Analysis Overview
Threat Level: Shows suspicious behavior
The file https://astraltool.netlify.app was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped DLL
Executes dropped EXE
Obfuscated with Agile.Net obfuscator
Legitimate hosting services abused for malware hosting/C2
Adds Run key to start application
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in Program Files directory
Enumerates physical storage devices
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Checks SCSI registry key(s)
Modifies data under HKEY_USERS
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2023-04-14 01:59
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-04-14 01:59
Reported
2023-04-14 02:03
Platform
win10v2004-20230220-en
Max time kernel
267s
Max time network
266s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Astral\ASTRAL 2.0\Astral.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Astral\ASTRAL 2.0\Astral.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Astral\ASTRAL 2.0\Astral.exe | N/A |
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Windows\CurrentVersion\Run | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Astral\ASTRAL 2.0\Astral.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Astral\ASTRAL 2.0\Astral.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Astral\ASTRAL 2.0\Astral.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\6e9d2732-c4b9-4c60-a7c9-7cb0002c90e9.tmp | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230414040343.pma | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133259184146634252" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1675742406-747946869-1029867430-1000\{FFF0653D-5414-48BA-B144-027C292836D8} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://astraltool.netlify.app
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc2fd79758,0x7ffc2fd79768,0x7ffc2fd79778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1828 --field-trial-handle=1872,i,9831940063668270300,16557957293692325706,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1872,i,9831940063668270300,16557957293692325706,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1308 --field-trial-handle=1872,i,9831940063668270300,16557957293692325706,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3172 --field-trial-handle=1872,i,9831940063668270300,16557957293692325706,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3196 --field-trial-handle=1872,i,9831940063668270300,16557957293692325706,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4516 --field-trial-handle=1872,i,9831940063668270300,16557957293692325706,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4756 --field-trial-handle=1872,i,9831940063668270300,16557957293692325706,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 --field-trial-handle=1872,i,9831940063668270300,16557957293692325706,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4992 --field-trial-handle=1872,i,9831940063668270300,16557957293692325706,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 --field-trial-handle=1872,i,9831940063668270300,16557957293692325706,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 --field-trial-handle=1872,i,9831940063668270300,16557957293692325706,131072 /prefetch:8
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Astral\" -ad -an -ai#7zMap28673:74:7zEvent10208
C:\Users\Admin\Downloads\Astral\ASTRAL 2.0\Astral.exe
