latentbot | b101408bab05ffc25b0ef735770840f40230fb99d9e10d420337d6113e6c1f5a

Analysis

max time kernel
1646s
max time network
1649s
platform
windows10-2004_x64
resource
win10v2004-20250410-en
resource tags

arch:x64arch:x86image:win10v2004-20250410-enlocale:en-usos:windows10-2004-x64system
submitted
17/04/2025, 03:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Teletubbies-Asst-Thumbnail.png
Size

237KB
MD5

a2e5b9bf96a0bb0ad5afa765bdc88a3c
SHA1

e60cf3bc88e35b7b471a20f1ca619ce7bf268bd1
SHA256

b101408bab05ffc25b0ef735770840f40230fb99d9e10d420337d6113e6c1f5a
SHA512

79aaf6510936e77d0adb03fdee72a4197a645ed84b9e32daf708146e8a96bcffb95fde699ba2dfb646a88a55de9c77f4b1582c403e1982b5dbce2d1e1a6a90f5
SSDEEP

3072:sA+McPEy54C5TmVveG8cO/RqYG1FCk6paC6Q8LByqWmhhpaGhWGBom9u03m7bNJD:VSEGB5TGR0paBvys/9u03mHNJg9WrCm

Score

10^/10

latentbot discovery trojan

Malware Config

Extracted

Family

latentbot

epicpbglobal.zapto.org

Signatures

LatentBot
Modular trojan written in Delphi which has been in-the-wild since 2013.
trojan latentbot
Latentbot family
latentbot

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation	PBLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation	PBLauncher.exe

Executes dropped EXE 3 IoCs

pid	Process
3840	PBLauncher.exe
2036	PBLauncher.exe
6044	PBLauncher.exe

Loads dropped DLL 17 IoCs

pid	Process
3840	PBLauncher.exe
3840	PBLauncher.exe
3840	PBLauncher.exe
3840	PBLauncher.exe
2036	PBLauncher.exe
2036	PBLauncher.exe
2036	PBLauncher.exe
2036	PBLauncher.exe
2036	PBLauncher.exe
2036	PBLauncher.exe
6044	PBLauncher.exe
6044	PBLauncher.exe
6044	PBLauncher.exe
6044	PBLauncher.exe
6044	PBLauncher.exe
6044	PBLauncher.exe
4412	msedge.exe

Drops file in Program Files directory 24 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4412_475112165\typosquatting_list.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4412_98473294\kp_pinslist.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4412_296939002\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4412_296939002\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4412_421145770\deny_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4412_274043343\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4412_98473294\crs.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4412_98473294\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4412_522083948\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4412_522083948\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4412_296939002\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4412_421145770\deny_full_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4412_522083948\well_known_domains.dll	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4412_421145770\deny_etld1_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4412_274043343\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4412_475112165\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4412_98473294\ct_config.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4412_98473294\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4412_296939002\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4412_296939002\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4412_421145770\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4412_421145770\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4412_274043343\data.txt	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4412_475112165\manifest.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PBLauncher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PBLauncher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PBLauncher.exe

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133893349969196111"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 9 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3078542121-369484597-920690335-1000\{627EF12A-42C5-4D5C-845A-4C3280993D76}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3078542121-369484597-920690335-1000\{42345A79-A99C-446A-A263-F3E444DA2DA6}	msedge.exe

Suspicious behavior: EnumeratesProcesses 21 IoCs

pid	Process
2676	mspaint.exe
2676	mspaint.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
2992	chrome.exe
2992	chrome.exe
3840	PBLauncher.exe
3840	PBLauncher.exe
3840	PBLauncher.exe
2036	PBLauncher.exe
2036	PBLauncher.exe
2036	PBLauncher.exe
6044	PBLauncher.exe
6044	PBLauncher.exe
6044	PBLauncher.exe
4412	msedge.exe
4412	msedge.exe
388	msedge.exe
388	msedge.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
656	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4932	msedge.exe
4932	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe

Suspicious use of SetWindowsHookEx 19 IoCs

pid	Process
2676	mspaint.exe
2676	mspaint.exe
2676	mspaint.exe
2676	mspaint.exe
5384	OpenWith.exe
5384	OpenWith.exe
5384	OpenWith.exe
5384	OpenWith.exe
5384	OpenWith.exe
5384	OpenWith.exe
5384	OpenWith.exe
2036	PBLauncher.exe
2036	PBLauncher.exe
2036	PBLauncher.exe
6044	PBLauncher.exe
6044	PBLauncher.exe
6044	PBLauncher.exe
5068	helppane.exe
5068	helppane.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4996 wrote to memory of 4896	4996	chrome.exe	96
PID 4996 wrote to memory of 4896	4996	chrome.exe	96
PID 4996 wrote to memory of 4224	4996	chrome.exe	97
PID 4996 wrote to memory of 4224	4996	chrome.exe	97
PID 4996 wrote to memory of 6128	4996	chrome.exe	98
PID 4996 wrote to memory of 6128	4996	chrome.exe	98
PID 4996 wrote to memory of 6128	4996	chrome.exe	98
PID 4996 wrote to memory of 6128	4996	chrome.exe	98
PID 4996 wrote to memory of 6128	4996	chrome.exe	98
PID 4996 wrote to memory of 6128	4996	chrome.exe	98
PID 4996 wrote to memory of 6128	4996	chrome.exe	98
PID 4996 wrote to memory of 6128	4996	chrome.exe	98
PID 4996 wrote to memory of 6128	4996	chrome.exe	98
PID 4996 wrote to memory of 6128	4996	chrome.exe	98
PID 4996 wrote to memory of 6128	4996	chrome.exe	98
PID 4996 wrote to memory of 6128	4996	chrome.exe	98
PID 4996 wrote to memory of 6128	4996	chrome.exe	98
PID 4996 wrote to memory of 6128	4996	chrome.exe	98
PID 4996 wrote to memory of 6128	4996	chrome.exe	98
PID 4996 wrote to memory of 6128	4996	chrome.exe	98
PID 4996 wrote to memory of 6128	4996	chrome.exe	98
PID 4996 wrote to memory of 6128	4996	chrome.exe	98
PID 4996 wrote to memory of 6128	4996	chrome.exe	98
PID 4996 wrote to memory of 6128	4996	chrome.exe	98
PID 4996 wrote to memory of 6128	4996	chrome.exe	98
PID 4996 wrote to memory of 6128	4996	chrome.exe	98
PID 4996 wrote to memory of 6128	4996	chrome.exe	98
PID 4996 wrote to memory of 6128	4996	chrome.exe	98
PID 4996 wrote to memory of 6128	4996	chrome.exe	98
PID 4996 wrote to memory of 6128	4996	chrome.exe	98
PID 4996 wrote to memory of 6128	4996	chrome.exe	98
PID 4996 wrote to memory of 6128	4996	chrome.exe	98
PID 4996 wrote to memory of 6128	4996	chrome.exe	98
PID 4996 wrote to memory of 6128	4996	chrome.exe	98
PID 4996 wrote to memory of 3300	4996	chrome.exe	99
PID 4996 wrote to memory of 3300	4996	chrome.exe	99
PID 4996 wrote to memory of 3300	4996	chrome.exe	99
PID 4996 wrote to memory of 3300	4996	chrome.exe	99
PID 4996 wrote to memory of 3300	4996	chrome.exe	99
PID 4996 wrote to memory of 3300	4996	chrome.exe	99
PID 4996 wrote to memory of 3300	4996	chrome.exe	99
PID 4996 wrote to memory of 3300	4996	chrome.exe	99
PID 4996 wrote to memory of 3300	4996	chrome.exe	99
PID 4996 wrote to memory of 3300	4996	chrome.exe	99
PID 4996 wrote to memory of 3300	4996	chrome.exe	99
PID 4996 wrote to memory of 3300	4996	chrome.exe	99
PID 4996 wrote to memory of 3300	4996	chrome.exe	99
PID 4996 wrote to memory of 3300	4996	chrome.exe	99
PID 4996 wrote to memory of 3300	4996	chrome.exe	99
PID 4996 wrote to memory of 3300	4996	chrome.exe	99
PID 4996 wrote to memory of 3300	4996	chrome.exe	99
PID 4996 wrote to memory of 3300	4996	chrome.exe	99
PID 4996 wrote to memory of 3300	4996	chrome.exe	99
PID 4996 wrote to memory of 3300	4996	chrome.exe	99
PID 4996 wrote to memory of 3300	4996	chrome.exe	99
PID 4996 wrote to memory of 3300	4996	chrome.exe	99
PID 4996 wrote to memory of 3300	4996	chrome.exe	99
PID 4996 wrote to memory of 3300	4996	chrome.exe	99
PID 4996 wrote to memory of 3300	4996	chrome.exe	99
PID 4996 wrote to memory of 3300	4996	chrome.exe	99
PID 4996 wrote to memory of 3300	4996	chrome.exe	99
PID 4996 wrote to memory of 3300	4996	chrome.exe	99
PID 4996 wrote to memory of 3300	4996	chrome.exe	99
PID 4996 wrote to memory of 3300	4996	chrome.exe	99

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Teletubbies-Asst-Thumbnail.png"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2676

