hxxps://github[.]com/hitchedscife/CookieRipper

Analysis

max time kernel
122s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09/08/2024, 08:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/hitchedscife/CookieRipper

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 24 IoCs

pid	Process
2932	server.exe
2932	server.exe
2932	server.exe
2932	server.exe
2932	server.exe
2932	server.exe
2932	server.exe
2932	server.exe
2932	server.exe
2932	server.exe
2932	server.exe
2932	server.exe
2932	server.exe
2932	server.exe
2932	server.exe
2932	server.exe
2932	server.exe
2932	server.exe
2932	server.exe
2932	server.exe
2932	server.exe
2932	server.exe
2932	server.exe
2932	server.exe

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
70	checkip.amazonaws.com
71	checkip.amazonaws.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 21 IoCs

pid	Process
4984	msedge.exe
4984	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
2928	identity_helper.exe
2928	identity_helper.exe
212	msedge.exe
212	msedge.exe
388	taskmgr.exe
388	taskmgr.exe
388	taskmgr.exe
388	taskmgr.exe
388	taskmgr.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
388	taskmgr.exe
388	taskmgr.exe
388	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	388	taskmgr.exe
Token: SeSystemProfilePrivilege	388	taskmgr.exe
Token: SeCreateGlobalPrivilege	388	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe

Suspicious use of SendNotifyMessage 44 IoCs

pid	Process
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
388	taskmgr.exe
388	taskmgr.exe
388	taskmgr.exe
388	taskmgr.exe
388	taskmgr.exe
388	taskmgr.exe
388	taskmgr.exe
388	taskmgr.exe
388	taskmgr.exe
388	taskmgr.exe
388	taskmgr.exe
388	taskmgr.exe
388	taskmgr.exe
388	taskmgr.exe
388	taskmgr.exe
388	taskmgr.exe
388	taskmgr.exe
388	taskmgr.exe
388	taskmgr.exe
388	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4328 wrote to memory of 1116	4328	msedge.exe	84
PID 4328 wrote to memory of 1116	4328	msedge.exe	84
PID 4328 wrote to memory of 2132	4328	msedge.exe	86
PID 4328 wrote to memory of 2132	4328	msedge.exe	86
PID 4328 wrote to memory of 2132	4328	msedge.exe	86
PID 4328 wrote to memory of 2132	4328	msedge.exe	86
PID 4328 wrote to memory of 2132	4328	msedge.exe	86
PID 4328 wrote to memory of 2132	4328	msedge.exe	86
PID 4328 wrote to memory of 2132	4328	msedge.exe	86
PID 4328 wrote to memory of 2132	4328	msedge.exe	86
PID 4328 wrote to memory of 2132	4328	msedge.exe	86
PID 4328 wrote to memory of 2132	4328	msedge.exe	86
PID 4328 wrote to memory of 2132	4328	msedge.exe	86
PID 4328 wrote to memory of 2132	4328	msedge.exe	86
PID 4328 wrote to memory of 2132	4328	msedge.exe	86
PID 4328 wrote to memory of 2132	4328	msedge.exe	86
PID 4328 wrote to memory of 2132	4328	msedge.exe	86
PID 4328 wrote to memory of 2132	4328	msedge.exe	86
PID 4328 wrote to memory of 2132	4328	msedge.exe	86
PID 4328 wrote to memory of 2132	4328	msedge.exe	86
PID 4328 wrote to memory of 2132	4328	msedge.exe	86
PID 4328 wrote to memory of 2132	4328	msedge.exe	86
PID 4328 wrote to memory of 2132	4328	msedge.exe	86
PID 4328 wrote to memory of 2132	4328	msedge.exe	86
PID 4328 wrote to memory of 2132	4328	msedge.exe	86
PID 4328 wrote to memory of 2132	4328	msedge.exe	86
PID 4328 wrote to memory of 2132	4328	msedge.exe	86
PID 4328 wrote to memory of 2132	4328	msedge.exe	86
PID 4328 wrote to memory of 2132	4328	msedge.exe	86
PID 4328 wrote to memory of 2132	4328	msedge.exe	86
PID 4328 wrote to memory of 2132	4328	msedge.exe	86
PID 4328 wrote to memory of 2132	4328	msedge.exe	86
PID 4328 wrote to memory of 2132	4328	msedge.exe	86
PID 4328 wrote to memory of 2132	4328	msedge.exe	86
PID 4328 wrote to memory of 2132	4328	msedge.exe	86
PID 4328 wrote to memory of 2132	4328	msedge.exe	86
PID 4328 wrote to memory of 2132	4328	msedge.exe	86
PID 4328 wrote to memory of 2132	4328	msedge.exe	86
PID 4328 wrote to memory of 2132	4328	msedge.exe	86
PID 4328 wrote to memory of 2132	4328	msedge.exe	86
PID 4328 wrote to memory of 2132	4328	msedge.exe	86
PID 4328 wrote to memory of 2132	4328	msedge.exe	86
PID 4328 wrote to memory of 4984	4328	msedge.exe	87
PID 4328 wrote to memory of 4984	4328	msedge.exe	87
PID 4328 wrote to memory of 1244	4328	msedge.exe	88
PID 4328 wrote to memory of 1244	4328	msedge.exe	88
PID 4328 wrote to memory of 1244	4328	msedge.exe	88
PID 4328 wrote to memory of 1244	4328	msedge.exe	88
PID 4328 wrote to memory of 1244	4328	msedge.exe	88
PID 4328 wrote to memory of 1244	4328	msedge.exe	88
PID 4328 wrote to memory of 1244	4328	msedge.exe	88
PID 4328 wrote to memory of 1244	4328	msedge.exe	88
PID 4328 wrote to memory of 1244	4328	msedge.exe	88
PID 4328 wrote to memory of 1244	4328	msedge.exe	88
PID 4328 wrote to memory of 1244	4328	msedge.exe	88
PID 4328 wrote to memory of 1244	4328	msedge.exe	88
PID 4328 wrote to memory of 1244	4328	msedge.exe	88
PID 4328 wrote to memory of 1244	4328	msedge.exe	88
PID 4328 wrote to memory of 1244	4328	msedge.exe	88
PID 4328 wrote to memory of 1244	4328	msedge.exe	88
PID 4328 wrote to memory of 1244	4328	msedge.exe	88
PID 4328 wrote to memory of 1244	4328	msedge.exe	88
PID 4328 wrote to memory of 1244	4328	msedge.exe	88
PID 4328 wrote to memory of 1244	4328	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/hitchedscife/CookieRipper
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9991f46f8,0x7ff9991f4708,0x7ff9991f4718
  2⤵
  PID:1116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,9614448687713618422,2520423953180056546,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:2
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,9614448687713618422,2520423953180056546,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,9614448687713618422,2520423953180056546,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
  2⤵
  PID:1244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,9614448687713618422,2520423953180056546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,9614448687713618422,2520423953180056546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:3016
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,9614448687713618422,2520423953180056546,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:8
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,9614448687713618422,2520423953180056546,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,9614448687713618422,2520423953180056546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,9614448687713618422,2520423953180056546,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,9614448687713618422,2520423953180056546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,9614448687713618422,2520423953180056546,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2192,9614448687713618422,2520423953180056546,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5580 /prefetch:8
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,9614448687713618422,2520423953180056546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2192,9614448687713618422,2520423953180056546,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6544 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,9614448687713618422,2520423953180056546,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4996 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3836

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1560

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3664

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1372

C:\Users\Admin\Downloads\CookieRipper-main\CookieRipper-main\serv\server.exe
"C:\Users\Admin\Downloads\CookieRipper-main\CookieRipper-main\serv\server.exe"
1⤵
PID:1896
- C:\Users\Admin\Downloads\CookieRipper-main\CookieRipper-main\serv\server.exe
  "C:\Users\Admin\Downloads\CookieRipper-main\CookieRipper-main\serv\server.exe"
  2⤵
  - Loads dropped DLL
  PID:2932
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:3944

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:388

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
3d6a4308496ffa7b4cf275ff59766ba0

SHA1
a6fab854738f6be4cb0e3999b783d185883520d8

SHA256
38ffce4278dd58446da1fc15700d577e484efe8250220d38696557816f050e76

SHA512
ef8f4cd6c52b83331625daaeb1798ebce5ce3fc30adb7e796923d5cd1b2f1f7dd1e93ae580e3e9df0e71e0545a749fb8743b53513b5e1645f147a116aa354673

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
573B

MD5
37baf21f6884d62dd3fae3bcac0e3f54

SHA1
86387f81e0e639f4b89ac148a2611dbe17c692e5

SHA256
fd6b196dedb818f06d7e045bc0ca39921765ba16deeb416261c8605de41aa1be

SHA512
13d36ff793b191e5036fad9a998d653eba70f27900f205c8eb1e2b336837f6a6b9977e0129b0645844b6d40a08883ccbc71b132e22f5577c5db8b44ad4f74461

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5120b3bb531e53c162edee6d5c1396f6

SHA1
4e4181b389b796704e07b2f2307d27b18bd65d66

SHA256
612a3262988e5ca358e8219a71a79f2cd42c73e4d98131c00216a7bf7a356d99

SHA512
d6ed9bca0486d000410801684a28bb0c6098114666aa54501cfd3193718aec2586cb3f2ce6309453f536c3b1126f459d47ff9bed59ee60f8f7885f010fb04715

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b80c7e3b2062605c74f21343bd3b2e1f

SHA1
1c7e3133428db2b562d01dd2118cd007eea2b86c

SHA256
662702192eb050c474f889f3539217807a52c9122a6d051d4d46e6fe09d85cee

SHA512
d1f0138cff3d2ef06e1c40107c1c6cf2fe150a83e7e9152579345d818399b6e8f3a68955b2a25debffec8f0e7b761928d623091e1f706c4152c75c8e7d81ffff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e8a0b28cb7212a96ea0f7a44f7f5cc46

SHA1
1940f9d41f6f7069360cb335875da0c55ac72d56

SHA256
ef0512faa53f6ac5b4f323fd8cdc02377f2c1794db49b87937c4162106d2a70a

SHA512
58f98f3ecdf115f5bb3bffc9177d6b2fca5a38d418c2d43ba670aab5c16533b392ca04e16677e470f853626f53def97736cf45fe66878fa35f4741eb25672a2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d84b024be3078908fe2ea32ebbe5d813

SHA1
2df88dbdd95b4178c0071445923ac37ae594e218

SHA256
83f96ff67e11e4a0c26a0fee84b37b6b56bd908b4171f76451c4cb271c158ac6

SHA512
441c3b5f565961ae22e64a31a2b93006b5ba45323ed333dcf3ca99798986fd75bb11a6c700f650ca96be51aa69c9f8841750831b2c70fc5400da643476d530c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580fe9.TMP

Filesize
874B

MD5
d63a60aaf35abffdad3a8e7c014a0855

SHA1
326c3b96e483f0b0ec7c8a4385c9245861cb9051

SHA256
337b56ee381f3ddd75f79167cfff6b1873d6d26966b4ef688b0a303db39bac34

SHA512
4a61b408515bae4217d3f98e8b636830886d01d98556c39cf1ec602c9158815a9e14b6071bb93e47d13ab357a3c78bb2d86d225da1665edcd714671223ea10f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1d5e19f945e9eb95dfffee3feb0712c2

SHA1
0f44d3482c78030fcd8c34341e8c4abf8a60906a

SHA256
fc3513c6d44af9ac22519b455d85e91b6422fa3e389ddf4e5bd4a1660cbe5c93

SHA512
8b129553b0372cd3dcffe936d24a180a01f00da3a33aadb4f1c60f42594dc6e63b1e11eb5f8dd1afe4bca68a85f53ff4e9a181921a93ed13f1fe9098ad886767

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1aea500034167f2ab13cf8a39b49ebdc

SHA1
97735b99e7ee09b83db71c4ed113fa1c75307d9a

SHA256
db3a84309abf38c4d93f9fcc9839c8ec97d645594b3ad41c1c84083ab62350ee

SHA512
cdd676997cf16a0a1dfebec42c49be848ee4d2b7ddf7f485ba52ad6fa60fb4de39ee38d61a0cb8f70fc6103318a64a0739f31e9c5c3f1b3a6f0d197b4a0b95e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18962\VCRUNTIME140.dll

Filesize
94KB

MD5
a87575e7cf8967e481241f13940ee4f7

SHA1
879098b8a353a39e16c79e6479195d43ce98629e

SHA256
ded5adaa94341e6c62aea03845762591666381dca30eb7c17261dd154121b83e

SHA512
e112f267ae4c9a592d0dd2a19b50187eb13e25f23ded74c2e6ccde458bcdaee99f4e3e0a00baf0e3362167ae7b7fe4f96ecbcd265cc584c1c3a4d1ac316e92f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18962\_asyncio.pyd

Filesize
59KB

MD5
483bfc095eb82f33f46aefbb21d97012

SHA1
def348a201c9d1434514ca9f5fc7385ca0bd2184

SHA256
5e25e2823ed0571cfdbae0b1d1347ae035293f2b0ac454fb8b0388f3600fd4b6

SHA512
fe38b3585fbfaf7465b31fbc124420cfbd1b719ea72a9ae9f24103d056c8fa9ae21c2a7dd3073810222405457beff89bbb688daeced3219351a30992a6721705

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18962\_bz2.pyd

Filesize
77KB

MD5
a1fbcfbd82de566a6c99d1a7ab2d8a69

SHA1
3e8ba4c925c07f17c7dffab8fbb7b8b8863cad76

SHA256
0897e209676f5835f62e5985d7793c884fd91b0cfdfaff893fc05176f2f82095

SHA512
55679427c041b2311cff4e97672102962f9d831e84f06f05600ecdc3826f6be5046aa541955f57f06e82ee72a4ee36f086da1f664f493fbe4cc0806e925afa04

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18962\_ctypes.pyd

Filesize
116KB

MD5
92276f41ff9c856f4dbfa6508614e96c

SHA1
5bc8c3555e3407a3c78385ff2657de3dec55988e

SHA256
9ab1f8cbb50db3d9a00f74447a2275a89ec52d1139fc0a93010e59c412c2c850

SHA512
9df63ef04ea890dd0d38a26ac64a92392cf0a8d0ad77929727238e9e456450518404c1b6bb40844522fca27761c4e864550aacb96e825c4e4b367a59892a09e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18962\_hashlib.pyd

Filesize
59KB

MD5
ad6e31dba413be7e082fab3dbafb3ecc

SHA1
f26886c841d1c61fb0da14e20e57e7202eefbacc

SHA256
2e30544d07f1c55d741b03992ea57d1aa519edaaa121e889f301a5b8b6557fe4

SHA512
6401664e5c942d98c6fa955cc2424dfa0c973bd0ac1e515f7640c975bba366af1b3e403ea50e753f837dcd82a04af2ce043e22b15fa9976af7cbb30b3ac80452

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18962\_lzma.pyd

Filesize
150KB

MD5
a6bee109071bbcf24e4d82498d376f82

SHA1
1babacdfaa60e39e21602908047219d111ed8657

SHA256
ce72d59a0e96077c9ea3f1fd7b011287248dc8d80fd3c16916a1d9040a9a941f

SHA512
8cb2dafd19f212e71fa32cb74dad303af68eaa77a63ccf6d3a6ae82e09ac988f71fe82f8f2858a9c616b06dc42023203fa9f7511fac32023be0bc8392272c336

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18962\_overlapped.pyd

Filesize
44KB

MD5
bf3e86152b52d3f0e73d0767cde63f9f

SHA1
3863c480a2d9a24288d63f83fa2586664ec813a2

SHA256
20c94846417ee3ca43daa5fae61595ad7e52645657fda5effe64800fe335ff0d

SHA512
8643f94ece38246769ff9ba87a249b8afde137cf193ff4d452937197ce576816c1ce044c4ad2951bc5535cc3acf1b27e9f2be043b8175c5a2ca2190b05dc0235

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18962\_queue.pyd

Filesize
26KB

MD5
8dd33fe76645636520c5d976b8a2b6fc

SHA1
12988ddd52cbb0ce0f3b96ce19a1827b237ed5f7

SHA256
8e7e758150ea066299a956f268c3eb04bc800e9f3395402cd407c486844a9595

SHA512
e7b4b5662ebd8efb2e4b6f47eb2021afacd52b100db2df66331ca79a4fb2149cac621d5f18ab8ab9cfadbd677274db798ebad9b1d3e46e29f4c92828fd88c187

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18962\_socket.pyd

Filesize
73KB

MD5
c5378bac8c03d7ef46305ee8394560f5

SHA1
2aa7bc90c0ec4d21113b8aa6709569d59fadd329

SHA256
130de3506471878031aecc4c9d38355a4719edd3786f27262a724efc287a47b9

SHA512
1ecb88c62a9daad93ec85f137440e782dcc40d7f1598b5809ab41bf86a5c97224e2361c0e738c1387c6376f2f24d284583fd001c4e1324d72d6989d0b84bf856

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18962\_ssl.pyd

Filesize
152KB

MD5
9d810454bc451ff440ec95de36088909

SHA1
8c890b934a2d84c548a09461ca1e783810f075be

SHA256
5a4c78adedf0bcb5fc422faac619b4c7b57e3d7ba4f2d47a98c1fb81a503b6b7

SHA512
0800666f848faec976366dbfd2c65e7b7e1d8375d5d9e7d019bf364a1f480216c271c3bcf994dbab19290d336cf691cd8235e636f3dbc4d2a77f4760871c19ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18962\_uuid.pyd

Filesize
20KB

MD5
6cfc03bc247a7b8c3c38f1841319f348

SHA1
c28cf20c3e1839cff5dce35a9ffd20aa4ac2a2cf

SHA256
b7fd172339478adaa5f4060eb760f905a2af55ce7e017b57de61ee09dcb09750

SHA512
bd123566a104568e2ec407b35446cb07c660035a77a1e11a8d8d90518c1a83b6815bf694676fa003b074126dcd0594457195f835df7bc828df1195db6584d23b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18962\base_library.zip

Filesize
1.0MB

MD5
d8a188756c2733d20487c61e9cd0d60a

SHA1
9c584f3522e6a8574bfdead8f229357990383641

SHA256
2f1853feeea404a2882ca0e122b46d45ea2cc90cd4e7c37a686a3169ba974048

SHA512
1772b1030ebb17895b2f0708ae370cd4a25cb45c4cc5c4242b374745a7442b2d12dd3f230f0c710e2357c5ec5a5e74c78e868a0718c2f636eea44e6b27c18a92

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18962\certifi\cacert.pem

Filesize
259KB

MD5
ea4ee2af66c4c57b8a275867e9dc07cd

SHA1
d904976736e6db3c69c304e96172234078242331

SHA256
fa883829ebb8cd2a602f9b21c1f85de24cf47949d520bceb1828b4cd1cb6906c

SHA512
4114105f63e72b54e506d06168b102a9130263576200fb21532140c0e9936149259879ac30a8b78f15ae7cb0b59b043db5154091312da731ac16e67e6314c412

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18962\libcrypto-1_1.dll

Filesize
3.3MB

MD5
ab01c808bed8164133e5279595437d3d

SHA1
0f512756a8db22576ec2e20cf0cafec7786fb12b

SHA256
9c0a0a11629cced6a064932e95a0158ee936739d75a56338702fed97cb0bad55

SHA512
4043cda02f6950abdc47413cfd8a0ba5c462f16bcd4f339f9f5a690823f4d0916478cab5cae81a3d5b03a8a196e17a716b06afee3f92dec3102e3bbc674774f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18962\libffi-7.dll

Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18962\libssl-1_1.dll

Filesize
682KB

MD5
de72697933d7673279fb85fd48d1a4dd

SHA1
085fd4c6fb6d89ffcc9b2741947b74f0766fc383

SHA256
ed1c8769f5096afd000fc730a37b11177fcf90890345071ab7fbceac684d571f

SHA512
0fd4678c65da181d7c27b19056d5ab0e5dd0e9714e9606e524cdad9e46ec4d0b35fe22d594282309f718b30e065f6896674d3edce6b3b0c8eb637a3680715c2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18962\pyexpat.pyd

Filesize
189KB

MD5
8b9855e1b442b22984dc07a8c6d9d2ed

SHA1
2e708fbf1344731bca3c603763e409190c019d7f

SHA256
4d0f50757a4d9abe249bd7ebea35243d4897911a72de213ddb6c6945fef49e06

SHA512
59ca1cbc51a0b9857e921e769587b021bc3f157d8680bb8f7d7f99deb90405db92051e9be8891399379d918afc5d8cb36123297d748c5265ae0855613b277809

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18962\python3.DLL

Filesize
60KB

MD5
0812ee5d8abc0072957e9415ba6e62f2

SHA1
ea05c427e46c5d9470ba81d6b7cbca6838ee0dd5

SHA256
84a29c369560c5175d22ee764fe8ada882ab6b37b6b10c005404153518a344ec

SHA512
18ca5631f2ae957b9ec8eaa7aa87094d3a296548790ced970752625a0f271511e0ce0042a0ea5469a9c362a0d811c530ef6fe41b84c61b25c838466acc37f22b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18962\python310.dll

Filesize
4.2MB

MD5
a1185bef38fdba5e3fe6a71f93a9d142

SHA1
e2b40f5e518ad000002b239a84c153fdc35df4eb

SHA256
8d0bec69554317ccf1796c505d749d5c9f3be74ccbfce1d9e4d5fe64a536ae9e

SHA512
cb9baea9b483b9153efe2f453d6ac0f0846b140e465d07244f651c946900bfcd768a6b4c0c335ecebb45810bf08b7324501ea22b40cc7061b2f2bb98ed7897f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18962\pywin32_system32\pythoncom310.dll

Filesize
673KB

MD5
020b1a47ce0b55ac69a023ed4b62e3f9

SHA1
aa2a0e793f97ca60a38e92c01825a22936628038

SHA256
863a72a5c93eebaa223834bc6482e5465379a095a3a3b34b0ad44dc7b3666112

SHA512
b131e07de24d90a3c35c6fa2957b4fe72d62b1434c3941ad5140fb1323aacba0ec41732dac4f524dc2f492b98868b54adc97b4200aa03ff2ba17dd60baea5a70

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18962\pywin32_system32\pywintypes310.dll

Filesize
143KB

MD5
bd1ee0e25a364323faa252eee25081b5

SHA1
7dea28e7588142d395f6b8d61c8b46104ff9f090

SHA256
55969e688ad11361b22a5cfee339645f243c3505d2963f0917ac05c91c2d6814

SHA512
d9456b7b45151614c6587cee54d17261a849e7950049c78f2948d93a9c7446b682e553e2d8d094c91926dd9cbaa2499b1687a9128aec38b969e95e43657c7a54

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18962\select.pyd

Filesize
25KB

MD5
63ede3c60ee921074647ec0278e6aa45

SHA1
a02c42d3849ad8c03ce60f2fd1797b1901441f26

SHA256
cb643556c2dcdb957137b25c8a33855067e0d07547e547587c9886238253bfe5

SHA512
d0babc48b0e470abdafad6205cc0824eec66dbb5bff771cee6d99a0577373a2de2ffab93e86c42c7642e49999a03546f94e7630d3c58db2cff8f26debc67fcad

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18962\unicodedata.pyd

Filesize
1.1MB

MD5
d67ac58da9e60e5b7ef3745fdda74f7d

SHA1
092faa0a13f99fd05c63395ee8ee9aa2bb1ca478

SHA256
09e1d1e9190160959696aeddb0324667fef39f338edc28f49b5f518b92f27f5f

SHA512
9d510135e4106fef0640565e73d438b4398f7aa65a36e3ea21d8241f07fec7a23e721e8696b3605147e5ce5365684e84e8145001201a19d7537e8f61b20cf32c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18962\win32api.pyd

Filesize
136KB

MD5
fc7b3937aa735000ef549519425ce2c9

SHA1
e51a78b7795446a10ed10bdcab0d924a6073278d

SHA256
a6949ead059c6248969da1007ea7807dcf69a4148c51ea3bc99c15ee0bc4d308

SHA512
8840ff267bf216a0be8e1cae0daac3ff01411f9afc18b1f73ba71be8ba70a873a7e198fd7d5df98f7ca8eee9a94eab196f138a7f9f37d35c51118f81860afb7d

Download Submit
memory/388-1343-0x0000019DA70F0000-0x0000019DA70F1000-memory.dmp

Filesize
4KB

Download
memory/388-1342-0x0000019DA70F0000-0x0000019DA70F1000-memory.dmp

Filesize
4KB

Download
memory/388-1341-0x0000019DA70F0000-0x0000019DA70F1000-memory.dmp

Filesize
4KB

Download
memory/388-1353-0x0000019DA70F0000-0x0000019DA70F1000-memory.dmp

Filesize
4KB

Download
memory/388-1352-0x0000019DA70F0000-0x0000019DA70F1000-memory.dmp

Filesize
4KB

Download
memory/388-1351-0x0000019DA70F0000-0x0000019DA70F1000-memory.dmp

Filesize
4KB

Download
memory/388-1350-0x0000019DA70F0000-0x0000019DA70F1000-memory.dmp

Filesize
4KB

Download
memory/388-1349-0x0000019DA70F0000-0x0000019DA70F1000-memory.dmp

Filesize
4KB

Download
memory/388-1348-0x0000019DA70F0000-0x0000019DA70F1000-memory.dmp

Filesize
4KB

Download
memory/388-1347-0x0000019DA70F0000-0x0000019DA70F1000-memory.dmp

Filesize
4KB

Download