arkei | 965dffc8c73d88f296086b5c6324b2be6ef9cd5041d6d7822370f2a04dc1538b

Analysis

max time kernel
150s
max time network
142s
platform
windows10_x64
resource
win10-20220414-en
submitted
17/06/2022, 06:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

965dffc8c73d88f296086b5c6324b2be6ef9cd5041d6d7822370f2a04dc1538b.exe
Size

288KB
MD5

2c087bb64cb5b12444c5ad9e20f46822
SHA1

3c7f3b016a684ca9c61c0ef43cf229d9e48de305
SHA256

965dffc8c73d88f296086b5c6324b2be6ef9cd5041d6d7822370f2a04dc1538b
SHA512

e32e97190f0c167546ae98a21b25a4e42da3e8168c89c40ae8c390aff88324fdf6e8960d1afc51ff7d9f6da9538471249a6d748ca11df035fb2d3ac7bdaa1688

Score

10^/10

arkei default discovery spyware stealer suricata

Malware Config

Extracted

Family

arkei

Botnet

Default

Signatures

Arkei
Arkei is an infostealer written in C++.
stealer arkei
suricata: ET MALWARE Win32/Vidar Variant/Mars CnC Activity (GET)
suricata: ET MALWARE Win32/Vidar Variant/Mars CnC Activity (GET)
suricata
suricata: ET MALWARE Win32/Vidar Variant/Mars Stealer CnC Exfil
suricata: ET MALWARE Win32/Vidar Variant/Mars Stealer CnC Exfil
suricata
Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
5016	u21k.0.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Control Panel\International\Geo\Nation	965dffc8c73d88f296086b5c6324b2be6ef9cd5041d6d7822370f2a04dc1538b.exe

Loads dropped DLL 2 IoCs

pid	Process
5016	u21k.0.exe
5016	u21k.0.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 5 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1852	4292	WerFault.exe	74
2204	4456	WerFault.exe	81

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	u21k.0.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	u21k.0.exe

Delays execution with timeout.exe 1 IoCs

evasion

pid	Process
1380	timeout.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration\DatabaseComplete = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Telligent	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url3 = "https://signin.ebay.com/ws/ebayisapi.dll"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\New Windows	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IntelliForms	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\AllComplete = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 60cd110a2782d801	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = f260450b2782d801	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$http://www.typepad.com/	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Zoom	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 1fb81d0a2782d801	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\LowRegistry	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 94c271042782d801	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CacheLimit = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Extensible Cache	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$WordPress	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. = 010000004575f983f5922f1763b47c160ed9b6fe9dcbd320fadf8a42dadeebbb7c2e2610565cbf7e0a7e48ad3c14b53fd35eee41325baf8b84d1f90eb429873817ee96e1223c016de27eec08763339c758a10cb644b32993b968f73f1a850e62007b656cbfb4a30189b348ce1eb3a48ba6c0594ad17435c250c40d3bd39116004af51471e566dbb8143e9c518734fecb2edd6b25393f39461805418812efd144357cf4fbccf14472123df9ced456ab7f80165bc892b25d91a54a0bf4103e3e601e30e0b682f5b09589d1c0f9e0b9d18e588d70fe486f7c86eeb59c07e61d8a21533130f8ac1268c9ae1aedd8bdfda3618360d69c30140039706574ca732e13ac6a9f91af85e8093a3439def127c383463ab1da14a9426e3d027a34d734108435059a921e4317b06f154c5ec528a9746ab59e93d12c9acc8073145dc1a262bcdd194228616a3f0db5f974f89e0450896d3f49546dcaba22c09c52b3c819c6958bf1b74cc41b00900e43d239acd258ef149dd064ab74447781f55648df61db40e5f81925f056fa40bf2184056fa46187fd1355cd4d7bd6b9a1483f5cfbe811b935b7baa3a359a2840bd98e1b12	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 3	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url5 = "https://twitter.com/"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Roaming	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\en-US = "en-US.1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration\AllComplete = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\ImageStoreRandomFolder = "7l39p54"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$MediaWiki	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\DatastoreSchemaVersion = "8"	MicrosoftEdge.exe

Suspicious behavior: MapViewOfSection 6 IoCs

pid	Process
4340	MicrosoftEdgeCP.exe
4340	MicrosoftEdgeCP.exe
4340	MicrosoftEdgeCP.exe
4340	MicrosoftEdgeCP.exe
4340	MicrosoftEdgeCP.exe
4340	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeDebugPrivilege	948	MicrosoftEdge.exe
Token: SeDebugPrivilege	948	MicrosoftEdge.exe
Token: SeDebugPrivilege	948	MicrosoftEdge.exe
Token: SeDebugPrivilege	948	MicrosoftEdge.exe
Token: SeDebugPrivilege	4292	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4292	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4292	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4292	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4228	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4228	MicrosoftEdgeCP.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
948	MicrosoftEdge.exe
4340	MicrosoftEdgeCP.exe
4340	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 2648 wrote to memory of 5016	2648	965dffc8c73d88f296086b5c6324b2be6ef9cd5041d6d7822370f2a04dc1538b.exe	67
PID 2648 wrote to memory of 5016	2648	965dffc8c73d88f296086b5c6324b2be6ef9cd5041d6d7822370f2a04dc1538b.exe	67
PID 2648 wrote to memory of 5016	2648	965dffc8c73d88f296086b5c6324b2be6ef9cd5041d6d7822370f2a04dc1538b.exe	67
PID 4340 wrote to memory of 4456	4340	MicrosoftEdgeCP.exe	81
PID 4340 wrote to memory of 4456	4340	MicrosoftEdgeCP.exe	81
PID 4340 wrote to memory of 4456	4340	MicrosoftEdgeCP.exe	81
PID 4340 wrote to memory of 2648	4340	MicrosoftEdgeCP.exe	84
PID 4340 wrote to memory of 2648	4340	MicrosoftEdgeCP.exe	84
PID 4340 wrote to memory of 2648	4340	MicrosoftEdgeCP.exe	84
PID 4340 wrote to memory of 2648	4340	MicrosoftEdgeCP.exe	84
PID 4340 wrote to memory of 2648	4340	MicrosoftEdgeCP.exe	84
PID 4340 wrote to memory of 2648	4340	MicrosoftEdgeCP.exe	84
PID 5016 wrote to memory of 4876	5016	u21k.0.exe	86
PID 5016 wrote to memory of 4876	5016	u21k.0.exe	86
PID 5016 wrote to memory of 4876	5016	u21k.0.exe	86
PID 4876 wrote to memory of 1380	4876	cmd.exe	88
PID 4876 wrote to memory of 1380	4876	cmd.exe	88
PID 4876 wrote to memory of 1380	4876	cmd.exe	88

C:\Users\Admin\AppData\Local\Temp\965dffc8c73d88f296086b5c6324b2be6ef9cd5041d6d7822370f2a04dc1538b.exe
"C:\Users\Admin\AppData\Local\Temp\965dffc8c73d88f296086b5c6324b2be6ef9cd5041d6d7822370f2a04dc1538b.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:2648
- C:\Users\Admin\AppData\Local\Temp\u21k.0.exe
  "C:\Users\Admin\AppData\Local\Temp\u21k.0.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks processor information in registry
  - Suspicious use of WriteProcessMemory
  PID:5016
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\Admin\AppData\Local\Temp\u21k.0.exe" & exit
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4876
  - - C:\Windows\SysWOW64\timeout.exe
      timeout /t 5
      4⤵
      Delays execution with timeout.exe
      PID:1380

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:948

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:4520

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4340

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:4292
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4292 -s 4008
  2⤵
  - Program crash
  PID:1852

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4456
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4456 -s 3504
  2⤵
  - Program crash
  PID:2204

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:4228

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:2648

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3VLG0RK5\boom3[1].jpg

Filesize
57KB

MD5
cfa6857cda99219abcd35e50214b016c

SHA1
ab416aa32ba7865993f1099a0264bb4dd1eb5378

SHA256
49a581e5d6d6b9fa1ad9528031a62dc1c6aca944916d03e7a27d8dc9c3b0f76f

SHA512
67ffa4d05ef66f7d64fba64b777b4254ec0f5176e54118afaf7fac54d554c4e6708831f860bce7d4a451f14a96c6e71d908db4cc5893c260a130b33f0a729629

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3VLG0RK5\boom4[1].jpg

Filesize
49KB

MD5
265265086cd881da32432623addd26d7

SHA1
9f62828901081daa363ca96bd58beb7122393210

SHA256
e3014b7a07200616fcf0ad6dd519e1ab44f4013972197b1d2ebf768e292ab072

SHA512
fff9e652f0edc9b6515fc3afe7a459fbb050c705a75130ded96dc809423ffd39e2cb301b7c475932ab2e1c5ae2df3c82a552cfa196714d30ba655f336324820a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3VLG0RK5\cart-fragments.min[1].js

Filesize
2KB

MD5
0fd625c3991a4015814cffdc88e2fc82

SHA1
d7c2f53e058210ff3ea773297641008bab71a5f3

SHA256
2d022db650d194d935faea46a40e5512235b43bc3f8b181e32ce6d3dd745f4e1

SHA512
b936b4e596739de1fa708a9f439167d4c2e670228a88a803363aa65f061b29dd9f52fdcd5aab1c1dcbbc634a779e54f767640b2baf30025130b5ea4fc6169631

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3VLG0RK5\cropped-logo-1[1].png

Filesize
7KB

MD5
bd407f16517af539b5a14a851acaed63

SHA1
49842750d76b13a739453005f91208807adaa27b

SHA256
521d3ba178e1fe6fd569715a1cd4a3989b20896078e0105021ecd6c7cab5f4d8

SHA512
fbb0867021511440d70f9dbb95721264e1eff6e8d0f75bd97a4e6dcc96d4a188fc488202a72c3eb0dc9aaee4744417895dc57f0043b605230ca01414fe0f0827

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3VLG0RK5\css[1].css

Filesize
3KB

MD5
9b4d7e1e470fc9a25a375a09954bf9a6

SHA1
647172be95441215e6deb8c46b4b39c8ce947bfa

SHA256
e3a003e879e392b579a58e329067467e29ee50bbcdf677bc55be7922e999fb8b

SHA512
351571915eca1ec88977b702487f24c45a5a06e652a6bec95dd2f693fa259d9679b971c8f0bcdcdfbce39e08c3344d7bc2aec68747c593f0e13f60fa2eeb15f1

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3VLG0RK5\frontend[1].js

Filesize
26KB

MD5
5c37c12bdbed9edeeade7e37f93e2554

SHA1
e56804d2640d98379f4d24b938241ab24944ed99

SHA256
8d13e5f190e4c0f968ed033233598e278d294737abc5a46c5e0505b1f88320cb

SHA512
cb775d60762a1db3e34eeb766767f545a5317bd57e17cb35ad7ecd140d5b2dc998625d032ce68a4c9083b93ad373ffbce094d6d7d7c9f8cf7bf92dc0d54bce09

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3VLG0RK5\jquery-migrate.min[1].js

Filesize
10KB

MD5
79b4956b7ec478ec10244b5e2d33ac7d

SHA1
a46025b9d05e3df30d610a8aef14f392c7058dc9

SHA256
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

SHA512
217f86fee871fa36eca4f25830e3917c7bf57a681140b135c508aa32f2a1e3eff5a80661f3b5ba46747d0c305af10b658d207f449550f3d417d9683216feea8f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3VLG0RK5\jquery.min[1].js

Filesize
87KB

MD5
02dd5d04add4759122013c5ab4dc5cc2

SHA1
a45a56e396ac549b4ff39b696ce9e0c16a7612de

SHA256
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea

SHA512
04690d9875e98f5ae6bf94f5c71b7a0177b374bc09609a0f58312e1c337348749a40e07fe226737dc248bd8fe2f6a489071258619affc7f1df644e4255159615

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3VLG0RK5\testimonial-02-free-img[1].jpg

Filesize
2KB

MD5
b61a602602625ecb0ef662cde2336a47

SHA1
9ce21a49b6ca814e139cb3c7a24e6011d534bb74

SHA256
ca4e125e2e804317476fd142b14cbc9434af4cc2c7e5ff039e6439286b545513

SHA512
0de7d425a916812e4ac19bb7e4bd2e928be11341077625cc716c0cbcd409a1911cd54934ea2b47a0432d3a0877abb2480bd0f2017c36ea7191153afb469c4636

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3VLG0RK5\v4-shims.min[1].js

Filesize
14KB

MD5
7a5dea0a705cc2f4cd87dbaaa6666bc6

SHA1
678bc6f750f13adb29bbc158eb0d9cd813b736fa

SHA256
97cf1307c16a437b77b5f7f5c9bc0b985d0745a14be5a279019aca5a3432e264

SHA512
7c19d0edc28fe8733075534de6176483416bb3535f37b7607536aea2ddf9c5591d864225049c9a74735c1daf44c72688d91c1133bb018683ade11f16ea596807

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3VLG0RK5\wc-blocks-style[1].css

Filesize
204KB

MD5
aae59dc8fdd045adaecd8e98fe3861d0

SHA1
398bb3b337d72cc8fb749b3b32ddcd8449607d79

SHA256
f4e0d1e486e663ad600a8c68224f47051bbc27412e497a07e7a769fcde1a4269

SHA512
0f3f2e897925baff1f36e2ec7cbecd3b2b0a5b9bc9c5e2e68bfc5ec1cbf954631d5af6a029897dc6aca2c55b82096e997606bf47b6333695c94b7a1fb9dea171

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3VLG0RK5\wc-blocks-vendors-style[1].css

Filesize
4KB

MD5
e372df47bd19e1563b557d7bdb817188

SHA1
4efdf4050a78bdbd88aa255955b7423105895dd0

SHA256
4b7693154069c53a16468d09d89c9eba5da6c0dfc69cf4d7eb675e32ba663361

SHA512
38bc75bf085413258bb8929641980cfac58a4792d70edcd409938b195add3c2c78862d90622132e21b364f862e2defd7c879b81f96d6608f448da4c2628dff0e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3VLG0RK5\woocommerce-layout.min[1].css

Filesize
17KB

MD5
221c82abc9f31a3a2919f1e37ff3490b

SHA1
785fba6c397643c4b1ef79f23be1cea2ee2f1c95

SHA256
d1d72f5a3d20f724b55856cd7149e9ec2f200c259dfdc5304caf79335ba4c337

SHA512
cb844966eae75aee7da998959a69f46aafcfad10d3831127e9c5a70c115ff69f65bd108ee7dccb398857b65f91332f340819a6c6e707904c9274d1c677e0434d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KUBZZM7V\boom2[1].jpg

Filesize
54KB

MD5
d40b7384d5e688bf28dba7feb07b72da

SHA1
0c1c289d5e90f29a2765078aaf6446be342b4755

SHA256
94f257c375305a0964f23edea8d582ec8e344ff2fb65810b67cad1ffb9eba30e

SHA512
49070abc49e554b7c429113a658505cddc7416a3b3ad4963a0ff5bbddd97b6264af01ae482302e303d0da08d016fa3544aa46dada2ddf82b2f74911e05f567e4

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KUBZZM7V\brands.min[1].css

Filesize
675B

MD5
144e43c3b3d8ea5b278c062c202c92f2

SHA1
3c037057a419245849747b4762d09d88cab66fc1

SHA256
9cd63b8cea25045c14623c538d26752518a58c0c682795ce6ad3078976c65a37

SHA512
6a95fcac537f2b1256f2b9e241b92fcebb214372afc841fee2ccd3dd29e8e6cbddafa13f08fd1013ceb6c8478b04c5270aa2e4a3c41aba01a4cef592eee35f15

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KUBZZM7V\elementor-icons.min[1].css

Filesize
18KB

MD5
50be31853049e4b4a10c277d5f95eb75

SHA1
ac2dffc0c65ad6b209fedf2169d0c50eb4119a3e

SHA256
b651d87ef113cba0c8ec8a33bfdb694171effeba56b20be12e3c77fc15f6ae9f

SHA512
d4e784c23393f5dec68871a57ebe42bb7b44112010774602b4a4f97baae37c6a40d405f71a624183f2597136141b79e9ac902c4835d34bf09a122978f71f8d4e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KUBZZM7V\email-decode.min[1].js

