hxxps://www[.]google[.]com/url?rct=j&sa=t&url=hxxps://www[.]defenseworld[.]net/2024/02/02/gasfrac-energy-services-otcmktsgsfvf-share-price-passes-above-200-day-moving-average-of-0-00[.]html&ct=ga&cd=CAEYACoTMTAyOTI2MjE5ODE5MzQ2NDg0NTIaMWZiOGM0MDQ0OWY2ZjlkMDpjb206ZW46VVM&usg=AOvVaw29XyvQoadpoaHZDjY7mcMs

Analysis

max time kernel
435s
max time network
483s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
02-02-2024 20:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.google.com/url?rct=j&sa=t&url=https://www.defenseworld.net/2024/02/02/gasfrac-energy-services-otcmktsgsfvf-share-price-passes-above-200-day-moving-average-of-0-00.html&ct=ga&cd=CAEYACoTMTAyOTI2MjE5ODE5MzQ2NDg0NTIaMWZiOGM0MDQ0OWY2ZjlkMDpjb206ZW46VVM&usg=AOvVaw29XyvQoadpoaHZDjY7mcMs

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4356	msedge.exe
4356	msedge.exe
3428	msedge.exe
3428	msedge.exe
4536	identity_helper.exe
4536	identity_helper.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3428 wrote to memory of 3572	3428	msedge.exe	83
PID 3428 wrote to memory of 3572	3428	msedge.exe	83
PID 3428 wrote to memory of 3616	3428	msedge.exe	84
PID 3428 wrote to memory of 3616	3428	msedge.exe	84
PID 3428 wrote to memory of 3616	3428	msedge.exe	84
PID 3428 wrote to memory of 3616	3428	msedge.exe	84
PID 3428 wrote to memory of 3616	3428	msedge.exe	84
PID 3428 wrote to memory of 3616	3428	msedge.exe	84
PID 3428 wrote to memory of 3616	3428	msedge.exe	84
PID 3428 wrote to memory of 3616	3428	msedge.exe	84
PID 3428 wrote to memory of 3616	3428	msedge.exe	84
PID 3428 wrote to memory of 3616	3428	msedge.exe	84
PID 3428 wrote to memory of 3616	3428	msedge.exe	84
PID 3428 wrote to memory of 3616	3428	msedge.exe	84
PID 3428 wrote to memory of 3616	3428	msedge.exe	84
PID 3428 wrote to memory of 3616	3428	msedge.exe	84
PID 3428 wrote to memory of 3616	3428	msedge.exe	84
PID 3428 wrote to memory of 3616	3428	msedge.exe	84
PID 3428 wrote to memory of 3616	3428	msedge.exe	84
PID 3428 wrote to memory of 3616	3428	msedge.exe	84
PID 3428 wrote to memory of 3616	3428	msedge.exe	84
PID 3428 wrote to memory of 3616	3428	msedge.exe	84
PID 3428 wrote to memory of 3616	3428	msedge.exe	84
PID 3428 wrote to memory of 3616	3428	msedge.exe	84
PID 3428 wrote to memory of 3616	3428	msedge.exe	84
PID 3428 wrote to memory of 3616	3428	msedge.exe	84
PID 3428 wrote to memory of 3616	3428	msedge.exe	84
PID 3428 wrote to memory of 3616	3428	msedge.exe	84
PID 3428 wrote to memory of 3616	3428	msedge.exe	84
PID 3428 wrote to memory of 3616	3428	msedge.exe	84
PID 3428 wrote to memory of 3616	3428	msedge.exe	84
PID 3428 wrote to memory of 3616	3428	msedge.exe	84
PID 3428 wrote to memory of 3616	3428	msedge.exe	84
PID 3428 wrote to memory of 3616	3428	msedge.exe	84
PID 3428 wrote to memory of 3616	3428	msedge.exe	84
PID 3428 wrote to memory of 3616	3428	msedge.exe	84
PID 3428 wrote to memory of 3616	3428	msedge.exe	84
PID 3428 wrote to memory of 3616	3428	msedge.exe	84
PID 3428 wrote to memory of 3616	3428	msedge.exe	84
PID 3428 wrote to memory of 3616	3428	msedge.exe	84
PID 3428 wrote to memory of 3616	3428	msedge.exe	84
PID 3428 wrote to memory of 3616	3428	msedge.exe	84
PID 3428 wrote to memory of 4356	3428	msedge.exe	85
PID 3428 wrote to memory of 4356	3428	msedge.exe	85
PID 3428 wrote to memory of 2056	3428	msedge.exe	86
PID 3428 wrote to memory of 2056	3428	msedge.exe	86
PID 3428 wrote to memory of 2056	3428	msedge.exe	86
PID 3428 wrote to memory of 2056	3428	msedge.exe	86
PID 3428 wrote to memory of 2056	3428	msedge.exe	86
PID 3428 wrote to memory of 2056	3428	msedge.exe	86
PID 3428 wrote to memory of 2056	3428	msedge.exe	86
PID 3428 wrote to memory of 2056	3428	msedge.exe	86
PID 3428 wrote to memory of 2056	3428	msedge.exe	86
PID 3428 wrote to memory of 2056	3428	msedge.exe	86
PID 3428 wrote to memory of 2056	3428	msedge.exe	86
PID 3428 wrote to memory of 2056	3428	msedge.exe	86
PID 3428 wrote to memory of 2056	3428	msedge.exe	86
PID 3428 wrote to memory of 2056	3428	msedge.exe	86
PID 3428 wrote to memory of 2056	3428	msedge.exe	86
PID 3428 wrote to memory of 2056	3428	msedge.exe	86
PID 3428 wrote to memory of 2056	3428	msedge.exe	86
PID 3428 wrote to memory of 2056	3428	msedge.exe	86
PID 3428 wrote to memory of 2056	3428	msedge.exe	86
PID 3428 wrote to memory of 2056	3428	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/url?rct=j&sa=t&url=https://www.defenseworld.net/2024/02/02/gasfrac-energy-services-otcmktsgsfvf-share-price-passes-above-200-day-moving-average-of-0-00.html&ct=ga&cd=CAEYACoTMTAyOTI2MjE5ODE5MzQ2NDg0NTIaMWZiOGM0MDQ0OWY2ZjlkMDpjb206ZW46VVM&usg=AOvVaw29XyvQoadpoaHZDjY7mcMs
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8878646f8,0x7ff887864708,0x7ff887864718
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,9406819922981115730,5236299479398203547,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,9406819922981115730,5236299479398203547,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,9406819922981115730,5236299479398203547,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9406819922981115730,5236299479398203547,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9406819922981115730,5236299479398203547,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9406819922981115730,5236299479398203547,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9406819922981115730,5236299479398203547,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3920 /prefetch:1
  2⤵
  PID:556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9406819922981115730,5236299479398203547,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,9406819922981115730,5236299479398203547,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:8
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,9406819922981115730,5236299479398203547,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9406819922981115730,5236299479398203547,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9406819922981115730,5236299479398203547,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9406819922981115730,5236299479398203547,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9406819922981115730,5236299479398203547,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:1
  2⤵
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9406819922981115730,5236299479398203547,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9406819922981115730,5236299479398203547,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9406819922981115730,5236299479398203547,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,9406819922981115730,5236299479398203547,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6284 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:432

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
011193d03a2492ca44f9a78bdfb8caa5

SHA1
71c9ead344657b55b635898851385b5de45c7604

SHA256
d21f642fdbc0f194081ffdd6a3d51b2781daef229ae6ba54c336156825b247a0

SHA512
239c7d603721c694b7902996ba576c9d56acddca4e2e7bbe500039d26d0c6edafbbdc2d9f326f01d71e162872d6ff3247366481828e0659703507878ed3dd210

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
67KB

MD5
e0227b9f6da754f85019943ab37676e7

SHA1
60ece67cf54a510fff6c6d7a5e5be94570be1d9e

SHA256
5003d1a18c0d5df01c68291fd2e3a177235ac471edf6b8d434b05cfda2480411

SHA512
f3d3263a7b92ad9d557a5fdde9db86961422c3dbd98bb3b510eaeb0b6f3826229fe98d705624950e79636d9e52cc005673e489dcfe472afa5ffa0491a6ab5420

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
92KB

MD5
3843c770a1f7b425084deace8402a9db

SHA1
7c80c2bd80203b39132bfa3d4075042bf61efb37

SHA256
b3ac0b4c19d935e6f6eaa712e7d4d53f2c744b25edc29d61706ef1ecd95216c7

SHA512
0f84f493be73ccedb1ce5d474ee5a73926b67e08b4e444875d124707dc0ca6951a996ed87ebbf9f8884379e44f5a0b39d5d2187aee04d31b602d26c1fca7d46e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
80KB

MD5
627d64320b8e1a5d65d1f4b489e5ab6b

SHA1
56d294d903161c96c974bd68f7d83c5fbe765362

SHA256
d7d4b93e06c5d5ea47fe3e1dcfebfd45c14c7e9345cff2f4d3033ea39225d5b2

SHA512
7a537d308629ffdc611a0f3f3ab9d64c8d810ca67973eb0a3dcc7426f58b71fdf03532cd14e0f29b53111f21b459be6aa832c95b0b08a004cc1681e9c5a35053

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
55KB

MD5
cf09527b200d3840d04d7266ee4c5029

SHA1
7bf36014605218b5de1ab3fcfd309cdafe854462

SHA256
d35dca2562469c4185eac49db786145524b21a5d58ea5677ac8e82d3309aec39

SHA512
31d05e765d0aabfc44d7b6321af176a477a1ada99cb88907b347fda1a9efccd2effa8011084374878c7df20fe6c3a72d6c16164b05d07f9ff23d81c130d54f19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
aeaf93302fc11837a27b44a1db7d25b5

SHA1
f33feca80e2d3d5885d841893d996488a4e19134

SHA256
2da04b0790488b9b28d7ea669de3006d445c7e6e634a43952b2fb602d8d049ef

SHA512
a084ad2b9477249777236353165a9c7b512bc01d57887bc6d739b23cf5be71e0eb853f34b0242df594f576790c159172d099e5704ab9553275606008deb79595

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e6c59fdea6e298c63b494f118acf12d3

SHA1
b73aa1a62f86a05e9c39bc0a98648cda6ab058d5

SHA256
1211dcddf2c28d701bcc51f71301917d58f038a470445b18d12fced01de933ae

SHA512
e6274b53c2141f3c0d7280e4da9b76cd7fce729ac23ce238a4415ce80099837844cc397924ec7f5da2219e92902c2288d264c89d986f51a7268239e926ff9feb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.defenseworld.net_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.marketbeat.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
86fc5d394e633bc825e21a9caaf3dce2

SHA1
1092672b657c8f8a832454548983c363fdb87305

SHA256
c080cba4a27b57130b12ee1f9ef6ec700f8b1ea91762953c6b9b4fab74fb29db

SHA512
9dd096c17d7793194c6bdb7281322dc899464ec0475d9480ddb938e84294126846a38c9ba7ef35ef5183f412805f0fb59e66e7f3a8823695916609467c3b7a91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
dd3d9d017e537772feffaaea3049bf95

SHA1
84beb6b7ef95d5d22ed466686b5170012eb1ada2

SHA256
874cc5bab07c8fa6f01bf82a6f9643cb4e64e870c9cebf8eddeca53b40bcb8fe

SHA512
08207646eb463866650648f1d62992e6a2ac68fffce36317cf72131ac22022ed2ecd61e2bbf4830f302504bbeb3a0c95254e869749ccd1ec0b1f8865311ed4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e8fbba046ef3476e223a2696101581ab

SHA1
eb842991b817fe81588f69b7f0589dfd4916a74c

SHA256
efa83ae28db9123620b6ef811014f9779cc69afc3f9f878fe3087501c479ac18

SHA512
db565623ecd98d8246932691d8c0528e6da3e637b4712b2afa874dca26abfbd946717f8605e0ef0a870450f8f798c3987631a5eb62fbea4b94db2c11ef62e5a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
6a52d222c38db117fa0190e3e6f63447

SHA1
ede509b295dbf1d89a685201549c04cf9dc86444

SHA256
2d705423853758e90b083a7cc42800f2f5364b3a6064126a94946e882e3d4178

SHA512
ccb67fcd29af660b0f96edf6ef4b0b1d3dc27c07ac0dc58c6183adbc9abe1348ed8c58be78964abaf7b77478378f6783805a34e9e536373fc2db6ed78d1cfa23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
74b3ecc8c3f4729d3764d61bf6c9c703

SHA1
1db089744760f97030766e88401126f92f4026bf

SHA256
2158ace90740cceaeb87aaf41be143d74f7fd77f4f59ac98d1247443ceeed3dd

SHA512
1df53a972e0e373aa8aef1a36a27f7ebd638982b9bbd5275071b9752d283539390faa7957391ecfe0081d96022debd6578ef899c107c02f2383248bf02e771da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b0e8f3633b6f5306367b9dbbf95875a8

SHA1
93e3a35770f3fa4acef9330f39a6053830f6d45f

SHA256
58cf959d48dbd826603f25c138a0740047b82848d40c4a6b3685005afa655907

SHA512
84b4f30cf70b5eeb340ea0bc6c352a6d42f9ec14612bcc340e9f8c3647db4c6df28babc71c63c4a7cc079c7fc7b5ff90b86a82f0b45d427f065989d44d9f8d40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
5bc3057b6650b926117017c4e1c745ed

SHA1
955445420695b722b48ce2a7afcea359b9bfaf79

SHA256
af7b839a0bd780d4baf8b7ff81692e8ef85b1098c929400bd67e60a7b845ee50

SHA512
95a41bc5cfecd93035c7d3fb34d07c1362e26cf44a62ba1f4391441f773986b3f7ea1348347491c3db6d9f184d04e3403819fc1bd877a9e6268cf34a195f8f29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
f5b764fa779a5880b1fbe26496fe2448

SHA1
aa46339e9208e7218fb66b15e62324eb1c0722e8

SHA256
97de05bd79a3fd624c0d06f4cb63c244b20a035308ab249a5ef3e503a9338f3d

SHA512
5bfc27e6164bcd0e42cd9aec04ba6bf3a82113ba4ad85aa5d34a550266e20ea6a6e55550ae669af4c2091319e505e1309d27b7c50269c157da0f004d246fe745

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a20c9d485f98d750e7f78d383387e546

SHA1
3a78c9231f8f659fe71f9b2acc42a62e7fe1e6cb

SHA256
d7dda788dbca04c461b3af4446fea6f774d9a37f9eb94d64782372b85c4cac64

SHA512
bc801ac5b7144a4f8234cd788df8c4820cf359d3ea8e444a50c1f66b1cf47e40ed9b465daf11434ef12cd2cf8e6dcce39ca2718e28ad190e727fc8a59d4357f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e57f401122db60b841035565429a7e55

SHA1
3140313619fe4176a69dde5fc290c0317e124410

SHA256
b9858d2edc4253e99a145f7093ef3dac42b43db71904f3cab139d65e8b53b70f

SHA512
ce2c568e37608b0776f0e83d97bdf73088fcde19d36994b306cff3e2a750796a8a1c42406b3d72ee3807553fa3367c3597e6234b939cfaf1b96f6e2f92d16ff1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d5fb46d358c28b1df732b161123ce906

SHA1
fdc6e4a88c1ce86bc64bf9db187b5825f982cff3

SHA256
76c5da1c5ab416bc4a1dc705b8eeed5b5f5dd961050ed46939ec0fa339a39a08

SHA512
888169ac22a3b4d3ab1cd8b539bf6e86c785e2826cb2757dfed9fac00197d5790c6f423a20149d32b43b7f4c06f4f55ab9b9639e48e843f004418cfb067f6427

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e5ad.TMP

Filesize
1KB

MD5
a41ab5e0e89205decbd9c22f9a545a32

SHA1
ec2fc6c3dda429a5019d849d354778b5be7bfb85

SHA256
3ffebdfbb29a91a7708c4f89b578695539dd33f205bbd4e3610bc9e0642afb83

SHA512
0ee0ec863f4bdd9236d629b49d0f1bae900329b35edc5f4307e112a7f1110bfe666b4c75975c0b55cf0fede59b8db6fb172fb2de61a701cfd4680891c7cfbb6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6a5ea1d5fc688a297da0e525dbab9f24

SHA1
bd365da0930bc4f8df1d4d77846b9020f5654b77

SHA256
9dfaaa3d4b6c08704f2586e631c81f58827166d3128557bfdd9c8afb172998eb

SHA512
bb26ee0823fe165400f12c950015f086ca05c3b4126312902ad267788f69119a113187f6e275db89a8f582c238d32a9944724573059a9fcf50b08180d1e141fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4a7cbeba32eaedcb93bea3bd897a981a

SHA1
f9eacbc678f1865294eda7c4e2060df2c70612a6

SHA256
604c990eb561ebac305c90664e6af7401d6c99ae181ba1afc2d46b518c26326b

SHA512
014869b5b20a1cb0c8b66b7a949b9f6a6fabfff163a16100082a4a03683d18e5274428fef29b1a6d47f9079544bf96b8f9c288f80f15590a6cbbbaeb2f6e855d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit