hxxps://we[.]tl/t-qKPjJq2L6c

Analysis

max time kernel
407s
max time network
315s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
15-03-2024 19:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://we.tl/t-qKPjJq2L6c

Score

8^/10

pyinstaller

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 4 IoCs

pid	Process
2920	Maple.exe
420	Maple.exe
1236	Maple.exe
4620	Maple.exe

Loads dropped DLL 64 IoCs

pid	Process
420	Maple.exe
420	Maple.exe
420	Maple.exe
420	Maple.exe
420	Maple.exe
420	Maple.exe
420	Maple.exe
420	Maple.exe
420	Maple.exe
420	Maple.exe
420	Maple.exe
420	Maple.exe
420	Maple.exe
420	Maple.exe
420	Maple.exe
420	Maple.exe
420	Maple.exe
420	Maple.exe
420	Maple.exe
420	Maple.exe
420	Maple.exe
420	Maple.exe
420	Maple.exe
420	Maple.exe
420	Maple.exe
420	Maple.exe
420	Maple.exe
420	Maple.exe
420	Maple.exe
420	Maple.exe
420	Maple.exe
420	Maple.exe
420	Maple.exe
420	Maple.exe
420	Maple.exe
420	Maple.exe
420	Maple.exe
420	Maple.exe
420	Maple.exe
420	Maple.exe
420	Maple.exe
420	Maple.exe
420	Maple.exe
420	Maple.exe
4620	Maple.exe
4620	Maple.exe
4620	Maple.exe
4620	Maple.exe
4620	Maple.exe
4620	Maple.exe
4620	Maple.exe
4620	Maple.exe
4620	Maple.exe
4620	Maple.exe
4620	Maple.exe
4620	Maple.exe
4620	Maple.exe
4620	Maple.exe
4620	Maple.exe
4620	Maple.exe
4620	Maple.exe
4620	Maple.exe
4620	Maple.exe
4620	Maple.exe

Detects Pyinstaller 4 IoCs

pyinstaller

resource	yara_rule
behavioral1/files/0x000500000002a787-453.dat	pyinstaller
behavioral1/files/0x000100000002a826-674.dat	pyinstaller
behavioral1/files/0x000100000002a826-675.dat	pyinstaller
behavioral1/files/0x000100000002a826-770.dat	pyinstaller