"C:\Users\Admin\Downloads\Astral\ASTRAL 2.0\Astral.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/j5nrM22
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0x11c,0x120,0x40,0x124,0x7ffc3f3446f8,0x7ffc3f344708,0x7ffc3f344718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,15033141470084802172,3808811034668098863,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,15033141470084802172,3808811034668098863,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,15033141470084802172,3808811034668098863,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15033141470084802172,3808811034668098863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15033141470084802172,3808811034668098863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15033141470084802172,3808811034668098863,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2120,15033141470084802172,3808811034668098863,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3948 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2120,15033141470084802172,3808811034668098863,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3424 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,15033141470084802172,3808811034668098863,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5932 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff710155460,0x7ff710155470,0x7ff710155480
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,15033141470084802172,3808811034668098863,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5932 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15033141470084802172,3808811034668098863,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15033141470084802172,3808811034668098863,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15033141470084802172,3808811034668098863,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15033141470084802172,3808811034668098863,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 52.152.110.14:443 | tcp | |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | astraltool.netlify.app | udp |
| SG | 34.124.149.177:443 | astraltool.netlify.app | tcp |
| SG | 34.124.149.177:443 | astraltool.netlify.app | tcp |
| SG | 34.124.149.177:443 | astraltool.netlify.app | tcp |
| US | 8.8.8.8:53 | 250.255.255.239.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.149.124.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | kit.fontawesome.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| NL | 142.251.36.10:443 | ajax.googleapis.com | tcp |
| US | 104.18.23.52:443 | kit.fontawesome.com | tcp |
| US | 8.8.8.8:53 | 52.23.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ka-f.fontawesome.com | udp |
| US | 172.64.100.10:443 | ka-f.fontawesome.com | tcp |
| US | 172.64.100.10:443 | ka-f.fontawesome.com | tcp |
| US | 172.64.100.10:443 | ka-f.fontawesome.com | tcp |
| US | 172.64.100.10:443 | ka-f.fontawesome.com | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.100.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.233.140.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| GB | 95.101.143.105:443 | assets.msn.com | tcp |
| US | 8.8.8.8:53 | 105.143.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.122.125.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| IE | 13.69.239.72:443 | tcp | |
| US | 8.8.8.8:53 | astraltool.netlify.app | udp |
| US | 209.197.3.8:80 | tcp | |
| NL | 173.223.113.164:443 | tcp | |
| NL | 173.223.113.131:80 | tcp | |
| US | 131.253.33.203:80 | tcp | |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| NL | 142.251.36.46:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 46.36.251.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 73.254.224.20.in-addr.arpa | udp |
| US | 93.184.221.240:80 | tcp | |
| US | 8.8.8.8:53 | pastebin.com | udp |
| US | 172.67.34.170:443 | pastebin.com | tcp |
| US | 8.8.8.8:53 | 170.34.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.211.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | discord.gg | udp |
| US | 162.159.135.234:443 | discord.gg | tcp |
| US | 162.159.135.234:443 | discord.gg | tcp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 234.135.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.135.159.162.in-addr.arpa | udp |
| US | 162.159.135.232:443 | discord.com | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 127.0.0.1:6463 | tcp | |
| US | 8.8.8.8:53 | 233.134.159.162.in-addr.arpa | udp |
| N/A | 127.0.0.1:6464 | tcp | |
| N/A | 127.0.0.1:6465 | tcp | |
| N/A | 127.0.0.1:6466 | tcp | |
| US | 8.8.8.8:53 | 9.73.50.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 070a2ac25d6df0b00df300ec5acc4bfc |
| SHA1 | bceed2b6755f4085f3d4aa8bdc60bf043e0c616a |
| SHA256 | caf83f4026d62e1e85f39570567e52973ff79e21cd9fbde6efb11911ad15df2e |
| SHA512 | 3970230972c449d2a389599a24586e934b22e2abd574138af533137caf5b3b1a44f19fdfc86edcf5e53e0e892e81e22478ce00f93776927639817e9b83eeda7e |
\??\pipe\crashpad_4988_DOHWZHNWSSSQNEPL
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b1451e54a7cc2ba7e3de342fa11125d0 |
| SHA1 | f76dce6f0560b33be92c56dd625b385a650f5372 |
| SHA256 | 0811ade72702ca0c3a236e46bef1b333f60544fcace44cc9d5cc09f11cf3772d |
| SHA512 | 5a475b6e0a7b01aa0ae7e4e4ec346ec5375c102934361afc59800b47782e47b770deffc4558cb47cbf72917974af56526a13583cdfc8531a425edecb7edb5857 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\2576ff77-a4fb-431e-888c-6701fa222e63.tmp
| MD5 | 973d46f237dd375cfef805f2ad162a23 |
| SHA1 | e73442e5ad7467526ce8ee20362fc152870d7f8e |
| SHA256 | b2d6b3aa84702520f42e35b8f30b198d465273f9049a68d9b9bdb0fc0a7ff63c |
| SHA512 | 7ac8aa720c85ddf0f0e1e4cc499aa400ca6fe8c4d8f2431c3e8c61de841d301c3d026685d9c40a3c190fd2442d0d56db6459dc7cc973113602bf920a9a6e8d5c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ee558ad2-028f-4ac6-b4e9-800ac1d7f2a3.tmp
| MD5 | 163313bb8fc3f0679005f0a0926da75f |
| SHA1 | 4dd986d1c6ed83a6b46f0fe29ec7bf27d7b86f80 |
| SHA256 | e50837d52b861c95f7f0c38ea410bf0f330b6353d152f64d7306b4e28f1c8ef4 |
| SHA512 | 192a25d48d2bd98ec0df92eb90cdff1b244697f07e1726656186046c89b76b545a1a8cfddd51b5fb68193b7905574c9c73d962e2cb2d997a13bfb5c5d232beac |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 015818b54524504c608cb2865ef19932 |
| SHA1 | acf8e85d38871c336e909d21096fcbb8c9124dc1 |
| SHA256 | 8aef7aa751a3713d6cffd63e801e95c14ec49e8eb1b51d25cfd5797edd65e3ba |
| SHA512 | a90fde4dfd2efb8e4222450eee7d864ca67f225e1fe86bf5dbe22be4cd63be9a0e7d3e97f2a089406bf2d4be325da75248fa5073587fa5c12c956e4edf0b33bf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a6270ac67983dc3f87928ca6b8924376 |
| SHA1 | fff1e06dcb759866ebe9e3a0042d4b746b8d546e |
| SHA256 | e7ba2cb566819c20e73d953b67f2dc4695681559e462977694f029e3ec9eb90b |
| SHA512 | 00c48f80d3bed1725c63a32557bfaab421235319bf63063f4f4208c62ccb9dadd724afa70b1e67c56dc1043b98aaec97ca5c53a47744f7f00063bf5df6cb0f3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f208cb8d3e069f73e532dae221126e34 |
| SHA1 | 7f0945f8981024a5af1dd74216bfd78f488847d8 |
| SHA256 | f4685ee88833a3cd6058440ff5a0d68ecd4f0132c2a50f8ca621ed5927919b11 |
| SHA512 | 74424d85fcccb5e8ee63fd9cd9c1513965e6ef582b96f319b3b05252eff5fbc6ae34b7c7f203a3a359ea3f36ad2573d85e60cdd2a387b52e322435994896a527 |
memory/1472-212-0x0000022A2F6E0000-0x0000022A2F6E1000-memory.dmp
memory/1472-213-0x0000022A2F6E0000-0x0000022A2F6E1000-memory.dmp
memory/1472-214-0x0000022A2F6E0000-0x0000022A2F6E1000-memory.dmp
memory/1472-218-0x0000022A2F6E0000-0x0000022A2F6E1000-memory.dmp
memory/1472-219-0x0000022A2F6E0000-0x0000022A2F6E1000-memory.dmp
memory/1472-220-0x0000022A2F6E0000-0x0000022A2F6E1000-memory.dmp
memory/1472-221-0x0000022A2F6E0000-0x0000022A2F6E1000-memory.dmp
memory/1472-222-0x0000022A2F6E0000-0x0000022A2F6E1000-memory.dmp
memory/1472-223-0x0000022A2F6E0000-0x0000022A2F6E1000-memory.dmp
memory/1472-224-0x0000022A2F6E0000-0x0000022A2F6E1000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c863201164f6b3fafb1c19786534eecf |
| SHA1 | 64f7b2c4d0aca8aae1c79ca3c23f4a578033de03 |
| SHA256 | 8f4778813194968d71d850443eb90b8a4a4a52b2c16a5c85afe97641933d8d34 |
| SHA512 | 23eba04af581fc4191100257a0b00ba1e2ffd5b637d8de3479bfad15e60c713d5964bdf141f7c549589de9cd1298fb4cfe1af7817094479b550d82a827ec1995 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 24b8012cabbdd133d7d08ac96418aa80 |
| SHA1 | 814daec11f8abe12ca4e5c23c92f59fd8ccae093 |
| SHA256 | c590d2df68a27c697b91378f09c84b7b58a08aca90a9f1aa2e3c7da385d2792c |
| SHA512 | 2f189e1bf8a47a254d71b6fc2200e1d5d3dc55b1671126afb91237716d2dfaee2ce70bf140dda3d98d53d5e2af0bb3fe9d3523d1b4c8d881c466014054d122b9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b6956f535a2e5399fde9df5698887a13 |
| SHA1 | 9a1dbbce32040141343b4c6abc207c262366077a |
| SHA256 | 42fa41528308ec677ff001854f88d2f823a2226aad1026bc123738ad1709b3a0 |
| SHA512 | 7bd3d006738b3be27b9212e6e0cfaff5acb75c37f6ef7a6b8474b07d9dc35ea4b6337b0e86a399fe16200f65ddcb7b4bd57ac4ee82e7cdfde9525f260a8af000 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 64de274c6e27c85d836ac31226a9fd54 |
| SHA1 | 86f5ebb764eeb95b2332388ffc4c5b4dda826a6a |
| SHA256 | 303c4cb31af59705b8571abfe398c23e8eddddbaef76a257ff52d067cef2aff5 |
| SHA512 | d71f4cdaba8c88b0fa2b41ff6e87937bf2a500b088503adc64f066309e62ab226099ddafd32a7d413aa0b046e183b1f304b028e5b7d9cbf607fe89c5e76acca4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 98b9147163bed9aa93e67355ca51033a |
| SHA1 | b9544f85c1c32a5b0b004fc690ada949c6bcb186 |
| SHA256 | 680c89b2612de4b19529dcd07ef5c24c6262c33d70bc80ede4a6fa60becc88c9 |
| SHA512 | b6ad941c8055905a0632713d83adf6f88f4035d751a51b1689b90558eeab8e66a380b961f2187f35e97ef708649254ef59c8cf3966322bf23c8498f01a0a4135 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 47bf1e6337046d834686f358a8089625 |
| SHA1 | 7d3317ecf7661a2b582ee627389cef2efd144be7 |
| SHA256 | 6571a771f35e225c74e12488b56395ed192bd8fffc15e064d4c1949f18190029 |
| SHA512 | 8c64c26dfec45c73750deef2d7dc5353a9ed0365f5bfc0e3a763c94cfea9e9240417394fe598e19c21b90acb9462377f8d79fa70cbbc1648d6b9b7da17b839db |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | cb5d7d91b573d86fd235d399d8616a80 |
| SHA1 | d572c8c7cd0386988ee4df67e1dedc6ce70c5710 |
| SHA256 | a9b81c89e33ca1050f2b2d79b59347af21052c5b6c4fdd50bc0100fcf44a2a2d |
| SHA512 | 808a47f34eeb467d3ed69e1e384931644e6d59e3a68a6c271e80a0b86116c22fc4d4b54ef47ce81cd53517121d7b3c02a0b08fedcd0877cad39459d977eea5f4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5c41b741307b3c4b5a2bc703572c774d |
