hxxps://drive[.]google[.]com/drive/folders/1RjETQTIMLFXqxqcLXgfpGMw0tEViuLRb?usp=drive_link

Analysis

max time kernel
146s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
22-11-2024 01:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1RjETQTIMLFXqxqcLXgfpGMw0tEViuLRb?usp=drive_link

Score

7^/10

defense_evasion discovery

Malware Config

Signatures

Executes dropped EXE 5 IoCs

pid	Process
1372	PotatoGraphics(nonvidia).exe
1804	PotatoGraphics(nonvidia).exe
220	PotatoGraphics(nonvidia).exe
4356	PotatoGraphics(nonvidia).exe
4788	PotatoGraphics(nonvidia).exe

Loads dropped DLL 15 IoCs

pid	Process
1804	PotatoGraphics(nonvidia).exe
1372	PotatoGraphics(nonvidia).exe
1804	PotatoGraphics(nonvidia).exe
1804	PotatoGraphics(nonvidia).exe
1372	PotatoGraphics(nonvidia).exe
1372	PotatoGraphics(nonvidia).exe
220	PotatoGraphics(nonvidia).exe
4356	PotatoGraphics(nonvidia).exe
220	PotatoGraphics(nonvidia).exe
220	PotatoGraphics(nonvidia).exe
4356	PotatoGraphics(nonvidia).exe
4356	PotatoGraphics(nonvidia).exe
4788	PotatoGraphics(nonvidia).exe
4788	PotatoGraphics(nonvidia).exe
4788	PotatoGraphics(nonvidia).exe

Indicator Removal: File Deletion 1 TTPs
Adversaries may delete files left behind by the actions of their intrusion activity.
defense_evasion

File Deletion
T1070.004

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
7	drive.google.com
10	drive.google.com
120	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PotatoGraphics(nonvidia).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PotatoGraphics(nonvidia).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 495224.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4884	msedge.exe
4884	msedge.exe
1972	msedge.exe
1972	msedge.exe
844	identity_helper.exe
844	identity_helper.exe
1996	msedge.exe
1996	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	1804	PotatoGraphics(nonvidia).exe
Token: SeDebugPrivilege	1372	PotatoGraphics(nonvidia).exe
Token: SeDebugPrivilege	220	PotatoGraphics(nonvidia).exe
Token: SeDebugPrivilege	4356	PotatoGraphics(nonvidia).exe
Token: SeDebugPrivilege	4788	PotatoGraphics(nonvidia).exe

Suspicious use of FindShellTrayWindow 47 IoCs

pid	Process
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
4788	PotatoGraphics(nonvidia).exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1972 wrote to memory of 2792	1972	msedge.exe	82
PID 1972 wrote to memory of 2792	1972	msedge.exe	82
PID 1972 wrote to memory of 1848	1972	msedge.exe	83
PID 1972 wrote to memory of 1848	1972	msedge.exe	83
PID 1972 wrote to memory of 1848	1972	msedge.exe	83
PID 1972 wrote to memory of 1848	1972	msedge.exe	83
PID 1972 wrote to memory of 1848	1972	msedge.exe	83
PID 1972 wrote to memory of 1848	1972	msedge.exe	83
PID 1972 wrote to memory of 1848	1972	msedge.exe	83
PID 1972 wrote to memory of 1848	1972	msedge.exe	83
PID 1972 wrote to memory of 1848	1972	msedge.exe	83
PID 1972 wrote to memory of 1848	1972	msedge.exe	83
PID 1972 wrote to memory of 1848	1972	msedge.exe	83
PID 1972 wrote to memory of 1848	1972	msedge.exe	83
PID 1972 wrote to memory of 1848	1972	msedge.exe	83
PID 1972 wrote to memory of 1848	1972	msedge.exe	83
PID 1972 wrote to memory of 1848	1972	msedge.exe	83
PID 1972 wrote to memory of 1848	1972	msedge.exe	83
PID 1972 wrote to memory of 1848	1972	msedge.exe	83
PID 1972 wrote to memory of 1848	1972	msedge.exe	83
PID 1972 wrote to memory of 1848	1972	msedge.exe	83
PID 1972 wrote to memory of 1848	1972	msedge.exe	83
PID 1972 wrote to memory of 1848	1972	msedge.exe	83
PID 1972 wrote to memory of 1848	1972	msedge.exe	83
PID 1972 wrote to memory of 1848	1972	msedge.exe	83
PID 1972 wrote to memory of 1848	1972	msedge.exe	83
PID 1972 wrote to memory of 1848	1972	msedge.exe	83
PID 1972 wrote to memory of 1848	1972	msedge.exe	83
PID 1972 wrote to memory of 1848	1972	msedge.exe	83
PID 1972 wrote to memory of 1848	1972	msedge.exe	83
PID 1972 wrote to memory of 1848	1972	msedge.exe	83
PID 1972 wrote to memory of 1848	1972	msedge.exe	83
PID 1972 wrote to memory of 1848	1972	msedge.exe	83
PID 1972 wrote to memory of 1848	1972	msedge.exe	83
PID 1972 wrote to memory of 1848	1972	msedge.exe	83
PID 1972 wrote to memory of 1848	1972	msedge.exe	83
PID 1972 wrote to memory of 1848	1972	msedge.exe	83
PID 1972 wrote to memory of 1848	1972	msedge.exe	83
PID 1972 wrote to memory of 1848	1972	msedge.exe	83
PID 1972 wrote to memory of 1848	1972	msedge.exe	83
PID 1972 wrote to memory of 1848	1972	msedge.exe	83
PID 1972 wrote to memory of 1848	1972	msedge.exe	83
PID 1972 wrote to memory of 4884	1972	msedge.exe	84
PID 1972 wrote to memory of 4884	1972	msedge.exe	84
PID 1972 wrote to memory of 1408	1972	msedge.exe	85
PID 1972 wrote to memory of 1408	1972	msedge.exe	85
PID 1972 wrote to memory of 1408	1972	msedge.exe	85
PID 1972 wrote to memory of 1408	1972	msedge.exe	85
PID 1972 wrote to memory of 1408	1972	msedge.exe	85
PID 1972 wrote to memory of 1408	1972	msedge.exe	85
PID 1972 wrote to memory of 1408	1972	msedge.exe	85
PID 1972 wrote to memory of 1408	1972	msedge.exe	85
PID 1972 wrote to memory of 1408	1972	msedge.exe	85
PID 1972 wrote to memory of 1408	1972	msedge.exe	85
PID 1972 wrote to memory of 1408	1972	msedge.exe	85
PID 1972 wrote to memory of 1408	1972	msedge.exe	85
PID 1972 wrote to memory of 1408	1972	msedge.exe	85
PID 1972 wrote to memory of 1408	1972	msedge.exe	85
PID 1972 wrote to memory of 1408	1972	msedge.exe	85
PID 1972 wrote to memory of 1408	1972	msedge.exe	85
PID 1972 wrote to memory of 1408	1972	msedge.exe	85
PID 1972 wrote to memory of 1408	1972	msedge.exe	85
PID 1972 wrote to memory of 1408	1972	msedge.exe	85
PID 1972 wrote to memory of 1408	1972	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/drive/folders/1RjETQTIMLFXqxqcLXgfpGMw0tEViuLRb?usp=drive_link
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef9cb46f8,0x7ffef9cb4708,0x7ffef9cb4718
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,16717854721192570422,4532632316683573791,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:1848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,16717854721192570422,4532632316683573791,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,16717854721192570422,4532632316683573791,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
  2⤵
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16717854721192570422,4532632316683573791,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16717854721192570422,4532632316683573791,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16717854721192570422,4532632316683573791,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,16717854721192570422,4532632316683573791,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:8
  2⤵
  PID:1820
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,16717854721192570422,4532632316683573791,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16717854721192570422,4532632316683573791,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16717854721192570422,4532632316683573791,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16717854721192570422,4532632316683573791,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16717854721192570422,4532632316683573791,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16717854721192570422,4532632316683573791,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2780 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2108,16717854721192570422,4532632316683573791,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5400 /prefetch:8
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,16717854721192570422,4532632316683573791,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5932 /prefetch:8
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,16717854721192570422,4532632316683573791,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1996
- C:\Users\Admin\Downloads\PotatoGraphics(nonvidia).exe
  "C:\Users\Admin\Downloads\PotatoGraphics(nonvidia).exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  PID:1372
- C:\Users\Admin\Downloads\PotatoGraphics(nonvidia).exe
  "C:\Users\Admin\Downloads\PotatoGraphics(nonvidia).exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  PID:1804
- C:\Users\Admin\Downloads\PotatoGraphics(nonvidia).exe
  "C:\Users\Admin\Downloads\PotatoGraphics(nonvidia).exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  PID:220
- C:\Users\Admin\Downloads\PotatoGraphics(nonvidia).exe
  "C:\Users\Admin\Downloads\PotatoGraphics(nonvidia).exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,16717854721192570422,4532632316683573791,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5436 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4784

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4960

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3968

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5008

C:\Users\Admin\Downloads\PotatoGraphics(nonvidia).exe
"C:\Users\Admin\Downloads\PotatoGraphics(nonvidia).exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4788
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakchunk10ondemand-WindowsClient.utoc" /F /Q
  2⤵
  PID:1280
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakchunk10ondemand-WindowsClient_s1.ucas" /F /Q
  2⤵
  - System Location Discovery: System Language Discovery
  PID:404
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakchunk10ondemand-WindowsClient.pak" /F /Q
  2⤵
  PID:3744
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakchunk10ondemand-WindowsClient.sig" /F /Q
  2⤵
  PID:1288
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakchunk10ondemand-WindowsClient.ucas" /F /Q
  2⤵
  PID:4536
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C rd /s /q "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\ThirdParty\Discord"
  2⤵
  PID:2752
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C rd /s /q "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\ThirdParty\SpeechGraphics"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4248
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\EasyAntiCheat\Localization\ar_sa.cfg" /F /Q
  2⤵
  PID:4844
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\EasyAntiCheat\Localization\cs_cz.cfg" /F /Q
  2⤵
  PID:4180
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\EasyAntiCheat\Localization\de_de.cfg" /F /Q
  2⤵
  PID:2004
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\EasyAntiCheat\Localization\es_ar.cfg" /F /Q
  2⤵
  PID:4680
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\EasyAntiCheat\Localization\es_es.cfg" /F /Q
  2⤵
  PID:1820
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\EasyAntiCheat\Localization\fr_fr.cfg" /F /Q
  2⤵
  PID:2092
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\EasyAntiCheat\Localization\it_it.cfg" /F /Q
  2⤵
  PID:2896
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\EasyAntiCheat\Localization\ja_ja.cfg" /F /Q
  2⤵
  PID:1516
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\EasyAntiCheat\Localization\ko_kr.cfg" /F /Q
  2⤵
  PID:736
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\EasyAntiCheat\Localization\nl_nl.cfg" /F /Q
  2⤵
  PID:3260
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\EasyAntiCheat\Localization\pl_pl.cfg" /F /Q
  2⤵
  PID:1380
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\EasyAntiCheat\Localization\pt_br.cfg" /F /Q
  2⤵
  PID:4908
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\EasyAntiCheat\Localization\zh_cn.cfg" /F /Q
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2496
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\EasyAntiCheat\Localization\th_th.cfg" /F /Q
  2⤵
  PID:3324
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\EasyAntiCheat\Localization\tr_tr.cfg" /F /Q
  2⤵
  PID:5012
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\EasyAntiCheat\Localization\zh_tw.cfg" /F /Q
  2⤵
  PID:3440
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\EasyAntiCheat_Kamu\Localization\ar_sa.cfg" /F /Q
  2⤵
  PID:3768
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\EasyAntiCheat_Kamu\Localization\cs_cz.cfg" /F /Q
  2⤵
  PID:5016
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\EasyAntiCheat_Kamu\Localization\de_de.cfg" /F /Q
  2⤵
  PID:668
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\EasyAntiCheat_Kamu\Localization\es_ar.cfg" /F /Q
  2⤵
  PID:1880
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\EasyAntiCheat_Kamu\Localization\es_es.cfg" /F /Q
  2⤵
  PID:1516
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\EasyAntiCheat_Kamu\Localization\fr_fr.cfg" /F /Q
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3376
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\EasyAntiCheat_Kamu\Localization\it_it.cfg" /F /Q
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4756
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\EasyAntiCheat_Kamu\Localization\ja_ja.cfg" /F /Q
  2⤵
  - System Location Discovery: System Language Discovery
  PID:660
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\EasyAntiCheat_Kamu\Localization\ko_kr.cfg" /F /Q
  2⤵
  PID:908
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\EasyAntiCheat_Kamu\Localization\nl_nl.cfg" /F /Q
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5008
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\EasyAntiCheat_Kamu\Localization\pl_pl.cfg" /F /Q
  2⤵
  PID:4188
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\EasyAntiCheat_Kamu\Localization\pt_br.cfg" /F /Q
  2⤵
  PID:3696
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\EasyAntiCheat_Kamu\Localization\zh_cn.cfg" /F /Q
  2⤵
  PID:5032
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\EasyAntiCheat_Kamu\Localization\th_th.cfg" /F /Q
  2⤵
  PID:452
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\EasyAntiCheat_Kamu\Localization\tr_tr.cfg" /F /Q
  2⤵
  PID:2104
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\EasyAntiCheat_Kamu\Localization\zh_tw.cfg" /F /Q
  2⤵
  PID:1756
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\EasyAntiCheat\SplashScreen.png" /F /Q
  2⤵
  PID:2092
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\EasyAntiCheat_Kamu\Launcher\SplashScreen.png" /F /Q
  2⤵
  PID:3084
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\BattlEye\Text\cs.ini" /F /Q
  2⤵
  PID:3744
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\BattlEye\Text\de.ini" /F /Q
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4656
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\BattlEye\Text\es.ini" /F /Q
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4376
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\BattlEye\Text\fr.ini" /F /Q
  2⤵
  PID:3048
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\BattlEye\Text\it.ini" /F /Q
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4248
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\BattlEye\Text\ja.ini" /F /Q
  2⤵
  PID:5008
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\BattlEye\Text\ko.ini" /F /Q
  2⤵
  PID:536
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\BattlEye\Text\nl.ini" /F /Q
  2⤵
  PID:3696
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\BattlEye\Text\pl.ini" /F /Q
  2⤵
  PID:740
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\BattlEye\Text\pt.ini" /F /Q
  2⤵
  PID:384
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\BattlEye\Text\tr.ini" /F /Q
  2⤵
  PID:544
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\BattlEye\Text\zh.ini" /F /Q
  2⤵
  PID:4104
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\BattlEye\Text\zh-TW.ini" /F /Q
  2⤵
  PID:2500
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\BattlEye\Install_BattlEye.bat" /F /Q
  2⤵
  PID:3084
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\BattlEye\Uninstall_BattlEye.bat" /F /Q
  2⤵
  PID:1288
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\BattlEye\EULA.txt" /F /Q
  2⤵
  PID:4752
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\BattlEye\Licenses.txt" /F /Q
  2⤵
  PID:1280
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C rd /s /q "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\BattlEye\Privacy"
  2⤵
  PID:2308
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C rd /s /q "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\EasyAntiCheat\Localization"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4384
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C rd /s /q "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\ThirdParty\Nvidia\NGX"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4188
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\EasyAntiCheat\Launcher\SplashScreen.png" /F /Q
  2⤵
  PID:2992
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\ThirdParty\CEF3\Win64\chrome_100_percent.pak" /F /Q
  2⤵
  - System Location Discovery: System Language Discovery
  PID:212
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\ThirdParty\CEF3\Win64\chrome_200_percent.pak" /F /Q
  2⤵
  PID:1012
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\ThirdParty\CEF3\Win64\v8_context_snapshot.bin" /F /Q
  2⤵
  - System Location Discovery: System Language Discovery
  PID:384
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\EasyAntiCheat\EasyAntiCheat_x86.dll" /F /Q
  2⤵
  PID:544
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\ThirdParty\CEF3\Win64\Resources\locales\am.pak" /F /Q
  2⤵
  PID:4508
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\ThirdParty\CEF3\Win64\Resources\locales\bg.pak" /F /Q
  2⤵
  PID:2916
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\ThirdParty\CEF3\Win64\Resources\locales\bn.pak" /F /Q
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3084
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\ThirdParty\CEF3\Win64\Resources\locales\ca.pak" /F /Q
  2⤵
  PID:2096
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\ThirdParty\CEF3\Win64\Resources\locales\cs.pak" /F /Q
  2⤵
  PID:2024
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\ThirdParty\CEF3\Win64\Resources\locales\da.pak" /F /Q
  2⤵
  PID:1280
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\ThirdParty\CEF3\Win64\Resources\locales\de.pak" /F /Q
  2⤵
  PID:2308
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\ThirdParty\CEF3\Win64\Resources\locales\el.pak" /F /Q
  2⤵
  PID:4000
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\ThirdParty\CEF3\Win64\Resources\locales\es.pak" /F /Q
  2⤵
  PID:1652
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\ThirdParty\CEF3\Win64\Resources\locales\es-419.pak" /F /Q
  2⤵
  PID:5012
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\ThirdParty\CEF3\Win64\Resources\locales\et.pak" /F /Q
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4680
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\ThirdParty\CEF3\Win64\Resources\locales\fa.pak" /F /Q
  2⤵
  PID:4176
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\ThirdParty\CEF3\Win64\Resources\locales\fi.pak" /F /Q
  2⤵
  PID:4108
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\ThirdParty\CEF3\Win64\Resources\locales\fil.pak" /F /Q
  2⤵
  PID:4104
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\ThirdParty\CEF3\Win64\Resources\locales\fr.pak" /F /Q
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1892
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\ThirdParty\CEF3\Win64\Resources\locales\gu.pak" /F /Q
  2⤵
  PID:2896
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\ThirdParty\CEF3\Win64\Resources\locales\he.pak" /F /Q
  2⤵
  PID:2216
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\ThirdParty\CEF3\Win64\Resources\locales\hi.pak" /F /Q
  2⤵
  PID:5060
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\ThirdParty\CEF3\Win64\Resources\locales\hr.pak" /F /Q
  2⤵
  PID:2496
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\ThirdParty\CEF3\Win64\Resources\locales\hu.pak" /F /Q
  2⤵
  PID:368
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\ThirdParty\CEF3\Win64\Resources\locales\id.pak" /F /Q
  2⤵
  PID:2428
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\ThirdParty\CEF3\Win64\Resources\locales\it.pak" /F /Q
  2⤵
  PID:4180
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\ThirdParty\CEF3\Win64\Resources\locales\ja.pak" /F /Q
  2⤵
  PID:1652
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\ThirdParty\CEF3\Win64\Resources\locales\kn.pak" /F /Q
  2⤵
  PID:2004
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\ThirdParty\CEF3\Win64\Resources\locales\ko.pak" /F /Q
  2⤵
  PID:3088
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\ThirdParty\CEF3\Win64\Resources\locales\lt.pak" /F /Q
  2⤵
  PID:1636
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\ThirdParty\CEF3\Win64\Resources\locales\lv.pak" /F /Q
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2148
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\ThirdParty\CEF3\Win64\Resources\locales\ml.pak" /F /Q
  2⤵
  PID:2192
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\ThirdParty\CEF3\Win64\Resources\locales\mr.pak" /F /Q
  2⤵
  PID:1880
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\ThirdParty\CEF3\Win64\Resources\locales\ms.pak" /F /Q
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4852
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\ThirdParty\CEF3\Win64\Resources\locales\nb.pak" /F /Q
  2⤵
  PID:3940
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\ThirdParty\CEF3\Win64\Resources\locales\nl.pak" /F /Q
  2⤵
  PID:208
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\ThirdParty\CEF3\Win64\Resources\locales\pl.pak" /F /Q
  2⤵
  PID:5000
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\ThirdParty\CEF3\Win64\Resources\locales\pt-BR.pak" /F /Q
  2⤵
  PID:2468
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\ThirdParty\CEF3\Win64\Resources\locales\pt-PT.pak" /F /Q
  2⤵
  PID:3052
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\ThirdParty\CEF3\Win64\Resources\locales\ro.pak" /F /Q
  2⤵
  PID:4772
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\ThirdParty\CEF3\Win64\Resources\locales\sk.pak" /F /Q
  2⤵
  PID:2332
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\ThirdParty\CEF3\Win64\Resources\locales\sl.pak" /F /Q
  2⤵
  PID:1840
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\ThirdParty\CEF3\Win64\Resources\locales\sr.pak" /F /Q
  2⤵
  PID:4396
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\ThirdParty\CEF3\Win64\Resources\locales\sv.pak" /F /Q
  2⤵
  PID:384
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\ThirdParty\CEF3\Win64\Resources\locales\sw.pak" /F /Q
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3416
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\ThirdParty\CEF3\Win64\Resources\locales\ta.pak" /F /Q
  2⤵
  PID:2092
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\ThirdParty\CEF3\Win64\Resources\locales\te.pak" /F /Q
  2⤵
  PID:904
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\ThirdParty\CEF3\Win64\Resources\locales\th.pak" /F /Q
  2⤵
  PID:2140
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\ThirdParty\CEF3\Win64\Resources\locales\tr.pak" /F /Q
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4536
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\ThirdParty\CEF3\Win64\Resources\locales\uk.pak" /F /Q
  2⤵
  PID:2752
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\ThirdParty\CEF3\Win64\Resources\locales\vi.pak" /F /Q
  2⤵
  PID:5000
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\ThirdParty\CEF3\Win64\Resources\locales\zh-CN.pak" /F /Q
  2⤵
  PID:2468
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\ThirdParty\CEF3\Win64\Resources\locales\zh-TW.pak" /F /Q
  2⤵
  PID:3900
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\ThirdParty\CEF3\Win64\Resources\locales\ar.pak" /F /Q
  2⤵
  PID:2816
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C rd /s /q "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\PackagedReplays"
  2⤵
  PID:2732
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C rd /s /q "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Legal"
  2⤵
  PID:4708
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C rd /s /q "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Movies"
  2⤵
  PID:4396
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C rd /s /q "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Splash"
  2⤵
  PID:2112
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C rd /s /q "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\ThirdParty\DbgHelp"
  2⤵
  PID:2148
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C rd /s /q "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\ThirdParty\NVIDIA"
  2⤵
  PID:2896
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C rd /s /q "C:\Program Files\Epic Games\Fortnite\Engine\Plugins\Amazon"
  2⤵
  PID:3376
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C rd /s /q "C:\Program Files\Epic Games\Fortnite\Cloud"
  2⤵
  PID:4656
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\ThirdParty\CEF3\Win64\snapshot_blob.bin" /F /Q
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4248
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakChunkEarly-WindowsClient.sig" /F /Q
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2832
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakChunkEarly-WindowsClient.ucas" /F /Q
  2⤵
  PID:4784
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakChunkEarly-WindowsClient.utoc" /F /Q
  2⤵
  PID:1844
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakChunkEarly-WindowsClient.pak" /F /Q
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2992
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakchunk1012optional-WindowsClient.pak" /F /Q
  2⤵
  PID:5032
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakchunk1010optional-WindowsClient.utoc" /F /Q
  2⤵
  PID:1012
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakchunk1010optional-WindowsClient.pak" /F /Q
  2⤵
  PID:4108
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakchunk1010optional-WindowsClient.sig" /F /Q
  2⤵
  PID:1740
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakchunk1010optional-WindowsClient.ucas" /F /Q
  2⤵
  - System Location Discovery: System Language Discovery
  PID:736
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakchunk1012optional-WindowsClient.sig" /F /Q
  2⤵
  PID:2604
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakchunk1012optional-WindowsClient.ucas" /F /Q
  2⤵
  PID:4216
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakchunk1012optional-WindowsClient.utoc" /F /Q
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4512
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakchunk1007optional-WindowsClient.pak" /F /Q
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1832
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakchunk1007optional-WindowsClient.sig" /F /Q
  2⤵
  PID:2744
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakchunk1007optional-WindowsClient.ucas" /F /Q
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4000
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakchunk1007optional-WindowsClient.utoc" /F /Q
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3440
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakchunk1000optional-WindowsClient.pak" /F /Q
  2⤵
  PID:212
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakchunk1000optional-WindowsClient.sig" /F /Q
  2⤵
  PID:3152
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakchunk1000optional-WindowsClient.ucas" /F /Q
  2⤵
  PID:4304
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakchunk1000optional-WindowsClient.utoc" /F /Q
  2⤵
  PID:4724
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakchunk1002optional-WindowsClient.pak" /F /Q
  2⤵
  PID:1756
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakchunk1002optional-WindowsClient.sig" /F /Q
  2⤵
  PID:4012
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakchunk1002optional-WindowsClient.ucas" /F /Q
  2⤵
  PID:2916
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakchunk1002optional-WindowsClient.utoc" /F /Q
  2⤵
  PID:3084
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakchunk1003optional-WindowsClient.pak" /F /Q
  2⤵
  PID:180
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakchunk1003optional-WindowsClient.sig" /F /Q
  2⤵
  PID:908
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakchunk1003optional-WindowsClient.ucas" /F /Q
  2⤵
  PID:3732
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakchunk1003optional-WindowsClient.utoc" /F /Q
  2⤵
  PID:2308
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakchunk1004optional-WindowsClient.pak" /F /Q
  2⤵
  PID:3052
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakchunk1004optional-WindowsClient.sig" /F /Q
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4180
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakchunk1004optional-WindowsClient.ucas" /F /Q
  2⤵
  PID:3752
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakchunk1004optional-WindowsClient.utoc" /F /Q
  2⤵
  PID:4600
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakchunk1005optional-WindowsClient.pak" /F /Q
  2⤵
  PID:5112
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakchunk1005optional-WindowsClient.sig" /F /Q
  2⤵
  PID:3436
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakchunk1005optional-WindowsClient.ucas" /F /Q
  2⤵
  - System Location Discovery: System Language Discovery
  PID:464
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakchunk1005optional-WindowsClient.utoc" /F /Q
  2⤵
  PID:2148
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakchunk1006optional-WindowsClient.pak" /F /Q
  2⤵
  PID:1228
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakchunk1006optional-WindowsClient.sig" /F /Q
  2⤵
  - System Location Discovery: System Language Discovery
  PID:448
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakchunk1006optional-WindowsClient.ucas" /F /Q
  2⤵
  PID:3116
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakchunk1006optional-WindowsClient.utoc" /F /Q
  2⤵
  PID:3048
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakchunk1008optional-WindowsClient.pak" /F /Q
  2⤵
  PID:5008
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakchunk1008optional-WindowsClient.sig" /F /Q
  2⤵
  PID:1268
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakchunk1008optional-WindowsClient.ucas" /F /Q
  2⤵
  PID:2332
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakchunk1008optional-WindowsClient.utoc" /F /Q
  2⤵
  PID:3696
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakchunk1009optional-WindowsClient.pak" /F /Q
  2⤵
  PID:4176
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakchunk1009optional-WindowsClient.sig" /F /Q
  2⤵
  PID:4104
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakchunk1009optional-WindowsClient.ucas" /F /Q
  2⤵
  PID:1636
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakchunk1009optional-WindowsClient.utoc" /F /Q
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1756
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakchunkscb_Curroptional-WindowsClient.pak" /F /Q
  2⤵
  PID:4012
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakchunkscb_Curroptional-WindowsClient.sig" /F /Q
  2⤵
  PID:2916
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakchunkscb_Curroptional-WindowsClient.ucas" /F /Q
  2⤵
  PID:3084
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakchunkscb_Curroptional-WindowsClient.utoc" /F /Q
  2⤵
  - System Location Discovery: System Language Discovery
  PID:180
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakchunkscb_ExtRefoptional-WindowsClient.pak" /F /Q
  2⤵
  - System Location Discovery: System Language Discovery
  PID:908
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakchunkscb_ExtRefoptional-WindowsClient.sig" /F /Q
  2⤵
  PID:3900
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakchunkscb_ExtRefoptional-WindowsClient.ucas" /F /Q
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2308
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakchunkscb_ExtRefoptional-WindowsClient.utoc" /F /Q
  2⤵
  PID:3052
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakchunk1001optional-WindowsClient.utoc" /F /Q
  2⤵
  PID:5012
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakchunk1001optional-WindowsClient.ucas" /F /Q
  2⤵
  PID:3520
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakchunk1001optional-WindowsClient.sig" /F /Q
  2⤵
  PID:4304
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\pakchunk1001optional-WindowsClient.pak" /F /Q
  2⤵
  PID:3744
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\api-ms-win-core-errorhandling-l1-1-0.dll" /F /Q
  2⤵
  PID:4664
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\vcruntime140_1.dll" /F /Q
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1880
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\vcruntime140.dll" /F /Q
  2⤵
  PID:1524
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\api-ms-win-crt-runtime-l1-1-0.dll" /F /Q
  2⤵
  PID:1380
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\api-ms-win-core-debug-l1-1-0.dll" /F /Q
  2⤵
  - System Location Discovery: System Language Discovery
  PID:100
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\api-ms-win-core-console-l1-1-0.dll" /F /Q
  2⤵
  PID:1832
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\api-ms-win-core-console-l1-2-0.dll" /F /Q
  2⤵
  PID:3732
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\api-ms-win-core-datetime-l1-1-0.dll" /F /Q
  2⤵
  PID:2816
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\api-ms-win-core-file-l1-1-0.dll" /F /Q
  2⤵
  PID:2732
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\api-ms-win-core-file-l1-2-0.dll" /F /Q
  2⤵
  PID:2860
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\api-ms-win-core-file-l2-1-0.dll" /F /Q
  2⤵
  PID:4804
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\api-ms-win-core-handle-l1-1-0.dll" /F /Q
  2⤵
  PID:5016
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\api-ms-win-core-heap-l1-1-0.dll" /F /Q
  2⤵
  PID:2104
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\api-ms-win-core-interlocked-l1-1-0.dll" /F /Q
  2⤵
  PID:824
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\api-ms-win-core-libraryloader-l1-1-0.dll" /F /Q
  2⤵
  PID:1288
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\api-ms-win-core-localization-l1-2-0.dll" /F /Q
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2092
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\api-ms-win-core-memory-l1-1-0.dll" /F /Q
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2604
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\api-ms-win-core-namedpipe-l1-1-0.dll" /F /Q
  2⤵
  PID:3940
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\api-ms-win-core-processenvironment-l1-1-0.dll" /F /Q
  2⤵
  PID:4516
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\api-ms-win-core-processthreads-l1-1-0.dll" /F /Q
  2⤵
  PID:4512
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\api-ms-win-core-processthreads-l1-1-1.dll" /F /Q
  2⤵
  PID:5060
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\api-ms-win-core-profile-l1-1-0.dll" /F /Q
  2⤵
  PID:908
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\api-ms-win-core-rtlsupport-l1-1-0.dll" /F /Q
  2⤵
  PID:3900
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\api-ms-win-core-string-l1-1-0.dll" /F /Q
  2⤵
  PID:2308
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\api-ms-win-core-synch-l1-1-0.dll" /F /Q
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3936
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\api-ms-win-core-synch-l1-2-0.dll" /F /Q
  2⤵
  PID:384
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\api-ms-win-core-sysinfo-l1-1-0.dll" /F /Q
  2⤵
  PID:452
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\api-ms-win-core-timezone-l1-1-0.dll" /F /Q
  2⤵
  PID:1204
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\api-ms-win-core-util-l1-1-0.dll" /F /Q
  2⤵
  PID:4664
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\api-ms-win-crt-conio-l1-1-0.dll" /F /Q
  2⤵
  PID:2148
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\api-ms-win-crt-convert-l1-1-0.dll" /F /Q
  2⤵
  PID:4216
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\api-ms-win-crt-environment-l1-1-0.dll" /F /Q
  2⤵
  PID:3376
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\api-ms-win-crt-filesystem-l1-1-0.dll" /F /Q
  2⤵
  PID:3836
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\api-ms-win-crt-heap-l1-1-0.dll" /F /Q
  2⤵
  PID:4188
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\api-ms-win-crt-locale-l1-1-0.dll" /F /Q
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3324
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\api-ms-win-crt-math-l1-1-0.dll" /F /Q
  2⤵
  PID:2784
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\api-ms-win-crt-multibyte-l1-1-0.dll" /F /Q
  2⤵
  PID:2332
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\api-ms-win-crt-private-l1-1-0.dll" /F /Q
  2⤵
  PID:2860
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\api-ms-win-crt-process-l1-1-0.dll" /F /Q
  2⤵
  PID:1844
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\api-ms-win-crt-stdio-l1-1-0.dll" /F /Q
  2⤵
  PID:4600
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\api-ms-win-crt-string-l1-1-0.dll" /F /Q
  2⤵
  PID:1012
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\api-ms-win-crt-time-l1-1-0.dll" /F /Q
  2⤵
  PID:2112
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\api-ms-win-crt-utility-l1-1-0.dll" /F /Q
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4536
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\boost_atomic-vc142-mt-x64-1_70.dll" /F /Q
  2⤵
  PID:4852
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\boost_chrono-vc142-mt-x64-1_70.dll" /F /Q
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1320
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\boost_iostreams-vc142-mt-x64-1_70.dll" /F /Q
  2⤵
  - System Location Discovery: System Language Discovery
  PID:208
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\boost_program_options-vc142-mt-x64-1_70.dll" /F /Q
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2024
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\boost_python39-vc142-mt-x64-1_70.dll" /F /Q
  2⤵
  PID:4932
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\boost_regex-vc142-mt-x64-1_70.dll" /F /Q
  2⤵
  PID:5060
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\boost_system-vc142-mt-x64-1_70.dll" /F /Q
  2⤵
  PID:2004
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\boost_thread-vc142-mt-x64-1_70.dll" /F /Q
  2⤵
  PID:4120
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\concrt140.dll" /F /Q
  2⤵
  - System Location Discovery: System Language Discovery
  PID:740
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\dbghelp.dll" /F /Q
  2⤵
  PID:1840
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\msvcp140.dll" /F /Q
  2⤵
  PID:2056
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\msvcp140_1.dll" /F /Q
  2⤵
  PID:3768
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\msvcp140_2.dll" /F /Q
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1740
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\msvcp140_codecvt_ids.dll" /F /Q
  2⤵
  PID:4508
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\ucrtbase.dll" /F /Q
  2⤵
  PID:1984
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\vccorlib140.dll" /F /Q
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2148
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\Win64\api-ms-win-core-console-l1-1-0.dll" /F /Q
  2⤵
  PID:404
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\Win64\api-ms-win-core-console-l1-2-0.dll" /F /Q
  2⤵
  PID:4376
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\Win64\api-ms-win-core-datetime-l1-1-0.dll" /F /Q
  2⤵
  PID:1832
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\Win64\api-ms-win-core-debug-l1-1-0.dll" /F /Q
  2⤵
  PID:4044
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\Win64\api-ms-win-core-errorhandling-l1-1-0.dll" /F /Q
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1280
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\Win64\api-ms-win-core-file-l1-1-0.dll" /F /Q
  2⤵
  PID:2428
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\Win64\api-ms-win-core-file-l1-2-0.dll" /F /Q
  2⤵
  PID:1160
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\Win64\api-ms-win-core-file-l2-1-0.dll" /F /Q
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2400
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\Win64\api-ms-win-core-handle-l1-1-0.dll" /F /Q
  2⤵
  PID:4572
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\Win64\api-ms-win-core-heap-l1-1-0.dll" /F /Q
  2⤵
  PID:4104
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\Win64\api-ms-win-core-interlocked-l1-1-0.dll" /F /Q
  2⤵
  - System Location Discovery: System Language Discovery
  PID:452
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\Win64\api-ms-win-core-libraryloader-l1-1-0.dll" /F /Q
  2⤵
  PID:1740
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\Win64\api-ms-win-core-localization-l1-2-0.dll" /F /Q
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1756
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\Win64\api-ms-win-core-memory-l1-1-0.dll" /F /Q
  2⤵
  PID:2092
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\Win64\api-ms-win-core-namedpipe-l1-1-0.dll" /F /Q
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4756
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\Win64\api-ms-win-core-processenvironment-l1-1-0.dll" /F /Q
  2⤵
  PID:448
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\Win64\api-ms-win-core-processthreads-l1-1-0.dll" /F /Q
  2⤵
  PID:100
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\Win64\api-ms-win-core-processthreads-l1-1-1.dll" /F /Q
  2⤵
  PID:4512
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\Win64\api-ms-win-core-profile-l1-1-0.dll" /F /Q
  2⤵
  PID:3088
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\Win64\api-ms-win-core-rtlsupport-l1-1-0.dll" /F /Q
  2⤵
  PID:908
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\Win64\api-ms-win-core-string-l1-1-0.dll" /F /Q
  2⤵
  PID:212
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\Win64\api-ms-win-core-synch-l1-1-0.dll" /F /Q
  2⤵
  PID:4708
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\Win64\api-ms-win-core-synch-l1-2-0.dll" /F /Q
  2⤵
  PID:2860
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\Win64\api-ms-win-core-sysinfo-l1-1-0.dll" /F /Q
  2⤵
  PID:5016
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\Win64\api-ms-win-core-timezone-l1-1-0.dll" /F /Q
  2⤵
  PID:4176
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\Win64\api-ms-win-core-util-l1-1-0.dll" /F /Q
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3436
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\Win64\api-ms-win-crt-conio-l1-1-0.dll" /F /Q
  2⤵
  PID:3932
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\Win64\api-ms-win-crt-convert-l1-1-0.dll" /F /Q
  2⤵
  PID:1480
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\Win64\api-ms-win-crt-environment-l1-1-0.dll" /F /Q
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3456
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\Win64\api-ms-win-crt-filesystem-l1-1-0.dll" /F /Q
  2⤵
  PID:4516
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\Win64\api-ms-win-crt-heap-l1-1-0.dll" /F /Q
  2⤵
  PID:180
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\Win64\api-ms-win-crt-locale-l1-1-0.dll" /F /Q
  2⤵
  PID:100
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\Win64\api-ms-win-crt-math-l1-1-0.dll" /F /Q
  2⤵
  PID:4772
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\Win64\api-ms-win-crt-multibyte-l1-1-0.dll" /F /Q
  2⤵
  PID:3316
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\Win64\api-ms-win-crt-private-l1-1-0.dll" /F /Q
  2⤵
  PID:4384
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\Win64\api-ms-win-crt-process-l1-1-0.dll" /F /Q
  2⤵
  PID:5012
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\Win64\api-ms-win-crt-runtime-l1-1-0.dll" /F /Q
  2⤵
  PID:2056
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\Win64\api-ms-win-crt-stdio-l1-1-0.dll" /F /Q
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3520
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\Win64\api-ms-win-crt-string-l1-1-0.dll" /F /Q
  2⤵
  - System Location Discovery: System Language Discovery
  PID:464
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\Win64\api-ms-win-crt-time-l1-1-0.dll" /F /Q
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4664
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\Win64\api-ms-win-crt-utility-l1-1-0.dll" /F /Q
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2916
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\Win64\concrt140.dll" /F /Q
  2⤵
  PID:1228
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\Win64\CrashReportClient.exe" /F /Q
  2⤵
  PID:1380
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\Win64\EpicWebHelper.exe" /F /Q
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3136
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\Win64\msvcp140.dll" /F /Q
  2⤵
  PID:4276
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\Win64\msvcp140_1.dll" /F /Q
  2⤵
  PID:2040
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\Win64\msvcp140_2.dll" /F /Q
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4248
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\Win64\msvcp140_codecvt_ids.dll" /F /Q
  2⤵
  PID:3644
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\Win64\tbb.dll" /F /Q
  2⤵
  PID:4396
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\Win64\ucrtbase.dll" /F /Q
  2⤵
  PID:2164
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Binaries\Win64\UninstallHelper-Win64-Shipping.exe" /F /Q
  2⤵
  PID:1840
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C DEL "C:\Program Files\Epic Games\Fortnite\Engine\Content\Slate\Cursor\invisible.cur" /F /Q
  2⤵
  PID:4304
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C echo off
  2⤵
  PID:1288

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

T1070

File Deletion

T1070.004

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
25KB

MD5
ab77c85aab42e61d0557bfe285bcafc0

SHA1
ac4241859bef658513fee5ae997b08543b8029e8

SHA256
32a74d447d992c99982a6c6979935c3eeffc358bcbcf7b1843ccb8021523f398

SHA512
41aaeb6c514f1ec1e97e213739ee2f4cd731cfa17fc1bd2c0c2d6197eaa487ed4b57c8d359ddaabc8764db4e12d3000eb2e23f884aa5dad0962ee9e0ae1d02b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0cfb3bfcc110e8ec401ff3684d754616

SHA1
3357218cfe5323067d0621dc617ca166911926b2

SHA256
8f0498afff7ad147978f8101381838e782804823fae2ad5307a0517f59407437

SHA512
4c1b827085c147da9ab24856cfa71ce79c2e4a016bc66513960c71a6a502134bc5cdb67f227988ea6bb72de46a31ceb3162c08089b46fdbaa6a22695929424d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
485482e34ec3ffa9e7b16f35e70cc09a

SHA1
3c66d6828b7a3ef21027c5419a4a4dc12e88afab

SHA256
5f38467306c7f475368a334533b54723536aad6f4207e5aa67e9f64daf24a37e

SHA512
a8fb7e1381af40a197dc987d410903f05d2952ffae558f9da12291a089e7768e8d7fc4882a4241118eb5710da18655dfaee068734d4c8322b4b5670bb9565582

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
feb02f747b998c6e70eafb2241518e17

SHA1
d6cd4f455123d71180535ed8936476df955a7708

SHA256
6c13a20154ceb8fe30afca77ba8f93424aa2de172a94ec51f08ed0c79dc88508

SHA512
3d0dfcef8133ee17fe3ddba54515d9147de1305edae8d033acea890dc351d3e7475b894e743fb761123118c1bbffbe6ea70b59464c3a88a268cfaad879f1522c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1c69a92816e7cc3e47109c474e305df4

SHA1
b23c2ed40127ec47d0c8d8813402cfc8f231b187

SHA256
309ed02b1abc0075b6d2480b559c0090906a147382ce7bf352a8251e9520baf1

SHA512
181901b0d87bd8a52a03f80425f53b3d1cf632ba7574e2e718e7d2f85a679db13b045e448c66c56872f9bba61d28e05b4d7fb0030d5beed3210aa0c6b81b0a7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6438a2e8d742146e6e3bfb633a9c841a

SHA1
8fd90136cef0e7fc5d5e4755c4022f3ababdb8ef

SHA256
c14385da70d15d23cc112c74af095fba2261a242e3b3f488f6975187f40bdf69

SHA512
977ed8fa6ca161a30767d29feffb11f8e2122dba4a3baf8e061c470053d0468c426f01233a95c253475b92a620f286cd57b70c9faffbe576b29503522afe8583

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ab8b0f3608d8674ad04226c217f59e57

SHA1
7132f40c92729f86757b44dad63e8d6e561e5e98

SHA256
26d300b765473b6ba4e7d61619e035907882f3fd6e2a28c9f2005f47ccafe133

SHA512
e7a55368bddff65690593610b27960bce3a4f6e1223cbd1457fc67a9caffd2f257b11d9c36cf9864dd68ef25ef9d2f008f9d2f06032141221535960ab3a4124d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3dee7b7e2696c42285b7d1ec836f0549

SHA1
792fcc5be167bfa5c49624345af6f98497a6873e

SHA256
1d518d64553d598085218ff718583406fb7114bd995e858845dc35596cefa643

SHA512
5048aebc5e09dbcfef20db50a83ca5882672da20034cde684fa5e52ac5c5eeb8e745fce2f9a679d7f7870fab88904b6384a635a995a98948e94a8133bdf40cc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8c146e080f84b3db1e243c83c563c6fb

SHA1
459e29550d089f0d386a8e66d84e262abf4c0b07

SHA256
b9392087fbcbba1d6af80335edc14db037725eb79c9c7875cde09ebcc6d46edc

SHA512
aacec276b857045b13b17bb48a3c5e5dcceb29e04ca2ab2e7f9cbf313d4736a5625adba7476fba497228008636091f6d0ad5f8cb07a43d4cd55315f205f853d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
caeaa7756794a4ed29e361651a68a5af

SHA1
5328407bb900a0c6fa1b7f6df87a8292bb1b18a9

SHA256
57c9929b4d423a925ae94e95110f7a8c06f3e8590dfc53ca9bc35509e6a86406

SHA512
a522f72faa296cab0433ba5ed3cba25097b7d579ea147937a2500e4feea5552020784d8224ef38a10c2e9405d066707d184840e9c63d12f794f0aefa3a1fdc96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5823cf.TMP

Filesize
1KB

MD5
410ffd8025f347ce52304b4309dafebf

SHA1
af0a0580de6e964f305c8452363d651084cdf49f

SHA256
53f2fe0bc52b2d5151de0898776ab2f7d25a7da789969609087e6dbf6fbb59ed

SHA512
89d41d10d8a97a437de4641ee1eae33490d0e676e0486a67bb37079f1f64c6cd081e4b53418b13734c903f4ff384313bf05aa45c14d47f05b7373ea76d12c519

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1afa6bde4bdb6bd8c2d7a11e1fa75e79

SHA1
94125db619694a5b7ae41792959ca4b1eed320e6

SHA256
707123e026dd670d857c122f0a6303a8ade4cdbbafbab4dd47fd28bbf386b4ca

SHA512
926f5890111050c8696d34af6f6bbbd462ee4e2e4f5f02170101156a0becdf836e47ef45879fedb72a02f08038c6da7b3f330779bd32c2fad7555ef04ec0c8c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ed09fcf8243c81c2bf1d6db5f774442a

SHA1
c002792ecf5e129252bdadf31c904df199d950ed

SHA256
babc662cf7bf20dd5835c08d80c9115ea8e6f62f007616d8eb45c33bd164a35f

SHA512
4b42cb14fa9d5aa475e97e7bd9a3921076580cc48fd16805843a5a060c6de809f7bf6cbec768f4297936cf6a9d8c060041d2e8ad82e785a2732ce78c46aeb2b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\PotatoGraphics(nonvidia)\Lb2pJELVcGjgmnt4_HNvjGF21swNaXE=\D3DCompiler_47_cor3.dll

Filesize
3.9MB

MD5
d935c9f57aa56b90ae4da0a0bb280e0f

SHA1
d6364fb5e50ac93e37db5f49b85d28823ed89191

SHA256
f8c35b65524c60aa1765b13dc96a92a16d5570827b7fe6ccabfa9859d2a6ad60

SHA512
1bd535ecfe5611c2b43a9556efb41f0bff1ed64e480b069c30ab2fcf30c1a364542703fada877d91e626fd36e37b2fc4d8c053a2fca78a94d0b21ea66ea8b4c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\PotatoGraphics(nonvidia)\Lb2pJELVcGjgmnt4_HNvjGF21swNaXE=\PresentationNative_cor3.dll

Filesize
922KB

MD5
189e8b2ed3a8cf16ca82462dc0f44319

SHA1
9bc34fe3fc9da99a5f0709085a330530ac2bdf79

SHA256
0037596b79b5a8fd580ef409620c3936fd514382de972af1df74a6143adcbb95

SHA512
316326630fec54e274eadf25ac344ee9d399239c82eaec2020aa49394d99e8b8b4abc1e5d47a19177dfa008cefb892aa9cd95c7436f450f2dc5e2d3abaf5eb6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\PotatoGraphics(nonvidia)\Lb2pJELVcGjgmnt4_HNvjGF21swNaXE=\wpfgfx_cor3.dll

Filesize
1.7MB

MD5
f91a72687cde5aa77e3b852c5c9f01fd

SHA1
3372a108c7072591a86555acf0bcf9d020a28e58

SHA256
d17c4501298d3cdd05acd03a6c318f50f40a485fa616a3e14b27fde012b17efd

SHA512
8373f4af305d1eb2988b9343a0f5b69ceb97d05e5c9ddb715db638bd09e33b6a512bdfc951ddc331f4c7d605dfc3fcddd2d34bb9126c65702e53dc79fb5ea358

Download Submit
memory/1372-323-0x0000000007840000-0x0000000008440000-memory.dmp

Filesize
12.0MB

Download
memory/1372-356-0x00000000085C0000-0x0000000008700000-memory.dmp

Filesize
1.2MB

Download
memory/1372-376-0x0000000008700000-0x0000000008740000-memory.dmp

Filesize
256KB

Download
memory/1372-317-0x0000000007840000-0x0000000008440000-memory.dmp

Filesize
12.0MB

Download
memory/1372-371-0x0000000006BF0000-0x0000000006C30000-memory.dmp

Filesize
256KB

Download
memory/1372-340-0x0000000008A00000-0x0000000008C00000-memory.dmp

Filesize
2.0MB

Download
memory/1372-331-0x0000000009CE0000-0x000000000AB60000-memory.dmp

Filesize
14.5MB

Download
memory/1372-327-0x0000000009CE0000-0x000000000AB60000-memory.dmp

Filesize
14.5MB

Download
memory/1372-333-0x0000000008A00000-0x0000000008C00000-memory.dmp

Filesize
2.0MB

Download
memory/1372-341-0x00000000085C0000-0x0000000008700000-memory.dmp

Filesize
1.2MB

Download
memory/1804-366-0x0000000008870000-0x00000000088B0000-memory.dmp

Filesize
256KB

Download
memory/1804-361-0x00000000081C0000-0x0000000008200000-memory.dmp

Filesize
256KB

Download
memory/1804-357-0x00000000081C0000-0x0000000008200000-memory.dmp

Filesize
256KB

Download
memory/1804-350-0x0000000008530000-0x0000000008730000-memory.dmp

Filesize
2.0MB

Download
memory/1804-326-0x0000000007330000-0x0000000007F30000-memory.dmp

Filesize
12.0MB

Download
memory/1804-362-0x0000000008870000-0x00000000088B0000-memory.dmp

Filesize
256KB

Download
memory/1804-381-0x000000000B4E0000-0x000000000BCA0000-memory.dmp

Filesize
7.8MB

Download
memory/1804-377-0x000000000B4E0000-0x000000000BCA0000-memory.dmp

Filesize
7.8MB

Download
memory/1804-345-0x0000000009810000-0x000000000A690000-memory.dmp

Filesize
14.5MB

Download
memory/1804-355-0x000000000A690000-0x000000000A7D0000-memory.dmp

Filesize
1.2MB

Download