2ba7e3de342fa11125d0
SHA1 f76dce6f0560b33be92c56dd625b385a650f5372
SHA256 0811ade72702ca0c3a236e46bef1b333f60544fcace44cc9d5cc09f11cf3772d
SHA512 5a475b6e0a7b01aa0ae7e4e4ec346ec5375c102934361afc59800b47782e47b770deffc4558cb47cbf72917974af56526a13583cdfc8531a425edecb7edb5857

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\2576ff77-a4fb-431e-888c-6701fa222e63.tmp

MD5 973d46f237dd375cfef805f2ad162a23
SHA1 e73442e5ad7467526ce8ee20362fc152870d7f8e
SHA256 b2d6b3aa84702520f42e35b8f30b198d465273f9049a68d9b9bdb0fc0a7ff63c
SHA512 7ac8aa720c85ddf0f0e1e4cc499aa400ca6fe8c4d8f2431c3e8c61de841d301c3d026685d9c40a3c190fd2442d0d56db6459dc7cc973113602bf920a9a6e8d5c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ee558ad2-028f-4ac6-b4e9-800ac1d7f2a3.tmp

MD5 163313bb8fc3f0679005f0a0926da75f
SHA1 4dd986d1c6ed83a6b46f0fe29ec7bf27d7b86f80
SHA256 e50837d52b861c95f7f0c38ea410bf0f330b6353d152f64d7306b4e28f1c8ef4
SHA512 192a25d48d2bd98ec0df92eb90cdff1b244697f07e1726656186046c89b76b545a1a8cfddd51b5fb68193b7905574c9c73d962e2cb2d997a13bfb5c5d232beac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 015818b54524504c608cb2865ef19932
SHA1 acf8e85d38871c336e909d21096fcbb8c9124dc1
SHA256 8aef7aa751a3713d6cffd63e801e95c14ec49e8eb1b51d25cfd5797edd65e3ba
SHA512 a90fde4dfd2efb8e4222450eee7d864ca67f225e1fe86bf5dbe22be4cd63be9a0e7d3e97f2a089406bf2d4be325da75248fa5073587fa5c12c956e4edf0b33bf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a6270ac67983dc3f87928ca6b8924376
SHA1 fff1e06dcb759866ebe9e3a0042d4b746b8d546e
SHA256 e7ba2cb566819c20e73d953b67f2dc4695681559e462977694f029e3ec9eb90b
SHA512 00c48f80d3bed1725c63a32557bfaab421235319bf63063f4f4208c62ccb9dadd724afa70b1e67c56dc1043b98aaec97ca5c53a47744f7f00063bf5df6cb0f3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f208cb8d3e069f73e532dae221126e34
SHA1 7f0945f8981024a5af1dd74216bfd78f488847d8
SHA256 f4685ee88833a3cd6058440ff5a0d68ecd4f0132c2a50f8ca621ed5927919b11
SHA512 74424d85fcccb5e8ee63fd9cd9c1513965e6ef582b96f319b3b05252eff5fbc6ae34b7c7f203a3a359ea3f36ad2573d85e60cdd2a387b52e322435994896a527

memory/1472-212-0x0000022A2F6E0000-0x0000022A2F6E1000-memory.dmp

memory/1472-213-0x0000022A2F6E0000-0x0000022A2F6E1000-memory.dmp

memory/1472-214-0x0000022A2F6E0000-0x0000022A2F6E1000-memory.dmp

memory/1472-218-0x0000022A2F6E0000-0x0000022A2F6E1000-memory.dmp

memory/1472-219-0x0000022A2F6E0000-0x0000022A2F6E1000-memory.dmp

memory/1472-220-0x0000022A2F6E0000-0x0000022A2F6E1000-memory.dmp

memory/1472-221-0x0000022A2F6E0000-0x0000022A2F6E1000-memory.dmp

memory/1472-222-0x0000022A2F6E0000-0x0000022A2F6E1000-memory.dmp

memory/1472-223-0x0000022A2F6E0000-0x0000022A2F6E1000-memory.dmp

memory/1472-224-0x0000022A2F6E0000-0x0000022A2F6E1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c863201164f6b3fafb1c19786534eecf
SHA1 64f7b2c4d0aca8aae1c79ca3c23f4a578033de03
SHA256 8f4778813194968d71d850443eb90b8a4a4a52b2c16a5c85afe97641933d8d34
SHA512 23eba04af581fc4191100257a0b00ba1e2ffd5b637d8de3479bfad15e60c713d5964bdf141f7c549589de9cd1298fb4cfe1af7817094479b550d82a827ec1995

