hxxp://aflora[.]eco[.]br/

Analysis

max time kernel
146s
max time network
154s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
20-11-2024 19:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://aflora.eco.br/

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\c05035f6-1c3f-4d9c-95b2-052cad813397.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241120194723.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4652	msedge.exe
4652	msedge.exe
2952	msedge.exe
2952	msedge.exe
3908	identity_helper.exe
3908	identity_helper.exe
6124	msedge.exe
6124	msedge.exe
6124	msedge.exe
6124	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2952 wrote to memory of 4772	2952	msedge.exe	81
PID 2952 wrote to memory of 4772	2952	msedge.exe	81
PID 2952 wrote to memory of 3696	2952	msedge.exe	83
PID 2952 wrote to memory of 3696	2952	msedge.exe	83
PID 2952 wrote to memory of 3696	2952	msedge.exe	83
PID 2952 wrote to memory of 3696	2952	msedge.exe	83
PID 2952 wrote to memory of 3696	2952	msedge.exe	83
PID 2952 wrote to memory of 3696	2952	msedge.exe	83
PID 2952 wrote to memory of 3696	2952	msedge.exe	83
PID 2952 wrote to memory of 3696	2952	msedge.exe	83
PID 2952 wrote to memory of 3696	2952	msedge.exe	83
PID 2952 wrote to memory of 3696	2952	msedge.exe	83
PID 2952 wrote to memory of 3696	2952	msedge.exe	83
PID 2952 wrote to memory of 3696	2952	msedge.exe	83
PID 2952 wrote to memory of 3696	2952	msedge.exe	83
PID 2952 wrote to memory of 3696	2952	msedge.exe	83
PID 2952 wrote to memory of 3696	2952	msedge.exe	83
PID 2952 wrote to memory of 3696	2952	msedge.exe	83
PID 2952 wrote to memory of 3696	2952	msedge.exe	83
PID 2952 wrote to memory of 3696	2952	msedge.exe	83
PID 2952 wrote to memory of 3696	2952	msedge.exe	83
PID 2952 wrote to memory of 3696	2952	msedge.exe	83
PID 2952 wrote to memory of 3696	2952	msedge.exe	83
PID 2952 wrote to memory of 3696	2952	msedge.exe	83
PID 2952 wrote to memory of 3696	2952	msedge.exe	83
PID 2952 wrote to memory of 3696	2952	msedge.exe	83
PID 2952 wrote to memory of 3696	2952	msedge.exe	83
PID 2952 wrote to memory of 3696	2952	msedge.exe	83
PID 2952 wrote to memory of 3696	2952	msedge.exe	83
PID 2952 wrote to memory of 3696	2952	msedge.exe	83
PID 2952 wrote to memory of 3696	2952	msedge.exe	83
PID 2952 wrote to memory of 3696	2952	msedge.exe	83
PID 2952 wrote to memory of 3696	2952	msedge.exe	83
PID 2952 wrote to memory of 3696	2952	msedge.exe	83
PID 2952 wrote to memory of 3696	2952	msedge.exe	83
PID 2952 wrote to memory of 3696	2952	msedge.exe	83
PID 2952 wrote to memory of 3696	2952	msedge.exe	83
PID 2952 wrote to memory of 3696	2952	msedge.exe	83
PID 2952 wrote to memory of 3696	2952	msedge.exe	83
PID 2952 wrote to memory of 3696	2952	msedge.exe	83
PID 2952 wrote to memory of 3696	2952	msedge.exe	83
PID 2952 wrote to memory of 3696	2952	msedge.exe	83
PID 2952 wrote to memory of 4652	2952	msedge.exe	84
PID 2952 wrote to memory of 4652	2952	msedge.exe	84
PID 2952 wrote to memory of 1120	2952	msedge.exe	85
PID 2952 wrote to memory of 1120	2952	msedge.exe	85
PID 2952 wrote to memory of 1120	2952	msedge.exe	85
PID 2952 wrote to memory of 1120	2952	msedge.exe	85
PID 2952 wrote to memory of 1120	2952	msedge.exe	85
PID 2952 wrote to memory of 1120	2952	msedge.exe	85
PID 2952 wrote to memory of 1120	2952	msedge.exe	85
PID 2952 wrote to memory of 1120	2952	msedge.exe	85
PID 2952 wrote to memory of 1120	2952	msedge.exe	85
PID 2952 wrote to memory of 1120	2952	msedge.exe	85
PID 2952 wrote to memory of 1120	2952	msedge.exe	85
PID 2952 wrote to memory of 1120	2952	msedge.exe	85
PID 2952 wrote to memory of 1120	2952	msedge.exe	85
PID 2952 wrote to memory of 1120	2952	msedge.exe	85
PID 2952 wrote to memory of 1120	2952	msedge.exe	85
PID 2952 wrote to memory of 1120	2952	msedge.exe	85
PID 2952 wrote to memory of 1120	2952	msedge.exe	85
PID 2952 wrote to memory of 1120	2952	msedge.exe	85
PID 2952 wrote to memory of 1120	2952	msedge.exe	85
PID 2952 wrote to memory of 1120	2952	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://aflora.eco.br/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x40,0x130,0x7ffbd4a446f8,0x7ffbd4a44708,0x7ffbd4a44718
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,12596949428166291805,1316426989457606924,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,12596949428166291805,1316426989457606924,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,12596949428166291805,1316426989457606924,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
  2⤵
  PID:1120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12596949428166291805,1316426989457606924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12596949428166291805,1316426989457606924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12596949428166291805,1316426989457606924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,12596949428166291805,1316426989457606924,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6052 /prefetch:8
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:3640
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff75c1d5460,0x7ff75c1d5470,0x7ff75c1d5480
    3⤵
    PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,12596949428166291805,1316426989457606924,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6052 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12596949428166291805,1316426989457606924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12596949428166291805,1316426989457606924,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12596949428166291805,1316426989457606924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1
  2⤵
  PID:940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12596949428166291805,1316426989457606924,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12596949428166291805,1316426989457606924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
  2⤵
  PID:5528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,12596949428166291805,1316426989457606924,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5044 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6124

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:896

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3176

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
63716c70d402b580d244ae24bf099add

SHA1
98a3babcd3a2ba832fe3acb311cd30a029606835

SHA256
464f0f2ca24510abc5b8d6ca8240336c2ed1ddf5018fbadb092e18b5bf209233

SHA512
dfe1a5831df6fa962b2be0a099afba87b1d7f78ce007d5a5f5d1c132104fdb0d4820220eb93267e0511bc61b77502f185f924022a5066f92137a7bb895249db2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0f09e1f1a17ea290d00ebb4d78791730

SHA1
5a2e0a3a1d0611cba8c10c1c35ada221c65df720

SHA256
9f4c5a43f0998edeee742671e199555ae77c5bf7e0d4e0eb5f37a93a3122e167

SHA512
3a2a6c612efc21792e519374c989abec467c02e3f4deb2996c840fe14e5b50d997b446ff8311bf1819fbd0be20a3f9843ce7c9a0151a6712003201853638f09d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
a3ba67932b17394c9853315478ebf88d

SHA1
47fa3b28a038f40efa06739ed357d6b6c32738d5

SHA256
0a36f66fca748437f0718b6ef45520964a02d7d197359c5dd5c1360cd04117fb

SHA512
5d25e87a5db9908acff903fa24b39e7c576ea7ca52cb7f6c103353af55d1616ca97d34501b22b9c2a1616485969a6cd8fdbe99f0830276125d2af566e4e4d2d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
bf01bfd8f0cdc4cdff525466895b7269

SHA1
f8c24947caad6a70b4a49fe55dcb46a19b22b07a

SHA256
d5196e2334ff2663cc8ef83145869db5aa6855eb981cde91e09607f9f68bb561

SHA512
71ae7c6019d3a1ae7d6fafbdd65d6eada0f1ff15e591f910e3cbd59402f1c36dbd61520c3fafc888936fa31ca7360fb79e2d3ace8e3e6b87ee1e734a059c7a8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
e5a4ffc774277a82ed5847240ca5d5fd

SHA1
3d0dd16880e96da93a087c18af29a48f966a49c8

SHA256
272ac633f5ee3b4e6e709b0070301202e9c10b8150da9fcb0a3e67c2a4a4522f

SHA512
f41f83fef8a54a874aa59e9e64c9837962f4f3262a9c404325b2a7eebd6991af533ed4b5e3e613499bdc38a723bf489a72b76508eb691a37e8b86e791b025329

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
4e703a6c3ae86a2aa79164fe5200fc24

SHA1
c1f3030a31c7d78a5659f35ba821283abcbc0675

SHA256
736e7fc9302e4849c353dbc0a7ce3ca2291403b603350ef9476cedef9fdfcb8c

SHA512
456d107134f4a89f8f03d4a96e43de6341b59c3a6ee3f3222c24730dbe1ecd9a091e65c30f30ea285749432efa90f07e39c34ee583db4ac2da11a42f445f3f63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe58a8be.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ef28be78ddd37b49b994687d037c951b

