hxxps://drive[.]google[.]com/file/d/1wIKBSsetUrRBUSK6427SdNFPHBS2F_OD/view?usp=sharing

Analysis

max time kernel
294s
max time network
205s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/09/2024, 04:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1wIKBSsetUrRBUSK6427SdNFPHBS2F_OD/view?usp=sharing

Score

7^/10

discovery pyinstaller

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
208	theultimateastra.exe
4012	theultimateastra.exe
4764	theultimateastra.exe
4512	theultimateastra.exe
524	theultimateastra.exe
4896	theultimateastra.exe
4372	theultimateastra.exe
4404	theultimateastra.exe
216	theultimateastra.exe
4120	theultimateastra.exe
1032	theultimateastra.exe
3496	theultimateastra.exe
4488	theultimateastra.exe
4052	theultimateastra.exe
3200	theultimateastra.exe
1924	theultimateastra.exe
4888	theultimateastra.exe
540	theultimateastra.exe
1696	theultimateastra.exe
3704	theultimateastra.exe
3668	theultimateastra.exe
604	theultimateastra.exe
4144	theultimateastra.exe
3044	theultimateastra.exe
4948	theultimateastra.exe
1416	theultimateastra.exe
4388	theultimateastra.exe
948	theultimateastra.exe
2364	theultimateastra.exe
832	theultimateastra.exe
4048	theultimateastra.exe
4556	theultimateastra.exe
400	theultimateastra.exe
1500	theultimateastra.exe
2632	theultimateastra.exe
3772	theultimateastra.exe
2416	theultimateastra.exe
5024	theultimateastra.exe
3008	theultimateastra.exe
3176	theultimateastra.exe
1340	theultimateastra.exe
3124	theultimateastra.exe
3172	theultimateastra.exe
1144	theultimateastra.exe
2044	theultimateastra.exe
3920	theultimateastra.exe
2300	theultimateastra.exe
4360	theultimateastra.exe
776	theultimateastra.exe
3664	theultimateastra.exe
2740	theultimateastra.exe
972	theultimateastra.exe
5136	theultimateastra.exe
5176	theultimateastra.exe
5212	theultimateastra.exe
5248	theultimateastra.exe
5284	theultimateastra.exe
5324	theultimateastra.exe
5372	theultimateastra.exe
5408	theultimateastra.exe
5444	theultimateastra.exe
5480	theultimateastra.exe
5516	theultimateastra.exe
5552	theultimateastra.exe

Loads dropped DLL 64 IoCs

pid	Process
4012	theultimateastra.exe
4012	theultimateastra.exe
4012	theultimateastra.exe
4012	theultimateastra.exe
4012	theultimateastra.exe
4012	theultimateastra.exe
4012	theultimateastra.exe
4012	theultimateastra.exe
4012	theultimateastra.exe
4012	theultimateastra.exe
4012	theultimateastra.exe
4012	theultimateastra.exe
4012	theultimateastra.exe
4012	theultimateastra.exe
4012	theultimateastra.exe
4012	theultimateastra.exe
4012	theultimateastra.exe
4012	theultimateastra.exe
4012	theultimateastra.exe
4012	theultimateastra.exe
4012	theultimateastra.exe
4012	theultimateastra.exe
4012	theultimateastra.exe
4012	theultimateastra.exe
4012	theultimateastra.exe
4012	theultimateastra.exe
4012	theultimateastra.exe
4012	theultimateastra.exe
4012	theultimateastra.exe
4012	theultimateastra.exe
4012	theultimateastra.exe
4012	theultimateastra.exe
4012	theultimateastra.exe
4012	theultimateastra.exe
4012	theultimateastra.exe
4012	theultimateastra.exe
4012	theultimateastra.exe
4012	theultimateastra.exe
4012	theultimateastra.exe
4012	theultimateastra.exe
4012	theultimateastra.exe
4012	theultimateastra.exe
4012	theultimateastra.exe
4764	theultimateastra.exe
4764	theultimateastra.exe
4764	theultimateastra.exe
4764	theultimateastra.exe
4764	theultimateastra.exe
4764	theultimateastra.exe
4764	theultimateastra.exe
4764	theultimateastra.exe
4764	theultimateastra.exe
4764	theultimateastra.exe
4764	theultimateastra.exe
4764	theultimateastra.exe
4764	theultimateastra.exe
4764	theultimateastra.exe
4764	theultimateastra.exe
4764	theultimateastra.exe
4764	theultimateastra.exe
4764	theultimateastra.exe
4764	theultimateastra.exe
4764	theultimateastra.exe
4764	theultimateastra.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
5	drive.google.com
7	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
behavioral1/files/0x0009000000023520-134.dat	pyinstaller

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 242714.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3992	msedge.exe
3992	msedge.exe
3312	msedge.exe
3312	msedge.exe
3980	identity_helper.exe
3980	identity_helper.exe
1460	msedge.exe
1460	msedge.exe
4012	theultimateastra.exe
4012	theultimateastra.exe
4012	theultimateastra.exe
4012	theultimateastra.exe
4764	theultimateastra.exe
4764	theultimateastra.exe
4764	theultimateastra.exe
4764	theultimateastra.exe
4512	theultimateastra.exe
4512	theultimateastra.exe
4512	theultimateastra.exe
4512	theultimateastra.exe
4012	theultimateastra.exe
4012	theultimateastra.exe
524	theultimateastra.exe
524	theultimateastra.exe
524	theultimateastra.exe
524	theultimateastra.exe
4764	theultimateastra.exe
4764	theultimateastra.exe
4896	theultimateastra.exe
4896	theultimateastra.exe
4896	theultimateastra.exe
4896	theultimateastra.exe
4512	theultimateastra.exe
4512	theultimateastra.exe
4372	theultimateastra.exe
4372	theultimateastra.exe
4372	theultimateastra.exe
4372	theultimateastra.exe
4012	theultimateastra.exe
4012	theultimateastra.exe
524	theultimateastra.exe
524	theultimateastra.exe
4404	theultimateastra.exe
4404	theultimateastra.exe
4404	theultimateastra.exe
4404	theultimateastra.exe
4764	theultimateastra.exe
4764	theultimateastra.exe
4896	theultimateastra.exe
4896	theultimateastra.exe
216	theultimateastra.exe
216	theultimateastra.exe
216	theultimateastra.exe
216	theultimateastra.exe
216	theultimateastra.exe
216	theultimateastra.exe
216	theultimateastra.exe
216	theultimateastra.exe
4512	theultimateastra.exe
4512	theultimateastra.exe
4372	theultimateastra.exe
4372	theultimateastra.exe
4012	theultimateastra.exe
4012	theultimateastra.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4012	theultimateastra.exe
Token: SeDebugPrivilege	4764	theultimateastra.exe
Token: SeDebugPrivilege	4512	theultimateastra.exe
Token: SeDebugPrivilege	524	theultimateastra.exe
Token: SeDebugPrivilege	4896	theultimateastra.exe
Token: SeDebugPrivilege	4372	theultimateastra.exe
Token: SeDebugPrivilege	4404	theultimateastra.exe
Token: SeDebugPrivilege	216	theultimateastra.exe
Token: SeDebugPrivilege	4120	theultimateastra.exe
Token: SeDebugPrivilege	1032	theultimateastra.exe
Token: SeDebugPrivilege	3496	theultimateastra.exe
Token: SeDebugPrivilege	4488	theultimateastra.exe
Token: SeDebugPrivilege	4052	theultimateastra.exe
Token: SeDebugPrivilege	3200	theultimateastra.exe
Token: SeDebugPrivilege	1924	theultimateastra.exe
Token: SeDebugPrivilege	4888	theultimateastra.exe
Token: SeDebugPrivilege	540	theultimateastra.exe
Token: SeDebugPrivilege	1696	theultimateastra.exe
Token: SeDebugPrivilege	3704	theultimateastra.exe
Token: SeDebugPrivilege	3668	theultimateastra.exe
Token: SeDebugPrivilege	604	theultimateastra.exe
Token: SeDebugPrivilege	4144	theultimateastra.exe
Token: SeDebugPrivilege	3044	theultimateastra.exe
Token: SeDebugPrivilege	4948	theultimateastra.exe
Token: SeDebugPrivilege	1416	theultimateastra.exe
Token: SeDebugPrivilege	4388	theultimateastra.exe
Token: SeDebugPrivilege	948	theultimateastra.exe
Token: SeDebugPrivilege	2364	theultimateastra.exe
Token: SeDebugPrivilege	832	theultimateastra.exe
Token: SeDebugPrivilege	4048	theultimateastra.exe
Token: SeDebugPrivilege	4556	theultimateastra.exe
Token: SeDebugPrivilege	400	theultimateastra.exe
Token: SeDebugPrivilege	1500	theultimateastra.exe
Token: SeDebugPrivilege	2632	theultimateastra.exe
Token: SeDebugPrivilege	3772	theultimateastra.exe
Token: SeDebugPrivilege	2416	theultimateastra.exe
Token: SeDebugPrivilege	5024	theultimateastra.exe
Token: SeDebugPrivilege	3008	theultimateastra.exe
Token: SeDebugPrivilege	3176	theultimateastra.exe
Token: SeDebugPrivilege	1340	theultimateastra.exe
Token: SeDebugPrivilege	3124	theultimateastra.exe
Token: SeDebugPrivilege	3172	theultimateastra.exe
Token: SeDebugPrivilege	1144	theultimateastra.exe
Token: SeDebugPrivilege	2044	theultimateastra.exe
Token: SeDebugPrivilege	3920	theultimateastra.exe
Token: SeDebugPrivilege	2300	theultimateastra.exe
Token: SeDebugPrivilege	4360	theultimateastra.exe
Token: SeDebugPrivilege	776	theultimateastra.exe
Token: SeDebugPrivilege	3664	theultimateastra.exe
Token: SeDebugPrivilege	2740	theultimateastra.exe
Token: SeDebugPrivilege	972	theultimateastra.exe
Token: SeDebugPrivilege	5136	theultimateastra.exe
Token: SeDebugPrivilege	5176	theultimateastra.exe
Token: SeDebugPrivilege	5212	theultimateastra.exe
Token: SeDebugPrivilege	5248	theultimateastra.exe
Token: SeDebugPrivilege	5284	theultimateastra.exe
Token: SeDebugPrivilege	5324	theultimateastra.exe
Token: SeDebugPrivilege	5372	theultimateastra.exe
Token: SeDebugPrivilege	5408	theultimateastra.exe
Token: SeDebugPrivilege	5444	theultimateastra.exe
Token: SeDebugPrivilege	5480	theultimateastra.exe
Token: SeDebugPrivilege	5516	theultimateastra.exe
Token: SeDebugPrivilege	5552	theultimateastra.exe
Token: SeDebugPrivilege	5588	theultimateastra.exe

Suspicious use of FindShellTrayWindow 39 IoCs

pid	Process
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3312 wrote to memory of 4816	3312	msedge.exe	83
PID 3312 wrote to memory of 4816	3312	msedge.exe	83
PID 3312 wrote to memory of 1020	3312	msedge.exe	84
PID 3312 wrote to memory of 1020	3312	msedge.exe	84
PID 3312 wrote to memory of 1020	3312	msedge.exe	84
PID 3312 wrote to memory of 1020	3312	msedge.exe	84
PID 3312 wrote to memory of 1020	3312	msedge.exe	84
PID 3312 wrote to memory of 1020	3312	msedge.exe	84
PID 3312 wrote to memory of 1020	3312	msedge.exe	84
PID 3312 wrote to memory of 1020	3312	msedge.exe	84
PID 3312 wrote to memory of 1020	3312	msedge.exe	84
PID 3312 wrote to memory of 1020	3312	msedge.exe	84
PID 3312 wrote to memory of 1020	3312	msedge.exe	84
PID 3312 wrote to memory of 1020	3312	msedge.exe	84
PID 3312 wrote to memory of 1020	3312	msedge.exe	84
PID 3312 wrote to memory of 1020	3312	msedge.exe	84
PID 3312 wrote to memory of 1020	3312	msedge.exe	84
PID 3312 wrote to memory of 1020	3312	msedge.exe	84
PID 3312 wrote to memory of 1020	3312	msedge.exe	84
PID 3312 wrote to memory of 1020	3312	msedge.exe	84
PID 3312 wrote to memory of 1020	3312	msedge.exe	84
PID 3312 wrote to memory of 1020	3312	msedge.exe	84
PID 3312 wrote to memory of 1020	3312	msedge.exe	84
PID 3312 wrote to memory of 1020	3312	msedge.exe	84
PID 3312 wrote to memory of 1020	3312	msedge.exe	84
PID 3312 wrote to memory of 1020	3312	msedge.exe	84
PID 3312 wrote to memory of 1020	3312	msedge.exe	84
PID 3312 wrote to memory of 1020	3312	msedge.exe	84
PID 3312 wrote to memory of 1020	3312	msedge.exe	84
PID 3312 wrote to memory of 1020	3312	msedge.exe	84
PID 3312 wrote to memory of 1020	3312	msedge.exe	84
PID 3312 wrote to memory of 1020	3312	msedge.exe	84
PID 3312 wrote to memory of 1020	3312	msedge.exe	84
PID 3312 wrote to memory of 1020	3312	msedge.exe	84
PID 3312 wrote to memory of 1020	3312	msedge.exe	84
PID 3312 wrote to memory of 1020	3312	msedge.exe	84
PID 3312 wrote to memory of 1020	3312	msedge.exe	84
PID 3312 wrote to memory of 1020	3312	msedge.exe	84
PID 3312 wrote to memory of 1020	3312	msedge.exe	84
PID 3312 wrote to memory of 1020	3312	msedge.exe	84
PID 3312 wrote to memory of 1020	3312	msedge.exe	84
PID 3312 wrote to memory of 1020	3312	msedge.exe	84
PID 3312 wrote to memory of 3992	3312	msedge.exe	85
PID 3312 wrote to memory of 3992	3312	msedge.exe	85
PID 3312 wrote to memory of 1084	3312	msedge.exe	86
PID 3312 wrote to memory of 1084	3312	msedge.exe	86
PID 3312 wrote to memory of 1084	3312	msedge.exe	86
PID 3312 wrote to memory of 1084	3312	msedge.exe	86
PID 3312 wrote to memory of 1084	3312	msedge.exe	86
PID 3312 wrote to memory of 1084	3312	msedge.exe	86
PID 3312 wrote to memory of 1084	3312	msedge.exe	86
PID 3312 wrote to memory of 1084	3312	msedge.exe	86
PID 3312 wrote to memory of 1084	3312	msedge.exe	86
PID 3312 wrote to memory of 1084	3312	msedge.exe	86
PID 3312 wrote to memory of 1084	3312	msedge.exe	86
PID 3312 wrote to memory of 1084	3312	msedge.exe	86
PID 3312 wrote to memory of 1084	3312	msedge.exe	86
PID 3312 wrote to memory of 1084	3312	msedge.exe	86
PID 3312 wrote to memory of 1084	3312	msedge.exe	86
PID 3312 wrote to memory of 1084	3312	msedge.exe	86
PID 3312 wrote to memory of 1084	3312	msedge.exe	86
PID 3312 wrote to memory of 1084	3312	msedge.exe	86
PID 3312 wrote to memory of 1084	3312	msedge.exe	86
PID 3312 wrote to memory of 1084	3312	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1wIKBSsetUrRBUSK6427SdNFPHBS2F_OD/view?usp=sharing
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaba0546f8,0x7ffaba054708,0x7ffaba054718
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,11833942438807700031,6972289466676834389,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,11833942438807700031,6972289466676834389,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,11833942438807700031,6972289466676834389,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11833942438807700031,6972289466676834389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11833942438807700031,6972289466676834389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11833942438807700031,6972289466676834389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,11833942438807700031,6972289466676834389,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8
  2⤵
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,11833942438807700031,6972289466676834389,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11833942438807700031,6972289466676834389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11833942438807700031,6972289466676834389,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11833942438807700031,6972289466676834389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:1188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11833942438807700031,6972289466676834389,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11833942438807700031,6972289466676834389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1848 /prefetch:1
  2⤵
  PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2068,11833942438807700031,6972289466676834389,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5316 /prefetch:8
  2⤵
  PID:544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11833942438807700031,6972289466676834389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2068,11833942438807700031,6972289466676834389,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6280 /prefetch:8
  2⤵
  PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2068,11833942438807700031,6972289466676834389,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1460

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4872

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1092

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:216

C:\Users\Admin\Downloads\theultimateastra.exe
"C:\Users\Admin\Downloads\theultimateastra.exe"
1⤵
- Executes dropped EXE
PID:208
- C:\Users\Admin\Downloads\theultimateastra.exe
  "C:\Users\Admin\Downloads\theultimateastra.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4012
- - C:\Users\Admin\Downloads\theultimateastra.exe
    C:\Users\Admin\Downloads\theultimateastra.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4764
  - - C:\Users\Admin\Downloads\theultimateastra.exe
      C:\Users\Admin\Downloads\theultimateastra.exe
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:4512
    - - C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        5⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:524
      - C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        6⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4896
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        7⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4372
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        8⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4404
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        9⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:216
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        10⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4120
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        11⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1032
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        12⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3496
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        13⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4488
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        14⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4052
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        15⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3200
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        16⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1924
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        17⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4888
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        18⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:540
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        19⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1696
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        20⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3704
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        21⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3668
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        22⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:604
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        23⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4144
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        24⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3044
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        25⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4948
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        26⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1416
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        27⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4388
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        28⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:948
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        29⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2364
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        30⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:832
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        31⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4048
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        32⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4556
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        33⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:400
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        34⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1500
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        35⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2632
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        36⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3772
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        37⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2416
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        38⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:5024
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        39⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3008
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        40⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3176
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        41⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1340
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        42⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3124
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        43⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3172
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        44⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1144
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        45⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2044
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        46⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3920
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        47⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2300
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        48⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4360
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        49⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:776
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        50⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3664
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        51⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2740
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        52⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:972
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        53⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:5136
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        54⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:5176
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        55⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:5212
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        56⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:5248
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        57⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:5284
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        58⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:5324
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        59⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:5372
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        60⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:5408
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        61⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:5444
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        62⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:5480
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        63⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:5516
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        64⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:5552
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        65⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:5588
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        66⤵
        
        PID:5624
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        67⤵
        
        PID:5660
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        68⤵
        
        PID:5700
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        69⤵
        
        PID:5740
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        70⤵
        
        PID:5780
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        71⤵
        
        PID:5816
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        72⤵
        
        PID:5852
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        73⤵
        
        PID:5888
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        74⤵
        
        PID:5924
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        75⤵
        
        PID:5960
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        76⤵
        
        PID:5996
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        77⤵
        
        PID:6032
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        78⤵
        
        PID:6068
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        79⤵
        
        PID:6112
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        80⤵
        
        PID:5132
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        81⤵
        
        PID:5280
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        82⤵
        
        PID:1628
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        83⤵
        
        PID:5532
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        84⤵
        
        PID:5656
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        85⤵
        
        PID:5776
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        86⤵
        
        PID:5940
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        87⤵
        
        PID:6108
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        88⤵
        
        PID:3344
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        89⤵
        
        PID:5732
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        90⤵
        
        PID:5440
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        91⤵
        
        PID:6156
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        92⤵
        
        PID:6196
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        93⤵
        
        PID:6232
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        94⤵
        
        PID:6272
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        95⤵
        
        PID:6308
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        96⤵
        
        PID:6344
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        97⤵
        
        PID:6384
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        98⤵
        
        PID:6420
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        99⤵
        
        PID:6456
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        100⤵
        
        PID:6496
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        101⤵
        
        PID:6532
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        102⤵
        
        PID:6568
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        103⤵
        
        PID:6604
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        104⤵
        
        PID:6660
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        105⤵
        
        PID:6696
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        106⤵
        
        PID:6736
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        107⤵
        
        PID:6776
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        108⤵
        
        PID:6812
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        109⤵
        
        PID:6852
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        110⤵
        
        PID:6888
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        111⤵
        
        PID:6924
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        112⤵
        
        PID:6960
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        113⤵
        
        PID:6996
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        114⤵
        
        PID:7032
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        115⤵
        
        PID:7068
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        116⤵
        
        PID:7108
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        117⤵
        
        PID:7144
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        118⤵
        
        PID:6188
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        119⤵
        
        PID:6376
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        120⤵
        
        PID:6528
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        121⤵
        
        PID:6712
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        122⤵
        
        PID:6884
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        123⤵
        
        PID:7048
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        
        C:\Users\Admin\Downloads\theultimateastra.exe
        124⤵
        
        PID:6264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
f355ca1f12e55434c9da8126f30f570e

SHA1
e0d34d0298a8e6dd956818ac43861878cf93e377

SHA256
815e36ebd11e8d65bef80c1368b0ab28fd174268d2a442519a8c62cffaff79e1

SHA512
30fc1c1ef586732a67d4fa7187aa257738b9938c817815c52f9ef2ba7a0c7dab84df7276ee9cba5f83f0616c61ccf5c6bda635e24013eeaef755087c2ab56f7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
82ab4618012086eddd8c21f68d5052dc

SHA1
8924661f3bc500d84066fe608a633e5ad78af43a

SHA256
d8b7f3408f38ea49cbf0ff55cd4173a350995d9c53297e2eb294c4767a182c5f

SHA512
914b9ca0f15482583437874cc86d522c101a3f21e67be2aed17fcba2ea3dbaa4126e2bba57795584737caf3031a9b0b5d6cdbce965b6d0be96cb619bb2f4cfa6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
021348560741b2bf26d9bcec8f1bdb9c

SHA1
83304db37e842fc69c803a8548f27a13dff432ac

SHA256
405e5da70c8f1dacca40f235dc9dfa8bdfbbb8243ee9f2852f2f7ffe9f6e7ac1

SHA512
fec2a25a3da7da9ade0fc56a8ea21f722cf9eee3a6c2bced23a6f9c548852d14782628c1fe75a20e755f39c8e1ce11e8ba33cb4659bb9f649c78f304275c844f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
74499f7e3979f2d24f32dccbb4abb372

SHA1
19ae43c373c8b21e2c0da074a350db9011800be8

SHA256
6c864f8fcd109f3644de9f063a8da1167e78fb1d21ad9aa99784270aec342f6d

SHA512
68e19a90e2c92653d77fb918d9028dfb24b2ba9dcfb4d26e41e8511d9a17b169c09a6d342a24c37fe1c30a9d65b220e2c2ed90133380c5fa677fdd06241beb12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5f8f63185ec10da4e78236ee6cac7d87

SHA1
186b79880d9558fee8164e59c266061788fcb6d4

SHA256
c3bd06e5521fd6b181876a6e7d7b05b91ed65b7609dc13e45b9153c042ec24ee

SHA512
56b4ac3e72e16f1b3d486d155644b5a60d9fba86a307cb1942bc6575d1327898d8ada29b5571e248400999a3fa386a1732fffdad56b44d861db41363b7bea6ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7315d649a5663b185078645e21c4e19e

SHA1
7e537fcaa1fa1c5d20f3b886a4cf151cf243e975

SHA256
d0ec559c7cb7c6626420ac1ffd6d06cdecc85a460a57a05ae386d55ec5827223

SHA512
034ebd5aff679a589a885a914bcf749c578c418bedfa0e231b4b888f742fe9491828f52969d06fb2626732420f5e3cae490526bd59439e01a50171c747a5d26a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e39a37080bcec91491a8978ee3d2bc08

SHA1
a0ce3a7a76934fd1879d20799c35550cf8dfff37

SHA256
2c378058b29f71944ad389542e8e61861d5ac0a2ddd9a8b06d7657b492d83d32

SHA512
eb87c9ceb0523b12091e9800d1ff48609484b1980c063eeceb8e81df130e39019194e3519b4392f24e5ff0101dc4ee058d92f5cfb7c9d03b689bf8223a6bdb0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
cc1d7d7da9b04189fb66159fd9c43c10

SHA1
db72cafc10049c280ed3718bcfe90477176da77d

SHA256
343d5a8d26f543b4b7a4e08f8ab180d47b2acc191224e3b532a3e92d90b81ba2

SHA512
fdc2f51726c57e2657aef412b5200b98b3e462a8a53d0c970cb27a8f4034082d977bde59c20f9991f25f1258cf8b1922bea8dd3dd51d87e762138a1aef82927c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d71cf4b5e7eb687b32069c3b93bdeae1

SHA1
9c9bde45f8f22f6908bbf6bb23e53693da8bf38e

SHA256
4a3b3c5f2e9a84df0ebaf0eb93cea9995b729822aaabb37b1f63bebab5ce3b0f

SHA512
dcdb53e68559fd875f65dad2949f7455561639ec43342620584c12c425fee34dbd8ae4841f933438986ab3e1052022e0716b7036f5f079c258acb92e34eb592a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2082\VCRUNTIME140.dll

Filesize
116KB

MD5
be8dbe2dc77ebe7f88f910c61aec691a

SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40

SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2082\VCRUNTIME140_1.dll

Filesize
48KB

MD5
f8dfa78045620cf8a732e67d1b1eb53d

SHA1
ff9a604d8c99405bfdbbf4295825d3fcbc792704

SHA256
a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5

SHA512
ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2082\_asyncio.pyd

Filesize
69KB

MD5
28d2a0405be6de3d168f28109030130c

SHA1
7151eccbd204b7503f34088a279d654cfe2260c9

SHA256
2dfcaec25de17be21f91456256219578eae9a7aec5d21385dec53d0840cf0b8d

SHA512
b87f406f2556fac713967e5ae24729e827f2112c318e73fe8ba28946fd6161802de629780fad7a3303cf3dbab7999b15b535f174c85b3cbb7bb3c67915f3b8d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2082\_bz2.pyd

Filesize
83KB

MD5
223fd6748cae86e8c2d5618085c768ac

SHA1
dcb589f2265728fe97156814cbe6ff3303cd05d3

SHA256
f81dc49eac5ecc528e628175add2ff6bda695a93ea76671d7187155aa6326abb

SHA512
9c22c178417b82e68f71e5b7fe7c0c0a77184ee12bd0dc049373eace7fa66c89458164d124a9167ae760ff9d384b78ca91001e5c151a51ad80c824066b8ecce6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2082\_cffi_backend.cp312-win_amd64.pyd

Filesize
175KB

MD5
d8caf1c098db12b2eba8edae51f31c10

SHA1
e533ac6c614d95c09082ae951b3b685daca29a8f

SHA256
364208a97336f577d99bbaaed6d2cf8a4a24d6693b323de4665f75a964ca041d

SHA512
77e36f4fb44374b7c58a9005a1d7dfeb3214eabb90786e8a7c6593b5b1c7a305d6aa446be7a06ae0ff38f2bedea68cacb39053b7b7ec297bff3571b3922fd938

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2082\_ctypes.pyd

Filesize
122KB

MD5
bbd5533fc875a4a075097a7c6aba865e

SHA1
ab91e62c6d02d211a1c0683cb6c5b0bdd17cbf00

SHA256
be9828a877e412b48d75addc4553d2d2a60ae762a3551f9731b50cae7d65b570

SHA512
23ef351941f459dee7ed2cebbae21969e97b61c0d877cfe15e401c36369d2a2491ca886be789b1a0c5066d6a8835fd06db28b5b28fb6e9df84c2d0b0d8e9850e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2082\_decimal.pyd

Filesize
245KB

MD5
3055edf761508190b576e9bf904003aa

SHA1
f0dc8d882b5cd7955cc6dfc8f9834f70a83c7890

SHA256
e4104e47399d3f635a14d649f61250e9fd37f7e65c81ffe11f099923f8532577

SHA512
87538fe20bd2c1150a8fefd0478ffd32e2a9c59d22290464bf5dfb917f6ac7ec874f8b1c70d643a4dc3dd32cbe17e7ea40c0be3ea9dd07039d94ab316f752248

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2082\_hashlib.pyd

Filesize
64KB

MD5
eedb6d834d96a3dffffb1f65b5f7e5be

SHA1
ed6735cfdd0d1ec21c7568a9923eb377e54b308d

SHA256
79c4cde23397b9a35b54a3c2298b3c7a844454f4387cb0693f15e4facd227dd2

SHA512
527bd7bb2f4031416762595f4ce24cbc6254a50eaf2cc160b930950c4f2b3f5e245a486972148c535f8cd80c78ec6fa8c9a062085d60db8f23d4b21e8ae4c0ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2082\_lzma.pyd

Filesize
156KB

MD5
05e8b2c429aff98b3ae6adc842fb56a3

SHA1
834ddbced68db4fe17c283ab63b2faa2e4163824

SHA256
a6e2a5bb7a33ad9054f178786a031a46ea560faeef1fb96259331500aae9154c

SHA512
badeb99795b89bc7c1f0c36becc7a0b2ce99ecfd6f6bb493bda24b8e57e6712e23f4c509c96a28bc05200910beddc9f1536416bbc922331cae698e813cbb50b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2082\_multiprocessing.pyd

Filesize
34KB

MD5
a4281e383ef82c482c8bda50504be04a

SHA1
4945a2998f9c9f8ce1c078395ffbedb29c715d5d

SHA256
467b0fef42d70b55abf41d817dff7631faeef84dce64f8aadb5690a22808d40c

SHA512
661e38b74f8bfdd14e48e65ee060da8ecdf67c0e3ca1b41b6b835339ab8259f55949c1f8685102fd950bf5de11a1b7c263da8a3a4b411f1f316376b8aa4a5683

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2082\_overlapped.pyd

Filesize
54KB

MD5
ba368245d104b1e016d45e96a54dd9ce

SHA1
b79ef0eb9557a0c7fa78b11997de0bb057ab0c52

SHA256
67e6ca6f1645c6928ade6718db28aff1c49a192e8811732b5e99364991102615

SHA512
429d7a1f829be98c28e3dca5991edcadff17e91f050d50b608a52ef39f6f1c6b36ab71bfa8e3884167371a4e40348a8cda1a9492b125fb19d1a97c0ccb8f2c7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2082\_queue.pyd

Filesize
31KB

MD5
6e0cb85dc94e351474d7625f63e49b22

SHA1
66737402f76862eb2278e822b94e0d12dcb063c5

SHA256
3f57f29abd86d4dc8f4ca6c3f190ebb57d429143d98f0636ff5117e08ed81f9b

SHA512
1984b2fc7f9bbdf5ba66716fc60dcfd237f38e2680f2fc61f141ff7e865c0dbdd7cdc47b3bc490b426c6cfe9f3f9e340963abf428ea79eb794b0be7d13001f6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2082\_socket.pyd

Filesize
81KB

MD5
dc06f8d5508be059eae9e29d5ba7e9ec

SHA1
d666c88979075d3b0c6fd3be7c595e83e0cb4e82

SHA256
7daff6aa3851a913ed97995702a5dfb8a27cb7cf00fb496597be777228d7564a

SHA512
57eb36bc1e9be20c85c34b0a535b2349cb13405d60e752016e23603c4648939f1150e4dbebc01ec7b43eb1a6947c182ccb8a806e7e72167ad2e9d98d1fd94ab3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2082\_ssl.pyd

Filesize
174KB

MD5
5b9b3f978d07e5a9d701f832463fc29d

SHA1
0fcd7342772ad0797c9cb891bf17e6a10c2b155b

SHA256
d568b3c99bf0fc35a1f3c5f66b4a9d3b67e23a1d3cf0a4d30499d924d805f5aa

SHA512
e4db56c8e0e9ba0db7004463bf30364a4e4ab0b545fb09f40d2dba67b79b6b1c1db07df1f017501e074abd454d1e37a4167f29e7bbb0d4f8958fa0a2e9f4e405

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2082\_tkinter.pyd

Filesize
62KB

MD5
1df0201667b4718637318dbcdc74a574

SHA1
fd44a9b3c525beffbca62c6abe4ba581b9233db2

SHA256
70439ee9a05583d1c4575dce3343b2a1884700d9e0264c3ada9701829483a076

SHA512
530431e880f2bc193fae53b6c051bc5f62be08d8ca9294f47f18bb3390dcc0914e8e53d953eee2fcf8e1efbe17d98eb60b3583bccc7e3da5e21ca4dc45adfaf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2082\_wmi.pyd

Filesize
35KB

MD5
7ec3fc12c75268972078b1c50c133e9b

SHA1
73f9cf237fe773178a997ad8ec6cd3ac0757c71e

SHA256
1a105311a5ed88a31472b141b4b6daa388a1cd359fe705d9a7a4aba793c5749f

SHA512
441f18e8ce07498bc65575e1ae86c1636e1ceb126af937e2547710131376be7b4cb0792403409a81b5c6d897b239f26ec9f36388069e324249778a052746795e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2082\base_library.zip

Filesize
1.3MB

MD5
8dad91add129dca41dd17a332a64d593

SHA1
70a4ec5a17ed63caf2407bd76dc116aca7765c0d

SHA256
8de4f013bfecb9431aabaa97bb084fb7de127b365b9478d6f7610959bf0d2783

SHA512
2163414bc01fc30d47d1de763a8332afe96ea7b296665b1a0840d5197b7e56f4963938e69de35cd2bf89158e5e2240a1650d00d86634ac2a5e2ad825455a2d50

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2082\libcrypto-3.dll

Filesize
5.0MB

MD5
e547cf6d296a88f5b1c352c116df7c0c

SHA1
cafa14e0367f7c13ad140fd556f10f320a039783

SHA256
05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de

SHA512
9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2082\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2082\libssl-3.dll

Filesize
768KB

MD5
19a2aba25456181d5fb572d88ac0e73e

SHA1
656ca8cdfc9c3a6379536e2027e93408851483db

SHA256
2e9fbcd8f7fdc13a5179533239811456554f2b3aa2fb10e1b17be0df81c79006

SHA512
df17dc8a882363a6c5a1b78ba3cf448437d1118ccc4a6275cc7681551b13c1a4e0f94e30ffb94c3530b688b62bff1c03e57c2c185a7df2bf3e5737a06e114337

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2082\pyexpat.pyd

Filesize
196KB

MD5
5e911ca0010d5c9dce50c58b703e0d80

SHA1
89be290bebab337417c41bab06f43effb4799671

SHA256
4779e19ee0f4f0be953805efa1174e127f6e91ad023bd33ac7127fef35e9087b

SHA512
e3f1db80748333f08f79f735a457246e015c10b353e1a52abe91ed9a69f7de5efa5f78a2ed209e97b16813cb74a87f8f0c63a5f44c8b59583851922f54a48cf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2082\python3.DLL

Filesize
66KB

MD5
79b02450d6ca4852165036c8d4eaed1f

SHA1
ce9ff1b302426d4c94a2d3ea81531d3cb9e583e4

SHA256
d2e348e615a5d3b08b0bac29b91f79b32f0c1d0be48976450042462466b51123

SHA512
47044d18db3a4dd58a93b43034f4fafa66821d157dcfefb85fca2122795f4591dc69a82eb2e0ebd9183075184368850e4caf9c9fea0cfe6f766c73a60ffdf416

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2082\python312.dll

Filesize
6.6MB

MD5
3c388ce47c0d9117d2a50b3fa5ac981d

SHA1
038484ff7460d03d1d36c23f0de4874cbaea2c48

SHA256
c98ba3354a7d1f69bdca42560feec933ccba93afcc707391049a065e1079cddb

SHA512
e529c5c1c028be01e44a156cd0e7cad0a24b5f91e5d34697fafc395b63e37780dc0fac8f4c5d075ad8fe4bd15d62a250b818ff3d4ead1e281530a4c7e3ce6d35

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2082\select.pyd

Filesize
29KB

MD5
92b440ca45447ec33e884752e4c65b07

SHA1
5477e21bb511cc33c988140521a4f8c11a427bcc

SHA256
680df34fb908c49410ac5f68a8c05d92858acd111e62d1194d15bdce520bd6c3

SHA512
40e60e1d1445592c5e8eb352a4052db28b1739a29e16b884b0ba15917b058e66196988214ce473ba158704837b101a13195d5e48cb1dc2f07262dfecfe8d8191

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2082\setuptools\_vendor\inflect-7.3.1.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2082\setuptools\_vendor\jaraco.text-3.12.1.dist-info\LICENSE

Filesize
1023B

MD5
141643e11c48898150daa83802dbc65f

SHA1
0445ed0f69910eeaee036f09a39a13c6e1f37e12

SHA256
86da0f01aeae46348a3c3d465195dc1ceccde79f79e87769a64b8da04b2a4741

SHA512
ef62311602b466397baf0b23caca66114f8838f9e78e1b067787ceb709d09e0530e85a47bbcd4c5a0905b74fdb30df0cc640910c6cc2e67886e5b18794a3583f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2082\setuptools\_vendor\jaraco.text-3.12.1.dist-info\WHEEL

Filesize
92B

MD5
43136dde7dd276932f6197bb6d676ef4

SHA1
6b13c105452c519ea0b65ac1a975bd5e19c50122

SHA256
189eedfe4581172c1b6a02b97a8f48a14c0b5baa3239e4ca990fbd8871553714

SHA512
e7712ba7d36deb083ebcc3b641ad3e7d19fb071ee64ae3a35ad6a50ee882b20cd2e60ca1319199df12584fe311a6266ec74f96a3fb67e59f90c7b5909668aee1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2082\setuptools\_vendor\jaraco\text\Lorem ipsum.txt

Filesize
1KB

MD5
4ce7501f6608f6ce4011d627979e1ae4

SHA1
78363672264d9cd3f72d5c1d3665e1657b1a5071

SHA256
37fedcffbf73c4eb9f058f47677cb33203a436ff9390e4d38a8e01c9dad28e0b

SHA512
a4cdf92725e1d740758da4dd28df5d1131f70cef46946b173fe6956cc0341f019d7c4fecc3c9605f354e1308858721dada825b4c19f59c5ad1ce01ab84c46b24

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2082\tcl86t.dll

Filesize
1.7MB

MD5
21dc82dd9cc445f92e0172d961162222

SHA1
73bc20b509e1545b16324480d9620ae25364ebf1

SHA256
c2966941f116fab99f48ab9617196b43a5ee2fd94a8c70761bda56cb334daa03

SHA512
3051a9d723fb7fc11f228e9f27bd2644ac5a0a95e7992d60c757240577b92fc31fa373987b338e6bc5707317d20089df4b48d1b188225ff370ad2a68d5ff7ba6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2082\tk86t.dll

Filesize
1.5MB

MD5
9fb68a0252e2b6cd99fd0cb6708c1606

SHA1
60ab372e8473fad0f03801b6719bf5cccfc2592e

SHA256
c6ffe2238134478d8cb1c695d57e794516f3790e211ff519f551e335230de7de

SHA512
f5de1b1a9dc2d71ae27dfaa7b01e079e4970319b6424b44c47f86360faf0b976ed49dab6ee9f811e766a2684b647711e567cbaa6660f53ba82d724441c4ddd06

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2082\unicodedata.pyd

Filesize
1.1MB

MD5
16be9a6f941f1a2cb6b5fca766309b2c

SHA1
17b23ae0e6a11d5b8159c748073e36a936f3316a

SHA256
10ffd5207eeff5a836b330b237d766365d746c30e01abf0fd01f78548d1f1b04

SHA512
64b7ecc58ae7cf128f03a0d5d5428aaa0d4ad4ae7e7d19be0ea819bbbf99503836bfe4946df8ee3ab8a92331fdd002ab9a9de5146af3e86fef789ce46810796b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2082\zlib1.dll

Filesize
143KB

MD5
297e845dd893e549146ae6826101e64f

SHA1
6c52876ea6efb2bc8d630761752df8c0a79542f1

SHA256
837efb838cb91428c8c0dfb65d5af1e69823ff1594780eb8c8e9d78f7c4b2fc1

SHA512
f6efef5e34ba13f1dfddacfea15f385de91d310d73a6894cabb79c2186accc186c80cef7405658d91517c3c10c66e1acb93e8ad2450d4346f1aa85661b6074c3

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 242714.crdownload

Filesize
15.1MB

MD5
b121d79200a40bd1e7e69a18ffba6606

SHA1
72a657929dd2de2df0085e39cd01d59adf1f9aa5

SHA256
d910c1eb25cfece7b49eb93da917040ab16b3d8f228d1753ef8beb51fe69b4b8

SHA512
9c1cdc1bcec57ae3e27019311dae573aedcb5fce5093596dd068c2e79aa20109426a189c0be267ac80dd8aa46e9301ec03d0c4df03b49bc993d8463e0535a40e

Download Submit