Overview

overview

10

Static

static

3

Albabat-0xb.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250314-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/04/2025, 01:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Albabat-0xb.exe

  • Size

    974KB

  • MD5

    45d20637261dea248644a849818659a0

  • SHA1

    29a81b7cf0f5f4a69fe47c4ccf3d06a300899997

  • SHA256

    483e0e32d3be3d2e585463aa7475c8b8ce254900bacfb9a546a5318fff024b74

  • SHA512

    a9c935eb23fba99ba74299db7b8ac3a158183d9fe9ccaaa87e8a1b9d39c518d223563378d981e6bf386f058b159609fb42e14ca45c023f7688ca57e0c61d2519

  • SSDEEP

    12288:fFDF/UI+c+xTOQUMnufZUgxXu/VzcccSCO4lkAjx9h/MR1V:fjnb+OQUMnufZ+tzcccSCO6ke3/Mf

Score
10/10
credential_accessdefense_evasiondiscoveryexecutionimpactransomwarespywarestealer

Malware Config

Extracted

Path

C:\Users\Admin\Albabat\readme\README.html

Ransom Note
Top | About | Payment | Contact | Decryption | FAQ | Translator 157 files on your machine have been encrypted! Your PERSONAL ID: 24cc36a2f01a38f1b0f88073 ::> How important are your files to you? Read this document for information on what happened and how to recover your files again. [+] 1 - ABOUT "Albabat Ransomware" [+] The "Albabat Ransomware" is a cross-platform ransomware that encrypts various files important to the USER on computer storage disks using symmetric encryption algorithm with military-grade identification. The "Albabat Ransomware" will automatically create a folder called "Albabat" in your machine's user directory, but precisely in: "C:\Users\Admin\Albabat\". IT IS RECOMMENDED to make a BACKUP of the ENTIRE "C:\Users\Admin\Albabat\" folder, as it contains important files for recovering your files, which will be explained later in this document about each of them. This folder also contains these same note documents, in: "C:\Users\Admin\Albabat\readme\README.html". - 1.1 - THE KEY TO CRYPTOGRAPHY Your files were encrypted with a KEY that was stored in the file "Albabat.ekey". Present in the "C:\Users\Admin\Albabat\" directory. However, this KEY was also ENCRYPTED with a PUBLIC KEY (asymmetric encryption), which means that it requires a PRIVATE KEY to be decrypted, and only I (tH3_CyberXY) have the PRIVATE KEY to perform this decryption, so that you can use the KEY "Albabat.key" in recovering your files. There is no way to decrypt your files without my data decryption service. There is no way to decrypt the files without decrypting the "Albabat.ekey" key. Don't delete, don't rename, don't lose the "Albabat.ekey" key. - 1.2 - YOUR PERSONAL ID Just like "Albabat.ekey", the PERSONAL ID is important in the process of decrypting your files, which will be used in the decryptor, which will be discussed later in the "DECRYPTION PROCESS" section. This number maintains a unique identity in your machine's encryption process. In addition to being informed in this document, your PERSONAL ID will also be printed in the "personal_id.txt" file in "C:\Users\Admin\Albabat\". Do not lose your PERSONAL ID, just as you should NOT lose the "Albabat.ekey" key. - 1.3 - THE ENCRYPTION PROCESS Encrypted files have the extension ".abbt". Don't try to rename it, it won't work. On the contrary, you may corrupt your files. The size of the files that the "Albabat Ransomware" encrypts is a maximum of 5 Megabytes (MB). The "Albabat Ransomware" randomly recursively traverses all directories it does not belong to the operation of the Operating System. Encrypts files in the user directory, even database locations and drives mounted on the machine if any. The "Albabat Ransomware" only encrypts files that are relevant. The Operating System and binary files will be intact. We didn't choose that. The "Albabat Ransomware" saves a log file named "Albabat_Logs.log" in the "C:\Users\Admin\Albabat\" directory. This file you can see all files that were encrypted by "Albabat Ransomware" in path form. [+] 2 - HOW TO CONTACT [+] These are the only ways to get in touch to recover your files. Any other form found on the internet will be fake. Contact methods: Email: [email protected] [+] 3 - PAYMENT [+] The decryption process is PAID in Bitcoin, so you need to have a Bitcoin balance on a cryptocurrency exchange or in a cryptocurrency wallet to make the deposit. You may want to read the FAQ page to know what Bitcoin is. Payment data: Bitcoin address: bc1qxsjjna67tccvf0e35e9z79d4utu3v9pg2rp7rj Amount to pay: 0,0015 BTC - To make payment and restore your files, follow these steps - (1) Write down the data to make the transfer via the Bitcoin address and the AMOUNT to pay specified above. Note: Remembering that the price of Bitcoin may vary monetarily depending on when you make the payment. (2) - Once you make the payment to the Bitcoin address above, send an email with a structure similar to this: Subject: Albabat Ransomware - I did the payment! Message: Hello, I made the payment. My BTC address where I made the payment is "xxx". The version of the "Albabat Ransomware" running on my machine was "0.3.0". Follow the attached KEY "Albabat.ekey". IMPORANT: Payment will be verifying using YOUR BTC ADDRESS ("xxx") in which the transaction was carried out, so it is IMPORTANT to inform when sending this email. It is also IMPORTANT that you send the KEY "Albabat.ekey" as an attachment, regardless of the contact method you chose. The key will be decrypted for you. You will receive in your email the KEY "Albabat.key", that is, the KEY "Albabat.ekey" decrypted, and the decryptor "decryptor.exe" attached (zipped). Albabat.key" and "decryptor.exe" within 24 hours, but it may vary by more or less depending on my availability times and the amount of demands I receive. Be patient. [+] 4 - DECRYPTION PROCESS [+] > To decrypt your files follow the steps below: (1) Place the "Albabat.key" that you received by email, inside the "C:\Users\Admin\Albabat\" directory, or, if you prefer, keep it in the same directory as "decryptor.exe". > IMPORTANT:At this point, it is very important that you close all open Explorer windows, and heavy programs, to prevent "decryptor.exe" from crashing and/or have poor performance. And also disable your ANTIVIRUS PERMANENTLY so that it does not interfere with the decryption process. (2) Run "decryptor.exe" and enter YOUR PERSONAL ID, then press ENTER. An alert message will appear informing you that the decryption started, just click Ok. Note: If you are on Linux, open a terminal and run from the command line to see the process. E.g: ./decryptor (3) Wait for the decryption completion message to be displayed in console, this may take a while depending on the quantity of files that have been encrypted and power of your machine. You can see the decryption process by I live from your files, if I have time for that. (4) After decryption is complete, all your files will be restored and the decryption log file "Albabat_Logs.log". will be created in the decryptor directory. If you have further questions, such as: "How can I be sure my files can be decrypted?", you can read the FAQ page. Copyright (c) 2021-2023 Albabat Ransomware - All Right Reserved. Maintained by: tH3_CyberXY.

Signatures

  • Deletes shadow copies 3 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution
  • Renames multiple (153) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Disables Task Manager via registry modification
    defense_evasion
  • Stops running service(s) 4 TTPs
    defense_evasionexecution
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Unsecured Credentials: Credentials In Files 1 TTPs

    Steal credentials from unsecured files.

    credential_accessstealer
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Drops file in Program Files directory 28 IoCs
  • Launches sc.exe 5 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Interacts with shadow copies 3 TTPs 1 IoCs

    Shadow copies are often targeted by ransomware to inhibit system recovery.

    ransomware
  • Kills process with taskkill 17 IoCs
    defense_evasion
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 21 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\Albabat-0xb.exe
    "C:\Users\Admin\AppData\Local\Temp\Albabat-0xb.exe"
    1⤵
    • Sets desktop wallpaper using registry
    • Suspicious behavior: RenamesItself
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:32
    • C:\Windows\System32\vssadmin.exe
      "C:\Windows\System32\vssadmin.exe" Delete Shadows /All /Quiet
      2⤵
      • Interacts with shadow copies
      PID:3772
    • C:\Windows\system32\reg.exe
      "reg" add HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /f /v DisableTaskMgr /t REG_DWORD /d 0
      2⤵
        PID:860
      • C:\Windows\system32\cmd.exe
        "cmd" /c taskkill /F /IM taskmgr.exe
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:2584
        • C:\Windows\system32\taskkill.exe
          taskkill /F /IM taskmgr.exe
          3⤵
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:5816
      • C:\Windows\system32\cmd.exe
        "cmd" /c taskkill /F /IM onedrive.exe
        2⤵
          PID:3028
          • C:\Windows\system32\taskkill.exe
            taskkill /F /IM onedrive.exe
            3⤵
            • Kills process with taskkill
            • Suspicious use of AdjustPrivilegeToken
            PID:6032
        • C:\Windows\system32\cmd.exe
          "cmd" /c taskkill /F /IM cs2.exe
          2⤵
            PID:4840
            • C:\Windows\system32\taskkill.exe
              taskkill /F /IM cs2.exe
              3⤵
              • Kills process with taskkill
              • Suspicious use of AdjustPrivilegeToken
              PID:348
          • C:\Windows\system32\cmd.exe
            "cmd" /c taskkill /F /IM mspub.exe
            2⤵
            • Suspicious use of WriteProcessMemory
            PID:2688
            • C:\Windows\system32\taskkill.exe
              taskkill /F /IM mspub.exe
              3⤵
              • Kills process with taskkill
              • Suspicious use of AdjustPrivilegeToken
              PID:748
          • C:\Windows\system32\cmd.exe
            "cmd" /c taskkill /F /IM msedge.exe
            2⤵
              PID:1032
              • C:\Windows\system32\taskkill.exe
                taskkill /F /IM msedge.exe
                3⤵
                • Kills process with taskkill
                • Suspicious use of AdjustPrivilegeToken
                PID:6040
            • C:\Windows\system32\cmd.exe
              "cmd" /c taskkill /F /IM msaccess.exe
              2⤵
                PID:2976
                • C:\Windows\system32\taskkill.exe
                  taskkill /F /IM msaccess.exe
                  3⤵
                  • Kills process with taskkill
                  • Suspicious use of AdjustPrivilegeToken
                  PID:4816
              • C:\Windows\system32\cmd.exe
                "cmd" /c taskkill /F /IM outlook.exe
                2⤵
                • Suspicious use of WriteProcessMemory
                PID:1924
                • C:\Windows\system32\taskkill.exe
                  taskkill /F /IM outlook.exe
                  3⤵
                  • Kills process with taskkill
                  • Suspicious use of AdjustPrivilegeToken
                  PID:5872
              • C:\Windows\system32\cmd.exe
                "cmd" /c taskkill /F /IM code.exe
                2⤵
                  PID:2836
                  • C:\Windows\system32\taskkill.exe
                    taskkill /F /IM code.exe
                    3⤵
                    • Kills process with taskkill
                    • Suspicious use of AdjustPrivilegeToken
                    PID:4812
                • C:\Windows\system32\cmd.exe
                  "cmd" /c taskkill /F /IM sublime_text.exe
                  2⤵
                    PID:2260
                    • C:\Windows\system32\taskkill.exe
                      taskkill /F /IM sublime_text.exe
                      3⤵
                      • Kills process with taskkill
                      • Suspicious use of AdjustPrivilegeToken
                      PID:4624
                  • C:\Windows\system32\cmd.exe
                    "cmd" /c taskkill /F /IM mysqlworkbench.exe
                    2⤵
                    • Suspicious use of WriteProcessMemory
                    PID:4560
                    • C:\Windows\system32\taskkill.exe
                      taskkill /F /IM mysqlworkbench.exe
                      3⤵
                      • Kills process with taskkill
                      • Suspicious use of AdjustPrivilegeToken
                      PID:6020
                  • C:\Windows\system32\cmd.exe
                    "cmd" /c taskkill /F /IM postgres.exe
                    2⤵
                      PID:1244
                      • C:\Windows\system32\taskkill.exe
                        taskkill /F /IM postgres.exe
                        3⤵
                        • Kills process with taskkill
                        • Suspicious use of AdjustPrivilegeToken
                        PID:3604
                    • C:\Windows\system32\cmd.exe
                      "cmd" /c taskkill /F /IM excel.exe
                      2⤵
                      • Suspicious use of WriteProcessMemory
                      PID:4168
                      • C:\Windows\system32\taskkill.exe
                        taskkill /F /IM excel.exe
                        3⤵
                        • Kills process with taskkill
                        • Suspicious use of AdjustPrivilegeToken
                        PID:3468
                    • C:\Windows\system32\cmd.exe
                      "cmd" /c taskkill /F /IM steam.exe
                      2⤵
                        PID:1888
                        • C:\Windows\system32\taskkill.exe
                          taskkill /F /IM steam.exe
                          3⤵
                          • Kills process with taskkill
                          • Suspicious use of AdjustPrivilegeToken
                          PID:3624
                      • C:\Windows\system32\cmd.exe
                        "cmd" /c taskkill /F /IM powerpnt.exe
                        2⤵
                          PID:2952
                          • C:\Windows\system32\taskkill.exe
                            taskkill /F /IM powerpnt.exe
                            3⤵
                            • Kills process with taskkill
                            • Suspicious use of AdjustPrivilegeToken
                            PID:3364
                        • C:\Windows\system32\cmd.exe
                          "cmd" /c taskkill /F /IM windowsterminal.exe
                          2⤵
                          • Suspicious use of WriteProcessMemory
                          PID:1904
                          • C:\Windows\system32\taskkill.exe
                            taskkill /F /IM windowsterminal.exe
                            3⤵
                            • Kills process with taskkill
                            • Suspicious use of AdjustPrivilegeToken
                            PID:4048
                        • C:\Windows\system32\cmd.exe
                          "cmd" /c taskkill /F /IM chrome.exe
                          2⤵
                            PID:1848
                            • C:\Windows\system32\taskkill.exe
                              taskkill /F /IM chrome.exe
                              3⤵
                              • Kills process with taskkill
                              • Suspicious use of AdjustPrivilegeToken
                              PID:5020
                          • C:\Windows\system32\cmd.exe
                            "cmd" /c taskkill /F /IM winword.exe
                            2⤵
                              PID:1732
                              • C:\Windows\system32\taskkill.exe
                                taskkill /F /IM winword.exe
                                3⤵
                                • Kills process with taskkill
                                • Suspicious use of AdjustPrivilegeToken
                                PID:2792
                            • C:\Windows\system32\cmd.exe
                              "cmd" /c sc stop MySQL57
                              2⤵
                                PID:1324
                                • C:\Windows\system32\sc.exe
                                  sc stop MySQL57
                                  3⤵
                                  • Launches sc.exe
                                  PID:5216
                              • C:\Windows\system32\cmd.exe
                                "cmd" /c sc stop MySQL82
                                2⤵
                                  PID:3980
                                  • C:\Windows\system32\sc.exe
                                    sc stop MySQL82
                                    3⤵
                                    • Launches sc.exe
                                    PID:1824
                                • C:\Windows\system32\cmd.exe
                                  "cmd" /c sc stop postgresql-x64-15
                                  2⤵
                                  • Suspicious use of WriteProcessMemory
                                  PID:2692
                                  • C:\Windows\system32\sc.exe
                                    sc stop postgresql-x64-15
                                    3⤵
                                    • Launches sc.exe
                                    PID:4820
                                • C:\Windows\system32\cmd.exe
                                  "cmd" /c sc stop MySQL80
                                  2⤵
                                  • Suspicious use of WriteProcessMemory
                                  PID:4228
                                  • C:\Windows\system32\sc.exe
                                    sc stop MySQL80
                                    3⤵
                                    • Launches sc.exe
                                    PID:3844
                                • C:\Windows\system32\cmd.exe
                                  "cmd" /c sc stop postgresql-x64-14
                                  2⤵
                                    PID:4700
                                    • C:\Windows\system32\sc.exe
                                      sc stop postgresql-x64-14
                                      3⤵
                                      • Launches sc.exe
                                      PID:1640
                                  • C:\Windows\system32\cmd.exe
                                    "cmd" /c start msedge.exe --kiosk C:\Users\Admin\Albabat\readme\README.html --edge-kiosk-type=fullscreen
                                    2⤵
                                    • Checks computer location settings
                                    PID:6400
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk C:\Users\Admin\Albabat\readme\README.html --edge-kiosk-type=fullscreen
                                      3⤵
                                        PID:6672
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --edge-kiosk-type=fullscreen --edge-skip-compat-layer-relaunch "C:\Users\Admin\Albabat\readme\README.html"
                                          4⤵
                                          • Drops file in Program Files directory
                                          • Checks processor information in registry
                                          • Enumerates system info in registry
                                          • Modifies data under HKEY_USERS
                                          • Modifies registry class
                                          • Suspicious behavior: EnumeratesProcesses
                                          • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                          • Suspicious use of FindShellTrayWindow
                                          PID:6764
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x238,0x23c,0x240,0x234,0x260,0x7fff4d83f208,0x7fff4d83f214,0x7fff4d83f220
                                            5⤵
                                              PID:6804
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2236,i,1067912743218679647,1068613012464421935,262144 --variations-seed-version --mojo-platform-channel-handle=2232 /prefetch:2
                                              5⤵
                                                PID:7080
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1920,i,1067912743218679647,1068613012464421935,262144 --variations-seed-version --mojo-platform-channel-handle=2296 /prefetch:3
                                                5⤵
                                                  PID:7088
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2460,i,1067912743218679647,1068613012464421935,262144 --variations-seed-version --mojo-platform-channel-handle=2516 /prefetch:8
                                                  5⤵
                                                    PID:7152
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3432,i,1067912743218679647,1068613012464421935,262144 --variations-seed-version --mojo-platform-channel-handle=3472 /prefetch:1
                                                    5⤵
                                                      PID:5388
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3440,i,1067912743218679647,1068613012464421935,262144 --variations-seed-version --mojo-platform-channel-handle=3552 /prefetch:1
                                                      5⤵
                                                        PID:5396
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --string-annotations --always-read-main-dll --field-trial-handle=3864,i,1067912743218679647,1068613012464421935,262144 --variations-seed-version --mojo-platform-channel-handle=3916 /prefetch:8
                                                        5⤵
                                                          PID:5772
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --string-annotations --always-read-main-dll --field-trial-handle=3900,i,1067912743218679647,1068613012464421935,262144 --variations-seed-version --mojo-platform-channel-handle=3980 /prefetch:8
                                                          5⤵
                                                            PID:5788
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --string-annotations --always-read-main-dll --field-trial-handle=3904,i,1067912743218679647,1068613012464421935,262144 --variations-seed-version --mojo-platform-channel-handle=3988 /prefetch:8
                                                            5⤵
                                                              PID:5928
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --always-read-main-dll --field-trial-handle=4024,i,1067912743218679647,1068613012464421935,262144 --variations-seed-version --mojo-platform-channel-handle=4036 /prefetch:1
                                                              5⤵
                                                                PID:5960
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=4088,i,1067912743218679647,1068613012464421935,262144 --variations-seed-version --mojo-platform-channel-handle=4068 /prefetch:2
                                                                5⤵
                                                                  PID:864
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --always-read-main-dll --field-trial-handle=4232,i,1067912743218679647,1068613012464421935,262144 --variations-seed-version --mojo-platform-channel-handle=4320 /prefetch:1
                                                                  5⤵
                                                                    PID:1520
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --always-read-main-dll --field-trial-handle=4348,i,1067912743218679647,1068613012464421935,262144 --variations-seed-version --mojo-platform-channel-handle=3976 /prefetch:2
                                                                    5⤵
                                                                      PID:2732
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --always-read-main-dll --field-trial-handle=4424,i,1067912743218679647,1068613012464421935,262144 --variations-seed-version --mojo-platform-channel-handle=4552 /prefetch:1
                                                                      5⤵
                                                                        PID:2916
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=4448,i,1067912743218679647,1068613012464421935,262144 --variations-seed-version --mojo-platform-channel-handle=4380 /prefetch:2
                                                                        5⤵
                                                                          PID:5796
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --always-read-main-dll --field-trial-handle=4580,i,1067912743218679647,1068613012464421935,262144 --variations-seed-version --mojo-platform-channel-handle=4568 /prefetch:1
                                                                          5⤵
                                                                            PID:5828
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --always-read-main-dll --field-trial-handle=4608,i,1067912743218679647,1068613012464421935,262144 --variations-seed-version --mojo-platform-channel-handle=4752 /prefetch:2
                                                                            5⤵
                                                                              PID:5836
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=5508,i,1067912743218679647,1068613012464421935,262144 --variations-seed-version --mojo-platform-channel-handle=5572 /prefetch:2
                                                                              5⤵
                                                                                PID:5932
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=5772,i,1067912743218679647,1068613012464421935,262144 --variations-seed-version --mojo-platform-channel-handle=4972 /prefetch:2
                                                                                5⤵
                                                                                  PID:3364
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --always-read-main-dll --field-trial-handle=5876,i,1067912743218679647,1068613012464421935,262144 --variations-seed-version --mojo-platform-channel-handle=5396 /prefetch:2
                                                                                  5⤵
                                                                                    PID:1776
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --always-read-main-dll --field-trial-handle=5844,i,1067912743218679647,1068613012464421935,262144 --variations-seed-version --mojo-platform-channel-handle=4360 /prefetch:2
                                                                                    5⤵
                                                                                      PID:920
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --always-read-main-dll --field-trial-handle=5892,i,1067912743218679647,1068613012464421935,262144 --variations-seed-version --mojo-platform-channel-handle=4648 /prefetch:2
                                                                                      5⤵
                                                                                        PID:3024
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=5944,i,1067912743218679647,1068613012464421935,262144 --variations-seed-version --mojo-platform-channel-handle=6704 /prefetch:1
                                                                                        5⤵
                                                                                          PID:1580
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4436,i,1067912743218679647,1068613012464421935,262144 --variations-seed-version --mojo-platform-channel-handle=4780 /prefetch:8
                                                                                          5⤵
                                                                                            PID:5820
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --always-read-main-dll --field-trial-handle=6580,i,1067912743218679647,1068613012464421935,262144 --variations-seed-version --mojo-platform-channel-handle=5460 /prefetch:1
                                                                                            5⤵
                                                                                              PID:2404
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --always-read-main-dll --field-trial-handle=5928,i,1067912743218679647,1068613012464421935,262144 --variations-seed-version --mojo-platform-channel-handle=5432 /prefetch:1
                                                                                              5⤵
                                                                                                PID:1116
                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5756,i,1067912743218679647,1068613012464421935,262144 --variations-seed-version --mojo-platform-channel-handle=6748 /prefetch:8
                                                                                                5⤵
                                                                                                  PID:4636
                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4640,i,1067912743218679647,1068613012464421935,262144 --variations-seed-version --mojo-platform-channel-handle=5160 /prefetch:8
                                                                                                  5⤵
                                                                                                    PID:6676
                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7320,i,1067912743218679647,1068613012464421935,262144 --variations-seed-version --mojo-platform-channel-handle=5192 /prefetch:8
                                                                                                    5⤵
                                                                                                      PID:6760
                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7632,i,1067912743218679647,1068613012464421935,262144 --variations-seed-version --mojo-platform-channel-handle=7612 /prefetch:8
                                                                                                      5⤵
                                                                                                        PID:2036
                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7632,i,1067912743218679647,1068613012464421935,262144 --variations-seed-version --mojo-platform-channel-handle=7612 /prefetch:8
                                                                                                        5⤵
                                                                                                          PID:6140
                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7676,i,1067912743218679647,1068613012464421935,262144 --variations-seed-version --mojo-platform-channel-handle=7720 /prefetch:8
                                                                                                          5⤵
                                                                                                            PID:5636
                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7684,i,1067912743218679647,1068613012464421935,262144 --variations-seed-version --mojo-platform-channel-handle=7868 /prefetch:8
                                                                                                            5⤵
                                                                                                              PID:5992
                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe
                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
                                                                                                              5⤵
                                                                                                              • Drops file in Program Files directory
                                                                                                              PID:6096
                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe
                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x21c,0x220,0x224,0x1a0,0x228,0x7ff775956a68,0x7ff775956a74,0x7ff775956a80
                                                                                                                6⤵
                                                                                                                • Drops file in Program Files directory
                                                                                                                PID:2816
                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe
                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe" --msedge --system-level --verbose-logging --installerdata="C:\Program Files (x86)\Microsoft\Edge\Application\master_preferences" --create-shortcuts=1 --install-level=0
                                                                                                                6⤵
                                                                                                                • Drops file in Program Files directory
                                                                                                                PID:5524
                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe
                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff775956a68,0x7ff775956a74,0x7ff775956a80
                                                                                                                  7⤵
                                                                                                                  • Drops file in Program Files directory
                                                                                                                  PID:5640
                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7088,i,1067912743218679647,1068613012464421935,262144 --variations-seed-version --mojo-platform-channel-handle=7108 /prefetch:8
                                                                                                              5⤵
                                                                                                                PID:5548
                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7996,i,1067912743218679647,1068613012464421935,262144 --variations-seed-version --mojo-platform-channel-handle=7156 /prefetch:8
                                                                                                                5⤵
                                                                                                                  PID:5580
                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7908,i,1067912743218679647,1068613012464421935,262144 --variations-seed-version --mojo-platform-channel-handle=8088 /prefetch:8
                                                                                                                  5⤵
                                                                                                                    PID:5504
                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7780,i,1067912743218679647,1068613012464421935,262144 --variations-seed-version --mojo-platform-channel-handle=8188 /prefetch:8
                                                                                                                    5⤵
                                                                                                                      PID:5500
                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8320,i,1067912743218679647,1068613012464421935,262144 --variations-seed-version --mojo-platform-channel-handle=8332 /prefetch:8
                                                                                                                      5⤵
                                                                                                                        PID:448
                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7832,i,1067912743218679647,1068613012464421935,262144 --variations-seed-version --mojo-platform-channel-handle=7900 /prefetch:8
                                                                                                                        5⤵
                                                                                                                          PID:5004
                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7360,i,1067912743218679647,1068613012464421935,262144 --variations-seed-version --mojo-platform-channel-handle=4664 /prefetch:8
                                                                                                                          5⤵
                                                                                                                            PID:5128
                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4620,i,1067912743218679647,1068613012464421935,262144 --variations-seed-version --mojo-platform-channel-handle=4948 /prefetch:8
                                                                                                                            5⤵
                                                                                                                              PID:2500
                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6224,i,1067912743218679647,1068613012464421935,262144 --variations-seed-version --mojo-platform-channel-handle=6988 /prefetch:8
                                                                                                                              5⤵
                                                                                                                                PID:228
                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7580,i,1067912743218679647,1068613012464421935,262144 --variations-seed-version --mojo-platform-channel-handle=6980 /prefetch:8
                                                                                                                                5⤵
                                                                                                                                  PID:2180
                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=4112,i,1067912743218679647,1068613012464421935,262144 --variations-seed-version --mojo-platform-channel-handle=5828 /prefetch:8
                                                                                                                                  5⤵
                                                                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                                                                  PID:7044
                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7068,i,1067912743218679647,1068613012464421935,262144 --variations-seed-version --mojo-platform-channel-handle=3460 /prefetch:8
                                                                                                                                  5⤵
                                                                                                                                    PID:4824
                                                                                                                            • C:\Windows\system32\cmd.exe
                                                                                                                              "cmd" /C "del C:\Users\Admin\AppData\Roaming\Albabat-0xb.exe"
                                                                                                                              2⤵
                                                                                                                                PID:6408
                                                                                                                            • C:\Windows\system32\vssvc.exe
                                                                                                                              C:\Windows\system32\vssvc.exe
                                                                                                                              1⤵
                                                                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                                                                              PID:4948
                                                                                                                            • C:\Windows\system32\cmd.exe
                                                                                                                              C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
                                                                                                                              1⤵
                                                                                                                                PID:840
                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
                                                                                                                                  2⤵
                                                                                                                                  • Checks processor information in registry
                                                                                                                                  • Enumerates system info in registry
                                                                                                                                  • Modifies registry class
                                                                                                                                  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                                                                                  PID:6024
                                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x260,0x7fff4d83f208,0x7fff4d83f214,0x7fff4d83f220
                                                                                                                                    3⤵
                                                                                                                                      PID:3520
                                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1716,i,2028495577204718927,3856440532704952861,262144 --variations-seed-version --mojo-platform-channel-handle=2212 /prefetch:3
                                                                                                                                      3⤵
                                                                                                                                        PID:1312
                                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2176,i,2028495577204718927,3856440532704952861,262144 --variations-seed-version --mojo-platform-channel-handle=2172 /prefetch:2
                                                                                                                                        3⤵
                                                                                                                                          PID:5128
                                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2592,i,2028495577204718927,3856440532704952861,262144 --variations-seed-version --mojo-platform-channel-handle=2608 /prefetch:8
                                                                                                                                          3⤵
                                                                                                                                            PID:4000
                                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3540,i,2028495577204718927,3856440532704952861,262144 --variations-seed-version --mojo-platform-channel-handle=3844 /prefetch:2
                                                                                                                                            3⤵
                                                                                                                                              PID:3016
                                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
                                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
                                                                                                                                          1⤵
                                                                                                                                            PID:3736

                                                                                                                                          Network

                                                                                                                                          MITRE ATT&CK Enterprise v15

                                                                                                                                          Reconnaissance

                                                                                                                                          Resource Development

                                                                                                                                          Initial Access

                                                                                                                                          Execution

                                                                                                                                          System Services

                                                                                                                                          1
                                                                                                                                          T1569

                                                                                                                                          Service Execution

                                                                                                                                          1
                                                                                                                                          T1569.002

                                                                                                                                          Windows Management Instrumentation

                                                                                                                                          1
                                                                                                                                          T1047

                                                                                                                                          Persistence

                                                                                                                                          Create or Modify System Process

                                                                                                                                          1
                                                                                                                                          T1543

                                                                                                                                          Windows Service

                                                                                                                                          1
                                                                                                                                          T1543.003

                                                                                                                                          Privilege Escalation

                                                                                                                                          Create or Modify System Process

                                                                                                                                          1
                                                                                                                                          T1543

                                                                                                                                          Windows Service

                                                                                                                                          1
                                                                                                                                          T1543.003

                                                                                                                                          Defense Evasion

                                                                                                                                          Direct Volume Access

                                                                                                                                          1
                                                                                                                                          T1006

                                                                                                                                          Impair Defenses

                                                                                                                                          1
                                                                                                                                          T1562

                                                                                                                                          Indicator Removal

                                                                                                                                          2
                                                                                                                                          T1070

                                                                                                                                          File Deletion

                                                                                                                                          2
                                                                                                                                          T1070.004

                                                                                                                                          Modify Registry

                                                                                                                                          1
                                                                                                                                          T1112

                                                                                                                                          Credential Access

                                                                                                                                          Credentials from Password Stores

                                                                                                                                          1
                                                                                                                                          T1555

                                                                                                                                          Credentials from Web Browsers

                                                                                                                                          1
                                                                                                                                          T1555.003

                                                                                                                                          Unsecured Credentials

                                                                                                                                          2
                                                                                                                                          T1552

                                                                                                                                          Credentials In Files

                                                                                                                                          2
                                                                                                                                          T1552.001

                                                                                                                                          Discovery

                                                                                                                                          Browser Information Discovery

                                                                                                                                          1
                                                                                                                                          T1217

                                                                                                                                          Query Registry

                                                                                                                                          3
                                                                                                                                          T1012

                                                                                                                                          System Information Discovery

                                                                                                                                          4
                                                                                                                                          T1082

                                                                                                                                          Lateral Movement

                                                                                                                                          Collection

                                                                                                                                          Data from Local System

                                                                                                                                          1
                                                                                                                                          T1005

                                                                                                                                          Command and Control

                                                                                                                                          Exfiltration

                                                                                                                                          Impact

                                                                                                                                          Defacement

                                                                                                                                          1
                                                                                                                                          T1491

                                                                                                                                          Inhibit System Recovery

                                                                                                                                          2
                                                                                                                                          T1490

                                                                                                                                          Service Stop

                                                                                                                                          1
                                                                                                                                          T1489

                                                                                                                                          Replay Monitor

                                                                                                                                          Loading Replay Monitor...

                                                                                                                                          Downloads

                                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\5524_13388203777030952_5524.pma
                                                                                                                                            Filesize

                                                                                                                                            928B

                                                                                                                                            MD5

                                                                                                                                            8534e46baeab4221bc19108ee3a70780

                                                                                                                                            SHA1

                                                                                                                                            dc88a8581e15509cfa9985b1ec3bead5f68fa387

                                                                                                                                            SHA256

                                                                                                                                            704068fded1f94134f228749dcab0ff607736809b8034af01635e6cbeb382351

                                                                                                                                            SHA512

                                                                                                                                            2e0ef51ecb6be50370b98e8d7289aacbb5077bbdff690b7fe7bf09000259795514b6365c5a12b220a8b8e92a24b1c1c96e2115604fff9c2996aebc0d39fede46

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\6096_13388203777086735_6096.pma
                                                                                                                                            Filesize

                                                                                                                                            344B

                                                                                                                                            MD5

                                                                                                                                            1b7cdddfb06152ae01f12d9f253237d6

                                                                                                                                            SHA1

                                                                                                                                            1ef358781a086a0727f4fa95cd53510eb328bc52

                                                                                                                                            SHA256

                                                                                                                                            fd668d6edcf6b6cc176edd9bf7b0d7f1881fe2f0d94ebae656127c27a359550e

                                                                                                                                            SHA512

                                                                                                                                            4705c93b233be92dd2d04649d404b538bc76607bbe655d5e35a739653ac1af776ecdd12ec1cbf81476070ec5bae633f891817155014730a06939efb21bd132ea

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Program Files\chrome_Unpacker_BeginUnzipping6764_1120771568\manifest.json
                                                                                                                                            Filesize

                                                                                                                                            160B

                                                                                                                                            MD5

                                                                                                                                            c3911ceb35539db42e5654bdd60ac956

                                                                                                                                            SHA1

                                                                                                                                            71be0751e5fc583b119730dbceb2c723f2389f6c

                                                                                                                                            SHA256

                                                                                                                                            31952875f8bb2e71f49231c95349945ffc0c1dd975f06309a0d138f002cfd23d

                                                                                                                                            SHA512

                                                                                                                                            d8b2c7c5b7105a6f0c4bc9c79c05b1202bc8deb90e60a037fec59429c04fc688a745ee1a0d06a8311466b4d14e2921dfb4476104432178c01df1e99deb48b331

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Program Files\chrome_Unpacker_BeginUnzipping6764_1292104826\manifest.json
                                                                                                                                            Filesize

                                                                                                                                            134B

                                                                                                                                            MD5

                                                                                                                                            049c307f30407da557545d34db8ced16

                                                                                                                                            SHA1

                                                                                                                                            f10b86ebfe8d30d0dc36210939ca7fa7a819d494

                                                                                                                                            SHA256

                                                                                                                                            c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

                                                                                                                                            SHA512

                                                                                                                                            14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Program Files\chrome_Unpacker_BeginUnzipping6764_1933585926\manifest.json
                                                                                                                                            Filesize

                                                                                                                                            160B

                                                                                                                                            MD5

                                                                                                                                            a24a1941bbb8d90784f5ef76712002f5

                                                                                                                                            SHA1

                                                                                                                                            5c2b6323c7ed8913b5d0d65a4d21062c96df24eb

                                                                                                                                            SHA256

                                                                                                                                            2a7fe18a087d8e8be847d9569420b6e8907917ff6ca0fa42be15d4e3653c8747

                                                                                                                                            SHA512

                                                                                                                                            fd7dfec3d46b2af0bddb5aaeae79467507e0c29bab814007a39ea61231e76123659f18a453ed3feb25f16652a0c63c33545e2a0d419fafea89f563fca6a07ce2

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Program Files\chrome_Unpacker_BeginUnzipping6764_711138910\manifest.json
                                                                                                                                            Filesize

                                                                                                                                            43B

                                                                                                                                            MD5

                                                                                                                                            af3a9104ca46f35bb5f6123d89c25966

                                                                                                                                            SHA1

                                                                                                                                            1ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8

                                                                                                                                            SHA256

                                                                                                                                            81bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea

                                                                                                                                            SHA512

                                                                                                                                            6a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Program Files\msedge_installer.log
                                                                                                                                            Filesize

                                                                                                                                            108KB

                                                                                                                                            MD5

                                                                                                                                            94b83060eb860db45698fab04cacd399

                                                                                                                                            SHA1

                                                                                                                                            a3c97efe08f4adb86b67d8e173c37148d309875d

                                                                                                                                            SHA256

                                                                                                                                            3d2f003554abfe3a45305a60427d538825b6f2036532dac71fbfff9d36c6aa4a

                                                                                                                                            SHA512

                                                                                                                                            b4a0681a4fc52c41d97ff0e5e6427f04f60161b54ef8f611a011583c5d7a4639864f14f6312f0ba4f84acbfb5f7668d5836eceb549021fc3238d795b9193bc71

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\Albabat\Albabat_Logs.log
                                                                                                                                            Filesize

                                                                                                                                            4KB

                                                                                                                                            MD5

                                                                                                                                            d27644147fb2d151407c0ad3a66d94cb

                                                                                                                                            SHA1

                                                                                                                                            50fa783f147efbe2b1c46d44e111d134bd1d065c

                                                                                                                                            SHA256

                                                                                                                                            37a4e16654e9f577752f9e9a05a34aaf46a5468cb4707e9b63bbca93622afc19

                                                                                                                                            SHA512

                                                                                                                                            25bfac92215ed5920a99dd571aeaa3230d98fe02ddb26c74b19a7588821028687c5e64be691ca738bab1dc133ffd33fd46f45938e0ca55d54157f3f502436633

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\Albabat\Albabat_Logs.log
                                                                                                                                            Filesize

                                                                                                                                            6KB

                                                                                                                                            MD5

                                                                                                                                            8fe2fb5adf34c09547d7f645ff7010dd

                                                                                                                                            SHA1

                                                                                                                                            e24e5c1e90898a618fad2c3b4e4b17eace536e20

                                                                                                                                            SHA256

                                                                                                                                            6f2e8e5645c3a32d3326e7d7044a0d96c4e19252e3f5d737ba5a878027de3c51

                                                                                                                                            SHA512

                                                                                                                                            9490f267625b869739b13581c6e1c729c052848d53d3a689dfe4d32add8fbef154f7faac6323a6441dd768954ae4c1639a2135aa1474218c1c4dddcd9d159512

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\Albabat\readme\README.html
                                                                                                                                            Filesize

                                                                                                                                            11KB

                                                                                                                                            MD5

                                                                                                                                            1fbfc828d3b51f6523a3fa63fdec3b38

                                                                                                                                            SHA1

                                                                                                                                            f44dd96308efadb546a424233ac7d5dead968416

                                                                                                                                            SHA256

                                                                                                                                            f0a9e7fd9c934e4e9028dda7f23916f970b87ee1043b3866b4f038fca5019b8c

                                                                                                                                            SHA512

                                                                                                                                            48ce75112f844004e9fcb183825aff61689ce9a7014836fc36ddda5064bf049693a0dbc14c90e7fa2d904b75504b1b202aeb7c4445e49c20bdf440b9a0e4f481

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\Albabat\readme\assets\banner.jpg
                                                                                                                                            Filesize

                                                                                                                                            34KB

                                                                                                                                            MD5

                                                                                                                                            cdd21e46a5979655fe9debcf8d59cd4b

                                                                                                                                            SHA1

                                                                                                                                            94f8ce57c0507b88952fadc3f6f244fce64d2085

                                                                                                                                            SHA256

                                                                                                                                            de25a55ff7e70c900c5e49e32aad2a0704ab074af5fee3eac230dc9bab373f04

                                                                                                                                            SHA512

                                                                                                                                            bd0ce1c5098ffcfb52e3e183ba025ef1be4d0dd4a3fe8a90b60bb139d4717263e427339f1028aeec6aa8d32ff31181ebff8d306d2c34b57015b2a3049c21f45e

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\Albabat\readme\assets\script.js
                                                                                                                                            Filesize

                                                                                                                                            1KB

                                                                                                                                            MD5

                                                                                                                                            e9f53c2fe8f64fb7d0734d13ee9a4e32

                                                                                                                                            SHA1

                                                                                                                                            f93d0cfffe122ed8a1731b811593094c813a8456

                                                                                                                                            SHA256

                                                                                                                                            ec235d691cfabc4ef54a889398e17d11541b10f27a066e10444429c86a4565bd

                                                                                                                                            SHA512

                                                                                                                                            ec67691036ff7047aeed7b4dade254164d2a5e60cfd5a58269023ac843252e7d916c826e6f0a186fb6398a11e651e6fca9cf889a81894095efd43253fd5e1e7e

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\Albabat\readme\assets\style.css
                                                                                                                                            Filesize

                                                                                                                                            2KB

                                                                                                                                            MD5

                                                                                                                                            a4aa4f0c506a5e9c608773293ff7b794

                                                                                                                                            SHA1

                                                                                                                                            b360063387c81c49184cd67341c1da46e7ee6693

                                                                                                                                            SHA256

                                                                                                                                            c18a7519a841d7b8b32f5fedfb8d7cb1107c0d03c1c0d5ec7b6c41564814dddf

                                                                                                                                            SHA512

                                                                                                                                            23e17b9ca42520c0a07a1031ae096dfb837196d3928205c8eadbceda87bfff5f1655ee953bd725298175564f96d96e751d9f02ee0b83d25b134b292fea175815

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json
                                                                                                                                            Filesize

                                                                                                                                            3KB

                                                                                                                                            MD5

                                                                                                                                            f9fd82b572ef4ce41a3d1075acc52d22

                                                                                                                                            SHA1

                                                                                                                                            fdded5eef95391be440cc15f84ded0480c0141e3

                                                                                                                                            SHA256

                                                                                                                                            5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

                                                                                                                                            SHA512

                                                                                                                                            17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
                                                                                                                                            Filesize

                                                                                                                                            280B

                                                                                                                                            MD5

                                                                                                                                            aa136006ddc8286d8c43f834eb72f48e

                                                                                                                                            SHA1

                                                                                                                                            76d5ceb0657372399d3df51de920690757618e8e

                                                                                                                                            SHA256

                                                                                                                                            138063b410cd3a5534ef4d423ffe43bc63183251e96b475552a2d48c3df0a8cb

                                                                                                                                            SHA512

                                                                                                                                            e7ec9f27b9589f6d9eda1b9e331cb3e31f20d4f3bcf559e7ba4ff24dca213e63ad61d6cb9c91afd2849448c06b110d80bfbbb765fdedab7df34a4d8237429c7e

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
                                                                                                                                            Filesize

                                                                                                                                            280B

                                                                                                                                            MD5

                                                                                                                                            1589ef8f641918bb7d66e39315f3940c

                                                                                                                                            SHA1

                                                                                                                                            dabc5a5c1108c9ca467786a74ac6fc999f57d59b

                                                                                                                                            SHA256

                                                                                                                                            aef01b2f270b5c271d040051d028c1521f2f391c9b0389668f111a3dc66a87a3

                                                                                                                                            SHA512

                                                                                                                                            1e4dbf578b980cd2fd6c04e1e0b58b959dd9c78cf7f37e565da5c17e1e5df54f85325b9da47944fd078a9e7b2ea466410664670e0377d016f77a3214c8887cc5

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\throttle_store.dat
                                                                                                                                            Filesize

                                                                                                                                            20B

                                                                                                                                            MD5

                                                                                                                                            9e4e94633b73f4a7680240a0ffd6cd2c

                                                                                                                                            SHA1

                                                                                                                                            e68e02453ce22736169a56fdb59043d33668368f

                                                                                                                                            SHA256

                                                                                                                                            41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

                                                                                                                                            SHA512

                                                                                                                                            193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                            Filesize

                                                                                                                                            384B

                                                                                                                                            MD5

                                                                                                                                            a229bdef25f097e1220b5a11d7cfc6e7

                                                                                                                                            SHA1

                                                                                                                                            9f464bd92bc439444b0561b31fe05932a30f61df

                                                                                                                                            SHA256

                                                                                                                                            fc8c0895063b16cad3d1ef054c206c972a5097e6b7a7ac779a6578ec402612fa

                                                                                                                                            SHA512

                                                                                                                                            d44201fe7969551ba0f530cf13104a368e74b6320f324fb68ab270b3a3b4b69e01d40b87ff4050e28a5a38b2e42c8d461185a66583569adf9854bb57e4234cdf

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Code Cache\js\index-dir\the-real-index~RFe58075e.TMP
                                                                                                                                            Filesize

                                                                                                                                            48B

                                                                                                                                            MD5

                                                                                                                                            ef04ef0786a412bbd7e7427dbbaca86c

                                                                                                                                            SHA1

                                                                                                                                            ae2e68fa49e2983e3a8472d933faf71054ff69f3

                                                                                                                                            SHA256

                                                                                                                                            c142309e159eca7a379f624d99930a988b608ef3b4f19c692e3f44ee60d05d6b

                                                                                                                                            SHA512

                                                                                                                                            55148240d19907c7356788872216b6f224f37c46177b6cd84158e98336dc10d47dae71e6266afd22e0dcf2f024389a7f3ad47789a02e36fd9ed6abe13d708f42

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\DawnGraphiteCache\data_3
                                                                                                                                            Filesize

                                                                                                                                            8KB

                                                                                                                                            MD5

                                                                                                                                            41876349cb12d6db992f1309f22df3f0

                                                                                                                                            SHA1

                                                                                                                                            5cf26b3420fc0302cd0a71e8d029739b8765be27

                                                                                                                                            SHA256

                                                                                                                                            e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

                                                                                                                                            SHA512

                                                                                                                                            e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\DawnWebGPUCache\data_0
                                                                                                                                            Filesize

                                                                                                                                            8KB

                                                                                                                                            MD5

                                                                                                                                            cf89d16bb9107c631daabf0c0ee58efb

                                                                                                                                            SHA1

                                                                                                                                            3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

                                                                                                                                            SHA256

                                                                                                                                            d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

                                                                                                                                            SHA512

                                                                                                                                            8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\DawnWebGPUCache\data_1
                                                                                                                                            Filesize

                                                                                                                                            264KB

                                                                                                                                            MD5

                                                                                                                                            d0d388f3865d0523e451d6ba0be34cc4

                                                                                                                                            SHA1

                                                                                                                                            8571c6a52aacc2747c048e3419e5657b74612995

                                                                                                                                            SHA256

                                                                                                                                            902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

                                                                                                                                            SHA512

                                                                                                                                            376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\DawnWebGPUCache\data_2
                                                                                                                                            Filesize

                                                                                                                                            8KB

                                                                                                                                            MD5

                                                                                                                                            0962291d6d367570bee5454721c17e11

                                                                                                                                            SHA1

                                                                                                                                            59d10a893ef321a706a9255176761366115bedcb

                                                                                                                                            SHA256

                                                                                                                                            ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

                                                                                                                                            SHA512

                                                                                                                                            f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Extension Rules\MANIFEST-000001
                                                                                                                                            Filesize

                                                                                                                                            41B

                                                                                                                                            MD5

                                                                                                                                            5af87dfd673ba2115e2fcf5cfdb727ab

                                                                                                                                            SHA1

                                                                                                                                            d5b5bbf396dc291274584ef71f444f420b6056f1

                                                                                                                                            SHA256

                                                                                                                                            f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                                                                                                                            SHA512

                                                                                                                                            de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\content.js
                                                                                                                                            Filesize

                                                                                                                                            9KB

                                                                                                                                            MD5

                                                                                                                                            3d20584f7f6c8eac79e17cca4207fb79

                                                                                                                                            SHA1

                                                                                                                                            3c16dcc27ae52431c8cdd92fbaab0341524d3092

                                                                                                                                            SHA256

                                                                                                                                            0d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643

                                                                                                                                            SHA512

                                                                                                                                            315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network\Network Persistent State
                                                                                                                                            Filesize

                                                                                                                                            59B

                                                                                                                                            MD5

                                                                                                                                            2800881c775077e1c4b6e06bf4676de4

                                                                                                                                            SHA1

                                                                                                                                            2873631068c8b3b9495638c865915be822442c8b

                                                                                                                                            SHA256

                                                                                                                                            226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

                                                                                                                                            SHA512

                                                                                                                                            e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network\Network Persistent State
                                                                                                                                            Filesize

                                                                                                                                            1KB

                                                                                                                                            MD5

                                                                                                                                            d2563b16a7a8257a627d5939e0bfa845

                                                                                                                                            SHA1

                                                                                                                                            1eb80ca4b3a77c479036c08e441a7520f5f8f80e

                                                                                                                                            SHA256

                                                                                                                                            20d0a2cb23ad7198fb79734ce5fec1d831c789bf2e3a4b588acb220d6591d7cd

                                                                                                                                            SHA512

                                                                                                                                            792bd09b69217137594af5dbc31f831ff0c60e87fe4880ffbdc19e3fdbc6dadb051983518ca3c4653fb5735b2ceacfe7d5ead61c6187290dad7bb9f64ac87bdf

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network\SCT Auditing Pending Reports
                                                                                                                                            Filesize

                                                                                                                                            2B

                                                                                                                                            MD5

                                                                                                                                            d751713988987e9331980363e24189ce

                                                                                                                                            SHA1

                                                                                                                                            97d170e1550eee4afc0af065b78cda302a97674c

                                                                                                                                            SHA256

                                                                                                                                            4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                                                                            SHA512

                                                                                                                                            b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences
                                                                                                                                            Filesize

                                                                                                                                            9KB

                                                                                                                                            MD5

                                                                                                                                            703806ee6b6463f759fd48a26b5ebb6e

                                                                                                                                            SHA1

                                                                                                                                            32ac9d797c31393fd0d582619b6a46231600293f

                                                                                                                                            SHA256

                                                                                                                                            20c440b38a8b7bd77d3cf9ee6297e595bdf82511a32a80f384c147a0c336508d

                                                                                                                                            SHA512

                                                                                                                                            11db67752d14270ce2be927c22997184aa780b8a380a73fdbfe5dd2fdbb0a119945fa3627810ca26f3937681c1a57f0f066e5cb0f4a0ead3bf90c1d2bb3ff164

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\js\index-dir\the-real-index
                                                                                                                                            Filesize

                                                                                                                                            72B

                                                                                                                                            MD5

                                                                                                                                            bf58a4683761a683d8e6fb6373ef6702

                                                                                                                                            SHA1

                                                                                                                                            d408cf9ffc076a7beb8c84ec302e852f619f44e0

                                                                                                                                            SHA256

                                                                                                                                            8357f53b7bb73592507d9ac13e3386d09f638446b7422d593cd745d4295c7b36

                                                                                                                                            SHA512

                                                                                                                                            7c9b4c2254aab7378e8acdd44c816d5bed8e316a7c83723cec65d28027dc1ff1da121b242cc7c7bc06c015d022a2f4f364ead4e99d6c8b395e585f95ec635716

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\js\index-dir\the-real-index~RFe58078d.TMP
                                                                                                                                            Filesize

                                                                                                                                            48B

                                                                                                                                            MD5

                                                                                                                                            18dd96623094285e59a559b0516efb4e

                                                                                                                                            SHA1

                                                                                                                                            439709a8c192405dc02b2caf055a82f5585e55d7

                                                                                                                                            SHA256

                                                                                                                                            7d76b229fadf359743c21d8c993be7daac300f30003191d6ef96018ea8726396

                                                                                                                                            SHA512

                                                                                                                                            c4a9d8fd75ddb84e33c53eefac1472a43020326b9a6ac9b24f0f7155ccbe0a2228684699d51eae5dce67bf7a293139726b50d3287f0ef97eb892191d780efdb8

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\wasm\index
                                                                                                                                            Filesize

                                                                                                                                            24B

                                                                                                                                            MD5

                                                                                                                                            54cb446f628b2ea4a5bce5769910512e

                                                                                                                                            SHA1

                                                                                                                                            c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

                                                                                                                                            SHA256

                                                                                                                                            fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

                                                                                                                                            SHA512

                                                                                                                                            8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Sync Data\LevelDB\000001.dbtmp
                                                                                                                                            Filesize

                                                                                                                                            16B

                                                                                                                                            MD5

                                                                                                                                            46295cac801e5d4857d09837238a6394

                                                                                                                                            SHA1

                                                                                                                                            44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                                                                            SHA256

                                                                                                                                            0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                                                                            SHA512

                                                                                                                                            8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\a642416f-acb8-493f-916f-01f297916081.tmp
                                                                                                                                            Filesize

                                                                                                                                            29KB

                                                                                                                                            MD5

                                                                                                                                            840eb796162cade07fade0256ee2a114

                                                                                                                                            SHA1

                                                                                                                                            503f8d5e45c8ffc1d2d07ad61f40c34eeee04585

                                                                                                                                            SHA256

                                                                                                                                            76f6c85fd14b1ede9c5d91cb6f3b5e04d61bf6dc45c41fc9a2bab9c4b09bfda2

                                                                                                                                            SHA512

                                                                                                                                            6ccfd4fa2b3dc94df1884e2150dab50a4e63154c16a95758752d1ddff628ad9d6db85b57bcd7bbced2c958a16d0f1caaf0c370db12bed4979e9a313e9bb61bf4

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\aa3ebf1b-bcd8-440d-8cc6-81908aa7f262.tmp
                                                                                                                                            Filesize

                                                                                                                                            9KB

                                                                                                                                            MD5

                                                                                                                                            b13bf314f502b0b81eb7b98460e07210

                                                                                                                                            SHA1

                                                                                                                                            feb7ce46f97a44c471c77e3fb953e009cd5e73fb

                                                                                                                                            SHA256

                                                                                                                                            5e07c4c23a26f566635b438458d389754018d58d7f80e8b4e3bde419e3b8ead0

                                                                                                                                            SHA512

                                                                                                                                            18cfd527f241d1724225657295214f0ae7cfe114192ad1b0015f4b785ce4bcd428fb773bef3b3941b97666e4667af7b2bb0a6d5cd3a8ecc146351d91da62012b

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Edge Cloud Config\CloudConfigLog
                                                                                                                                            Filesize

                                                                                                                                            872B

                                                                                                                                            MD5

                                                                                                                                            211e4f90c0bd94ba1414f7b186b512ac

                                                                                                                                            SHA1

                                                                                                                                            cf303e9b63a6f6e1aa572bd6bbf2ea4cfd232f75

                                                                                                                                            SHA256

                                                                                                                                            ee20a9811c64201a9c26139023e98f35cdab9b94b136aed7dcf8def1cee4c4a7

                                                                                                                                            SHA512

                                                                                                                                            73640aafa72fbeab9e7db0701eaef8ea7f6e7e147e5526b63899c89bf99804e2f35b77493a40f384555cae7e1e5604e1d5381baaecb0d191c673a6c9baded2bb

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Edge Cloud Config\CloudConfigLog
                                                                                                                                            Filesize

                                                                                                                                            23KB

                                                                                                                                            MD5

                                                                                                                                            0267027a05ab888ad93207cf03560d29

                                                                                                                                            SHA1

                                                                                                                                            af70ebfc25b1ab945e48f6f3d4ee3ddfc34c3a02

                                                                                                                                            SHA256

                                                                                                                                            e791da362d4e16aa3b5e4da8ce5e52398fd496e8ee7c7befc30910583080ff3f

                                                                                                                                            SHA512

                                                                                                                                            e2faadbdc975761d3280bf870d2f2ee1edf75263f23be61e0893c1eebc6f4c5cc7c247fe9e0cf85ba9add11f0f2fa17d101101ffbe1bfccf009c283fe295a709

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Edge Cloud Config\CloudConfigLog~RFe589bae.TMP
                                                                                                                                            Filesize

                                                                                                                                            465B

                                                                                                                                            MD5

                                                                                                                                            ff864f2ab7668dd93fa61bb46a0a7161

                                                                                                                                            SHA1

                                                                                                                                            478b5c719f95b2cd17f38989b22a33f2220bd901

                                                                                                                                            SHA256

                                                                                                                                            ecfa03eb6408fbb0af8ff7d7eb2a775a83020e3f3786e253608908254204c19c

                                                                                                                                            SHA512

                                                                                                                                            2708066e32b656cbc792dccede71ee2e7aa9e397e488d567fe513ade06c57731a347d36683dc1a400ab9a3fe89540f35e08cf42879266d4844c71e5772441653

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Edge Cloud Config\OperationConfig
                                                                                                                                            Filesize

                                                                                                                                            22KB

                                                                                                                                            MD5

                                                                                                                                            3f8927c365639daa9b2c270898e3cf9d

                                                                                                                                            SHA1

                                                                                                                                            c8da31c97c56671c910d28010f754319f1d90fa6

                                                                                                                                            SHA256

                                                                                                                                            fc80d48a732def35ab6168d8fd957a6f13f3c912d7f9baf960c17249e4a9a1f2

                                                                                                                                            SHA512

                                                                                                                                            d75b93f30989428883cb5e76f6125b09f565414cf45d59053527db48c6cf2ac7f54ed9e8f6a713c855cd5d89531145592ef27048cf1c0f63d7434cfb669dbd72

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Edge Cloud Config\OperationConfig~RFe58a0a0.TMP
                                                                                                                                            Filesize

                                                                                                                                            3KB

                                                                                                                                            MD5

                                                                                                                                            47430e0e9ad4838b6b88191b7966810f

                                                                                                                                            SHA1

                                                                                                                                            8933b4ce19e396751f93687305d3d378c48e2e0f

                                                                                                                                            SHA256

                                                                                                                                            98c1f419b9efe0d2a9f4350442d90916bd07593d9ecde4706030d1502cfb90d2

                                                                                                                                            SHA512

                                                                                                                                            e3a4e44240a11ce2173acfe66f6b52bdae8fc9c97dfdca441700ab47b5c73a46b71405da95a2cc08c34507fddf4349923c33da57da244e45b5019b9898e6b65c

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Edge Data Protection Lists\2.0.0.0\office_endpoints_list.json
                                                                                                                                            Filesize

                                                                                                                                            3KB

                                                                                                                                            MD5

                                                                                                                                            94406cdd51b55c0f006cfea05745effb

                                                                                                                                            SHA1

                                                                                                                                            a15dc50ca0fd54d6f54fbc6e0788f6dcfc876cc9

                                                                                                                                            SHA256

                                                                                                                                            8480f3d58faa017896ba8239f3395e3551325d7a6466497a9a69bf182647b25e

                                                                                                                                            SHA512

                                                                                                                                            d4e621f57454fea7049cffc9cc3adfb0d8016360912e6a580f6fe16677e7dd7aa2ee0671cb3c5092a9435708a817f497c3b2cc7aba237d32dbdaae82f10591c3

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State
                                                                                                                                            Filesize

                                                                                                                                            3KB

                                                                                                                                            MD5

                                                                                                                                            2376fcb7031c5948bdfda085a2289f8d

                                                                                                                                            SHA1

                                                                                                                                            4b354e13725c4680fd9a83cd965ef26277ecb8c4

                                                                                                                                            SHA256

                                                                                                                                            73a091c049d3647a0fdfe5232409757014f57694bfa141e00c2339274e392357

                                                                                                                                            SHA512

                                                                                                                                            45f5d72f20a0646651a8b0a33d7030d9850b92a9603770dc433c4968ffcdb55371857b8eac260f2726d53791cbf44d328d0bc0bc2bf958a46342726e9d6e113e

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State
                                                                                                                                            Filesize

                                                                                                                                            4KB

                                                                                                                                            MD5

                                                                                                                                            f808d29549f8268490726c9e9f8dad6b

                                                                                                                                            SHA1

                                                                                                                                            bc47b5c3ec5c88ab1a71bfbd0a1f5b82b97a70c0

                                                                                                                                            SHA256

                                                                                                                                            84d908be0ed3f959812605805197ec343047aff97c53819517e556dad8bcc255

                                                                                                                                            SHA512

                                                                                                                                            d2e88504978dc7163b2aaaee4a3bc8190e8686256919ebe9099d13d3841a38287598da220de3c79c3578c664693cd12caf94b36a6229171b543f984b6ef497b7

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State
                                                                                                                                            Filesize

                                                                                                                                            29KB

                                                                                                                                            MD5

                                                                                                                                            a055b3d9fb0270221e58dbd7d6681730

                                                                                                                                            SHA1

                                                                                                                                            5575c881a13ca63930386cfec0e6561a00d6b5a6

                                                                                                                                            SHA256

                                                                                                                                            4885886b6f9fa8684f54d766b0ccf74ddc3fc11d3b1bd2309289e45699765876

                                                                                                                                            SHA512

                                                                                                                                            fb5f3c755d2ef71892ea3b89f29f6e709505482b51cfe4adcc0e40f6efd4fc8576d1337b53d952889ac52b024e9c35c0edb551c6a9a080c386e3d8ff3dab859f

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State
                                                                                                                                            Filesize

                                                                                                                                            33KB

                                                                                                                                            MD5

                                                                                                                                            c148f0b4e3b47dad108847ea254a8e96

                                                                                                                                            SHA1

                                                                                                                                            9790d6617b60e081762aa78911b5b2fb7c433f82

                                                                                                                                            SHA256

                                                                                                                                            319b71d5b33aff9ae72285ba283ea222b07f27a74d7ada8e034d1c878d0a6c5c

                                                                                                                                            SHA512

                                                                                                                                            da973d66597c7a7c89201f2697bee529b4035c9b834eb0d5216e8453f5882253a712ea79071b1748a5c7e2a75d29a49fba7080cd436aff82747c7e82ae2a571c

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State~RFe57b045.TMP
                                                                                                                                            Filesize

                                                                                                                                            1KB

                                                                                                                                            MD5

                                                                                                                                            e165f15845cf119b13541ca9397148e1

                                                                                                                                            SHA1

                                                                                                                                            3f049cc8bdeba953bcbbb6a2f333646cf58a4d61

                                                                                                                                            SHA256

                                                                                                                                            d3aeed0f2f20418ad4838037bea0e347e9a30f3f69a5be21e9fe70ac7974286e

                                                                                                                                            SHA512

                                                                                                                                            1d9cd22fa33b1ebe76bf425b1146582058da4e29659861c54cce7a65cb1c677191fde4e66fe690adeb90638d3edcfb4325152f7dbb6ab85e8bcb5e6732868074

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\WorkspacesNavigationComponent\1.0.0.5\nav_config.json
                                                                                                                                            Filesize

                                                                                                                                            2KB

                                                                                                                                            MD5

                                                                                                                                            499d9e568b96e759959dc69635470211

                                                                                                                                            SHA1

                                                                                                                                            2462a315342e0c09fd6c5fbd7f1e7ff6914c17e6

                                                                                                                                            SHA256

                                                                                                                                            98252dc9f9e81167e893f2c32f08ee60e9a6c43fadb454400ed3bff3a68fbf0d

                                                                                                                                            SHA512

                                                                                                                                            3a5922697b5356fd29ccf8dcc2e5e0e8c1fd955046a5bacf11b8ac5b7c147625d31ade6ff17be86e79c2c613104b2d2aebb11557399084d422e304f287d8b905

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                            Filesize

                                                                                                                                            280B

                                                                                                                                            MD5

                                                                                                                                            0db1d88802048ff847bfcf47035335bd

                                                                                                                                            SHA1

                                                                                                                                            bb54059e5b145da464f6521ae67353889ce00771

                                                                                                                                            SHA256

                                                                                                                                            416525d2bfeaeab0950175c0eab55ad35e84518ef5299f10565023800788cf9a

                                                                                                                                            SHA512

                                                                                                                                            32c5b42febdb38c3a30eb5179b8aa20a5e731b0e83aab16ec73d27b4108bfc89eb6316f71a988388cb5df19267ba823f6d0220fab5584667ba0adb0da1152a30

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                            Filesize

                                                                                                                                            280B

                                                                                                                                            MD5

                                                                                                                                            8734b4a181214bb62f91cfa36c7e2c98

                                                                                                                                            SHA1

                                                                                                                                            9cff323f10778a23d73ac3dcffc038d3bf661b78

                                                                                                                                            SHA256

                                                                                                                                            e06afe980fa56c8dad3e7c6b8d0d8f1e7eb9a4860ac715e966026fb7631c3ba5

                                                                                                                                            SHA512

                                                                                                                                            e8648a54da9aa24b6cba1f0377a0ce33979ea097554bb6347f252cad894ad4134e1fe839abc80eb48e2510061d5c6937e80374d32f95afd4cc8567b57694ac36

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\fcb6ab9a-7168-4767-b23f-8817eee9fe7f.tmp
                                                                                                                                            Filesize

                                                                                                                                            2B

                                                                                                                                            MD5

                                                                                                                                            99914b932bd37a50b983c5e7c90ae93b

                                                                                                                                            SHA1

                                                                                                                                            bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                                                                                                            SHA256

                                                                                                                                            44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                                                                                                            SHA512

                                                                                                                                            27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
                                                                                                                                            Filesize

                                                                                                                                            69KB

                                                                                                                                            MD5

                                                                                                                                            164a788f50529fc93a6077e50675c617

                                                                                                                                            SHA1

                                                                                                                                            c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48

                                                                                                                                            SHA256

                                                                                                                                            b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17

                                                                                                                                            SHA512

                                                                                                                                            ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\9f1c8426-8d44-4044-be38-c538fba25957.tmp
                                                                                                                                            Filesize

                                                                                                                                            61B

                                                                                                                                            MD5

                                                                                                                                            4df4574bfbb7e0b0bc56c2c9b12b6c47

                                                                                                                                            SHA1

                                                                                                                                            81efcbd3e3da8221444a21f45305af6fa4b71907

                                                                                                                                            SHA256

                                                                                                                                            e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

                                                                                                                                            SHA512

                                                                                                                                            78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                            Filesize

                                                                                                                                            6KB

                                                                                                                                            MD5

                                                                                                                                            7c3062c44145efe559a06f3c3d12f447

                                                                                                                                            SHA1

                                                                                                                                            1bb7ec06369e42b22718c77ab3486004726db427

                                                                                                                                            SHA256

                                                                                                                                            7c8be600243ba2884da954a295299010034e2da78a3da207675b70c3d89f65c2

                                                                                                                                            SHA512

                                                                                                                                            08228352583e2bcd43357da49bc720d5255fcededa1b4f4d6e2449c933910668003e5b74eb53a7cfe59218d24b1b5cbd42637d80131540653f8507b5cdca0a49

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                                                                                                                            Filesize

                                                                                                                                            26KB

                                                                                                                                            MD5

                                                                                                                                            15f36800a437fea2f833b340338de069

                                                                                                                                            SHA1

                                                                                                                                            d8901dc78a8cb743566b4029037da2e9c3b41721

                                                                                                                                            SHA256

                                                                                                                                            f72fca3301a04e033ef5221f9899f198a65a38470baa83f5d2bc437008db1809

                                                                                                                                            SHA512

                                                                                                                                            0bdc8294c36785121211ea5a7b6f9b8f7e7ddb9e2c8ad06c570e4fb42630b5428afc22420e3f8eb713cebd30854abd04a220f774c9549b5d5348d2cfe41b0f3c

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                            Filesize

                                                                                                                                            8KB

                                                                                                                                            MD5

                                                                                                                                            cfd4069aaeb9513b13dec23691d96554

                                                                                                                                            SHA1

                                                                                                                                            ad6834fa1ad5b35243b8169d8b7b669e472f0072

                                                                                                                                            SHA256

                                                                                                                                            6189751235b3ebd94aaa076d06b058f97ad2ce1131b7121711d16aa225fe976c

                                                                                                                                            SHA512

                                                                                                                                            81aa47b5383294f7066842549ef524a8b445d4e942b0bd45f964fd9470ceafb548392920bff9d8273b683cfe6d52bfc2df90508e953a33c03f8d24a8052be5a9

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                            Filesize

                                                                                                                                            6KB

                                                                                                                                            MD5

                                                                                                                                            ee0fc104bc4fa16b08b6d74959936897

                                                                                                                                            SHA1

                                                                                                                                            11252bfe0983b1fe09a1f7219e77dea1d32b7ea8

                                                                                                                                            SHA256

                                                                                                                                            af2c6e966acd14ce671edaeadd20312e1b99b4434028fc97f15a1700c1d7a9c2

                                                                                                                                            SHA512

                                                                                                                                            4b67fe2929500cf9bb8b7e58bbfcc5927daa1209d2f6f95648c8c4b4b9f2807a632f964928999e9a982254925c51cde639dbfa33c38d2dc56dc3de80ae7357fd

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                            Filesize

                                                                                                                                            7KB

                                                                                                                                            MD5

                                                                                                                                            70348f145f56d3b80b95d79edd4b8687

                                                                                                                                            SHA1

                                                                                                                                            bf5c90f32b1761e022483c8caa7e377070796db3

                                                                                                                                            SHA256

                                                                                                                                            9ce031c461b6e9ddc381d097819ed13451993d88c7e2db7e6e607f4ae9188d27

                                                                                                                                            SHA512

                                                                                                                                            e55daf2782b233af3188f5f586f434c589112a4cb1ca2dfcdd6a53ec6532bdfdfd18aadc93876525823f21f3e5ee8f4ee59e6ba2c1c3158e2fd8c49bb7a96dc6

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                            Filesize

                                                                                                                                            8KB

                                                                                                                                            MD5

                                                                                                                                            c64a314fd1812a77dffc9079cdb2e5af

                                                                                                                                            SHA1

                                                                                                                                            13dc7c8d91e920fc0661f690720ed2b656e568ab

                                                                                                                                            SHA256

                                                                                                                                            fe61c98c3a996b24d1685648210f8cf1dc6707256a05f3e0099aceed8d8e1767

                                                                                                                                            SHA512

                                                                                                                                            4ff53a88c8d288a2433f05e84c7dccb4dc95dc8054ca4a684b7c8c56000923df8cd92fe0d36939ed5ffa632c5fc90fc988fdda3feaa9c3f81b5f8b8c8128dd51

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\573e31e1-38e8-4062-8128-dd7838d715b5.tmp
                                                                                                                                            Filesize

                                                                                                                                            10KB

                                                                                                                                            MD5

                                                                                                                                            78e47dda17341bed7be45dccfd89ac87

                                                                                                                                            SHA1

                                                                                                                                            1afde30e46997452d11e4a2adbbf35cce7a1404f

                                                                                                                                            SHA256

                                                                                                                                            67d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550

                                                                                                                                            SHA512

                                                                                                                                            9574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\b8eb2035-c0a3-4352-a467-76b655a044e3.tmp
                                                                                                                                            Filesize

                                                                                                                                            1B

                                                                                                                                            MD5

                                                                                                                                            5058f1af8388633f609cadb75a75dc9d

                                                                                                                                            SHA1

                                                                                                                                            3a52ce780950d4d969792a2559cd519d7ee8c727

                                                                                                                                            SHA256

                                                                                                                                            cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

                                                                                                                                            SHA512

                                                                                                                                            0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\scoped_dir6764_822699823\1a6c22a6-ef9b-4d9f-be17-7241186f6691.tmp
                                                                                                                                            Filesize

                                                                                                                                            152KB

                                                                                                                                            MD5

                                                                                                                                            dd9bf8448d3ddcfd067967f01e8bf6d7

                                                                                                                                            SHA1

                                                                                                                                            d7829475b2bd6a3baa8fabfaf39af57c6439b35e

                                                                                                                                            SHA256

                                                                                                                                            fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

                                                                                                                                            SHA512

                                                                                                                                            65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\VSX8ME3MECNP5KC2IH2I.temp
                                                                                                                                            Filesize

                                                                                                                                            3KB

                                                                                                                                            MD5

                                                                                                                                            3631f886fdbd350ae0c9a235d368f316

                                                                                                                                            SHA1

                                                                                                                                            9a5b8e29fead310811c9982486ab136684e304f2

                                                                                                                                            SHA256

                                                                                                                                            63005e4e1b845de549a5ba8990beb352c0fad45886b6edc0132e1ee59d5b180b

                                                                                                                                            SHA512

                                                                                                                                            51dd038a58931bd91b0e5588f9a41e28d7511953734c0bda92248016f006a58ed735f5d26e9960b06bc61ee099685511e02e51a4659ffa4e52f7a1316a3bce29

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\Desktop\AssertConvertTo.xps.abbt
                                                                                                                                            Filesize

                                                                                                                                            166KB

                                                                                                                                            MD5

                                                                                                                                            1bef74ab5023df4207ced2e00d553ec6

                                                                                                                                            SHA1

                                                                                                                                            923943df12eadf2a95400fbc0edd002b4f43560b

                                                                                                                                            SHA256

                                                                                                                                            8de4d1ff6eb6d0e47bd617313729e1d227ed1f97618aff94447390cd6d96d37c

                                                                                                                                            SHA512

                                                                                                                                            eae0d5eb15b7da820b5f23faa36c144bc0a2acb49ce0108684417c91c3034a6de1013e1ad412113e7251124566acd86875d2ec4536ec707d6ceddd2863accf8f

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\Desktop\CloseGroup.ps1xml.abbt
                                                                                                                                            Filesize

                                                                                                                                            227KB

                                                                                                                                            MD5

                                                                                                                                            55354a8053c926cc6b2a10f0e7f9a442

                                                                                                                                            SHA1

                                                                                                                                            2fc44da2adeeb9507e3469762bda1719b8682bad

                                                                                                                                            SHA256

                                                                                                                                            015f04792e9b2efcd55c83269a58139c4fa63c575700620711968f5bcf502caf

                                                                                                                                            SHA512

                                                                                                                                            8edd44ec73c939b4cd62c9343ed23b5a438ef220bca918a6c60c5ecb1a7e3bde4ac9f5b5322ae98cd1a772c1e2aa442b4432235bb66456dea09836f077b0fe86

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\Desktop\EnterRedo.M2V.abbt
                                                                                                                                            Filesize

                                                                                                                                            204KB

                                                                                                                                            MD5

                                                                                                                                            ce22b3917e94f0896787a797bf1cea4c

                                                                                                                                            SHA1

                                                                                                                                            6a185aa3b9cfd64996797bf455c424ed58befae3

                                                                                                                                            SHA256

                                                                                                                                            ef47bce5f917c41018ab0abff4227a103f4e344f6b7739bc2b7217e76cb7ef7e

                                                                                                                                            SHA512

                                                                                                                                            2408ab525a03c31465687c54759fa04fd4584c910b362bcf525fe8ddf16ad020ba0c42e5f7744a5b443e8047f7b602e4c588fe22dc33afdaf701453e14c7e622

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\Desktop\ExitBlock.jpe.abbt
                                                                                                                                            Filesize

                                                                                                                                            242KB

                                                                                                                                            MD5

                                                                                                                                            08108031002200f9a956f51b5e64c31c

                                                                                                                                            SHA1

                                                                                                                                            5b7b7cbdf2c5b609bd8b164332b45f39cefd7025

                                                                                                                                            SHA256

                                                                                                                                            ef0e7abbd3e58090e7d09040467aecb41e00bdd631d53036e2f7e9f86c114ba2

                                                                                                                                            SHA512

                                                                                                                                            884268ca51caa5d185dd88b4b5c6c6807dd9ee3aa53f03d1274f9c04f80f5eb52e83fdb7150cbc06b5806317af89eb8a42e0d6730f0af57393b713419deb825a

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\Desktop\ExitGroup.M2TS.abbt
                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                            MD5

                                                                                                                                            374e04ee333bc69a983f0c03faf421ff

                                                                                                                                            SHA1

                                                                                                                                            9de2a5e8649633b02818811a2ab63df4a8a9444e

                                                                                                                                            SHA256

                                                                                                                                            095b925148f7b77e9a41c6eae0ef2670169b28d20f2ecc3cea82126e0aee6c1c

                                                                                                                                            SHA512

                                                                                                                                            446e379db752c1ecf41485db662d1d29844cb117b91257125d295675808e8977411a9ecec7493789d3ba2313e2b666e525fcf3a66ca6a0bd0c1d7acafef3457e

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\Desktop\ExpandEdit.gif.abbt
                                                                                                                                            Filesize

                                                                                                                                            234KB

                                                                                                                                            MD5

                                                                                                                                            1d931fe0617245b9f20d617069cb348c

                                                                                                                                            SHA1

                                                                                                                                            952eeb7ea8e73316e5aa9bcfe49fe52a7941e7fb

                                                                                                                                            SHA256

                                                                                                                                            f777e4e87b36bc8fc149901a822101738f594eb717a0b34466cd8a06738f508f

                                                                                                                                            SHA512

                                                                                                                                            b74f5a60768af2b97108e37e8377effc01e354138cba00818253962897b1f482e51710c6138dd06c8e010d0251e3fe2626f220ce798b060486203a6e00dce57c

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\Desktop\ImportRedo.sql.abbt
                                                                                                                                            Filesize

                                                                                                                                            174KB

                                                                                                                                            MD5

                                                                                                                                            42020e19a136f6d51647fbecc2be92ea

                                                                                                                                            SHA1

                                                                                                                                            84a5264c6efcd7cc7029c55871b0120268f5864e

                                                                                                                                            SHA256

                                                                                                                                            b0fc5b0a7b84f983e42f03612f7ea4e8245fe56747df0338f402ab9dc3108262

                                                                                                                                            SHA512

                                                                                                                                            b5155d65cf2faefc2bcb18563f48ae60ca8d9d7578b5e6ebbf0f5867581b7ab4feda4b2b5f31c57d776200a5cbc5aa7398287a6dc7f45167a45e3fbfd416adfd

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\Desktop\LimitOpen.txt.abbt
                                                                                                                                            Filesize

                                                                                                                                            106KB

                                                                                                                                            MD5

                                                                                                                                            f2847b4c38947f9bb8743232b96a6799

                                                                                                                                            SHA1

                                                                                                                                            3668ec17c64edc282e778ec61872b2e25871335a

                                                                                                                                            SHA256

                                                                                                                                            dda9a029fcf84c7197b6497536f282118e7d393198f28e29ea2b3d03c48efabe

                                                                                                                                            SHA512

                                                                                                                                            2ca02d15ab980329b0ec359f8c0a288291b5a73a555c95fae23c1b55a045bdcee126b967ae72a240cfa7f3c346c661179034ab848d30ee94edc4f3430f577369

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\Desktop\LimitRevoke.wav.abbt
                                                                                                                                            Filesize

                                                                                                                                            121KB

                                                                                                                                            MD5

                                                                                                                                            9a39c51ebd83ea1342d24800a4ef201d

                                                                                                                                            SHA1

                                                                                                                                            fdf1719be1621db6eaa312ff15f223a413362a71

                                                                                                                                            SHA256

                                                                                                                                            895c3a35da7f9bd069e03ea76082a66ed389caeb5b5e1c4a6b4097c121f06b63

                                                                                                                                            SHA512

                                                                                                                                            496d761df56793497fe9a1462a79c44c1d08b09ce15ba338fab5de22ba608d0f8e63247dce9d1ce146c7bd430e3e4e2e51ca84429b9c78920caab9b28954bf52

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\Desktop\LockEnter.css.abbt
                                                                                                                                            Filesize

                                                                                                                                            159KB

                                                                                                                                            MD5

                                                                                                                                            98547646cdb16487da7634b3a16c4791

                                                                                                                                            SHA1

                                                                                                                                            38a23fcc7717a9c480914e67bb55502f56bde028

                                                                                                                                            SHA256

                                                                                                                                            630d0d66c0183e7a7900e8ffcf8c6203b1ade027a9ea786bacd87c5234609cea

                                                                                                                                            SHA512

                                                                                                                                            61055331bdf8508cfb57ca72587f9684e6c731a85da3c5093c99d4c987e9b27635a4c2d8e1f2fc4cb88a977bef88988066d3a9a7baa42569bc7714997dd6df3e

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\Desktop\Microsoft Edge.lnk
                                                                                                                                            Filesize

                                                                                                                                            2KB

                                                                                                                                            MD5

                                                                                                                                            978fc779962dfefeaf24314591c612f7

                                                                                                                                            SHA1

                                                                                                                                            82f71df456cd000e03cca6748c4f5445ee25c33f

                                                                                                                                            SHA256

                                                                                                                                            c0fc5f539b34d558b07d3a25d68737af64adfc6eb74aedd1edcc3817a0bcb6b8

                                                                                                                                            SHA512

                                                                                                                                            110885d1cd66e23a2e919bbe8e7c65a878d7b893b0e348e1172038af4239ea9e1018d7dcaf0e40c3855875dce30b5a83686b262726cf4cd51e68661a1769de7b

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\Downloads\DismountAssert.M2T.abbt
                                                                                                                                            Filesize

                                                                                                                                            651KB

                                                                                                                                            MD5

                                                                                                                                            167657b7611c409c736e6ec83983a781

                                                                                                                                            SHA1

                                                                                                                                            200d259775446c68345b5e68a781b7bf32d4e8d4

                                                                                                                                            SHA256

                                                                                                                                            adbf66cf5c74200a9160d0732c3670142699df2b6990c812afde4d2d190beb86

                                                                                                                                            SHA512

                                                                                                                                            1227e6b976d9977d74323e2121ab324f4e85df9098d25e8c819fb7c72dc7f358a6475b74b930e7430aa0369f76a4166f85e2dda0e90867095bd4e83af5c27601

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\Downloads\PingWatch.vdx.abbt
                                                                                                                                            Filesize

                                                                                                                                            373KB

                                                                                                                                            MD5

                                                                                                                                            105e8600b785bccb5d3690bcba125041

                                                                                                                                            SHA1

                                                                                                                                            ee2c3d010121607113debcfdeda83edb103b2b9d

                                                                                                                                            SHA256

                                                                                                                                            eb6145cfb9570c16d540f5e08710d66194a3809b3ec55fe4a6324d5eb5924dd6

                                                                                                                                            SHA512

                                                                                                                                            925f6feb75834c14a32cc154e88b0254156a8a1d804c8d4240c01291ef9b948e8f6bc3c319c8b06eafd8b8012dccc16c2107783b26d561e69a79efa714da7b1d

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\Downloads\SetWatch.docm.abbt
                                                                                                                                            Filesize

                                                                                                                                            494KB

                                                                                                                                            MD5

                                                                                                                                            c2b4e1d8824fb572c394f1f74373f8cb

                                                                                                                                            SHA1

                                                                                                                                            e7a026537d025be8b04c8aeac3c95627fae47060

                                                                                                                                            SHA256

                                                                                                                                            1830629397a349d97e25cfb68507068564021065edad5d06af7fe47a1e012470

                                                                                                                                            SHA512

                                                                                                                                            5bbf389fc6944c6fa2c16b1e4f6d6eea75f0571d056da58f7c13f35d13f02ddd533d46780c18896b9d8e53867c0592f3cd79586e022d1d231fb7bca8b9447959

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\Downloads\SubmitRequest.mov.abbt
                                                                                                                                            Filesize

                                                                                                                                            421KB

                                                                                                                                            MD5

                                                                                                                                            9701dfc177866ecd5f0c16e24777e747

                                                                                                                                            SHA1

                                                                                                                                            c4e38b362aa96f468821c3f7758bf07784b15d21

                                                                                                                                            SHA256

                                                                                                                                            a0c3a3624429f514c9abb4add271474820317a77c8b123a5eb58b4f42bd11d16

                                                                                                                                            SHA512

                                                                                                                                            40dd118d700440554e4537b926946033287da9d6768a85a7cd548763104d52ee8f00c533516c527f27e4b6e0f31479e30cf8f7f08c662177708b4508522425d9

                                                                                                                                            Download Submit

                                                                                                                                          • memory/32-649-0x00007FF6E20D0000-0x00007FF6E21C7000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            988KB

                                                                                                                                            Download