hxxps://darrotary[.]org/

Analysis

max time kernel
145s
max time network
145s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
10-01-2025 20:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://darrotary.org/

Score

5^/10

paypal discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand PAYPAL.
phishing paypal

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20250110203444.pma	setup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\50342b26-ca49-4bf0-b923-03256556da4c.tmp	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2296	msedge.exe
2296	msedge.exe
3212	msedge.exe
3212	msedge.exe
4576	identity_helper.exe
4576	identity_helper.exe
6084	msedge.exe
6084	msedge.exe
6084	msedge.exe
6084	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3212 wrote to memory of 3112	3212	msedge.exe	82
PID 3212 wrote to memory of 3112	3212	msedge.exe	82
PID 3212 wrote to memory of 4364	3212	msedge.exe	83
PID 3212 wrote to memory of 4364	3212	msedge.exe	83
PID 3212 wrote to memory of 4364	3212	msedge.exe	83
PID 3212 wrote to memory of 4364	3212	msedge.exe	83
PID 3212 wrote to memory of 4364	3212	msedge.exe	83
PID 3212 wrote to memory of 4364	3212	msedge.exe	83
PID 3212 wrote to memory of 4364	3212	msedge.exe	83
PID 3212 wrote to memory of 4364	3212	msedge.exe	83
PID 3212 wrote to memory of 4364	3212	msedge.exe	83
PID 3212 wrote to memory of 4364	3212	msedge.exe	83
PID 3212 wrote to memory of 4364	3212	msedge.exe	83
PID 3212 wrote to memory of 4364	3212	msedge.exe	83
PID 3212 wrote to memory of 4364	3212	msedge.exe	83
PID 3212 wrote to memory of 4364	3212	msedge.exe	83
PID 3212 wrote to memory of 4364	3212	msedge.exe	83
PID 3212 wrote to memory of 4364	3212	msedge.exe	83
PID 3212 wrote to memory of 4364	3212	msedge.exe	83
PID 3212 wrote to memory of 4364	3212	msedge.exe	83
PID 3212 wrote to memory of 4364	3212	msedge.exe	83
PID 3212 wrote to memory of 4364	3212	msedge.exe	83
PID 3212 wrote to memory of 4364	3212	msedge.exe	83
PID 3212 wrote to memory of 4364	3212	msedge.exe	83
PID 3212 wrote to memory of 4364	3212	msedge.exe	83
PID 3212 wrote to memory of 4364	3212	msedge.exe	83
PID 3212 wrote to memory of 4364	3212	msedge.exe	83
PID 3212 wrote to memory of 4364	3212	msedge.exe	83
PID 3212 wrote to memory of 4364	3212	msedge.exe	83
PID 3212 wrote to memory of 4364	3212	msedge.exe	83
PID 3212 wrote to memory of 4364	3212	msedge.exe	83
PID 3212 wrote to memory of 4364	3212	msedge.exe	83
PID 3212 wrote to memory of 4364	3212	msedge.exe	83
PID 3212 wrote to memory of 4364	3212	msedge.exe	83
PID 3212 wrote to memory of 4364	3212	msedge.exe	83
PID 3212 wrote to memory of 4364	3212	msedge.exe	83
PID 3212 wrote to memory of 4364	3212	msedge.exe	83
PID 3212 wrote to memory of 4364	3212	msedge.exe	83
PID 3212 wrote to memory of 4364	3212	msedge.exe	83
PID 3212 wrote to memory of 4364	3212	msedge.exe	83
PID 3212 wrote to memory of 4364	3212	msedge.exe	83
PID 3212 wrote to memory of 4364	3212	msedge.exe	83
PID 3212 wrote to memory of 2296	3212	msedge.exe	84
PID 3212 wrote to memory of 2296	3212	msedge.exe	84
PID 3212 wrote to memory of 2380	3212	msedge.exe	85
PID 3212 wrote to memory of 2380	3212	msedge.exe	85
PID 3212 wrote to memory of 2380	3212	msedge.exe	85
PID 3212 wrote to memory of 2380	3212	msedge.exe	85
PID 3212 wrote to memory of 2380	3212	msedge.exe	85
PID 3212 wrote to memory of 2380	3212	msedge.exe	85
PID 3212 wrote to memory of 2380	3212	msedge.exe	85
PID 3212 wrote to memory of 2380	3212	msedge.exe	85
PID 3212 wrote to memory of 2380	3212	msedge.exe	85
PID 3212 wrote to memory of 2380	3212	msedge.exe	85
PID 3212 wrote to memory of 2380	3212	msedge.exe	85
PID 3212 wrote to memory of 2380	3212	msedge.exe	85
PID 3212 wrote to memory of 2380	3212	msedge.exe	85
PID 3212 wrote to memory of 2380	3212	msedge.exe	85
PID 3212 wrote to memory of 2380	3212	msedge.exe	85
PID 3212 wrote to memory of 2380	3212	msedge.exe	85
PID 3212 wrote to memory of 2380	3212	msedge.exe	85
PID 3212 wrote to memory of 2380	3212	msedge.exe	85
PID 3212 wrote to memory of 2380	3212	msedge.exe	85
PID 3212 wrote to memory of 2380	3212	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://darrotary.org/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffe469446f8,0x7ffe46944708,0x7ffe46944718
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,7419990324576375051,15278514675932166138,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,7419990324576375051,15278514675932166138,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,7419990324576375051,15278514675932166138,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7419990324576375051,15278514675932166138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7419990324576375051,15278514675932166138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7419990324576375051,15278514675932166138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7419990324576375051,15278514675932166138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7419990324576375051,15278514675932166138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7419990324576375051,15278514675932166138,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,7419990324576375051,15278514675932166138,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6436 /prefetch:8
  2⤵
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:4012
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff732d25460,0x7ff732d25470,0x7ff732d25480
    3⤵
    PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,7419990324576375051,15278514675932166138,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6436 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7419990324576375051,15278514675932166138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1
  2⤵
  PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7419990324576375051,15278514675932166138,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:1252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,7419990324576375051,15278514675932166138,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5080 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2140

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:32

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
24dada8956438ead89d9727022bac03a

SHA1
09b4fb1dba48ec8e47350131ae6113edd0fdecf0

SHA256
bf1e5c7828e4672982b16451b5a201e65e812e98a97b87c9f2f7c22677cb4ec1

SHA512
03f092a4b20a4d8cc111220b35fbf5470878b7723faeddee65b1d9cf327167053792c77864103b4530b9b9f819e32a5721b44189291dfdb5832769835ea5dd94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b712a4c83dfb3c522d032cf900e863a

SHA1
4f5bec4be6f4ebfa959e899ceafc62309bb1f141

SHA256
31da2a41a051db11559c47feb923d4baad32a384f530013a435fa884dad64493

SHA512
03b24d9307623b3a341230805f3ea662b0107c314650a51ae7e89d901cb3ad212d4219bab4d763d0aa8d50831aa0e6d4e3379573cc2f724873804578e8642898

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
216KB

MD5
d88eb4431a98b4312cd89371c45ebbaa

SHA1
6bf77217382326f4d62a4d4523fbcd6e1b609d87

SHA256
02ee7b10c3d1bc99a4b559c4957ceaa66c26ea7fcc142ff60e7e733c149bb104

SHA512
552aaad1bc5504490ac4c4cea6519e73813d19c1f30e8dbbe7f95a375026ae3bd4ef90e144dd2b53cae7ea1d633b69b27951f77861d13da12402259c209516a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
4de622e4d08a9b2ec4406ec7447cb363

SHA1
a1e87bd63387b668f6ec1e5e9ccbed5fc9da2198

SHA256
cf286dbbf4bb72cac5793ecebe227ae4a906b2eacc3f8ecc90667bbce0d32bd5

SHA512
3c4fb8c44bbbf6a1f38ab9aed0da3dd8850dd5ac1111b78b1251c7351fa5a27ada8f9ed778871c4cc0f586d1c1920131f30960ad5f51c14b3c2176ca27783844

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
52537c17bafe4fbade33c21c2cf880da

SHA1
d32678e1da9292d472e3fed4e9e7f755f2713e63

SHA256
ab872ced9b2ec6fa8bffcf6ce0eb8e07aa38dc3c5f3361ac96cf1edd3b0299d0

SHA512
8a13077c31c18ec8020f571f328bd01a3ce0ad6b0a813c3d3cd52317689a20e5c4aca2e26438d74e1b435631e9da3c6158c8b405172187cd1b0be09d8f8ef2a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
8fe4adc606c7bf76c8933896554acaf2

SHA1
d4123c17da7c3cd51d1212437571ba2110a0c2f2

SHA256
25165e52c628bed34a336faeb258eb40e82e53736da4ef056f1e0735283799af

SHA512
5d9528446c53aa6a9c4417a273d10dcbbbad74e4a310c5f29031b18125c7ad64001fe09b237f24f0c8a629c501f42d4683032b45e599a8a94d5802a365c17ec7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
03877fd6dd6f4a389dc848d45906a35b

SHA1
c07ad0297ae4235c627354304bafc2da5d2b9194

SHA256
cbc441f992b470449233f01d3884fbc1f4614c963b97b708894235c3a428ac75

SHA512
6decbf8c5ab78a0a90596b1ce526f03a13cfa09ed984d6a46b62b1d7768674a7746bbf996eccff86d3899f216d386122200cb35204c2eb277c5f219d49c0ea0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe58b561.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b11b8d90d589560956bb46d81249d05f

SHA1
a44b42e643738f5e01edef668b3b24f731a97939

SHA256
99ad9700fb1bf7636423a999034fcd10972a518284c482e40cc85f62f7bdd98c

SHA512
e3c745c80cdf2ec3e6249d9b2e6a484fb97f146c46e79e6d80b1059bf75b29c42306c3492fbe2d0b666552287d1f8d14dc679ebef9b6974b8262c0edb475a957

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b616c63c8e57bb8ef6c4f9c70767f324

SHA1
0dcb7119a137347da9e41a13bbddbb63fdb8fe64

SHA256
0b00a88ca41a93a6bca0df77d2799a363d89242de0e567c6ffba3f3cd967e187

SHA512
1bf1e471a19cc656725f10632ea35c761029a01ccf41a6423ed77b99a0b664eb0da13738952973e0ae2d2e97de654cfec919ef4f4427ec4b7b840dd3f93ad83a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
aa8c403fa5f63e911c24048969fc07f7

SHA1
1dcdb3a338772943f281e155f6002f6931375b15

SHA256
28e57aac1a9632030cb84638086f2b2ae725ded43d23f584bba167bf96397fd5

SHA512
3b733ea9873bca2638c0a718afa8976999cc2ee54b1e820419533affd0d8ecae24799ec05d9cb86d3a4fd96ecb367f24ea77f462dfacb4228d9616406749e271

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
85eca930a791cbcb1373f5fdaf17857b

SHA1
ffea7d54e9803374a484f1e4c124766e80024efc

SHA256
fbc990061790350f00dc28f2dda277aac81bb8385a6e92e90a20101436c3312c

SHA512
2ffe0de3f80ac60f2ffa55f334026979e6be328b7c69f4603aa3c5d1bfa6c3b3744d86ac2a34ecf904d0a41b36bc485392ece58f6cc89d7ffca293d02efe5bed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
99a7edf9124dba808b6d025b14aea278

SHA1
f1de2fdd81ea87ee78e8afdc1a7cdffcf62a92ef

SHA256
9d38a8d193a503b9be7b39be5d150bcf22038c84fbf3d53979e2f075a35b9089

SHA512
fc371b7ad5606a9948ba4a315e40a0a93592f57103be4a3712020977b43e4277d95d74ff35e490239dbce1cc475fe1d1746764f5970d2e9f04483c985268f5c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
ecfe94d53c68ce934a7194464b3c60a4

SHA1
28edad94c121cd4eab893eca30ab767751bd5a26

SHA256
faf165a1d539426cfc4e15b571de072afe7907af3fb74769e9857fcf57446eac

SHA512
a2a7f7bdac968a875198fdb6fcb4005900e11b775bbc848871bbd176c7111a47fb9ae7f0f182d867c82a2275f501636cc3011589120bcc93e899bce3e0f6df28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584be9.TMP

Filesize
871B

MD5
10a05ec9b5c4b93e2eb47fce318530d4

SHA1
2422489d8b21d065d6ea978dffe424eb02148094

SHA256
d17648ff715b2d7561767f1fb14c4546d1bc9940130d7f935257cec5589f1202

SHA512
296c882863cce8d34de7bdf750b70d3504dbe8300f44e8ad78600aa82e23d79d721476e6a8e3b38298790b0eba6c60f50a422dc03448b7541361be263fd587ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
842ee35d1bcaf269ea730168132a1c2a

SHA1
49b53ad6db194cb1a46da9f66578b92fd8024cb7

SHA256
795b931bb22fa567f9e65f6bdbb5c678ad11b3e43d5a9fad16d01186eeb0544d

SHA512
622159c7b9652e84edb332f7b9ef817c1b333edd929cf0ded7c78fdb211093d2b077e77e87756d052b098219f271ae609a3be9b5e035d5bc839f2e0378831ea9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
9631a791adb99b926584f2b210dffc5e

SHA1
85cf97959d4cd6ac5d64445567a741dfe1a48d40

SHA256
c76671d58aef83c126416561e475e7b900ee2b83f64373e5d0b28d4cd6a09031

SHA512
2069481f3001280f1738100c305bc0fee97058bcc1ece146e5e68b1c594209ba3a6fd99863fd941d1e291af7ea71e26a2103fd89581eb5b2a7bd023c18bc8bca

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
ff954a37eb3203bac2ef212d0e69e22d

SHA1
76e382265819129ec50eafeecce8b619c523df15

SHA256
ee55518789d78ffb2bd1d797b5e7d0c488fd0101cfe9c7585401474a0e9fc11e

SHA512
53b6cffd8c0ba33e007a4ea377e9bfbe3de7850545763e7f48537e9c190d10092bb24c863fab3afac8c8c30bbc2fb0d3e3b245cd3e13d95414d3073f15c8a5c7

Download Submit