| SHA1 | 7909646613d88f567b1234dd88892e3647bc8584 |
| SHA256 | 5842f325168f943932e08d71d48b546d17443d9237ce86d5fc7411047ee426f7 |
| SHA512 | d3e9ebf80caea47f55a9d12b8a43e536d3511249b4c93438c1c188281d40038b9609685b4f6d90927e78a1f20075d9ac90936c997bbdab02877e01bef405e2fd |
C:\Users\Admin\Downloads\Astral.rar
| MD5 | c8e7dc1384f8ec1fe1d704d0a8cb102c |
| SHA1 | 79cbafd1d35586a0ecf8c059e9eb61824c7bc6a9 |
| SHA256 | 0e173c2a2d3d5e7b98d3e93423e6f3cb906459ff9a61d9e7c451787411995612 |
| SHA512 | 1c02f5311db38d7297c6dfc6c8f9f55ae9d38cd73f3c17a5adadea8003c2a020a13b33f09c79c1749f24c80516349536939404c66891fb0768b934739e64b199 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 0fb17406dceeac214a6ebc1238bc837a |
| SHA1 | bd957beefa2d8e66b0ffcffb1f139c28ea479ce1 |
| SHA256 | 8ef1004406a5bc9bdb4fd5b9d178942e27256d9b31526d4b2767803205b8feee |
| SHA512 | 2515a1d92a37bd062d8fd0c40e82ab1886890ae7edc7fbd695612d22566b4da659c1d263a55ce807a028df0764389b9ec7380cde11b41e3e1fed2dff1364db2e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | a65aae97f5092a89784e4a3b708dd6e0 |
| SHA1 | 709f16a441e30af48dd3bb892b716aca9b9b26cd |
| SHA256 | 59a7fb83bb2045dea0ae27c0d09b6e134a4fb55a5b7a634696a5d8f72202f599 |
| SHA512 | 5cb1cf0e18fe42b730f4c2f8524adcd5983e471de41eb843a8966b223e6db8289caff1e9f13b8525df9d94d85f27b44ffe2e7608be9c0ae59d5f5e31f9794ba5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | bd61a015be6791d01de43f9cede46bf1 |
| SHA1 | 19e21aba2b38bee00f7716bd04c248fdb8d7ac8e |
| SHA256 | 8709085365feebe192e2aa1e955d5f9d75c9bd983c11d7a5865886687285c914 |
| SHA512 | 3c0ea5a291f8a11577b1acd2f6d31f982d4e833fa91dc6a085ce9b329226086bcd498d81443514d68d94004d60f9fb2f55575bd9f21e6a1881ec0d58fe249411 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0d10a1d07a5a6627e2f72f1ecac7cf01 |
| SHA1 | 485a785a6fa29ce545b4eea968268decbc5885da |
| SHA256 | d689ab9360d08ed22aee6a00344158854450e295623472bb0a72f1cfb1beab99 |
| SHA512 | b62264413ece98c7b02e85fce7a8ccb8886b0d60c78d46215b75c4cd03bc5b20c6000761557d7f110e83c0d8b4c96da26c8687eb2998b8aedaae44fad12f8bbc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 3dcf98d3dba3d016d9c07fc8c7742f2d |
| SHA1 | 8f05b16538490df91112597aa17d5de46dc10e08 |
| SHA256 | d24dace255e961806a6068eb4d492cebb8269c4dc88edef43e404e864f7a376e |
| SHA512 | 06e06508a0e823a143da6bb9d6218c6ec6164f62820b458977d6535465eb9f15d58b67f5a1a3dfb443b673d71ff335145c199f260ebc7819ddd592cc48b88944 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | f3eb50e49c7a059f6a05602c4a7cbe82 |
| SHA1 | 7d85b519ef0ad6f7ee065b0102a76e70b537fdd5 |
| SHA256 | a6222af4fe0865feead15c0188248143ba44020bc23bc47a5dda937093e8ce0c |
| SHA512 | 8bd5704f33e5d11784f83cd100363e07b1798de18994c4b3c3459cbb726dafd63491522090e13dc317cdeeb5ac2a2f9524f671d5eec280ab6d8f9de0a50eee1a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1
| MD5 | 56e5025ed2a33b049c96c1257775906a |
| SHA1 | 2f6423fdfb76049b935c693091453154cd9fd346 |
| SHA256 | 2991ddcc9ad76ae3b1e82c17ce94eb5f8b7ea3a1fc15f34e725ec104f7e4b79e |
| SHA512 | c1c96f37cdf59a95341b89588ef6557c34fdff8f24bb2befe0e257d496b4a0a66091ddc2345f93b65788de9a9717e0f36dd19bea3219d5a144fc82c08ae4b593 |
C:\Users\Admin\Downloads\Astral\ASTRAL 2.0\Astral.exe
| MD5 | 1ee5f98fbb806a712f1b604fc4c4c28a |
| SHA1 | cdad412d23992b37dacb37286e9c149cef5fd05f |
| SHA256 | 566fed7c0f5027414066594ef3580224795683be610d005d414ef1bdd6ae455d |
| SHA512 | 01e261de6fce9309798d56cfba21dfe535bfee555c47a42fbbd9dce8dcb3c2e6144200a14bf01aa9bcc53a32116fd7b522f120cdcc708b3874e829f7cfd58b0f |
C:\Users\Admin\Downloads\Astral\ASTRAL 2.0\Astral.exe
| MD5 | 1ee5f98fbb806a712f1b604fc4c4c28a |
| SHA1 | cdad412d23992b37dacb37286e9c149cef5fd05f |
| SHA256 | 566fed7c0f5027414066594ef3580224795683be610d005d414ef1bdd6ae455d |
| SHA512 | 01e261de6fce9309798d56cfba21dfe535bfee555c47a42fbbd9dce8dcb3c2e6144200a14bf01aa9bcc53a32116fd7b522f120cdcc708b3874e829f7cfd58b0f |
memory/4264-483-0x00000145367F0000-0x00000145374C0000-memory.dmp
C:\Users\Admin\Downloads\Astral\ASTRAL 2.0\DNGRTx64.dll
| MD5 | a428c3e775add87c7915381a88061888 |
| SHA1 | aaf1ef5d8924e92961bf81d07c2d6886e1e01585 |
| SHA256 | ddeb3041ff32da6d6a98e90941ec18f45b7a8afb2b738394de3073d774dfde4a |
| SHA512 | 29f8d8787e41370e0373bd01021783190fb752f6b37881462ebf7edd9bda9f530f59c125c3ca1ba8f88dde1200a3015868eaf718a9ad09ffc2ad6396a0f098d1 |
C:\Users\Admin\Downloads\Astral\ASTRAL 2.0\DNGRTx64.dll
| MD5 | a428c3e775add87c7915381a88061888 |
| SHA1 | aaf1ef5d8924e92961bf81d07c2d6886e1e01585 |
| SHA256 | ddeb3041ff32da6d6a98e90941ec18f45b7a8afb2b738394de3073d774dfde4a |
| SHA512 | 29f8d8787e41370e0373bd01021783190fb752f6b37881462ebf7edd9bda9f530f59c125c3ca1ba8f88dde1200a3015868eaf718a9ad09ffc2ad6396a0f098d1 |
memory/4264-486-0x00007FFC4D610000-0x00007FFC4D612000-memory.dmp
memory/4264-487-0x00007FFC4D620000-0x00007FFC4D622000-memory.dmp
memory/4264-488-0x00007FFC29D10000-0x00007FFC2A5F2000-memory.dmp
memory/4264-492-0x0000014537820000-0x0000014537821000-memory.dmp
memory/4264-493-0x0000014551990000-0x00000145519A0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\cf4f3925-9c0a-450a-9184-9807a418352a\GunaDotNetRT64.dll
| MD5 | 9c43f77cb7cff27cb47ed67babe3eda5 |
| SHA1 | b0400cf68249369d21de86bd26bb84ccffd47c43 |
| SHA256 | f25b9288fe370dcfcb4823fb4e44ab88c7f5fce6e137d0dba389a3dba07d621e |
| SHA512 | cde6fb6cf8db6f9746e69e6c10214e60b3646700d70b49668a2a792e309714dd2d4c5a5241977a833a95fcde8318abcc89eb9968a5039a0b75726bbfa27125a7 |
C:\Users\Admin\AppData\Local\Temp\cf4f3925-9c0a-450a-9184-9807a418352a\GunaDotNetRT64.dll
| MD5 | 9c43f77cb7cff27cb47ed67babe3eda5 |
| SHA1 | b0400cf68249369d21de86bd26bb84ccffd47c43 |
| SHA256 | f25b9288fe370dcfcb4823fb4e44ab88c7f5fce6e137d0dba389a3dba07d621e |
| SHA512 | cde6fb6cf8db6f9746e69e6c10214e60b3646700d70b49668a2a792e309714dd2d4c5a5241977a833a95fcde8318abcc89eb9968a5039a0b75726bbfa27125a7 |
memory/4264-502-0x0000014552730000-0x00000145528F4000-memory.dmp
memory/4264-501-0x00007FFC2F250000-0x00007FFC2F39E000-memory.dmp
memory/4264-503-0x0000014552730000-0x00000145528F4000-memory.dmp
memory/4264-505-0x0000014552730000-0x00000145528F4000-memory.dmp
memory/4264-507-0x0000014552730000-0x00000145528F4000-memory.dmp
memory/4264-508-0x00007FFC30A00000-0x00007FFC30A27000-memory.dmp
memory/4264-510-0x0000014552730000-0x00000145528F4000-memory.dmp
memory/4264-512-0x0000014552730000-0x00000145528F4000-memory.dmp
memory/4264-514-0x0000014552730000-0x00000145528F4000-memory.dmp
memory/4264-516-0x0000014552730000-0x00000145528F4000-memory.dmp
memory/4264-518-0x0000014552730000-0x00000145528F4000-memory.dmp
memory/4264-520-0x0000014552730000-0x00000145528F4000-memory.dmp
memory/4264-522-0x0000014552730000-0x00000145528F4000-memory.dmp
memory/4264-524-0x0000014552730000-0x00000145528F4000-memory.dmp
memory/4264-526-0x0000014552730000-0x00000145528F4000-memory.dmp
memory/4264-528-0x0000014552730000-0x00000145528F4000-memory.dmp
memory/4264-530-0x0000014552730000-0x00000145528F4000-memory.dmp
memory/4264-532-0x0000014552730000-0x00000145528F4000-memory.dmp
memory/4264-534-0x0000014552730000-0x00000145528F4000-memory.dmp
memory/4264-536-0x0000014552730000-0x00000145528F4000-memory.dmp
memory/4264-538-0x0000014552730000-0x00000145528F4000-memory.dmp
memory/4264-540-0x0000014552730000-0x00000145528F4000-memory.dmp
memory/4264-542-0x0000014552730000-0x00000145528F4000-memory.dmp
memory/4264-544-0x0000014552730000-0x00000145528F4000-memory.dmp
memory/4264-546-0x0000014552730000-0x00000145528F4000-memory.dmp
memory/4264-548-0x0000014552730000-0x00000145528F4000-memory.dmp
memory/4264-550-0x0000014552730000-0x00000145528F4000-memory.dmp
memory/4264-1098-0x0000014551990000-0x00000145519A0000-memory.dmp
memory/4264-1303-0x00007FFC30A00000-0x00007FFC30A27000-memory.dmp
memory/4264-11006-0x0000014551990000-0x00000145519A0000-memory.dmp
memory/4264-11005-0x0000014551990000-0x00000145519A0000-memory.dmp
memory/4264-11007-0x0000014551990000-0x00000145519A0000-memory.dmp
memory/4264-11008-0x0000014551990000-0x00000145519A0000-memory.dmp
memory/4264-11009-0x0000014551990000-0x00000145519A0000-memory.dmp
memory/4264-11010-0x0000014551990000-0x00000145519A0000-memory.dmp
memory/4264-11011-0x0000014551990000-0x00000145519A0000-memory.dmp
memory/4264-11012-0x0000014551990000-0x00000145519A0000-memory.dmp
\??\PIPE\wkssvc
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | cd4f5fe0fc0ab6b6df866b9bfb9dd762 |
| SHA1 | a6aaed363cd5a7b6910e9b3296c0093b0ac94759 |
| SHA256 | 3b803b53dbd3d592848fc66e5715f39f6bc02cbc95fb2452cd5822d98c6b8f81 |
| SHA512 | 7072630ec28cf6a8d5b072555234b5150c1e952138e5cdc29435a6242fda4b4217b81fb57acae927d2b908fa06f36414cb3fab35110d63107141263e3bba9676 |
\??\pipe\LOCAL\crashpad_1300_TWYDITFEXKUGDDNI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 3dcf98d3dba3d016d9c07fc8c7742f2d |
| SHA1 | 8f05b16538490df91112597aa17d5de46dc10e08 |
| SHA256 | d24dace255e961806a6068eb4d492cebb8269c4dc88edef43e404e864f7a376e |
| SHA512 | 06e06508a0e823a143da6bb9d6218c6ec6164f62820b458977d6535465eb9f15d58b67f5a1a3dfb443b673d71ff335145c199f260ebc7819ddd592cc48b88944 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
| MD5 | e5e3377341056643b0494b6842c0b544 |
| SHA1 | d53fd8e256ec9d5cef8ef5387872e544a2df9108 |
| SHA256 | e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25 |
| SHA512 | 83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1d40312629d09d2420e992fdb8a78c1c |
| SHA1 | 903950d5ba9d64ec21c9f51264272ca8dfae9540 |
| SHA256 | 1e7c6aa575c3ec46cd1fdf6df51063113d277012ed28f5f6b37aea95cd3a64ac |
| SHA512 | a7073247ae95e451ed32ceeae91c6638192c15eaad718875c1272eff51c0564016d9f84690543f27df509a7d579de329d101fbf82fed7cbeb27af57393de24ac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 603b596ea3608081099903224f69cd59 |
| SHA1 | 821f2ef7071ed0a6c2633661e83432769237c6e5 |
| SHA256 | 92b4d8b9d407fa3d3cdb2e3caa8605216087eb1db80bc36dec2920dae71342d3 |
| SHA512 | 13a3d23d6fcd3e6761ad62e4d7968f7e30f109042b77117aeba0c44f4ceb54add2e2748d3826dcedb975e1d33179ce499f586a6b3d0f86df8349ea915f91c54a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 1463bf2a54e759c40d9ad64228bf7bec |
| SHA1 | 2286d0ac3cfa9f9ca6c0df60699af7c49008a41f |
| SHA256 | 9b4fd2eea856352d8fff054b51ea5d6141a540ca253a2e4dc28839bc92cbf4df |
| SHA512 | 33e0c223b45acac2622790dda4b59a98344a89094c41ffdb2531d7f1c0db86a0ea4f1885fea7c696816aa4ceab46de6837cc081cd8e63e3419d9fcb8c5a0eb66 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
| MD5 | a4d80c48b49048f3d56514b598e8e3c8 |
| SHA1 | 91d110de0f38c47128f874e75d3ea8c2fc277e49 |
| SHA256 | fa1aac809a62ab29896aab1bf030a59646963d264a67cedda15d46e887082e7c |
| SHA512 | 118c7d5e9d3eaf1708c60ac3e4156bffbade6222cd0ee5d08b55dcb741d6ef31e46156ecda6670ce9bc4d89358bfc7d4f08a7b3b01269cb985562415bebdffe9 |
memory/4264-11151-0x00007FFC30A00000-0x00007FFC30A27000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 09e123e4bc30cd833878d61f1f64f152 |
| SHA1 | df9c958ade71c06e5fc7b0eb65de3bec9dba6a1a |
| SHA256 | 6ec1f9dae80fe7da4d64d11aea4fa8d7ff79bf65364ae1cb889224f20d8de653 |
| SHA512 | 505cc5067eb85ad4ff736aade3fe5e5aa9bc699f9855866804459d8d3edafaa13c8c63eb43679881b54f82735303293f41ebb5adf3dbb1c0aa24cd6c548fd80f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 581bc393b1e5294dcb38c74b54b534f7 |
| SHA1 | 234c3a4b4bd921ce9fb078f249b5dfdf2f877946 |
| SHA256 | d580d044c194fe698e71a5f936cd303dcd02d7ca4f7c3878b76239cf7cdee10f |
| SHA512 | 217acb14eaca7f5259adef7a3689342015cc1ed976e3c5d174b143a7193c0c8aa480f0c587a70a78ecf467d4979b7a19d961b57c1404c04f00c6a8c1ec82683c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1ed77eab01232b1a8af29ac1fc5e1040 |
| SHA1 | e202830be5dc142df74ba43faf760937dc1fd1d2 |
| SHA256 | f9a76e14c3a3914ad68589b3f61527512a4b0a5e469dad9b5e6783785d40c4b5 |
| SHA512 | 613ef3eee300d0e0d021622a8ac1b3286a42c90d9a2647f00f592420b5f2201e83d9e8aea600d05fc86d460e6ef19f4fa3ecadc9208a328cb92d0e2e6b2cfce3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cf1d51bc610ecb2854aa04101b445791 |
| SHA1 | 7a8da83b821b09cf4897e0f35f8768cd44b3e5c2 |
| SHA256 | ac13fa5f73787af4eded59eb8615130ffa4fe2604c04ef76ed272f6bea8b2dfd |
| SHA512 | 1aa3abc1cf51c6fd4df313a0a5c9d14b52e4a9f2af64de1f0da2521116774590023f52c010f8642cc4bf52146e9f66b71b63c9be029c81f15a86727f0a599f03 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 61ff681f5ba775fdb8972dbc79f44f6b |
| SHA1 | 946bfaf50ea92125af1a5c2af6e6e145c433197c |
| SHA256 | b094459e10bd9aa4ff8737effedc888694bb825500a2a28d43db2d6684f2b6ad |
| SHA512 | c8518ca9d4d0028618fc73a28c10cb99ab8d85c83d7cb13b30096e95bb8318ad14ab8f9c5ebc92f718a416f8a7ebec1faf5d73830f06f59bf3c4eb17daf97f85 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5a6dbf.TMP
| MD5 | 7326747a6415818f09d5bc3bc11e6a94 |
| SHA1 | 5520c9c7f5635d740fad894a74dbdb1b082d8bf5 |
| SHA256 | 7f4751c6eff374343c3f1e921d01aa0464981811826404065cfdff4e46fb92fc |
| SHA512 | a4204107b8e5c8475fdc0a833ed9940ac98dbd91b9c1c63d52bf5d343d3e1bb4dcb931f91d32c9b9c0ecede54b82e24352eeb3efcf883e94f90ac65be052b0fb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 91a73594ad62afea191b74094214454e |
| SHA1 | c36173fb00fd8ccdc9059c82c95d78653a9d883c |
| SHA256 | 115b4feb0b4d4b1edc346a5ee9d407e2eb3911cb604081010e65dd1ced8dcab2 |
| SHA512 | 6a5afeb35df7fa19421a34ca72251322396db50af43566c6cb6dd8b19ffd93edce69a57582ee62264f14505912af7979119b44aa98add0f5d3a82925ee260a78 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\eadbf45e-53e3-44f3-b366-9b672b5da9d7.tmp
| MD5 | de93c9fc887a495c7af0b80928da17a3 |
| SHA1 | 832711b18b7ba000a65cf477c44f7c1b2820125e |
| SHA256 | 99c808b13d25550812fa89f0adf0585b57948442fecdb6e76e661ba3fb5c8b67 |
| SHA512 | 577ecc5c3648b91c4589f98c732ee009f93c1d002cd763587f85bbf596a49bbb8cd5fd1e8472093221eeccc8140345d486e5f97bad5ce3b342e1a100cba87f29 |