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

NTFS ADS 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 966826.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 914480.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Maple.exe:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
336	msedge.exe
336	msedge.exe
1640	msedge.exe
1640	msedge.exe
4268	msedge.exe
4268	msedge.exe
3948	identity_helper.exe
3948	identity_helper.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
1612	msedge.exe
1612	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	2628	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2628	AUDIODG.EXE
Token: SeDebugPrivilege	420	Maple.exe
Token: SeDebugPrivilege	4620	Maple.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4996 wrote to memory of 1316	4996	msedge.exe	81
PID 4996 wrote to memory of 1316	4996	msedge.exe	81
PID 1640 wrote to memory of 2480	1640	msedge.exe	83
PID 1640 wrote to memory of 2480	1640	msedge.exe	83
PID 1640 wrote to memory of 456	1640	msedge.exe	84
PID 1640 wrote to memory of 456	1640	msedge.exe	84
PID 1640 wrote to memory of 456	1640	msedge.exe	84
PID 1640 wrote to memory of 456	1640	msedge.exe	84
PID 1640 wrote to memory of 456	1640	msedge.exe	84
PID 1640 wrote to memory of 456	1640	msedge.exe	84
PID 1640 wrote to memory of 456	1640	msedge.exe	84
PID 1640 wrote to memory of 456	1640	msedge.exe	84
PID 1640 wrote to memory of 456	1640	msedge.exe	84
PID 1640 wrote to memory of 456	1640	msedge.exe	84
PID 1640 wrote to memory of 456	1640	msedge.exe	84
PID 1640 wrote to memory of 456	1640	msedge.exe	84
PID 1640 wrote to memory of 456	1640	msedge.exe	84
PID 1640 wrote to memory of 456	1640	msedge.exe	84
PID 1640 wrote to memory of 456	1640	msedge.exe	84
PID 1640 wrote to memory of 456	1640	msedge.exe	84
PID 1640 wrote to memory of 456	1640	msedge.exe	84
PID 1640 wrote to memory of 456	1640	msedge.exe	84
PID 1640 wrote to memory of 456	1640	msedge.exe	84
PID 1640 wrote to memory of 456	1640	msedge.exe	84
PID 1640 wrote to memory of 456	1640	msedge.exe	84
PID 1640 wrote to memory of 456	1640	msedge.exe	84
PID 1640 wrote to memory of 456	1640	msedge.exe	84
PID 1640 wrote to memory of 456	1640	msedge.exe	84
PID 1640 wrote to memory of 456	1640	msedge.exe	84
PID 1640 wrote to memory of 456	1640	msedge.exe	84
PID 1640 wrote to memory of 456	1640	msedge.exe	84
PID 1640 wrote to memory of 456	1640	msedge.exe	84
PID 1640 wrote to memory of 456	1640	msedge.exe	84
PID 1640 wrote to memory of 456	1640	msedge.exe	84
PID 1640 wrote to memory of 456	1640	msedge.exe	84
PID 1640 wrote to memory of 456	1640	msedge.exe	84
PID 1640 wrote to memory of 456	1640	msedge.exe	84
PID 1640 wrote to memory of 456	1640	msedge.exe	84
PID 1640 wrote to memory of 456	1640	msedge.exe	84
PID 1640 wrote to memory of 456	1640	msedge.exe	84
PID 1640 wrote to memory of 456	1640	msedge.exe	84
PID 1640 wrote to memory of 456	1640	msedge.exe	84
PID 1640 wrote to memory of 456	1640	msedge.exe	84
PID 1640 wrote to memory of 456	1640	msedge.exe	84
PID 1640 wrote to memory of 336	1640	msedge.exe	85
PID 1640 wrote to memory of 336	1640	msedge.exe	85
PID 1640 wrote to memory of 1272	1640	msedge.exe	86
PID 1640 wrote to memory of 1272	1640	msedge.exe	86
PID 1640 wrote to memory of 1272	1640	msedge.exe	86
PID 1640 wrote to memory of 1272	1640	msedge.exe	86
PID 1640 wrote to memory of 1272	1640	msedge.exe	86
PID 1640 wrote to memory of 1272	1640	msedge.exe	86
PID 1640 wrote to memory of 1272	1640	msedge.exe	86
PID 1640 wrote to memory of 1272	1640	msedge.exe	86
PID 1640 wrote to memory of 1272	1640	msedge.exe	86
PID 1640 wrote to memory of 1272	1640	msedge.exe	86
PID 1640 wrote to memory of 1272	1640	msedge.exe	86
PID 1640 wrote to memory of 1272	1640	msedge.exe	86
PID 1640 wrote to memory of 1272	1640	msedge.exe	86
PID 1640 wrote to memory of 1272	1640	msedge.exe	86
PID 1640 wrote to memory of 1272	1640	msedge.exe	86
PID 1640 wrote to memory of 1272	1640	msedge.exe	86
PID 1640 wrote to memory of 1272	1640	msedge.exe	86
PID 1640 wrote to memory of 1272	1640	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://we.tl/t-qKPjJq2L6c
1⤵
- Suspicious use of WriteProcessMemory
PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9e6a53cb8,0x7ff9e6a53cc8,0x7ff9e6a53cd8
  2⤵
  PID:1316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,5349835459506905081,3220673281855826056,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,5349835459506905081,3220673281855826056,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  PID:3548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9e6a53cb8,0x7ff9e6a53cc8,0x7ff9e6a53cd8
  2⤵
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,12397050891809496798,15122267572155722539,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1860 /prefetch:2
  2⤵
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,12397050891809496798,15122267572155722539,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,12397050891809496798,15122267572155722539,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2476 /prefetch:8
  2⤵
  PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,12397050891809496798,15122267572155722539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,12397050891809496798,15122267572155722539,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,12397050891809496798,15122267572155722539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:1
  2⤵
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,12397050891809496798,15122267572155722539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,12397050891809496798,15122267572155722539,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,12397050891809496798,15122267572155722539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,12397050891809496798,15122267572155722539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,12397050891809496798,15122267572155722539,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1888,12397050891809496798,15122267572155722539,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3992 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,12397050891809496798,15122267572155722539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,12397050891809496798,15122267572155722539,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7096 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1888,12397050891809496798,15122267572155722539,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5084 /prefetch:8
  2⤵
  PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,12397050891809496798,15122267572155722539,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3756 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,12397050891809496798,15122267572155722539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7044 /prefetch:1
  2⤵
  PID:584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,12397050891809496798,15122267572155722539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2812 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,12397050891809496798,15122267572155722539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4356 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1888,12397050891809496798,15122267572155722539,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3316 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1888,12397050891809496798,15122267572155722539,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6616 /prefetch:8
  2⤵
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1888,12397050891809496798,15122267572155722539,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6976 /prefetch:8
  2⤵
  PID:2684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1888,12397050891809496798,15122267572155722539,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5620 /prefetch:8
  2⤵
  PID:4116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3436

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004EC 0x00000000000004D8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2628

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:448

C:\Users\Admin\Downloads\Maple\Maple.exe
"C:\Users\Admin\Downloads\Maple\Maple.exe"
1⤵
- Executes dropped EXE
PID:2920
- C:\Users\Admin\Downloads\Maple\Maple.exe
  "C:\Users\Admin\Downloads\Maple\Maple.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  PID:420
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:4132