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:2808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffbc50edcf8,0x7ffbc50edd04,0x7ffbc50edd10
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --subproc-heap-profiling --field-trial-handle=1588,i,14972237508900434128,13958088374848341242,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2112 /prefetch:3
  2⤵
  PID:4224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --subproc-heap-profiling --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2084,i,14972237508900434128,13958088374848341242,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:6128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --subproc-heap-profiling --field-trial-handle=2352,i,14972237508900434128,13958088374848341242,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2512 /prefetch:8
  2⤵
  PID:3300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3196,i,14972237508900434128,13958088374848341242,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:5660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3204,i,14972237508900434128,13958088374848341242,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:5384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4276,i,14972237508900434128,13958088374848341242,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4288 /prefetch:2
  2⤵
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4668,i,14972237508900434128,13958088374848341242,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4624 /prefetch:1
  2⤵
  PID:3648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4872,i,14972237508900434128,13958088374848341242,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --field-trial-handle=5284,i,14972237508900434128,13958088374848341242,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5304 /prefetch:8
  2⤵
  PID:1156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --field-trial-handle=5324,i,14972237508900434128,13958088374848341242,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  PID:5328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --field-trial-handle=208,i,14972237508900434128,13958088374848341242,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  PID:5488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --field-trial-handle=5448,i,14972237508900434128,13958088374848341242,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5488 /prefetch:8
  2⤵
  PID:4292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --field-trial-handle=5472,i,14972237508900434128,13958088374848341242,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5352 /prefetch:8
  2⤵
  PID:4316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4592,i,14972237508900434128,13958088374848341242,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4296 /prefetch:1
  2⤵
  PID:5140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4524,i,14972237508900434128,13958088374848341242,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5872,i,14972237508900434128,13958088374848341242,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5816,i,14972237508900434128,13958088374848341242,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:3332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5444,i,14972237508900434128,13958088374848341242,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3824 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=4964,i,14972237508900434128,13958088374848341242,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:1204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5712,i,14972237508900434128,13958088374848341242,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5968,i,14972237508900434128,13958088374848341242,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --subproc-heap-profiling --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=6692,i,14972237508900434128,13958088374848341242,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=6588 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=4432,i,14972237508900434128,13958088374848341242,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:1120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5364,i,14972237508900434128,13958088374848341242,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=6600 /prefetch:1
  2⤵
  PID:2916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --field-trial-handle=7068,i,14972237508900434128,13958088374848341242,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4304 /prefetch:8
  2⤵
  PID:1192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=7120,i,14972237508900434128,13958088374848341242,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=7020 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=5588,i,14972237508900434128,13958088374848341242,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=6900 /prefetch:1
  2⤵
  PID:3100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=7132,i,14972237508900434128,13958088374848341242,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:5732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=5660,i,14972237508900434128,13958088374848341242,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --field-trial-handle=6024,i,14972237508900434128,13958088374848341242,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=1512 /prefetch:8
  2⤵
  PID:5860

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:412

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5732

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1276

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\EPIC-GLOBAL\" -ad -an -ai#7zMap12961:84:7zEvent21416
1⤵
PID:1708

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5384

C:\Users\Admin\Downloads\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe
"C:\Users\Admin\Downloads\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:3840
- C:\Users\Admin\Downloads\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe
  "C:\Users\Admin\Downloads\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:2036
- - C:\Users\Admin\Downloads\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe
    "C:\Users\Admin\Downloads\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:6044
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://epicpbglobal.zapto.org/
      4⤵
      PID:3876
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument https://epicpbglobal.zapto.org/
        5⤵
        Enumerates system info in registry
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        
        PID:4932
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x238,0x23c,0x240,0x234,0x248,0x7ffbbecbf208,0x7ffbbecbf214,0x7ffbbecbf220
        6⤵
        
        PID:5288
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1940,i,13435193390158362714,6485520562923693445,262144 --variations-seed-version --mojo-platform-channel-handle=1932 /prefetch:2
        6⤵
        
        PID:3000
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=2240,i,13435193390158362714,6485520562923693445,262144 --variations-seed-version --mojo-platform-channel-handle=2252 /prefetch:3
        6⤵
        
        PID:936
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=1972,i,13435193390158362714,6485520562923693445,262144 --variations-seed-version --mojo-platform-channel-handle=1912 /prefetch:8
        6⤵
        
        PID:5576
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3500,i,13435193390158362714,6485520562923693445,262144 --variations-seed-version --mojo-platform-channel-handle=3536 /prefetch:1
        6⤵
        
        PID:3552
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3540,i,13435193390158362714,6485520562923693445,262144 --variations-seed-version --mojo-platform-channel-handle=3628 /prefetch:1
        6⤵
        
        PID:4764
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
        6⤵
        Checks processor information in registry
        Enumerates system info in registry
        Modifies data under HKEY_USERS
        Modifies registry class
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        
        PID:3744
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x214,0x268,0x7ffbbecbf208,0x7ffbbecbf214,0x7ffbbecbf220
        7⤵
        
        PID:6056
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1880,i,17109322372451156654,10640068811779743950,262144 --variations-seed-version --mojo-platform-channel-handle=2192 /prefetch:3
        7⤵
        
        PID:5260
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2164,i,17109322372451156654,10640068811779743950,262144 --variations-seed-version --mojo-platform-channel-handle=2148 /prefetch:2
        7⤵
        
        PID:2896
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2508,i,17109322372451156654,10640068811779743950,262144 --variations-seed-version --mojo-platform-channel-handle=2676 /prefetch:8
        7⤵
        
        PID:3320
        
        C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4384,i,17109322372451156654,10640068811779743950,262144 --variations-seed-version --mojo-platform-channel-handle=4436 /prefetch:8
        7⤵
        
        PID:2708
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4472,i,17109322372451156654,10640068811779743950,262144 --variations-seed-version --mojo-platform-channel-handle=4480 /prefetch:8
        7⤵
        
        PID:4432
        
        C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4384,i,17109322372451156654,10640068811779743950,262144 --variations-seed-version --mojo-platform-channel-handle=4436 /prefetch:8
        7⤵
        
        PID:4268
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4520,i,17109322372451156654,10640068811779743950,262144 --variations-seed-version --mojo-platform-channel-handle=4708 /prefetch:8
        7⤵
        
        PID:5536
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4448,i,17109322372451156654,10640068811779743950,262144 --variations-seed-version --mojo-platform-channel-handle=4704 /prefetch:8
        7⤵
        
        PID:756
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4468,i,17109322372451156654,10640068811779743950,262144 --variations-seed-version --mojo-platform-channel-handle=4748 /prefetch:8
        7⤵
        
        PID:1072
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=4816,i,17109322372451156654,10640068811779743950,262144 --variations-seed-version --mojo-platform-channel-handle=4852 /prefetch:1
        7⤵
        
        PID:2032
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --always-read-main-dll --field-trial-handle=4820,i,17109322372451156654,10640068811779743950,262144 --variations-seed-version --mojo-platform-channel-handle=4892 /prefetch:1
        7⤵
        
        PID:4640
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5396,i,17109322372451156654,10640068811779743950,262144 --variations-seed-version --mojo-platform-channel-handle=4692 /prefetch:8
        7⤵
        
        PID:1520
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5520,i,17109322372451156654,10640068811779743950,262144 --variations-seed-version --mojo-platform-channel-handle=5528 /prefetch:8
        7⤵
        
        PID:2624
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --always-read-main-dll --field-trial-handle=5832,i,17109322372451156654,10640068811779743950,262144 --variations-seed-version --mojo-platform-channel-handle=5868 /prefetch:1
        7⤵
        
        PID:4356
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
        7⤵
        
        PID:3188

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4036

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:5828

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:3740

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2d4 0x2fc
1⤵
PID:2056

C:\Windows\helppane.exe
C:\Windows\helppane.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://go.microsoft.com/fwlink/?LinkId=528884
  2⤵
  PID:4156

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Checks processor information in registry
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4412
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x2f4,0x7ffbbecbf208,0x7ffbbecbf214,0x7ffbbecbf220
    3⤵
    PID:1500
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1936,i,5318508578017531478,10962244380240132974,262144 --variations-seed-version --mojo-platform-channel-handle=2288 /prefetch:3
    3⤵
    PID:6100
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2220,i,5318508578017531478,10962244380240132974,262144 --variations-seed-version --mojo-platform-channel-handle=2216 /prefetch:2
    3⤵
    PID:4460
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2524,i,5318508578017531478,10962244380240132974,262144 --variations-seed-version --mojo-platform-channel-handle=2520 /prefetch:8
    3⤵
    PID:5044
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4456,i,5318508578017531478,10962244380240132974,262144 --variations-seed-version --mojo-platform-channel-handle=4480 /prefetch:8
    3⤵
    PID:4784
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4456,i,5318508578017531478,10962244380240132974,262144 --variations-seed-version --mojo-platform-channel-handle=4480 /prefetch:8
    3⤵
    PID:4496
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3032,i,5318508578017531478,10962244380240132974,262144 --variations-seed-version --mojo-platform-channel-handle=4668 /prefetch:8
    3⤵
    PID:6108
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=564,i,5318508578017531478,10962244380240132974,262144 --variations-seed-version --mojo-platform-channel-handle=120 /prefetch:8
    3⤵
    PID:1900
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4800,i,5318508578017531478,10962244380240132974,262144 --variations-seed-version --mojo-platform-channel-handle=4708 /prefetch:8
    3⤵
    PID:1820
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4700,i,5318508578017531478,10962244380240132974,262144 --variations-seed-version --mojo-platform-channel-handle=4832 /prefetch:8
    3⤵
    PID:3012
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4932,i,5318508578017531478,10962244380240132974,262144 --variations-seed-version --mojo-platform-channel-handle=4532 /prefetch:8
    3⤵
    PID:5228
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=4904,i,5318508578017531478,10962244380240132974,262144 --variations-seed-version --mojo-platform-channel-handle=5044 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:388
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4020,i,5318508578017531478,10962244380240132974,262144 --variations-seed-version --mojo-platform-channel-handle=4248 /prefetch:8
    3⤵
    PID:4632
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4064,i,5318508578017531478,10962244380240132974,262144 --variations-seed-version --mojo-platform-channel-handle=4164 /prefetch:8
    3⤵
    PID:3164
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3824,i,5318508578017531478,10962244380240132974,262144 --variations-seed-version --mojo-platform-channel-handle=4988 /prefetch:8
    3⤵
    PID:4208
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3240,i,5318508578017531478,10962244380240132974,262144 --variations-seed-version --mojo-platform-channel-handle=3184 /prefetch:8
    3⤵
    PID:2680
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3364,i,5318508578017531478,10962244380240132974,262144 --variations-seed-version --mojo-platform-channel-handle=3932 /prefetch:8
    3⤵
    PID:3320
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4328,i,5318508578017531478,10962244380240132974,262144 --variations-seed-version --mojo-platform-channel-handle=3168 /prefetch:8
    3⤵
    PID:4880
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4940,i,5318508578017531478,10962244380240132974,262144 --variations-seed-version --mojo-platform-channel-handle=4212 /prefetch:8
    3⤵
    PID:5280

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:5476

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping4412_274043343\data.txt

Filesize
113KB

MD5
60beb7140ed66301648ef420cbaad02d

SHA1
7fac669b6758bb7b8e96e92a53569cf4360ab1aa

SHA256
95276c09f44b28100c0a21c161766eda784a983f019fc471290b1381e7ed9985

SHA512
6dfa4eca42aea86fba18bc4a3ab0eed87948ea1831e33d43426b3aca1816070ecb7fd024856ad571ca2734214a98cc55e413502b3deef2c4a101228a7377e9d5

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4412_274043343\manifest.json

Filesize
53B

MD5
22b68a088a69906d96dc6d47246880d2

SHA1
06491f3fd9c4903ac64980f8d655b79082545f82

SHA256
94be212fe6bcf42d4b13fabd22da97d6a7ef8fdf28739989aba90a7cf181ac88

SHA512
8c755fdc617fa3a196e048e222a2562622f43362b8ef60c047e540e997153a446a448e55e062b14ed4d0adce7230df643a1bd0b06a702dc1e6f78e2553aadfff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4412_475112165\manifest.json

Filesize
118B

MD5
b8435fa56036ff5ac2b3b95cca535196

SHA1
2d7ada6f7fea8142daac15c8098df9bbc08663ff

SHA256
1c262e30d188bec0a1698f0e4f37f19772e468a06ef9442a088db5b442b36185

SHA512
b5285d826ca081eb7265afe1ee37f9d82bac47b097682180347373f2330db854fa431515fded5f3bdf8f7dbdc7238ef3f0b578eb24d1ac5c66f4bedccef33d23

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4412_522083948\manifest.json

Filesize
141B

MD5
811f0436837c701dc1cea3d6292b3922

SHA1
4e51a3e9f5cbf8c9c96985dabe8ffc2de28dae87

SHA256
dbfb38a16e33a39c35ac50bd81782e4608be14954f1df69ac8272c0b9ce87a5d

SHA512
21e7bf2f8333b2900bcbcb871ede14684073249597d105095dc7d3f101e7ccc326068732f11d4a167365f245a3f2205793f520c7666d7f948e70919b40b43d35

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4412_98473294\manifest.json

Filesize
102B

MD5
a64e2a4236e705215a3fd5cb2697a71f

SHA1
1c73e6aad8f44ade36df31a23eaaf8cd0cae826d

SHA256
014e9fc1219beefc428ec749633125c9bff7febc3be73a14a8f18a6691cd2846

SHA512
75b30c0c8cef490aaf923afbdb5385d4770de82e698f71f8f126a6af5ef16f3a90d0c27687f405274177b1a5250436efddd228a6d2949651f43bd926e8a1cc99

Download Submit
C:\Users\Admin\AppData\Local\EPIC_GLOBAL\PBLauncher.exe_Url_0waf0ivslxswlsimdywvok2pv0u23oft\2025.0.0.1\jnnntjfk.newcfg

Filesize
1KB

MD5
578c0c9b05104ed63b038fb26112cb25

SHA1
598f313a8fed112799606ed371d1bf7c26458ae9

SHA256
acf94c31814f382794096c5e2b5af433ba92ee98972f3cb9405d406e882f7e6f

SHA512
786bc7789266364606ffc5daf9cf32fd454205094d1ffd580c299c0019262af350b2bc1f4c994b3fad113b94efd5035ae8dded41c1ab236438510522cc46bd7a

Download Submit
C:\Users\Admin\AppData\Local\EPIC_GLOBAL\PBLauncher.exe_Url_0waf0ivslxswlsimdywvok2pv0u23oft\2025.0.0.1\user.config

Filesize
1KB

MD5
042609a265ed681c1ef19305a73f4c8b

SHA1
7b5d53803878f1c8a74d8f6724e77b5c2cdeeb0b

SHA256
1eb30ff7e4b0301345c0eff6d698adae8f4f7214c0b5feaa41ad6613177a9ed0

SHA512
5d1979bae8a9dc2945a90be10753058c97b2f207582c018dc40fb2da86ac91b67216c28b95f5ee8cbd7525a032298fe2cb0e59a3a24868ba77d8b19050e258a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
414B

MD5
ab41441bfdb58992b7f6c19de1dd7a50

SHA1
c6e169f4c233efa974a05dc1392b8befdfbc8397

SHA256
b541fca1feff2bd02715a9c033467f00b315fb4b5f82dec0bed2b0f7e5bd1272

SHA512
b73d06930bb54cf555466118b2fecf904e36c29f372adc041db2b8582145186b62211415bf48523b1d1428824886c9cf5e45869706a613bea212ac65b6ab41dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
216KB

MD5
50a7159ff34dea151d624f07e6cb1664

SHA1
e13fe30db96dcee328efda5cc78757b6e5b9339c

SHA256
e990d9d31c4c7d57dd4795e43baea05501fb6ea8b7760f89001be660425dd01b

SHA512
a7768dd7e315b07754a305080e0fc023765e5a224b2c3824e8e10f29286df63bbdefef379e069941fd8cd9c7c3befce976779ae2efdfb6e7da697b09d7f07250

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
fe4d727645a6c2ba2557ec2a0187c93f

SHA1
ecda0dc026a8306178591aa9322170c85913de8b

SHA256
052e229defc7d3e660305d9a9e099c6f3735aa5839e39b98bb6a39b4989d585c

SHA512
7bf4632e5be0d1f717f20481391412812191d8f54b419a878c912580a75270b45d9f88003f7e54176bac5ccb884ec7ed1befd9240db229a4dc4086fb11ec1a56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
5fa387ac13a16e8df29086b203ef4e19

SHA1
89a46250fbfbc1311a55d7dc8e1173d37cb3493b

SHA256
3291983c93a7a71821f5e6cd0471ec9be9b3706dedceb7370c42be8456bb3f45

SHA512
46d8d6c5870948046d7c87e8c1f2cb1be612098a6a93d2c80385e9d5a9076e5c95973a9733b89dcd8b586aaf9aadfc913d734af6f06b57f4b7fe092747554217

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
ce2b399a9e716e887c3f42fee1801469

SHA1
ac7089bfbc64b63cf599d42f168f2beaafd32683

SHA256
91005477ddb4677e1add491c88a98c1646c89a609e104d6d8aeee5ea98ba4d34

SHA512
3dc29d9b4e520a6dc99096a2498745afae1a807b0b80c23238338a7610fa671ee25af68c9e790c3bbfa3e112a8f76742d0321d96429b408dcda7fd5596711f93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnGraphiteCache\data_1

Filesize
264KB

MD5
7ae1e81c1a604f89b5c9cc1892ae49d5

SHA1
1a683fef227f05876b077a81168d076d9021249a

SHA256
8e20e60c3a95b037f52248447a93d9a06a6835130c85e475832d1aa21234b964

SHA512
8dd67f9092453573c12b660e2a816f0e61ff16c5199eb736752b3a7c7d4e71c2ff511430278966afb5ae4806f8253e2106609436f206ce6ca1087372ed00697f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\4930d444-7ca6-4767-b78a-c7a480dffe27.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
14KB

MD5
7cdfa85243ba7c19157d0a182ba78be5

SHA1
fe0dd5931b6ee2e0c952ade29360f1500a5be2d7

SHA256
ed699791a830624141de5fbc9f4c13050dd6cc3a9d5ecd3cf53fb0798e22da17

SHA512
6ca5b820dc5c3ee51fb6503cd598a0abe0f7ad750184573088d81d90bed1cea9e2a0174506a6ae7939bda350cde3ccfdadc8957a879f6be03331716116580264

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
1b311dd3148abc5f367c1cc36e71a7be

SHA1
ff4dbfa5e9878de2f6151e66d34f9049f588fbd8

SHA256
c395fc59830ebf80afe942dcd4e4b2618e2b5ae50b7502b8a479c1979d12f7a7

SHA512
f706388f4dad04395b1dcc453b15646ffe60c7723bbe39f6f1e9e3c0b07f6328e96c63e280512dbf60db3cfdfd902006d01bfef649d52c46d461db89067f6244

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
15KB

MD5
a45d7f465dc5eed50e0c1f06d56148d7

SHA1
2308790cee609995820b619f398d3d8d56135724

SHA256
ed200eae82830c116963c470955abff5f4dd382c44ba4e6ae07075d570947c7f

SHA512
393817213555c281a9bca1cd0b52b83d08ad6594d45f6cef9a9c62f4071fed555ddc0dba451738aa92898b036997475e6ddf6c58ba58c26884288e5c7eb862bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
8b4aff7b8e3a68a7eb91712858db1963

SHA1
79dd59fb9cf4584a68df32e7d811de08a29740fb

SHA256
b0da44fcbc7f00d66afc7f5e58cb0b96186d82bf4fd2d65de3842131ecb01fd8

SHA512
fb69e7a1260835893f4e2bd948dee9828f842c27fdd63364f63bd781c51f27ebb9b719984ae0e83ed7669047078771003c970a2c8481349884ff69e1a9769fa8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
69e6f74efdcd2b9ac04f09bbdd8eb33d

SHA1
eee4d4138cce4a955d9dbf5e8db069f62672c018

SHA256
d08f84654bb624931c216a046cdc132e7e9ae57f908e5cd191a06e9896ebe864

SHA512
83b0094af3189600437437ae69e7d78d841301bdb9598cf6049c18b44b15e885e730d78ef21cd2b5d3db5427ba7c5704b29e1fcbf6338e5a29b5b6d2faa769db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
bac2e31cafa6a81f742f4b66a2ecffdf

SHA1
d02215833bf140eead5b50fd71c44399975ea3e6

SHA256
3e8b9e685aff9cc72b6d7d7450e738738bb35597a218861b57eaa622bd7d31fe

SHA512
edc31baf44c797f65e06f2fd20a051ff6b9b52341ecb1ba527605aefd4bc49f246b54f9856efee11dd19388e8e7b37286235ee58c3f52c6310ce13d09c421f9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
f9ed28ece98c656127c0623d8b9979a7

SHA1
f685b5b2bef48c74d8078a8ca0eaca83c335869b

SHA256
cda510b16c69b73d8dce9d3609443a4d4beebb547b2b050bc6feb5d6c687e231

SHA512
49f2927f2597e89c0dfc8462fc26e0b25890d48452a98e350be674db71bd1e0fbfb5f525e4e22241206514054fd22dfbfdefe75c16daca144b7559ad265cd8a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
6eefaf2cbd14210978fbbb2d6395f155

SHA1
4f1f04abc19d958f5bada926b73d1368aea5c494

SHA256
7241785472803b957cd5e3b17bddaa8f07fe9ac3297e62ea4d338bb8d68bc486

SHA512
aaee669696dc15b1120363520fdecb75fd5b0404f51be911ed6f1a8e0bfba0760f5cf160ab8dc191b406658a0db8045d1d6fe134af07f2ac8972ab611a878e62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
d484d63b126eaf269ee3f7b82593e0a9

SHA1
8fa4e8137706a61cea3e457b520d7acf6c935423

SHA256
ab293108cf5e74555d78da0060fcfeb2262dfe8a94511ed35b7dcb7488319692

SHA512
1823d0f9bdc348d56a0dd11d7575666da916d523d8fd8d2357781099d57445e85cc1bee37e69757fa7a17ada6e171e7921dd824e6fd125dc1d64631af5603ff2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
9fa85e80d1b013a246e6e2a25373c3bd

SHA1
741529b60a923dfe6c51cfac9ac88bfe008bc746

SHA256
41fc0dd701c5ec07b308c1c6dcf47bd89bf9727b6956541bcef2eb06e0b815fb

SHA512
c1af7ef9a02f1d4ce2ac380371d4b46937e696067a31d1fc8e1ab3eecdc14686dc36a4b484026a474508a856f1a2e7ddbfe28200e5283c50460e449a89f930e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
1f05646c1d82c1f26129da188d498676

SHA1
c086fdccd38c7064e24d6e936a3ebd06b0b03d10

SHA256
8e7022f8155bae640a7557576b70f7f32d4229510a34c71e10ca5f132fc88bc7

SHA512
3cc6377b72330ee38d4d731ae94fd84ef31cc06940ac549e89c6090bb1555839fbdca4d25e1aded3f23e20891c765e55bdad4f0b6b2b33c48bda65374482043c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
e9c330364e213525ebb1d41c6ba975c3

SHA1
8343435e78ee9487e293d8e6395a74103c7bcfc6

SHA256
f9b737776654920dc982906de105357b79febe5c507ab0c8f855efa12b81ae11

SHA512
514bcea4a65d0b37d47d2afb97baf002e9049586870aa11666dbcdeb8db25d4dbd2064c4d236ed02c5d6dd515ff5e5a70ecd2b00b3dfff60db0c66174e5984eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
f4ca835dd180cb72108f1151fc0c6db2

SHA1
3355f12f12626e0c6f828a23638a8330452ecc55

SHA256
d783368111d5356429ba18cb5c9cd9601d6684725836b8de57262fb1ae0f623c

SHA512
7b37abf12c89dfdd125208b053c81e145df766e78bde62d192d5bc3e3db13950174fe5ade03380c8689179eeab5689ff1d18d04d14b47a82cb9c5968a9df798f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
9e48b703a7fe13ab812c5e986a3f9f57

SHA1
ea30c209a291cd3266c63bba82f60d7ebe0d59bd

SHA256
3f90d4f87135303839f9461c424f766425a71b64e86ba66605d66a29c12d2487

SHA512
c797b02f9761e78bf648c5998c4aa39d7472a1ae601a0b8b6164ed7421180a836235e3cb2a902681196086c8c16023ba387ad6c1acd4b29dffdf3928d52f4d3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
db4441bd25c726dccd50c99f18ff9c3d

SHA1
625a1139116478f71b62644fe66edf685b6cf0f3

SHA256
4a58a1ddcc3d65373ba2e6a9bb6d5f92ee79750158884330c015dac41aa5cc26

SHA512
e3599c72c18e8da1e68b6bffd614a82404e4575f842cb4b16778ff20008b32f4939dceb1959bbedac6b213b9cc82db28c6c76cf8b93445afae5278424e387b96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
626e8c32660f427ee6516a7a50b51787

SHA1
eabb049ec90eafd692ecf8950f039d8e0245c29f

SHA256
44d94721d73dd95a63cf40ab6a3bb16d4ae6dd048c23bdffcda25604c1f468a0

SHA512
b3e2ff66dedf85b0f710d262e23e79b15f76d1ba5794925b39664102fb1e24cbbe30fd7ba79b4c0c99bded77d25f39bea6162ea2611889bde92419cf62efb20e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
087d5a982a41aaa7af52ab7913589e38

SHA1
d5d357caaf20da243389a893974015162045a9ca

SHA256
02ad6d8a072a65689a8546715b2f0f468367fb1a4ea5f82cd73f7bbe83e91447

SHA512
6ccb0d091228b15951aba42bcef91541424723f8fb8affe28bd0c00c67b2d03a4a30823d38ff4f443d205c34b0bbd445c678907a6999de7a63d6aaf8b0d09a75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d6feaa9e61563ad780071f5f8c10e2b8

SHA1
245479569bde63cc1f331cbb502de54fbbdf5ee8

SHA256
c22f4c139e168e697dd8d27658dbda58c7763745c250c0567b66d503bc8569ab

SHA512
44c907d5e0eee9d57c2781a0ce7afe553fb9519ed8af3e3f27e61d1f0dc0ee2806f1bbca6f4cf283c726e2623d6ef46cbf5b2e7a9cbc2d6f781bfaab34adcabd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
05c21fa110d24facc8c47d889e82ec97

SHA1
77657f6904738252bf9e139ff06e64254cc8847f

SHA256
fa150cb3437e17572a89590d349e8a3c9a67d689238eba06d859035ac4417bae

SHA512
c2862a3fb9812667cc579441411ec2b7866f2b61fb7713ff917d8c2a66d33a842fa0b463a20ba2e0281e7e5b6425bdb49346eee1c3405fe8ec2c6726f3c3bd93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
dd463feee96bf855de86c6bb430fe72e

SHA1
56a3b0b2502193b102dd7587d5ac3d50fb245a89

SHA256
d103b09e10fe86c5cc98b3dca65308f93171775021acbb7f1c750e3976ae1ef9

SHA512
3d5eaefb84d8afef3fc5918a16e2788bbda39c18e7a41f533638c1908fecefd22fd7e0da402f254d7cb50b59c852c7549055354ec8fc227867ae62d1db4269be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
19634c888e02760ced366292194242eb

SHA1
0332a79137c5ea3e18f31f5195be113f7e8969e7

SHA256
b7c88d1aa3dc955f11be26a8dfa1997331ac972fd7b0a027426cd5435690b1e1

SHA512
0542377c7b7db25f5af4f0bec82b196ac28904cedd350f362112aea8a7d7a9873dcbf5e52f55babc70b06dc2f1c2dc73f16016e88ad6f05e7ae234d61aa8876d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
7b825b49d060fa111e709bed81871b1a

SHA1
c079b4d039861c63151150584d4c5ee0b3e7c644

SHA256
7f4fc14d531eb0a0aacb38343236e0289cf5af696f7a49148e5a98c421d7c546

SHA512
703749b2db4b12184a0658a0682a808f2c7cfa8143bae57833f31b6c724d686a7cd120971f9e09b276fbbf29a97ee4e22ef6a44394f43f85c3dcac337982a41e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
dd5cb33eab8d088a773ba50c3ceb87ec

SHA1
c5fc91c6da0ecb9cb50217b43b4f256bd3e5a949

SHA256
89d79f608243513304e02703f275558b18754a470d577bb468b1f5ca73766ca1

SHA512
0ce29aa7cdd823dc2988f9ab87942ebf94e285919b37b773b6d892b15cc40af900845b6098603c7456b94c93eb79cc74ccd79204ef08f40eb836d81c1c08b42a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
745c6467c96089471508f80cafdfcd50

SHA1
f11cf9d7d4d25714b5a96afe9f47f81906a9c08f

SHA256
143deb70671e796ba2cf27f579e1c8eccae6e9ac0c58d00acc311f6bbffc6b04

SHA512
6a13315e29d6e68ac7d75c4893f80ff3cbfa6cd1b5ef6179d469c8df57f12704e1d0a4487f8db65cafb7d33c800f16f834df0ca40f158cec0c58ff6913f4ce46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f3d6.TMP

Filesize
48B

MD5
eda59eee9709845cf11c1e70db948e18

SHA1
e01a5d4068fe799e2fa34debe61413947114ddd5

SHA256
00085fbabe706266bc2ad69a19299df70047278330607d342c672aac186ad4af

SHA512
26a6b1cbb80705753f8ddb308836a9b030990f2c24a7c7eee4566ce886f8bfc61effe2b6539b8037afab3ae6fc47b6da0ca715956eef14c5e0df7391827c87ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\index-dir\the-real-index

Filesize
72B

MD5
860a93e51ae6c75a8e25527104e99fcb

SHA1
0bbe71e0252926e3fd4f4491f15752682c5e5f24

SHA256
6d942f77f880eefde22adbc839b6017bf8f41cee11816a9bca8ee85df7d9ca3c

SHA512
c6e255abb46b84ba3f417c7b3d2ac64e599748677717caaef15aca864bc009873ed3b2d4ef80014bb8554c1be0aecdec50413c860dfe92ff7333d13553e45630

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
76B

MD5
a7a2f6dbe4e14a9267f786d0d5e06097

SHA1
5513aebb0bda58551acacbfc338d903316851a7b

SHA256
dd9045ea2f3beaf0282320db70fdf395854071bf212ad747e8765837ec390cbc

SHA512
aa5d81e7ee3a646afec55aee5435dc84fe06d84d3e7e1c45c934f258292c0c4dc2f2853a13d2f2b37a98fe2f1dcc7639eacf51b09e7dcccb2e29c2cbd3ba1835

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe59b51d.TMP

Filesize
140B

MD5
7c88b86f2bccb09a41a36b8508bfd92a

SHA1
a2836e53f3d10ff46beb84002a771aff9d459d96

SHA256
34bf4e3b80219422d156f878dd2bc58a38c1aa08af604b51b55a1f28a4d1f982

SHA512
97feb98fbdefab1e539ec724d26e6eb3ed69ffc5149a9faaad0ee496047d65cc65e8f64fa38c5fc9b2e5eaedebccbff8e6c8770e3618c69bb99c63d9135c54fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d6b44adb-4d98-4ed0-a53f-1bda82a11199.tmp

Filesize
11KB

MD5
40cac0326bc2948b2103362ce0d2f7b9

SHA1
27da2a9f7a847ae0e0e62a51fb21be0d5cf87fe3

SHA256
13ee3018c5da734d54cdf2041b86dc8b4c59d38402a8cdaf29d4af9c219ee73f

SHA512
8138c441d934a5cdbc6c5937572601e9feb849d56cae5db422ddaf4606ef803f54f95c9807c9aa90bc06a03673a6ca946658a8dec8c2860a2b219e3b2b26cf54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
152KB

MD5
3b606d78e1e2bb9d9988cc516eafe883

SHA1
b6db814205322bcaf0c35c0fd53fdcc64055faa4

SHA256
bf75d8962126d4c4512c9a81391a0255944144cf6148097bd72aa8e95198fe20

SHA512
9cff5e33c87bccc5be2d7771cd3e1868546fc359c3545a5965a68556abdb6a43eb0e262c44b52da71d8155efd51cf62830c421c78c2ec373141efff88c9aa377

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
152KB

MD5
741234a11a39ec241a196d5163cd7894

SHA1
0424cc5c07cd9a6d4ca81bfd00f164a32b4280fe

SHA256
2363129ae7e08b8ca21aae42422c2ebba72c68a8e1780e76a0766ac264a8191b

SHA512
58b9658356683535f890bd7e978fc4e593f3cc98a7dc8877e5fdd3c9d78ca435b9eb857cc7a415341cf9bcee31afa794b9eb7ff7d12727515943965e4700cc79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
153KB

MD5
1021a3768952f9acd0273be2865166ac

SHA1
5c5c6a2bd99435ab914b98524713bc17e0ad896e

SHA256
ffc1963a95ad84d4c9870cdb0a855deae18755b8a97aaad50b27dd0cb319b721

SHA512
16241de32d99e1ec3e91e107a2e6e06fba3e58cd347520a976c07f03c75555874fa9189c0727a5d733f2d9d8f32e805d9860a7fc3fdc9535acf327121645f8f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
78KB

MD5
31cf3a0670afb575c7a5feb642264c96

SHA1
e6fe8fe76ba55c9173f64c9782d1c8b9d6e4021e

SHA256
5a5eea9ee68303f1c9453df5048fa5a2972bdcc7bc1f09fb12a164e4ebf33115

SHA512
b71c742786b0737b6a50c92707c2fd1e4b62b6716b092757d6ea419d400ee1d2e45369cd9ebd906e6906635dd5c55ddae5408500087b1e0ad3f2908b345aa5cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
153KB

MD5
bd4bd8d4fc6a04eb09050d699e0dbb24

SHA1
06c4f392f75f7304f4852b8f6a863615c15bef09

SHA256
e04ad1968e7c353b44505598ca345a13df3f8ea89b36a15fabcc079070b513c3

SHA512
a0fcabc0fe0a9dd65c78d13c7a852418eca685a1ef19ff8d9a30a060a1da6431b8f7f1e549905dd87a9c3543438ce1bd25da5b8f3eeb0af721cf9ded77cb9bdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PBLauncher.exe.log

Filesize
1KB

MD5
2e9fdc6dc39467151f5346d7712fcf02

SHA1
9205676e3b14c5fe19200351f9dd9e21d973cf50

SHA256
de40de88040c1dbb11336c22a888dddc833585764d8c141439cb01309e04e310

SHA512
d3667b4a6c453ca22926b1d6646aa5b92f6906871bb939ad90549a67ceeb61e6985d7eadc951204afded655b5dc59c2f74062eca96d74b33ed084843a5fc837f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
576f64b8f21f4203eed3f6c7b065f527

SHA1
e0c4e8f914319e112a4b3562d2d6f4107750aba8

SHA256
c39a636afaeae67ebd98682bf35ff7afafceac020ed21cb564ab954ab1ef6f87

SHA512
af606a5d7d4d96afd80d8e0117f2d5f02cc82b810149f50e26d46a5b8fd7c6b2aa119aa1b7123c54d2ef19d05ca92ca738994e047e24e567e53765fc1c52f653

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
0420470334e1f8fe1f355e0fc3b5c4f9

SHA1
4ada43c5d3bb5974af6e8216d6b3a8dc9c8bc402

SHA256
3a3c14464102a04e835e9ad9d0a86cab3da84400bb0823eb444745094c2db3fa

SHA512
f5e2dffa43971c56a7b7a11c9554e8ff62b287a8f8a9f40e73f281ce08d6983d70279acf37a1bef4e93519a8b6c6f6d9f8d9726831f0c359e5073b7189bf19ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
7aacd0d0ac5acf34011713580f62eceb

SHA1
dcd5862d39cea81c3b448efecdd7f2b65aa99764

SHA256
c562eb233f2649fc3598079df1f0fb18868044c0ac8ff5571df37bd4191d5dd2

SHA512
3272a8ba7d2fcb31ea803c81a2335e7688ce74828fb2093e16a675c44ab26c4b5d13ef6d39648cf13b78bc7324ea7faf32a1f2c327f3c0da442c5fb60ba1f818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
eeca3d50c120bad17fd8f7072b83951d

SHA1
8a00787d4d98f39ccebf5ffee94ae7726e81bb47

SHA256
ab4ebb7abb83d14e26f901b1c67f7bebc1717658fa532832464f401ebe5e71c6

SHA512
630ee184cd3cd63b0f326ccf447d1230559362762d115f453778d7b2dd35e85abc0062e92055a33c424429e857eb2888ffd149f360d259bee4ac557329107cb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4f8d32eb-8d8a-444a-95e9-086d7bd07ffe.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
331B

MD5
2a5e0ca471efe7534372d294df770930

SHA1
6d8a6d89cd8aa7470dcfe7b1e55c338bb0def119

SHA256
7a9a8f2d9d662fb45aa6c4d82fe9486e034898dea093ffbfdb926879e18c52fe

SHA512
41748a1d1ce739538cfdae13d524cda11a34f05598c2c1737649473aa526666b2fd0bc7905e6d27b4cb7d9303ced3b2952449b1d6a345b9d3914a51d43f0759c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
b7b6c83b569249d9d9aebc38ece9b773

SHA1
d9651df613710faa13f09f37e89eba30acd294c3

SHA256
5e935aca107a5d9a68238e557e4d0a34c9794df11e5b8473600bbacbea9e71f4

SHA512
bb09a8032726e145127c226a4d7d642cc90a1780ff82db03c56f648a19b5ce50377feb323692d2c5e5400a26fb3ab9f48d3dd003f1902a4a271af60fdd3a4522

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
1ab1913a132f634a87ce361baaf6c37f

SHA1
ac6ec45abfa32c4d34fd9b133140f093c4b181f4

SHA256
07646e0849fcf3378dbe7f3a97fb4322963a2fcbdbe353a09626a875b510ad9e

SHA512
57bd4460804c126a65e7e219ff80fad6939b0667de5daccd0b212762eca09892ca1ca71ffeab7f24becad68c8fddf21a9e16b43a0498f1ba9b18530c7807822e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe69b483.TMP

Filesize
3KB

MD5
a773ea84f921b86926de9d9affa42ac5

SHA1
2b454e3dd113d6084377674de7e47cf9f44c19c5

SHA256
7ecc3df6f51e08fd832e9cf72fe4a54cddbca407501c5ddeb4eb919a1ac7f9b8

SHA512
8d47b3364902aa79da9b1d9590e6dc4f9137dfe19991fa280f1506dc76c9d05cc70be21dffb279d72850a19d31e7d527c4b45788b3c0eb11581ff2ef331b7b3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
2b66d93c82a06797cdfd9df96a09e74a

SHA1
5f7eb526ee8a0c519b5d86c845fea8afd15b0c28

SHA256
d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954

SHA512
95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
2e3b6926a986c1e1b62f3cf5d94b5f50

SHA1
1a91448be2efe8189d0475e6e0997899d6bc43b2

SHA256
368a3511e334455a6f6744905c63f75cdbf2258fc7c2b95c20bc32c86625f8fd

SHA512
c7e1487efdc6e9c9f638485a51591d0071ab0fa192b01803068efe88088dc9a9641a54aa77dc41aa4754b1c8ef066257581977a2b0d70ad3beb63f5590534a80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
fdf3f914713a2eb6bd9748f76c711afc

SHA1
c537ffe501f69e262515c2a1d32ab5bf78d3724f

SHA256
c4871dd7eabac8b1b08fe9e3025c25efa083fa7ac225bdd3ec870cf488500e18

SHA512
820585fd2e9db790d24bba3d27d2e2b4874413ce3c38f250da8fd7cfb9d44a99fdc6bd6455af29cb57bf510886d728e5cb2d600697a3f54b797d02cd7dbdb367

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
90c87437087b95c854fae6df22c67b65

SHA1
6b111205fc7ff5c6a786d8898c4892b62ab1020d

SHA256
1cff624c8e1201ccf79576207161420641673d470623f1752e2dae3a24bc1c6d

SHA512
45d8711c0cef2fd7480aaf7a880835017dfaed8a9b0807abb9ee4a6705faf2b367ced0f86e945d149bf86f1c936f528b1e2c1e85160369d7a0742a69778f89e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
6a56c2713954690909a930a02806914f

SHA1
7ea49f923ca1cd1c460960c4b34b8625d25f75b5

SHA256
6681be46c246c4033ee2bd27c08ba1a46d3890a279491849893a54a98d0394a1

SHA512
b476fd6af740dad21f03d6d91aacc8f3b736dadbe063b8eef2aa2cdfb9718fff470e992ab97195eb2114f6e569eaf2c771c03144a07d13e4f9b4aa53fc6a94f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
e841a7a2f1ba69e449e808d6ac4418be

SHA1
61cbc5673166bed9336878b237cf0e890275efe3

SHA256
1217153008f7be81f32de086e3f615c13dc3a06ee13d0636cf6e8fb466476773

SHA512
2015063e05fe4aeedf65dbbb9071ee1513f4c8f0dce07962fe10ba46f3d93c406a393c33b61c0af6d603eea3cdce0f9f898f548301b668917934ddf0d5c852d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
ecf40195efd708fea6dfcdd403337c35

SHA1
8ae76210f23429723942e85a9042883729a8f81e

SHA256
b5160848f9f21477d38832ae08b0c95750d73e842400b1b46d7c2b290c99a821

SHA512
a26445df212d0e378e634e75610785cc022e62997c7e739174040321558e5c40dfdefeb9555be812d4d003a8c154b638076f2e1242470987a8dace6af18f6119

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
a7b5eb6b6d2e7516960a4b937e6bd61e

SHA1
f28b238296aed64398b1c5c0fb48077697d7a357

SHA256
8c4643e2f5f9043e847fa206c58fb5023141ee113c657890105e4080f4770153

SHA512
25c70f73d5a065c7ab04806c7a35230635c9e44e228c52842afe6378e5cafa02034e4135f39c04ec519b1c957fd1986c9cafed8cf79c89dc6dca6cf89938ca4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
15c886990d9b2ad13342fd8b1c24812e

SHA1
be5bfb6c60596089f10e490d28598e68227a0fba

SHA256
2fd361f22212eb305b177bbc16d5e64221cd368187a0ea9c7c3c226bd81ddfd4

SHA512
5e801cada8553d835d1499624e799f8bfddc6aacf65526e9041c5f9a03f24838b198a73321a010a16864d94bcd6a1cfdcae093ac9f6ae76668cebe2a295281c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
39d23b99416781823b791916739b25b9

SHA1
0917812a484e85052d7d3c00b6e2c05f526b6d85

SHA256
53a0eb2850323c5e350c2000d6cc4edcf3c98b5bd1213a2c9bf9dded1761cbbb

SHA512
027a69058e295ea1f201367589a4d1cbbe7a27ae57303cff54b39683df82d51a617b71d08cd0c82c20a90d1aef1561dd1a5e65f6bb6ecc5de00218cef26895af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
892B

MD5
0a9a8da927509f0ce9ec39b6831511fb

SHA1
b87cf1a035fbd9d3cb5d93f9ba838fdcd4d289f1

SHA256
25d0ff5f4fd32a5b98e9ab053d5f9f8919dda9da9c2369f7448fc3b1d09c718d

SHA512
bc9acc23cdb85eced1f286f28681c2e05de8be0ff5f150a8e98e5367ffddb61fa7e33a64ee3bdd8ae7d96cdd91e15c09be3cfd8cba19f1498159036603281d54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
20KB

MD5
7182281d0100c3036a650d00666ca64a

SHA1
e6772bc24c59d8918d8f16d45d8eed6de63a76a1

SHA256
8c922a453349e539002688d275a4fc563bcb42942364f9896f8991741fdeb843

SHA512
27a7476952b86f0d8efb306db76fae98c4f3d36d0ebb7df12090038d4c5948b22b6e1b8b6863a5899e27805f7af70c08f4678d8cd03682e2d091c76975659507

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
463B

MD5
7546ea9fb93c8f510152210b60272165

SHA1
b6058472544466f8dfc513154b94c359529bb191

SHA256
b6693d3a62c1317d5e2c98e81ab23bb3c2513ea7a0aaea26562691a84484ec98

SHA512
120c78b674c7534fdd9bcb206f959ba1da4aa01b68052508806410096fc3b782107d17601670af6caa0ca3028c4ecad1e78da7298deb7148d758799b847d8cf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
22KB

MD5
3f8927c365639daa9b2c270898e3cf9d

SHA1
c8da31c97c56671c910d28010f754319f1d90fa6

SHA256
fc80d48a732def35ab6168d8fd957a6f13f3c912d7f9baf960c17249e4a9a1f2

SHA512
d75b93f30989428883cb5e76f6125b09f565414cf45d59053527db48c6cf2ac7f54ed9e8f6a713c855cd5d89531145592ef27048cf1c0f63d7434cfb669dbd72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
9526ad472337433168a00530c65fad44

SHA1
680cf8572cc5e2889adcef3574c24b5fdc4b0bb6

SHA256
48534a9aa900cf364312237588d8b19697c394ea8ffbab40970fde5d3aa51e20

SHA512
6c8856ac71827739dda4ef3829077801390f8e748f5a82ea332029067e0861ecbd172ce57621df80bd11bc7a96af1c58bed4b3f67c845e9f4b3c86154de14cab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
1bb0204476ab34bb19123da7f331479b

SHA1
402df6ad7860cf94013c53e1cfc7aca34c25da8d

SHA256
07b19caf7bbeb92105312048303ca63888afbada5e3ac48ab672c847028505e0

SHA512
d8dd8d0bab2b5e8fbcbf4b93bc6d3b745243919eab091e7b0ccfd95c7569d2725d8183fe6c8f656ab657e59c67ad2e666293a01c427e0f6ad99360e7db80d379

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
46KB

MD5
8d7a718d3e869e4d43719f78b8ed6ffa

SHA1
8af402c962d9e74d298b484b4668c97eb01cd02e

SHA256
3fa33134b6c632b8e031d1d35b3dea44aa195446854238bba6d3c6d59b7a6e32

SHA512
a198da87e14cb871e00d92d7b1944b8ea08ad9c0855219bb1a45f31d7fc744d6ca11524a334b95fed55ac2896dd6f27700b0424e331c49e1964d01b97254ce5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
4038c05233bb78f8cffd74570a776d25

SHA1
f638bdd6ab633ae7964ae3c375cd524ba00c3e55

SHA256
58425f960ac74898779d9af89c44b8698511f084bf166c00e0329681e7b32e2f

SHA512
bda0d5f7cf89ed3a7f4774dfd23fc8b99ff2048146065f5d02d8a3e233dbb4ae05f748e375927c70ddbd0480018650528e96e0f7fffd21dab2bb092ea94525e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
54KB

MD5
e4b492fe06f5798ff9e4cb08bc47cf0a

SHA1
64a22d782db32545d33c8cc0caf9f6853533251b

SHA256
464b814870218522674568f27a14eedbd3ba2e5f31bb17847ed8c14cdd0c7faf

SHA512
f8900a579d8f2701036e978041c677c3237d6a79f7d823d1162a14d029f52d5864618257f96b314c09654f52f16359f66856ab56c89dde264023f627289be3d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\crs.pb

Filesize
289KB

MD5
2b59269e7efdd95ba14eeb780dfb98c2

SHA1
b3f84cbc37a79eeecb8f1f39b615577d78600096

SHA256
ff2ced650772249abb57f6f19c5d0322d6df22c85c7cf2be193b6134e1b95172

SHA512
e4b454db2248021e0d198805ea54f1c0cfd84b9716a9348b1d0e0acb7c6fb5dd0839e532a5eb6d4410ab759d6688dd6cce8375ad55a150d738d280993142e9d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\ct_config.pb

Filesize
8KB

MD5
811b65320a82ebd6686fabf4bb1cb81a

SHA1
c660d448114043babec5d1c9c2584df6fab7f69b

SHA256
52687dd0c06f86a2298a4442ab8afa9b608271ec01a67217d7b58dab7e507bdf

SHA512
33350cce447508269b7714d9e551560553e020d6acf37a6a6021dc497d4008ce9e532dd615ad68872d75da22ac2039ef0b4fa70c23ec4b58043c468d5d75fd81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\kp_pinslist.pb

Filesize
11KB

MD5
0779206f78d8b0d540445a10cb51670c

SHA1
67f0f916be73bf5cffd3f4c4aa8d122c7d73ad54

SHA256
bf0945921058b9e67db61e6a559531af2f9b78d5fbedb0b411384225bdd366ec

SHA512
4140b2debe9c0b04e1e59be1387dca0e8e2f3cbc1f67830cbc723864acc2276cde9529295dcb4138fa0e2e116416658753fe46901dfa572bdfe6c7fb67bd8478

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.4.16.1\typosquatting_list.pb

Filesize
623KB

MD5
efe2d1b6a7a71b28f1af830983f6174d

SHA1
10c212bd4c687b896415d56043a74af12be6d2f9

SHA256
550bc3df5154df6f52d541448794a642eed5ee44c1ab90c27feb35014157e1bb

SHA512
739999121a9bf35c00060fce196b1f772d892b6e5ce1d869f5cd543225519b42deb584138a0f432dabe20e241216e433dcbf265c5193b272968629d6f300b774

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Well Known Domains\1.2.0.0\well_known_domains.dll

Filesize
572KB

MD5
f5f5b37fd514776f455864502c852773

SHA1
8d5ed434173fd77feb33cb6cb0fad5e2388d97c6

SHA256
2778063e5ded354d852004e80492edb3a0f731b838bb27ba3a233bc937592f6e

SHA512
b0931f1cae171190e6ec8880f4d560cc7b3d5bffe1db11525bd133eaf51e2e0b3c920ea194d6c7577f95e7b4b4380f7845c82eb2898ad1f5c35d4550f93a14b6

Download Submit
C:\Users\Admin\Downloads\EPIC-GLOBAL\EPIC-GLOBAL\Gui\Image\white_tiger.i3i

Filesize
256KB

MD5
7db3989c5bf995e5ce13a998f1b27dc1

SHA1
3e62744600b0bda02357286e2027deb9156a95e0

SHA256
afd97b0ac9a9f36b8959236da79f6879c90ca88c95b2d3c6da4d0ffb967fde2e

SHA512
837eab60508490ef2b8bdd59ab668dcdcf1222053e9ac8185e98ec193e9abf39f4db307c999fd579d0f483176481f2da8c2b2183e268ba8340fe76710cf5dc1a

Download Submit
C:\Users\Admin\Downloads\EPIC-GLOBAL\EPIC-GLOBAL\Guna.UI.dll

Filesize
876KB

MD5
6d6a1f28978d42ad2f0a8f278eaac966

SHA1
b09168ec88109422ca29cf4f1b6462d51930873d

SHA256
fb23fa4fca8f28bebe7b7e39593a211cd3c3405de5f948ec520e859b1bcaf91e

SHA512
76ddf88255a9355fc3c781880e23d94206acca4decf5623712411f7a733e91ca9ea37944860401cf9667f10e8c33a087803a4726f91faff1f23e3e0592ddf41d

Download Submit
C:\Users\Admin\Downloads\EPIC-GLOBAL\EPIC-GLOBAL\Locale\Thai\UI_V11\VTexList\Bg_1.i3VTexImage

Filesize
4.0MB

MD5
dabb7cd749169d9d758014a4d3557b82

SHA1
15e6b06bd8fab9151715cec0ec2965c59aa743fe

SHA256
18d6fe65fc4fba27b6f2e61e93858a4dcc91aeb5893be3e9512f2233053e8c66

SHA512
3fd91dcbfed5dff9c1f584b45b0463cefad1dca119ea26c445d8aeaadf52ad6555888662831d58cfd542553c4d450876147593be8b6b0b27bdcc7bc17d5a5149

Download Submit
C:\Users\Admin\Downloads\EPIC-GLOBAL\EPIC-GLOBAL\Locale\Thai\UI_V11\VTexList\FaceGear_3.i3VTexImage

Filesize
128B

MD5
18eb6c500ba896a69fbb6351b4ca5c41

SHA1
90908ce069742679d57bb6a15b942a8fa6f9754b

SHA256
f0f63b66d2cac94b2cbfa9d10c48ef4a9c4df7e607bd9af17e947ec3856832be

SHA512
47ace0a1e1fdcd74bcf77273ac68ff51c735f27aff6f6261ed6338653363dcf2233ffab45820ed0b2543652c8178e00f43472e01e98acfb2f473e0b44c1d5815

Download Submit
C:\Users\Admin\Downloads\EPIC-GLOBAL\EPIC-GLOBAL\Locale\Thai\UI_V11\VTexList\Item_Spray_03.i3VTexImage

Filesize
128B

MD5
928ac2e83bb1a634cea0cbef8502347f

SHA1
4049679fe14139bb5c28ab821976eae5077b5fe3

SHA256
5e6c0b28dd6244aea5366406bf399b006fe5461c9e850cc7f2276243ac51f984

SHA512
3c62d058ab1fa7bc952453c4dbf91d4f2f144db563003d9fd0bb8daf24bca7f8e08b58e95ebb00b262e4085b52c99d9356cb32f21aa013480d7bcb37ec62e025

Download Submit
C:\Users\Admin\Downloads\EPIC-GLOBAL\EPIC-GLOBAL\Locale\Thai\UI_V11\VTexList\NameCard_008.i3VTexImage

Filesize
128B

MD5
c1e87821665a8fd7030c2d36eb8f6888

SHA1
b110ce894247f6bd79db59031115e574ce06a828

SHA256
f6e5093b6872cd93cf2ed671cf8515a5f0ba91de1800cfcf67687dcfbab13d71

SHA512
014a8225f7b3ba18edc8cc51ad6f01adef3320955c8b1addd29a3ff1d922f3e42170f79acc9e521005c4544702c2bedb160cc990ce3ddadc72a878f45f9dbdda

Download Submit
C:\Users\Admin\Downloads\EPIC-GLOBAL\EPIC-GLOBAL\Locale\Thai\UI_V11\VTexList\UI_Source_12.i3VTexImage

Filesize
4.0MB

MD5
ca092297bc8e69c75b3596505a3afdac

SHA1
affafeaa27d42526c2399cd7c15680514936cbdf

SHA256
ad558a2dd18eb945eb58e024fccd85de5efc17ba282c2ea93590c07b5edf08b9

SHA512
6d91d9c8c55abf43d57a7f4a38f3cc00a055b244154a310c8f73b19b8c1cea51fc31068e02b8f642ab67dda3e2cfd9d62b08ddfccff65d8c95fd584b7e41c345

Download Submit
C:\Users\Admin\Downloads\EPIC-GLOBAL\EPIC-GLOBAL\Locale\Thai\UI_V11\VTexList\Ul_Source_2.i3VTexImage

Filesize
4.0MB

MD5
f1a90c67fc3903358af5eecab4526635

SHA1
afe1e3f98e78d19d1e8614c0ad41764c2770b27e

SHA256
b74d1a0dc40336946c654b0c04aa0021f832fc9e34a25531f7b957d0516090b2

SHA512
4a81a8912b5b50b7cf2abd350e05ee76ef4a52dc235d07217e3494c848ca4393898f849e122fce2ed2abd9ca8f9462056d5db49b0c1d635a970530d85f1e36bb

Download Submit
C:\Users\Admin\Downloads\EPIC-GLOBAL\EPIC-GLOBAL\Locale\Thai\UI_V11\VTexList\item_cash_A43.i3VTexImage

Filesize
128B

MD5
14b7716cf52a450ed3d4882c7c84f946

SHA1
34696ef0e4cc80b5a1e18648827c7af13a6cf636

SHA256
c17c0dcb9ec507546e538c212eaa81ed476b8c4ad77cd88db190c75290ac19a3

SHA512
2f6f3cdf54954d1cfb4bd854d86bd7b40ebae4131c03b9f1045e0ddbaf27afab086f2abfaa5187db842c90ee0357bc8710c78d104379b1c50a3f61c994e80f68

Download Submit
C:\Users\Admin\Downloads\EPIC-GLOBAL\EPIC-GLOBAL\Locale\Thai\UI_V11\VTexList\item_cash_set29.i3VTexImage

Filesize
128B

MD5
aec79cf88b840ee66911dcc884a1614b

SHA1
4b2021a15b5e3731cd1b28f3f112223d9fc53a62

SHA256
24288edb65c69160a1f385e5d2004be93de7c367eb5e77202e6a712a11cc7420

SHA512
9ac8cb59292f66d19d639d4ee43f196e27d767f689b63b7417a160fa48b0c351a9a6defc87f019f2801d3ec39b055facbbde14f033da1c139290c4ab982b2f15

Download Submit
C:\Users\Admin\Downloads\EPIC-GLOBAL\EPIC-GLOBAL\Locale\Thai\UI_V11\VTexList\item_head_07.i3VTexImage

Filesize
128B

MD5
0ecbc3a89591b3a2049ea03befae8766

SHA1
b67ad51257f65bc51901932bad982e0c2b9192ae

SHA256
a28b27cdadbfb5ce8c2ba62ec574fb8681dd2779662c51ae3595fcf4fc955ca9

SHA512
0d88aa8d719ac428cf498406275bbf3059a4970be3bade44d1b493574c8ae5a380b3de99d981936f090f3991c26a0f6ad2ef1ff01fb2a3f145157f5818f66781

Download Submit
C:\Users\Admin\Downloads\EPIC-GLOBAL\EPIC-GLOBAL\Newtonsoft.Json.dll

Filesize
695KB

MD5
195ffb7167db3219b217c4fd439eedd6

SHA1
1e76e6099570ede620b76ed47cf8d03a936d49f8

SHA256
e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

SHA512
56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

Download Submit
C:\Users\Admin\Downloads\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe

Filesize
27.6MB

MD5
a900a2397832e9bf280b9bb351563a69

SHA1
1157a0df927eacae5e3cf7775106def18875fe92

SHA256
c0c932e03af512f855953ce271013cb0cb4c1de0e36e7c0fba110afea9b2345c

SHA512
b1a6b770433db5cb667d69f1798ab2db21d2993649834de09731d3676f8d62f542e8c583f90411f284f5d8a8265fd67a1971a16cbb47f65f1a9a0a88a237f082

Download Submit
C:\Users\Admin\Downloads\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe

Filesize
27.3MB

MD5
58127809314b9309ce090619a169f0f0

SHA1
258d0d4a7c1bb293efe25897033cf31e48b04cd9

SHA256
c12f7f58515e7ed58d18ce9596e09eac217733f4e57c77850dd9254589d75bae

SHA512
e8866bb5b5a6f06d7bd6c6cb4c737153c43dbe8a9ec4d4c4a56f79094a532e0fc4532a75a55d9c433eb50a696a45e587e635a2442efe79bf7b2fd49bfd3c821a

Download Submit
C:\Users\Admin\Downloads\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.log

Filesize
10KB

MD5
f99fead0335d3d687c7ee2abdd338e33

SHA1
5076c6c6be8c0cc4201644b2a936fefc6ad21453

SHA256
1a2f5bff49e0324cd4179630164ffe92fadb4ac038aeaefb76ab250886d541bc

SHA512
21dde900ec3cf052e55030d3955be52d15709d1bdee6abca2ff5b1904d7ef12b4ad1c18723a28b3a1905e912e56837eec499c1fc1c11e8d0611e2f475a72c495

Download Submit
C:\Users\Admin\Downloads\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.log

Filesize
10KB

MD5
58c5c08de47c73bd70896a0ff0f75348

SHA1
d7ef8409b18fd265ae188a4675d11860998e8425

SHA256
417aead69f510cc2a977d2620361d829103fc69aaedcad7954802937dfeb383b

SHA512
7bdf3c469f4416993b0d677dddf4d6934ca90c7f8aa8d4d0e089a0efb95fdce94b43dac2cb6e5b19e4adbfdb3ef2378956776447484b852c225334823007d097

Download Submit
C:\Users\Admin\Downloads\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.log

Filesize
10KB

MD5
01ad4ead6f7c1a729d715a300dde548f

SHA1
9cb27109da29fdebab88c63b67b0dd2e1b5f25cd

SHA256
b1b590562a6d96815fcb0ed92218c5f798ec5982495469336902c2a1c9e32342

SHA512
300b1777c691d6dd7f6a98ce39aa0ce89d8eaac0414aa5f56b79aecbd620574115701d8e776b466bb12fe87acae4e699498c8eb653d64a8bf02482e557e673d2

Download Submit
C:\Users\Admin\Downloads\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.log

Filesize
11KB

MD5
1c6046444076bb1a0f99a6a67ad8c528

SHA1
0875ed19a3a1bdb966ad570585c8eb1ec77c78c8

SHA256
6c250a2e92b59fd4d7619e20461346dd532f4275862f44e6e590b5296b3fe346

SHA512
e3ac320458d1f46eabfd29306c37246a4c3a256416c93ea7d10f45e1f7203dee2b0bc92bc7ba44fe15153254fbf9647547be7a0ae628c4fc815be82c1a80ec2d

Download Submit
C:\Users\Admin\Downloads\EPIC-GLOBAL\EPIC-GLOBAL\UserFileList.dat

Filesize
528KB

MD5
53def63b5384c23f50c696980ee64d76

SHA1
7e3a8c3a8a3594950c0662524a4ce688c7e4d35b

SHA256
c2f19bdecb8c1d3dabbf34af5e60f754d89a19c1cb116af370d0b0d8034357d2

SHA512
4cd8f616e58c4d06fbcdd6c7004ef86130fa63077e2e6117fc1784ec1a6f4c7fcdba5d372b9edaaffd76e2da8265863728fc752ffbd4282a7464b3274d1b7a55

Download Submit
C:\Users\Admin\Downloads\EPIC-GLOBAL\EPIC-GLOBAL\UserFileList.dat

Filesize
397KB

MD5
c6d6ad42bb59bf3bf33f0d6a0ed8f174

SHA1
3762fc80eaaf6392372bd92fd4a7093e94dbd5b8

SHA256
45d4fc3b88a3893f2289a9dbe621b927b6c698a499b15d4623126a63e1dc6b7d

SHA512
e7bec3b989e34c66dff2cedd3a414e93dd76178a958d65e2e3dcf9728c4711f9fca268189790d37fa89554f873d06447f59ce920a9ebf2160f6dccd21bb51e13

Download Submit
C:\Users\Admin\Downloads\EPIC-GLOBAL\EPIC-GLOBAL\_DownloadPatchFiles\patch_1.zip

Filesize
1.1MB

MD5
aa6ebae3027d6deec245a4f425c6e34a

SHA1
25fcac7990b0ddbdd095baaa43d6612fa1c3f66d

SHA256
1749b32c41bbb2fa4461e880e14625218f162db94dd45518260a645492a44723

SHA512
1b845b4c33b73ca4edeb7e180650b742674656dccde170b92ef15a77a3b4a39254e0f0de4d97bd1e623672b0f5ab83fb40bf5a88e54ca43c04182e272b600ae3

Download Submit
C:\Users\Admin\Downloads\EPIC-GLOBAL\EPIC-GLOBAL\_LauncherPatchFiles\PBLauncher.zip

Filesize
26.4MB

MD5
6ff7d36a760def2a6f0731ab82294f63

SHA1
83a1b683535be59ad5cbc0f7e687700ba37e8132

SHA256
346a177d21ea4d90ff01415abe6a0d0819d2330f8f35f8d2fb4c097d0d40e7f0

SHA512
7b8f83c1bf187e487b2f71f78345814fc4b325c6158855bb65d22fdb26004fd93e04feef0263ebc87bdd919eeb30b34091f2e3afebf1867a96b64f13c00c99e8

Download Submit
C:\Users\Admin\Downloads\EPIC-GLOBAL\EPIC-GLOBAL\config.zpt

Filesize
21B

MD5
890b7801caa919e14652c35e396e3ea2

SHA1
0707e9fc0b9e33c2f343ff640bbf5ea440e4ba63

SHA256
43258b505f2e4c3bb9efaf4bb56febf4ee91f9f47cf5a6c7eed53b1966817eb3

SHA512
47b3a4af5c8a80564b632341486dc47f746b7d939fab870b65498545110fa0f894c54a55ca588c36fdeea84e934ecc9462039e0cb3f7e61e5fb4442a3f2c7ce1

Download Submit
C:\Users\Admin\Downloads\EPIC-GLOBAL\EPIC-GLOBAL\launcher_core.dll

Filesize
771KB

MD5
f5ceafec64b1002a2301c90946a7d82b

SHA1
d2e799ac3979dcb738b00b7fff2da09d89fbaf26

SHA256
44b30f8defd26521c260cf28b8120e441bf2e56fe37435d16fceffb95b63df88

SHA512
310f336895e18514c9ebeef2814fce183bf171429678d7b984230286d12ca4c4ae2d37f12077c48d78211af492bcb35cfa7c5d54e5b9977626091b57ccce2a32

Download Submit
memory/2036-13319-0x0000000000790000-0x00000000022E8000-memory.dmp

Filesize
27.3MB

Download
memory/2036-13347-0x000000000C280000-0x000000000C360000-memory.dmp

Filesize
896KB

Download
memory/2036-13348-0x000000000BFE0000-0x000000000C022000-memory.dmp

Filesize
264KB

Download
memory/2036-13349-0x000000000CD30000-0x000000000CDCC000-memory.dmp

Filesize
624KB

Download
memory/3840-13296-0x0000000009BF0000-0x0000000009CA2000-memory.dmp

Filesize
712KB

Download
memory/3840-13297-0x000000000C160000-0x000000000C182000-memory.dmp

Filesize
136KB

Download
memory/3840-13286-0x0000000007340000-0x00000000073D2000-memory.dmp

Filesize
584KB

Download
memory/3840-13298-0x000000000C520000-0x000000000C874000-memory.dmp

Filesize
3.3MB

Download
memory/3840-13304-0x0000000009940000-0x0000000009A08000-memory.dmp

Filesize
800KB

Download
memory/3840-13287-0x00000000072D0000-0x00000000072DA000-memory.dmp

Filesize
40KB

Download
memory/3840-13311-0x000000000B620000-0x000000000B7A6000-memory.dmp

Filesize
1.5MB

Download
memory/3840-13284-0x0000000000E30000-0x00000000029C4000-memory.dmp

Filesize
27.6MB

Download
memory/3840-13285-0x0000000007850000-0x0000000007DF4000-memory.dmp

Filesize
5.6MB

Download