Filesize
1KB

MD5
9e8f56e8e1806253ba01a95cfc3d392c

SHA1
a8af90d7482e1e99d03de6bf88fed2315c5dd728

SHA256
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

SHA512
63f0f6f94fbabadc3f774ccaa6a401696e8a7651a074bc077d214f91da080b36714fd799eb40fed64154972008e34fc733d6ee314ac675727b37b58ffbebebee

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KUBZZM7V\fontawesome.min[1].css

Filesize
56KB

MD5
eeb705d0bdccfd645d3bbd46dd1fbab3

SHA1
066def290f42ed8c00860e573cc880bd46e9ced4

SHA256
d01a2ba2805c78957e15a2958135de0f3cb88e95159dd0f6c0a032bd76b1b0e9

SHA512
39d11741808e95d8ea504b2e30ab19463f771eddb741196121bf04fd7d2c6f066199ef1e530ea0f2aec077118929a91c05bbfbfbf3d7d067366ed7fb46ef1c64

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KUBZZM7V\frontend[1].css

Filesize
73KB

MD5
2395c81e72a52f14588816b4f72a7f17

SHA1
711357e8d49c28be7605fcfbf881b90567decee1

SHA256
ea14d1b1233e6cbc9b1a156ac532f076f7adafc309726fca7bf8833f882ac872

SHA512
1e39451de9cd1a5484c1e507c085aebcded77467926fc52e6436de506c5ca698cda6eecd202b36f7ba63fa7bde576f0cb866bad8d4efebbc3c1fd5d02f2817e2

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KUBZZM7V\regular.min[1].css

Filesize
677B

MD5
3eef8c9e589a6fd58292e79bbac4ba5d

SHA1
d3ebdb629b8d9c92380b14b1676b123398f0841b

SHA256
eea3d6ccda7f6503078cce9dc41176c1357af1c93a5b3625131ef7cf21c9d7c4

SHA512
36a72de0983c898c0546cfc2df8863005e688391ce344da6aeb515d49654b3007e614eef6123f222318cabe1004180e63ac32e3bd54884aa5151aec68d129596

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KUBZZM7V\solid.min[1].css

Filesize
669B

MD5
9eb2d3c87feb6bb2ffa63b70532b1477

SHA1
38f226335a05ab0e30497bc7419eb5e243a9e26c

SHA256
37bab6cd583982e8eff58501a99d7c5c4d63664c1ca34f9e3b7cf526c5b73ae2

SHA512
8d0ab38f6bc757103fc82a234fca5566328639ef549a862f9ceb8cff6b10d75d2fc626a3054fb85a4c91b3538332677801f9edc14115e09f957cce8391f8cb46

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KUBZZM7V\style.min[1].css

Filesize
85KB

MD5
b986d1751393fe7e0000a35a42ce8a4b

SHA1
1062ee84cbe9747168e37d44b91c1f88cbe676ea

SHA256
fc736484b15c487c25384a915b92af24e0b18081d63955aea27eb48d4392fcf0

SHA512
023135de938531f5b2ea17f3fa717ed18a19b4a5b602c5d75db606838f4d67ef3de1d89960c5b9d54afe0e619d62a68cb6024f21055acb4332ce914853ca6b9b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KUBZZM7V\waypoints.min[1].js

Filesize
11KB

MD5
3819c3569da71daec283a75483735f7e

SHA1
ecd40a5cc6f0b76200c454ca880210dc301cfab8

SHA256
214674cc77aba35ab3567b88e2739fd08e8e96c61d279559ad61874069683ea0

SHA512
2710655dff46653daeb3a6e3f6d36f885e51d5b375738ee353aca40c6f66ae1a7dece57039d58747012ed9ea2822191143c06f270123b8cc580f6a41b8e8aef4

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KUBZZM7V\woocommerce-smallscreen.min[1].css

Filesize
5KB

MD5
0fe8103cbc978fd1beb88e681b2e4a67

SHA1
44a0074030a133b5ddba57651dcee0e0bb43b0d6

SHA256
7dc4c65ad7490ca64cb346303138aa3d4426d8b270a8c995e6f558cecb19e689

SHA512
4cf5f0465d81a527d5eec31c3026d13b9ad6c0a99ce0ec49f0af4918692109768aa5de2f68d7e6b0391804df963600a1647269b76e38e6dc2f668809bf094c70

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KUBZZM7V\wp-emoji-release.min[1].js

Filesize
18KB

MD5
32beb68a374e3aeac00abdf9e12b84ea

SHA1
b5d18aa625e8696dd9d07cd0869337717b211ae0

SHA256
5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782

SHA512
8fc41038b4dc2fc2465422fb3144b71c2acd2f4552607369314fec9b7f561b7a3919cdc4219df2089395241168ffbfe29e67ddda834e66c27e4c88066c8f4496

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YA563OZ8\add-to-cart.min[1].js

Filesize
2KB

MD5
8bc2109ef48cabf7a26b73d7c3536c5f

SHA1
0e0dfee3a3975eafc3dd55f190d1deb3c6c55d3b

SHA256
8634aa7a3ac0bc6d359b458c8922e9d3269f64c1355b329bfe215beb12773af8

SHA512
d40afe8509734cb8aa48cd361d68d614b2540a502a9ccffb76e6138de25648f8e1800d2d204111a6026246e1fa5d84e5b17772dda80f215078ae037452b34853