C:\Users\Admin\Downloads\Maple\Maple.exe
"C:\Users\Admin\Downloads\Maple\Maple.exe"
1⤵
- Executes dropped EXE
PID:1236
- C:\Users\Admin\Downloads\Maple\Maple.exe
  "C:\Users\Admin\Downloads\Maple\Maple.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  PID:4620
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:3484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
88e9aaca62aa2aed293699f139d7e7e1

SHA1
09d9ccfbdff9680366291d5d1bc311b0b56a05e9

SHA256
27dcdb1cddab5d56ac53cff93489038de93f61b5504f8595b1eb2d3124bbc12c

SHA512
d90dabe34504dde422f5f6dec87851af8f4849f521759a768dfa0a38f50827b099dfde256d8f8467460c289bdb168358b2678772b8b49418c23b882ba21d4793

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
341f6b71eb8fcb1e52a749a673b2819c

SHA1
6c81b6acb3ce5f64180cb58a6aae927b882f4109

SHA256
57934852f04cef38bb4acbe4407f707f137fada0c36bab71b2cdfd58cc030a29

SHA512
57ecaa087bc5626752f89501c635a2da8404dbda89260895910a9cc31203e15095eba2e1ce9eee1481f02a43d0df77b75cb9b0d77a3bc3b894fdd1cf0f6ce6f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
f013dc52ce2bf7a24ee05b3ea22e57b7

SHA1
587129cab4097cd8b9df65036a422793c11f0fd7

SHA256
cdb00aa998ad6fe079ad6b14001842942f98633c1c5763c17c275a5c5a72e608

SHA512
28a11989f48c956cc422da5f433826d1c8e9d68b89002993455f23ad8bad81492ec43a07292975349af7ab06b37a4a4bd651c382e70795f328ced0bb07c96bac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
d31567de29474956d21924c112ca5546

SHA1
e896677db5b2316766c696d15b79aca86509ed31

SHA256
79b8a72518085175cb992c0c4fcfff5bf4b0dd9651e05fbc39986578a77eca4f

SHA512
dcbe54b53b954b422f37ed955dd88fbb09049ee87de11a4ce5546be9136267b589e5b8b938bb4beecb5cfcfaaece251a605774aa2eb82194169fa5ad35c400be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
864B

MD5
719dde2de01bd995e46d3ec0d49f1e21

SHA1
1d2380543b111ce45605734ab1fcfc09151a32d3

SHA256
c0684eeac522d001ae625afdb467d2af2c5506c5010890ef5b5bb00f39cdb930

SHA512
6e0df810f4d21128159497a0475f41a059c3741c9f1e2ddd2a2a93e6d9ce3777dfb38928d54be906f5aa3198c119a53aaeab5073762af26de4fe091d2bcccf5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
888B

MD5
bfdaf432bea0418c7023959780958fe3

SHA1
08861bbe693852b3f4eddfbe7d9f39966c8c6dff

SHA256
568f2eea4c60efdca17c14ae965859bb095eeb3277db6f2677e3cf2a1b5f6d73

SHA512
e57999645756ad97570e1b1bea35e5fda8fbc46342cd9e3c34e9ea4a3963bb80b2b5ae73a70868fdd680f1f0756ce4797b26139355e86a454f3bb7ef72d1a6e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
633B

MD5
09324e2c52462076bb2a15eee3daba3d

SHA1
9b5edf8bdbabeed95dfd24c77d4994e1fecedc89

SHA256
f4c6bbcc5df246f2741d7626fc5308da267ce09ccbae4954f2a85be5ed202227

SHA512
90d63d08053946a3cb184769bf22b76aaec106a286fd8dd42d3deeaf2f2b4b675ab31efd77380da2b695f3154b1158085b27757f9bf0793357a7c99bc650d276

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4a322620a20336cce109755ee07b7038

SHA1
e4f753fe275c055f02248027ce0a0e8b31fb6baa

SHA256
c6e91c0008066b54f6a94f131dbb0891e923d939a40842c465c73ac7e69d4b13

SHA512
2a68f84d92598acc5874bfabbd59dc740f13ec0d9b49a57d5bfdb2ded26b18d21a3f25db93b9c5b1af8645f06bd5575c762f5a44a9ffe89c30aa306a62e97955

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
173827c86839b7ec22306d43db76e538

SHA1
6948938b91a5b7eb05343805e4c254d7c1cb0d4f

SHA256
966c168c8f405ef6861554ef45e7b90e7078e269b1d0909e94971a7dc640736e

SHA512
67515ba34eb4207e805080127ff50f4f6bda06633ba9809d1097f3d1329fffb5328a1f5caab37a0b07a12ee057fb66d603e95feeea0350653f16240a829261be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5d90a34e84dc29645fb0e6e255ed0615

SHA1
9a5f98fe72e5ec54d7abc44ea13ecc517993a3b0

SHA256
7af7eaca9d48e18416373fdc56075e190c2de5ad6a11dfe81828d0a79dbec1ce

SHA512
cbded6dda525aea42e20e21b355ceb4fcce44d263283e609f592e2bde9303e49297a5abcf30bbb082dbcbb06e193cdfaacdab710b29f6dc2ec077f22066d74d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3cd9c574b9d8d7b4b2f13fa6a3ffad18

SHA1
7063510043f1bd4d4b337fa4c96b9a8932ee2a54

SHA256
e74fc7e6f4cb47689480fe04bbfbf658f2b8ab41764a5e506bf1481340f0a16c

SHA512
1a25f41478c5b53cff06db5c1771d46ba96eb703d6a39dab43781caa6b5249d750a750f7cc49d03c6d66bfac4e1d321ba66635bf599dd27fcbef0b9c3ec00133

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d7d83a5bfadfb65c25c8f671c92e53ce

SHA1
292237a083b118b83f1f8a058ff90953cc33abeb

SHA256
47b62c8891eb4e1f9d9c82d4e24ac7af9b0174a5bbb68fc098fba1ca8d4b10ce

SHA512
6e584c06ef39946cb4eb1e7e285348e4d643c67b49d596afd2a9b1bee2093b80356ee1ba52adbd91c91f9c418e4f2e6d12bf7507c1518a5eda90d5cb6b02d3aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d2b02f33fae9d08a81a9e85267bf163f

SHA1
495f47afd45e86f35987c769af5217a9322fb2e6

SHA256
be909f762dbfd0546e402611cef83437ca460649ee7056ab59212d4bea822126

SHA512
77f1de5d4ace232b44a2bd87e804d712d54be46c054978269e7f094941ba708d5802cdc0417c4b80dfc81b5294095db3b8b61d43b10222b8a0b7ef00f03191a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
585ce66af69a76606a5853ffb7ed07dd

SHA1
1fd24fa618e5b42866974600d40e1b51769727fb

SHA256
410f9571b97b3ff114365c3189ce645af61f12a282d0550906d3e59d554e387b

SHA512
ca4e7aed7cde2a53c266d2e1262874117bba3adc030119f096ec89de0509527612487c7a11ee69e5862bafad252d62bcb4f8ce6ff5eac3cff8a88feb265f600e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7451c5fb66fd7ae8b624f8b88fa7c99e

SHA1
d323b9451e62aa15e4ca9efe87a24753d8e9f76f

SHA256
77b2a1e4f9a3d400a153f4c9edc0e2e9f525adf34ac3a895870b462775537119

SHA512
6c7c419264f47aff4fcb9bccca87f76c3ce1e203db9b991e75ee39ac4a58a69c2df232e847c6277a1236e7ddba8edc022adbb059f5993e44faa5ddc3d108d0cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9424fe45bee75efeaf4125affb8f8cdc

SHA1
4e802bd9ef7463b11a86a4fd72899442c2bf10e1

SHA256
3df4945bc19069cec44dac5a72e60e05fbcd6f3c80ebdbb894eb0935c2b81c1e

SHA512
cd7d36f6f38f3c7539af4586ec9e4f5e66c86bda80107071d53938de18097603c51137d1e23122e95087303cc9adae05d71a7d2a97e2a27c82da9aab335c925d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
227e55048111a4ed12822a3fe8bbde32

SHA1
c4110cd0ad7fa85783b6bb40623cceb1ecc7f9ab

SHA256
20430ac2026feb8bc5f3a12a06d1512d098cd7ce6000d775405b3d7c79e825b8

SHA512
93303b6a1e98abceb29367acc06dfede5f8b43d5e85265f1d6999e02eccb15a6d96b63b7414ff8742e1aa7b5f83c8e20093c4ecaa2e56678bed5b045907c2734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
793462216d8d42527599e9d1b9da3191

SHA1
4d63ed0556744def661cd7287b18f8bcd3f323e5

SHA256
dc07473e94fd6f8360cf0837a340af07a7a6548257bbae99c3d1cd02ac9a7fac

SHA512
40a84207f4aec5e099947b6faef411be8bb97fc795f1e605a509ccf52e9fff0cec49fb158b9d26d8bf1001101be339e65a263c1e0b7f2337a215c21cb3a190ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fbaa5459c665113561b604c86dbb9484

SHA1
9f4b9b59d40e98c964242ebe2f2cb8b123324f60

SHA256
e1b64ad6c55b2dbe3c5f2b667dbb3877e1900318f05487eab0b2cbf249278da4

SHA512
33c36bd907c664d24fb9bce90c1ea119f309405367791fc66bfc90cceb314aaf8e1549893020f96b0f0b906649b6efea6d49dd268caeb7045a516ed4129497bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3b737758790d967ce14ab5bbfa8273a2

SHA1
9a8113ac18088b7040915f8fb991fa8fe4e1a51f

SHA256
8e4fbb16c6964fc40844f863581084f3fdfad6586df9610722ac99a6339dcb4d

SHA512
30954afd9e7603213d793cb914ba1830477d30bfec8a80babf9377ae64b7a26ed4236c2ef17451fc8c0c6f3dd126677b97dfc903628004744e858610cdf62b16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b23702a712099c0c1d94bed5d9e60993

SHA1
1684d6573f8874a2905540e584cb4d415e88989e

SHA256
e14a49be4bfe18e8594f21ea3217575bbf3207a9396895447a44629c5d3a3b34

SHA512
082813de127441bb961c5a1e71caa8d2e4b4b82d1b437d5404da03712afc3afc42a08a21b50274de88f8a91e4ea4154dab8ee97ec80a462b1dcbe99a2939ebeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
424f9e7cff5927ebb0eb4aa103a0fb9d

SHA1
89f8bd17691eea793ebe816a36925d34a974fc3a

SHA256
1bf2b6b355795b496bab371e473b210edb483401a0f0d9cd9ef92fbc8051d630

SHA512
5ba9a2f5d96aa0169ee5e393ff5b030151201f4d66403b04cb52d7ac2c85674523a6779f151e0cced39ad5c2374dabee07ea6b99251791539f9faa8d6c690af3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
96852e6e67d755221f23f567d598f652

SHA1
94c6c862502bdbd2252efa8cf45227a6ee436f17

SHA256
a971d843dcaa9ec35f5c290a2bb6f83eef1b45946b637440dfb3c00dc37872d2

SHA512
df4bf43e1d4783955b837a5b0fa703f636907144fe2c9db017d390dd647bc0d1e6d12e2700744c72fb0a7384cc3cd45d76451dc2e7edd9b366019a3eb4da87fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ddc7a439b7ad685036a0fa5147878f78

SHA1
bc36b49632ec8cdc35bae0457cab67dbac07c1cb

SHA256
d678a2d4488576756d2bc07ecee6c714e558727026be44428894508bcd3aa392

SHA512
24c6df9fc5d4cfcd78b33710f3aeeba926e69c5d5a5437e9e7c1d6da365b8a90e532eff51a2777176817286774ae9509f00a1e5bbd585fcb252df14cb410f98b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c0c5f6f6c72f70a91c9082a971ff4b6f

SHA1
b7c0fdb92006fba303e779633b7c85f9248c336a

SHA256
171dc60b3f6ba7cfffc4689300bfce43916af73df3a1570121a0c8652055c6b5

SHA512
21f98f17ac4cbe5cda07a5fee2b4622e269f2daa423ae38853eb1f94d17edaa7e41f3f05d6de07bce278aa8f1bffd207183a87d4f5153459b97d7d6c0e40bc48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
5d81eab532b28392b47be372d927ca0b

SHA1
888e06c7ff5df85f847a04738fa0fe2d45240262

SHA256
ab62bfdd4c6be1d6e93d21a9bcf11ad7876020f985340abea266f717257fb791

SHA512
cb94dd5ed45f67a00b0e6870821ad5328d0248f6d96704a51da1cd726b9eb7a69487f54323af1fca507bc3b6beee2f11233709faa6c3af668bb33a289a478337

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6617a66650dc50e79637c6d47be11daf

SHA1
3d4cab65aac7ef03e908519d5efa0e65b78ce1e7

SHA256
4cd35fbc8716f258607415f32836b5319f2416a60d8d8c3cd981ce06831b68df

SHA512
8c1c6ceae1c0440eef1ffec0f1b0017683a5c650660f3ebe1d6617dd3aa456e476ba4d2dc316192121c7c552ea6e2532b349482c2b373db7634a19b6fc9ab0f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe592e2a.TMP

Filesize
705B

MD5
799bf20a8aa921fa7ef97d8c4185deda

SHA1
b44b9b88da771e7a35b9d841adb953e9ac0d272c

SHA256
82b2b61a740ae54d3251cab3830467514b3e0f28174c48b9af3206c15048de8a

SHA512
ce2e8a23d187191ffd555afc84fb2da49bd7fb27c2d7c8d73a57fcdf77d3355c69b3f3a413b59465de1420b21373a906dd2690fd7d2435615f41e1449ad547d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
288db8bdc7f0422cc5d1693cbd892b56

SHA1
3c2b7b0e313c17e88c41201fe5f18add6afac6a2

SHA256
099cabe356143ffe27050ed7b93dfcb3f6ccd20ba0c938a19dadd34635f30644

SHA512
d138f3c19bf1cc4c107681ca8ab55350c72f9f6955b04790dd8b1c5b0a3460d6d6b2c85e7f933165c9d48f08cda78e976f16c2e7b01b25af0857acfe9f0dec73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
70182c61eff1f3537382361243bb3ef9

SHA1
f8c152e216cbf7ec6690be338e086a8e4bbc37a9

SHA256
a3b5f03e6ecb63205608a6c4afecbb46fd9e6f200ba3bf71696c6fe0e430e5d5

SHA512
04e913fd54247752a9f891122643eae7658c9d0b592ed58f068e4f0f660ca152f0b30c519bae1e58d2d0946be4b7fd7792d4fd4ef3fc4210045ff85a0b58e6f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
3e43dbeb6c0eaadcb8c13ea91742a3c8

SHA1
26ae5a91ab8f78e2337c3d80735afface9d0bc06

SHA256
9ef996f6b20b2fe185550bda880f8e764660708a7470c3f50bf49037bc7e43ef

SHA512
5cb21527c2d817a775ace4c4a6e1c3e669f89ea3497274576a00c6d138ecac0246e9e9a6576af1e31029f54567d3676b38519e3b313d34d2ca6958dbcfc0d461

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
76837184e853a581553371dc0863e970

SHA1
6ebaaac3bf8d65fcf02e2aa450f6749d3d94cc35

SHA256
3b78c3f3dbed619ed34e5bc4e052a399d0ed1a8af9184746e2a29ed9916cbcd4

SHA512
9f433399e673be6f01c111aa101d9ec8858074d3a9198584fc3f905133db980086edb421a82ae77fc5061711dfd179cd9a106d26aab2ebbc8f492e7d3044a61f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
52a93b3ddfe9e6067e6063a0b66b7ae5

SHA1
d6b1e938c208dc5b594f3d79636bf941aa572bf9

SHA256
dc61322107bf74dbc1aae9d9f99536abcfaba1e379be9e7bde54cc8eefa2cd6a

SHA512
85b340da2b4e9106fd3fba211ce3660bbd43bf39d4b4d0eaee03cadf16dda8166fcc2dc019b639049e28780195555a75a4cd56c739ecb63510d6708208280f89

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12362\importlib_metadata-6.0.0.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29202\VCRUNTIME140.dll

Filesize
116KB

MD5
be8dbe2dc77ebe7f88f910c61aec691a

SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40

SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29202\_asyncio.pyd

Filesize
63KB

MD5
806e47cb0146c81aeaa8bf3b55789801

SHA1
6ee2c47f892480846c98acea03915e744e24f217

SHA256
55cbeaa0a6d5678b4ff611b5166829b1a07b84b97e72e35263216703d98332ef

SHA512
a8090290c571cf94c0dc09c91156149c05d1883081cd5b0d69230b6ea8bc4052e518c00004b35964f5464c67e757e3993feeef980fa99ffb3e612b2384629ab3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29202\_brotli.cp311-win_amd64.pyd

Filesize
192KB

MD5
3d5164647122b184c59e0bb9008ff155

SHA1
2b763acab22898017bb1a1922687a1be94cca24a

SHA256
ce10053fcd639e1386826947068b3d7f3c6fa6af8dd171bcdff7edc4645c03e0

SHA512
2667e0be52c915395e54e8efb1451fdeabbba309744d587e27621399dbd9d76b64287bbe87f8c90b9a8e7b077896c6a795c6370fc10046a9bcf99758feb15454

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29202\_bz2.pyd

Filesize
82KB

MD5
afaa11704fda2ed686389080b6ffcb11

SHA1
9a9c83546c2e3b3ccf823e944d5fd07d22318a1b

SHA256
ab34b804da5b8e814b2178754d095a4e8aead77eefd3668da188769392cdb5f4

SHA512
de23bb50f1d416cf4716a5d25fe12f4b66e6226bb39e964d0de0fef1724d35b48c681809589c731d3061a97c62b4dc7b9b7dfe2978f196f2d82ccce286be8a2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29202\_cffi_backend.cp311-win_amd64.pyd

Filesize
177KB

MD5
210def84bb2c35115a2b2ac25e3ffd8f

SHA1
0376b275c81c25d4df2be4789c875b31f106bd09

SHA256
59767b0918859beddf28a7d66a50431411ffd940c32b3e8347e6d938b60facdf

SHA512
cd5551eb7afd4645860c7edd7b0abd375ee6e1da934be21a6099879c8ee3812d57f2398cad28fbb6f75bba77471d9b32c96c7c1e9d3b4d26c7fc838745746c7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29202\_ctypes.pyd

