hxxp://lawn2lawn[.]com

Analysis

max time kernel
149s
max time network
148s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
11-06-2024 16:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://lawn2lawn.com

Score

6^/10

motw phishing

Malware Config

Signatures

Mark of the Web detected: This indicates that the page was originally saved or cloned. 2 IoCs
phishing motw

Processes:

flow ioc

26 https://bancaweb.bcoctes.com.ar/Corrientes/login
6 https://tusrecargas-ahora.com/

flow	ioc
26	https://bancaweb.bcoctes.com.ar/Corrientes/login
6	https://tusrecargas-ahora.com/

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
2180	msedge.exe
2180	msedge.exe
5000	msedge.exe
5000	msedge.exe
4288	msedge.exe
4288	msedge.exe
4720	identity_helper.exe
4720	identity_helper.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

msedge.exe

pid process

5000 msedge.exe
5000 msedge.exe
5000 msedge.exe
5000 msedge.exe
5000 msedge.exe
5000 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

msedge.exe

pid	process
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 5000 wrote to memory of 4836	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 4836	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 1792	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 1792	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 1792	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 1792	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 1792	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 1792	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 1792	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 1792	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 1792	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 1792	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 1792	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 1792	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 1792	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 1792	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 1792	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 1792	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 1792	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 1792	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 1792	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 1792	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 1792	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 1792	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 1792	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 1792	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 1792	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 1792	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 1792	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 1792	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 1792	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 1792	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 1792	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 1792	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 1792	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 1792	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 1792	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 1792	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 1792	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 1792	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 1792	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 1792	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 2180	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 2180	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 1388	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 1388	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 1388	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 1388	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 1388	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 1388	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 1388	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 1388	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 1388	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 1388	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 1388	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 1388	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 1388	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 1388	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 1388	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 1388	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 1388	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 1388	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 1388	5000	msedge.exe	msedge.exe
PID 5000 wrote to memory of 1388	5000	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://lawn2lawn.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbe8813cb8,0x7ffbe8813cc8,0x7ffbe8813cd8
2⤵
PID:4836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,7496908039103145218,9581926682410138352,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2
2⤵
PID:1792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,7496908039103145218,9581926682410138352,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,7496908039103145218,9581926682410138352,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
2⤵
PID:1388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,7496908039103145218,9581926682410138352,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
2⤵
PID:4952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,7496908039103145218,9581926682410138352,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
2⤵
PID:2848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,7496908039103145218,9581926682410138352,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
2⤵
PID:4808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,7496908039103145218,9581926682410138352,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
2⤵
PID:1236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,7496908039103145218,9581926682410138352,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
2⤵
PID:400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,7496908039103145218,9581926682410138352,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
2⤵
PID:1776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,7496908039103145218,9581926682410138352,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4288

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,7496908039103145218,9581926682410138352,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5828 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,7496908039103145218,9581926682410138352,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5468 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1864

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
5e027def9b55f3d49cde9fb82beba238

SHA1
64baabd8454c210162cbc3a90d6a2daaf87d856a

SHA256
9816e980b04f1fe7efaa4b9c83ff6a0fdd485ee65a884c001b43a0cad7c39d83

SHA512
a315e1336c5ec70cbb002969e539068ba92f3ec681b6d863db95227fd1808a778fd994e2fb03f28f0e401677aa5f7c66813e315b6b99a5065384c49586f9782e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
0c5042350ee7871ccbfdc856bde96f3f

SHA1
90222f176bc96ec17d1bdad2d31bc994c000900c

SHA256
b8b1cb139d4d19a85adce0152fa3c4f6adfb73a322d7253820e848c6f82afc1b

SHA512
2efdb535fa6a06c4f9702b2129f2dd07c330e37fd10b492f2236007c660c1707773c22005d1e1fa580dbf633dc1a700ada3b7b611ef9accd9555a17a244f61ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
Filesize
169KB

MD5
7ab644ecfb13a397d1b021ee4e1e686e

SHA1
8a779ad270f3bf200d8e13a6c345a2b29304a599

SHA256
2c85662f6bb19ce58ff193e65040ab6c1f881226c81ce0f389b6d05570c21f4f

SHA512
7c26c4f16b492a7ca5da988e89cb34b5d1acd425f5e2bc04342759725b192bc2e82ccfa831e839c2ed82dbdd54d833e25cdafdd61317ada24f40dd68abf3c207

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
384B

MD5
e2a136384e7a0956c993cae1dc0d3ac4

SHA1
89d8ed6b13a2a84fb9b25932db0180189b9b22e0

SHA256
cbf5eff875164a6c06a56f71df187954e38ac7fbc2922357ab8ef70fcb203c8e

SHA512
fa8f6dd747fbd8270771f7d9374c8b2595bca81619103647a58e9c201ca4743834ca433ca37787b6ec5aa5ebae0c9d4300e24e5e884db707558ca06823f89e0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
120B

MD5
a905c64cd443f7e142a836330b23f610

SHA1
c390a6245e11b496ed18edf3f2d2e21db083e1ba

SHA256
75e85639a539489c979cd2d8ba708a21866beac563faf45669ae9b6f366777b2

SHA512
524bacc56cd5eea3629509946738de7610ba61be0942bc0dc3ee423ebf960c926f869198657bce20fcdc5eab9ad27d5bfc3dc02d460c2d5152a7c7ab66ddda3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
3cc20f7d4862c769f5b62531937ecc2e

SHA1
68de679c5834164cc749dda58f0565f8e6bdff2f

SHA256
526a06324c61a58fd4f8769e505951c658db6316f041aef2a75615a439653ab9

SHA512
fd8b8c85c12277254b20bf794c91e4cac169b88631a52114ab07d633793c45630f7cfdcdd6fd2f5e105e3c0fd35c366c64eb1ad7b6de8a9efac2d976971e87c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
ba63e8df3ddefd819fade4eceef5a597

SHA1
6bfc18e8a750137a280662d30242298ea0582a1b

SHA256
c85f32f4eb9739223401c9f6604ed335c39e8e4a9a10408d2ac758ca6d2f7fb9

SHA512
18918ebdb12a290a8854df7211867c631f263d3d854a60feff2d0e06b0b1d25f1db8d3821cacad3756559c99ce82bd418370d915f2689615067bda9b8f9d2a1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
f643d09ad0bce6de53ff1de9f748757d

SHA1
35c3b73d52c08fccdafb4ad6cf0581dc1f4a01bd

SHA256
a620ba43c3ec6701964d0af1cc891b77ea16f8e9ffa42a02d10900418600f485

SHA512
bb46d206f2e94cb2cdfd1e85aa49492d650348bd930c0334ea33a42471be4407d7bd4d5d77dec93b6b03228011b5cb2004fa4bf9677961e7093542c91930c8d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
19b1646777d60ac12f587cb3a5d5332d

SHA1
910c7263ee75a90ed737225ef9c03a389bc37a0f

SHA256
d38ac3863f45949c877270ba0324826d57d201bbccaa5cd421921ae5d947b446

SHA512
bb981930cb5bc971abccbf8bc382349cc56fb121b6e6ff9e4aa058f0a0c3245d511dadacc2ce6b54a711143db581010b0f09ed18cb622cb54cbe1a4fed88e67e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
8b8642a8bcdca5d8b2c890fa38a77611

SHA1
c1a1525ee5f3e79a2f50e1b5ad9df27f63af1c12

SHA256
bd48278d8e518cd498ba2af961da3288d86e02d98530e1a2c30d73aca9659ed4

SHA512
9636dbae249a5fb59b094232d0c2d175cef453c63c08cfcf066bc34943022d7e8fc039953ce78b5171c2155e53e2a305893a0977b922b55904a81e9f4aad8492

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
248f93498c01856416b516015df692b2

SHA1
90d67a00069761e7ace17cacc3439f0653108c37

SHA256
bc74243f2db3cf321f50f0405fae3353752e1b68eff15b7ca806427b281baa14

SHA512
dcb422c4cb82f23a18980c9d806ed5facce87dfe530362df1b088300c4d5bc725c9e1f89fd2767bb32602ef781c8f53a446052dc456e7e6d174a451ae3220893

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
63fb9639b226625b87d7067cf6ad7a09

SHA1
3f80198e7cf4a12d6e61e5ae00e908fb8a20de34

SHA256
00c25c6eccdbd6f604ab4c0e32693553ece4938b855fd3a43a2dc740f6fd543b

SHA512
1a5c21e17936dec1d55a4f90d420436264ccd10199eb27e734ccfb8a91ef117c52af90d4a9f08947d9cc9224c64f4292fb4bf1a889fb60f243b2786cfa6b9823

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
872B

MD5
2f401d23028a9933fe80470ca571df51

SHA1
76c306374c607e05b3f63819cd70405925cbb4fc

SHA256
bd828c867a544642416b7c6bcea7da9988bb18afa25be64d099fe149102c4bdd

SHA512
32c2a522e4c045ccc0c50f6b7ecc4c65bdf7ec59a4ca0e67afd4490c78e7080f4a4adfa7f9ac9b5e3670045b8285c913977c5673ff65967a0acfd23e6102f473

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584ea8.TMP
Filesize
371B

MD5
2eb2eaafd374054a935a52a2c1da4e6e

SHA1
1a294c248bf75e70c4fb995d6e1215cb5b9797f8

SHA256
9a8ffbb7f357495de2ba19fe100ebea917e8d1e35e4b48ebc23fdc3bdccc7e19

SHA512
728fc6db81bdf6834ba7a982eb643f670859b6ab78b3cde77e893b6ec556a9373c4e10eb3dce592378c5cabbbe6ebc6cf55b0cde6f2dfd0506ccf01d41fc55f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
0c37834fd01cf6127ded9d40b9f51bf2

SHA1
3dff59e2c9aba74d9e8d5ce58e03e8a268cc40bd

SHA256
e0ebd34adefb1782ad1b8cdff2923fbb8af01d4e7f737a22e9e2d6b9e184a618

SHA512
db8364f3a2baae5f02aff27ad295d51043c7f223b58f0cac268da7b42e387d4311bfc8d9a1a74a2405ab9d2b7738c25defc9b31117944cd46267c3ea90cd47ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
9abd0ca42de05bda6ea0e8cb9b5f8537

SHA1
3449df258c891482aac1d12f8fa312ce00bd3749

SHA256
ea2f606d5f040b3181e19261034f9ef40d94336826b80479f788a7f7b4665648

SHA512
cff37b23efcef3e356aa68e343d0a8102a65f05cf43aeb911808fb0b97eb13d1bc99645fe538f9dcee563bae3899a77a666b83a0f911f869f24c04ca1ed47031

Download Submit
\??\pipe\LOCAL\crashpad_5000_CFEQAYWIYFYYAGEM
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit