Malware Analysis Report

2024-11-30 14:39

Sample ID 241115-y5xk3a1fqb
Target http://bing.com
Tags
danabot banker botnet steam discovery persistence phishing privilege_escalation ransomware trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file http://bing.com was found to be: Known bad.

Malicious Activity Summary

danabot banker botnet steam discovery persistence phishing privilege_escalation ransomware trojan

Danabot x86 payload

Danabot family

Danabot

Renames multiple (126) files with added filename extension

Downloads MZ/PE file

Blocklisted process makes network request

Modifies file permissions

Checks computer location settings

Event Triggered Execution: Component Object Model Hijacking

Executes dropped EXE

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Enumerates connected drives

Checks installed software on the system

Adds Run key to start application

Detected potential entity reuse from brand STEAM.

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Program crash

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Browser Information Discovery

Checks SCSI registry key(s)

Checks processor information in registry

Modifies Internet Explorer settings

Modifies system certificate store

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

NTFS ADS

Modifies data under HKEY_USERS

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Kills process with taskkill

Suspicious use of SendNotifyMessage

Uses Volume Shadow Copy service COM API

Suspicious use of SetWindowsHookEx

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-15 20:22

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-15 20:22

Reported

2024-11-15 20:42

Platform

win10v2004-20241007-en

Max time kernel

1136s

Max time network

1138s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://bing.com

Signatures

Danabot

trojan banker danabot

Danabot family

danabot

Danabot x86 payload

botnet
Description Indicator Process Target
N/A N/A N/A N/A

Renames multiple (126) files with added filename extension

ransomware

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Epic Games\Launcher\Portal\Extras\EOS\InstallChainer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Bugsoft.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bugsoft.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bugsoft.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bugsoft.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bugsoft.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bugsoft.exe N/A
N/A N/A C:\Users\Admin\Downloads\DanaBot (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\Bugsoft.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bugsoft.exe N/A
N/A N/A C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
N/A N/A C:\Program Files (x86)\Epic Games\Launcher\Portal\Extras\EOS\InstallChainer.exe N/A
N/A N/A C:\Program Files (x86)\Epic Games\Epic Online Services\EpicOnlineServices.exe N/A
N/A N/A C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe N/A
N/A N/A C:\Program Files (x86)\Epic Games\Epic Online Services\EpicOnlineServicesUserHelper.exe N/A
N/A N/A C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe N/A
N/A N/A C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Redist\LauncherPrereqSetup_x64.exe N/A
N/A N/A C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Redist\LauncherPrereqSetup_x64.exe N/A
N/A N/A C:\Windows\Installer\MSI6384.tmp-\DXSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\infinst.exe N/A
N/A N/A C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe N/A
N/A N/A C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe N/A
N/A N/A C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe N/A
N/A N/A C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe N/A
N/A N/A C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe N/A
N/A N/A C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe N/A
N/A N/A C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
N/A N/A C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
N/A N/A C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
N/A N/A C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Program Files (x86)\Epic Games\Launcher\Portal\Extras\EOS\InstallChainer.exe N/A
N/A N/A C:\Program Files (x86)\Epic Games\Launcher\Portal\Extras\EOS\InstallChainer.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{43a03b9c-4770-409c-a999-587b60700b63} = "\"C:\\ProgramData\\Package Cache\\{43a03b9c-4770-409c-a999-587b60700b63}\\LauncherPrereqSetup_x64.exe\" /quiet /burn.log.append \"C:/Users/Admin/AppData/Local/EpicGamesLauncher/Saved/Logs/SelfUpdatePrereqInstall.log\" /burn.runonce" C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Redist\LauncherPrereqSetup_x64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\EpicGamesLauncher = "\"C:\\Program Files (x86)\\Epic Games\\Launcher\\Portal\\Binaries\\Win64\\EpicGamesLauncher.exe\" -silent -launchcontext=boot" C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent" C:\Users\Admin\Downloads\SteamSetup.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Detected potential entity reuse from brand STEAM.

phishing steam

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\SET58B4.tmp C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
File created C:\Windows\SysWOW64\SET7981.tmp C:\Windows\Installer\MSI6384.tmp-\DXSetup.exe N/A
File opened for modification C:\Windows\system32\SET780A.tmp C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\infinst.exe N/A
File created C:\Windows\SysWOW64\SET8DD4.tmp C:\Windows\Installer\MSI6384.tmp-\DXSetup.exe N/A
File opened for modification C:\Windows\system32\SET8E90.tmp C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\infinst.exe N/A
File opened for modification C:\Windows\system32\SET8C7D.tmp C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\infinst.exe N/A
File opened for modification C:\Windows\system32\SET8EDF.tmp C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\infinst.exe N/A
File created C:\Windows\system32\SET7DD7.tmp C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\infinst.exe N/A
File created C:\Windows\system32\SET7FEA.tmp C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\infinst.exe N/A
File opened for modification C:\Windows\system32\SET88C3.tmp C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\infinst.exe N/A
File opened for modification C:\Windows\SysWOW64\SET8DE5.tmp C:\Windows\Installer\MSI6384.tmp-\DXSetup.exe N/A
File opened for modification C:\Windows\SysWOW64\SET5876.tmp C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
File opened for modification C:\Windows\SysWOW64\SET5903.tmp C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
File opened for modification C:\Windows\SysWOW64\SET8DD4.tmp C:\Windows\Installer\MSI6384.tmp-\DXSetup.exe N/A
File opened for modification C:\Windows\system32\X3DAudio1_7.dll C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\infinst.exe N/A
File created C:\Windows\SysWOW64\SET7B85.tmp C:\Windows\Installer\MSI6384.tmp-\DXSetup.exe N/A
File opened for modification C:\Windows\system32\xinput1_3.dll C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\infinst.exe N/A
File created C:\Windows\SysWOW64\SET5903.tmp C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
File opened for modification C:\Windows\SysWOW64\d3dcsx_43.dll C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
File opened for modification C:\Windows\system32\SET7FEA.tmp C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\infinst.exe N/A
File opened for modification C:\Windows\system32\d3dx11_43.dll C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\infinst.exe N/A
File opened for modification C:\Windows\system32\d3dcsx_43.dll C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\infinst.exe N/A
File created C:\Windows\SysWOW64\SET5941.tmp C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
File opened for modification C:\Windows\SysWOW64\X3DAudio1_7.dll C:\Windows\Installer\MSI6384.tmp-\DXSetup.exe N/A
File created C:\Windows\system32\SET8C7D.tmp C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\infinst.exe N/A
File opened for modification C:\Windows\system32\XAPOFX1_5.dll C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\infinst.exe N/A
File opened for modification C:\Windows\SysWOW64\d3dx11_43.dll C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
File opened for modification C:\Windows\SysWOW64\SET5941.tmp C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
File opened for modification C:\Windows\system32\D3DX9_43.dll C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\infinst.exe N/A
File opened for modification C:\Windows\SysWOW64\XAPOFX1_5.dll C:\Windows\Installer\MSI6384.tmp-\DXSetup.exe N/A
File created C:\Windows\system32\SET8EDF.tmp C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\infinst.exe N/A
File opened for modification C:\Windows\system32\SET7A4C.tmp C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\infinst.exe N/A
File opened for modification C:\Windows\SysWOW64\D3DX9_43.dll C:\Windows\Installer\MSI6384.tmp-\DXSetup.exe N/A
File opened for modification C:\Windows\SysWOW64\D3DCompiler_43.dll C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
File opened for modification C:\Windows\SysWOW64\d3dx10_43.dll C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
File created C:\Windows\SysWOW64\SET58C4.tmp C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
File opened for modification C:\Windows\SysWOW64\SET58C4.tmp C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
File opened for modification C:\Windows\SysWOW64\SET7981.tmp C:\Windows\Installer\MSI6384.tmp-\DXSetup.exe N/A
File created C:\Windows\system32\SET88C3.tmp C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\infinst.exe N/A
File created C:\Windows\system32\SET7A4C.tmp C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\infinst.exe N/A
File created C:\Windows\system32\SET8E90.tmp C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\infinst.exe N/A
File opened for modification C:\Windows\SysWOW64\xinput1_3.dll C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
File created C:\Windows\system32\SET780A.tmp C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\infinst.exe N/A
File created C:\Windows\SysWOW64\SET5876.tmp C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
File opened for modification C:\Windows\system32\SET7DD7.tmp C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\infinst.exe N/A
File opened for modification C:\Windows\system32\SET8336.tmp C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\infinst.exe N/A
File created C:\Windows\system32\SET8336.tmp C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\infinst.exe N/A
File created C:\Windows\SysWOW64\SET8DE5.tmp C:\Windows\Installer\MSI6384.tmp-\DXSetup.exe N/A
File opened for modification C:\Windows\system32\XAudio2_7.dll C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\infinst.exe N/A
File opened for modification C:\Windows\SysWOW64\SET7B85.tmp C:\Windows\Installer\MSI6384.tmp-\DXSetup.exe N/A
File opened for modification C:\Windows\system32\d3dx10_43.dll C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\infinst.exe N/A
File opened for modification C:\Windows\SysWOW64\XAudio2_7.dll C:\Windows\Installer\MSI6384.tmp-\DXSetup.exe N/A
File opened for modification C:\Windows\SysWOW64\SET58B4.tmp C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
File opened for modification C:\Windows\system32\D3DCompiler_43.dll C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\infinst.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\region\in.res C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe N/A
File created C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\unit\en_TO.res C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe N/A
File created C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\en_LC.res C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\region\sr_BA.res C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\zone\en_KI.res C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\zone\guz.res C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Content\EcosystemStyle\secondary_split_btn_left.png C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe N/A
File created C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Content\New UI\UE\read_icon.png C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe N/A
File created C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\ar_IQ.res C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\curr\ksh.res C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Engine\Content\Slate\Icons\icon_redo_16px.png C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe N/A
File created C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\region\th_TH.res C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe N/A
File created C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\SysFiles\Fortnite-1100.v2sdmeta C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe N/A
File created C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\coll\chr.res C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe N/A
File created C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\zone\cy.res C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe N/A
File created C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\region\en_HK.res C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\curr\en_IO.res C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\unit\sr_Latn_CS.res C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\ebu.res C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Slate\Common\ColumnHeaderMenuButton_Normal.png C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Engine\Binaries\ThirdParty\CEF3\Win64\Resources\locales\lt.pak C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe N/A
File created C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Win32\Resources\locales\bg.pak C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe N/A
File created C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\curr\lrc.res C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\region\ar_SA.res C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\lag.res C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe N/A
File created C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\lang\iw_IL.res C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe N/A
File created C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\rbnf\es_SV.res C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\unit\lv.res C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\region\lrc.res C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\en_NG.res C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\region\yue.res C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Engine\Binaries\Win64\api-ms-win-core-localization-l1-2-0.dll C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe N/A
File created C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Content\Font\NotoSansThai-Bold.ttf C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe N/A
File created C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\region\zh_Hant_MO.res C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe N/A
File created C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\en_MS.res C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\curr\nds.res C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\unit\bs_Cyrl.res C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\curr\nl.res C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\zone\en_SX.res C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Engine\Content\Slate\Icons\notificationlist_success.png C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe N/A
File created C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\so.res C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe N/A
File created C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\vai.res C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\unit\en_PG.res C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\region\eu.res C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Epic Games\Epic Online Services\CEF\Win32\Resources\locales\ko.pak C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Content\Web\modal\fonts\BrutalType-Regular\BrutalType-Regular.html C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe N/A
File created C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\zone\kw.res C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Engine\Binaries\Win32\api-ms-win-core-util-l1-1-0.dll C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe N/A
File created C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\nl_SX.res C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\az_Latn.res C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\curr\sr_Cyrl_XK.res C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win32\api-ms-win-crt-runtime-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\curr\en_IO.res C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\zh_Hans.res C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\rbnf\zh.res C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe N/A
File created C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\SysFiles\0425_Genshin_Impact.png C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe N/A
File created C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\unit\yue_Hant.res C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\lang\as.res C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\region\hi.res C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\unit\en_SD.res C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\lang\pt_GQ.res C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Content\New UI\UE\PinUp.png C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe N/A
File created C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\curr\en_SX.res C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Content\Web\webmodal\fonts\BrutalType-Bold\BrutalType-Bold.eot C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\MSI95D0.tmp-\Jun2010_d3dx10_43_x86.cab C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI95D0.tmp-\Jun2010_d3dx9_43_x64.cab C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI6384.tmp-\Jun2010_XAudio_x64.cab C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI95D0.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6384.tmp-\CustomActionManaged.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI95D0.tmp-\dxdllreg_x86.cab C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSIB03F.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB10C.tmp-\Microsoft.Deployment.WindowsInstaller.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI6384.tmp-\APR2007_xinput_x86.cab C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI95D0.tmp-\Jun2010_d3dx10_43_x64.cab C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification \??\c:\windows\jk.bat C:\Users\Admin\Downloads\Bugsoft.exe N/A
File opened for modification C:\Windows\Installer\MSI22D5.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\$PatchCache$\Managed\499C5C9F9B6F57D43B7EDA108B04379E\1.0.0\F_CENTRAL_vccorlib110_x64.4006A2C6_1BD5_3759_9C0C_17A8FFBF6E3C C:\Windows\system32\msiexec.exe N/A
File opened for modification \??\c:\windows\mail.vbs C:\Users\Admin\Downloads\Bugsoft.exe N/A
File opened for modification C:\Windows\Installer\MSI95D0.tmp-\Feb2010_X3DAudio_x64.cab C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSIBDDE.tmp-\Microsoft.Deployment.WindowsInstaller.dll C:\Windows\SysWOW64\rundll32.exe N/A
File created C:\Windows\Installer\$PatchCache$\Managed\499C5C9F9B6F57D43B7EDA108B04379E\1.0.0\F_CENTRAL_vccorlib120_x64.05F0B5F5_44A8_3793_976B_A4F17AECF92C C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6384.tmp-\Jun2010_d3dx10_43_x64.cab C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI95D0.tmp-\dsetup32.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification \??\c:\windows\mail.vbs C:\Users\Admin\Downloads\Bugsoft.exe N/A
File opened for modification C:\Windows\Installer\MSIE55A.tmp-\CustomActionManaged.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSIEC23.tmp-\CustomAction.config C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI95D0.tmp-\APR2007_xinput_x64.cab C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI964B.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI96D9.tmp-\CustomAction.config C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\499C5C9F9B6F57D43B7EDA108B04379E\1.0.0 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI99B9.tmp-\Jun2010_D3DCompiler_43_x86.cab C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSIE9FF.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\$PatchCache$\Managed\499C5C9F9B6F57D43B7EDA108B04379E\1.0.0\F_CENTRAL_vccorlib110_x86.F9D0B380_EB85_31D4_96AC_C6CB40086A55 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6384.tmp-\dxdllreg_x86.cab C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI95D0.tmp-\CustomActionManaged.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI95D0.tmp-\dxupdate.cab C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI95D0.tmp-\Jun2010_D3DCompiler_43_x64.cab C:\Windows\SysWOW64\rundll32.exe N/A
File created C:\Windows\Installer\e62ab7d.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\E6AAF58BAA9A556409921E4ADE0CE5A1\1.3.93\F_CENTRAL_msvcp120_x86.194841A2_D0F2_3B96_9F71_05BA91BEA0FA C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI99B9.tmp-\Jun2010_d3dx10_43_x86.cab C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification \??\c:\windows\jk.bat C:\Users\Admin\Downloads\Bugsoft.exe N/A
File opened for modification C:\Windows\Logs\DirectX.log C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\infinst.exe N/A
File opened for modification C:\Windows\Installer\MSI99B9.tmp-\Jun2010_d3dx11_43_x86.cab C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification \??\c:\windows\mail.vbs C:\Users\Admin\Downloads\Bugsoft.exe N/A
File created C:\Windows\Installer\$PatchCache$\Managed\499C5C9F9B6F57D43B7EDA108B04379E\1.0.0\F_CENTRAL_msvcp120_x86.194841A2_D0F2_3B96_9F71_05BA91BEA0FA C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI99B9.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIEC23.tmp-\Microsoft.Deployment.WindowsInstaller.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\499C5C9F9B6F57D43B7EDA108B04379E\1.0.0\F_CENTRAL_msvcp100_x86.DF495DFD_79F6_34DF_BB1E_E58DB5BDCF2C C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6384.tmp-\Microsoft.Deployment.WindowsInstaller.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Logs\DirectX.log C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\infinst.exe N/A
File opened for modification C:\Windows\Installer\MSI95D0.tmp-\Jun2010_D3DCompiler_43_x86.cab C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI95D0.tmp-\Jun2010_d3dx9_43_x86.cab C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\499C5C9F9B6F57D43B7EDA108B04379E\1.0.0\F_CENTRAL_msvcr120_x64.05F0B5F5_44A8_3793_976B_A4F17AECF92C C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}\UnrealEngineLauncher.ico C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6384.tmp-\APR2007_xinput_x64.cab C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI95D0.tmp-\CustomAction.config C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\{57A956AB-4BCC-45C6-9B40-957E4E125568}\Installer.ico C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIE6F1.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification \??\c:\windows\jk.bat C:\Users\Admin\Downloads\Bugsoft.exe N/A
File opened for modification C:\Windows\Installer\MSI22D5.tmp-\CustomAction.config C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\499C5C9F9B6F57D43B7EDA108B04379E\1.0.0\F_CENTRAL_msvcr120_x86.194841A2_D0F2_3B96_9F71_05BA91BEA0FA C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6384.tmp-\Jun2010_d3dx9_43_x86.cab C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI99B9.tmp-\dxupdate.cab C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI70EB.tmp-\Microsoft.Deployment.WindowsInstaller.dll C:\Windows\SysWOW64\rundll32.exe N/A
File created C:\Windows\Installer\$PatchCache$\Managed\499C5C9F9B6F57D43B7EDA108B04379E\1.0.0\F_CENTRAL_msvcp120_x64.05F0B5F5_44A8_3793_976B_A4F17AECF92C C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e62ab7f.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\499C5C9F9B6F57D43B7EDA108B04379E\1.0.0\F_CENTRAL_msvcp110_x86.F9D0B380_EB85_31D4_96AC_C6CB40086A55 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI95D0.tmp-\Jun2010_XAudio_x86.cab C:\Windows\SysWOW64\rundll32.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\Downloads\DanaBot (1).exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Epic Games\Epic Online Services\EpicOnlineServices.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Redist\LauncherPrereqSetup_x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Installer\MSI6384.tmp-\DXSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\DanaBot (1).exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Bugsoft.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Bugsoft.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Redist\LauncherPrereqSetup_x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\SteamSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Bugsoft.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Epic Games\Epic Online Services\EpicOnlineServicesUserHelper.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Bugsoft.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Bugsoft.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Bugsoft.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Epic Games\Launcher\Portal\Extras\EOS\InstallChainer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Bugsoft.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Bugsoft.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000a47b29fbd6f9c3720000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000a47b29fb0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900a47b29fb000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1da47b29fb000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000a47b29fb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steam.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\steam.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3115175381" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008110495d4aa4cb41b6757eb2472c6e5100000000020000000000106600000001000020000000f24fea2d4acc007bd7fe9ed05890beb73247914031c8ae92a0e1e0a7cba61fba000000000e8000000002000020000000bd0dd6b98833eaf3d8c4c71e35c962b8e424568ccb81ff30d0f7c60352e56cb52000000022d0c0af8dca0558e52807697dcb5c6d1aa37e40598e67042c0d2f8b214a31ea40000000f815e5578ba0d53a0753aaa3f35492b9f3fd09bd4d01d77f37a7379f78f58c12086c746b7687872525eb40c6903ce1984384485ec1591b6a15a88acc5e4d9604 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3115175381" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e06c4bba9d37db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 007f55ba9d37db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{E54B33A6-A390-11EF-A7EA-C67090DD1599} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31143837" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31143837" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008110495d4aa4cb41b6757eb2472c6e5100000000020000000000106600000001000020000000792c11ad007c3c05edf46398d247257683632e5eb6cf8e04538a8e084b23272b000000000e8000000002000020000000a4d571808ec15d3622454d69fd38d7aa86621b526be5244b39150b7458e1fd7520000000d44ddd179d2a9308981642a4a03fbb5aa6c0156a745c940394fcdcc54b4e45d34000000028ec2c9b3ba6308fbd82795968683a9b0ebdd35621ab02a5d230501a9429d1b9d4af8c29d8b0fe67b6c4f7484996a9a091ff512d9d6327cc314d285df0a25fb5 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28\52C64B7E\@%SystemRoot%\system32\dnsapi.dll,-103 = "Domain Name System (DNS) Server Trust" C:\Windows\Installer\MSI6384.tmp-\DXSetup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\Installer\MSI6384.tmp-\DXSetup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\Installer\MSI6384.tmp-\DXSetup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\Installer\MSI6384.tmp-\DXSetup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Epic Games C:\Program Files (x86)\Epic Games\Epic Online Services\EpicOnlineServicesUserHelper.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28\52C64B7E\@%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,-124 = "Document Encryption" C:\Windows\Installer\MSI6384.tmp-\DXSetup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\Installer\MSI6384.tmp-\DXSetup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ C:\Windows\SysWOW64\rundll32.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\Installer\MSI6384.tmp-\DXSetup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\27 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\Installer\MSI6384.tmp-\DXSetup.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" C:\Windows\SysWOW64\rundll32.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" C:\Windows\SysWOW64\rundll32.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\Installer\MSI6384.tmp-\DXSetup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\Installer\MSI6384.tmp-\DXSetup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\Installer\MSI6384.tmp-\DXSetup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\Installer\MSI6384.tmp-\DXSetup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\Installer\MSI6384.tmp-\DXSetup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\Installer\MSI6384.tmp-\DXSetup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\TelemetrySalt = "5" C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" C:\Windows\SysWOW64\rundll32.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\Installer\MSI6384.tmp-\DXSetup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Windows\Installer\MSI6384.tmp-\DXSetup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\Installer\MSI6384.tmp-\DXSetup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\Installer\MSI6384.tmp-\DXSetup.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Epic Games\Unreal Engine\Identifiers\MachineId = "9073C5C0455D43A7A3C4E3B0F80B5CB2" C:\Program Files (x86)\Epic Games\Epic Online Services\EpicOnlineServicesUserHelper.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\Installer\MSI6384.tmp-\DXSetup.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\Installer\MSI6384.tmp-\DXSetup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\Installer\MSI6384.tmp-\DXSetup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\Installer\MSI6384.tmp-\DXSetup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" C:\Windows\SysWOW64\rundll32.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\Installer\MSI6384.tmp-\DXSetup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\Installer\MSI6384.tmp-\DXSetup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Epic Games\Unreal Engine\Identifiers C:\Program Files (x86)\Epic Games\Epic Online Services\EpicOnlineServicesUserHelper.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\Installer\MSI6384.tmp-\DXSetup.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" C:\Windows\SysWOW64\rundll32.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5a508685-a254-4fba-9b82-9a24b00306af}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\com.epicgames.launcher\shell\open\command\ = "\"C:\\Program Files (x86)\\Epic Games\\Launcher\\Portal\\Binaries\\Win32\\EpicGamesLauncher.exe\" %1" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BA659A75CCB46C54B90459E7E4215586\Assignment = "1" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BA659A75CCB46C54B90459E7E4215586\DeploymentFlags = "3" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{43a03b9c-4770-409c-a999-587b60700b63}\DisplayName = "Launcher Prerequisites (x64)" C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Redist\LauncherPrereqSetup_x64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\steamlink\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E6AAF58BAA9A556409921E4ADE0CE5A1\SourceList C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\com.epicgames.eos\URL Protocol C:\Program Files (x86)\Epic Games\Epic Online Services\EpicOnlineServicesUserHelper.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6a93130e-1d53-41d1-a9cf-e758800bb179}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{cac1105f-619b-4d04-831a-44e1cbf12d57}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E6AAF58BAA9A556409921E4ADE0CE5A1\SourceList\Net\1 = "C:\\Users\\Admin\\Downloads\\" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BA659A75CCB46C54B90459E7E4215586\Version = "33554476" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BA659A75CCB46C54B90459E7E4215586\SourceList C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6a93130e-1d53-41d1-a9cf-e758800bb179}\InProcServer32\ = "C:\\Windows\\SysWow64\\XAudio2_7.dll" C:\Windows\Installer\MSI6384.tmp-\DXSetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\E6AAF58BAA9A556409921E4ADE0CE5A1\DirectXRedist C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\com.epicgames.eos\DefaultIcon C:\Program Files (x86)\Epic Games\Epic Online Services\EpicOnlineServicesUserHelper.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\499C5C9F9B6F57D43B7EDA108B04379E\Language = "1033" C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\499C5C9F9B6F57D43B7EDA108B04379E\Clients = 3a0000000000 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\com.epicgames.launcher\DefaultIcon C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E6AAF58BAA9A556409921E4ADE0CE5A1 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{43a03b9c-4770-409c-a999-587b60700b63}\Dependents C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Redist\LauncherPrereqSetup_x64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\steamlink\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6a93130e-1d53-41d1-a9cf-e758800bb179} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\com.epicgames.launcher\DefaultIcon C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\com.epicgames.launcher\DefaultIcon\ = "C:\\Program Files (x86)\\Epic Games\\Launcher\\Portal\\Binaries\\Win32\\EpicGamesLauncher.exe,0" C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BA659A75CCB46C54B90459E7E4215586\Clients = 3a0000000000 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5a508685-a254-4fba-9b82-9a24b00306af} C:\Windows\Installer\MSI6384.tmp-\DXSetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{cac1105f-619b-4d04-831a-44e1cbf12d57}\InProcServer32\ThreadingModel = "Both" C:\Windows\Installer\MSI6384.tmp-\DXSetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{cac1105f-619b-4d04-831a-44e1cbf12d57}\InProcServer32\ = "C:\\Windows\\SysWow64\\XAudio2_7.dll" C:\Windows\Installer\MSI6384.tmp-\DXSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\steamlink\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\E6AAF58BAA9A556409921E4ADE0CE5A1\ProductFeature C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E6AAF58BAA9A556409921E4ADE0CE5A1\Assignment = "1" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\499C5C9F9B6F57D43B7EDA108B04379E\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5a508685-a254-4fba-9b82-9a24b00306af}\InProcServer32\ = "C:\\Windows\\SysWow64\\XAudio2_7.dll" C:\Windows\Installer\MSI6384.tmp-\DXSetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\06160A3C31624122A971135BA0D60E46 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5a508685-a254-4fba-9b82-9a24b00306af}\InProcServer32\ = "C:\\Windows\\system32\\XAudio2_7.dll" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{cac1105f-619b-4d04-831a-44e1cbf12d57} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3350944739-639801879-157714471-1000\{7D684A88-B269-47D8-A2BA-E0F72F27A596} C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\E6AAF58BAA9A556409921E4ADE0CE5A1 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\BA659A75CCB46C54B90459E7E4215586 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BA659A75CCB46C54B90459E7E4215586\ProductIcon = "C:\\Windows\\Installer\\{57A956AB-4BCC-45C6-9B40-957E4E125568}\\Installer.ico" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\classes\com.epicgames.eos C:\Program Files (x86)\Epic Games\Epic Online Services\EpicOnlineServicesUserHelper.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5a508685-a254-4fba-9b82-9a24b00306af}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\steamlink C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\steamlink\ = "URL:steamlink protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\2BCFAA43FBEEC904B97FAF707FE4CEEA\BA659A75CCB46C54B90459E7E4215586 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BA659A75CCB46C54B90459E7E4215586\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}\Version = "1.0.0.0" C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Redist\LauncherPrereqSetup_x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5a508685-a254-4fba-9b82-9a24b00306af}\ = "XAudio2" C:\Windows\Installer\MSI6384.tmp-\DXSetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{cac1105f-619b-4d04-831a-44e1cbf12d57}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\steam\DefaultIcon C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\steam\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\steam\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}\Dependents\{43a03b9c-4770-409c-a999-587b60700b63} C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Redist\LauncherPrereqSetup_x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\steam C:\Program Files (x86)\Steam\bin\steamservice.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 040000000100000010000000cb17e431673ee209fe455793f30afa1c0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c953000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030109000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df1400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3617e000000010000000800000000c0032f2df8d6016800000001000000000000000300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e5190000000100000010000000d8b5fb368468620275d142ffd2aade372000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Redist\LauncherPrereqSetup_x64.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 5c000000010000000400000000080000190000000100000010000000d8b5fb368468620275d142ffd2aade370300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e56800000001000000000000007e000000010000000800000000c0032f2df8d6011d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610b000000010000001200000056006500720069005300690067006e0000001400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331336200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df09000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703017f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c9040000000100000010000000cb17e431673ee209fe455793f30afa1c2000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Redist\LauncherPrereqSetup_x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5 C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Redist\LauncherPrereqSetup_x64.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 474027.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 853056.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 225996.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 846984.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 295122.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 108211.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 819411.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 716361.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 3257.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe N/A
N/A N/A C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe N/A
N/A N/A C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe N/A
N/A N/A C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe N/A
N/A N/A C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe N/A
N/A N/A C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe N/A
N/A N/A C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe N/A
N/A N/A C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe N/A
N/A N/A C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe N/A
N/A N/A C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\System32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe N/A
N/A N/A C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 556 wrote to memory of 4420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 4420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 556 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://bing.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeca0746f8,0x7ffeca074708,0x7ffeca074718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,6691744716456273046,10980490184973473621,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,6691744716456273046,10980490184973473621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,6691744716456273046,10980490184973473621,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6691744716456273046,10980490184973473621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6691744716456273046,10980490184973473621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6691744716456273046,10980490184973473621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6691744716456273046,10980490184973473621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6691744716456273046,10980490184973473621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,6691744716456273046,10980490184973473621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,6691744716456273046,10980490184973473621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6691744716456273046,10980490184973473621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6691744716456273046,10980490184973473621,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6691744716456273046,10980490184973473621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6691744716456273046,10980490184973473621,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6691744716456273046,10980490184973473621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2188,6691744716456273046,10980490184973473621,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3516 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6691744716456273046,10980490184973473621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2188,6691744716456273046,10980490184973473621,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6368 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2188,6691744716456273046,10980490184973473621,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6520 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6691744716456273046,10980490184973473621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6691744716456273046,10980490184973473621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2188,6691744716456273046,10980490184973473621,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5240 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6691744716456273046,10980490184973473621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2188,6691744716456273046,10980490184973473621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1800 /prefetch:8

C:\Users\Admin\Downloads\Bugsoft.exe

"C:\Users\Admin\Downloads\Bugsoft.exe"

C:\Users\Admin\Downloads\Bugsoft.exe

"C:\Users\Admin\Downloads\Bugsoft.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c c:\windows\jk.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c c:\windows\jk.bat

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,6691744716456273046,10980490184973473621,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6276 /prefetch:2

C:\Users\Admin\Downloads\Bugsoft.exe

"C:\Users\Admin\Downloads\Bugsoft.exe"

C:\Users\Admin\Downloads\Bugsoft.exe

"C:\Users\Admin\Downloads\Bugsoft.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c c:\windows\jk.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c c:\windows\jk.bat

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6691744716456273046,10980490184973473621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1

C:\Users\Admin\Downloads\Bugsoft.exe

"C:\Users\Admin\Downloads\Bugsoft.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c c:\windows\jk.bat

C:\Users\Admin\Downloads\Bugsoft.exe

"C:\Users\Admin\Downloads\Bugsoft.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c c:\windows\jk.bat

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6691744716456273046,10980490184973473621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2188,6691744716456273046,10980490184973473621,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6928 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6691744716456273046,10980490184973473621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6691744716456273046,10980490184973473621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2188,6691744716456273046,10980490184973473621,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6620 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6691744716456273046,10980490184973473621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6691744716456273046,10980490184973473621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2188,6691744716456273046,10980490184973473621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6652 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2188,6691744716456273046,10980490184973473621,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7056 /prefetch:8

C:\Users\Admin\Downloads\DanaBot (1).exe

"C:\Users\Admin\Downloads\DanaBot (1).exe"

C:\Windows\SysWOW64\regsvr32.exe

C:\Windows\system32\regsvr32.exe -s C:\Users\Admin\DOWNLO~1\DANABO~1.DLL f1 C:\Users\Admin\DOWNLO~1\DANABO~1.EXE@2216

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 2216 -ip 2216

C:\Windows\SysWOW64\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe C:\Users\Admin\DOWNLO~1\DANABO~1.DLL,f0

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 460

C:\Users\Admin\Downloads\Bugsoft.exe

"C:\Users\Admin\Downloads\Bugsoft.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c c:\windows\jk.bat

C:\Users\Admin\Downloads\Bugsoft.exe

"C:\Users\Admin\Downloads\Bugsoft.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c c:\windows\jk.bat

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6691744716456273046,10980490184973473621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6691744716456273046,10980490184973473621,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6691744716456273046,10980490184973473621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1148 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6691744716456273046,10980490184973473621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6691744716456273046,10980490184973473621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6691744716456273046,10980490184973473621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2188,6691744716456273046,10980490184973473621,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6536 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4d0 0x4f4

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2188,6691744716456273046,10980490184973473621,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7160 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6691744716456273046,10980490184973473621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6691744716456273046,10980490184973473621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6691744716456273046,10980490184973473621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3868 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6691744716456273046,10980490184973473621,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6691744716456273046,10980490184973473621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6691744716456273046,10980490184973473621,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1148 /prefetch:1

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\NewWatch.xhtml

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1168 CREDAT:17410 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffeca0746f8,0x7ffeca074708,0x7ffeca074718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,17984063333297743047,9859016245681894198,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,17984063333297743047,9859016245681894198,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,17984063333297743047,9859016245681894198,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17984063333297743047,9859016245681894198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17984063333297743047,9859016245681894198,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17984063333297743047,9859016245681894198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17984063333297743047,9859016245681894198,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,17984063333297743047,9859016245681894198,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,17984063333297743047,9859016245681894198,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17984063333297743047,9859016245681894198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17984063333297743047,9859016245681894198,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17984063333297743047,9859016245681894198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3664 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17984063333297743047,9859016245681894198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17984063333297743047,9859016245681894198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2108,17984063333297743047,9859016245681894198,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6004 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17984063333297743047,9859016245681894198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,17984063333297743047,9859016245681894198,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3228 /prefetch:8

C:\Windows\System32\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\EpicInstaller-15.17.1.msi"

C:\Windows\System32\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\EpicInstaller-15.17.1.msi"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 4F59E55D8DF733D1504771C7FDA19509 C

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding FD1DE98584C49A6D19611D65358480C0 C

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\MSIA91D.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_241346859 5 CustomActionManaged!CustomActionManaged.CustomActions.ValidatePathLength

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 0C468443915D3B62C19543A64F8C1969

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Windows\Installer\MSIB10C.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_241348875 10 CustomActionManaged!CustomActionManaged.CustomActions.TelemetrySendStart

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Windows\Installer\MSIBDDE.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_241352171 16 CustomActionManaged!CustomActionManaged.CustomActions.SetStartupCmdlineArgs

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Windows\Installer\MSIC9B7.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_241355187 22 CustomActionManaged!CustomActionManaged.CustomActions.CheckReparsePoints

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,17984063333297743047,9859016245681894198,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1440 /prefetch:2

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding BD957DECC0E08189D8EC3819A51D90D2 E Global\MSI0000

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Windows\Installer\MSI22D5.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_241378078 31 CustomActionManaged!CustomActionManaged.CustomActions.MoveChainerToFolder

C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe

"C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe" /silent

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Windows\SysWOW64\icacls.exe

"icacls.exe" "C:\Program Files (x86)\Epic Games\Launcher" /grant "BUILTIN\Users":(OI)(CI)F

C:\Windows\SysWOW64\icacls.exe

"icacls.exe" "C:\ProgramData\Epic" /grant "BUILTIN\Users":(OI)(CI)F

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Windows\Installer\MSI5E3C.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_241393218 50 CustomActionManaged!CustomActionManaged.CustomActions.TelemetrySendEnd

C:\Program Files (x86)\Epic Games\Launcher\Portal\Extras\EOS\InstallChainer.exe

"C:\Program Files (x86)\Epic Games\Launcher\Portal\Extras\EOS\InstallChainer.exe" 44 "C:\Program Files (x86)\Epic Games\Launcher\Portal\Extras\EOS\EpicOnlineServices.msi" "EOSPRODUCTID=EpicGamesLauncher" "C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe"

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Windows\Installer\MSI70EB.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_241398015 59 CustomActionManaged!CustomActionManaged.CustomActions.SetLauncherEpicGamesDirLoc

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Windows\Installer\MSI7234.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_241398328 65 CustomActionManaged!CustomActionManaged.CustomActions.SetLauncherInstallDirLoc

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Windows\Installer\MSI72F1.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_241398515 71 CustomActionManaged!CustomActionManaged.CustomActions.SetServiceWrapperDirLoc

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Windows\Installer\MSI7A25.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_241400343 77 CustomActionManaged!CustomActionManaged.TelemetryActions.TelemetrySendStart

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Windows\Installer\MSI96D9.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_241407687 99 CustomActionManaged!CustomActionManaged.CustomActions.RegisterProductID

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Windows\Installer\MSIE394.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_241427375 110 CustomActionManaged!CustomActionManaged.CustomActions.CopyServiceWrapper

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Windows\Installer\MSIE55A.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_241427796 118 CustomActionManaged!CustomActionManaged.CustomActions.CreateRegistryKeys

C:\Program Files (x86)\Epic Games\Epic Online Services\EpicOnlineServices.exe

"C:\Program Files (x86)\Epic Games\Epic Online Services\EpicOnlineServices.exe" --runApplication=createConfig

C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe

"C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe" install

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Windows\Installer\MSIEC23.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_241429515 247 CustomActionManaged!CustomActionManaged.CustomActions.ExecuteComponents

C:\Program Files (x86)\Epic Games\Epic Online Services\EpicOnlineServicesUserHelper.exe

"C:\Program Files (x86)\Epic Games\Epic Online Services\EpicOnlineServicesUserHelper.exe" --setup

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Windows\Installer\MSIEEE3.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_241430218 254 CustomActionManaged!CustomActionManaged.TelemetryActions.TelemetrySendEnd

C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe

"C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe"

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Redist\LauncherPrereqSetup_x64.exe

"C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Redist\LauncherPrereqSetup_x64.exe" /quiet /log "C:/Users/Admin/AppData/Local/EpicGamesLauncher/Saved/Logs/SelfUpdatePrereqInstall.log"

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Redist\LauncherPrereqSetup_x64.exe

"C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Redist\LauncherPrereqSetup_x64.exe" /quiet /log "C:/Users/Admin/AppData/Local/EpicGamesLauncher/Saved/Logs/SelfUpdatePrereqInstall.log" -burn.unelevated BurnPipe.{B5E7771B-D4E6-468C-92AB-AECD36A28AFB} {AF7D4930-AA54-48DD-8643-F447FA35B7C2} 25292

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding D3197FA299C3DA7E5EFD62BDE180CE85 E Global\MSI0000

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Windows\Installer\MSI6384.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_241526109 261 CustomActionManaged!CustomActionManaged.CustomActions.InstallDirectX

C:\Windows\Installer\MSI6384.tmp-\DXSetup.exe

"C:\Windows\Installer\MSI6384.tmp-\DXSetup.exe" /silent

C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\infinst.exe xinput1_3_x64.inf, Install_Driver

C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\infinst.exe X3DAudio1_7_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\infinst.exe D3DX9_43_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\infinst.exe d3dx10_43_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\infinst.exe d3dx11_43_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\infinst.exe d3dcsx_43_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\infinst.exe D3DCompiler_43_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\infinst.exe XAudio2_7_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_7.dll

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Windows\Installer\MSI95D0.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_241538578 267 CustomActionManaged!CustomActionManaged.CustomActions.SetupLauncherLinkProtocol

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Windows\Installer\MSI99B9.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_241539640 273 CustomActionManaged!CustomActionManaged.CustomActions.SetupLauncherShortcuts

C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe

"C:/Program Files (x86)/Epic Games/Launcher/Portal/Binaries/Win32/EpicGamesLauncher.exe" -Commandlet=selfupdateinstall -newinstancecommand="IC1TYXZlVG9Vc2VyRGlyIC1NZXNzYWdpbmc$" -ForcedRestart

C:\Windows\SysWOW64\taskkill.exe

"taskkill" /F /T /IM EpicWebHelper.exe

C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe

"C:/Program Files (x86)/Epic Games/Launcher/Portal/Binaries/Win64/EpicGamesLauncher.exe" -SaveToUserDir -Messaging -ForcedRestart

C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe

"C:/Program Files (x86)/Epic Games/Launcher/Engine/Binaries/Win64/EpicWebHelper.exe" --type=gpu-process --field-trial-handle=2016,14808391113246198097,2069283931513842805,131072 --disable-features=CalculateNativeWinOcclusion --no-sandbox --locales-dir-path="C:/Program Files (x86)/Epic Games/Launcher/Engine/Binaries/ThirdParty/CEF3/Win64/Resources/locales" --log-file=C:/Users/Admin/AppData/Local/EpicGamesLauncher/Saved/Logs/cef3.log --log-severity=warning --resources-dir-path="C:/Program Files (x86)/Epic Games/Launcher/Engine/Binaries/ThirdParty/CEF3/Win64/Resources" --user-agent-product="EpicGamesLauncher/17.0.2-37848679+++Portal+Release-Live UnrealEngine/4.27.0-37848679+++Portal+Release-Live Chrome/90.0.4430.212" --lang=en --gpu-preferences=SAAAAAAAAADgACAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --log-file=C:/Users/Admin/AppData/Local/EpicGamesLauncher/Saved/Logs/cef3.log --mojo-platform-channel-handle=2032 /prefetch:2

C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe

"C:/Program Files (x86)/Epic Games/Launcher/Engine/Binaries/Win64/EpicWebHelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,14808391113246198097,2069283931513842805,131072 --disable-features=CalculateNativeWinOcclusion --lang=en-US --service-sandbox-type=none --no-sandbox --locales-dir-path="C:/Program Files (x86)/Epic Games/Launcher/Engine/Binaries/ThirdParty/CEF3/Win64/Resources/locales" --log-file=C:/Users/Admin/AppData/Local/EpicGamesLauncher/Saved/Logs/cef3.log --log-severity=warning --resources-dir-path="C:/Program Files (x86)/Epic Games/Launcher/Engine/Binaries/ThirdParty/CEF3/Win64/Resources" --user-agent-product="EpicGamesLauncher/17.0.2-37848679+++Portal+Release-Live UnrealEngine/4.27.0-37848679+++Portal+Release-Live Chrome/90.0.4430.212" --lang=en --log-file=C:/Users/Admin/AppData/Local/EpicGamesLauncher/Saved/Logs/cef3.log --mojo-platform-channel-handle=4780 /prefetch:8

C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe

"C:/Program Files (x86)/Epic Games/Launcher/Engine/Binaries/Win64/EpicWebHelper.exe" --type=renderer --no-sandbox --log-file=C:/Users/Admin/AppData/Local/EpicGamesLauncher/Saved/Logs/cef3.log --field-trial-handle=2016,14808391113246198097,2069283931513842805,131072 --disable-features=CalculateNativeWinOcclusion --lang=en-US --locales-dir-path="C:/Program Files (x86)/Epic Games/Launcher/Engine/Binaries/ThirdParty/CEF3/Win64/Resources/locales" --log-file=C:/Users/Admin/AppData/Local/EpicGamesLauncher/Saved/Logs/cef3.log --log-severity=warning --resources-dir-path="C:/Program Files (x86)/Epic Games/Launcher/Engine/Binaries/ThirdParty/CEF3/Win64/Resources" --user-agent-product="EpicGamesLauncher/17.0.2-37848679+++Portal+Release-Live UnrealEngine/4.27.0-37848679+++Portal+Release-Live Chrome/90.0.4430.212" --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1

C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe

"C:/Program Files (x86)/Epic Games/Launcher/Engine/Binaries/Win64/EpicWebHelper.exe" --type=renderer --no-sandbox --log-file=C:/Users/Admin/AppData/Local/EpicGamesLauncher/Saved/Logs/cef3.log --field-trial-handle=2016,14808391113246198097,2069283931513842805,131072 --disable-features=CalculateNativeWinOcclusion --lang=en-US --locales-dir-path="C:/Program Files (x86)/Epic Games/Launcher/Engine/Binaries/ThirdParty/CEF3/Win64/Resources/locales" --log-file=C:/Users/Admin/AppData/Local/EpicGamesLauncher/Saved/Logs/cef3.log --log-severity=warning --resources-dir-path="C:/Program Files (x86)/Epic Games/Launcher/Engine/Binaries/ThirdParty/CEF3/Win64/Resources" --user-agent-product="EpicGamesLauncher/17.0.2-37848679+++Portal+Release-Live UnrealEngine/4.27.0-37848679+++Portal+Release-Live Chrome/90.0.4430.212" --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1

C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe

"C:/Program Files (x86)/Epic Games/Launcher/Engine/Binaries/Win64/EpicWebHelper.exe" --type=renderer --no-sandbox --log-file=C:/Users/Admin/AppData/Local/EpicGamesLauncher/Saved/Logs/cef3.log --field-trial-handle=2016,14808391113246198097,2069283931513842805,131072 --disable-features=CalculateNativeWinOcclusion --lang=en-US --locales-dir-path="C:/Program Files (x86)/Epic Games/Launcher/Engine/Binaries/ThirdParty/CEF3/Win64/Resources/locales" --log-file=C:/Users/Admin/AppData/Local/EpicGamesLauncher/Saved/Logs/cef3.log --log-severity=warning --resources-dir-path="C:/Program Files (x86)/Epic Games/Launcher/Engine/Binaries/ThirdParty/CEF3/Win64/Resources" --user-agent-product="EpicGamesLauncher/17.0.2-37848679+++Portal+Release-Live UnrealEngine/4.27.0-37848679+++Portal+Release-Live Chrome/90.0.4430.212" --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login/xbl/forward?extLoginState=eyJ0cmFja2luZ1V1aWQiOm51bGwsImxvZ2luUmVxdWVzdElkIjoiNDMxZGIwMDY3ZTY5NGY2MGI0ZmQ0MDhmYzlhOGJkODEiLCJyZXR1cm5UbyI6Imh0dHBzOi8vd3d3LmVwaWNnYW1lcy5jb20vaWQvbG9naW4%252FIiwiYXV0aENvZGUiOm51bGwsImlzUG9wdXAiOnRydWV9&lang=en

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0x7c,0x114,0x7ffeca0746f8,0x7ffeca074708,0x7ffeca074718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,5555761972544524092,17242938000211666328,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,5555761972544524092,17242938000211666328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,5555761972544524092,17242938000211666328,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login/google/forward?extLoginState=eyJ0cmFja2luZ1V1aWQiOm51bGwsImxvZ2luUmVxdWVzdElkIjoiMWIyYjk3MjdhZGJjNGE3ZThiM2IxOTdhMGNkZDM0ZTEiLCJyZXR1cm5UbyI6Imh0dHBzOi8vd3d3LmVwaWNnYW1lcy5jb20vaWQvbG9naW4%252FIiwiYXV0aENvZGUiOm51bGwsImlzUG9wdXAiOnRydWV9&lang=en&externalNonce=ONIYCJP5

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,5555761972544524092,17242938000211666328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,5555761972544524092,17242938000211666328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeca0746f8,0x7ffeca074708,0x7ffeca074718

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,5555761972544524092,17242938000211666328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeca0746f8,0x7ffeca074708,0x7ffeca074718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,10896026208173077235,12479183721462209978,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,10896026208173077235,12479183721462209978,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,10896026208173077235,12479183721462209978,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10896026208173077235,12479183721462209978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10896026208173077235,12479183721462209978,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10896026208173077235,12479183721462209978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4440 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10896026208173077235,12479183721462209978,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4432 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,10896026208173077235,12479183721462209978,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,10896026208173077235,12479183721462209978,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10896026208173077235,12479183721462209978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10896026208173077235,12479183721462209978,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10896026208173077235,12479183721462209978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10896026208173077235,12479183721462209978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10896026208173077235,12479183721462209978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10896026208173077235,12479183721462209978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2084,10896026208173077235,12479183721462209978,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5532 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10896026208173077235,12479183721462209978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2084,10896026208173077235,12479183721462209978,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6352 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2084,10896026208173077235,12479183721462209978,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:8

C:\Users\Admin\Downloads\SteamSetup.exe

"C:\Users\Admin\Downloads\SteamSetup.exe"

C:\Program Files (x86)\Steam\bin\steamservice.exe

"C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install

C:\Program Files (x86)\Steam\steam.exe

"C:\Program Files (x86)\Steam\steam.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 bing.com udp
US 204.79.197.200:80 bing.com tcp
US 204.79.197.200:80 bing.com tcp
GB 88.221.135.27:80 www.bing.com tcp
GB 88.221.135.27:443 www.bing.com tcp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
GB 88.221.135.42:443 r.bing.com tcp
GB 88.221.135.42:443 r.bing.com tcp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 27.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 42.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 assets.msn.com udp
GB 95.101.143.121:443 assets.msn.com tcp
US 8.8.8.8:53 login.microsoftonline.com udp
NL 40.126.32.68:443 login.microsoftonline.com tcp
US 8.8.8.8:53 121.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 www.msn.com udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 c.msn.com udp
IE 13.74.129.1:443 c.msn.com tcp
US 8.8.8.8:53 c.bing.com udp
US 8.8.8.8:53 browser.events.data.msn.com udp
GB 95.101.143.121:443 assets.msn.com tcp
US 204.79.197.237:443 c.bing.com tcp
JP 40.79.189.59:443 browser.events.data.msn.com tcp
JP 40.79.189.59:443 browser.events.data.msn.com tcp
JP 40.79.189.59:443 browser.events.data.msn.com tcp
US 8.8.8.8:53 1.129.74.13.in-addr.arpa udp
US 8.8.8.8:53 59.189.79.40.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 img-s-msn-com.akamaized.net udp
GB 2.19.252.154:443 img-s-msn-com.akamaized.net tcp
GB 2.19.252.154:443 img-s-msn-com.akamaized.net tcp
GB 2.19.252.154:443 img-s-msn-com.akamaized.net tcp
GB 2.19.252.154:443 img-s-msn-com.akamaized.net tcp
US 8.8.8.8:53 154.252.19.2.in-addr.arpa udp
GB 95.101.143.219:443 th.bing.com tcp
US 8.8.8.8:53 219.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.111.133:443 avatars.githubusercontent.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 21.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 154.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 185.199.110.154:443 github.githubassets.com tcp
US 140.82.114.22:443 collector.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.114.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 22.114.82.140.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 182.129.81.91.in-addr.arpa udp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 2.19.252.146:443 aefd.nelreports.net tcp
US 8.8.8.8:53 146.252.19.2.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
GB 2.19.252.146:443 aefd.nelreports.net udp
US 8.8.8.8:53 27.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.210:443 api.github.com tcp
FR 51.77.7.204:443 tcp
US 38.68.50.179:443 tcp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 2.19.252.146:443 aefd.nelreports.net udp
CA 51.222.39.81:443 tcp
FR 51.77.7.204:443 tcp
FR 51.77.7.204:443 tcp
FR 51.178.195.151:443 tcp
FR 51.77.7.204:443 tcp
US 149.255.35.125:443 tcp
FR 51.77.7.204:443 tcp
FR 51.77.7.204:443 tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.114.21:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 21.114.82.140.in-addr.arpa udp
GB 95.101.143.219:443 www.bing.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.187.238:80 www.youtube.com tcp
GB 142.250.187.238:80 www.youtube.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
GB 142.250.187.238:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.22:443 i.ytimg.com tcp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 22.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 234.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
GB 64.233.167.84:443 accounts.google.com tcp
GB 64.233.167.84:443 accounts.google.com udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 84.167.233.64.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.179.238:443 youtube.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com tcp
GB 142.250.187.206:443 play.google.com udp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 228.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.201.106:443 jnn-pa.googleapis.com tcp
GB 216.58.201.106:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 consent.youtube.com udp
GB 216.58.204.78:443 consent.youtube.com tcp
GB 172.217.169.22:443 i.ytimg.com udp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 rr3---sn-q4flrnss.googlevideo.com udp
GB 142.250.178.2:443 googleads.g.doubleclick.net tcp
US 173.194.57.104:443 rr3---sn-q4flrnss.googlevideo.com tcp
US 173.194.57.104:443 rr3---sn-q4flrnss.googlevideo.com tcp
GB 142.250.178.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 104.57.194.173.in-addr.arpa udp
US 173.194.57.104:443 rr3---sn-q4flrnss.googlevideo.com tcp
US 173.194.57.104:443 rr3---sn-q4flrnss.googlevideo.com tcp
GB 142.250.179.238:443 youtube.com udp
US 173.194.57.104:443 rr3---sn-q4flrnss.googlevideo.com tcp
US 173.194.57.104:443 rr3---sn-q4flrnss.googlevideo.com tcp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.178.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 6.178.250.142.in-addr.arpa udp
GB 142.250.187.206:443 play.google.com udp
US 8.8.8.8:53 suggestqueries-clients6.youtube.com udp
GB 172.217.169.78:443 suggestqueries-clients6.youtube.com tcp
US 8.8.8.8:53 78.169.217.172.in-addr.arpa udp
GB 172.217.169.78:443 suggestqueries-clients6.youtube.com udp
GB 172.217.169.22:443 i.ytimg.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.200.33:443 yt3.ggpht.com tcp
GB 142.250.200.33:443 yt3.ggpht.com tcp
US 8.8.8.8:53 i9.ytimg.com udp
GB 142.250.179.238:443 i9.ytimg.com tcp
US 8.8.8.8:53 33.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 rr5---sn-aigzrnsz.googlevideo.com udp
GB 74.125.175.170:443 rr5---sn-aigzrnsz.googlevideo.com tcp
GB 74.125.175.170:443 rr5---sn-aigzrnsz.googlevideo.com udp
GB 142.250.200.33:443 yt3.ggpht.com udp
US 8.8.8.8:53 170.175.125.74.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.200.34:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 rr2---sn-aigzrn76.googlevideo.com udp
GB 173.194.137.71:443 rr2---sn-aigzrn76.googlevideo.com udp
US 8.8.8.8:53 71.137.194.173.in-addr.arpa udp
US 8.8.8.8:53 rr5---sn-2oaig5-55.googlevideo.com udp
GB 74.125.4.197:443 rr5---sn-2oaig5-55.googlevideo.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 197.4.125.74.in-addr.arpa udp
GB 216.58.201.97:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 97.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
GB 216.58.201.97:443 lh6.googleusercontent.com udp
US 8.8.8.8:53 rr3---sn-aigzrnld.googlevideo.com udp
GB 74.125.97.72:443 rr3---sn-aigzrnld.googlevideo.com udp
US 8.8.8.8:53 72.97.125.74.in-addr.arpa udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 rr1---sn-aigzrnz7.googlevideo.com udp
GB 74.125.175.198:443 rr1---sn-aigzrnz7.googlevideo.com udp
US 8.8.8.8:53 198.175.125.74.in-addr.arpa udp
GB 88.221.135.33:443 www.bing.com tcp
GB 88.221.135.33:443 www.bing.com tcp
US 8.8.8.8:53 33.135.221.88.in-addr.arpa udp
GB 142.250.179.238:443 i9.ytimg.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.200.10:443 jnn-pa.googleapis.com udp
GB 172.217.169.78:443 suggestqueries-clients6.youtube.com udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com udp
GB 74.125.175.198:443 rr1---sn-aigzrnz7.googlevideo.com udp
GB 216.58.201.97:443 lh4.googleusercontent.com udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
GB 88.221.135.42:443 www.bing.com tcp
GB 88.221.135.42:443 www.bing.com tcp
GB 88.221.135.42:443 www.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
GB 88.221.135.33:443 r.bing.com tcp
GB 88.221.135.33:443 r.bing.com tcp
GB 95.101.143.219:443 r.bing.com tcp
GB 95.101.143.219:443 r.bing.com tcp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 www.epicgames.com udp
US 104.18.21.94:443 www.epicgames.com tcp
US 104.18.21.94:443 www.epicgames.com tcp
US 8.8.8.8:53 static-assets-prod.epicgames.com udp
US 8.8.8.8:53 components.unrealengine.com udp
US 8.8.8.8:53 cdn2.unrealengine.com udp
US 8.8.8.8:53 cdn1.unrealengine.com udp
GB 18.172.88.41:443 components.unrealengine.com tcp
GB 18.172.88.41:443 components.unrealengine.com tcp
GB 18.172.88.41:443 components.unrealengine.com tcp
GB 18.172.88.41:443 components.unrealengine.com tcp
GB 18.172.88.41:443 components.unrealengine.com tcp
GB 95.100.245.24:443 cdn1.unrealengine.com tcp
US 8.8.8.8:53 cdn3.unrealengine.com udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
GB 95.100.245.24:443 cdn1.unrealengine.com tcp
GB 95.100.245.24:443 cdn1.unrealengine.com tcp
GB 95.100.245.24:443 cdn1.unrealengine.com tcp
GB 95.100.245.24:443 cdn1.unrealengine.com tcp
GB 95.100.245.24:443 cdn1.unrealengine.com tcp
GB 95.100.245.24:443 cdn1.unrealengine.com tcp
FR 13.32.145.85:443 static-assets-prod.unrealengine.com tcp
FR 13.249.9.64:443 cdn3.unrealengine.com tcp
US 8.8.8.8:53 94.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 24.245.100.95.in-addr.arpa udp
US 8.8.8.8:53 41.88.172.18.in-addr.arpa udp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
FR 3.164.163.87:80 crt.rootg2.amazontrust.com tcp
FR 3.164.163.87:80 crt.rootg2.amazontrust.com tcp
US 8.8.8.8:53 tracking.epicgames.com udp
US 54.204.162.195:443 tracking.epicgames.com tcp
US 8.8.8.8:53 4c596c9ec80a.us-east-1.sdk.awswaf.com udp
FR 52.222.149.54:443 4c596c9ec80a.us-east-1.sdk.awswaf.com tcp
US 8.8.8.8:53 85.145.32.13.in-addr.arpa udp
US 8.8.8.8:53 64.9.249.13.in-addr.arpa udp
US 8.8.8.8:53 50.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 87.163.164.3.in-addr.arpa udp
US 8.8.8.8:53 195.162.204.54.in-addr.arpa udp
US 8.8.8.8:53 54.149.222.52.in-addr.arpa udp
US 8.8.8.8:53 graphql.epicgames.com udp
US 44.214.255.12:443 graphql.epicgames.com tcp
US 8.8.8.8:53 4c596c9ec80a.466da07a.us-east-1.token.awswaf.com udp
US 8.8.8.8:53 cdn.cookielaw.org udp
FR 18.245.175.54:443 4c596c9ec80a.466da07a.us-east-1.token.awswaf.com tcp
US 104.18.86.42:443 cdn.cookielaw.org tcp
US 44.214.255.12:443 graphql.epicgames.com tcp
US 104.18.86.42:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 12.255.214.44.in-addr.arpa udp
US 8.8.8.8:53 54.175.245.18.in-addr.arpa udp
US 8.8.8.8:53 42.86.18.104.in-addr.arpa udp
US 104.18.21.94:443 www.epicgames.com udp
FR 18.245.175.54:443 4c596c9ec80a.466da07a.us-east-1.token.awswaf.com udp
US 104.18.21.94:443 www.epicgames.com udp
US 8.8.8.8:53 epicgames-privacy.my.onetrust.com udp
US 8.8.8.8:53 launcher-public-service-prod06.ol.epicgames.com udp
US 172.64.155.119:443 epicgames-privacy.my.onetrust.com tcp
FR 18.245.199.102:443 launcher-public-service-prod06.ol.epicgames.com tcp
FR 18.245.199.102:443 launcher-public-service-prod06.ol.epicgames.com tcp
US 8.8.8.8:53 epicgames-download1.akamaized.net udp
GB 2.18.190.69:443 epicgames-download1.akamaized.net tcp
US 8.8.8.8:53 119.155.64.172.in-addr.arpa udp
US 8.8.8.8:53 102.199.245.18.in-addr.arpa udp
US 8.8.8.8:53 69.190.18.2.in-addr.arpa udp
FR 51.77.7.204:443 tcp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 38.68.50.179:443 tcp
US 8.8.8.8:53 datarouter.ol.epicgames.com udp
US 54.208.220.37:443 datarouter.ol.epicgames.com tcp
US 8.8.8.8:53 37.220.208.54.in-addr.arpa udp
CA 51.222.39.81:443 tcp
FR 51.77.7.204:443 tcp
FR 51.77.7.204:443 tcp
US 8.8.8.8:53 57.110.18.2.in-addr.arpa udp
US 54.208.220.37:443 datarouter.ol.epicgames.com tcp
US 8.8.8.8:53 api.epicgames.dev udp
US 3.225.132.41:443 api.epicgames.dev tcp
US 8.8.8.8:53 41.132.225.3.in-addr.arpa udp
FR 51.178.195.151:443 tcp
US 3.225.132.41:443 api.epicgames.dev tcp
FR 51.77.7.204:443 tcp
US 8.8.8.8:53 account-public-service-prod03.ol.epicgames.com udp
US 34.202.148.221:443 account-public-service-prod03.ol.epicgames.com tcp
US 8.8.8.8:53 launcher-public-service-prod06.ol.epicgames.com udp
FR 18.245.199.99:443 launcher-public-service-prod06.ol.epicgames.com tcp
US 8.8.8.8:53 download.epicgames.com udp
US 3.165.148.77:80 download.epicgames.com tcp
US 8.8.8.8:53 221.148.202.34.in-addr.arpa udp
US 8.8.8.8:53 99.199.245.18.in-addr.arpa udp
US 8.8.8.8:53 77.148.165.3.in-addr.arpa udp
US 3.165.148.77:80 download.epicgames.com tcp
US 3.165.148.77:80 download.epicgames.com tcp
US 3.165.148.77:80 download.epicgames.com tcp
US 3.165.148.77:80 download.epicgames.com tcp
US 3.165.148.77:80 download.epicgames.com tcp
US 3.165.148.77:80 download.epicgames.com tcp
US 3.165.148.77:80 download.epicgames.com tcp
US 3.165.148.77:80 download.epicgames.com tcp
US 3.165.148.77:80 download.epicgames.com tcp
US 3.165.148.77:80 download.epicgames.com tcp
US 3.165.148.77:80 download.epicgames.com tcp
US 3.165.148.77:80 download.epicgames.com tcp
US 3.165.148.77:80 download.epicgames.com tcp
US 3.165.148.77:80 download.epicgames.com tcp
US 3.165.148.77:80 download.epicgames.com tcp
US 3.165.148.77:80 download.epicgames.com tcp
US 3.165.148.77:80 download.epicgames.com tcp
US 3.165.148.77:80 download.epicgames.com tcp
US 3.165.148.77:80 download.epicgames.com tcp
US 3.165.148.77:80 download.epicgames.com tcp
US 3.165.148.77:80 download.epicgames.com tcp
US 3.165.148.77:80 download.epicgames.com tcp
US 3.165.148.77:80 download.epicgames.com tcp
US 3.165.148.77:80 download.epicgames.com tcp
US 149.255.35.125:443 tcp
US 3.165.148.77:80 download.epicgames.com tcp
US 3.165.148.77:80 download.epicgames.com tcp
US 8.8.8.8:53 4c596c9ec80a.466da07a.us-east-1.token.awswaf.com udp
FR 18.245.175.119:443 4c596c9ec80a.466da07a.us-east-1.token.awswaf.com udp
US 8.8.8.8:53 119.175.245.18.in-addr.arpa udp
US 3.165.148.77:80 download.epicgames.com tcp
US 3.165.148.77:80 download.epicgames.com tcp
US 3.165.148.77:80 download.epicgames.com tcp
FR 51.77.7.204:443 tcp
US 3.165.148.77:80 download.epicgames.com tcp
US 3.165.148.77:80 download.epicgames.com tcp
US 3.165.148.77:80 download.epicgames.com tcp
US 3.165.148.77:80 download.epicgames.com tcp
US 3.165.148.77:80 download.epicgames.com tcp
US 3.165.148.77:80 download.epicgames.com tcp
US 3.165.148.77:80 download.epicgames.com tcp
US 3.165.148.77:80 download.epicgames.com tcp
US 3.165.148.77:80 download.epicgames.com tcp
US 3.165.148.77:80 download.epicgames.com tcp
US 3.165.148.77:80 download.epicgames.com tcp
US 3.165.148.77:80 download.epicgames.com tcp
US 3.165.148.77:80 download.epicgames.com tcp
US 8.8.8.8:53 datarouter.ol.epicgames.com udp
US 34.231.133.239:443 datarouter.ol.epicgames.com tcp
US 8.8.8.8:53 239.133.231.34.in-addr.arpa udp
FR 51.77.7.204:443 tcp
US 8.8.8.8:53 74.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 ocsp.thawte.com udp
DE 152.199.19.74:80 ocsp.thawte.com tcp
US 8.8.8.8:53 crl.thawte.com udp
SE 192.229.221.95:80 crl.thawte.com tcp
US 34.231.133.239:443 datarouter.ol.epicgames.com tcp
US 8.8.8.8:53 account-public-service-prod03.ol.epicgames.com udp
US 44.206.14.3:443 account-public-service-prod03.ol.epicgames.com tcp
US 8.8.8.8:53 3.14.206.44.in-addr.arpa udp
US 44.206.14.3:443 account-public-service-prod03.ol.epicgames.com tcp
US 8.8.8.8:53 launcher-public-service-prod06.ol.epicgames.com udp
FR 18.245.199.47:443 launcher-public-service-prod06.ol.epicgames.com tcp
US 8.8.8.8:53 47.199.245.18.in-addr.arpa udp
US 104.18.21.94:443 www.epicgames.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google udp
FR 13.32.145.85:443 static-assets-prod.unrealengine.com tcp
FR 13.32.145.85:443 static-assets-prod.unrealengine.com tcp
US 44.199.142.199:443 tracking.epicgames.com tcp
US 8.8.8.8:53 199.142.199.44.in-addr.arpa udp
US 35.186.247.156:443 tcp
US 8.8.8.8:53 156.247.186.35.in-addr.arpa udp
FR 13.32.145.85:443 static-assets-prod.unrealengine.com tcp
US 104.18.23.33:443 tcp
US 8.8.8.8:53 33.23.18.104.in-addr.arpa udp
US 35.186.247.156:443 udp
US 104.18.22.33:443 tcp
US 104.19.230.21:443 tcp
US 8.8.8.8:53 33.22.18.104.in-addr.arpa udp
US 8.8.8.8:53 21.230.19.104.in-addr.arpa udp
US 8.8.8.8:53 www.epicgames.com udp
US 104.18.20.94:443 www.epicgames.com tcp
US 104.18.20.94:443 www.epicgames.com tcp
US 8.8.8.8:53 94.20.18.104.in-addr.arpa udp
US 104.18.20.94:443 www.epicgames.com udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
FR 13.32.145.23:443 static-assets-prod.unrealengine.com tcp
FR 13.32.145.23:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 tracking.epicgames.com udp
US 54.204.162.195:443 tracking.epicgames.com tcp
US 8.8.8.8:53 23.145.32.13.in-addr.arpa udp
US 8.8.8.8:53 sentry.io udp
US 35.186.247.156:443 sentry.io tcp
US 35.186.247.156:443 sentry.io udp
US 8.8.8.8:53 datarouter.ol.epicgames.com udp
US 44.194.130.20:443 datarouter.ol.epicgames.com tcp
US 8.8.8.8:53 20.130.194.44.in-addr.arpa udp
US 35.186.247.156:443 sentry.io udp
US 8.8.8.8:53 account-public-service-prod03.ol.epicgames.com udp
US 52.22.202.160:443 account-public-service-prod03.ol.epicgames.com tcp
US 8.8.8.8:53 160.202.22.52.in-addr.arpa udp
GB 95.101.143.219:443 www.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 88.221.135.27:443 th.bing.com udp
GB 88.221.135.27:443 th.bing.com udp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 store.steampowered.com udp
GB 95.100.245.51:443 store.steampowered.com tcp
GB 95.100.245.51:443 store.steampowered.com tcp
US 8.8.8.8:53 51.245.100.95.in-addr.arpa udp
US 8.8.8.8:53 store.fastly.steamstatic.com udp
US 151.101.195.52:443 store.fastly.steamstatic.com tcp
US 151.101.195.52:443 store.fastly.steamstatic.com tcp
US 151.101.195.52:443 store.fastly.steamstatic.com tcp
US 151.101.195.52:443 store.fastly.steamstatic.com tcp
US 151.101.195.52:443 store.fastly.steamstatic.com tcp
US 151.101.195.52:443 store.fastly.steamstatic.com tcp
US 8.8.8.8:53 cdn.fastly.steamstatic.com udp
US 151.101.195.52:443 cdn.fastly.steamstatic.com tcp
US 8.8.8.8:53 shared.fastly.steamstatic.com udp
US 151.101.195.52:443 shared.fastly.steamstatic.com tcp
US 151.101.195.52:443 shared.fastly.steamstatic.com tcp
US 151.101.67.52:443 shared.fastly.steamstatic.com tcp
US 151.101.67.52:443 shared.fastly.steamstatic.com tcp
US 151.101.67.52:443 shared.fastly.steamstatic.com tcp
US 151.101.67.52:443 shared.fastly.steamstatic.com tcp
US 151.101.67.52:443 shared.fastly.steamstatic.com tcp
US 151.101.67.52:443 shared.fastly.steamstatic.com tcp
US 8.8.8.8:53 52.195.101.151.in-addr.arpa udp
US 8.8.8.8:53 52.67.101.151.in-addr.arpa udp
GB 95.100.245.51:443 store.steampowered.com tcp
GB 95.100.245.51:443 store.steampowered.com tcp
US 8.8.8.8:53 cdn.steamstatic.com udp
US 151.101.131.52:443 cdn.steamstatic.com tcp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 88.221.135.115:80 r11.o.lencr.org tcp
US 8.8.8.8:53 52.131.101.151.in-addr.arpa udp
US 8.8.8.8:53 168.245.100.95.in-addr.arpa udp
US 151.101.131.52:443 cdn.steamstatic.com tcp
US 151.101.131.52:443 cdn.steamstatic.com tcp
US 8.8.8.8:53 115.135.221.88.in-addr.arpa udp
GB 88.221.135.27:443 www.bing.com udp
GB 88.221.135.27:443 www.bing.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 7de1bbdc1f9cf1a58ae1de4951ce8cb9
SHA1 010da169e15457c25bd80ef02d76a940c1210301
SHA256 6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e
SHA512 e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

\??\pipe\LOCAL\crashpad_556_BYYXXAZSSOVJBJAL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 85ba073d7015b6ce7da19235a275f6da
SHA1 a23c8c2125e45a0788bac14423ae1f3eab92cf00
SHA256 5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617
SHA512 eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8d6642dde2ed1633549d71ea40a66b4c
SHA1 7faf437ac7b00d6ea1ad3f12de43c23698406aa7
SHA256 34c36c83a6916183d6af5a0aa6a13acf9582a94ba081dbf01e651ee474cccb7e
SHA512 121d0cdeaf4cd546507febbce0deb749fa813463bb2386a65947abc8b56b3bbec77e86c656f20d4c22e57360eaf7eb172a6235a3a92d41338161662be62ad2ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b6ba134df48666b4c2d6cf9ee27b2a7a
SHA1 cc497a1fbaac8c5602a985ac0eac13055f8ebae3
SHA256 b92a7e296265c5cda0dfaaf90885a805e8db24fd5c431346e68b53f74135bcfc
SHA512 9e5c3d1362b093082a3b57a4260c3863d44da6b3eaec6735f3ca5f00e7440887886d0c6606fc5f54cfe5651ea2eec498617904fa5fd95c9dbd671501da685c3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7c24d97f8cb6781c951b06826ceb8617
SHA1 b8127e377c957bd415749dc3e74419ac589cd1f0
SHA256 4a644d037f4e6afffffbdd73f3592366b8e5790004a53c94c09b960231e3791f
SHA512 31882ed970070aa0e4455bc02e2c3092e133f205614b335d01a9e6acda502a3f75ea45f4a7c36a0eb357a3fb4508b66836033216da861eca98de9776a690bbb4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2f728dc11a5ea9c8fd4394f5b9be1a63
SHA1 05a71e439fa33a4e1b7fa9e7070f92a4c7f21c80
SHA256 119edbfc4c2e93f17c254bd42af4157d82b46d89696192a23e84213ed722e87f
SHA512 69be1a64e3a5582d91439ad3e85199e1bcf2f16b8207d99a5da440c5e71206fc2ee65d2247ab6df78b128b1fa5f661b31305aa44ce4825812ab0617fd8c8cc39

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d031.TMP

MD5 a547d8f04b5d60d3684be7acc33fb6cf
SHA1 38fdcd787a73f0f1562ecb63c77ae288edab7949
SHA256 62fbc73f8f316c0642621ee47eea01018528eada136ace4594d8b79d63c7f13e
SHA512 020a338afac3e2df3e57ace6c7983741f6c07c875c18e135fea6c8021f9041dab62d5057cf29067a509b032337afd5d8df0cbc31397b9734d07b4efd47d3b3b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 56d57bc655526551f217536f19195495
SHA1 28b430886d1220855a805d78dc5d6414aeee6995
SHA256 f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA512 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b4b011eb8f06b37b6c34cb7c98870293
SHA1 6310ebc1947e25b2c2b7da5d50d5cd9a27149da1
SHA256 252f4bcdf9f835ab465f82150c253cf8b8be4bbfd54a6a95f891d0f588074620
SHA512 70a709d2f1b2463fc02c7a17b60cf7aec41a60ff379d0c1ed1a70fda1b9771ecc1a9e85f351b673cc86d78300fd28fbf6c453df5bbe0cfa45d8626efe4ff5a02

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bcd6e7dc18ddbd8bcd701bf48b72cd2d
SHA1 541b03b5979430f0fa930073ec3423f8cd411276
SHA256 70ed9a517758ad1e59c1431a2fa0f82655d5d7c116ee94a6e8bf68b1ce9d76ca
SHA512 18531843f0725f59c51c19104bd3011470d9970e1102ba5894bbc3f0d009e42f5a38be1d3279f740db2adba582e7d7422c8aab0bfff97a3fae9dc82b38384fcf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 74774bbcd3cfe3c756a983e52d63e22e
SHA1 89eddb5a4c177c91ee55ef038bc5f219af18cedc
SHA256 cc27319584a0ca418e61924dacd0c4abd73233892f6d2a284ed051cc916ecb39
SHA512 cfe4a41b777140afe7a2ce5925dacc91cbb2dce15d55e60c771fdf415c6a63f1a878822d5685f62f8465d0398cb22751e91b75d75813d8d671716425d8c020d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 254f83101cca62c5964a7707d3f12306
SHA1 400162bf8a9ed03509d346190c6ca2596bdbd2b5
SHA256 314e065c974528d16debad4ba9b6d3bf60fc223cf9ae332e43d63ed65a426fee
SHA512 353b7915c6a6ac8e03c1757f787e877c36871ef893f07da570314ad49b48af3f42b9563e4dc32c07527f4ac02348012c20c240d69080a919fe1312c97c80aaed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5ee04a52ed8f6b8cf8736a5b719ad4bc
SHA1 55932ac0999f4932883137220f8f23dba6f5a59a
SHA256 a4c473d07440ecbd75d1334a3a4adedaf36be413c6469edfe34bce9dda8657cc
SHA512 83dd45993d64dd1cf6ac911a1572560c9f1e44bbf32f46d03a4dd5291e7a1f0fce1a82cd11de1324930fcaa403679357f5553d9a842082e62974229f6fd6ddc9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e9da3a49a94ea7ce1d24bbf486ba1eb0
SHA1 619ab7612a9fb8a42888191d5f63db4f6f60677b
SHA256 e0283fc8b89ffb1e8155010135a9ccb89501b1ec24bc1be520facf2935e0cad2
SHA512 e7c7f991e8d4a4ef7ec849a73256517bb65d20b07eab9e0774fa2c0463bf58f80f301c1800cbcf3716481773534021faeb45186b02fe00ca20732cf27520b132

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 b32ab4b7c7fc663407ac4985b7f32de7
SHA1 b7dc3f7f3ea32bdfc97c073ef535c1198e4431fb
SHA256 d365022c381ce7e6bc7e1f9fa7f8f82c99c4aecdece02600f08db7b516989109
SHA512 c8fffa35c13b5110cf6f6dc2348aca8510bc804d02685b4d8a51c3749c82bcb1db589302e8c4b10a16539219fcc070b7fa53c9a3bc0b9ffb32ce94ab68ae2d1e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000046

MD5 47abd68080eee0ea1b95ae31968a3069
SHA1 ffbdf4b2224b92bd78779a7c5ac366ccb007c14d
SHA256 b5fc4fd50e4ba69f0c8c8e5c402813c107c605cab659960ac31b3c8356c4e0ec
SHA512 c9dfabffe582b29e810db8866f8997af1bd3339fa30e79575377bde970fcad3e3b6e9036b3a88d0c5f4fa3545eea8904d9faabf00142d5775ea5508adcd4dc0a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d73050ebd2a620567b97dcd15e51b27e
SHA1 87f513f8af9b1e14d83691e5bbac09d1e6f38588
SHA256 65e6a7456e6df5158520bf2782566e5fce221cda406f510b9e2ff9be5a54248f
SHA512 b460d2ee1a3641fd5e625198d0cf26d2379b9fdf33367ffeff430e1852a5606123641aefd825ad59312d0cae758016fbd6d35cd286de42961f8cc81e152b7eb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 545aa7567ded4e289418acd146f35bf8
SHA1 efb4288b828de3d82c9b05541b58dc228ebc5802
SHA256 d5dd9f72fea1a04643846d7b1c71ee2d9966ced49b76bd56f92ec4e0e6593713
SHA512 dabde3166b46bc10b5c35045448a734c2df3608d62e33d2b55989cb26e24ebf2b9e1e015cfacee3f7487b7c712018c45f301a7d1b75a8dc2e20770a29e0c1940

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0da6522c9c805c8f2cb613e347942427
SHA1 1100417c42d4dfce44c7debaf4c47c822065f3f6
SHA256 a82dd0fe2dd202cbbc56f1a120fdc856ea9a809f815f746011601df9278494e5
SHA512 a46a5259f7853bc0108479de530c7b48430b4de4949edcbada53b5a643d1e8aff9dbf6c0ac549412572fb68c31ced4ac29ca560b8b27f19586d95f0790258c25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5ad54ba0b57eeae2e3de06c3695b9ace
SHA1 9296ee66a93cbaf7ef93a911900693b9035c4c92
SHA256 6086746252c5fd935c813a86f82b9a78366e3ebcab28c9cea4ed3edb96c4a476
SHA512 8841d78b6adcc420f2df8882ea8c5bb9db9360f84e4ad57e3eb6c697c54ee666ec2a0b3221d2fed6881e9634a5d8b66afb094a5f4f6fc6f65def239ed93beec0

C:\Users\Admin\Downloads\Unconfirmed 3257.crdownload

MD5 70f549ae7fafc425a4c5447293f04fdb
SHA1 af4b0ed0e0212aced62d40b24ad6861dbfd67b61
SHA256 96425ae53a5517b9f47e30f6b41fdc883831039e1faba02fe28b2d5f3efcdc29
SHA512 3f83e9e6d5bc080fb5c797617078aff9bc66efcd2ffac091a97255911c64995a2d83b5e93296f7a57ff3713d92952b30a06fc38cd574c5fe58f008593040b7f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4a38ff34ea0aa5eefe330c8a4ef2f7ff
SHA1 380bc1b4c0d9d901f9a7ad598cd6a8842485f0fe
SHA256 e9f5eee0e9f889f6337c9b3b3ac0e8c2b3fd6add210d4892e204f03895d97c4d
SHA512 0087126298a1f51b69665f9035bad858cba5889ca44101723da0c192c09782dd97597730475b81afb51c9723dc22bfa263040d85ceac7b3df3a85f2115f89e5e

\??\c:\windows\jk.bat

MD5 a725af7c07b52549023be73328e55809
SHA1 c9d8072aaac80f6cf1edfaeaba6c934196631c81
SHA256 e009a52eeb2138531c799905010f7677b0fdd4190abe4ac0a25e0e15eb30d865
SHA512 d4cd904da5c6a5c6112d212b218abc76429da0e4d6382f4fbd9ca51a976eedef26e202607ff6041c4de7e9db783f62e5a24ee560fed068945aef69fa5491a3ce

\??\c:\windows\mail.vbs

MD5 2bf48d55d17079dd33de99838153eda9
SHA1 b951ae2acb83dcfc461f855b3463017337b1e05d
SHA256 3f004c51db413eb4a074aea1edf8d0151e506d0a9115461f3262cce0b9aacbd4
SHA512 3d20b536803c4c606077d7dd904ec3e13e73d642741b117b0935031d651cfcec4a63909eaf08f5c854dce254ee23ecc6ab93d91130fcd0dfa6da2f61c0463279

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3122cd2e2005e4ceb8cb710ff7b559e5
SHA1 9acad1a36c339105f77489cf359d0d143f83a5fe
SHA256 92cf1fa188ccab9eebd9bd5f33a49582b6d40b84415f703cb703a76584334dde
SHA512 a127e4b74145f006295e96deadc726a6f62829062ef9494f8d508bb67c294d3beda73fc310e682feebd743aa7b80559f0ca6f96300b82c068d42056129ef666d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 690cf1494c92a22c38f59d295a353c43
SHA1 45b8c9ce8b97a1b4cc7146febf85962385dff7ef
SHA256 72a20ff53fba1f75427747081ece512ec26341cd6078c385177609019f07f207
SHA512 f2235417b09ac16a5dae722c0478945bc97597f388595c5dbcd7f5b29fe2b8d8ab2238f77c7ac47adf82416d495dd1c3374c3ad26be63461715b36c8ee5244b6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 acc1ed880c53a386158a6d0469647a9e
SHA1 8b2873cce0a94d07005808a483b2126434b70411
SHA256 c465185d059363424d7cf32197765e3ebe141d1d8778a02d285e0989de2a7cb8
SHA512 7cd7fb0ebd84c8fa5bcf63c87789bb2a9ae64e80f854ca72351b67e8f1d239b20fcf4d62209f84640402b1214cd81230d796e912be61d6bc2ac6c26cd6572fd3

C:\Users\Admin\Downloads\Unconfirmed 225996.crdownload:SmartScreen

MD5 4047530ecbc0170039e76fe1657bdb01
SHA1 32db7d5e662ebccdd1d71de285f907e3a1c68ac5
SHA256 82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750
SHA512 8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2479c4ffaf9d7472ca0afa4d6529a4c1
SHA1 26eaeefc93997acca3f4b6d30034b43312e62b7e
SHA256 aed811e8bb43a7297317d29f465135bca11ce2c999f7c82aef4a7a17b3bcc19f
SHA512 94d61f70ef956ca231941368acf9508fce58e8b637eecb19dd81d77be64cdc770f2207dc84b001f07bb4ab86d201270ebf44e436edc36b828d10ca80f7032194

C:\Users\Admin\Downloads\Unconfirmed 846984.crdownload

MD5 48d8f7bbb500af66baa765279ce58045
SHA1 2cdb5fdeee4e9c7bd2e5f744150521963487eb71
SHA256 db0d72bc7d10209f7fa354ec100d57abbb9fe2e57ce72789f5f88257c5d3ebd1
SHA512 aef8aa8e0d16aab35b5cc19487e53583691e4471064bc556a2ee13e94a0546b54a33995739f0fa3c4de6ff4c6abf02014aef3efb0d93ca6847bad2220c3302bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d8d3a3283e7bca5b595f2d161bfc4fdf
SHA1 5364c1c8dbd89b176dc3b8d7b8f15438e92b3ab0
SHA256 cc81479530decf67e8f29c1493614e2470f3800e1828088d9924b871e3537f26
SHA512 2898308133dda0b58436015437e52ad7a589dc48f04f86d65accb7305a92d2bd8b83528d64e3ef03b5310f2ca564da875e3cf0d14e4cd5c84cdd529fa2fc45fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 b406444bc502f748e60cf8ece4623106
SHA1 6f9e62c963df9bd69364caeeb5578b73cac1ba5f
SHA256 183bf74e4a649713a3fc24242f53957ac828e0d6acec2ed6632152ac9dd5bedf
SHA512 6de0556b4c614b6067a3de5ded4d93b1bc9df729d6197a030e61347098ae7848e8c14dcfd7644d6d863216f4493500afbb18355cacac3b126dd7d9264c012657

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7e7a44c09e38de553970d8086d28e858
SHA1 3f92784a6266359c4cb49a2820fbb3dcf53a7284
SHA256 122b01faf7668cf5d012837b13c30503ec02fb7a0e12610a7fbd7d5f5fa38a87
SHA512 dfa4a3cbe460ec09284e5777fc5c5ad8349feaa0d0cd2715a6578eaced03ca4d285b6e1b46f135b64b0b34237e0c1afb7edc5ec6a8a419f8f07521421f6248f5

C:\Users\Admin\DOWNLO~1\DANABO~1.DLL

MD5 7e76f7a5c55a5bc5f5e2d7a9e886782b
SHA1 fc500153dba682e53776bef53123086f00c0e041
SHA256 abd75572f897cdda88cec22922d15b509ee8c840fa5894b0aecbef6de23908a3
SHA512 0318e0040f4dbf954f27fb10a69bce2248e785a31d855615a1eaf303a772ad51d47906a113605d7bfd3c2b2265bf83c61538f78b071f85ee3c4948f5cde3fb24

memory/1056-968-0x00000000023C0000-0x000000000262B000-memory.dmp

memory/2216-970-0x0000000000400000-0x0000000000AAD000-memory.dmp

memory/2880-971-0x0000000000400000-0x000000000066B000-memory.dmp

memory/2880-998-0x0000000000400000-0x000000000066B000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 90b0fea275b1ba7762bc157feb76cb97
SHA1 a1ba8cee5fac3335677028a9c6fc029c51e68c59
SHA256 1f5e14e7dc26ef8e1a85961f816a136b74fe04f3d7296e63f4361773bee99f82
SHA512 fc766710671d3604ef8c6ab7bca80b96561e8780d3a005f50e5635d57f29f1d60759a82dd00fb6f436d844d8a3fb079af0a288ce9b73de32704b9f70f9d6aa34

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ebacf03d95c88626e865b47f6c6c2427
SHA1 45b442f7fc5e990de6a67b89ad72fce35611c1eb
SHA256 8e2435b6e40ffeac0d2ef785769346369a4a5c82b68c74f39828ed2a2d9da549
SHA512 2c66f1286ce964a69b6f290a05456056256db06f1a82d0b7d54c47727e475aab8662e737bdef413ce118c9362a4777027a8b1d4e5cdd1bd66a0cebe4b9f55ed6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fbcafaea6df59380f380b6265c882aa8
SHA1 ffa23880220cd624ada5234a79c9b03fa7dab0f1
SHA256 a2f86435f507589e10e839d9fc999b83d86cddcdaf3b152c765e8b07c203318a
SHA512 cdd9a00c2231ffbc93b2a17690180270f13900cf86aac4404857deb6d340ca5d417b99730ecc19df597df53c8a40c94b5bcee68d912fac351422e3354b4299f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 0fb8a4748cd742c213140e6378c55b80
SHA1 d4b85daf9345e7fbe9a86db4506375a5b9fcd2c1
SHA256 3287759e5243bac8251f641f6c99ef3eee1007cba5590593137b799211bad9be
SHA512 8a7729d026f7d4de9186c950519709944f1211308cd94962c4e82e060fb16d82b6f2748ad10728fe938f659d9923275c4d159a9ea3f81e2b2751833117c1155b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 3abc0a45a5ec16b33aad1dfb00d5b840
SHA1 c13725f8ad82facd8fbd4f50eaf4f1b3b369b97f
SHA256 8f8a453154c1558ef9d0d3bff11430a5f49e0ade64a60cda6bf29e281cba9645
SHA512 f35651f365e4c0543f9b1b47fa0c1d41248b035731c740b40bc0d8142668ed43427583832695263a3d1f45ffc22d3467eeffb3c2feca3b7ca1cd125ca969fce7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 8130c7e409057239837ce2b2eaf645f6
SHA1 d602ac37c0322ac6e05e314feb8ed97018e7f1bc
SHA256 66fda2172b0b0b4c375ac774bc516e25559ce728931972926e560252b6cef56b
SHA512 74b789ed8c35d3222744b59ee06de450748a20a06d935c89395118e0aa2db5a44b6048d939e8adadb265ca9b00caf1a02ad337e756a7de6446c5d594aa74d968

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Platform Notifications\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f763de25-f597-482c-881d-f6a580096eb8\index-dir\the-real-index

MD5 5021cb9bf64f9d9a65d75c0df6da2ad8
SHA1 50074897460afd345d0b80830fc2ac6c6984d3a7
SHA256 7fc5dee434f2bed935e9c708be644888fe7051f2df77b46a455bcf02fa7d51a0
SHA512 e7afd26bbfbc8510a993ad8eba156b45bf57902c074d67f605c9ea4214750123494e1348a0f47816c7f6cddfa47cf0d77806bfd51785169ae16d4ba90c08edc2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f763de25-f597-482c-881d-f6a580096eb8\index-dir\the-real-index~RFe5e7bc5.TMP

MD5 ea315aaaf6e4ee731f23a8fb7f2bfa0c
SHA1 c22db5f4e034bad635e136e1af9747501075b7a9
SHA256 8317009f476e5ad04bfb34beff934f93dce54795037efebd1cb47b95c025dbf0
SHA512 cee5eb6229b3c5a473867b312cf8ed6f36834cb0617bc5903f3d5fcfb2898225a3f0750fb4fc429d0ee6d497510884072d388c8f206243f38194102bb62be504

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 35dffc138a8298e7d602d5e002a06e9b
SHA1 2cfc3e1e262bb04842521d34152b05278d3eb999
SHA256 78c9dcd3b87403ae5ff587dcf0e813a91762db335ac2206e66a12a2d80420a4a
SHA512 30dbb5e61c697ceeaf0fc0b8d84f42b7d9052bcf5639c1fbbdd9d60d86f9fbc8d6e58d08d5772b18b4ccef41b61e87a6588b25d677a5fe53cd03a1cc237cf3a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\da10eb92-089a-4243-82ab-4c53fedcfa9e\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 acc649111a161e5feb2f13761df1e54e
SHA1 1a59adf6f0e8a7533b618e35e271575871d61422
SHA256 cb35d7240becf4ffbd001674e4fd0ba642b0eda59adf1e3b27c37bee97481def
SHA512 f3df2b5907e365d1ad121b0f367a58c6b010ee6e9de671d7a434cfbd8defb7d6868fd0e6ef8d9118abe6b21c6522b1d24e784a8a5ef2d8b2d877a4fc73150919

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 3129b9c64814e2105aa73f62e2f88c3b
SHA1 b2335c92e68954114729033420df30fd2898ea26
SHA256 ab8e1b526e0ddc2a699363bfdd7dbea7dead14798ed5448dddfc30c0bab71971
SHA512 31cd70d92bc5ca159e207ee22ee2117e1c1c90c6e9064b2ab901e4014370e1bae823b38f9fcb4ba4d1b3a430ae4d0d6020aa238a5dd74896831cc4d9c92a9b0c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004a

MD5 e21e1c5d267c7141fd3709f6e68e4f7c
SHA1 63dc49f8a0bc7eda46588972558b118898a11b98
SHA256 5c073779daba3739f20b07242784b76320dd3c5488d6066fc507dc8af2debb18
SHA512 0835289b4f527d9603cc1c1fc549bd87df3e276f3374aecdb16dcaeb39461dbd09e18526e9ae5c5885258589b45ab6c570c018b910d3e2481d981657eedbc449

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000053

MD5 e6711cd1ce70c3553a2284e7f9373476
SHA1 32c0025a5f9f25b4164c4c07437cc2d3010e90a6
SHA256 c22466a65869d5b1136ade87af53c9f077143cc3686205c40b9d62197b8d1064
SHA512 a82438b69837224434d9e0a66ff41a33a9fa60acc1fe23d275127436d4d939748fe4b7a75f7529d88cba36ad3160ad6a072c90fdc0f0e5edf20d3995ff66804f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5c27ffd09319b280e5288ebf24053562
SHA1 2ed6b2a85d514aae9db7c91e122e21aa633b8a82
SHA256 8ed43a52f4911389d7c017d179dc17f579cc6543f8785460f9c34085ce86c0f8
SHA512 bfb9e4c94a62bea615b7ea500ac1bc8756085b780d0dd82236e00395120653e75108727538b34e21121589186f244231127104fc1b998e8384a0d43a8593b73a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 38cc22c8124d8175e027cdcd332d6441
SHA1 93ce7064abc68939e3cf3bd5055de3f9a061c158
SHA256 8b5b2136b10c8ce85059bbbaae23383b826d43fefa2408260091e9c3ec7b5b10
SHA512 e8268525d154a01a4256c3e0eeaf93c5e97fae5974b8b401f1d7ce5c6233635d3b01ade46793651753077365cca9728b82c0ba6eade5c2c77e794be359a7d691

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000054

MD5 eed96deb881ae2b11127253153331f4b
SHA1 f5a350024e2f3e2755b452f2a218ecebe10b05cc
SHA256 cede6026733388e8934c9e149b36a7cc97428e8ad137a05860d8704dabacadaf
SHA512 934b89cf82d36733bfafda721498971117a8b21cba7774f05d88b4f74fd336d6c7213dabe1a0ab31f5572985cac9b63354ad4158772281533ed3d56aa31d0a27

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000052

MD5 baa9f9df378773cb28884dedeb3808f6
SHA1 9a43932d23ff5a9d449c6e85f6bc28f2fc221c64
SHA256 515270605d5a6ebee61b69bde18c4fa049479d99578524b17049cad5b481559d
SHA512 62ba4994b070564955b5df3775de2216f17ae2deeaa9441fe9c2cacca9c04b8f4b9690ce84ad6e4d4ae4bd794a8686773b0d9361dfcb38c9beef1cffbbc2b6e6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000055

MD5 b2229d4466ee263a188530ba16cd7af1
SHA1 9059266f5a47c5ddc2a792131b9b60908dba12db
SHA256 17b766b8e77333366da8c1331052ce026b1555b24c7f8404333420e97fd6224d
SHA512 1038d1c865f0aaca95381491f54eb83e4e61ccda9534de9e9de4081df3761ed6257d88f72a1054d2f2f4c2d570e3e2f14a73925b2867679749fe47d8762feb2e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 468e1fe69821177e2ee983af66e6123a
SHA1 81544cccd5a94904d75ed785740ac9d720f39d37
SHA256 9716f647b9aca5f2a8ee2d8998b9d06b7236a6c5081b957cc18df0cad5b0518c
SHA512 b8ea9d6d64bd8cf696bc684defc4710a81dd7ab95c93562ee1e7f8ae6d1de042b7cf70042af45cfdb8af7e98f788891a10348916118ca127ff759319f5e94ff7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c7ee5a250d08ca31476c81598e1f544f
SHA1 d67cae774bbe6676eceb8798ee900dbadbfd5445
SHA256 a9768e910f1e550c2b5e1ebfb4953df24be82f456d5b5caea7fcf15e4e4e98f4
SHA512 2cbe6c06ca47b5c6e2ea992fd708c92983d6ededeb9eda80bc8266c865d0f25ec31c98a8628621fd49ed6505f75209ca8915c21d07379463d3c4f935b75b469e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f6547dc778e99e734aa8fbedb7dbe2a3
SHA1 add782e3266b39059f0e02c379722001c3c76dad
SHA256 63c937ed5e45b931500a9a0edb3191e11d7b220f49fdfbfd53a5005623568b74
SHA512 4c1872205c3c1ba0e9ed2959060a6ca50804f37feaa43ed8220748f67386ee4f76be3b5f157febe40b6fcb10b9fdfc50a9a4160aa81204ecfcb3fa439f0f93df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 ed9fd94aa5aae88b777d89e9c5c60c38
SHA1 cce1502db2480d0f4a0e6c6f15ae35e284f90ca0
SHA256 4410c5c1e8f043a3aa877d86107aaf671fc4f69850776e1c916eeaeb524b631d
SHA512 33d4f7bdc1c7b8fc07a49072dfa225f6ce162707dbdc63c52c5086ab7c7b2c19f1aa7de24a078e1edb340656d3d8db06848c3cc683ec17635ae0326fc57b95ba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5ecf25.TMP

MD5 0b082fc2ae4b18e4fc011d7ce975b59b
SHA1 a574a4f57a00d3415eb6502607d11b3919e0de27
SHA256 c4c6bade5826489fb79dc4d80acdd46db8777e7af237c15d2cf0a65f7557673f
SHA512 2f0f0e1edcc5ca1e83e8dd8c5554127b9b9eeddf59712c37d65f99cf415da4d576f8fff66b6824acfb3517b4752771baaaa5ba728f01cee3ef1a5c5ed5842133

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 98488de3fe6056cca70cd9bc8153f975
SHA1 0407b995312a8b087fc02557cef0c3d560194caf
SHA256 98b71fd28d4274347929e56e2432dbcad4526de950fe413e5dc80b9503176a31
SHA512 3e415aaae619fc08031bf885ff1820959137d6fabf69832669f4bc26b4a0c0412637691bf3540aeaa977d8b446a7653dedf2ef8b1c71cc8e7330bc1793c71540

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\4e29ea52-bd21-4be1-964c-0ad4ca9cf003\index-dir\the-real-index~RFe5ed8ab.TMP

MD5 cfbe32564d595c1459d0882e4c4b37d3
SHA1 148aa7394457b70c3147073a8ad02ff3798858bb
SHA256 89cbe93d45491db438d61d4d857ae3df0e5797c626837eb3db3bcd079976385b
SHA512 745d828f7fb03836b4e853e7aee5e17b62e150ef03649eecb653486a299db09894eecc18348644f241699f93583c9bd20b75053a034866fbf1f6606482167e6e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\4e29ea52-bd21-4be1-964c-0ad4ca9cf003\index-dir\the-real-index

MD5 13d24849830fd89364870de87c0aea54
SHA1 90c310f4aa07cb9777a24d32754b5623fb11064f
SHA256 e5b642edd1062773557fbb3497d7dd30ecbc1ac62fbd5f5a45be53af50c952f2
SHA512 c79e28bdbc366b94e4dd5d74c4e16b95a81c2fb7df518f2ba6b91fd5cbf4900a48a3039ec403ef7d4002de774f6790083f4550aa77b32a17691c1271f51874eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 f30e8fc77c00a0a2b7ca18b541fccae2
SHA1 a76296543936a2115ed774de2a88178e5cef936c
SHA256 8ea08a50442056139df2ead676f1ec8c3caed19d4921e1e79a561a3c73a45f9d
SHA512 827f626a836948c2efd0c31b9cc87ac48dbbbecf553f9282e86976d84e61d7061f9eaf2e6a2a9fd89f5a5fe2a57ac05b1c72b4113be8e814a02a31dbce595a06

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 df0629cc135a4f2dbbae96a780b7836c
SHA1 e3d351fec6608df72525e91d909579d0cac6b471
SHA256 5f5e6ffbda75c7737b70076087726d16976b0b43f020e6d7f07f9a4ba3182c15
SHA512 d7c30d5b5abaca66fdeca955832a8e5b218d93f0efd463d3457bde0bc7db83c4556f83811210ee74b9824b91fa597186aceba182f1e4c20b374a43101bb7e15d

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\4e29ea52-bd21-4be1-964c-0ad4ca9cf003\655ef16afe9cd2cd_0

MD5 eaedd5592f749290ce6da03b89173390
SHA1 61ac1b2072bcc94d64d03474ff6160ceb7e9c526
SHA256 655a536e52735e376a4a91f862d5924569bd51fded1f78610534b4dd4466db82
SHA512 e26552f4e56df86062787d8e628643cb860af599262d5081406de37bf1c3af5b1271ffaf80031b4001ef971ff0ba1e66b0cf500c7c8bac0a93108599290d6972

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 078fc10a076701c3fe277ff2ee6e025c
SHA1 79cd26effa6839bd0327f601d4b0a7019c5e1709
SHA256 d7fcc8679ae7d75f923ed40708e093e027e4be2559fd98a9ccffc4f99b641e02
SHA512 05faa88632651aee88ea83f792f1512f9f1a3a0a6b24f23654d29031c5436aea989de6a175b169f56f8561eeaaec172f0b5ee46851cbc04fe959eba6b9113c88

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f763de25-f597-482c-881d-f6a580096eb8\index-dir\the-real-index

MD5 58e44041dd477edc346efaf0d67df99c
SHA1 3c377c4cbc69f8cbab596209e6c78b0a3083ade6
SHA256 bcfda8864557c05aa0b41f27d8048b031a88d4f2919a7587c6f2b632f98fb11e
SHA512 88719c1d1b73fafa38fc83950586ef5621c669b55c6ad786b2b0bf254578c29df5e589cb4eded83160a3286e2b59a4d12f26422c511f8b0822cd11177cb40868

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 e41cc1a0db0cf4d89f701bbb1e92d947
SHA1 f045a55572cf589eb137377e5740cd275bd78d94
SHA256 80346307c851e9046127b13b1cbc6ad41df64e068e01ba80990e79c006544cf0
SHA512 7b743f1ad0af2acf794c9c0446a6554023a820a867117dcc00f27ddbab6c23e8c2c39db43dc9e0bb3bafff224055f6cea1fa3146df05f176b64645f62b04bb31

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 f3d7ae40eab26ecac9d554c6275967fd
SHA1 bfc5d1b2221112b921ad5bcb1aaec4d94c3891c5
SHA256 cc5340e35b0072f49a4b957f9eb52dfe16338ebfcb181cdb2be2995bace8d5df
SHA512 fdb0aa320930942243c729e2edaadfd47056f4be0b36b24d30bafaaf94f642b3ce5cc817a7aeab95eaa6e054a7a61328706c58844ad555c27cec5975a960f6ae

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 d02abe774607e4c98c4ef3fb9194e101
SHA1 8ad58edd44ec25976f57c44f04fc37e9d9375bfc
SHA256 419e186c8ecffa8853bafe00419cafe224887568dbdf4fe3245dd44c4381e069
SHA512 fbd03712c61ed54a646aa79b3c1b1f0eb3bcb9f19aeb8234a646c262665196937fb12b1164ac9591283b335c3321125a0be2e819998badb758fe67ab25267b8c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f763de25-f597-482c-881d-f6a580096eb8\index-dir\the-real-index

MD5 60ee115f05ca38b81443d81af9ad652c
SHA1 44cdedc5847241bd38445d6f2fb8bf99165faa5a
SHA256 bb398a40a4c6c49f4ce99e54a604b633f9749f2868c48b17d19b6700664d23d3
SHA512 cce5df2563c229eb370f7d174c155e7c53c489d216b91ebf6717c3794169f3928291539c3a8f417fd1ca7d261bd5fa64f95e3052e270e9065b41650bb6ea517c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 df001f4d8c53474fc83c1e490562a355
SHA1 c61a4d23f2929e168c54d7ceebb53a35a68f0c15
SHA256 f10548a20ac900b625695b3d7e8ddc73e75988a24b7803f54ed0a8956c998429
SHA512 54a002bd7a719b6dcc9e66fc4f67b5c9c9109cd3cd7ef941b824cab6918e691fc6f1fe88f6491b2b63bb87f93882e446ddb27a3945f22d4b66dfe8b7b53f8c83

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 c636c48eb8f78bf9aa9e95ae4d21635f
SHA1 bb523499e48f7c633487c2d311d3a32c8e703d45
SHA256 2aed11aab2f53688f91a60b660e24cf4ad940be22754f8692254141d8a5d7d22
SHA512 d10243b36aa4423c764258209afa3b6a3ca83c9d08be4da5b2a6ee2b8f2ff3a6c62817d1311100531b2ff424588cf6e926e8e8655eb5fb09b278d0c962ccc34e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000051

MD5 dce282cb1d2c1940336e638e0fd96e49
SHA1 dfbfa76dbd6ba75ab77456ec825392320d878397
SHA256 b8119dc8d2135f9201a398149c7bd50f43c1f6cfb6670f77b3f2f61600604996
SHA512 03a81d0f5b5c26cc168ede0d372e66c3ed75a9cc1e1c2e147686b18eac550d63a43b9c05733a2f00b821dd3820754524e932babf74c747c883da3add6968bf50

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 6ced392b421fc93f4f6b271eb4b16152
SHA1 3e98c08f1c256645bef45db8268f430193886486
SHA256 a83d3967518b32eed22043cb07d6c91abd4b0da7638a29c58ea8a7744a6f2522
SHA512 b8682702b8c921a85c41ae815fbad4ec2030cf07c2a30fc5ac9b31b394738214b1a3e25e4a82fd12ab73bf5aa7db6d8c896fa170e14e631a4ad1e0c4757ba047

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b7e643cd9c7e4a3cc3e04f47da6ff76d
SHA1 c68308b570e2bc4f6370bec1d00c1e668c4e5754
SHA256 3ff2f4ea46b97316fbb4ab400c610e37c58db75d5420687909c049b9bae20a2d
SHA512 4f9939ba029139643a31b0591769d9d5eb953d3a774cc3887fe7cef4680ee2d23ae40b686674c86fa9c5794845712a2b5f23dcb962399a57ccdf20db49c09ebd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6ab79eb392d07eaf583be4beaab47729
SHA1 d87912d4fbec1c943cd25574c8d7f2575be3e45d
SHA256 711d6c3547d50f48c1876df98927161cacd9c45c212ea8de7de8b76136ee084a
SHA512 8cf66f5529e6cfc00ab883d53abe6a2081da5c92d0294bcbbf743581f1cc86c82f181441b67d7b136b1524a1dc99ac2b48a72e6bee4f95a93d34fdef4f781416

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 38153f2898d3524e9ad2d032c365054b
SHA1 b0ff76089817c88b65010d116a623c86ca71390a
SHA256 3fe95e720bc99e248cce7f773c9c9ee977e9ec8f4de6384f9942ddb8aaaa07df
SHA512 396271fb17f516eb1a00884d08ebfbb97bfa66303465fa21fb2a703e515b7b1c75aae65694c4d2a77049a00a411cff64f736a697afa30c7686bc63cdcc73ffd2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 002ceca4078df47ef7756b26e4e73069
SHA1 1fe12b9cc2544844e2cfaa71388f6cce47df79b3
SHA256 6e5f3be7dc0de8f7efabf5d2f50db0feb081bd1d9b1d515c38e099124e725276
SHA512 8ffc3534ea2a275387e508b615a0c2f961430fa11ecad5c5d0a2bf378a77c3211a8265ab27da7ae65d5bc1b5c60ec0aff8f10dbaec7a3acc7b6e273f65e2d6d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c19471f994809174f4adf7ff8a1324e9
SHA1 ec2d726d2f2a99235c1b61e2d75203b50f266627
SHA256 1599cc04029df485c7f4bae7988d698209cdd5bf72d394d053b8293d693a3f08
SHA512 5f65b000c6123cb08914fc2f105e87d728d0b93d74c99ac9b7ee8957f9a4e338b33586b9ecbea63fe8133eb9e073bcdb15b1989ab434a043a430e926a1692b31

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f763de25-f597-482c-881d-f6a580096eb8\index-dir\the-real-index

MD5 dbded99cdcfaaf780c772e2d24584486
SHA1 3dc23fc03cdacf77448c93bfc5a759289417570a
SHA256 4b27af8012249f9bc6abc44b0f5816980e9303e9f4d953a52a9906bb6749b702
SHA512 b8eec49c562879bfe8880fd6897b509ff248257ba20538cdf40264e8e07f528ae9ea4b4467171a920fb9dc8f6f8ca94a61b281709f22f4b5ec83afe7ec482dee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c9139219d248df0fd39817d519208ebb
SHA1 808ef001b9c29f7d3788b8ff3a808a07ecef9e5a
SHA256 e2078b3709877796320ad980a42707b716a011330e2dcf55978eb60f7055494a
SHA512 5b07a52ba7967f31fdb97a3b82f3a14d82e3536f1da92c6a5807bed49fc6f3c99d99983f42aa7e28aa9ea9a331d2aeccc77397e58b9a9d6e6f03dbcc7bd1599c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 5e01d8b550b2bf6baec0acf55abf0e78
SHA1 381f2bbf5f6fc3e98fe6331da9267bcb40eb56af
SHA256 71899977f1831977229b15d4a8d576b6194229a0ac9480edf65b082bb8522b0d
SHA512 df61a4381f87ff905c3d90b53e0f5eb06cff3d0031adbd868d6dbf53dc0a29f7f10a144b1d73df24953bdd8304ad2a7e90761f7729667a95aafccbfda262fff4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 8de2487690d1588708619e5d3a69b584
SHA1 9214c6c3b6676cd4c224197e05a27000c127f00d
SHA256 e0cae65e978e08f02f3e3cd74023f79ea5ff1b9ab65bbde5261187ecce999689
SHA512 844f0144dca94dae701e5a5c7878e809c258dc5814d10e1d90ea35d822b38c02e63baa17a7b2b6fde2ad597fc7b30bdb7386a1d08c9349046d702066ce2fe385

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 55b0b2afc92500b232a453d2e9e15f76
SHA1 78a7e3d2ddd4fa9334f55d7a741a0337a56c4c61
SHA256 d9b09e08b768799ac5b3685755aa8e4a0e666af9aa7d5e23726168d7679d44d3
SHA512 ae0d31297597ca4593ed3ff1aa19486abb627ac886da5148e722022944c0d18f4b29feca4e52e788c5b86c5042a0fb476611c155b1dde71ef0c470b65a4686ca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 35ffddf12070ceab79e671cc3da39ec6
SHA1 9b4742c123052fcad82f086abe40602481a0ef9a
SHA256 a8d06522672234cbbb22d12a33cdf5344356a03e22ae22b352a32dbea35b079e
SHA512 34263241a9163eedec64f04960a18b1a71a5248ba50479fd1a92b9e45916fe0a62662ea1a26884a2d454a874445e18e4bbc56a235c70a7f64f3b57039b57e321

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7934d25d87c7dbbf30007b0b48aaec5f
SHA1 15985e3fefaecabfd86a657c2ab5ee1813955b2e
SHA256 ff34c66b653a5521594833132e3c13645a0b7550acfea1d1497349f8b344fb7d
SHA512 47c586221eaf62bfc108af8a45f15cd70811749f18798bc743eb0d24853e8b3fbb82f276945b3ed3442cada3efa2f8c5149711752c8dc47f46ec92d75056b58b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 065abeacab7e69747b09b29e027e7520
SHA1 17d7a5cd2c1846c372f8d9da6451c3abc84260ce
SHA256 3300672a492eba9ee1a0870c3f7c232ce24e7a1532116b12197f1277da39c348
SHA512 30923e36467639dfdf906c0f27f8fee62de1ed5f4b72420680ccb114fb9636232c879a03f31b93adf7261def78cd36841fe18ecc124e910824948c7717dbcf7f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e70cb72528ad8d7bf4c23ba44dace0dd
SHA1 a35806242dabeed545f8eb4552af53ad24c6bbe0
SHA256 2617506a9905d0cf1226f98b6c5bbc2584b690e5c97d132ac24f6a9290d9634e
SHA512 55d24657f041b10822d244325ce35fcea73b3fbfcab5fef5de4419aa9edb12d011a6d2f9cc5aea6b319b1af5c16a02b9185b7ca6eb44d7e43c55304a7574082b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e60030e2e5440743857a39cacd108634434c91f1\index.txt

MD5 539453bf86e70d5a2cdde115a82c524e
SHA1 9dcbdee59325691cdd2381b5ec3ef4e0a360a713
SHA256 173cde273eb2f5d811bc4deb498e1edac2f84068e89aaab0641f12dbec04acc3
SHA512 b1d7da4680d39e8b39697ca262fc275c310c0d75b33e26a7a61ac04d00809e9ec6daa63c51cc713e2507b67445c393f62aa50d4bd7a56a18b2565e6599be7352

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e60030e2e5440743857a39cacd108634434c91f1\index.txt

MD5 8706a2cf397fa9700a96ff1b60a80dc5
SHA1 3aee4eb0423bd431d1985b9cfe2ad8fad89f3021
SHA256 9e45b3308cf76bd3c33d444b71149cdd77a1cd7f489b10137accfeca5cbdcd63
SHA512 2eed4bd61c7bcc691ab0f84660053bc95ed48fb6fef7d520c47d52fa589da10bfa7102aa736e6600805a118453a986e611058bf633f774243fc0c05594791fd5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e60030e2e5440743857a39cacd108634434c91f1\5d3fae91-a43e-4e32-a2bd-072a5744bd02\todelete_ae7882bf77e3b64f_0_1

MD5 e917f79ad879b75115b06f4420f297ef
SHA1 48687557a14176ba3061a9f65d5d059ce675de47
SHA256 3d72e06fe034a2b25b24edd6c5bf9ca53d4eac43e394409f4a7a326a782bdc12
SHA512 8796838cbd27cb628a8586d755db31749d6ce45230aaef970e16bf123a8c13914bc1522a672f6d1c5e75de5815524ffc994eaffbec81e045c99426b2fea12998

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e60030e2e5440743857a39cacd108634434c91f1\5d3fae91-a43e-4e32-a2bd-072a5744bd02\todelete_772b7e88db1811a7_0_1

MD5 d42b2a62a611b0ad0b6d75543ed13886
SHA1 401b3fa2fed1b18263ef8477839a76ca9b03b95a
SHA256 a82f4baa18c057aeaae5c3d195f20c53791739145a384135ffc43aef80ee851a
SHA512 554987ba9f516b463755e5c024cbaf4f18d386de553aeeb4c8e5abd112e7183401fd3b73dc89ed47de25a39f58090fa8a79dc965a4200f891f31e133f8baf6ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e60030e2e5440743857a39cacd108634434c91f1\5d3fae91-a43e-4e32-a2bd-072a5744bd02\todelete_1f7125cebcbc0966_0_1

MD5 0add34a720975c52be2f53d5d7c6c3d0
SHA1 ca21852b496c95e21e81f4d3a15a435e22a96291
SHA256 d30e6f9d7cdff0a150532241a5935de1eb31fa16f57671f258bfd79cb97c4c78
SHA512 4c528a5d41d9acdf104ca21752599663354a31e10aa2cecd8b87fe3ea1be347d7eda1d4357ff023c57866c3742d2292a23175c20d66d8f40b606b7e25272f7cc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e60030e2e5440743857a39cacd108634434c91f1\5d3fae91-a43e-4e32-a2bd-072a5744bd02\todelete_650bb3d3fccf047d_0_1

MD5 2cdd297b8458272aa2178bba230ab875
SHA1 10b2646c20f44b440a91eadf83c18e92f21566be
SHA256 fd024d4f400c2c678fbfabff0df9f11945ccb734ec123c630706fddccd24d6d7
SHA512 d73b1e47c6e40b84670d3ffa7a55bbfd4c9c868152323a3d3781e2d6f164ed15f3d78a83fb2a7abd346b88143bfe38e381281c9b4750e292f1b02fa519fff2d1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 85a3341f96528674066c750c078bbd48
SHA1 d9968eec2b6bbe27bdeaf3d4d7c6655d256b5ec5
SHA256 4ab3603b2a64175c71a796645a6e0dfca80e6ad40601ce5451b34d5d53308287
SHA512 26b4cde7e1e9e994f95416478aa866fb17bfd207ca4614a5bfef5da052a4d54100be422ec16f8e9cf000a6f9fd046c97345f759ac4ff016e799c5a4f8f6d6d55

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1f1181260fd47217a895ae7a5890b70e
SHA1 55534bc580120e8be39eb8f69d366098746f2f54
SHA256 b3ffc98d6ccd3b2b54f8369670adcaddb22b68eaf353a998e2165d30f12aebd5
SHA512 ab994577eaf39b2a25a658f2559fe083a59bb1822cfdfde8553f88fade1f4630e022fb7d72bc3cebee1db46861fa7775445eacf48a767899d3acd95b383fecec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7e4e8f7f2c099a4a4b2ed40971b1fddb
SHA1 86e5516c4ed1d4cd2089d9a672d6715bb8e7bda1
SHA256 7f29f0618ad61b8b2da5b690140a29de98e5b7d2ccddb63c74c897d9f7e7a07f
SHA512 a9d98cb4806db5abd2a48cf1865ba919d8da7e0a191157c0dd36981c1d70f08dfd8798d0702d20cda2f37e6bad5eb92c457b74e87fe5f0fdd11497cc5d8369cd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 753b0ec28611099432eb11975e72388a
SHA1 0f7983c66ec507c091bb7655b9e965449d0b60d2
SHA256 82dde0075e408deef85337ae228eb12d93dbb64811577e4d3973fa5a7b62bc94
SHA512 d7e9224ed5f0907b80584dc03718546515cfc4735908b1c69dfacc0842597891b0a2d27c2eb75ca725a17686f8cd4b405815b050ff195c3cbee952890b33be0c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e60030e2e5440743857a39cacd108634434c91f1\e4d5dbf5-57ed-4ec1-98ed-b1f81649680a\index-dir\the-real-index

MD5 cf98f28c92b46ffabfc14bb021a1bafa
SHA1 548e8a448cf31e53e694f27447074d6d120664c4
SHA256 f84d781edb63fc4236b9744f824d4b5290adaf04d31521db556f43b8c80eafcd
SHA512 f822baf01f1d3b6b1b4cc82da9d9090b2a04b3f10067da6e67d53e43d1b062e884d1deb4046dbf672bb6acb179269c27beb3233e56aae16d64a01836905bd245

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e60030e2e5440743857a39cacd108634434c91f1\e4d5dbf5-57ed-4ec1-98ed-b1f81649680a\index-dir\the-real-index~RFe623841.TMP

MD5 4ec54d7bb21d419224d450964fd50f05
SHA1 32be841cc665c0a61e82d670dcf0cb1a7ca6814c
SHA256 004e9a1982e5656c6e4689a29bac566017cd14b163206975115f5bc6cbe6e52b
SHA512 4a6856a3471eaf63be65e1981ae4c3a4ea84c17336e75f171ec89ffdb10f102ca4a21ea28381dd59124504c545bf2cbc71cd05b209115235b118ef0b67c61dad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e60030e2e5440743857a39cacd108634434c91f1\5d3fae91-a43e-4e32-a2bd-072a5744bd02\index-dir\the-real-index

MD5 95fab0330c01ffcb8d57cd4e6279b322
SHA1 8323fe73a5403e28a6ae422bbb89a937a014718a
SHA256 69eeb4ea81017a5cd504ef88ec22ed8d3be20eab7e2dd8158000ccf51f923531
SHA512 99bc6ab91a97626831f08ed6bd5697f437359485f973c44d9ae8d4f75885cc819c9e840a3d6429b76d945ea4c0b4d4d0614eda0f80903a24128de5a4fe9ec1d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e60030e2e5440743857a39cacd108634434c91f1\5d3fae91-a43e-4e32-a2bd-072a5744bd02\index-dir\the-real-index~RFe623841.TMP

MD5 33fc4765f19bff8f9640d4d282432202
SHA1 025f3b1d1f1f945a1fabfc955c39fcd2389f5a98
SHA256 164cc6f4fa59c16de9c401cd593f34dbb820fb141e2480fdd585dd074f60aa41
SHA512 1d417f45fc41fd030eb8473195e1e3310ba06966e8f648cba3427e9beec47b0cb3933e72217f4be4b5223b36fe86590e17b02a11bcd694da59f26118973fd47d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e60030e2e5440743857a39cacd108634434c91f1\index.txt

MD5 74dcbe78a09959623239e97f0864b190
SHA1 882f45d43667c403c15bc6b751513dc3591e112e
SHA256 17ede0db63ee5bb8c02b4fbb4e68df80f447da5211752e670a73fd59cb52b551
SHA512 680f81200ab14ba1c8425c3e9f290a27a40583708c10ab8c9aae5a178c6b2b5c6ada42fdf15b0921e168adb8688f657baf86c0ab82d2d8b577721769c2e11712

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.epicgames.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

memory/2880-2820-0x0000000000400000-0x000000000066B000-memory.dmp

memory/5056-2847-0x0000000002C30000-0x0000000002C5E000-memory.dmp

memory/5056-2849-0x0000000002C70000-0x0000000002C80000-memory.dmp

C:\Windows\Installer\MSIB03F.tmp

MD5 a3ae5d86ecf38db9427359ea37a5f646
SHA1 eb4cb5ff520717038adadcc5e1ef8f7c24b27a90
SHA256 c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74
SHA512 96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

C:\Windows\Installer\MSIB10C.tmp-\CustomAction.config

MD5 3a35350940b2fa2c5a9c57bdb25aae3f
SHA1 f4d32d9e007478c80c23f7b70245d6401550ce6a
SHA256 361f2f5623b1e11403827ffd625c9edc5d7977d584393d6475fc5e6559c3edb7
SHA512 62756d9247cd6ead152f00d5ff7627e3158e5f0beae00520510830eeb9b1ff5b3a33201bc81240bd31f066198c6b639e3f2cbceb9155c2ce994900ab3a685e8b

C:\Windows\Installer\MSIB10C.tmp-\Microsoft.Deployment.WindowsInstaller.dll

MD5 1a5caea6734fdd07caa514c3f3fb75da
SHA1 f070ac0d91bd337d7952abd1ddf19a737b94510c
SHA256 cf06d4ed4a8baf88c82d6c9ae0efc81c469de6da8788ab35f373b350a4b4cdca
SHA512 a22dd3b7cf1c2edcf5b540f3daa482268d8038d468b8f00ca623d1c254affbbc1446e5bd42adc3d8e274be3ba776b0034e179faccd9ac8612ccd75186d1e3bf1

C:\Windows\Installer\MSIB10C.tmp-\CustomActionManaged.dll

MD5 2b54558c365370886723974967a60b45
SHA1 faf9bf7ac38bf35701db8bd14321ba5e97a0103f
SHA256 a7c459ca67d6388eb3c8d16a210e1dc73f6abffbb8a78bcf071c22f809942afa
SHA512 a47e0589fe690d45eebdd540033fb1c0bef88dbb6a9ed6fdda0b989def4ebe5683a387ca2f72819727ba5ba372368bc35f76fc6bb32ef860f298fc13525bab84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 68d729ddd12f3f07dd8c888a5cc56a3d
SHA1 15b9d9340f6e70cc049db34445297508bc360f06
SHA256 95548f42609b1adbc0773d9617917fd5f998523133dcfabd8d01ebcd648c7816
SHA512 c9b9326cc1e2083b5bf6dc17c595772b5d88b6e5914e940ce7f4732f4ad307b3d763004336e12eb18020d1163d9a6f7a0b50e59e87be717c4f5a5e89b602ec08

memory/2880-2897-0x0000000000400000-0x000000000066B000-memory.dmp

C:\Windows\Installer\MSIBDDE.tmp

MD5 f54843af156794ba61ae0ec764251229
SHA1 069ba2232c67729a23841ec6c69021ce63b59a37
SHA256 02a22318281d8f0475076239a63434189b142f2f533ca378d074ab9eb4e9cfda
SHA512 2d687454aefcf93667b4d044092f549650c048e9311ed0a474f7e573f5bc8f9e3e18cecd00a69eb6f2fecedaa23cc63ad882c193b310d52dbacc6e8049e7ce5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 0fb48f30c3e62e3199fe1706f5399cd6
SHA1 a04b514bf3416e2140d9fc04db6c7e2f6f03f00c
SHA256 ad63661eb8c021e7aaf78ee1f0f1f9a67563732abff55941519b349767eaea1a
SHA512 102f7670fb510fa991ae85c5ed72830b771e22e8b23f56cb3fce1366bca94d3ca981b90728d0aef769cfeb71e872c206a8122c4cd5c9bf14b67b00d80fb41eaf

memory/2176-2919-0x0000018300150000-0x0000018300C11000-memory.dmp

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\nmg_CM.res

MD5 8e658e24e91577b14fb18bdc90a2e1c5
SHA1 2a12c0df79a4b42f048c50ba66c942aac4a256e8
SHA256 829e57b045199ba2d82b08baae8107b9875c7a99488ff32e7c3e225ea16a8a67
SHA512 eeed6686c5ca622dbeb27d18ac89606d55f759c8f450860adc1d5aa956aba14f5606aaee7a173846e947b7274f6be9ca039bf0838fea8d1fae08d2b6b0b386c3

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\region\en_MG.res

MD5 7621254d9d701161592f4f0cbbf6f7bf
SHA1 d41412336a9893e9a9dd439b13a3c65435018da3
SHA256 db13f9c7b55bccf734f5c6d3c56dfed65eda9dc7976e24f0a862f2408a6e529f
SHA512 dfe7eacc4058d1862eb6ef8305a388bd27249fe2b91df08c3102928b066454b322fb55ac7a34de0e27a87d2112b6a374e674b27b1296240efe46c5bb135d0a20

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\zone\shi_Tfng.res

MD5 264c63861ceef0e1a4cc72d014aa43fc
SHA1 74b6aafbfe5d4dce23ec1950246d948a8af12cef
SHA256 2c7e3796404241f7ff344f6e838eb3dfb77569152bfeb1880927e4347b50c642
SHA512 a65e31c1fa603f4a893236a84d56b04a9563e8a9520100839a997c62a2d749c3a47ff862f195d8c731194f1e9ffa9d7112214e6d3c06fac5c940a26611217b9b

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\unit\bas.res

MD5 6134f4cd4d6c15ce86537d2613927036
SHA1 59d53b482f70551d8dea499a310e7da230219a18
SHA256 68f743aec976a4117dca15a76760cac2f8580cedfa64b9c7d523a8f7bc0fe081
SHA512 aab3c6a451737433d25e38d86d21f865d944541d8c3a1ea23d937afb33c3a06c56a436afa997d42343aae8395607819a1a79f0fcb60a8017ee4c6e4c9a140172

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\uz_Latn_UZ.res

MD5 f637999c3373220f35094ab85161afbb
SHA1 24891e13d210b7e6b7d0053cbf5a945566f79938
SHA256 eb0040acad7de2a57e33a3ad90fb1711651a7ff071d21653a3b6bc7aa39cec7b
SHA512 d7b2cd72563f0a9015a2d3239d4660a3086262f633b680128b0b6f86c3ab8051838858133488768d9bd0d1db97f64c4b61172a7f6f7556c8d2295db48673708f

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\unit\en_MU.res

MD5 4d8b9ed918a6a21826cf6acda10d7b8b
SHA1 dec9bb0c1333322c691b9318a9fad5e0987319e7
SHA256 e26840bbac4f0ed8e3601f62abb775fcc16bf38b70785540025d1818f7057881
SHA512 7ae98d692352c530ae50ab24c00c7f0aeb6c2f74c6b77ebbbddf4bdd04b21e48816bf3f2698ee2b014d703f56f9e14958e28f298cd56027492c3a300fc4b619f

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\region\en_SD.res

MD5 847e775630f25d5d30746d2aba9615c0
SHA1 a538e1d8a5acdbdec4c3fe3123a46e6311a466de
SHA256 4b49d73f1dacc88c3c58bdc9c73014345f9535ad76af80b72881ca618e0ab804
SHA512 c7a9c62d9ee17004fb9dabad8b1877d80387692b50447d1cbaf6178cba89e56fa4272f7292ba9e26bafa7585c403580093a5e022031f6d0b96e44c7ff4357bcb

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\unit\th_TH.res

MD5 c34486d88a5544f3392a4fb031eca28c
SHA1 287ae38b9011fd9bf97fac414b405f1748b748fb
SHA256 f7835f43b81af073e115dcdbdd71e6d274c476853ffe6befcff4a6dd26e02cc6
SHA512 dd334e26082cd5f5b9cf2dd581930db2dcfc8ae136fea02b0a7e8376baa2c0582236086c7d973a84c14eb3f873c6f540e70fe65917d757c6fa630e56cd780c35

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\lang\en_CC.res

MD5 68ae567d0c236da786e332a837c30299
SHA1 dfeda196ef4cd20bbf63cc94d213ad031bab3dcb
SHA256 b008ddd5d12fb7008ac7f0c345e57100ef0a0b69f6f92cb34496c34386f71b7f
SHA512 60e949b0ab3e6ac8209473f4c19bf87eba3216f1de345f93e88cbaeaf68bf6fe7ce4f2dde4eab9966e1da237f644e116ab5f5dc107d846d3fc7d3971fe380734

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\zone\en_FM.res

MD5 7b933f365b0f6a04c6db118e4a5c302e
SHA1 193d872892e0be99bdeb813cf9bc6e6b9ae2022f
SHA256 21eda0dea9e1f55f8e7a899b005526ea9d3d08e9338b7a57524e35c0d472d903
SHA512 91c56392f9924f26bf28a803377b5ef517a3f4d0e5dda3541c0a73ba33bce1ec6b78b325c59b4defcce830c4133e4bcaf118372067a5d9d05a0ac4e592d75980

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\en_JM.res

MD5 dbed6cbf5b4e215e7bc058594652c5c6
SHA1 14ff2242eb58ded4ae8da0315f21ad1894cc848d
SHA256 df819c5400d36259bca9e3f7fbdafb6f2da2ffa00c5cf03695d3a1a5a20e8592
SHA512 0312dc0174e32aba5fdc8edc21d06dd613f0bc9bb24e1e502902379b997406d4b5e2a0c17e48bf582594c5d0988fa8dd3fd9a1ccc9fc386c4e453683196f2ec8

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\fr_BF.res

MD5 2e5503409ec26800fcf6a9b1d64dbe57
SHA1 5962f8204c362dfef2b60cda43363d4811d686c6
SHA256 d5d3c00ca62f706f59183248bbe5fe5c6fb721e544d3a665a8bd03b4b5f73478
SHA512 649675774963c12d5776f5d8d12580f79acd476c21056662d5391ac262e82a56adc751807ea94f8d59979733bbed2616a8bf1bca16af5d89350aa473e21108be

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\curr\bs_Latn_BA.res

MD5 c64f71ae20060954b9e32c5b9da51c65
SHA1 1e33967c51e09874f6a1de9a9c3539db9ca82a63
SHA256 1f132ca885d786c508137e5a798dca175fdd0d486a134931fcc3803db934b735
SHA512 caaad60303a93e38e881d7fc3c711d7a52acb59511a65bee549193067f88b870bff2daebddfae6d4ed366f93d3d7003ec5b0ac13890b9187f9a37d2be8831d17

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\zone\sr_Latn_BA.res

MD5 4f880c5d6bddf339f850a87f0dc7be2d
SHA1 90f0e7728bf802b7e962db8434d1c562705f0613
SHA256 b175f94ed5ce958a83aab63677471aa4c0b2ea04faba7c42681a5aeaef8e5530
SHA512 c9fc5b2f71f055d42c8501aaaaf6e6b6c290a6018cf1cfcb993735a01868850d0b3c5eaad3a611c80d456af9319dcf1f20ce4a8a0db54736ba8c8d7089b54144

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\zone\en_SX.res

MD5 7c270f310229b7a3bceabd9ae3be08b8
SHA1 b4fb1a986654111beaa667e79a6ee7efd3958c21
SHA256 a865ec010c2680b1674f3f258f1aff7a401e7ed6459f98c0699287fc05b8c520
SHA512 1967b7f33051c0e665cde999bf594921ba1376017895e2cd74b3863d8704beabe9cb4d7e44be46c038225a24c205a31310198682885e8bc7a14575860c5cc988

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\ca_IT.res

MD5 cf788fa9793fea6104e904fba48b9ade
SHA1 5105a53f269a6c445fe58f0ab7bb501bf5790960
SHA256 d49d36962528cd70e638fe62c2a675838d5f6d13c229f6a107530d58c458d100
SHA512 b07ced3b04e2ce33b0fa215ae03002e666d5408f31ade8fe84f46e2a7474d277b40887f090d5db6abea58b6a8df385f952dd614979ad903aaf31b524a06aa93b

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\unit\en_ZM.res

MD5 5c178e2fa9f7bfafd04671973597da85
SHA1 77beeb262833524ff0cb993f282abefc05b49323
SHA256 dfecd526162a19ed0e877a733782593d1cf496e5d1435248c06bdf5386f36bbd
SHA512 d4fad5f465b41fa87df52fb0bae6a5c4cdd48c3c43be1daae1de9b55b962f217cb666f47f7980599caaf0101aad46895f2a3f07e872a1b44146ebc64cff860b9

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\en_NA.res

MD5 84781fb37996ae5ed3c3e0e3beb4455a
SHA1 ecd887370a4453e67a642a46bef4bb4593c0cedd
SHA256 b94b6bae10b1b207adfb721f38c9bdabf1b3619c2c82afe24c7a0f823f9ca38e
SHA512 fffc82be344acdafa125a7a9ba3d79939f695b3c8a1aa66d8c0092847b7487385c979175f37d7df39eb3334f56621df78d3b2b087e7ae5d40972dd37ed42b109

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\en_IM.res

MD5 8e8f7836852a74de789dd0f4c71797db
SHA1 7509333c6d134b2bad48486057f91336dc1aa009
SHA256 d338e130fafe30c63a1dde8b6478a23dce8d1a3716b776c44fbf9e132a392c32
SHA512 4c39dd6462ea0f1f0d674bb06e8a5153a86903a91b0c04166a06c7df3b511e6ce83cbfe19d7175c010867f97dcb80723c398b4985d68ba162c30dd15b52d1fd9

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\lang\he_IL.res

MD5 a0e7f0023efe9d9da802a0c5a941f8ce
SHA1 e4522c97b99704605469449c21aeef8e03a0ad3e
SHA256 756032017e2d9deb9ec1508dafb605009eadf6d859ff309bbcd6e49bb2d8d9f2
SHA512 2b06564fb675f51d96e9945a303d9aadaeabb8173222ac644ac3415d5ac1aec958d70f651a5c85561cdd79e0f4b713d43117332a8536a251f4fb48800076ab01

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\region\es_PA.res

MD5 df8c1b6c2e9d796cc17fdc48cde3cb5f
SHA1 6b58526e194eb5461eb52568711cf490fc6ce325
SHA256 6423a955dc8a45912dc4ca81aaa6ede3554c2dad3efe200ff97428ec88995da0
SHA512 7c8085034258ebacda4948e6fcebce0f4d9b56da4fc6377e4cc94b042fc54f9f775d93d6efbd9877d9e453c9c31876f905e8953298c71c37cf720dee2fef9db2

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\lang\en_SC.res

MD5 8ccd09fd382b155e658cb8e38a69d50d
SHA1 beb2f210e55b9b72116cb9ca3b5a654e7bbf3066
SHA256 673b9967e9bab1bab7bd65e184eeb02eb5e8dc38f33f0970e683b9445c967cc7
SHA512 26d1444ac0d0dc7bd1a5e5081bdce4831fb7768d6c93747e6bae049d88136a95d13644763aaa86e4dea7cfc40a6d2ef80506a984e650debc3c036822d881282a

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\coll\nl.res

MD5 74852472abc6dd63b12c4766472c9b74
SHA1 5b59504cccc2a557a39ab15bffac0270d4e4014a
SHA256 bd31f37629afe5b5ca7801f26f251980f6f6a737c01c3c5be19e10b8f4840f00
SHA512 80e3f257a80030becd995377e912bcb62940c2819cee559441cd3b9a141229a7e071fa75b91b4b868dcdbfd00ac389f5250c7d49d0f8096e8cdf9b045523d0db

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\en_SX.res

MD5 9195559cd1c871889bae26ad19ca0c24
SHA1 7106db267cc6f7d978d00d4a9829010b1e653375
SHA256 ab6683282cd7cd5a8a819796ff415a8c97933eb2a77e5f6b8b42048dd336eb70
SHA512 231cff0ae144af4382b9f869807492ece979a809f0f4a912b8b41e09ebf4cc6f173ec62a507af72c28bf825a7f74624b1ab776f293d632038e7b3590c9b885c5

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\lang\pt_MO.res

MD5 aae879c1e1523cd47b76124dfb953f5c
SHA1 9e6f3e4d87189a381ea5ca35148e2bc4c2618686
SHA256 5ab1e574c48682e6feea216e71b16150335eea3d23af856a0e6f71ce715de137
SHA512 7ff20635476d644ccdf277a9dfdb01dc95fbb46c92c4fd119cebc16758380935f09b4dd1b6b240e9336465e637ac47cdca02c32dfc67ca0ccb170b2b17ab89df

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\coll\zh_Hant_HK.res

MD5 446a3139b2628b0370b88deded4d5382
SHA1 73a290ecc02be29b6e9dedd1dde7b0633cb5d5a8
SHA256 5107405e84e52f18e47aa7071f183e499a2c325e6e4bda7fca2b59ecb55d81d7
SHA512 6e6cbe46747664442464bccb8dc93dfad4a786c6ac390eda705c083498c898ff0d9083afa411e800f1dfc1db10799bee110e7c5371b3f559a806d72d42cdeb0c

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\region\az_Latn_AZ.res

MD5 3f209b3aa35603dcbb208a74caa36c86
SHA1 249de057005be697205333aba0433c5b04653bbb
SHA256 f3965e339c622c96879dee316de42f9e9f693ddeb7a52fdcebba027171f2c86a
SHA512 02411ae5728814057e0ca78d850eea85b3aca16dfdbee97a7c01860da3b82640eebe60960938c7f64b05d9e9fe8bae0b826d242e24b33c40024836f716f17e31

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\zone\pt_ST.res

MD5 0314889a62d29f92898f2e84fb0d88d6
SHA1 5e274dbbd7f357ad6d09b3b822a4b92d3109c8b4
SHA256 c1991718a07aefc99fb6206f3bc6c99afa7ff678e9f6a01b4a475ddc2b288b23
SHA512 04b0c28f2ba9cc19a5a89d0946050c41874617f8ec2cb3c1f268931446af51c4b3850f4a3a627e14eb34c504435f726cc4f8b11733fcc5f2d73ef2371bacb1cd

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\lang\es_BO.res

MD5 7694951ef25993c308c192cb7f702a4d
SHA1 65c2b02876fb4c07ef7639d251c32e3752cfe22a
SHA256 abbdcff69a749e45c85eb908f6228f7a2aa7626ca79a8bb34193c6c56099a41d
SHA512 7de1eedc81ea2fbd7609014f999be352059dccebc7f14637d84f7b3e51cacd7cd17f2bb9d43d074078951c69911bc7ec8591d2330c02c73922a695763d356fd1

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\zone\es_BR.res

MD5 10e40df5115f3c4978dce4da2e0d6451
SHA1 bc28046e014f618395e2ccccc316c17ed91daa4a
SHA256 876f59b33ba2ca4dfcb619bae86da6165df4955b09ec4fc989bc4e8fd4f1df89
SHA512 00e5df6097b58acfee5b47748856a95f4e0cd920ae9c33a4d6ed71425b1714e7f2dc6031febc5ec4ccf216a1e3e3cab2a3950999dc8343b746ee20747dbcf6ff

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\rbnf\es_GT.res

MD5 01ac728b63d66869b5a2d94a2f88b64f
SHA1 e12801ed14cb0b7bb6252a3666c9c97820f15ee9
SHA256 59a741f29db4fd6792c6b24842f42aa8f9ef4e61c3f9085fde8b92f29c76960c
SHA512 132080285a86e399d3f920f470fafcf39ac76d5370a492bec00af161c2c537e8368335f675e006b2ee64f6ffb02a78423a4bc7bb636342c5b92f13f4ab4c3e39

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\zone\en_CM.res

MD5 a2fecb24b478f9a9e53e5bd8cb82947b
SHA1 3eba18a74e53bc95b39065ad1c229181284f3bde
SHA256 55d9048a31ccfb28f5da7a418a221d2cf8d488da50dc7a125a7bbb0eb7bd01b4
SHA512 69a04cf483233f71dfe3e3730a11e4a5e86b57946a3bc9be823dcb7c5e0b3c26c771962242e226c82e8a72abd29133e90dcc0aefafa2ceab146ed4fb321439c1

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\curr\en_TC.res

MD5 d6186af2d25663529a1670149401c51a
SHA1 cc73aaa889e5f7da2fced52a80448c64c5756a9d
SHA256 c3dd2043cdd9a4430624cf43fe1d7c65938e1a6d029ed3ee2632796a8d4abb5a
SHA512 c94e2e44c785414bf4894caece699225411498cac344f761a8a047a4f82c15bd26d9f78834d515264805ed6454bcb3ef05e7e622e241f2e2c9678cdd0376ce31

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\unit\es_CU.res

MD5 9e46895540fd75ba1c21cc8bca9446b4
SHA1 09c5d01771b26a3f003757fd9788d13c0f10ae26
SHA256 56b0002469f572cfd0cb8c8becea7a1005ea8f7ed1d3dd308e0c4ad28a88f0c6
SHA512 b7b792042aba5729eb852ecda456087f05e459641f62c1bc6e951f3bd72a81b8c6d55a995fc07bffd2ce342cf87618010a4ad63271ca4518950c9b93b9b6df85

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\unit\pt_MZ.res

MD5 5e3e0a089d7bacd2f1ac2684ee9bef02
SHA1 4bd888ae18fa11258d13f8fa615d8915777ca4ee
SHA256 f963a5003bfc4bcf7a310c34bdaded866bfe24561fef032e89fecab13bc3ffbb
SHA512 a65c63add4db82803f2aca5d2ca2ebdadd12faff258472d36b0f735617104c352ff28b49afc19446fcab396e1febdc9a08bd91d2ef43f96ee25658d3a216c4bf

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\curr\en_LC.res

MD5 08408c8d145ccd952dd7d40baa4853d6
SHA1 cfad7e3b03106cec4678ab39cac25fbfb34dd5df
SHA256 03ea59d7659ee65e93d76e0744b1a0497d63bc278692f2a85cfe54a1f8d7f1a9
SHA512 df6c166aeae11ba470f588f2f7fb096493c74ec973ac25a21d354f92fa775189f487ef639bb31d59de64b4fab68b4045f1e3267d029ed612feaa57f2fdb5495f

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\pt_ST.res

MD5 1ebd2cf7b1b1688edba5e6481651878d
SHA1 d7475c1e2105a5316f89bad639102a22e59e8206
SHA256 8840adebc3abc62843f8e6350f2e28528a3ca15d65fa9979bed3bf44566867a9
SHA512 208ef55200983034d2e782b061c3c065e60832cb443d5b4cfdbe9297d338e9867089b7f26fd2a7bd7c25bdd11e8b5c7c7bdaa77a409dc679a931256ca038aa0a

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\zone\en_ZM.res

MD5 584b7ed10634a00ed0e4f58e9404cd0f
SHA1 f167a677fbc727a61d5ac6a326cf1f2eaa8e6073
SHA256 d3e4b494d598c2c08dcdbb9379b164c95158bb673aae0ad789124f46170937f3
SHA512 f32c2e4fd559487d4b3e8a67392d5989ec99212453e1afa2dcbbd22ab69c3e21c589790653d357a5c048c670e2961a1810af3718823038ba9523164478468d0e

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\curr\en_IE.res

MD5 f290c99a3e9c928023e949819dfe38ee
SHA1 e24ac7970af336c9455b5211bf1b865237d46e05
SHA256 6dd348d1795c7e999a650b6cbf254544f9d62ebe48f53230334bc0d6fa44d47d
SHA512 873c23e1aea6243172bd8f8efa2cb1ed8580e1def84764cc05a3638118d4c01f17f8f51967dc050c903727cb1784c4ea01d274a45c4969d9fe1e7efb881a0379

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\ar_BH.res

MD5 ae6774ad1b4e487d0992d22700f9087f
SHA1 46b5c49c76a7106f33bfa9bb13ec5b0f50eff50b
SHA256 dc359b3a630dab0a5b4e728806547747fc25105b70abd3b22e8bff20a3995ef5
SHA512 095b725d6f78b78a8f77dfa461b716a480219a969efc8246045bc0b93a18ba1377bc17bf4ff99b390038db71db3a387c4b6c658f858b735a897d41ce6c34ce79

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\fr_SY.res

MD5 4cf3aa31b641864ab60ef738b2b9903a
SHA1 92db1cf0b23b8d187b404b1693c3841f16152bda
SHA256 4d2bbe1d4d9d0a4266448241596bca9da40a34d96e4fd309a205350156de0134
SHA512 e7e01ab79ce30f51b69b1c7094c325d55e08da3703c05ed0741b05d30b2c4d662587338141aa5bf6ee9015ce1dff2094982a40ba58f4abca7cf3e8c1a954e2ec

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\region\pt_TL.res

MD5 606dd5e86352cba8a2a4f4561837824b
SHA1 5c0059f5cbdd887fb652fa79ad87aac0f8865ea8
SHA256 3a85bade8a7a6db69c28c9388ef247294248df06f9d9d406198479426b31d70c
SHA512 66c908320950530c345997b522e12d7d6603df931fe32b43644a2ddfa12be7795c9582c070adb744fbde9df287816fc8584f5f1a2bc2158abd8bfc9ba4b20e0c

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\unit\sr_Cyrl.res

MD5 85a6974221a7807b04c9e016b6c8904c
SHA1 421c17e072a104975c29e5c4a51575c5a9542489
SHA256 939c1da1c4ed3e97227cfc94d46bacdfbbb8d2bff721ec42618b641db731ad3d
SHA512 eadbc62801b0d5aba4b9a2bbdf469f007493fe613e04b640aa511383a4e3d707ac0adcff3e5d80f1598090e12cd65c5985dfcdf0cf8d46af807bad00204182cc

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\curr\vai_Vaii.res

MD5 a60e02569784ac9d5c76e3021322c822
SHA1 471960a6448f26bf0216f28f071e3860f1d6a271
SHA256 338496ad90df4581131f024dd945f5d7455f0b9969ea0c924e9f1bc142083b18
SHA512 a2d57f8efbe4e5d0b50faf54c6c44ceecf0ade4577872af3cace9df64d1733a68325494694b03e3517877560bf12cc124f662aaddf8c1f68b97862e75fc0cef2

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\unit\sr_YU.res

MD5 88ca5d2b5f3baa53f32d1a17affb3cc4
SHA1 b603ef247d2e23125e79c34f3695b44853a2024e
SHA256 413c50ef83d5a3ff6c6f693e50594ff033a0301dcb807c2ad1efdeb25fcb7642
SHA512 be26d85b7ea633275de857127a7e8891fe0bd1eb66ba33e83ee6b652a76c0618bf052da6a43fb9e21394941732d9805dc2fb801a5065b7ee8cda6ea77ff3914d

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\region\rwk.res

MD5 2dc65410add51f24840be253b3de1e6a
SHA1 555d4e6eb7c777e657dc6fa511950b6a31426ba1
SHA256 e8647fd90a97c6c221deabe0e4e4f833e3b726c9424091695e2419045d7f2b60
SHA512 01bec81c93895a11fdb507bcfe01386d0d590e20827aad4ab59ce50e25de3074801996fd2b3ac9d8231af80049dc5ecaab8e3ad38ae8fd9b4135706cdc53f60f

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\unit\pa_Arab.res

MD5 6a9273af56e5d1f6f2d24203334ddf9b
SHA1 bd7ca1cb1ba90b6036803043b8e351e6ec499da5
SHA256 f1d94fcb430e36370fa030c9d9892214dcb624289bc5282d432bf2a49378a08c
SHA512 066cc289321c632ca0657aac15f9f0e121c506b3ebd752e19277a5087417430e3c40525e0b410b930ef3a238328906aa64bf2a53b0febb26724918333c500508

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\region\pa_Guru.res

MD5 7b02e28612fbff1a60da141244aef706
SHA1 78065b63c9d24feaa1f72752a39d3977449bce1e
SHA256 15b23903878e867c7f8638b46048ffcbb245789c344bc16986851a7227687909
SHA512 ea8c726496990c7fd4958181650b21b89fce23c5250e76bfc3b7d23acf827196791c312f96ff71d5fd0f90b03603646c26b3b31232d6fa2630492c4a315552f5

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\lang\sr_Cyrl.res

MD5 c2d04d672f4df81cff4bceead9be3750
SHA1 21413dc219200658c148c7adc2a3c47e7d4c3ffd
SHA256 ddd8f7540d9a540ea6967bf394fddaf7262d47fd2484d4467cb4d2c747b6dd32
SHA512 6a15d00e02638fae576327c856aa81a476fb76621febf62bf1160d6afd8fd7e5ceaf12fe7cce072bb45e0d371ed5be67b3059a19a45f0e7d452564475d69b598

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\region\vai_Vaii.res

MD5 a0838e6d15b5072dc03baeb7f98ed41a
SHA1 98ab23737463e55ada302d75545a9bb32be19272
SHA256 825e5f4187683fe01e0fff595d7cb7cab8654c5699f0d8386e6c3625a5e3b19f
SHA512 b4f64fa488f5af2465e5f986c7b505df49c23166c022e13dbe764047833735551f67c2f3dacdfff46a30847e8303df96270471f990ac48353e6a5baacafc3d2a

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\region\sr_Cyrl_YU.res

MD5 5c56677a0822b6f922124f4e4ae5a625
SHA1 d1a78f3f6f949ca8c8593dfd24a8c248642bbf38
SHA256 7d0e61f3ca3dae5bb75aaf6318bde4f128da9662fe1d75fc245f5d4b5e4188ce
SHA512 0090c31c35af1b6718f4db3fe7aa2e6f06240b7895df417ff9500e08c66a9f9d98095378558131c2d96ea129fdc7df30be876f4b18b887872b0addfa9c3a59a8

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\lang\sr_RS.res

MD5 522cc1a65a354bc4ac2119c3ee5177e2
SHA1 5ff152aa8dec7e82399d07d29d1dc12be874f985
SHA256 fd32948fd9cec6e575bb7e29a4102cdbf852ec752cf47399a028d04528c489b3
SHA512 e95d63da5e61069be80017cbd7be335ec4a80d44a1acf9638c697b13817a832d8bfa7afcb562f3d9c36df13de27366c78ba0866bb9e463f5af455ae0983e385e

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\zone\sr_Cyrl_YU.res

MD5 7a74fc755d1e0d6d48cd5b4c2361592b
SHA1 f35ee9e8b2b8ad42d48265ab5f32617b664a77fe
SHA256 028a167d99b424b29176736eafd35631bacf7a4f087e765c6e244cef0d12203e
SHA512 be38f81fe8d53b9fa2adad5d2b403dae7e6223f6aa4438f5ddd5c3be3b88795a720e90197a96263dc8251abc10f96a7c5e987dbea84a00cb88f60394278f54f6

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\sr_CS.res

MD5 03b4c2777b2ab020f0301b1f57b4486c
SHA1 1a8fe984f91940e6a8b86f9433bc64ce5d875b87
SHA256 2001732718d567eddb29306e39fe186be95cd30bea89a14a5cffda73c6e95539
SHA512 d7ff5c4032bb90e9123b3054783ded9abac3b1413da8e01f80bfcf0a07169ce7992b89454c839b3f5d1d4633b5ade2ab093a68e9ff09aa825e9303c371929859

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\curr\sr_YU.res

MD5 a1a03e4ae0bb3120daa7f925f9754736
SHA1 244855f29a028c974b0e908cd8e4cee11f65e56c
SHA256 fd67c6594b5413b30f3d04973480904ec2179107b767666c37a8a55c90918ea6
SHA512 04c5b3ffb40b64422f94929e0181879cb7de1e8d07d5b2c59aca1e5e88a33503ba3a6e377c064c5675d0522c49f6853bd28e5141b9227846336f2686d551e987

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\curr\uz_Latn.res

MD5 1960ad3959332481f6d916f056b52339
SHA1 cea9c67afc66f20e4104cb6aa2df781bccadfd5a
SHA256 dcb5a6234f2f38bece4039140f59ea549c5cef8191cda68fdae9d5b6106d9b4f
SHA512 c7be9fb55877d5418afb221f94f131e02a2c88c55216e2a1b9967b3dde70b47336d8878b97cb64228a7ddda55dc4665517f1f8e8df2b997e2895afe62f9a3986

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\zone\zh_Hans.res

MD5 cbf1e43602d294e22f60cdefffbe1133
SHA1 e9b337c3ee0c3fe63b741faa70a51fb5a8475970
SHA256 968f1197df1b8b6f2ff8113b28253086818ea2c8e21c049509dc10d50adeb7f8
SHA512 66979d342beba1c32521f3797499c19fa3895e8efe74ae6e50caac65aa72b282180bb3be55ad6b4a479c393e992f88f0f12b4d2b5429fefd5681076d519041eb

C:\Users\Admin\AppData\Local\Temp\DX56A1.tmp\dxupdate.inf

MD5 e6a74342f328afa559d5b0544e113571
SHA1 a08b053dfd061391942d359c70f9dd406a968b7d
SHA256 93f5589499ee4ee2812d73c0d8feacbbcfe8c47b6d98572486bc0eff3c5906ca
SHA512 1e35e5bdff1d551da6c1220a1a228c657a56a70dedf5be2d9273fc540f9c9f0bb73469595309ea1ff561be7480ee92d16f7acbbd597136f4fc5f9b8b65ecdfad

C:\Windows\Logs\DirectX.log

MD5 78c999ff14ae6c9362a0e7383067c177
SHA1 560c21c14a96a97e9ac6a2a2240df6e6d8959dbe
SHA256 3cb51cf0603a16ffff6fdd0f1790e0405bcbf13d606e4039999693b84457c71d
SHA512 da9dc0b67453783655e3f3af579046f7830d7db35e69f8f896c3af2e0fea46654e9a792364fe53d8e444db74da37a242c517b4447c6c889f7cf9e3d831a665c9

C:\Users\Admin\AppData\Local\Temp\DX56A1.tmp\JUN2010_d3dx10_43_x86.inf

MD5 53a24faee760e18821ef0960c767ab04
SHA1 4548db4234dbacbfb726784b907d08d953496ff9
SHA256 4d4263cbb11858c727824c4a071f992909675719be3076b4a47852bf6affd862
SHA512 8371471624f54db0aca3ea051235937fc28575c0f533b89f7d2204c776814d4cd09ee1a37b41163239885e878fb193133ad397fe3c18232ad3469626af2d2ed1

C:\Users\Admin\AppData\Local\Temp\DX56A1.tmp\JUN2010_d3dx11_43_x86.inf

MD5 fb5d27c88b52dcbdbc226f66f0537573
SHA1 2cbf1012fbdcbbd17643f7466f986ecd3ce2688a
SHA256 3925c924eb4ec4f5a643b2d14d2eda603341fbbd22118cdd8ae04aaa96f443c0
SHA512 8aa2200f91eca91d7ee3221bc7c8f2a9c8d913a5d633aa00835d5fb243d9cb8afa60fe34a4c3daa0731a21914bc52266d05d6b80bfc30b2a255d7acdf0d18eb5

C:\Users\Admin\AppData\Local\Temp\DX56A1.tmp\JUN2010_d3dcsx_43_x86.inf

MD5 cf70b3dd13a8c636db00bd4332996d1a
SHA1 48dd8fc6fa3dae23cb6ca8113bc7ad837b4570d7
SHA256 d5200b332caf4fff25eb3d224527a3944878c5c3849512779a2afcfeae4c3ca1
SHA512 ae31a9e20743a2052deec5d696a555460a03d400720679ed103759241b25d55e2fbc247170da3c0c0891f32b131ab6a6845de56c2d3387ad233aa11db970b313

C:\Users\Admin\AppData\Local\Temp\DX56A1.tmp\apr2007_xinput_x86.inf

MD5 e188f534500688cec2e894d3533997b4
SHA1 f073f8515b94cb23b703ab5cdb3a5cfcc10b3333
SHA256 1c798cb80e9e46ce03356ea7316e1eff5d3a88ccdd7cbfbfcdce73cded23b4e5
SHA512 332ccb25c5ed92ae48c5805a330534d985d6b41f9220af0844d407b2019396fcefea7076b409439f5ab8a9ca6819b65c07ada7bd3aa1222429966dc5a440d4f7

C:\Users\Admin\AppData\Local\Temp\DX56A1.tmp\JUN2010_D3DCompiler_43_x86.inf

MD5 1a86443fc4e07e0945904da7efe2149d
SHA1 37a6627dbf3b43aca104eb55f9f37e14947838ce
SHA256 5dd568919e1b3cbcb23ab21d0f2d6c1a065070848aba5d2a896da39e55c6cbbf
SHA512 c9faa6bb9485b1a0f8356df42c1efe1711a77efa566eee3eb0c8031ece10ffa045d35adb63e5e8b2f79f26bf3596c54c0bd23fea1642faae11baf2e97b73cf5e

C:\Users\Admin\AppData\Local\Temp\DX56A1.tmp\dxupdate.dll

MD5 7ed554b08e5b69578f9de012822c39c9
SHA1 036d04513e134786b4758def5aff83d19bf50c6e
SHA256 fb4f297e295c802b1377c6684734b7249d55743dfb7c14807bef59a1b5db63a2
SHA512 7af5f9c4a3ad5c120bcdd681b958808ada4d885d21aeb4a009a36a674ad3ece9b51837212a982db6142a6b5580e5b68d46971b802456701391ce40785ae6ebd9

C:\Users\Admin\AppData\Local\Temp\DX56A1.tmp\xinput1_3.dll

MD5 77f595dee5ffacea72b135b1fce1312e
SHA1 d2a710b332de3ef7a576e0aed27b0ae66892b7e9
SHA256 8d540d484ea41e374fd0107d55d253f87ded4ce780d515d8fd59bbe8c98970a7
SHA512 a8683050d7758c248052c11ac6a46c9a0b3b3773902cca478c1961b6d9d2d57c75a8c925ba5af4499989c0f44b34eaf57abafafa26506c31e5e4769fb3439746

C:\Users\Admin\AppData\Local\Temp\DX56A1.tmp\d3dx11_43.dll

MD5 8e0bb968ff41d80e5f2c747c04db79ae
SHA1 69b332d78020177a9b3f60cb672ec47578003c0d
SHA256 492e960cb3ccfc8c25fc83f7c464ba77c86a20411347a1a9b3e5d3e8c9180a8d
SHA512 7d71cb5411f239696e77fe57a272c675fe15d32456ce7befb0c2cf3fc567dce5d38a45f4b004577e3dec283904f42ae17a290105d8ab8ef6b70bad4e15c9d506

C:\Users\Admin\AppData\Local\Temp\DX56A1.tmp\d3dx10_43.dll

MD5 20c835843fcec4dedfcd7bffa3b91641
SHA1 5dd1d5b42a0b58d708d112694394a9a23691c283
SHA256 56fcd13650fd1f075743154e8c48465dd68a236ab8960667d75373139d2631bf
SHA512 561eb2bb3a7e562bab0de6372e824f65b310d96d840cdaa3c391969018af6afba225665d07139fc938dcff03f4f8dae7f19de61c9a0eae7c658a32800dc9d123

C:\Users\Admin\AppData\Local\Temp\DX56A1.tmp\d3dcsx_43.dll

MD5 83eba442f07aab8d6375d2eec945c46c
SHA1 c29c20da6bb30be7d9dda40241ca48f069123bd9
SHA256 b46a44b6fce8f141c9e02798645db2ee0da5c69ea71195e29f83a91a355fa2ca
SHA512 288906c8aa8eb4d62440fe84deaa25e7f362dc3644dafc1227e45a71f6d915acf885314531db4757a9bf2e6cb12eaf43b54e9ff0f6a7e3239cabb697b07c25ea

C:\Users\Admin\AppData\Local\Temp\DX56A1.tmp\D3DCompiler_43.dll

MD5 1c9b45e87528b8bb8cfa884ea0099a85
SHA1 98be17e1d324790a5b206e1ea1cc4e64fbe21240
SHA256 2f23182ec6f4889397ac4bf03d62536136c5bdba825c7d2c4ef08c827f3a8a1c
SHA512 b76d780810e8617b80331b4ad56e9c753652af2e55b66795f7a7d67d6afcec5ef00d120d9b2c64126309076d8169239a721ae8b34784b639b3a3e2bf50d6ee34

memory/5796-8096-0x0000000000590000-0x0000000000598000-memory.dmp

memory/5796-8097-0x0000000004D80000-0x0000000004DAE000-memory.dmp

memory/5696-8108-0x0000000004E20000-0x0000000004E32000-memory.dmp

C:\Windows\Installer\MSI7234.tmp-\CustomAction.config

MD5 01c01d040563a55e0fd31cc8daa5f155
SHA1 3c1c229703198f9772d7721357f1b90281917842
SHA256 33d947c04a10e3aff3dca3b779393fa56ce5f02251c8cbae5076a125fdea081f
SHA512 9c3f0cc17868479575090e1949e31a688b8c1cdfa56ac4a08cbe661466bb40ecfc94ea512dc4b64d5ff14a563f96f1e71c03b6eeacc42992455bd4f1c91f17d5

C:\Windows\Installer\MSI7234.tmp-\CustomActionManaged.dll

MD5 2cf9fe3247bb25daf0aaddefd6d40763
SHA1 dc9b4f8e2bb6e202500061e0e03dddb102e42f26
SHA256 dd24f8ef3ef4b6bc58b08ade93e4aac64856ee681909201b42cb0111a45fe9e6
SHA512 4af9a34082dd04179a080918c88fffd2ddbc1d7e34779c50f8b9a2eec9cfb65f2de3ea016fa0843de97dfea5b0ca7e86f07ec0d7d1358df6a3bccb54c806a11c

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\region\es_BR.res

MD5 9b84eaadef2b13417945222d3b7ae8dc
SHA1 3acbbd417ea91eea4c72b9e1625d0770cc4426f4
SHA256 0c540094fdd875524ca0f0a7410f61569e8870a78aa1269cff0bca46df972e8f
SHA512 27cca573d4ad55dbb23bcc6f61a1ee9265af353d5e82ee97c84ec70426320cbe8a2c9985441e62ff5444acff9b9f7571470552afee9a190cb4690a49c6071294

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\sr_Latn_CS.res

MD5 9ee41589d13a2102bb2bb339776c20b6
SHA1 853fcd8b6beff40f5cd4e7aa18b4a152ada9f284
SHA256 f16dc33a45beb025c9db8ad3f78cc0b339ee1002db0419f8c819f2b11ab43ad8
SHA512 565f44a7ae65f2ac693c179bbe94ba86a34b2f0897b59e9e986e0ba90172498d3390afabe3b3566ae50b0486ddcf89e56550782c58e55affccddde1d6b6e2b30

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\zone\en_FI.res

MD5 2d23af6f7fe7ae532f9e762bfe487a5c
SHA1 4742a78fc6d26e800814510d71749a05da578c97
SHA256 e9f6ef5729737bbd2236826ff878786d5009a6772997d0b363daa04017bbf83e
SHA512 03d2f1b5e1edf75d120cba0d19c5370fd34bc3000599b814b3d02519958e399ba61ce9ca98ec0798c7fc78c2f9ffabc488f0db921537681f99163f0890122e77

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\zone\en_MP.res

MD5 7410a2e68e5324871e29ef1ce1ec3358
SHA1 388e5b0078c343aa1608d47e27105fa1263d5728
SHA256 4b3e8a2d4c07e0c906afdf11dbbb3a471805be44e6af6c1234622b3f1d2aa09f
SHA512 7312a8d7c021ffcb839fe5755efdb8e42bdbfa6d316e9d4833a7ec5cabcad5756bec57153bcb6d82e3f5593a8a30b2f96238454b54d3208c13f114286e50f1ec

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\ar_SS.res

MD5 18933a825f0fc4ccd2cdeb68524f851f
SHA1 640cfc46024f16f989198b416141dacac18cc955
SHA256 f73099366d30dd36f3de23e28f7851b57454090b3af7648b1125e343f1321b92
SHA512 1ddcb869360d19b469fa9db3147925ded100a931f47ce4fea7b6384f0a3af6500fd8d8a8a0672d8b5cf6a47eea0d874c4445c1dad9ab16b72c14bc7f7ff39973

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\lang\shi_Tfng.res

MD5 99429a48939e3a225d47899070309528
SHA1 36a1f05d4fccf23b1ba16bd50e95afae57c50c09
SHA256 fa96aeab1127f8c3af7390de4e541f58c54bf15c3f6710613fed47abe3afa9ba
SHA512 c704259c73f1f7f75bfddab84c0b7b1342623dc13ac03212f05a130be3cb91737fd770842d5ca97e4065be4e677ca3cd8994d6b00a9c510b91486cc5b4c5877c

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\region\en_DE.res

MD5 082f542f9c9d9ccddbfcf1c88e499caa
SHA1 7624426143832dfb19a02f9e6c0a3c5517786218
SHA256 975717fd8d6152607b7dbfabaf14d6b2b91f258d72b1ac444548453e2ef54df8
SHA512 bd0683f66845321ec651b22e126b58e639da4982d7b8a5166d43dac77b30f7f660b6ee7360c162a100336acde3254c5e70003f252a27e4dc3329768712668d2c

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\ff_Latn_LR.res

MD5 51874cd570fde1ef76584d484f003123
SHA1 972492de9f6db03504d92666faa793a12174356c
SHA256 6712ca123b9c3b3c192b15bed74912047aa9f473113c7e79eada47db4f3dce08
SHA512 4257742e18be5fb2b23d26badb2b264eca1752eadab99cffd2de930697f797e010a6f3e935eb3c9f884ca710bae5eebc472a14eaccdccf2aabd83263fa81f0a2

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\lang\sh_CS.res

MD5 7a89e9a370e8d0e313ba5aa754e5c449
SHA1 a496dd9bd098b73b616735a39f7c1d89090db418
SHA256 d7e1df633942f0a1fe760b0fea2d4d152f79d98369d85e5b1ebdb4f7b82abfe5
SHA512 3cf2b4b5ef0129b38fbc0fd7d951a01057155a063918f3294e172f295179e1f09f8a2dbeb78a4d6981f71d1bfe63acf5491e4c670696b71f3a8e6f5ef7c8a519

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\region\sr_Latn_CS.res

MD5 8aa325294c2fd5deec01ca244b93aa58
SHA1 011734465c1c1150472a55b1acdfef43c7b06b33
SHA256 15c66467f6c3c3a65cadf4350f3237733fc5f7fd4107e45f967929c2cfb01b49
SHA512 d3ecbdada97c0504726e191964b4aa041f257e794b9c7b40ae589ded5016125c48599cc30a2152fe3b401b0525c9fb190354d6e9f840df97800ca333ea927f84

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\lang\en_FI.res

MD5 a64132e6e36d6935bf54bfb465cf7638
SHA1 53d1256a4df87e42b8f2936d87ea3834f59ecb08
SHA256 00b9e8c95990eab1d1db82341778fd29e54063f122ca20e892f4bf7316c26fb3
SHA512 b623663283954c71b5638b30194da393e9f1dff0cf9d14e53f456bb7ef954be2fc8dd5bec33b7c67aa013dcf1fd176c66b3eb2a2a759359c3fc3ee714dc6ee06

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\unit\en_SE.res

MD5 a3cd4cfb2a1ba42247c9686225807918
SHA1 4db66651d6de29451ceb1b9ed9e188d6d6eadea0
SHA256 c8ca7fa12f4f74d2b7c10823015519765426403b9535b57a08d7baf694ae7521
SHA512 eb7f4c10d3b593fc6b4d436291e5e990001c5bc74b1da545c69898cceb5d126f9cd9a589945672e3d0380392f949b62256ff954bce19dc19502cd8bc5ea8611c

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\lang\es_CU.res

MD5 d1ed7e86954b36ec7a46716615e51424
SHA1 c24bb9669785d7cec7c6957ae7701af0171ae313
SHA256 a45e28e4db331ee08eb719cdee2870608b96b0df6e7b650e71ac6acb24c18624
SHA512 e341f2a7b63d4d031d6e2172653d1e36183efe71d07ebfcc7124c82358ed3eb93ec46ed926e9fdc0b4f30eae2027d46b614717cb5fb2f9c596d801c74267f9f0

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\curr\ses.res

MD5 da2fa9dc69b9d0979a67b83b05ffda67
SHA1 1df72f24492345c85d60517bfde6510cf609f907
SHA256 3eff5ffe90f37e814b839016c729f94bad790bdb1d9d18817badaec4db3407bd
SHA512 7e1fe92c575d2841cae95ae8f311f8e2861cae59dbe0525407ece7ba80a534a0dde808944ed4e53cf862364b340e326695288ef02e5b0125a5ba8ce3ab862083

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\lang\en_NL.res

MD5 5fab5876af089ce3960ac8bf4cb51aae
SHA1 56c1b74b88f869696057c30cb38f2bb0b6a963fb
SHA256 968fdfff72c8dd5a2c26f14dc6287839dcc1aa401aa16205acc50c4a0b2f4aea
SHA512 35287fcb5dd420cfe9f520af55c36c00ab20b0fd4ad48bb50cac19917f9e87ed77af4585bdb2105495f06147dbbfb85bf5c5fb44326488130b13c936d9b822fc

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\curr\pt_CH.res

MD5 978e12051d62b6012b92fd4eb96812f0
SHA1 5342929f64815a320c27232f362567a75e7ddcbf
SHA256 cf15d0233be6a0a1ed479997b7c050076abae55a8a810958fcc749cddf363072
SHA512 142fcf3abbff08b4fd8b54006395fec4378f52ff8a311c0e6eb2a714cad51fd111c2a9ddfdc7beeb9e1ccfb9e7d5602d33c6f358a4bf085f0de4095345068eee

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\unit\zgh.res

MD5 73c69c57b33aef2c0727dfda891b26d5
SHA1 fcbb492532e487daf4de8d4f8884925ff3b1412f
SHA256 13afef8efd97579cfb7c479ea1b5b71dcf90fe527f4f9e7ee78f5f7ef97ecaa9
SHA512 ddb84814465ea9cd26c061e49d03779c7fc4b11c4e6b3466d8ea24614d7c838ca84e2d2b14312a4abcb24c78ac973f1d589b4579099d55150c9a2989bf665020

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\unit\en_AT.res

MD5 6988f2e95328a9a51c084ddd3a054338
SHA1 2e30e9c8a136f8985fd65efd0432f0425c15de10
SHA256 21867c6f23fb99e8e980fc1cabae240c5eb3d671e7484194187f8b7004f17843
SHA512 a5baf33f2ec5678dee356e19dc8aab000b276220fec6134fa610dfe9b26293027b36103761d6a8a45113a043a53689c7ff5d48f3c537bf84793279688816c9c3

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\region\en_SE.res

MD5 1e75cfa71cdfdad76380f71608a11a53
SHA1 6d270d41952740a0b4e813852f0af521f77d8286
SHA256 6da6cf999e7b61168d7bc2e2c21e88f30064dd6f182a50d3385b916b53a769c7
SHA512 d7387976215b94dea8be2962486d27862ec8393b84a9590cd2cfe282addd1d65301de0198df1d95dc4336f6d63300c2e06c5a98fd2dc7baa9d0c61a9f8532d44

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\es_CU.res

MD5 8502b5b5cf8ff0ac0239ad4177a21be1
SHA1 94d80d600d5e0e241979ff136c9369e6699a4e0a
SHA256 29bd99c48e6b952990c208543342883cab53eb68202f225eb293747a8451eeff
SHA512 99ee900c8fc4be3c17772f11d2e537a046d60e730dfcd1e246c7540988691e08a6188c6759720f66ab71108577ae791b3590bb7c7ea55f64f9f8a47578528039

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\zone\en_NL.res

MD5 2a4f7c96aa0e9c0557c2856b0c72cd8d
SHA1 5fbe1fb0b9cf064d1f9dbd98b0648f915d025308
SHA256 618335972bf3299343e40d0dcfe21470b221055aedbbeb4bf5c09da5c998df00
SHA512 bef32a756dbccd2a15883a75173ecfa3d2e630295d837bdfbb65dd1b993fe224ad1163d500af3f9090bff7530e7c25b37cb98ed862efb13bb9b6b7cde6cc51aa

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\zone\mg.res

MD5 4f95c48a9c4159d6627749ee512b257d
SHA1 3e2381f9738403a24f4bf2cb5d775f6c846d0959
SHA256 0feb9c6473694a4c78f1cb0d89d2455df6ab40a1c7b02103c851fbe622dac880
SHA512 49a12457ed5188bbe84831cf8aa384086698ed5df3e605fa5c3f7d6762f2d27d22995f5fe29454b963a418b6fff2b78e17ceeec550a6577de09d82563a09b232

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\curr\es_EC.res

MD5 35371bb3ebcae55ec196350c1c608f4a
SHA1 1bb4ee0d26e57059fcc5d32b5a114753b480921d
SHA256 33301b54393153e40a050a5819dcad5078d4b4ae9eb7e1ca906e7b05f0df1d23
SHA512 c4159219f10dc6fd4aded5f194a5ef1bb7fda7adb508f063d989a52daf51c5f6b47c737547b7bfc665456e478b5175f4a7ac1bc17a22f0f31487a4dcef8ae320

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\zone\sr_Latn_YU.res

MD5 514cbef4886d54aed23144b3aa05edaf
SHA1 f442a0e8f56d355ab8522df0bbec1cece89bf781
SHA256 96d1d9268b17d977dcb132ad277e8455a59b0c6ddac7ab3117bc85994e4b1c97
SHA512 86377b2655874404e292b3f3ee869ccfbcd930002fc65ce291587a9b75d7bcf6a1f29ec5ad6264d25def534cb39eed0967cc8c4a87316c5c6cd3a73e4f165df8

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\unit\en_KY.res

MD5 c5cb1c87282dfcdf3b6a40f4e41f251a
SHA1 faa70a03e20cd1b317ca66db702d080d20809389
SHA256 f8f44fb1b97baf2c6e6d39f91ca0d66ec5cf4c9a828eff2aa0752d4658364dac
SHA512 d4c981a23fc66241554ae90b784e09743a1f29f689fef1f974d72d581578654fad72ef4af458c4df72b8aeac6236207d0488d110473155dd8785005592718b9f

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\curr\sr_Latn_YU.res

MD5 ce55127b1fcc3888a81797703f5ebb94
SHA1 41c9a2d294b61f92b88107680ad46243b40c3699
SHA256 10dac042284c569d4da24e29fd3c0274b89a0b32fa06cada191f2d3873553fca
SHA512 d62c664647cfed4859287ca9f3948faca795b1d300ae885b446a65134d36aa6fd216a6ca19fdd6ba97a76a3297a27cd7f742789421d6e1281cf4c917b923c835

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\rbnf\zh_MO.res

MD5 cd838bde437b8246547e3da5b56bc92b
SHA1 7b56ef405386e67ad77e890927acf9ce8eba77c4
SHA256 be404d9cc9737c0a22cb01c5fe5ed35c37cd87a22c5dbe18893af3dcc8946816
SHA512 d9c4d18de93f999801b873680be8502ed67da0665c04e3b182ac1a3bb02e34f82c3b6ddca54bad84d37d727f030e2934c73a81fbb6d4779d02ced04528e07492

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\zone\az_Cyrl.res

MD5 ca8b438f4e17056ef5fcefc231433aa5
SHA1 344346eb61a633e5075e40206f6abec7ea930f4c
SHA256 633abcc57ce9c650409448b097e913dbb7c0a47a7fc9adc552b1fb9679eb64e7
SHA512 37996b08968548e85165343c1f664a20899b0f9efcc1c37845bc35e9ef8d9e69dd02747d99245493e006973454ffb8c3708b4d0a439a92d5132a10750343bb0d

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\curr\en_JE.res

MD5 0f8af8afb2eb884c5b3f64d61f543a65
SHA1 9cba67bf10742a50e14117fb13460a5b4e863fc1
SHA256 be85546033229c488f2b5867d698b7784c34bc0e01ffe5bf5a6029a711abe843
SHA512 52b8eb0956338068b7ecd501d169dd4729356ff4034aa5ae80fe8e34f62a31292a1d531f1a0c6b0e950f9844aa79a33e0dd21e3a4f61fb0b7719cc692cd107c3

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\unit\sr_Latn_YU.res

MD5 3a213577811436f09ff24d0df8d5bb64
SHA1 412a7d31d9bf049cdf57cc29cbbb81b73bc856bd
SHA256 f290ea9ae14ea99460199281aee05edb1532d2c47715999d01c1f6a4b91fe976
SHA512 1e10de89f72496207acaff7bcb79342e5ac41be27caf134ee07c36768d3086c2b8a80b49e3d77f37069f378c9b86ee18511357d61b643c2cfff631556fa2f2aa

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\zone\pt_GQ.res

MD5 f296d3fcc79936e98f21165e870d5d2c
SHA1 e80750375415f9d975f3b372a3926edee0171024
SHA256 c340243d5a2b7fd6da05ebb7113dc4a516ff4f02cbaa48caf1e7ef5aca0baafa
SHA512 af8d4f6d49d618cab159dda4e545b94cdbbe8e7e8c9c87b4cefd9a7d8103b7f0634a06b02dba23378a8dbc43b431e8509ce42c6fbad15d21a0ceb639d25f3d9a

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\curr\en_TV.res

MD5 e94343ea5ab93b0ce143ceec3372fb4b
SHA1 8d6304130bcd97f2d40eb7a64b5f00af3c584ecb
SHA256 9136a34718c06c856207659a088864952eef5bb8fbf93f93aa0cd7179fc24db9
SHA512 530a57306bcf289026fda171ea4fb26d138d39cacaa5dc124e8f9cdd31d758b368a60c0d2fd102c66c220f2e9e0633e19a14ed4fbc9be564b819977280e64c70

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\unit\zh_Hans_SG.res

MD5 9d9b9c544d250f573b187fa20a37fab6
SHA1 16c2b4227d4a969e336292b2a9c3a23a51bd9505
SHA256 8423c2e865b10bb622270ab95f80f6f2d34ff4b4f3f828b0eea928eb8757ce47
SHA512 2928c40a6f35ee175eadbb4b96dd26965dc7c23243740dd4a96e0679dd4d9586549625405265b4ccf6b80fe575b6ddc46b4adb53a181b1173c3dba52f7493f39

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\curr\vun.res

MD5 f09ba6ec637887bf827ce42f664d181e
SHA1 e8b2fb8468fe264361ec4a788641e06461a94764
SHA256 cd71ce1afeb8c8186b7efe0554748ee91d8f1b9cb38f8e7e96ba39bf29594523
SHA512 17a26d4186aaecae49ae06f9a992580dd3a11a20db5e22486f2b76a4ed192074ce6911cf920aca84614eafe758124c1bc9455282318c07b78cc8783fd8133573

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\curr\en_TK.res

MD5 05c3d8c04759adeecbad23c2bdfb0f38
SHA1 391dfdb927c9e899d03e36e4194cccca7ba0a49c
SHA256 6b1389234982b98e25eceddf46cdee506d0cf54262c4a939708642c6b1d7126d
SHA512 46129707ec0be21605331cf8356f7d744548e21f9199b8d0f4986916eabd9bb41365022fd54747e6655c1424ad2be53503e2382fa5027f350d92993dcceb463e

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\curr\en_AT.res

MD5 5e2442424d57a925d3e43be7ae0128a1
SHA1 c1fe5984bd6cf8e73bbf1aa9363714201518b9ee
SHA256 4ad92885e76e8acae904a396c10e42e0acb1dd00d00fa23ec26aa686abc6488b
SHA512 72d59e56a9415c6e44c4453a1e0dc318de075b10728cfe981115b64e0aadd885638061334c91d446e3864c44e0d3650f213f07949c4fd964ce25df59946f0d7d

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\region\en_CA.res

MD5 558e0fda40bf93f5445f09e14f2acc09
SHA1 fd9e71b80869c8bc7870fd2946d2c3b84eba5e0c
SHA256 cdf68f3da7c805cc6792ba6a17654eb87e429f01be96957fb2f468444e334d4c
SHA512 46dfc8c70742851b726ef03359880d49371a03f9264bdf4e7b5a0c47da978ef19c8034dd2d56bfafcd6329713f8ea40077535bb4bad4fbe942cf7830fa7bbe6f

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\curr\en_CX.res

MD5 4b29be91dc84e7f6aa49b4da4c713352
SHA1 8ff7934886bc6c413d73ed9346d0861fc727a593
SHA256 471e0eaa79eb884f8ad830aee0e90dbb71d23333bff6b75bbb81d2c07953992a
SHA512 d0341d781a179cbc793b461e09739f7b942486196174ba2cdd096c77b05d5214a4a1c8a4d8367c643ad72b047260f6a38f99fe62fd6341c27ff9e1f2ff685a38

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\unit\ti.res

MD5 53685faab150d418afcaa1df89946567
SHA1 d6efb81f7ac56a634b23a850e335a5f2cc2b0ec2
SHA256 2d86b12e755a34c120c4173143aaf22f39d95ca59e979aaa465034c3e3f895de
SHA512 52afddea08a555688ecdfb310eadc6b48cac0bf12b94acd74b64f4ccc4f17ce66393b8b87854f2fc48147ac9e24fe527e9b37cdd56b4f17f33ba80523abdb453

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Slate\Common\DownArrow.png

MD5 f7ca647b01eb35e246440e51098e284b
SHA1 d1d667730bfd799634ed20a7727ca22dcea23197
SHA256 251ce24b8ef2bb2371723afc5c7d1721334aee24650fcca0cbe1c967b739275b
SHA512 ed2fd4511168b9bfb19c781140b4fc286dad6fa4e2c049af400b8ee676727fcf5e2735d070f32c7ceab6058dae895445e65bed0f2c767547ec673bec3cd12115

memory/5708-12210-0x0000000000720000-0x0000000000806000-memory.dmp

C:\Config.Msi\e62ab7e.rbs

MD5 eb040cff958703bfd44e3c3dab9d01f6
SHA1 5fcada6e785d7b544a16eb4313067cb0626c43af
SHA256 2557ed97a819aefe6d2dbfef7ba370a9641a6c23455ccb51338e43dd5a56d632
SHA512 263aee05f962317c43e3e768e7fa1cefc271dd2ee75f1c695c23ff44e46020d3ab96128a36f56e52fa1ded1c7fd30d93fbdd8160e535286e1fc5de0badb971ce

C:\Config.Msi\e62ab83.rbs

MD5 89ee38e3180a942bbc9d00ab8456e2ba
SHA1 690094ce78ad03648733f08b00837e7b87cfc2cd
SHA256 6292c96c0812bd2b124c4333345ca8f1979983ef8bdc48a6b1637c95cbb2a7fd
SHA512 c006824d64623186d00dd86e60bac4b145e0f2fa9e75de77458ae16f79de597bc048a23cd7b2e3c77097a60bed564b9ab1faf4710e0a2bb64b1509f365417173

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Engine\Plugins\Messaging\MessagingDebugger\Content\icon_tab_Interceptors_16x.png

MD5 83fc04799ad79e72c33504e55fa7a1c6
SHA1 194020c318b8132a783517dcd742ec25c5e73575
SHA256 f0f3dcf500f030fa404c0ef4ced3b4e37308cfee7d8662b6824e33f1cd1ef707
SHA512 cdc3ffd01a93b70a701b19cab94afbe37fd17d7477960529ad36fd2a4f2e4bbfcff6ab1713d11e750708a8f122e54e0affe947381700881cfe052c440a50a804

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Content\New UI\Window\Mac_Maximize_Normal.png

MD5 571934757f836559a8dbb0465457e316
SHA1 2ae344ef5539dbbb4ac24feae0fa3e6e301ffbfd
SHA256 b857dd0a43e379b6629144d8b4754ae26a2ffdfdbe1736675deef0e3aba0db43
SHA512 edb174cc88021c1eb4aa05e5770da16abe5fb2a5c0036429a4c359a1ca9a955779eab08977747b06ad9f9dd196ac0487c6ddf9516f9afe3bac33b3ce965f76c1

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Content\Web\webmodal\fonts\BrutalType-Bold\BrutalType-Bold.woff

MD5 7d12e2ec7b3852a53f4efa5095dc2a8f
SHA1 831a6bd9801e95d9dff5b6b1fc24c6da5426bd45
SHA256 a8f0f6a6e0a08aac0d9002020de8f75719831f5db620c85e3f700574af5d5cfd
SHA512 b166e1dc0ced467b6f4f2f4cb4682e2862490e270ca65128a97c1cabdc2acacf7106f260597c64906ffa9088e0ff272fbdb74b1c64edc613e609eba5b5122379

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Content\Web\modal\fonts\BrutalType-Regular\BrutalType-Regular.woff

MD5 c36d188d8cef7e9bc736d4cdebac8d9b
SHA1 e83b7250a297cd301f8671163791c1f2c2d659a9
SHA256 871334c3dcfed859e737b80d12319505172331400ae6d6dd19407cb347feec2c
SHA512 33d3e3b80351ad4f293d7ac5cc0da3286746c879c1b29e0756bf13fd2f4cac235372cbdf5a40eda0fca51ab876a60599bfe71366e29d31333658cf7e0e2ba9ee

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\curr\nl_CW.res

MD5 67e9488b28861446d4c26e82d94f4a41
SHA1 53bdb3cf60910c7294b73e5afb39fe394a062bc1
SHA256 852ccfadfd1cd2ee8f7c33c960234c0e782432eefe1d33adf0dca9ea41a27426
SHA512 84d22911f11fb2c3aeec6289ec5623b3b4c8d97dcf34ed0f46a7345e94d5ffe1f72fd3991e5dfd46a378ae0da149379ca75eebf42a86fee1bac50eef92365165

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\curr\az_Latn.res

MD5 7721b72d6e81a0f713a6d57ebe1a013e
SHA1 1fd64ba1fbd011b96b228ad5b67cd376fc57a45a
SHA256 4d177f2f8cc658d164aafad84afbb372b7b70c61d4a0e6437ac3fd510b8c7167
SHA512 f3c3d609ae54033e071a5b79c0916896b651dad135f0030f0da6cf1886723a04952a4628e9e0cf3e1b3e4c1fbc691468a565545d8b3310b0938abc7bb0959b4f

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\coll\yue_CN.res

MD5 12dd8c36cf20b5221fed4ca8d148690e
SHA1 49fe57bd75e718fd72d81117bdee5c4c0bf187d8
SHA256 bc0c6c650104ee38a032aab0bd27d3627087549d811bc2ac1090fc675edd1426
SHA512 74ef0da76cd1054f3b73ef05ac00991f6425db064a3803e2e16c2715729cae32b059d97daed98c3a0fadb797faef30e8520d6335ad41a33b0b1efffb6d616035

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\zone\ta_MY.res

MD5 31352977e2aa647e46057625746ff873
SHA1 9b7eba98417759d2f37faae5ee319958172b3cda
SHA256 f7321619d91853f3362ba7193eaa013f70e76802536dea28359389fe7944e9d0
SHA512 b921153f47a755a6bdb7b7cf932a77494941a3cd0aef88cd3e38a9e7b3f61a01232de159e481d9fa3987fb0221ba606ab3742862f87afdd56c26476a37f9fbda

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\zone\om.res

MD5 446b6a45c60e85f1366907f16ef759cd
SHA1 1e054824496d4bd319c90d87c2edbc9be298cfba
SHA256 e71feb1904a9e793cb31cadba271ca034adf0c08d02c3494b23383da6675c682
SHA512 8a236a2a73e648853b3a5691d8c0d10626c476ae490353e9ca0f39bedb6ae7ad8a30b7e5e2347cdc95f5de37385fd0025fba6f198c265eec7169d2f52f518f6e

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\zone\jgo.res

MD5 e7b7cd07ff02a1ed758f11932cbab6e3
SHA1 2c3e259309a4031fe4b6c2346aff7791e68bd16c
SHA256 cf7e0f5f5ec867d03a0325d1968461f9c50d36a872b3a30ab725f080dd878de8
SHA512 ed46fe6859bb9a133cebf1d72dbe9529b6c76a9c7f60f9bd60a6c38e176efa969309b25050c0ebac62b2a48dd2cd86ef9b30554e274bac116c88747f9a30e3fa

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\zone\az_Latn.res

MD5 d648984b881d872a677c50d1c10a77ce
SHA1 22dfd55a4bda0cc540209fadf31f3761b7a36ab2
SHA256 08618f8748fe2882f54184dbd2f83273ad1c52354acb8e4315d6cab364492f1e
SHA512 c31b009d2768040bd7451e21b3ac487e2d5319949dfb460cb7fbd46fae67e0923b604e9d5887ecb539e04c6094766223963985cfc80776470adb4d3e213fb9cd

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\unit\mi.res

MD5 747693f3e57a448ea2720bc16572e56e
SHA1 361e79fa3fe19f4c0cb9cfca55ce47b1dfb46436
SHA256 75710c94904534ec7b46f85db9b0723c6fb69766ef2764d008fa2afca7baf53c
SHA512 b09a9a68944cdd9a22f7f1b0f02dab6506b934a26dd7b2ad6b3b412bc39175ba336b5bad6a32afe6ce0721732fd3a97945717a351019f2a6afeb16eb51c03efc

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\unit\ha_NE.res

MD5 c177b7aa90760fb221186ebcb1efdd58
SHA1 3dca7953ee83e5aa19331259e3cdba45fe64decd
SHA256 b4c6c502d250ff8dd61d2867c70f1c7719c15390561075a4fea0e47304950244
SHA512 6e133fd97246deb378888af541353abff1adcada02e2f915099ea1d08f77956ca95284d83f7300440ba93c991c58ad574579f58424b47ef45b59d88ec625b1e0

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\unit\ha.res

MD5 29363cab7f20aa0bc6b7d785a0b17d75
SHA1 f13700c74be6c7f8653ca5dd2ea3749bac2df8bb
SHA256 f6d189de7835cc54b95ba380066fa574cb6e624d1f6a4fc5a19898533e290081
SHA512 7e46553ab5d115d2930cc133edb2670fd1292988eed296a6b4756ac525a4c31bc056687549d3a6383a369c3976cf9c729942590033568c0126197805dd30686e

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\unit\en_HK.res

MD5 31cb7b76c7956e45e041026558cfa226
SHA1 71216a3e97ebc506ab659d07b0fb60ec678a8f23
SHA256 bc3d03ea300fbd81784fd96045e026cf8e03d0941ea2a64dfc7a062a7b9391e1
SHA512 826e86f72d4b2d13abe368ec598c3121c1822cb87bd3d1060e8194d5da7e74e5a7f4784dead49e1f02fef9bd36b01fd1202d72b1d2f8532f85791a20c243c07e

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\unit\az_Latn.res

MD5 9b68ed9b23c3860c12b694463d674ef2
SHA1 ff01cef068dfaea97e0afc43945a4457ce6d6e36
SHA256 a6fe98ff5f118748b8e2d3ad5e4b4ff0da680b9755a72f93f3499525c4170ef3
SHA512 4b9936e92e27e3b8ee48cde3d75574a40bd797d1f7dbcfb7e473f182355025869c30596742a1fc67d4c6f87a82fc758f3fcb503b3df10d61e724f0aa45f08bb3

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\ta_MY.res

MD5 cf910c94198f1d415e241cb7644a9830
SHA1 5bbcd10a7f464a5e5ecc47f94de71eb3a4844d3d
SHA256 cb701f199a91520e73b21a7674402446a7e6a5f462d30ed088f40365bcb1a4da
SHA512 331b0451f7dd00bcd4a861738216b0af7d0e45b101039a9fb2368669b5e5a74d987c6e97bd2c9513a5c54fb8e57953d5bd1d89ade1638e5b583af87c0e66778e

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\sq_MK.res

MD5 b260cc5be1e1e5b26a796378cf30007b
SHA1 1b6a07b55cc84bcf000b1f1f8e7711edf324d143
SHA256 d65b74edb67614753f4148ca210a81d140a478131b728ffcf8c776ff174d3b95
SHA512 1ba09d1c520308e645f41183820a7b33a6a400a5ff373913aa9d22c10330844908d2236904d3e9532632b771bbec2ef495aff1bd4248d6d2ac2c6ed21e350726

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\region\khq.res

MD5 c8ed738283cf9e8a087edc4ae9771c96
SHA1 6aace98f7ed1d77722b3c29ba9eca6db5a0b2dac
SHA256 994b8de74d3916a9077f92b1a476511db1a01b7130abbee84bb1825a5948ab90
SHA512 aaa280698f4b8447240604bf9e5fb315a3fc2fa8e20e46736f157425f08b834b9359c79a360250d7d5ef0b4d87d167e0a0773bc7cfd4ce89343737b008feecde

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\region\es_PR.res

MD5 c706b6f7dd8ea0ed95d31db12420dd24
SHA1 7c28d7b41fd958e39b538c705798da3d4a5ed282
SHA256 8e57a4a360e6cf3baf174757a8e168116cd338b0df5f6122fc2344e8468e2731
SHA512 fbb13461be52cc1000bb94d05b4a1b2efc3d33f448ee07861e9e89391f435ab6ec8f00a210f983ba8d471cd71fbbe75f5619d894db7679a694dc3686501690c4

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\region\es_AR.res

MD5 23ff1e45b7f45b8c1cdf06e183359019
SHA1 34a374d2661e3e7620a680a3eb08ac3015c15645
SHA256 70da312294d03a617a82ba66b202faf9013c1d75899bc4fabafa3f584ce84fba
SHA512 f9574d339fc5c258e36c3c6b85cdcf7bb18105547205c7d6a8640126f5dcc23f63b38b0998ce1e7b5311a0c846567c905447cc7fddc33d71a2448e70d7a8110d

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\region\az_Latn.res

MD5 c22ec8e4b84b84647296660688b6d7bb
SHA1 2fe414fd38932dcbeadacc13175680f8c0abd8e7
SHA256 37ff94daef52a8b76ed3dce758a446bc79ede3349f84134befaa7225c99d58b3
SHA512 ffa514030d42ef8975fa25b9a20e94a0dbbe63edbf9c4daa74631a8fe0ba1a6ff4552aebb8c6d69a058e2d71f7d169c498e5a42f8fc06465f1ea61e821c0a15b

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\lang\es_PR.res

MD5 333196aabe6f149a5546009212e23480
SHA1 36d233968097b9679813afa6029362bed4ae5232
SHA256 53df05e03d09494fee29761ce28447301c3b4e4ce6f28984c18597701b0afe52
SHA512 ef4b0ca74b266aa1e46f12512c541992e4bc81aaa88668d64cd920476b32f09698528124cc5542108d850192f215a755b7f67106af56d7498dcc25316ca95cdf

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\lang\az_Latn.res

MD5 d98fb5f9e283865fc645efd43062c7a5
SHA1 be52530bf72c9e226a6f9b01f4617df3baec2cc3
SHA256 09b1ad733085b1df053f02ef0b65551ccec422b344735d30adfd2cf9941a600a
SHA512 e1070f6cbb347011eff23ea379583ca63742eae2d7fae92e4a76ab5ec77cb0133505fea0e6c288c08d80acb3fc2fca916d5590728ad49c8bd2bd33321ef0b6f4

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\jmc.res

MD5 cae16b5cbd28771099a3aa4bee4bff22
SHA1 b692625c2d3a2afe65519f57b20235e7321ab332
SHA256 199da3398504ce87f971816f6f67d7505d7be136bed8b5690e4e6845ef2ca3d6
SHA512 d2cb5abe1e38e121a66220a29dcec48ccf52d068a2fb59fd85225ebc0158d51004df99bfc8decf530fcb8dbb4be297e9687a7509c6083871c44c8c17a1727083

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\coll\yue.res

MD5 b01f5e12a340daa68ecf97bee56d319b
SHA1 0ffee54d754c18d881cccde4e3e62f1d510c4a6b
SHA256 288721eeef5c876abd385c1cd229ecb72525b1fe396651adb546cc681abfd8eb
SHA512 0b2745ab2d7e702c06adae932e248024ed4903a05a30244c6cfc56e6bc45b0886cf3f3d6231f693a48fdbf454a3bad44f6fa675b9d7716eefa53c67303824570

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\coll\no.res

MD5 1bbe2ab5e1ede037bb3cf2aefba458bf
SHA1 8334e95069c469a965159ab4d6af0c0e7022723c
SHA256 75ec6c5b53abfd9e459ca7e44e0b3e661a782b04cebf86199d7569d3eae942ae
SHA512 d77bd93b55c77d389ae863ebe0a3bcfcbb294c780561ae88cab3158bc9f4c651ad213f5f66f2f1044d9e7724fed07f874f774b6e972fc399b51c41e31c0c979e

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\coll\bg.res

MD5 3c36dd32064b9abc9700b51ebfdc9feb
SHA1 3020ca291091b8175bd6282dfbcb7ab1a2e8509f
SHA256 5473e753d24d1b03bb1b0abfe4d9fd14377507b1ff19aadb2c35c57440858766
SHA512 d079635b3766020e7f3c4c9b95934d692045e4083026ac570e9ba14d16bbcaa41ef1e1f0090ba09bce4f11a95ccfed1cec40e30aee34525dbe957f302ee04588

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\curr\en_NL.res

MD5 b47e9660fe30618f88039419c8475f23
SHA1 7f17666dc08d5983d42e4845520ca1cbc4088338
SHA256 7333c0831ac0a4c4d05c97bc62933652edda4990b3db1639f12667fc667cde3e
SHA512 950310acf817e4c35725969ffdd8d30b358806c1b0c992ba01710efe2f032c48de7ab5238904363af8f49c5de864ba7367c3a1ae222a29b57c5f5afea51b729e

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\curr\dav.res

MD5 1392ea69a62cf00ba85ce95ab6eb8ab9
SHA1 4c11c54d4042de6114ad7d3a1ec4be769e6c896b
SHA256 2be1d03a372174cae7b1a3fb840fd907dc3b386a36e4919e773f9c0c753e64bf
SHA512 bd0c8942f12d7db14bcd278ed6c0fbb78d11862f2fdee746793923091216ab54a0d4a5856672c393b576891b4fca8ffdaeaae210a060ba073d7674a39eee1588

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\coll\sh_CS.res

MD5 22828a7d641c2b46caf27ee76d771b0b
SHA1 5c2c34608ed1161e4bd7cd471bab22258bb86933
SHA256 2ff2317b37fbfa2470a02052df89cec26cec78bd8a30bcdbdc36d8d874a84d04
SHA512 b77ffa9eda88505a1cb29c2b00f1a29b4d415972c4ebc2fe04889f8601c771ec9bd11956d7334a0a474766cf33bb3abad2715b0358bcf9676126aec9132e226f

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\coll\sh.res

MD5 8008b9dee0a40cffbcf57d7734003a47
SHA1 1a4fe2832062ebc1ecd27affeca8cbf7d91881dd
SHA256 11921ed1c9b00c83e37ce919fe114789a8f6b14131f26996bf6f564d2d3f5a14
SHA512 f9db4a4daca509b749193bc0c528c2b497a5e11a25b6884c47fb7354920be62c0ba9dfac1f5633d000ff6c714241751bd5d417227a0c5862d259bab8f2a4190b

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\coll\iw.res

MD5 ec6a5257a8dec7c0edc49931c9b33814
SHA1 d45888e0c56bc815364fe609c78077067584cab9
SHA256 115b20d6b1a4a4d67295079ff0d33628f600668eb75dbc8b986b43c56638b34f
SHA512 f906e8deed2ceb1a76a57285ce15404863887f34d775cf283e02755c10c838c6a223764ddf032801eeb1a7b989ff648fe617c1ec7d476460620430cf608e332f

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\coll\in.res

MD5 10b328ea87427ac0a91db7ad5d9043dc
SHA1 34ecd90be5ffb01a9df4afb11dd68d3e6353c709
SHA256 137192ab9e551b5215dbe7072638ad3ec74b6b3591bed05665d6243fdab63aee
SHA512 25c99ad2f4157c7c08430322cd2821fdf1e8ca3dce8474fc9a2038f690bbc58e09a1e26ab594dd8fcf5ba87548bd3371911e60e6c879d1c7e981517a22e98d4c

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\coll\bs.res

MD5 a822b9c75fe11af54909b142ec7c7ae1
SHA1 0e1ffdc7bb343bf182036a3aa02b4afaefb902ef
SHA256 63b27e0dece4c56b46b01b940ee40dfc70f24ed16549965ad39cb5d5d4647ceb
SHA512 715b87cdade594bdca171dfad663131aa9ad1b1244dd2f8fce5e4e0d38b379298af05131a043c789dea09dabd995443c13d8079b6aa02bc16651aaa148d8198a

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\coll\ars.res

MD5 aa8a7aa673d89ef3789a8f51e0a80829
SHA1 052fc49617344392438bd75f84e6f7662c50d294
SHA256 0c3e87ec57077f2273433a6859ea6ddd7afc5b2a272e475eda076833239882c5
SHA512 b96a6bf5258af5d6ee582e2ef722f31017dc8fe8caaf92a912aadb4e38e10645f451fccab8fc5ee95b48df52a2a9e760f12c4255ec80b03bef791c6551227cb5

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\ar_JO.res

MD5 825c655e66a8706e0a6186265b79182c
SHA1 7f5332da7d0e212f62a51896e84c01b137558bf9
SHA256 87c751a030504b6c93ff63960b3502705f6125c9a687de7786eb6c36ba982b9f
SHA512 d33b86814453e512dce2ed5618f7b30c98f1af4f560bafe593e6acaf5040f43f42c62c20884d819364167793da67a2b8d521ba0895fec877e54f78c01ee767d8

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\ar_DZ.res

MD5 528150163817815d3e2650792b2279f3
SHA1 38c916facd62fef600c27bed89e4e9cb6d1372f0
SHA256 1a51dbb5c4cd2cd572d56423865fc0d95d572fc6426cdbc2a39dcd370e344b8d
SHA512 9fe69ef7dc50fdd1aed04a50ebf3b121897d56ffbfd54e586ee22a66e14c524d8c5e1036d61e445a68d4dd7052f3d8933febc94bd63042389e46900728b50d93

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\SysFiles\0312_Free_Games.png

MD5 834f76649cff6eb2e4dd4fb52399c788
SHA1 2982fb6cc6670496a0b22f48f7f154e35238b9eb
SHA256 08125ffae52053cd4e1a1726adeda74af030c63e166d389d94887fac6b5a71eb
SHA512 0123b53ca074ee1b566b9853d73f909d4c68142463d60dbc399a4b5c22c9f4f9b3a65cb67781d5de9f15d53cf69dab8ba4d24163a3479be5b0eeb99f40580eb3

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\SysFiles\0301_Rawmen.png

MD5 2c96b8aa0b02c6543e3c2bc775e97c7b
SHA1 201b1b5236450e4b44cf2a22422d83c1262dc791
SHA256 f46290f09521b1c7676b820e1f5b6212bb76d7a627e88defbd5b2da148639e94
SHA512 8fbdcac4d983ae90c5a8a707991d711072e9cb767befcfbb211f63836bcb3ba6f06ef1de9be0f70d47f672c520c36150ffc7c7834872e9679f9fac7911098c25

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\SysFiles\0503_Smite_2.png

MD5 7fbf732e70358efbfa1dad34a900450e
SHA1 15e64b2bb707fef1c1ffb4cb9af63bfc9f67a648
SHA256 7da5280ae37143a02e6c7cd3693b733f8518d5526bf44bb71a65ad7af262087b
SHA512 38f49f824bc9fe94986dc65a0ec86a0dbfdf297c37386cb7e3e72fa202a935df64dd0cd863696a1aab2d186f155d6e0793970914a44ed47bc05d305e1515bbad

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\SysFiles\0411_Marketplace_Spring_Sale.png

MD5 d2971e310ee13bc2dcbab715e0763fd2
SHA1 d580f1ac61fd2af3224712cb0266bc498ed9ba2f
SHA256 2ee9553a934d3c860a5e2aab0b1ee96cd6d54543d413dd5830172fd327fa6d1d
SHA512 2b508f7216ac8c1e05438a093ae949d2b81dc9c530d6414cdb3870326d16aae4284358ec84844aeb6f4ad2cda95dbf848a787e09f037e4688f02124517c1b65f

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\SysFiles\plus.png

MD5 2ea6b2059495a75d4c1033cf64275823
SHA1 2967a4e350eb0edc277f54ea4d78c4921812be7c
SHA256 e52151b5b9be45273147bf3a1d4655186a61fd7cbe007ef5cb7c66a1990371b1
SHA512 acc55ddd4a00f8a625dc925c83f49162bb79cf697b9cecd937bd694ee697561030938db4f153aff844c4fcd96cc9fc94095138ec984ee4faaaf65ca78ceafce1

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\SysFiles\ui_jaguarOffline.layout

MD5 31a987753e0fc7fee80d6f36491be64c
SHA1 2d20153c1e7ca58f66b2a1cbea40ec6c98fcd369
SHA256 537cd8458992288074cf3ede1d221c165eedce2483437d9cd95d20cabc6352b0
SHA512 9787b07490d12ba6c704d5b6ef1e423e69ccab7a9ace61aaf754ee7f23ef24a8831cc3d8efe86106992a82ea7dd89fe21997a658f314dad51870e480d00864e4

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\SysFiles\localcache_icon_small.png

MD5 50a5b1dd49108ac7be1f1980ebc22bbe
SHA1 1ad8e149a4ce60f7b46a73194f031b58d8de54f9
SHA256 bb27052e122dac0c008cb81d6064f6a0edf8b1a53eb0e35027b76eb99b915d27
SHA512 5e425f007258b1fdda221090f3f9ea3c813d8ad8e9f66138504108d59508cc685848f59c48d50fe607c287bfdd625bf950c2ff5940367e154b79c0daea5a5e69

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\SysFiles\0213_The_Last_of_Us.png

MD5 48ed4a0950f33171d3752cacb95f8866
SHA1 20c2a815a357175a12838515933433aed680f939
SHA256 5a9df55d5bb834320cbb8763c876f52df0f354879d11dd9b42b08c3636e19751
SHA512 02ab40901bc441a3bba91fb15e39dc4bb4ea3d5bed2533447f1b5a93532515e47ef240fc88279c42cc238d4f935cfade8c43310439d5968b928e6a9fdde936b1

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Content\Web\webmodal\fonts\BrutalType-Bold\BrutalType-Bold.woff2

MD5 0dfc6422538b3d86ce582109b873e084
SHA1 bf006d690184b9253468f98193fe36fafe1cb5f3
SHA256 a6f0df6e385325b7a94aaf1005890c9c6d090205098efd6afc55a3e920d48e2c
SHA512 671138e08916868eb562c452d13a4a9334843abba75dbf6e686ee3a07770848b96b93abf06df15e666ecc29d9b0b4b153c3afa14ff1fb2175bf9fb89b15b1903

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Content\Web\modal\jquery-3.2.1.min.js

MD5 473957cfb255a781b42cb2af51d54a3b
SHA1 67bdacbd077ee59f411109fd119ee9f58db15a5f
SHA256 75b707d8761e2bfbd25fbd661f290a4f7fd11c48e1bf53a36dc6bd8a0034fa35
SHA512 20da3fe171c075635ef82f8de57644c7a50be45eb1207d96a51b5eadeaac17ee830b5058d87e88501e20ec41ef897f65cec26a0380eaf49698c6eaa5981d8483

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Content\Web\modal\fonts\BrutalType-Regular\BrutalType-Regular.ttf

MD5 75e941272c93633c1c6dc50f797c2f87
SHA1 9bb4c25662d298f0f026bede5e6ee5a95f98e667
SHA256 f892303d3b3e710430c192ddbf9e0750ccf7ea2c6d239db25b28e960cf6ce638
SHA512 9bff10dafa35123057d720296aa9e44b7be1c0b714d1669004c5d68573fa694a18ead674bf8d77955fd248978495f1ccc89adb23cf7f82836b0445b764d540dd

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Content\Web\modal\fonts\BrutalType-Regular\BrutalType-Regular.svg

MD5 1fb009dba27c01ef3299d5f90a6fdc34
SHA1 d643e0eeecf3666634271126a4def092a1408426
SHA256 5de5c7f84fbc8b5cc7460e5a755454a37d971f7e5e8bae39afdfd84c4a88c3df
SHA512 e4054e7f967f5468a6a4bbe511fe0ad1d03cebcb47c03fae3dfc3911ce99e7eb79725a38910e870a8bc2256c149e0f89fb1a27481135ad64b00cdb4cebde4975

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Content\Web\modal\fonts\BrutalType-Regular\BrutalType-Regular.html

MD5 1b332eded87c47dade95bf4b302fa113
SHA1 4604c49488aa1e4bc3fc1c4f903340eddedcd6f1
SHA256 cc8244dc10342b727f2d0b7283e270284ecb6ca103f42914fc77c177a692305a
SHA512 d5fa1f18e0fafdd7d5c415e8d3df680cc196a80b38f10e133e5217f33e71ed39ddd7e515c55df745fd0c20cfe040c2027edf6c579fc6657a2872fe8da4fa41af

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Content\Web\modal\fonts\BrutalType-Regular\BrutalType-Regular.eot

MD5 434233315fca6a10ec6d970432056f2d
SHA1 73d603859a98bff519701d59f2d3b1356c57581b
SHA256 e1b7408ef55b2876cf9250938d15ebdf19ab3e674ceef39ff78fee96654144c9
SHA512 a355d02851559d231a9a0e05ab7e8768602c32f7e52f87d50eeeee8238e2e58b688d2779ae980ddd7599bafff554cbee0c089fbeece45cf1b43db5dab24feada

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Content\Web\modal\fonts\BrutalType-Regular\BrutalType-Regular.css

MD5 6bd54f8bed5d1b6795be23bec6641f9b
SHA1 63e24d57b441b6b6f137c5b19e21b3e43dec704c
SHA256 31f8aebb8255519e3b8b5742844b0c28aeffb16fa8fee648fddc2d9677fde476
SHA512 de240354cf1f9d3e3212c41586dfb074657ad82b5b8c5ad4e059cc9acba8cb826b9d941107361887eebc9ea3b88a4bc80f236aa2af418e1d322e40ed192047bf

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Content\Web\installer\i18_es-MX.json

MD5 639ecfde372ca8a7a6d5309c207d9705
SHA1 0c7c638e46edf8f70b3ef9e5a2d8b0644628e68f
SHA256 e415e145172ea731c44cdabf3dfe37d54cc46a68007d9b44377f8398e5fbcfdb
SHA512 843bd3cda43c790d3f118b5240647bed6fec9846f1e4608bfe534f06a753ed9ef554c4bf167adfb518e4b45262d63871ca47ae3debd1aeb09ca97326d98e71ef

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Content\Web\fonts\BrutalType-Regular\BrutalType-Regular.woff2

MD5 4555758a9a1a19e87a66eceaf00b1b23
SHA1 155617f24b6ae17ecbaab7e4093ebf3547680a5a
SHA256 a2497148f72e2839707d55316931a3c71b2b355d7bec48cf672c026f4903ddfc
SHA512 942871d8bda60182b516247d1c28e3d7a1faef6920ba6e11f0e0ede65a600c8aeab1b879e9d61b0dd3a7b363286e8a36338b83e9919de22bae5d386424d4bc7c

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Content\UI\UserCard\Menu Background.png

MD5 77aa8d3442e311f8d22a36c0794e6433
SHA1 63b60e0210eb22b187624858bd679d5cce097e0d
SHA256 f0c23b8f4b1ec6b18ec079606f8569d05883e8c6141f01f0f60d90e7c427ada4
SHA512 c632656f472ce781c33de8052f3c52350f213550b6fad0ce4a017bd65b9e39a77f75b0ff2a421d47da703ebdfb3914c5bb8f534b0c25b669f7c8e37bf8b02510

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Content\New UI\UE\WindowBackground.png

MD5 0bcbdbe3b786bf2ce23ec11d7f1f0322
SHA1 355bee41160a2dcb582bbd52ad257b7736596035
SHA256 54fd76816d11d304784660bc4938824413a6aaa2c5608e141dc00c7cf5586b3c
SHA512 686b26178142b5032d6ad684b1eb4742937137b00d54e409ba941e37cdd31df40ba7cebbd4e48a534d4d5bade36e12edfd15b14df8a931a05798a6e8bf8e186f

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Content\Font\NotoSansThai-Bold.ttf

MD5 84b81463f0e0d6329dc89eb3d0249ad3
SHA1 599cb69499e7d28f257eaa5647efdf505503b1a0
SHA256 f58889dd92142f30a4c6e5045519c4d12de22009670f046051c830c8c50c5833
SHA512 fec62da281a04b30322f89ec745f61f606a8510a9f92c53b21ec0356531c2aa3db40fa150be44a55c62863d8871138769005ee2bbc5fc62895ad84cb728e2499

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Content\Font\NotoSansThai-Black.ttf

MD5 00319f0dfacab6e781b32c34b138f3ff
SHA1 bb5f61de6b13bf382fe46efc342f8ec3077afcc4
SHA256 d3d833624f40419464a9a3b871e9c9df32e79ec264bdf2ad7be183a61873275a
SHA512 17f68932744df4c47d43884b389eea4a5446fc4e471e028280bcc796073f39121559ae4c922131744a190e61fcef925b8296f26ea980bf97424d430511e1980a

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Engine\Plugins\Messaging\MessagingDebugger\Content\BreakpointBorder.png

MD5 5b6ec4eebf6fdf67c3c6fbd673a46370
SHA1 53181029fbea06aed2e663392654737696f5b4cb
SHA256 8f6c088620c842670ec544dfc4b0313795d8e52c4203472848cf9558d06d1597
SHA512 3a9478f764f5aa6fdd239b4217dd9a60ad600cd0f06f108ad23f9f2bfdc71387457f35dcec3b66f497c00a838bf7940a6e3c9af718b3fbcb73adf0a212395a0f

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Engine\Content\Slate\Docking\AppTab_ColorOverlayIcon.png

MD5 e789ea5024fd5a86451510d6eae0f3c1
SHA1 eb7471fff980fac48241993cbcd34ddc924f57ba
SHA256 243081b822f4f694f43fdd910271d34610064286e77dc8bfd1ecbbc3632c50df
SHA512 95606466135fe3ead3c602a82671cfd7be447424b3aebc280f7950201549e7dc9b57c65fb6150bc36c0d3bd038bbd6ebc95ce9a4d8af39fde3c76340be79f2b2

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Engine\Content\Slate\Docking\AppTab_Active.png

MD5 98098c68f01fe1628a738aee48c75b96
SHA1 f39b972de4125d7149b5c826a6ced897c417394d
SHA256 4e4da145aa85ef36b72d18e44a8c6bed03f292b1b20071991c052bfd73d54902
SHA512 23243e5a45b6bff9c3e163b43c11da16a866175339a32372f0f0737c87a470a206bbfe93fa72e2952c891e637b88d41e0a6360e068f12504115f13a2f910e2d6

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Engine\Binaries\ThirdParty\CEF3\Win64\icudtl.dat

MD5 80a7528515595d8b0bf99a477a7eff0d
SHA1 fde9a195fc5a6a23ec82b8594f958cfcf3159437
SHA256 6e0b6b0d9e14c905f2278dbf25b7bb58cc0622b7680e3b6ff617a1d42348736b
SHA512 c8df47a00f7b2472d272a26b3600b7e82be7ca22526d6453901ff06370b3abb66328655868db9d4e0a11dcba02e3788cc4883261fd9a7d3e521577dde1b88459

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\SysFiles\ui_UE_LibraryWithStudioBetaV2.layout

MD5 bd2ec392cf32fdf140c3792af66be2a7
SHA1 05d5a893d190ddb544d678834ecc56c7a9298b14
SHA256 e3a4fd152a80a523e24f07b0ee51d627912d135436957c25be31cfb5c2402a47
SHA512 b474eb62e3ddc8278ff3c25c81378103b2ca8caf1973db3943ab47950ccb2ab2021d4644f48d84902c556a8101f83eef0ef6ac56467d6d2c3ce793ac90a25915

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Redist\LauncherPrereqSetup_x64.exe

MD5 db6c786118508d64481e5903325f48a1
SHA1 5387737e085588a6f1e8b29f12372b21befd82e1
SHA256 b49df77f450abc9f4648adc9865a6d712c865eca21cbce9167875a44f0956205
SHA512 d2a4ed0d893b7461f843054214cac593b02fd1a0ca8535093da614369f7e1e4e775f5eb37bb15e433fa95627e5f3e94c0744b65bd232023c300ef250b7c7c7d8

C:\Users\Admin\AppData\Local\Temp\{43a03b9c-4770-409c-a999-587b60700b63}\.ba1\LogoSide.png

MD5 63c9775d703ec8bdc9703f80d52ffc24
SHA1 1a5f3fa1fc4ee2a7e08506f8178d769cdcd7ec62
SHA256 8f03c6e8ce5f4898cc230e04d485e0e0744eb7ee180a3d8bb154f2fc9c7a93e5
SHA512 b2d9d18a3d6a1df401ede41e35af7167c6f253f54c290d1db64db212b5a2e9a2534e86e031e1e5499b2ce11bb952afc6bcd8f85aca351d49867c77dd4edba458

C:\Users\Admin\AppData\Local\Temp\{43a03b9c-4770-409c-a999-587b60700b63}\.ba1\Banner.bmp

MD5 461fa4877514f318a0d5cbc602daf7df
SHA1 5d2ed3abc96bb1fb419828e3de3fc75a6292536a
SHA256 638d5bfc987b45d28a308e8a4d68bd7c0a82d21e615e534fbfaa3cd0ad53889e
SHA512 c4def63dfde38cb2e35d75c7e61428cb9df2429af799e3e0b29c7bc1d9c60e8e32f18cc0e7b55e177d95bdb333a7a0d1f4369b02f5c574b6688047e01e9f98e0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAEBE581FCB73249406FC21094EA252E_BC0CE803EF41A748738619ED7838EEFC

MD5 5bfa51f3a417b98e7443eca90fc94703
SHA1 8c015d80b8a23f780bdd215dc842b0f5551f63bd
SHA256 bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128
SHA512 4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

C:\Windows\Installer\e62ab89.msi

MD5 4d5c9a709f332236559d3bcb27bb81b1
SHA1 0131fbe2726674119340ec96bb72b41e30b4add6
SHA256 ec50384f5094fc632e78ad9bcf40c947cf33023ccb28bb36e44eaa7f04b4ecfd
SHA512 a5206ac469c92d95a64009986d3b6c7197f11b7904da3005a9ab9b9534ce4a91e332f34058bc2f3c31cdaa6ea9b58d22b9254fe8be2f819a22ddb7e8637a6e1a

memory/7160-22625-0x0000000004E10000-0x0000000004E40000-memory.dmp

memory/7160-22627-0x0000000004E40000-0x0000000004E48000-memory.dmp

C:\Windows\Installer\MSI6384.tmp-\DXSETUP.exe

MD5 bf3f290275c21bdd3951955c9c3cf32c
SHA1 9fd00f3bb8a870112dae464f555fcd5e7f9200c0
SHA256 8f47d7121ef6532ad9ad9901e44e237f5c30448b752028c58a9d19521414e40d
SHA512 d2c354ee8b6977d01f23c6d2bb4977812bf653eae25e7a75a7d0a36b588c89fcdbdc2a8087c24d6ff687afebd086d4b7d0c92203ce39691b21dab71eafd1d249

C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\apr2007_xinput_x64.inf

MD5 94563a3b9affb41d2bfd41a94b81e08d
SHA1 17cad981ef428e132aa1d571e0c77091e750e0dd
SHA256 0d6e1c0e961d878b319ac30d3439056883448dcf26774003b73920f3377ecac8
SHA512 53cac179d7e11c74772e7b9bd7dd94ffbc810cfc25e28326e4d0844f3f59fd10d9089b44a88358ac6dbd09fb8b456a0937778f78ecc442645764f693ccd620b8

C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\FEB2010_X3DAudio_x86.inf

MD5 e84adf38d499ae39090ad60fd76d76e3
SHA1 6af4d58bc04aac2723e8b97649f1b35fb1aca84c
SHA256 d4da3e530982812d1e2a31570b80af541fac1b13c72997d2aad7ea3bfeaf4a4a
SHA512 6714992e7aee7bd0798fbec68f92c97ee502127580e21e1b6693ed6737312b44dbc9fd9ef579fe552590e9e5a4904df94e4116334265a34699a04aa76ab87c24

C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\FEB2010_X3DAudio_x64.inf

MD5 49460e9297b0faab5a5d73e7aa2caa67
SHA1 a7e211f3d4ae808f67a798924c4d3314183df873
SHA256 68351f03f4ef83e4b8c359e3e130441081690a1866b838a1b35d64674ef3abbf
SHA512 92c4c0751e9123e1eb09da312bc44041d13262e26cefb807dcd1b354c5bd12c0d7197f1d3d457ddef89714b77ffe45db9c717332963c6daa507ae02a6d5fc941

C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\JUN2010_d3dx9_43_x86.inf

MD5 a11deb327119b65bacce49735edc4605
SHA1 0be2d7fa6254b138aa53d9146cda8fedbba93764
SHA256 6b33d32da02f664092d44b05237990f825b4062c105a063badcf978648b5e95b
SHA512 b0134a3d6f2d576e5fafb601014ab66fef91d661013acc8a7a9129940369a1d9ed5c0f228bb1666a4e891f09b4b18e83f0cb2080047aa84fa45ab663e5739a31

C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\JUN2010_d3dx9_43_x64.inf

MD5 ce097963fc345e9baa1c3b42f4bfa449
SHA1 e7624afc3a7718b02533b44edfe4f90d1afda62a
SHA256 272650a2d9b1cfea17021f4bf941b21f2206791e279070d4e906ce0ce56ac16f
SHA512 f3c4f00eebd9d465bc2415d59c417bca0f5a07c8e13880b28704f770763609a653d4b06f53d98325b66c2c7094895190900c47980f81463215e919f00966ee7b

C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\JUN2010_d3dx10_43_x64.inf

MD5 13c1907a2cd55e31b7d8fb03f48027ec
SHA1 ca37872b9372543f1dbe09b8aa4e0e211a8e2303
SHA256 a65f370a741d62c2be0ca588758d089dd976092cb910bb6b1b7d008741e18377
SHA512 545aaf268d141e2aae6800e095a1ae4eafe6bfe492d95dfe03789ccb245cc3ef3f50f43b10a41a3b0efdc7f8c63621b437323e133ba881f90a3b940095b80208

C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\JUN2010_d3dx11_43_x64.inf

MD5 590fe1ea1837b4bfb80dc8cb09e7815f
SHA1 792b5b0521c34c6b723a379dd6b3acf82f8afb1f
SHA256 2c4cf75b76203cba6378693668c8c00b564871c8bfd7fbda01e1e841477b2a3b
SHA512 80bee8f1ad5bfaba6b3ac5a39302a1427dbaa5919d76c89b279dc753170ec443924eadf454746ce331a6682ee729ab79bd390a5d3b55db8d08fd6f4869101f53

C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\JUN2010_d3dcsx_43_x64.inf

MD5 e1f150f570b3fc5208f3020c815474c8
SHA1 7c75fc0cf3e3c4fd5045a94b624171d4e0d3b25c
SHA256 5289b5ad22146d7cc0c35cdb2c9662742693550de8f013d1ec40e944288d155a
SHA512 a53618ed6ebcd50ef074b320eb3ebd38af4770a82caa808e47cba6a81982ced46cf954a1c5a383f171006e727d8211b4fce54c9faf27b4c14a770a45a09037b8

C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\JUN2010_D3DCompiler_43_x64.inf

MD5 6494a3b568760c8248b42d2b6e4df657
SHA1 700f27ee4c74e9b9914f80b067079e09ec7c6a7f
SHA256 3e779533a273e3395109c7efac13ba1c804c01b3ddb16938406fbdf90d851216
SHA512 2bf68b123d7823ad7182e132d9e55f8de7580229e8e1b3b40030da50bb9bdeaf67bb9727ce2171fa83b7f804c24d9728ffabb44cb5017b16b771bb19e62b1b42

C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\JUN2010_XAudio_x86.inf

MD5 31d8732ac2f0a5c053b279adc025619f
SHA1 c8d6d2e88b13581b6638002e6f7f0c3a165fff3c
SHA256 d786d06a709d5dc26067132b9735fc317763fcf8064442d6f77f65012ba179da
SHA512 abc37922307f081a1ffdc956ce59598c19ad1939ecfb6ea3280aa6aa7a99c3eba5462731586ca262f7d7257d7d2a74ff57a45abf6b93521eb6f1c9f22f8eb244

C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\JUN2010_XAudio_x64.inf

MD5 dd987135dcbe7f21c973077787b1f4f8
SHA1 ed8c2426c46c4516e37b5f9aac30549916360f7e
SHA256 1a0f1b929724f8b71d5ce922f19b9d539d2d804c89af947d5927b049ef0fd3d8
SHA512 f0469c94219b4df99d7b9b693161a736fa8eec88a3f6c7f2cf92fab2ade048dfe61fcde3a4cf4f7a2aaf841d079a46b17259dea22cfb02831983f55bd7f61899

C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\xinput1_3_x86.inf

MD5 e16c94edc4b577b7abe7b06e31376884
SHA1 e86cf530fe00c0fa2a107684a198b37e97b9ce76
SHA256 ba212aa1514df6509474a46c7b2fa07c210d249b524bf7d47d058461009a75c1
SHA512 5405f6936e05e1260a3778d86d76145d2853a345afa156ba6e0a7cf4bc9267cd4cbb5cd32878adda3c6130721218fb899fc896bf823cd63c32c7086b18cfe9db

C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\X3DAudio1_7.dll

MD5 c811e70c8804cfff719038250a43b464
SHA1 ec48da45888ccea388da1425d5322f5ee9285282
SHA256 288c701bdedf1d45c63dd0b7d424a752f8819f90feb5088c582f76bc98970ba3
SHA512 09f2f4d412485ef69aceacc90637c90fad25874f534433811c5ed88225285559db1d981a3ab7bc3a20336e96fb43b4801b4b48a3668c64c21436ee3ea3c32f45

C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\d3dx9_43.dll

MD5 86e39e9161c3d930d93822f1563c280d
SHA1 f5944df4142983714a6d9955e6e393d9876c1e11
SHA256 0b28546be22c71834501f7d7185ede5d79742457331c7ee09efc14490dd64f5f
SHA512 0a3e311c4fd5c2194a8807469e47156af35502e10aeb8a3f64a01ff802cd8669c7e668cc87b593b182fd830a126d002b5d5d7b6c77991158bffdb0b5b997f6b3

C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\d3dx10_43_x86.inf

MD5 24338a297e69e534524a71cd5ad543c3
SHA1 69870c91e59b0eacc4e88bd2d4f95e7561f630fe
SHA256 ed1429a15b15a28f2e6a92da669a205594d09625cbfcdbf0159516a813a6f5d4
SHA512 8bb4ae9c72909c6b8beb6ca675c007317903869ba56f549d9c2ff48a1fb50923b98b6f748e99bfd56b4b068e14c8773e9bf4dcdf5eb6ccb8b0edd6a0b16decc0

C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\d3dx11_43_x86.inf

MD5 5f043e62b5cc2f3d578e8f58aaa09fba
SHA1 2e3f0422e88d6dbeaf8211d7dce7b38d3048c433
SHA256 025cfd736326445f5d98d8dfc8584189f8eebb2d5f3e3cd25a6f386bc2496958
SHA512 d1af12375e5169525464dd17dec6f6ec437b6a35db6c425d508fa694b506f302b8a72e3f2222467e2cd98346f017a83b5149b80fc8c06b06320ec9e265280680

C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\infinst.exe

MD5 a7ba8b723b327985ded1152113970819
SHA1 50be557a29f3d2d7300b71ab0ed4831669edd848
SHA256 8c62fe8466d9a24a0f1924de37b05d672a826454804086cddc7ed87c020e67ff
SHA512 60702f08fb621bf256b1032e572a842a141cf4219b22f98b27cb1da058b19b44cc37fb8386019463a7469961ca71f48a3347aaf1c74c3636e38d2aea3bca9967

C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\d3dcsx_43_x86.inf

MD5 ddbfc2923df1263bd87ac1bdba534d4a
SHA1 ff329698074965493128e627f770b9b3e444f813
SHA256 48ec353b9c9fbf9ec8692c5d6462c7e4fdb726e7a0b0abd734f33f9e5f0ace56
SHA512 f10220c3f33cf1da56c4ff580da322923b5cdac25bd1c8d0b4f8f0bf456397a4dd32a21e7b731306ed5e01a2b832acec7044d7337911e7f4649cdb6f6d37f603

C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\D3DCompiler_43_x86.inf

MD5 90785e792edcfa7d43de9df2d1ac884d
SHA1 ea5d8bbbf131343dd0ddb2073dcbb7634e6bcecc
SHA256 8f68ccdd8ce1acfaa5c4afac6b2e96e23b7b532fbcbe9375709326083a134e85
SHA512 a2d15df6148b811ad5658d9692a737924a3ce3ae1007cd86b6ad994922d95d839258dd18d785425609970efa8a39ca79fa61512f7908891cf51cd0eeb6ad2b15

C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\XAPOFX1_5.dll

MD5 8a4cebf34370d689e198e6673c1f2c40
SHA1 b7e3d60f62d8655a68e2faf26c0c04394c214f20
SHA256 becfdcd6b16523573cb52df87aa7d993f1b345ba903d0618c3b36535c3800197
SHA512 d612e2d8a164408ab2d6b962f1b6d3531aed8a0b1aba73291fa5155a6022d078b353512fb3f6fff97ee369918b1802a6103b31316b03db4fa3010b1bf31f35fb

C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\XAudio2_7.dll

MD5 81dfddfb401d663ba7e6ad1c80364216
SHA1 c32d682767df128cd8e819cb5571ed89ab734961
SHA256 d1690b602cb317f7f1e1e13e3fc5819ad8b5b38a92d812078afb1b408ccc4b69
SHA512 7267db764f23ad67e9f171cf07ff919c70681f3bf365331ae29d979164392c6bc6723441b04b98ab99c7724274b270557e75b814fb12c421188fb164b8ca837c

C:\Users\Admin\AppData\Local\Temp\DX6DD9.tmp\dxdllreg_x86.inf

MD5 8272579b6d88f2ee435aeea19ec7603d
SHA1 6d141721b4b3a50612b4068670d9d10c1a08b4ac
SHA256 54e098294ef0ad3b14b9c77642838b5992fe4573099d8397a1ef566d9e36da40
SHA512 9f1311803db1607e079b037f49d8643daa43b59ce6eafb173b18d5a40239a5515091c92b244ffe9cfef2da20530fb15deb6cf5937633b434c3262e765d5a3b21

C:\Windows\Installer\MSI95D0.tmp-\CustomAction.config

MD5 4933c1e1be5973187e991ea2ed9e6451
SHA1 b16b52ba34a835b5bb8665f502e7e37985b6776e
SHA256 dc44fb3a0ce9cb88926b2d91ec3cc5a5c5d694b02415c4b2459090f08f08ed58
SHA512 766ed216354a9d0f681607577e586e89dc82729ced58c328676771178ba547cd87878a1f5955cd46b197672753bc693d08246a7a11ceb8a7f255e1321403e805

C:\Windows\Installer\MSI95D0.tmp-\CustomActionManaged.dll

MD5 f87acc4dfc3feab027293cdc5fb331ec
SHA1 bb5299394e9dd386364dfc22875e4fc626d4ea39
SHA256 99b45bdb35aae9fbf847f580135c6a5b1939595ee6783597ed25387a1bd911e1
SHA512 85dc67f8ebbcfec9f6eae30eb3ec0ee5fd7657e40722182d489c60e5bada93af59ef4afdfcfc29bcdb1afb7138a88ef92911f7ef4e3adc1bc93b41eea6e4cbca

C:\Windows\Installer\MSI95D0.tmp-\Microsoft.Deployment.WindowsInstaller.dll

MD5 67d94c27e58f90670d807a9b5c54a3c6
SHA1 84748405943ac408b70fe2ba3f5e945073d1c25f
SHA256 10ebe6a0312b109a25ec7ee49e67259c3a978954ef2c3f17d9a22bc5ced39037
SHA512 ffa43a10a24d637318d3d1c6ebb365d7d07f5f984314246a36526af6aa3a53343aa37651316b73df074bed4a38d1d9907059867f0607269bc6bc8228ff5652b2

C:\Windows\Installer\MSI99B9.tmp

MD5 12502716985071cb3bdeeffb6e7cf851
SHA1 6806b6917cc8b1fc3ca1822104e5d8750fab196a
SHA256 86d2b04b4fa6e2f6757ea98f0c4564abd919a690d3bc4ae83822f31fad6994c2
SHA512 f4228b0f1e81ef23308eb0d32ff2ce98c6fa770386b17f89b9c69f819a97d50577eddf29e96c36e517e60bedaf55fbd300308936d4ced5a7b3c9bb45d4565cdb

C:\Config.Msi\e62ab88.rbs

MD5 78ff386db5be044cb1146329cf9994cc
SHA1 f89f5b9213b8794f13e10985e28a0408ef981d9d
SHA256 36cf6bd3891e417d86224debaa155237c6304677738bc737c61880706e727762
SHA512 b4800a320852a94c567e547a775d7a2441d5d7584a61902f2d1ad7388d0491c4df77a8ad1c87e1c50819f38f96a5ffc22759b2700cbc1fd7c067ca9dbde1e167

C:\Users\Admin\AppData\Local\EpicGamesLauncher\Saved\Config\Windows\Lightmass.ini

MD5 81051bcc2cf1bedf378224b0a93e2877
SHA1 ba8ab5a0280b953aa97435ff8946cbcbb2755a27
SHA256 7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6
SHA512 1b302a2f1e624a5fb5ad94ddc4e5f8bfd74d26fa37512d0e5face303d8c40eee0d0ffa3649f5da43f439914d128166cb6c4774a7caa3b174d7535451eb697b5d

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\0102_Holiday_Sale_Last_Chance.png

MD5 34fdd18a4c336b10f3eac97b86fc903d
SHA1 3a8804295d3c8f990c8dbab0e650a8375e75dfcc
SHA256 1aa4f506e03287dd11a6feafec6f2e5439da789ea39447e86d22e86858fb860f
SHA512 c4a794b92cdcd35a6867c9c107a7b9057de400c0d918a01cf065f24afd6e142a54c33b8b39dca596bcd16c04b485a580489377b8782d0ef5babeef3869dca7ef

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\0203_Deliver_Us_Mars.png

MD5 86fabbcc9d59607804cf0005383adf11
SHA1 fa6b9980fe70df0f48575e494d95ac4ba04fdf36
SHA256 c552b14a554c4c33890f97ef69b2ef68be5f251d5d28eb301ec12910e224c6db
SHA512 eb076c4482b80a7686531fcb2943431b86a64c613e5aef7b3541aa39727bcd6eae6b57f3b076bfdd3e3d1684cf3f0d4e6ad08823c28f622c908f8e95f7dd82d8

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\0123_Shoulders_of_Giants.png

MD5 a281a124bd04a7789f5e3bf924e1ea05
SHA1 37b105ab6f49fbb2a6ea3f41d8fbc8e3bc5c2d43
SHA256 a76445901e4eccca3e7b63e5df54e6011d83a2403b73800f9a864adfeab619c9
SHA512 71ba939e318610b10433438763cafbcd9a775d01595766dbf6966a3e0bbcf8ee43f5efff13fb387d8fa706cbf2947ee3e38f919f8ccfd6a2052c8d74cb9e64fa

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\0317_Crime_Boss_Rockay_City.png

MD5 66d2c270b53776acb49aab081e692a81
SHA1 ab09b13dab75894f5e52c0b96a65d4db448df688
SHA256 b190cd7033cf62ffbdd422aacc50a0d7cc12ff8b0b09f6e44df0faa4072a24b8
SHA512 a897dec337cab8b763ec8b1bfd8a276e6471f401c01653f0352e535fdbb242509cb4ca3156b88748c5601a1fcbd10dc7a733323524a221ac4a1a26a4848da586

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\0410_StarWarsOutlaws.png

MD5 d12c0ff065cf1f2633820f7413d7f196
SHA1 fbe599740d6f65681fb4a2367b52226be434f633
SHA256 d795430db5c78710e4dcc78b0daefa2f797d1b3c1b10df4534f9f3a99bbfc841
SHA512 2b6cd50d9d313e5431439d8b978c7292596b8a6bf9f86a328dd3f9f1032bbb097d705255ff727ca70ba7c72ed14c5f246ec5c6711ff911c01b7f569d2211db19

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\Approval.png

MD5 df5a9bfbc53618b781967b12c00704b6
SHA1 61d8b32b85ed263b3ad151129a0d897dbdc8d887
SHA256 133e98edd19936810a6d0b3d2a2f3eabf47c88b927248bad3bed4873904eea76
SHA512 0f7b48f043c88513d95293bc28b1e5321022cd63a52fe18970d7dc31043ac4147306594f4d3cc971847200952441876b49d72bb2aa43c07253f535e59a2bb17a

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\AlertMessagesV2.json

MD5 723bd9100d9f681c5bdd747145818751
SHA1 2182006ae0d8c7255a47588b8692d438e5acb060
SHA256 a29de93ef82a6a00541d20d5638d4c1c480b657dce8c9d77bf965f481a9222a7
SHA512 21217ea6e40cadf0ef188fd525897e0cc50732f7c30cbb93f10e7459805f26b8bfbdd48e27867500fa160f4af5713dd5a8b2cc8190fab7d491a21efe6c727f15

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\1122_EGS_TST_Black_Friday_Sale.png

MD5 f851bde560ce59dfaff903e3ae3d28c3
SHA1 680e018caa0fb30e2cc160bfd8a23c9183dd0880
SHA256 1dd6e854ee4e9dcb6a7888fe0f2dd1d84cd0a01308aedbe9602fbb1fa1074a56
SHA512 4384a893019e134c59e670313cd396c17351d214e8f70391daa8bfeb71fa85009fef86dbaff35127805c808570311af3ebb62f8870966425ebd8c4c10b76c14f

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\1117_EGS_TST_Goat_Simulator.png

MD5 35fc3385fcd882bade6d2101c25bd96d
SHA1 4c5c7d5eb6d76d71d3ec080b831073997b387957
SHA256 6bded8ecd1ce4a80dbd5adf89e0a026fe0ca69bb246039d51c797cc9df0f97b9
SHA512 0724e13c51d1f0c472fb523e5d365823a9643acdc3de7977ff7a7ddb041d9574ae4997e0b67129b8f88d84e478f0941203cc637d6fe02ec6e79ecaa390b07ae8

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\1112_EGS_TST_Free_Game.png

MD5 9bac5cebf343bcc39a3b80dfc242b214
SHA1 ed3032acb1ee72a7c4bd57622186b003e13b9eac
SHA256 30cd7af7a57f5c996e09151acbf22c68fdb35b7220f32e531e431ac175985c40
SHA512 511f8f88679f0bd88a698473243638ebbd4555094e118d9475a3b0ffe37a791c291adc224c887f72371197d7b87173ef222a67bf4229941b624313d0436c129f

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\facebook_icon.png

MD5 801e70f54247cb7cebc6447a56854eb4
SHA1 0f2c6cd60ae6823fb8f8cc8b19aa8f1bd2980e4b
SHA256 db219f96dedb99e7231a23909f6c5ffd1e628b12465632a8fe607779d709a381
SHA512 9dcf0f1ee13bf9635e4f2d5ff0322428573e5120359ea78c216578fc7692edf4cb2c7f9c6a6935ff8ba105c671719e2d307fb199062a400fe782a100db99d521

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\twitter_icon.png

MD5 dccff78c024690a8904c6f0e54a4a41b
SHA1 01998e682f828c476642c9f62a2751c930c4cbf8
SHA256 cfb6ba34ca60cbd3d7f2473906b4d7f72e430492fb765920ee8ee0a6b2993140
SHA512 b5dda0e9bedcb258098dcab7b53c6189741a5b3c381c6a405778baa66510c455f10286fbc799e2c92d75a812263498a5196372063f47113a4f38746ee5d56fdb

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\Twitch_icon.png

MD5 75c8d1db90ead8cddf60ee76a32d98ec
SHA1 94a458181a1deab1d75d59d091815d34f682cb4a
SHA256 9e55ed39e43845fd95bcc9d36b23ff8c9e0a2b800b92986d835749a426793b57
SHA512 25d8746b2e24e753eb767e1a07e564e9d0cfedc1f390c1a2907f66c41aa4a6da6aadc08e8b70946003f7e15166eefe03896932ef48f21b495ca67c861d4d04ca

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\Reddit_icon.png

MD5 d3f881d4423f9952623475eadcbc9054
SHA1 a7f5dc5f2dd837aff9892bf98c3573b7d1f7c4eb
SHA256 fedc3c6497edb58cad2089092da9eba5a31334786cd1ca0886b9064108480919
SHA512 ffc308699d8bf2762f0d66f62e9d6d8c4ee20c6bb63874fefdb52f264729a575a94a7eed5faf4c3fbb3902605bced5d054241f09d965c04fbe690d14073b8e99

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\navers_icon.png

MD5 93d75a74ced71edb6aa431b8e58cc79f
SHA1 e3747e07b3662524e1c293052c3ddece335b7b6b
SHA256 190af957b191111439b9d3ce776ff0ac3df57e2a60aa8938225f6a6dacd15cbe
SHA512 4e7610611693eb400d4839b1e2a81c69cf97ad8258f63968f552b8a9b175d0c3f73d7ff28eff170eba53d143d2b4512c9eaf146dc18d46f1b3be01c3c95f3054

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\Instagram_icon.png

MD5 df7851c8868e92658f856b17cf04fffd
SHA1 88019e359d842ab404453f1b34d7b628f3ceac60
SHA256 41931cfd1edb2ba43a7ae4724fd3557bfb36fa58b3cf671ff4a72996892839d1
SHA512 776a332c151f0abbf128717855b6419f9f5a2d1bc6fde186271598bc4e2b94ddf0cb81c01fb6cb5d7a6f4a64f758f768062fd129637a2d34061a1223a76d8a56

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\1103_EGS_TST_Free_Game.png

MD5 fba6ee8f1abc1291a9dbaef0de743409
SHA1 dbb4597d1ab36969ee85caaddb92ef1280ec123d
SHA256 9a21e654767f534fcab4679db2749289b8654d6b8eaace4f940016a74febb334
SHA512 be5ed7545fc3e299a06df62248754c8e9f15b8483b8732b4a3efabd4c646a734f5d7a709a163496ca4abec38c48084a3a62cbb5f9de31d7f5f1217f1fe39592b

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\0926_Assassin's_Creed.png

MD5 a9b684180c9e89c6c3b821d1ce3fef08
SHA1 7c24ddc4556d08c993079862ab2e826a51bed513
SHA256 f288907301d0e8c74f015bffc3c31c3137bb81da4f6d3ee0fc9e5b5d6636e8c5
SHA512 6f64b34b64393c438059d9490f1317f9468269959c5edd6de577fbf0b3ed5a5ff92a6915bd9dd7ce3fad258e3c74fd34a16047c2e62a1c914739de1d49ecd0fc

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\0913_FC_25.png

MD5 08ef51f3c2824d389318335c16dd7321
SHA1 977dd24d4e0f0010186f0212cedb1114d11e130c
SHA256 a622d53783c2de4484d029e99ebaa3297e05045cd7e66cff09157c55a37869cd
SHA512 3d79323a4f7ad19a47e997c2c0ad112e335e3581b097caf3df8297d85523514ae28e5ce0b2d66a5931aa6acbdf09ca039c46da63466325a04ec1afa33318a80f

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\0629_Hogwarts_Legacy.png

MD5 bb23095a7e9570ebc890463c2e0e5d05
SHA1 413e48896640a7cce4b869d31ddf592dcc7d69a7
SHA256 1e90ded54ef3592fb4b651271375154b99ee3562fdf71b41d87d704aa0e60f82
SHA512 d22725ccab3d6fd6a54e63d527443d74d7e0b0d1662a5301e808955c28a02b2560670016b13c9beaa3e89d13639aa81fa5853f4b9d785cb920ef97839054b13c

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\ui_LearnMediumEssentialsGridV2.layout

MD5 3d5c62d14bd7531aaa50b85c249591de
SHA1 8bb76c262fd4fa05853a9bd8c3cfd4cd2f9dbe4b
SHA256 6d8fbbd01331691641ef2e7f8f78f919f81cd49f6d3cfb2d77de19a33c6f176d
SHA512 374ef41e0251d88c8ee11291459e79a8bc905e4d8460c8e35455d5bc5dab147c7ad740ded37d868ecd961d7a750752467a2544f65ce99f6f4be6d86910641f4b

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\ui_LearnSmallEssentialsGrid.layout

MD5 4151c4badcd53283d38100514b7e15de
SHA1 683ee42e364efa4d56b4751031507af7bd201635
SHA256 29b0e8e0d9337a27bef559c3af38bc2ec4e2a8b330b341b628194846bbac6bb6
SHA512 88b3221c9eb5fb9e848a3f79f3c75533e1ec46e6ea6d7758c49823dcc0b873e9e2c4a9ae7d16d24a304a7dd9e1cce27f77b5b65eba256b04c1c443489308eefe

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\ui_LearnFeaturedGridV2.layout

MD5 f6f780d64f4c3937dac580e8d8e0a49d
SHA1 80b159961d3af4a2bd7c00ff0c9f1040ac8b6c2a
SHA256 65e987469fd869e7ebd1a46caa15c23403170d742d100e72944edf5ef0cc2a53
SHA512 1a30d4960824f50a77322800ead5903114dd05df032dc290b191e1ac75330be82935030fdf205703dadf06f995ccaddf955d59eebf83955f4fb89ade3f25e067

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\ui_LearnEssentialsGrid.layout

MD5 f316a7d4803c9917964b709b75e239d2
SHA1 b9feeb7e9268eadcec8e0a73f0f09e879119c6d3
SHA256 e08101088fa1f09197a186d15d98d3ac36ff6feb6bd7477fba170343bd3da167
SHA512 db54d5689c9455a43a86975c6b9b1ec91b3e67302932a9c3d0e4104e5ca92a0c9677feb75e0b63ec9d72bf9ecd0ac93bc15bbc7f4ce0728abae135245c0ab268

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\ui_LandingPageV5.layout

MD5 5ccc62c728c556f74dd3af7fabf632ff
SHA1 c83b64bcea8b5ff69fb405cc37c57a6a120ec3b4
SHA256 1eda55ff3bd38a7a4c2b29708b7e8a71b4107ea00446769cd0af239a0f7423e0
SHA512 b1c0da099402ef91033ada18d9d518b1fbdd640d123a4877fb104873c504d041dda029b81bfbcab5544d8d297d16efb0305cdfb7ad1b6d9b68e482b74f3d541c

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\0220_The_Settlers.png

MD5 8fec250881e6d7180759f80cee76e97a
SHA1 6019474b423313e8a1224b97b325992f5ab71170
SHA256 775acbba9f08f3118f75fd43ef37cc62590503363e31605a012377eb9c55b883
SHA512 e83fc2cd5afa1d568829eef9c8b03f340953dac2174b53f003b891cc22876d90baadf8147486b53045130a222d9a64329b36465615b827f6db744df39422385b

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\ui_Twinmotion2020_1.layout

MD5 fc2e7e9ea5bda5d38fbd1bb2e1bbbef6
SHA1 eba1e0391bef1eae4cc117e8f0a17a671f16b92b
SHA256 12a20c135cbd929362ba340455e3a9f4eca2e4e4cb9248e4657642b70babad20
SHA512 d87b9b01705236e7c710208cdbc1b187d170d1e97948152bbbe0bffb4e2bc5045241b4693088380982eb123c94675ced8be6e767310bc047576696acf323c552

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\ui_Twinmotion2022_1.layout

MD5 88ff653add69503e5583b6da1ba5c340
SHA1 708832623a5bd0944cbc764ba19fe94332102857
SHA256 d9420f784673b1ccc52c7a3c9a19d841a67d1e2c6c9c53f8ccde702a7e638e4c
SHA512 c039ba6aedd847325cb131fa8e95329aa61baeef3c5b9426a440cfd56e2b7f53e082dd9321240d8ac2a10d3eda754665ff1438ba5f4cc141823dd8ea52d34d21

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\ui_Twinmotion2022_2.layout

MD5 cc873603069bada41cdcf8629d579815
SHA1 9a5a206056e7458af5c01302578ac0d533e38090
SHA256 04a85a8b65f0ce446f697095538be0fa5d5c1ba478bbd54c7dddd235290dcc52
SHA512 cf2c6bcb13d6a2b6502f8f5f263884085a5c21f405ada4912bd1e2e1018275eb8bf51146014c999d5533406d25be9b99a8f7bcfe2cca32d73d3d4f3cb1cd20d5

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\ui_UEV2.layout

MD5 a4218991ffb806c4af8c75cab89626db
SHA1 10051d3a03baa51c9232ccaf7cda8c4b60ca94b2
SHA256 d67227d5ae560c20fe01bcea1781f4805ea9bbb728f940e8c530a92b05d34f22
SHA512 099df52a6b27c2b068bf42bb702e6e6dcafa34897fe9267a28e550acbbd80e18c12637e8f6e2dda5eae2aa4f2c13db83137b5d66d0b939dc697e70cad49ffa48

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\ui_UE_LibraryLoadError.layout

MD5 c59d02869f75d91ff3176ff8dd60c0bd
SHA1 bb4e4f63063e3d4adb570a360b9f8a450b921578
SHA256 7eba0587228f3673e695b3ee35f2299bdcd5108ca0a5e6cbfee19e2ce604ee18
SHA512 65f26d55a505dd7b51ed7f1ea8394d11b5da087cd53ca69cd2093f490924292754961308c23b79e7c49a07b8d443683a71c28f7f15c8a7414e64c2df12abe50d

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\ui_Twinmotion2023_2.layout

MD5 172fd9ba942c6ae33b4eb6d5b29306a6
SHA1 1cafdae58bb0a9f9f27cc278a3112a07a6ceb893
SHA256 a636d1ad21b20c6d7726c7ab688bbb508b79961845b9cab0d62e9b40118dc29b
SHA512 6d7db90c8ce2f818b338b3c35e78019a823f075d1fbe7d72c8d7aef102b43fb432682028112ee86d8c74245a926ba28dfa1badd9b350b2e48d1878e4e9191a50

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\ui_Twinmotion2023_1.layout

MD5 79ffeec75d0c83b074ff2d29ac4c04fe
SHA1 b027939f3a63ba005f9b6dbf147db4cdf593eb81
SHA256 e5f31b9ef9c93a8232de1273d1131e4c39639538d196b5e001a231d6ee2300a2
SHA512 e779245d244769e37dfe230eaaf0a21a9e1a4723840caf67caa88fa638411354f3808b41aff245057ae156a62609fe4422cead16ce879bed8a6d3dfd0749f5e8

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\youku_icon.png

MD5 7a3ec71244910fe36a32b01a5335efcf
SHA1 a7ef5f03590d42ebc6e5adb40b29b2c50dc31ed1
SHA256 64f8f6f8124f4950a0c13766f67673e8f3ea4832ff875bd36dd8cf80d8054bd0
SHA512 76d066ca878dc02baa99b6ae1e350bd048532320402aced3cf3dd509a22a387f42858ce0cd86e16f409481dce667c4afbb20d5342dae30f13866de34e42781b8

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\weibo_icon.png

MD5 6567d7bb741ce2cdef0ae9cb5ed56382
SHA1 7b70710c610f89afa4b427bb6d1eb7a69cc5100b
SHA256 5479c052c84d98b150199b9a3db31af93b26ab97c65de1f94cb765eb33c86fce
SHA512 6015250d56bf3b21578b421fe2d744e37643891aa3324789cf242526dcd73393b50e014d709f5235cd29414e88db3148ee10b98841f557b22cf91776a2296d5a

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\YouTube_icon.png

MD5 bdab83f1e851b83285eebff218c70205
SHA1 96337a82387252854aab22744519b16769b95b7d
SHA256 38e1ed3cc93eeda7ce0bd69c333f8519388ee643de63cc96b1e701010004fb41
SHA512 d419272c030a95f10987533de368ae17956f4a8e2d795e862ac9e321bc1b9489f428fa2cf7e1f971ef4d0151904d34236a5c24459923c44c5d8d0f1c71f8501a

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\NamedLinksV2.json

MD5 fed029f8efa57e2e92ea407a89b0ed3c
SHA1 da8a75adeea07c6476a8f9816c9d546c4fd6660a
SHA256 a429e0fae336842375725218402194a73ca725ec7ff596e9f3e3bc9343c98adf
SHA512 a6cccba5c19716dfbd8638104ebac5baeb6d1de223c7aeca84206425aa1c922a034c8afdca6eb5253d4d53fe571e684df805673fc50f96992f4a825285dfd6cc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 1488cf7f43831ee577f6df9bfbed02a4
SHA1 d6ab53fe4516177d9951d58f25dc929a9efd4eea
SHA256 a08faf301cb13b9360a6337b2d44881b76d3eebf0aa433103af0e902c7b3688d
SHA512 b8a0ebc77a80384216554bbd33c4bf63a3851dd04bf2155d058a6a1f3e945971e92e78239af2392c6d722cdf36adc963dd6053d3f849bd03f8f6bf1cf18d5404

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7d89ebcbaa555685ef84e161a4ffdf42
SHA1 c8235d3156fa02bd1bff1cda02727eec15539747
SHA256 5115288f627c10572f63945069923337f3dda50f4976fce2a14581a75c3b01b8
SHA512 a6c3f1183a4b105940d5cc8a411d3c0fe8bf0b383b2a42091f5749be7cebc0f1d82ea388ea140c17217ac52ff5b48f748b0ba57306c7815b7b9093d88c43fc8a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 abc77f7a36e26e8ccab20294b706bfbe
SHA1 41f446b525a7abc816b9f3b986b270585c836f65
SHA256 7c21db00c756a204b1f778304050e403be7d137be0be1d075b93f632cb91cdea
SHA512 c7b03779e08753c8a5420d03c011b981bdaf20d23fe756ad7b827416cfa878f8c13a4d8a2156b502ab49ac4e3cc0d59c5f3117f83432666174dbf29e1469c0d3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 67507dfa970f6c2028b18a6e0a849b23
SHA1 05de25e51b148def7c62c1b7cd7a5d560d805da1
SHA256 ac8272bcd9560edd8f61ee1402e91c1f779e2b3a22e6b88b3623adb0e31c8a73
SHA512 06c5062c206d74f22b8969245e464234076cadee04b327795bb6d26f401e967b5c1ea7d5111ec680fcf3615565dc56049e06441f75463244651ca3313baf8b1e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\df07bef4-71d1-48c4-85b9-a9bf386202a5.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 94860ce8beb93aae9c67003bb8e3fd8f
SHA1 d9e9d5d425234d2155bfa4a4a774d56ad972eac6
SHA256 cd4d2e93d5933fc4106e92d26c64c6078d7643de114b044d570d62af56805627
SHA512 e6bcc4bb87a9d4b64690b6802af082802f59eccb499c6b31b48ed7c4754a3450f98a7df895b5dc8d7ff476b08352cb3b800377a6053fe3e3246961ee46df9923

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c02512f0fa18ee8273e28ff895d5b09c
SHA1 3a192ed065a37e87c6d1c525acdc2967933c7a8d
SHA256 ac9a32315cc6fb2e271c782b4af773a34bc51d3ca70a40b6e68c125a5c45a452
SHA512 6caa9483aeef44282ea2c51f2b317808a1e3f219624e043a820d00c9a3df5765981214332b7ebad63edf119d73eda9d4359b34a75c7dee7b82132bcf65d2661e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 390cbfd171016222a9e81aef065d1d9a
SHA1 fa50267c07df152b928436dc1ee30a75d3b8a1dc
SHA256 4875a2b1fef4dc73b5670cf475401dd61ed4c7136c3e9ab2c7a0d15b7d209018
SHA512 18ae12723e9d7c3cf1086b1fcce9616c85b4197e3562ddc55a7256f379c1a5e0f7c08b1b68e2c9c775aeea4c841a410cb03b005615cfc09d4d3808111d631bbf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4db26b600cacd940740444094650d785
SHA1 b7f8a7ae71ec8fb6da23b84dd363b4a9331e610d
SHA256 4caff6a45f69a0ac4d88576be175daf6cc6538a0771a790a500c89a021d0bdd9
SHA512 dbafefb7f87665305008e9e337d2342d2f1038344b362a7d51813fb2065addedef16707fddd1d687f9f27b3bf4ca7d5916f4ac6507e97b07061c3eb9dfe0fa70

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 df49c326087cc9dd00c1d450df90e6ae
SHA1 96bb8219e82bad585122a576ad69a19ea6433f1e
SHA256 18d3b24ea4d371c75171360fb6a1fa9276d0ba8f0c7895be1e8aa43d0da96301
SHA512 06c1da8776a997c45cd9dd0d6d10b8848f29a885a352c7f3f964963db98006cc97ae78d8b23c42bd1506bb447001c9ee01e664799aa80758bc621307867bdd75

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 31a8bb84d5a3b608013e0cd684999547
SHA1 b3569f4268f61466f277127ab43a9876213aed99
SHA256 42a6a91e3e6727d170179558683efc45b41eaed62c1c39e14e058ce316202a6d
SHA512 c41f1871f88eefd1242ff215344db41cfaa4da4073a0337a979be23b1dc4947c31c4b6e20e97057299143cfb7ebe0fb04dc914716e7de886edd5c54b15faca5b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2313ae8053fa3d6b9d4be4a6a3e8b554
SHA1 5aa8195e2c94e3e2360654bc1c976fef4d0b7727
SHA256 3f9e7f88fd9cbe37f939c5c52e9ce89258c1183057b3ba5d4da4249282207ff8
SHA512 09111d53d4de8d241313940da49eeceedf0047ed7c8afeed10ddb2b9c1e1277fa3cfcd410336395667b6cc609011963a75e449b35d80d1da23dbfcda4bb9a5b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 567d505b18233c48dc254d2228efb151
SHA1 4b6dbf43aaeb3df5fabd02ff8babb34c37dbd8e4
SHA256 51a083827667f1048c3597c1f673da1a0013d3ff9796071f5a00ebca97a6b870
SHA512 a4fe8cad0c2e26f88ab389d16061592c56ef325244406db1f3d7f6fd599af4f7c40afb72a63ad7cbf9951ea2be8cc2475c37f71ea3a4436f9b869b437646ef83

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4e00337cf911227b5bd9e5a6d7d89c55
SHA1 962a9d0eb36879b1122fec1cf6216e3c9d5a2b03
SHA256 df3f6c124301410ebda5db5d629ddcc3eb371a306176d9e514edbfec0a3489e6
SHA512 a6f92f04d5e085e6f949cbb01ebe017c32b7795ce1b3a70009687eeb283be085c7205d07df19189e909c78329193a6aae2fa66022fcd2b1c27f3a3f3a70a3468

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\af5d46cf-20b5-46dd-a8f8-3d585ecb3296.tmp

MD5 1a96bb4988433700c11eecba009758d9
SHA1 1145ea77ff1518c2fda934c82062cde0119f1915
SHA256 4289b572d046f36f458a079b689027d37c9ae484e33d4874629b8aaf0a7985a5
SHA512 950bb6dd51fffddf773fdc8750f38ee67a87026c76cab5b4417c580fec83dc5d40807831bdb52a3335e3ddab53cf10eb2d95e8ee49b61e35c110ef45b020b35f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 456553185c7567b22422c1062d9899b0
SHA1 df1b41dee93c979a7557d85fbfd057c15e20b1a1
SHA256 12030d5ead3382160855385120c5e5069569f191947b98c5016c7dce2c78542a
SHA512 ef89b356297f7e7b54a084d2f6f5fc6b3b0fbd6c918aec2b722e57955ff08a3f09f851bc760c56359c9721cdcd9a1c0a671f9b8e002279ba113c4db18fc16ecc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4f6f952dc7cb07cb86cccfde37d2eea5
SHA1 784eb583b434c1a58858d47551be4daf882f16b4
SHA256 175413ee7d9d04bf5119abf9d6cf0f7184016f694e1baefff6fa59f32aa6540f
SHA512 118cdc0abe4085ff01d65687bd598d3ea9b85756361a46718c9d44260405e0364f2d4b9180d7420fed7281bff2a7485817021561f585548a3275e109a4eaeac6

C:\Users\Admin\Downloads\Unconfirmed 108211.crdownload

MD5 1b54b70beef8eb240db31718e8f7eb5d
SHA1 da5995070737ec655824c92622333c489eb6bce4
SHA256 7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb
SHA512 fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 dc52574abb7237326c5c750df5333927
SHA1 96e20ca799c0e5fd6a9a46e38c50526905534763
SHA256 8e2b7eb84ed8afd5987909ce8c2b6e617b2020216c67a7d472b5c606b93f3085
SHA512 94dc2089939a481a0c50fbeac0fb87a07168244c58e0eddd636f52d7f9b1dbae0648786b4886f941680d3a1212ee96ed65b5d695168cd9c95da146d693a6befa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0e6a8e024e5f204dd68f3783a2f1e359
SHA1 747053667c128f827bbf3ea05e77ae8764ca9be6
SHA256 6a3c4adf20938a2787c04e88e9090f5b6050ac5926079be3a58c580c880bcd99
SHA512 9f72749e33dcb854e42480fa1100c72308309c658cd8efc10a945715a7e81d5cdd3c9cac0e315b3041314e483b08db733733fb3bc97dd62c28d7237e354e4e3f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 834e2dfaffc3698624cabdc420d8dcdc
SHA1 45bab2ed2c14bb20ae9cbc6094deb1993dbda8c1
SHA256 b4eb02661a7f8bad3f9f2541bddbce443bb13da61af42a05fac3538de9fbf76a
SHA512 4cf7843f8a29dcf5d56eab2910a7cc52460a34cb09cc665ddf5f0a69758a54452a96b21011fab35324177a4333333051c3a2e1688194c1368216a1c4d146f5bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9fbcada6788907a7749c88f9ae5ddfa7
SHA1 ac7fd7d96e4c5da56084b72b917225e6f3db1f88
SHA256 4d20acb2ee1e4caff50c501083d22b0182e44a21ed56a40e7a41cfe84f734614
SHA512 ec14bd3c0e1bc5fde47a9f1675b7a5c31678c81d3d19cdd9fae307e92d7bedac97c928116d2958b4210c07a6b4f06d7b3706b2ce71d49895790022e206db58c1

C:\Users\Admin\AppData\Local\Temp\nsq6560.tmp\nsProcess.dll

MD5 08072dc900ca0626e8c079b2c5bcfcf3
SHA1 35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37
SHA256 bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8
SHA512 8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c

C:\Program Files (x86)\Steam\Steam.exe

MD5 33bcb1c8975a4063a134a72803e0ca16
SHA1 ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65
SHA256 12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1
SHA512 13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49

C:\Users\Admin\AppData\Local\Temp\nsq6560.tmp\nsExec.dll

MD5 2095af18c696968208315d4328a2b7fe
SHA1 b1b0e70c03724b2941e92c5098cc1fc0f2b51568
SHA256 3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226
SHA512 60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5

C:\Users\Admin\AppData\Local\Temp\nsq6560.tmp\nsDialogs.dll

MD5 4e5bc4458afa770636f2806ee0a1e999
SHA1 76dcc64af867526f776ab9225e7f4fe076487765
SHA256 91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0
SHA512 b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162

C:\Users\Admin\AppData\Local\Temp\nsq6560.tmp\modern-wizard.bmp

MD5 3614a4be6b610f1daf6c801574f161fe
SHA1 6edee98c0084a94caa1fe0124b4c19f42b4e7de6
SHA256 16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b
SHA512 06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7a79368d5ae9860e6a44c37605a8fa22
SHA1 d7d46cf5b9255566379e05d7e8d47ec2c42e3412
SHA256 d6c8ef270d491c1c81be49803a98cad388d2723c6ec93889bedd66270e46baf1
SHA512 f930e983835a25a186c477b89c0f6ce2be28b1f08931d598a36a55c9d9fc1fc4a18d869fe5c338da5143e28a535ea138bc5734e299b93431b02011413e03f75f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 0fc6647fbbcfd204d1983e8feec55068
SHA1 0c8a790e48ab0012d389299249d307d9b5f61cde
SHA256 a86c44a99a0eb5b0af03e41effe58684d9641752d3a1a9b8bdf396aabc6e6fef
SHA512 0ca53780c15ee13c98aa13859a564253e21d16a30bb65449e84dd48f22c0ef29af64046a2a90400bb6a19bb96ec806fcd641eaeaa3c59f09871daa2d30a56fcb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3ef42256a300b6fc2a6c57f94aee7c16
SHA1 1427e76d3ab2305805d499cf1c11d5e504494ac1
SHA256 cb466172be237459cc7c38d001dac6e5df68c0e62d4ad36c1f6f708152149f09
SHA512 88fd46e22e6d26b85a89b54c9a608bc52ca250535d050608cfceeda390ec40b8740cb49612862a51142121793a2cc8500a0d07bd1349532dd7b64c30fc392c21