Filesize
121KB

MD5
78df76aa0ff8c17edc60376724d206cd

SHA1
9818bd514d3d0fc1749b2d5ef9e4d72d781b51dd

SHA256
b75560db79ba6fb56c393a4886eedd72e60df1e2f7f870fe2e356d08155f367b

SHA512
6189c1bd56db5b7a9806960bc27742d97d2794acebc32e0a5f634fe0ff863e1775dcf90224504d5e2920a1192a3c1511fb84d41d7a2b69c67d3bdfbab2f968fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29202\_decimal.pyd

Filesize
128KB

MD5
b7f69c916f30518092f7a611d7bc5b6b

SHA1
f15c5b1239704a44ea2306af6ee340253c88de87

SHA256
5838ff89607f9bf30ee0f420fc0bca5820ede392300c35cca88f5ecd039e8db0

SHA512
2c7be50605c82609fa839d9305c34f3a712f67c7ca2fa9f493b428cd251abb2edf0b9e1f948abe3ce54e928f4e730a5653fbf482e41a055644decdba8eb6fc53

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29202\_hashlib.pyd

Filesize
63KB

MD5
534902be1d8a57974efd025aff4f11ef

SHA1
1179c6153dc52f72c29fe1591dc9a889c2e229e9

SHA256
30adfb86513282e59d7e27968e1ff6686e43b8559994a50c17be66d0789f82b3

SHA512
7f0cdcf8576faf30fc8104b9bc9586d85ad50b7803074a7bcaa192eed05b1e2bd988a91873554fb63f204fcad86c667e95755c5ff13c43f96dc334ef3ea37240

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29202\_lzma.pyd

Filesize
155KB

MD5
2ae2464bfcc442083424bc05ed9be7d2

SHA1
f64b100b59713e51d90d2e016b1fe573b6507b5d

SHA256
64ba475a28781dca81180a1b8722a81893704f8d8fac0b022c846fdcf95b15b9

SHA512
6c3acd3dcae733452ad68477417693af64a7d79558e8ec9f0581289903c2412e2f29195b90e396bfdcd765337a6dea9632e4b8d936ac39b1351cd593cb12ce27

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29202\base_library.zip

Filesize
384KB

MD5
f0b4da6ab4ba6c67dfd509c640e1a849

SHA1
1d0b86baa535fd434d962aee9aa0b95257c14946

SHA256
b2edeb454de9ece054e1c11f180d607daabf551ee37a6378fafbfb1f73bffaba

SHA512
aa58776116204ac05c4e8c23f688d795c1b585a9197960a45b59aa67e718b7059b24a8becab3dbde4860366ae349d7cfa7c6774875cb8add495eb27ed3cf2a72

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29202\libcrypto-3.dll

Filesize
4.9MB

MD5
51e8a5281c2092e45d8c97fbdbf39560

SHA1
c499c810ed83aaadce3b267807e593ec6b121211

SHA256
2a234b5aa20c3faecf725bbb54fb33f3d94543f78fa7045408e905593e49960a

SHA512
98b91719b0975cb38d3b3c7b6f820d184ef1b64d38ad8515be0b8b07730e2272376b9e51631fe9efd9b8a1709fea214cf3f77b34eeb9fd282eb09e395120e7cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29202\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29202\libssl-3.dll

Filesize
771KB

MD5
bfc834bb2310ddf01be9ad9cff7c2a41

SHA1
fb1d601b4fcb29ff1b13b0d2ed7119bd0472205c

SHA256
41ad1a04ca27a7959579e87fbbda87c93099616a64a0e66260c983381c5570d1

SHA512
6af473c7c0997f2847ebe7cee8ef67cd682dee41720d4f268964330b449ba71398fda8954524f9a97cc4cdf9893b8bdc7a1cf40e9e45a73f4f35a37f31c6a9c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29202\pyexpat.pyd

Filesize
128KB

MD5
0dcfdfac1cb0cacff8cdf94cd6990a3d

SHA1
525444af27e1d5c5e8335eeccaefd2d328f8da57

SHA256
dab7f0dbe4bbfa0f43259211d87ded8af75b65922ff01b91a029829ac8b228f1

SHA512
6892ec75dff0f905fd3ca841164473ac3af609376701d19d2a672f64269726ec52709d33b7e32d382d2ae2ee378c3d239948e9a436a2b64484966bef93a5c3ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29202\python3.dll

Filesize
65KB

MD5
ff319d24153238249adea18d8a3e54a7

SHA1
0474faa64826a48821b7a82ad256525aa9c5315e

SHA256
a462a21b5f0c05f0f7ec030c4fde032a13b34a8576d661a8e66f9ad23767e991

SHA512
0e63fe4d5568cd2c54304183a29c7469f769816f517cd2d5b197049aa966c310cc13a7790560ef2edc36b9b6d99ff586698886f906e19645faeb89b0e65adfdd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29202\python311.dll

Filesize
3.1MB

MD5
04b17d358d300656478d2670c55041f6

SHA1
f56b278b793d652d1d71ae04a2dd28d38513ce9c

SHA256
a1436ff505624b5661e774389b1bc7dcef0c5b720d1790fdb0272eb2fb226c9c

SHA512
b71d8340fc78ca22a974da182189b24258435b4532140aeedb0dc1e631dcf9e6b7525df5c2f368de2148a47241db5ac1089ae4b46c657b1b2273e2c252b15179

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29202\python311.dll

Filesize
2.8MB

MD5
40ccae82a877de139e1891601e0b6b22

SHA1
2547b7d4d0c589d5fe449775518eeb6049b54e9b

SHA256
82b8f5db5e155794ca4b784507bf9a6b58c0725b455a6fb65cadd54f7e3bad48

SHA512
4034683080a9828b1c6ce5df6d3997cf27e00704350d2e9a0c4ab2112798544be54812985d052fca341a5caa21ac3d9788ef0ce35b96142e314d06dd2bd50af2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29202\select.pyd

Filesize
29KB

MD5
0b55f18218f4c8f30105db9f179afb2c

SHA1
f1914831cf0a1af678970824f1c4438cc05f5587

SHA256
e7fe45baef9cee192c65fcfce1790ccb6f3f9b81e86df82c08f838e86275af02

SHA512
428ee25e99f882af5ad0dedf1ccdbeb1b4022ac286af23b209947a910bf02ae18a761f3152990c84397649702d8208fed269aa3e3a3c65770e21ee1eec064cc1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29202\sqlite3.dll

Filesize
1.4MB

MD5
200db183a1b65800f27dab6bd3db0588

SHA1
063d851f0ef323c2dfb8f3a2d4bcc49f5348944a

SHA256
5a8d544b341f50913d4925fb1b6982cc492d9b4a4e96c0583b61de6f141f67c9

SHA512
5d6745690faf71ccacab08f13982c944d4193dd05a44aca8e9e235090d2b9f41daf9dc2052ca584ab79968ca188c819b121b5fe6bbcf93dfe47e79208046739a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29202\unicodedata.pyd

Filesize
1.1MB

MD5
d4323ac0baab59aed34c761f056d50a9

SHA1
843687689d21ede9818c6fc5f3772bcf914f8a6e

SHA256
71d27537eb1e6de76fd145da4fdcbc379dc54de7854c99b2e61aae00109c13d0

SHA512
e31d071ce920b3e83c89505dfa22b2d0f09d43c408fcadbc910f021481c4a53c47919fce0215ae61f00956dcb7171449eabda8eef63a6fdd47aa13c7158577be

Download Submit
C:\Users\Admin\Downloads\Maple.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Maple\Maple.exe

Filesize
9.4MB

MD5
cfea359447126cbf60edc0702feac6f3

SHA1
995c6b4a21e388428dd0dde8641ed72844bd3d38

SHA256
11caad5339605084dbb09d7465e24989493372dcc35e525761f08a4032109fec

SHA512
9cd64be5a9ecff2aef395c8052e971af4a9f367887100921d983a418a3bf91dbae4a5ee3425c9b0374423f18d357e7aba093de719c0d7efd7ac16a73fb804555

Download Submit
C:\Users\Admin\Downloads\Maple\Maple.exe

Filesize
9.9MB

MD5
407fd61564984022eab70870f1b3b1eb

SHA1
545a711f316af2fda8d15bf8ae2fca86162da89f

SHA256
81c4d48ae72e1bc853a7b7f6fe3ff9834717ae3d9ff78097a969a99797f40a87

SHA512
814f9de7793a00053c4a96afb7e16877c6c5f9d9dd15320c6262b3d60db7d1e3156ffe0dc1cf393844df70789e9554d108e744e5cffdcd8b0ff24cf6c08646db

Download Submit
C:\Users\Admin\Downloads\Maple\Maple.exe

Filesize
3.4MB

MD5
34593c34a20c82220031ec473b3b726a

SHA1
15e772098cd5a8c21c3570ce72a069fbf7693985

SHA256
26155043e95b1fa757f933c15626d9b202ba3550b05dbdcb4a2a703bc6842e3e

SHA512
853398d59957e70ebd0ac73e11b5d3c0733eda1ba5f8363e8e0756fee58c3195436be60ef88ce4b4b33c1b58b6ff3fd7766f5fcaa1f04b9d39910920b92f3bd0

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 966826.crdownload

Filesize
10.9MB

MD5
d450348d546e615bb7965ef74390efaf

SHA1
9393acceca4a952654542d08a7b59db4c19366dc

SHA256
ba211ab70b5c23f57291146a777c485359cffca1961ff0b4e8055bcf4925fd7b

SHA512
65b5f4d2391f96a3f92fbcd7179c7b2f59671cc3ff42590d91f616158fe6806f407ec74db0dfb0c92848a5e97831942d2640ac755999c35b7553af07656ea863

Download Submit