SHA1
efe98e76747e3a6e125de02b55a64f37e53cec29

SHA256
84a6079476d5e24b32df395f32c86eb629ddd8dde11d60d1486743ae2b0edc6a

SHA512
4408c27f2f57d27bfe4dd42b17e852315304ca707505648e8855dcf818ba26d34a53653eb742856e667086e2f2586da37af8deff610f32ae8c3f26b8c2123c22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8c6f41cf26b9171a46ad33da7960863d

SHA1
64c1bdf648cbfb67dba4db701d375eeb7dcf765c

SHA256
952800ddc1628374033e07cecffe757309ff5b28f20c90be8ee27071c7ea2231

SHA512
2cffac7ab15bdaf32912f2570d3a75950f9a6d085276bbd846bb0a4f2f5e59bec5ca81350e113e8e6edb367c0a06def5f6c59f8d9618aa3e3ec226acfa456d45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
22a9acf05d3257ae927b8f4a0edfa8f5

SHA1
770938a0552622a0e6c6a58acf52e6bee7459a28

SHA256
e3595f4dab408003a35e4f9c70441acfba8c5edc58324f4c51b08315be8e3c02

SHA512
1f1832d547abfbce354c752cc9586f8aa704558834b0d846f8252c66af42a7d812b9aa6934cc9741c80192145468e27975feb546eef702e0aa4fdf5cebd68eed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b4022fcc538b41e970402f76e05e03c9

SHA1
8a4f01a7cdd2d7dca16ad44a33d0fd75f125ed62

SHA256
a7de30299d69c626340d6df739f7c01a1d18fe6d7f8747854b6d6ca404136433

SHA512
b8526d20e58ed542410958487d17c92d8ef92efe8473cc4f0b9284b1fb5b605142d1715d80b55c3ea53b8775a1fe1a221d5c21b82289c61cd226af46164b578a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
252b6912c240223f64792f09f5dcb368

SHA1
35d1fe816a12ae68f54d5885c53c40437183ca5f

SHA256
82e62ac3813229325b05c22cab1e52deb690a115d6b59e689e3620986071ee57

SHA512
a80b700101758dffa1fce99d650bc268fb0fcefea36bef953a1d08a8f47601f339e85f076be5412b00d0337614cdb0238e8ddca63592314936a7656e6a743a40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
aa10f656cc16d036a580048ba0bdac0b

SHA1
52c15a55cc3b56bd1bf5dd0efcd2b66413b7044c

SHA256
166d97573db5472f64c5d066f2b07e6fbff2f1f9d5858fd7757548e334e9220d

SHA512
748fc7d5155285784ecea52d01af8168213210231a698073945b30b4989ae28463a7fee01e24792fd33b17744cd54587f801c5e836c926d700724171bb0000e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
ee8e616a03201ab31e032c60a6d81b15

SHA1
4fa72ee1a3ed74f7798b3b58cabe174c675adc12

SHA256
2d77f4c62538359ca9c795a3be97c3817adb7954e004fe4b85cfffbf216f64c7

SHA512
97640f1aec0c917ca0bdda6f0228eff1d4274d2d681c73206be660697d3a7fefbdeeda23d6e3fa853228be633b4988e543a41f84bd027493c7d633089c863151

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
850aa1209dbca47c60e061de3a4d0fd4

SHA1
a2c217b5baf47ba261e4099bcd33b766909fff69

SHA256
1a0d3f15baae13cf64adda9d29100b801966d9d2023af232443be5b5c355ad25

SHA512
e74591eebc9207d7d1fe2d8592331ddcf8f69ed29e1943f549283430c98e9b655a97e5f98e64184076b1ed6239b40f2b2dc0d0ab252d41f2dac20d9e154cbb5a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
9674a795b1da9c2ad2b33b81aaae90cf

SHA1
8bf775d36c700b30c5dea51d20f97f24e9fc3098

SHA256
2c9d820fc0157bc191403ab9e9ef891a05b45e492eb6d1f67caa3e1590256856

SHA512
26dd50efed1f744cfdfbc99d061e2aa8a13d99631423181c4decc587b632c82262ab038e23b9a02e5fe78ecc8d5c6752e8e0108c591cd2e24679a43d29fde755

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
4a7be75c9e7ffafc2f81e7fb439e6fc6

SHA1
04163aadb05c59a7ec55af4660f4c9bffa43cce2

SHA256
2d7bb6330bdad873a81aee36a23e4b39c951e3954b4ed70d2dcb072c33f44892

SHA512
515a2c2bebfaf7e94bfe775cb463cdb8a1ffb88890ad3ae658c5a35940c0a98b1aff740ff28c09d12b46e317cbbc2d96805a63c1f7012156917460d1fd3a7f70

Download Submit