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YA563OZ8\all.min[1].css

Filesize
57KB

MD5
74bab4578692993514e7f882cc15c218

SHA1
b6293bcfd851f963edbe859498570c4c0c7eaae4

SHA256
d87ddf917b7a1449ab45e2b8e3c98354629bdd65b6659c37e6023bbea1ce1386

SHA512
8810579bc7d6f74fa7b8b7122a56e6acf70b6b4393f76c4ed4122c67ecb00d6642beab1681c715de0168441bf4cfef1d2c9832007221477e5565cda833f808d7

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YA563OZ8\animations.min[1].css

Filesize
18KB

MD5
4601ba55044413706c2022cb6c1c3d05

SHA1
5103ec2fbb389568ebf5cfe4fd721f3df2ff7aec

SHA256
fe513ef974b767510d0a2b9f1b4d3afa53185b89ab617c869e5e3d6db960192c

SHA512
8dab2d19378e34b40043621aac57b418e56486dcfebd1a5991be8a02ee6b071d07ec6bfd9408dea8ff0198995de9d42a46e66513d68b40b68056707e4e691e01

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YA563OZ8\detectmobilebrowser[1].js

Filesize
2KB

MD5
ac2a48bd8ac1e5592c1c5d048b5b0693

SHA1
9f1938b336b77eb7fee51c77dfbc4ff20d399b00

SHA256
f6072019ba53a652c426b2621fb6e94a4cbc3fba6f5c0a7106a1960156e2e83f

SHA512
1ee3176b58b3f370eef72695e86d4ab7f18f71ec7565af9670eac7ee114546f672acc93388191f27784d69b79e676d1d8eab391e9ac38ecf28bd9c47ce53cff7

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YA563OZ8\frontend-modules.min[1].js

Filesize
13KB

MD5
6fbda71318de346ec1430e8202aaaecb

SHA1
b60a62613c3dbbd6409677a76176523f339a5029

SHA256
eebb7c9b62d8028d702b547bcef97e776ada693cbafa64161471b1f96f5d0556

SHA512
977b672a050186d8f7caa92b9bc3ee3603e3b92745ba0bf5a4536a9ceaa8cb3b2c5e4cbec820fa76ea21cb444a551bfc49b2126f91919bafa1e6e8169474c802

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YA563OZ8\jquery.blockUI.min[1].js

Filesize
9KB

MD5
87c54edf7dad7dfdfde015f6eee45ff1

SHA1
96ec1a06ea3093c47e1e2fc4444ada7f4456135d

SHA256
ef22199864042b8ceeee3729f3254c140df7217364045737ca3aadf8434fb3da

SHA512
5c3565bb7c80cbebeffd3a0a413df03fb264ef2d2b2f7caeaaa29b828081f6db95ef6fe5c1d64a988d5885dea699a7e9d112393a745a445990008a99ccd5de9f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YA563OZ8\mystickymenu.min[1].js

Filesize
3KB

MD5
24517b4705671d4c5d14e92ee2854b48

SHA1
595347eda8603634191e02c496694c1179b25532

SHA256
65b978e80fdf031da25da84fd0f3e56d5d3282a2c3c07d1436e8cf1bfce4c449

SHA512
c8b5512d654e62e9a1ba65f0d97a770db447409cd4ac8a57b4865f09c91d9bc0c7a2003b7390ed58a419edac3dc9e496c5ec14606d41b53b5ba87ac290535d1f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YA563OZ8\post-19[1].css

Filesize
1KB

MD5
08f6665185ab9bb15db4364232ace9d9

SHA1
0a906ecc5d5cddcfb1445f346be5f3e3f3753287

SHA256
42e1df03e8015b2f185b6223054f73ec3c89d06de8e695465ef1c4603ddb797c

SHA512
24f7a6bd3127c9e95d5bb959f373f146fef1e70c74597bcbe05439dc0e8b3d7913cb8fbea905733094dba448c7f68d5dc897771426e849a495cb332913556e6b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YA563OZ8\style.min[1].css

Filesize
86KB

MD5
d534fc4463d84fecc2a0b4e847bec46e

SHA1
a553b04e1476190984e01192467df79f9645ab70

SHA256
d678ab3b4e7dddf5615012cc1a930e50dfbc967181b8fbeb1b98d61549f5ed08

SHA512
9655e7daf78dd8413abf6fee4e0aca3e4151868f9129c4758e206ca6aed9d9c513040ef4a14bcc01d9a7bb06bf76727e8747883137d881178c0e0c2937e272a8

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YA563OZ8\style.min[1].js

Filesize
10KB

MD5
b1f99e33f653eb153dbb2fa6084a75e9

SHA1
5e0c937a396e01e7325ed243d7593f9de9f61682

SHA256
f0aaf88c113278f28ec0cf012582c29dbd564e83df5ddbdfe310623e2664cb2d

SHA512
bedf874d90946632990602901e55f312c55ca94800b1e261122295fff09c1b502089884f7825efe62734542f6b5b22c7e46e63001effb8d4abdc8af0fa8132d0

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YA563OZ8\testimonial-01-free-img[1].jpg

Filesize
2KB

MD5
164b22c363a6da7972fc102e3890fc52

SHA1
adbcde841058b32563b5a64e6a71c39903900f51

SHA256
e22deb8c1740fc0c7ea549a4220915a37670781fd94f547ed89143fd16ab4557

SHA512
17c7ebd60db7107f99806f538dc74d9f4a0e0e1d650ed5aa848083eb522809f6822106752b2d4febc9cdffab007f5e2c3a067ee0b76befc3fda0dc767a305a55

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YA563OZ8\testimonial-03-free-img[1].jpg