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 24b8012cabbdd133d7d08ac96418aa80
SHA1 814daec11f8abe12ca4e5c23c92f59fd8ccae093
SHA256 c590d2df68a27c697b91378f09c84b7b58a08aca90a9f1aa2e3c7da385d2792c
SHA512 2f189e1bf8a47a254d71b6fc2200e1d5d3dc55b1671126afb91237716d2dfaee2ce70bf140dda3d98d53d5e2af0bb3fe9d3523d1b4c8d881c466014054d122b9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b6956f535a2e5399fde9df5698887a13
SHA1 9a1dbbce32040141343b4c6abc207c262366077a
SHA256 42fa41528308ec677ff001854f88d2f823a2226aad1026bc123738ad1709b3a0
SHA512 7bd3d006738b3be27b9212e6e0cfaff5acb75c37f6ef7a6b8474b07d9dc35ea4b6337b0e86a399fe16200f65ddcb7b4bd57ac4ee82e7cdfde9525f260a8af000

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 64de274c6e27c85d836ac31226a9fd54
SHA1 86f5ebb764eeb95b2332388ffc4c5b4dda826a6a
SHA256 303c4cb31af59705b8571abfe398c23e8eddddbaef76a257ff52d067cef2aff5
SHA512 d71f4cdaba8c88b0fa2b41ff6e87937bf2a500b088503adc64f066309e62ab226099ddafd32a7d413aa0b046e183b1f304b028e5b7d9cbf607fe89c5e76acca4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 98b9147163bed9aa93e67355ca51033a
SHA1 b9544f85c1c32a5b0b004fc690ada949c6bcb186
SHA256 680c89b2612de4b19529dcd07ef5c24c6262c33d70bc80ede4a6fa60becc88c9
SHA512 b6ad941c8055905a0632713d83adf6f88f4035d751a51b1689b90558eeab8e66a380b961f2187f35e97ef708649254ef59c8cf3966322bf23c8498f01a0a4135

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 47bf1e6337046d834686f358a8089625
SHA1 7d3317ecf7661a2b582ee627389cef2efd144be7
SHA256 6571a771f35e225c74e12488b56395ed192bd8fffc15e064d4c1949f18190029
SHA512 8c64c26dfec45c73750deef2d7dc5353a9ed0365f5bfc0e3a763c94cfea9e9240417394fe598e19c21b90acb9462377f8d79fa70cbbc1648d6b9b7da17b839db

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 cb5d7d91b573d86fd235d399d8616a80
SHA1 d572c8c7cd0386988ee4df67e1dedc6ce70c5710
SHA256 a9b81c89e33ca1050f2b2d79b59347af21052c5b6c4fdd50bc0100fcf44a2a2d
SHA512 808a47f34eeb467d3ed69e1e384931644e6d59e3a68a6c271e80a0b86116c22fc4d4b54ef47ce81cd53517121d7b3c02a0b08fedcd0877cad39459d977eea5f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5c41b741307b3c4b5a2bc703572c774d
SHA1 7909646613d88f567b1234dd88892e3647bc8584
SHA256 5842f325168f943932e08d71d48b546d17443d9237ce86d5fc7411047ee426f7
SHA512 d3e9ebf80caea47f55a9d12b8a43e536d3511249b4c93438c1c188281d40038b9609685b4f6d90927e78a1f20075d9ac90936c997bbdab02877e01bef405e2fd

C:\Users\Admin\Downloads\Astral.rar

MD5 c8e7dc1384f8ec1fe1d704d0a8cb102c
SHA1 79cbafd1d35586a0ecf8c059e9eb61824c7bc6a9
SHA256 0e173c2a2d3d5e7b98d3e93423e6f3cb906459ff9a61d9e7c451787411995612
SHA512 1c02f5311db38d7297c6dfc6c8f9f55ae9d38cd73f3c17a5adadea8003c2a020a13b33f09c79c1749f24c80516349536939404c66891fb0768b934739e64b199

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 0fb17406dceeac214a6ebc1238bc837a
SHA1 bd957beefa2d8e66b0ffcffb1f139c28ea479ce1
SHA256 8ef1004406a5bc9bdb4fd5b9d178942e27256d9b31526d4b2767803205b8feee
SHA512 2515a1d92a37bd062d8fd0c40e82ab1886890ae7edc7fbd695612d22566b4da659c1d263a55ce807a028df0764389b9ec7380cde11b41e3e1fed2dff1364db2e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 a65aae97f5092a89784e4a3b708dd6e0
SHA1 709f16a441e30af48dd3bb892b716aca9b9b26cd
SHA256 59a7fb83bb2045dea0ae27c0d09b6e134a4fb55a5b7a634696a5d8f72202f599
SHA512 5cb1cf0e18fe42b730f4c2f8524adcd5983e471de41eb843a8966b223e6db8289caff1e9f13b8525df9d94d85f27b44ffe2e7608be9c0ae59d5f5e31f9794ba5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 bd61a015be6791d01de43f9cede46bf1
SHA1 19e21aba2b38bee00f7716bd04c248fdb8d7ac8e
SHA256 8709085365feebe192e2aa1e955d5f9d75c9bd983c11d7a5865886687285c914
SHA512 3c0ea5a291f8a11577b1acd2f6d31f982d4e833fa91dc6a085ce9b329226086bcd498d81443514d68d94004d60f9fb2f55575bd9f21e6a1881ec0d58fe249411

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0d10a1d07a5a6627e2f72f1ecac7cf01
SHA1 485a785a6fa29ce545b4eea968268decbc5885da
SHA256 d689ab9360d08ed22aee6a00344158854450e295623472bb0a72f1cfb1beab99
SHA512 b62264413ece98c7b02e85fce7a8ccb8886b0d60c78d46215b75c4cd03bc5b20c6000761557d7f110e83c0d8b4c96da26c8687eb2998b8aedaae44fad12f8bbc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3dcf98d3dba3d016d9c07fc8c7742f2d
SHA1 8f05b16538490df91112597aa17d5de46dc10e08
SHA256 d24dace255e961806a6068eb4d492cebb8269c4dc88edef43e404e864f7a376e
SHA512 06e06508a0e823a143da6bb9d6218c6ec6164f62820b458977d6535465eb9f15d58b67f5a1a3dfb443b673d71ff335145c199f260ebc7819ddd592cc48b88944

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 f3eb50e49c7a059f6a05602c4a7cbe82
SHA1 7d85b519ef0ad6f7ee065b0102a76e70b537fdd5
SHA256 a6222af4fe0865feead15c0188248143ba44020bc23bc47a5dda937093e8ce0c
SHA512 8bd5704f33e5d11784f83cd100363e07b1798de18994c4b3c3459cbb726dafd63491522090e13dc317cdeeb5ac2a2f9524f671d5eec280ab6d8f9de0a50eee1a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

MD5 56e5025ed2a33b049c96c1257775906a
SHA1 2f6423fdfb76049b935c693091453154cd9fd346
SHA256 2991ddcc9ad76ae3b1e82c17ce94eb5f8b7ea3a1fc15f34e725ec104f7e4b79e
SHA512 c1c96f37cdf59a95341b89588ef6557c34fdff8f24bb2befe0e257d496b4a0a66091ddc2345f93b65788de9a9717e0f36dd19bea3219d5a144fc82c08ae4b593

C:\Users\Admin\Downloads\Astral\ASTRAL 2.0\Astral.exe

MD5 1ee5f98fbb806a712f1b604fc4c4c28a
SHA1 cdad412d23992b37dacb37286e9c149cef5fd05f
SHA256 566fed7c0f5027414066594ef3580224795683be610d005d414ef1bdd6ae455d
SHA512 01e261de6fce9309798d56cfba21dfe535bfee555c47a42fbbd9dce8dcb3c2e6144200a14bf01aa9bcc53a32116fd7b522f120cdcc708b3874e829f7cfd58b0f

C:\Users\Admin\Downloads\Astral\ASTRAL 2.0\Astral.exe

MD5 1ee5f98fbb806a712f1b604fc4c4c28a
SHA1 cdad412d23992b37dacb37286e9c149cef5fd05f
SHA256 566fed7c0f5027414066594ef3580224795683be610d005d414ef1bdd6ae455d
SHA512 01e261de6fce9309798d56cfba21dfe535bfee555c47a42fbbd9dce8dcb3c2e6144200a14bf01aa9bcc53a32116fd7b522f120cdcc708b3874e829f7cfd58b0f

memory/4264-483-0x00000145367F0000-0x00000145374C0000-memory.dmp

C:\Users\Admin\Downloads\Astral\ASTRAL 2.0\DNGRTx64.dll

MD5 a428c3e775add87c7915381a88061888
SHA1 aaf1ef5d8924e92961bf81d07c2d6886e1e01585
SHA256 ddeb3041ff32da6d6a98e90941ec18f45b7a8afb2b738394de3073d774dfde4a
SHA512 29f8d8787e41370e0373bd01021783190fb752f6b37881462ebf7edd9bda9f530f59c125c3ca1ba8f88dde1200a3015868eaf718a9ad09ffc2ad6396a0f098d1

C:\Users\Admin\Downloads\Astral\ASTRAL 2.0\DNGRTx64.dll

MD5 a428c3e775add87c7915381a88061888
SHA1 aaf1ef5d8924e92961bf81d07c2d6886e1e01585
SHA256 ddeb3041ff32da6d6a98e90941ec18f45b7a8afb2b738394de3073d774dfde4a
SHA512 29f8d8787e41370e0373bd01021783190fb752f6b37881462ebf7edd9bda9f530f59c125c3ca1ba8f88dde1200a3015868eaf718a9ad09ffc2ad6396a0f098d1

memory/4264-486-0x00007FFC4D610000-0x00007FFC4D612000-memory.dmp

memory/4264-487-0x00007FFC4D620000-0x00007FFC4D622000-memory.dmp

memory/4264-488-0x00007FFC29D10000-0x00007FFC2A5F2000-memory.dmp

memory/4264-492-0x0000014537820000-0x0000014537821000-memory.dmp

memory/4264-493-0x0000014551990000-0x00000145519A0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\cf4f3925-9c0a-450a-9184-9807a418352a\GunaDotNetRT64.dll

MD5 9c43f77cb7cff27cb47ed67babe3eda5
SHA1 b0400cf68249369d21de86bd26bb84ccffd47c43
SHA256 f25b9288fe370dcfcb4823fb4e44ab88c7f5fce6e137d0dba389a3dba07d621e
SHA512 cde6fb6cf8db6f9746e69e6c10214e60b3646700d70b49668a2a792e309714dd2d4c5a5241977a833a95fcde8318abcc89eb9968a5039a0b75726bbfa27125a7

C:\Users\Admin\AppData\Local\Temp\cf4f3925-9c0a-450a-9184-9807a418352a\GunaDotNetRT64.dll

MD5 9c43f77cb7cff27cb47ed67babe3eda5
SHA1 b0400cf68249369d21de86bd26bb84ccffd47c43
SHA256 f25b9288fe370dcfcb4823fb4e44ab88c7f5fce6e137d0dba389a3dba07d621e
SHA512 cde6fb6cf8db6f9746e69e6c10214e60b3646700d70b49668a2a792e309714dd2d4c5a5241977a833a95fcde8318abcc89eb9968a5039a0b75726bbfa27125a7

memory/4264-502-0x0000014552730000-0x00000145528F4000-memory.dmp

memory/4264-501-0x00007FFC2F250000-0x00007FFC2F39E000-memory.dmp

memory/4264-503-0x0000014552730000-0x00000145528F4000-memory.dmp

memory/4264-505-0x0000014552730000-0x00000145528F4000-memory.dmp

memory/4264-507-0x0000014552730000-0x00000145528F4000-memory.dmp

memory/4264-508-0x00007FFC30A00000-0x00007FFC30A27000-memory.dmp

memory/4264-510-0x0000014552730000-0x00000145528F4000-memory.dmp

memory/4264-512-0x0000014552730000-0x00000145528F4000-memory.dmp

memory/4264-514-0x0000014552730000-0x00000145528F4000-memory.dmp

memory/4264-516-0x0000014552730000-0x00000145528F4000-memory.dmp

memory/4264-518-0x0000014552730000-0x00000145528F4000-memory.dmp

memory/4264-520-0x0000014552730000-0x00000145528F4000-memory.dmp

memory/4264-522-0x0000014552730000-0x00000145528F4000-memory.dmp

memory/4264-524-0x0000014552730000-0x00000145528F4000-memory.dmp

memory/4264-526-0x0000014552730000-0x00000145528F4000-memory.dmp

memory/4264-528-0x0000014552730000-0x00000145528F4000-memory.dmp

memory/4264-530-0x0000014552730000-0x00000145528F4000-memory.dmp

memory/4264-532-0x0000014552730000-0x00000145528F4000-memory.dmp

memory/4264-534-0x0000014552730000-0x00000145528F4000-memory.dmp

memory/4264-536-0x0000014552730000-0x00000145528F4000-memory.dmp

memory/4264-538-0x0000014552730000-0x00000145528F4000-memory.dmp

memory/4264-540-0x0000014552730000-0x00000145528F4000-memory.dmp

memory/4264-542-0x0000014552730000-0x00000145528F4000-memory.dmp

memory/4264-544-0x0000014552730000-0x00000145528F4000-memory.dmp

memory/4264-546-0x0000014552730000-0x00000145528F4000-memory.dmp

memory/4264-548-0x0000014552730000-0x00000145528F4000-memory.dmp

memory/4264-550-0x0000014552730000-0x00000145528F4000-memory.dmp

memory/4264-1098-0x0000014551990000-0x00000145519A0000-memory.dmp

memory/4264-1303-0x00007FFC30A00000-0x00007FFC30A27000-memory.dmp

memory/4264-11006-0x0000014551990000-0x00000145519A0000-memory.dmp

memory/4264-11005-0x0000014551990000-0x00000145519A0000-memory.dmp

memory/4264-11007-0x0000014551990000-0x00000145519A0000-memory.dmp

memory/4264-11008-0x0000014551990000-0x00000145519A0000-memory.dmp

memory/4264-11009-0x0000014551990000-0x00000145519A0000-memory.dmp

memory/4264-11010-0x0000014551990000-0x00000145519A0000-memory.dmp

memory/4264-11011-0x0000014551990000-0x00000145519A0000-memory.dmp

memory/4264-11012-0x0000014551990000-0x00000145519A0000-memory.dmp

\??\PIPE\wkssvc

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 cd4f5fe0fc0ab6b6df866b9bfb9dd762
SHA1 a6aaed363cd5a7b6910e9b3296c0093b0ac94759
SHA256 3b803b53dbd3d592848fc66e5715f39f6bc02cbc95fb2452cd5822d98c6b8f81
SHA512 7072630ec28cf6a8d5b072555234b5150c1e952138e5cdc29435a6242fda4b4217b81fb57acae927d2b908fa06f36414cb3fab35110d63107141263e3bba9676

\??\pipe\LOCAL\crashpad_1300_TWYDITFEXKUGDDNI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3dcf98d3dba3d016d9c07fc8c7742f2d
SHA1 8f05b16538490df91112597aa17d5de46dc10e08
SHA256 d24dace255e961806a6068eb4d492cebb8269c4dc88edef43e404e864f7a376e
SHA512 06e06508a0e823a143da6bb9d6218c6ec6164f62820b458977d6535465eb9f15d58b67f5a1a3dfb443b673d71ff335145c199f260ebc7819ddd592cc48b88944

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

MD5 e5e3377341056643b0494b6842c0b544
SHA1 d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256 e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA512 83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 1d40312629d09d2420e992fdb8a78c1c
SHA1 903950d5ba9d64ec21c9f51264272ca8dfae9540
SHA256 1e7c6aa575c3ec46cd1fdf6df51063113d277012ed28f5f6b37aea95cd3a64ac
SHA512 a7073247ae95e451ed32ceeae91c6638192c15eaad718875c1272eff51c0564016d9f84690543f27df509a7d579de329d101fbf82fed7cbeb27af57393de24ac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 603b596ea3608081099903224f69cd59
SHA1 821f2ef7071ed0a6c2633661e83432769237c6e5
SHA256 92b4d8b9d407fa3d3cdb2e3caa8605216087eb1db80bc36dec2920dae71342d3
SHA512 13a3d23d6fcd3e6761ad62e4d7968f7e30f109042b77117aeba0c44f4ceb54add2e2748d3826dcedb975e1d33179ce499f586a6b3d0f86df8349ea915f91c54a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 1463bf2a54e759c40d9ad64228bf7bec
SHA1 2286d0ac3cfa9f9ca6c0df60699af7c49008a41f
SHA256 9b4fd2eea856352d8fff054b51ea5d6141a540ca253a2e4dc28839bc92cbf4df
SHA512 33e0c223b45acac2622790dda4b59a98344a89094c41ffdb2531d7f1c0db86a0ea4f1885fea7c696816aa4ceab46de6837cc081cd8e63e3419d9fcb8c5a0eb66

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

MD5 a4d80c48b49048f3d56514b598e8e3c8
SHA1 91d110de0f38c47128f874e75d3ea8c2fc277e49
SHA256 fa1aac809a62ab29896aab1bf030a59646963d264a67cedda15d46e887082e7c
SHA512 118c7d5e9d3eaf1708c60ac3e4156bffbade6222cd0ee5d08b55dcb741d6ef31e46156ecda6670ce9bc4d89358bfc7d4f08a7b3b01269cb985562415bebdffe9

memory/4264-11151-0x00007FFC30A00000-0x00007FFC30A27000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 09e123e4bc30cd833878d61f1f64f152
SHA1 df9c958ade71c06e5fc7b0eb65de3bec9dba6a1a
SHA256 6ec1f9dae80fe7da4d64d11aea4fa8d7ff79bf65364ae1cb889224f20d8de653
SHA512 505cc5067eb85ad4ff736aade3fe5e5aa9bc699f9855866804459d8d3edafaa13c8c63eb43679881b54f82735303293f41ebb5adf3dbb1c0aa24cd6c548fd80f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 581bc393b1e5294dcb38c74b54b534f7
SHA1 234c3a4b4bd921ce9fb078f249b5dfdf2f877946
SHA256 d580d044c194fe698e71a5f936cd303dcd02d7ca4f7c3878b76239cf7cdee10f
SHA512 217acb14eaca7f5259adef7a3689342015cc1ed976e3c5d174b143a7193c0c8aa480f0c587a70a78ecf467d4979b7a19d961b57c1404c04f00c6a8c1ec82683c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1ed77eab01232b1a8af29ac1fc5e1040
SHA1 e202830be5dc142df74ba43faf760937dc1fd1d2
SHA256 f9a76e14c3a3914ad68589b3f61527512a4b0a5e469dad9b5e6783785d40c4b5
SHA512 613ef3eee300d0e0d021622a8ac1b3286a42c90d9a2647f00f592420b5f2201e83d9e8aea600d05fc86d460e6ef19f4fa3ecadc9208a328cb92d0e2e6b2cfce3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 cf1d51bc610ecb2854aa04101b445791
SHA1 7a8da83b821b09cf4897e0f35f8768cd44b3e5c2
SHA256 ac13fa5f73787af4eded59eb8615130ffa4fe2604c04ef76ed272f6bea8b2dfd
SHA512 1aa3abc1cf51c6fd4df313a0a5c9d14b52e4a9f2af64de1f0da2521116774590023f52c010f8642cc4bf52146e9f66b71b63c9be029c81f15a86727f0a599f03

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 61ff681f5ba775fdb8972dbc79f44f6b
SHA1 946bfaf50ea92125af1a5c2af6e6e145c433197c
SHA256 b094459e10bd9aa4ff8737effedc888694bb825500a2a28d43db2d6684f2b6ad
SHA512 c8518ca9d4d0028618fc73a28c10cb99ab8d85c83d7cb13b30096e95bb8318ad14ab8f9c5ebc92f718a416f8a7ebec1faf5d73830f06f59bf3c4eb17daf97f85

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5a6dbf.TMP

MD5 7326747a6415818f09d5bc3bc11e6a94
SHA1 5520c9c7f5635d740fad894a74dbdb1b082d8bf5
SHA256 7f4751c6eff374343c3f1e921d01aa0464981811826404065cfdff4e46fb92fc
SHA512 a4204107b8e5c8475fdc0a833ed9940ac98dbd91b9c1c63d52bf5d343d3e1bb4dcb931f91d32c9b9c0ecede54b82e24352eeb3efcf883e94f90ac65be052b0fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 91a73594ad62afea191b74094214454e
SHA1 c36173fb00fd8ccdc9059c82c95d78653a9d883c
SHA256 115b4feb0b4d4b1edc346a5ee9d407e2eb3911cb604081010e65dd1ced8dcab2
SHA512 6a5afeb35df7fa19421a34ca72251322396db50af43566c6cb6dd8b19ffd93edce69a57582ee62264f14505912af7979119b44aa98add0f5d3a82925ee260a78

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\eadbf45e-53e3-44f3-b366-9b672b5da9d7.tmp

MD5 de93c9fc887a495c7af0b80928da17a3
SHA1 832711b18b7ba000a65cf477c44f7c1b2820125e
SHA256 99c808b13d25550812fa89f0adf0585b57948442fecdb6e76e661ba3fb5c8b67
SHA512 577ecc5c3648b91c4589f98c732ee009f93c1d002cd763587f85bbf596a49bbb8cd5fd1e8472093221eeccc8140345d486e5f97bad5ce3b342e1a100cba87f29