Filesize
1KB

MD5
4b0dfe351bf8b6db6d188f0563b905c7

SHA1
802d02fe5a75fa3e4bb51eeb9858eefbbf8860d3

SHA256
2821ebf0e60364192839a404e875092a434b5f44251503d988dbd434c9f5a31f

SHA512
82c3ac583e25ebe2796d64afaef3a1a2813713d03d7c307a13d6d1d1136cf9ef68434015ce0dfd3c17f0c53705661e93e1d110a5e054bf9bc057a235bbfe1464

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YA563OZ8\testimonials-06-free-img[1].jpg

Filesize
1KB

MD5
35073c972f3c38e685a83363d8eebf26

SHA1
a38545d0046840c93b717fbb8ffe485890f2f0e3

SHA256
31bd445b04372c27c8c1776b590c5d63c11a0ea5b8615cbd63a0d81105011128

SHA512
985fda7b47ce1a9f22b4266b7a0e696597316feb8fd547ef75b17543afb9f904298d86c5fd728e6a3d390b3557716637f3001a6430a498b81cdc7ecb8f3d504a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YA563OZ8\woocommerce.min[1].css

Filesize
102KB

MD5
a39f218cbd0b4e729270775edc847254

SHA1
b5923ec3a0154a5409eb9e9c48bb52b85a08e369

SHA256
a2d009b0d8cfab812008bc499e230263ae1d6ef66b9107cbd4a97ff476fd8e37

SHA512
453e8ff6fc0ce3018b4cb40764a4dbfafd3478af28bc101098711e1407b424c3b5851248be758b0148283f14157c6654435e8a85cd3ef5e88ceb953f31c2b6cb

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YA563OZ8\woocommerce.min[1].js

Filesize
2KB

MD5
b72c1cbb1530a011a27bd9800f26765a

SHA1
27b825c5d8255f33b8427a059d4545ebd65e1746

SHA256
a256fccecac3b32ab73c91d79a18747519a1a18023be05465c933b03523a82e8

SHA512
63febb24bdb65c39acc8d355dc5b20d3a1ad94afc347ab2936c543d8b7a911c2f6d2c1c0146707cdb29bea85a8f34e7fb6e76aaee4bc0bea212ea58835a58025

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZNBS81GU\P2BEIILG.htm

Filesize
119KB

MD5
0a15f3498a268619afa388ee27b9c997

SHA1
4d3b3ce6eb62d98bab61241c1bd5aef706132789

SHA256
dbd738784704a251e5c228b8bc75e292e88560e8b3defa8646a7521e1eb9111f

SHA512
4adaf3b56d85e15f2aeeb48541ffed5f2f044ed962ad09071af9d28a403e1e90331611261ce61281bf0be67c2222908a799c44327e978e90471d888dc10d4619

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZNBS81GU\boom1[1].jpg

Filesize
77KB

MD5
2623f2b271d8d3cd0d691a0f3883a3dd

SHA1
b3197021144f738d2b4706c2579b8d713f6c7708

SHA256
10f48feefba42785b2b2ef5b5882ae3e514fe7a8bd7908c29bd2aa6fc5611728

SHA512
5c4e16943942819a17c16b2cc083d726e9f5d89a0a9287fb620dba74ee5a509b1a51f22a6f1285979d590a0a45058633d9b6afc0bef0d537df2047737e3dd5ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZNBS81GU\frontend-legacy.min[1].css

Filesize
13KB

MD5
361ba7e2f9df7d03a6a8deee7c9cac4a

SHA1
57f0f4df630f6e65f80cb73228de5c2411be8a6d

SHA256
4e8e7cd4193c77cb73c879d8435af78b3fc7614181f1e7d3760641b7778b7400

SHA512
20514e21b15eb66e9f979ae5c4e8df1f47aa30b531b3b819c4d94c87f1ad1c689a80bc49d92eb2f5266cba1e984b3004e453627e1a744d8d78f48a8ab16df26a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZNBS81GU\frontend.min[1].css

Filesize
159KB

MD5
441e2dceb8275e4e4a7ae0a01af3b2c6

SHA1
4f2527a01a3fa4bf6a1bf473c66bbebd05c131bd

SHA256
888937b853414182608e6ed76b574497748b1954de47389bf4b2018f90b9d324

SHA512
6ef7b0567427c5c151152213866e0a1ecf8d922aa52221c33e8e6ec642ad6b410a2661cfdc422b859cc8edf7271225aaf6c224f933b478a81dad14cc82a9583f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZNBS81GU\global[1].css

Filesize
15KB

MD5
0990805be886ecdb54e9e11996693409

SHA1
8e8c191b9d6ebc5cd925d1b7e866378fc98e81c3

SHA256
952ae832d88e1eaf0bba62638bc3fa0d862063d8d6ac3b2ece69f7e9204565a5

SHA512
2cd3c2b56ea5af0c9022caa14d5f98ee8f7ab071cc4b03860be2ec428d28d473780722aabc72a1b00634cadd9fabe4a00dcf6acaee448d8eb40d46427ab231fd

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZNBS81GU\header-footer-elementor[1].css

Filesize
776B

MD5
a5bf64d5859ee94a3e8e93d592d6d2a0

SHA1
049eb63b42dbb820b06870a430f523bf06880721

SHA256
25825611ade7ceaed7df3862ec56dc91ad1d2be539966ef7bbe84306e51cfb08

SHA512
22c9c7ad86ad2b45124c5ff6b0a41e271ee176cfe0249c973877e51a1895f6d25c8f69b1c4eb565f5fe5e2befe2f4b80d4a89dcea57eeac43b3ae8e020469809

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZNBS81GU\js.cookie.min[1].js

Filesize
1KB

MD5
d0a6d8547c66b0d7b0172466558d1208

SHA1
ff93916519c7b9483251f609e4d29f38c30a66e3

SHA256
3b1384ff918d4b7f95f9ee5c8fc388203dedff7344d3d96598c9562162788612

SHA512
48bb25b08bfcc9944cd1fc3bd039ea41d1a870f488971839f2891b91710f3ff9eb0b523aa7ab888bf9968bbbca41a48761405abbafc6c6d24927c078049545b8

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZNBS81GU\menu-animation.min[1].css

Filesize
3KB

MD5
730e0907dfd019baf0c555a21f373670

SHA1
6bef5d7aab1206ca5095e6f589c47c9912873ac7

SHA256
b6e169ac07a49b2c9d2b726bb3c384097badcc093dc6322c9a2ba066ae8e06a8

SHA512
594a12a72bab9c38a1b108985cd2d6e6e9a47bb3b91791ac096caae90518b4a3dcaa833c8eb07da6385415e9a85f166e176f953c83b5397901d8014eb0c35c9b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZNBS81GU\post-158[1].css

Filesize
9KB

MD5
9afe8fe6173e67c3fc7b6afadde3498f

SHA1
796e78afe1106f232c0e14f93ff0c9307acf4b93

SHA256
ad9af55dbb9d1dbfbf4dcbd94b7d2b4c3d8efd9ce8064ddb9d750a681616f96f

SHA512
493be994a8e5e2f7a4c291f2e337bb8efd04186d34ded535ab348b862b4b86efe1e7214932c867d7b960b032c0f1c144325f3250244612f470971149a4e41fdd

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZNBS81GU\post-22[1].css

Filesize
36KB

MD5
e22a20c2bb3052d2b384da2f58ebc8e8

SHA1
55d4c267606d41ce1915878656db9b91b451bc3b

SHA256
0e17c7513d228d424f0d1a0097fdecfaff127fb505a58c4df91d8339b1533a35

SHA512
45ce05b8288be0e2b0d8ce2c1a1b178f6ce0facad894725f7d0adfc2d069112f48df28510d9674bc95e7f904fd18f72904def86a33b41913cf2ca11da9f23095

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZNBS81GU\v4-shims.min[1].css

Filesize
26KB

MD5
c55205bce667f5d812354fd1353e7389

SHA1
f22de0af271eba636a022c873c94fbcd81b4c89a

SHA256
c55902832fb84522d02ea1a60a30747403a140d8651fa748f13ba398b0c0df3a

SHA512
89a2e11075b7a7e64d8240ca062e3311f1fe69600c189ec8ee78ea0f78ca9db374bb1e0692e9aedaf8ee23bd58528bf6d0e20f977477daff073be57ee8e81bbd

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZNBS81GU\webpack.runtime.min[1].js

Filesize
4KB

MD5
d4be732d829fad2ba26dc46b43a86223

SHA1
bf0380f5c0aaf1c45cf298f68f011d11cb1b3bfd

SHA256
b6d39822e34f949768c8aa5d6c99e4cde5013f2221990bf58137e8e2913d4ba7

SHA512
808d4ec8fc0c9c091b44f5b8b30c734b45972d4f0e36d073be9496608e7a725bc6966e0706af9f0d28bf4f930f503ddeff2b2a98215bbf5b901caa24f5b18f4d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\2IDSGX0R.cookie

Filesize
156B

MD5
a7e9ca9d3af47e15b65a09dc3c594a88

SHA1
90b9cf141dfa6e56d13ce4b677da44abc5fed002

SHA256
6039e8d94e6bf3478b01ff5325f7452cf5e8d30faefd8e1a237418abd6048abc

SHA512
1d8803f3173dbe00c00cf1299ef82893d96773fd44bdab8ae66145024322ad5564538edb702d82f9e4c2635ab2557a7b9701aa4015bbe10d8609c2326c40015b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
89ba7a52e86b9baf32e13b6fac94a291

SHA1
1979473441aa252a6826446c72dae112ab5d09fa

SHA256
7b19797b015c87c58c1b53e85a45ae6872eed0b5845af221de36ce01ffef34e1

SHA512
9d10b8d6972489f33c718187cff8b9977e6e6dfca489f0dcd17d05d757b1c7059161df28e8ebb2c9b3146d19dc1f55cf88ad05d38c923db972943a174df9a339

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
1KB

MD5
2ddf692eaa4863ffa6a94e6b26c4e596

SHA1
8b024889391a037b62ca3553c05bbd130fd55e15

SHA256
78774b4dba3f4fde79b16675c5217224e1a8d0422d9f490709ce2bb567609275

SHA512
fbf440074ba2477ee19cf12296959023d632c2ce45a2da2d09f2b452fd48b03331ef008329e8d1e3ac20698365fd74e45d42707f72298b3a80a7b89a4413dd58

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
5a11c6099b9e5808dfb08c5c9570c92f

SHA1
e5dc219641146d1839557973f348037fa589fd18

SHA256
91291a5edc4e10a225d3c23265d236ecc74473d9893be5bd07e202d95b3fb172

SHA512
c2435b6619464a14c65ab116ab83a6e0568bdf7abc5e5a5e19f3deaf56c70a46360965da8b60e1256e9c8656aef9751adb9e762731bb8dbab145f1c8224ac8f9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_9727017B118BD261ACD7FB12EE290EC4

Filesize
472B

MD5
acb7702cfcff5f68b769b82d014916a8

SHA1
c965a5f2ebfd5b3692e46737f9c4c483f935a92a

SHA256
4573da81f6ae44fa1fa9c8df45dc6172fa6b80c80d25f32d517661191cfb974b

SHA512
a983beefa88aa20b27921b600db7f96e02c5a8491cf6a9f45d4d8a143ccfffd455cf1fc79d38c1dd54d009c297701c1f4b00a4d784dcc15eabe2463985e614d8

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
12f0905c494b54a7b3f3cab8aa8888bc

SHA1
009e8d52fc7f01fbd50d53d3492445824a796086

SHA256
25e447aa88099e3d30d03280336c91ac3acb0904ab53c5b626d948e0bfdce801

SHA512
99d57cca929a094b8baf5995ba22bada5849a2014427626dc9d4f834ad7087e4cb271d7222e463cab73e30bab029f03d950ee71f7906fbe0387cc28434f9866b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
408B

MD5
6178dbb32367520e028add40ae3d4837

SHA1
dc8f3e4bb4c50726640f4d1efba0fa245cc3a36d

SHA256
dd44276bb169fea3b0b50daed9c79f713ff39060c7d4ec4c4949464bf3db9b00

SHA512
fd27bd88cd131bb58e959a318ef038edb2716565fc90346ee4bd6b3844416bd184999a61ec333418cb9bbc1aa24874b78d01be478816ae3cc16a7934ab7d6b0d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
c675f439fc7e5fd136563dca57c8f5dc

SHA1
98c0d87ac12d975d9829a2688da4c9a122a2a2e6

SHA256
c827892e96d75de106d825cd3d93a83654e81000c9cddafedf8ef7f77242f401

SHA512
4f7c745760790d676b661fce9af010b59990f283e4db74d48c21840e9922147bd1ae1b2a82bf38dc927a9260725b8d4064ae10069603a02ea01c8885675dd95c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_9727017B118BD261ACD7FB12EE290EC4

Filesize
402B

MD5
2198fe3828623bdd5dd4676998a5782a

SHA1
54c7229b42371242ce9a58aa25fc60a11498e17c

SHA256
cb2666a92ae56b10d22ea8bcc1f69b755837e9f8416f4c08e09dad98a6dd8593

SHA512
c7900c0cf6ff656a9bedb4619ca6c920a95399d868d950458b10ca949ad131ec8dff94e1b412bd815dddef192ec62a2f29e1305a925b02dc04d33690c778d640

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\Windows\3720402701\2219095117.pri

Filesize
207KB

MD5
e2b88765ee31470114e866d939a8f2c6

SHA1
e0a53b8511186ff308a0507b6304fb16cabd4e1f

SHA256
523e419d2fa2e780239812d36caa37e92f8c3e6a5cd9f18f0d807c593effa45e

SHA512
462e8e6b4e63fc6781b6a9935b332a1dc77bfb88e1de49134f86fd46bd1598d2e842902dd9415a328e325bd7cdee766bd9473f2695acdfa769ffe7ba9ae1953d

Download Submit
C:\Users\Admin\AppData\Local\Temp\u21k.0.exe

Filesize
336KB

MD5
dcae989d2c708fa2b73374698b1a8acc

SHA1
5846cc14d013c09c1f86796aba571ee65daa2d7e

SHA256
edfaf15aa4e28a3891b08e7e948f0d08680b492b8ba4ca464ad1b68df0190719

SHA512
4216de9f3641ba425cab752c769117f8c52e0087af09ae0413b2afcc2d82cb77ce1da0c5508cfcfa503de8f8f1c4d0b19fe263b65056b69c4de746874e72a0d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\u21k.0.exe

Filesize
336KB

MD5
dcae989d2c708fa2b73374698b1a8acc

SHA1
5846cc14d013c09c1f86796aba571ee65daa2d7e

SHA256
edfaf15aa4e28a3891b08e7e948f0d08680b492b8ba4ca464ad1b68df0190719

SHA512
4216de9f3641ba425cab752c769117f8c52e0087af09ae0413b2afcc2d82cb77ce1da0c5508cfcfa503de8f8f1c4d0b19fe263b65056b69c4de746874e72a0d1

Download Submit
memory/2648-151-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-150-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-118-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-119-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-120-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-121-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-179-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-178-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-177-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-176-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-175-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-174-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-173-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-172-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-171-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-170-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-169-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-168-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-167-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-166-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-165-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-160-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-164-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-163-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-162-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-161-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-159-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-158-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-157-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-156-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-155-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-154-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-153-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-152-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-117-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-122-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-149-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-148-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-147-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-146-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-145-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-144-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-143-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-142-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-140-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-141-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-139-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-138-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-137-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-136-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-135-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-134-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-130-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-133-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-132-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-131-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-129-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-128-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-127-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-126-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-125-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-124-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2648-123-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/5016-182-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/5016-233-0x0000000000400000-0x0000000000670000-memory.dmp

Filesize
2.4MB

Download
memory/5016-231-0x00000000008A0000-0x00000000008C9000-memory.dmp

Filesize
164KB

Download
memory/5016-417-0x000000000094A000-0x000000000096B000-memory.dmp

Filesize
132KB

Download
memory/5016-419-0x0000000000400000-0x0000000000670000-memory.dmp

Filesize
2.4MB

Download
memory/5016-230-0x000000000094A000-0x000000000096B000-memory.dmp

Filesize
132KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads