Malware Analysis Report

2025-05-06 00:17

Sample ID 250419-bnpskazwdx
Target http://epicpbglobal.zapto.org/
Tags
latentbot discovery trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file http://epicpbglobal.zapto.org/ was found to be: Known bad.

Malicious Activity Summary

latentbot discovery trojan

LatentBot

Latentbot family

Loads dropped DLL

Executes dropped EXE

Checks computer location settings

Legitimate hosting services abused for malware hosting/C2

Drops file in Program Files directory

Enumerates physical storage devices

Browser Information Discovery

System Location Discovery: System Language Discovery

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Suspicious behavior: GetForegroundWindowSpam

Modifies registry class

Enumerates system info in registry

Checks processor information in registry

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-04-19 01:17

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-04-19 01:17

Reported

2025-04-19 01:47

Platform

win10v2004-20250410-en

Max time kernel

1773s

Max time network

1801s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://epicpbglobal.zapto.org/

Signatures

LatentBot

trojan latentbot

Latentbot family

latentbot

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A drive.google.com N/A N/A
N/A drive.google.com N/A N/A
N/A drive.google.com N/A N/A
N/A drive.google.com N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\chrome_Unpacker_BeginUnzipping184_2139253816\ct_config.pb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2624_770978171\LICENSE C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2624_855591547\json\i18n-ec\it\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2624_855591547\Wallet-Checkout\load-ec-i18n.bundle.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2624_855591547\Wallet-Checkout\wallet-drawer.bundle.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2624_46628663\hyph-cs.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2624_855591547\json\i18n-hub\ko\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2624_855591547\json\i18n-notification-shared\de\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2624_855591547\json\i18n-notification-shared\el\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2624_855591547\json\i18n-notification-shared\fr\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2624_855591547\json\i18n-shared-components\zh-Hant\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2624_235717050\LICENSE C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping184_2139253816\kp_pinslist.pb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2624_855591547\json\i18n-ec\hu\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2624_855591547\json\i18n-shared-components\th\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2624_137583703\product_page.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2624_855591547\json\i18n-ec\zh-Hant\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2624_855591547\json\i18n-notification-shared\fr-CA\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2624_855591547\Mini-Wallet\miniwallet.bundle.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2624_855591547\wallet-webui-992.268aa821c3090dce03cb.chunk.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2624_46628663\hyph-cy.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2624_46628663\hyph-uk.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2624_855591547\json\i18n-ec\id\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2624_855591547\json\i18n-hub\el\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2624_855591547\json\i18n-notification-shared\it\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2624_770978171\Part-ES C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2624_137583703\shopping.html C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2624_855591547\hub-signature.txt C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2624_855591547\json\i18n-notification-shared\ru\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2624_855591547\Tokenized-Card\tokenized-card.bundle.js.LICENSE.txt C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping184_898111947\LICENSE C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2624_46628663\hyph-sl.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2624_46628663\hyph-sq.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2624_855591547\driver-signature.txt C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2624_855591547\json\i18n-ec\ko\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2624_855591547\json\i18n-ec\pl\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2624_855591547\json\i18n-ec\pt-PT\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2624_855591547\json\i18n-mobile-hub\ar\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping184_1320617171\deny_domains.list C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2624_2065848441\_metadata\verified_contents.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2624_46628663\hyph-ml.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2624_137583703\shopping_iframe_driver.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2624_855591547\json\i18n-notification-shared\nl\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2624_855591547\json\i18n-shared-components\el\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2624_855591547\json\i18n-shared-components\id\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2624_855591547\json\i18n-tokenized-card\es\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2624_46628663\hyph-cu.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2624_137583703\shopping.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2624_855591547\json\i18n-ec\cs\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2624_855591547\json\i18n-hub\zh-Hans\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2624_855591547\json\i18n-mobile-hub\en-GB\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2624_855591547\json\i18n-mobile-hub\sv\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2624_855591547\json\i18n-notification-shared\pt-BR\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2624_855591547\json\i18n-tokenized-card\fr\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping184_2139253816\manifest.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2624_46628663\hyph-kn.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2624_855591547\json\i18n-ec\nl\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2624_855591547\json\i18n-mobile-hub\zh-Hant\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2624_855591547\json\i18n-tokenized-card\fr-CA\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2624_855591547\Notification\notification.html C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2624_855591547\vendor.bundle.js.LICENSE.txt C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2624_855591547\wallet-webui-560.da6c8914bf5007e1044c.chunk.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2624_46628663\hyph-ga.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2624_46628663\hyph-mr.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133894990751107836" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3027557611-1484967174-339164627-1000\{53178413-FDE9-463A-85CC-957CE1F58CE1} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3027557611-1484967174-339164627-1000\{D6AB52E4-3867-4F95-9C15-70889F392285} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 184 wrote to memory of 4108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 4108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 5828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 5828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 6072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 6072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 6072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 6072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 6072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 6072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 6072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 6072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 6072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://epicpbglobal.zapto.org/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x360,0x7ffba366f208,0x7ffba366f214,0x7ffba366f220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1864,i,17862486377268124612,7690182759339735543,262144 --variations-seed-version --mojo-platform-channel-handle=2268 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2236,i,17862486377268124612,7690182759339735543,262144 --variations-seed-version --mojo-platform-channel-handle=2228 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2576,i,17862486377268124612,7690182759339735543,262144 --variations-seed-version --mojo-platform-channel-handle=2556 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3480,i,17862486377268124612,7690182759339735543,262144 --variations-seed-version --mojo-platform-channel-handle=3532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3488,i,17862486377268124612,7690182759339735543,262144 --variations-seed-version --mojo-platform-channel-handle=3536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4852,i,17862486377268124612,7690182759339735543,262144 --variations-seed-version --mojo-platform-channel-handle=4284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5188,i,17862486377268124612,7690182759339735543,262144 --variations-seed-version --mojo-platform-channel-handle=5212 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3908,i,17862486377268124612,7690182759339735543,262144 --variations-seed-version --mojo-platform-channel-handle=5260 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5820,i,17862486377268124612,7690182759339735543,262144 --variations-seed-version --mojo-platform-channel-handle=5828 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5824,i,17862486377268124612,7690182759339735543,262144 --variations-seed-version --mojo-platform-channel-handle=6008 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5824,i,17862486377268124612,7690182759339735543,262144 --variations-seed-version --mojo-platform-channel-handle=6008 /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --always-read-main-dll --field-trial-handle=6128,i,17862486377268124612,7690182759339735543,262144 --variations-seed-version --mojo-platform-channel-handle=5860 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --always-read-main-dll --field-trial-handle=5928,i,17862486377268124612,7690182759339735543,262144 --variations-seed-version --mojo-platform-channel-handle=6304 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --always-read-main-dll --field-trial-handle=4880,i,17862486377268124612,7690182759339735543,262144 --variations-seed-version --mojo-platform-channel-handle=6300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --always-read-main-dll --field-trial-handle=6624,i,17862486377268124612,7690182759339735543,262144 --variations-seed-version --mojo-platform-channel-handle=6452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=6552,i,17862486377268124612,7690182759339735543,262144 --variations-seed-version --mojo-platform-channel-handle=6900 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6504,i,17862486377268124612,7690182759339735543,262144 --variations-seed-version --mojo-platform-channel-handle=6588 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=6252,i,17862486377268124612,7690182759339735543,262144 --variations-seed-version --mojo-platform-channel-handle=7216 /prefetch:1

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=704,i,17862486377268124612,7690182759339735543,262144 --variations-seed-version --mojo-platform-channel-handle=5052 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6612,i,17862486377268124612,7690182759339735543,262144 --variations-seed-version --mojo-platform-channel-handle=6184 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6640,i,17862486377268124612,7690182759339735543,262144 --variations-seed-version --mojo-platform-channel-handle=6928 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=6928,i,17862486377268124612,7690182759339735543,262144 --variations-seed-version --mojo-platform-channel-handle=6516 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=4860,i,17862486377268124612,7690182759339735543,262144 --variations-seed-version --mojo-platform-channel-handle=7232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7324,i,17862486377268124612,7690182759339735543,262144 --variations-seed-version --mojo-platform-channel-handle=6048 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=1216,i,17862486377268124612,7690182759339735543,262144 --variations-seed-version --mojo-platform-channel-handle=2940 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=3284,i,17862486377268124612,7690182759339735543,262144 --variations-seed-version --mojo-platform-channel-handle=5016 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3624,i,17862486377268124612,7690182759339735543,262144 --variations-seed-version --mojo-platform-channel-handle=3272 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4916,i,17862486377268124612,7690182759339735543,262144 --variations-seed-version --mojo-platform-channel-handle=1640 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5484,i,17862486377268124612,7690182759339735543,262144 --variations-seed-version --mojo-platform-channel-handle=5520 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5112,i,17862486377268124612,7690182759339735543,262144 --variations-seed-version --mojo-platform-channel-handle=5324 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6660,i,17862486377268124612,7690182759339735543,262144 --variations-seed-version --mojo-platform-channel-handle=5032 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --always-read-main-dll --field-trial-handle=3272,i,17862486377268124612,7690182759339735543,262144 --variations-seed-version --mojo-platform-channel-handle=3312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3424,i,17862486377268124612,7690182759339735543,262144 --variations-seed-version --mojo-platform-channel-handle=5100 /prefetch:8

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x294,0x7ffba366f208,0x7ffba366f214,0x7ffba366f220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1960,i,15806276416692332371,14612042787739679052,262144 --variations-seed-version --mojo-platform-channel-handle=2172 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2052,i,15806276416692332371,14612042787739679052,262144 --variations-seed-version --mojo-platform-channel-handle=2044 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2576,i,15806276416692332371,14612042787739679052,262144 --variations-seed-version --mojo-platform-channel-handle=2628 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2992,i,15806276416692332371,14612042787739679052,262144 --variations-seed-version --mojo-platform-channel-handle=4272 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2992,i,15806276416692332371,14612042787739679052,262144 --variations-seed-version --mojo-platform-channel-handle=4272 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4644,i,15806276416692332371,14612042787739679052,262144 --variations-seed-version --mojo-platform-channel-handle=4624 /prefetch:8

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\EPIC-GLOBAL\" -ad -an -ai#7zMap31727:80:7zEvent15251

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4408,i,15806276416692332371,14612042787739679052,262144 --variations-seed-version --mojo-platform-channel-handle=4700 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4740,i,15806276416692332371,14612042787739679052,262144 --variations-seed-version --mojo-platform-channel-handle=4772 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4728,i,15806276416692332371,14612042787739679052,262144 --variations-seed-version --mojo-platform-channel-handle=4784 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4864,i,15806276416692332371,14612042787739679052,262144 --variations-seed-version --mojo-platform-channel-handle=4872 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5008,i,15806276416692332371,14612042787739679052,262144 --variations-seed-version --mojo-platform-channel-handle=4968 /prefetch:8

C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe

"C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4876,i,15806276416692332371,14612042787739679052,262144 --variations-seed-version --mojo-platform-channel-handle=4960 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4884,i,15806276416692332371,14612042787739679052,262144 --variations-seed-version --mojo-platform-channel-handle=5040 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=4608,i,15806276416692332371,14612042787739679052,262144 --variations-seed-version --mojo-platform-channel-handle=5040 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=764,i,15806276416692332371,14612042787739679052,262144 --variations-seed-version --mojo-platform-channel-handle=5020 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4016,i,15806276416692332371,14612042787739679052,262144 --variations-seed-version --mojo-platform-channel-handle=4388 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4004,i,15806276416692332371,14612042787739679052,262144 --variations-seed-version --mojo-platform-channel-handle=5032 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3916,i,15806276416692332371,14612042787739679052,262144 --variations-seed-version --mojo-platform-channel-handle=4156 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3928,i,15806276416692332371,14612042787739679052,262144 --variations-seed-version --mojo-platform-channel-handle=3944 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4240,i,15806276416692332371,14612042787739679052,262144 --variations-seed-version --mojo-platform-channel-handle=5004 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=1296,i,15806276416692332371,14612042787739679052,262144 --variations-seed-version --mojo-platform-channel-handle=4140 /prefetch:8

C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe

"C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4156,i,15806276416692332371,14612042787739679052,262144 --variations-seed-version --mojo-platform-channel-handle=4160 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 epicpbglobal.zapto.org udp
US 8.8.8.8:53 epicpbglobal.zapto.org udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
BR 151.243.218.245:80 epicpbglobal.zapto.org tcp
BR 151.243.218.245:80 epicpbglobal.zapto.org tcp
US 150.171.28.11:80 edge.microsoft.com tcp
US 150.171.27.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 epicpbglobal.zapto.org udp
US 8.8.8.8:53 epicpbglobal.zapto.org udp
US 8.8.8.8:53 copilot.microsoft.com udp
US 8.8.8.8:53 copilot.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
BR 151.243.218.245:443 epicpbglobal.zapto.org tcp
US 13.107.246.64:443 api.edgeoffer.microsoft.com tcp
GB 95.101.143.218:443 copilot.microsoft.com tcp
BR 151.243.218.245:443 epicpbglobal.zapto.org tcp
US 13.107.246.64:443 api.edgeoffer.microsoft.com tcp
GB 95.101.143.218:443 copilot.microsoft.com tcp
BR 151.243.218.245:443 epicpbglobal.zapto.org tcp
US 13.107.246.64:443 api.edgeoffer.microsoft.com tcp
BR 151.243.218.245:443 epicpbglobal.zapto.org tcp
BR 151.243.218.245:443 epicpbglobal.zapto.org tcp
BR 151.243.218.245:443 epicpbglobal.zapto.org tcp
BR 151.243.218.245:443 epicpbglobal.zapto.org tcp
BR 151.243.218.245:443 epicpbglobal.zapto.org tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 kit.fontawesome.com udp
US 8.8.8.8:53 kit.fontawesome.com udp
NL 142.250.153.105:443 www.google.com udp
US 104.18.40.68:443 kit.fontawesome.com tcp
BR 151.243.218.245:443 epicpbglobal.zapto.org tcp
BR 151.243.218.245:443 epicpbglobal.zapto.org tcp
BR 151.243.218.245:443 epicpbglobal.zapto.org tcp
BR 151.243.218.245:443 epicpbglobal.zapto.org tcp
BR 151.243.218.245:443 epicpbglobal.zapto.org tcp
BR 151.243.218.245:443 epicpbglobal.zapto.org tcp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 ka-f.fontawesome.com udp
US 8.8.8.8:53 ka-f.fontawesome.com udp
US 104.21.26.223:443 ka-f.fontawesome.com udp
GB 95.101.143.219:443 www.bing.com tcp
BR 151.243.218.245:443 epicpbglobal.zapto.org tcp
US 8.8.8.8:53 i.imgur.com udp
US 8.8.8.8:53 i.imgur.com udp
US 199.232.196.193:443 i.imgur.com tcp
US 150.171.27.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.27.11:443 edge.microsoft.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 drive.google.com udp
US 8.8.8.8:53 drive.google.com udp
NL 172.217.218.138:443 drive.google.com tcp
NL 172.217.218.138:443 drive.google.com tcp
US 8.8.8.8:53 ogads-pa.clients6.google.com udp
US 8.8.8.8:53 ogads-pa.clients6.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
NL 172.217.218.138:443 drive.google.com udp
NL 172.217.218.95:443 ogads-pa.clients6.google.com tcp
NL 74.125.143.102:443 apis.google.com tcp
NL 74.125.143.102:443 apis.google.com tcp
US 8.8.8.8:53 youtube.googleapis.com udp
US 8.8.8.8:53 youtube.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
NL 142.251.31.139:443 play.google.com tcp
NL 173.194.79.94:443 ssl.gstatic.com tcp
NL 142.250.153.95:443 youtube.googleapis.com udp
NL 173.194.79.94:443 ssl.gstatic.com tcp
NL 172.217.218.95:443 youtube.googleapis.com udp
NL 142.251.31.139:443 play.google.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.27.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 clients6.google.com udp
US 8.8.8.8:53 clients6.google.com udp
NL 142.251.18.84:443 accounts.google.com tcp
US 8.8.8.8:53 blobcomments-pa.clients6.google.com udp
US 8.8.8.8:53 blobcomments-pa.clients6.google.com udp
NL 142.250.145.138:443 clients6.google.com tcp
NL 173.194.69.95:443 blobcomments-pa.clients6.google.com tcp
NL 142.251.18.84:443 accounts.google.com udp
NL 74.125.143.102:443 apis.google.com udp
NL 173.194.69.95:443 blobcomments-pa.clients6.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
NL 142.250.145.138:443 clients6.google.com udp
NL 142.250.153.106:443 www.google.com udp
NL 173.194.79.94:443 ssl.gstatic.com udp
US 8.8.8.8:53 peoplestackwebexperiments-pa.clients6.google.com udp
US 8.8.8.8:53 peoplestackwebexperiments-pa.clients6.google.com udp
US 8.8.8.8:53 drive.usercontent.google.com udp
US 8.8.8.8:53 drive.usercontent.google.com udp
NL 108.177.127.132:443 drive.usercontent.google.com tcp
NL 108.177.127.132:443 drive.usercontent.google.com tcp
NL 108.177.127.132:443 drive.usercontent.google.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
NL 173.194.79.94:443 ssl.gstatic.com tcp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 13.107.246.64:443 edge-consumer-static.azureedge.net tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 static.edge.microsoftapp.net udp
US 8.8.8.8:53 static.edge.microsoftapp.net udp
US 13.107.246.64:443 static.edge.microsoftapp.net tcp
US 150.171.27.11:443 edge.microsoft.com tcp
US 150.171.27.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 edge-mobile-static.azureedge.net udp
US 8.8.8.8:53 edge-mobile-static.azureedge.net udp
US 13.107.246.64:443 edge-mobile-static.azureedge.net tcp
GB 95.101.143.219:443 www.bing.com udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 199.232.210.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 c.pki.goog udp
NL 173.194.69.94:80 c.pki.goog tcp
NL 108.177.127.132:443 drive.usercontent.google.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
GB 88.221.135.27:443 www.bing.com udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
NL 108.177.127.132:443 drive.usercontent.google.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.28.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
US 13.107.246.64:443 edgeassetservice.azureedge.net tcp
NL 108.177.127.132:443 drive.usercontent.google.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
NL 108.177.127.132:443 drive.usercontent.google.com udp
US 199.232.210.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
GB 88.221.135.33:443 www.bing.com udp
GB 88.221.135.33:443 www.bing.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.28.11:443 edge.microsoft.com tcp
GB 88.221.135.27:443 www.bing.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.28.11:443 edge.microsoft.com tcp
GB 88.221.135.33:443 www.bing.com tcp
GB 88.221.135.33:443 www.bing.com tcp
US 150.171.28.11:443 edge.microsoft.com tcp
GB 88.221.135.33:443 www.bing.com tcp
US 150.171.28.11:443 edge.microsoft.com tcp
GB 88.221.135.33:443 www.bing.com tcp
US 150.171.28.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.27.11:443 edge.microsoft.com tcp
US 150.171.27.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 13.107.246.64:443 edge-consumer-static.azureedge.net tcp
US 8.8.8.8:53 static.edge.microsoftapp.net udp
US 8.8.8.8:53 static.edge.microsoftapp.net udp
US 13.107.246.64:443 static.edge.microsoftapp.net tcp
US 150.171.28.11:443 edge.microsoft.com tcp
US 199.232.210.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 epicpbglobal.zapto.org udp
BR 151.243.218.245:443 epicpbglobal.zapto.org tcp
BR 151.243.218.245:80 epicpbglobal.zapto.org tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 epicpbglobal.zapto.org udp
BR 151.243.218.245:443 epicpbglobal.zapto.org tcp
BR 151.243.218.245:443 epicpbglobal.zapto.org tcp
BR 151.243.218.245:80 epicpbglobal.zapto.org tcp
BR 151.243.218.245:443 epicpbglobal.zapto.org tcp
BR 151.243.218.245:443 epicpbglobal.zapto.org tcp
BR 151.243.218.245:80 epicpbglobal.zapto.org tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.28.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
US 13.107.246.64:443 edgeassetservice.azureedge.net tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 27e72f6f855d6fa3ec6be2f61584b656
SHA1 49505d00b43172e9f790c03108267416b0558e55
SHA256 b034b9e650ddd92862141bad1816f5ed62ac482b1d191a8a159aabbcb7f7ec38
SHA512 fe3cce4ecd20845a438ac213c1c39927627f1298d4364f4c5bcb1400f3f6a9b77aaaf07bf8ac6a1a71a0eddd9bae155ca7e192f9844293254f6af5b73142cbb4

\??\pipe\crashpad_184_OQLTVTRQSRNOFVJN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 991dd8fbe9a0cd6dc3637646bc73b6fe
SHA1 cd33a4c3c2cea06b41e5388826af365691769de4
SHA256 7e873150a039c5eda07ab3768e2b49127c3f824319d28909fe07f31d6f3119a4
SHA512 b8c1dbb54394674bb88fd7cf368214885e0c328e51651ee8f412aa1ab85151582c70189a292e24d551a8144de29f82e8e9b51ca5a695d33dc0e3326a78d05263

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

MD5 ac30abe8e632cc35d99008a71270d703
SHA1 35d82e98e9cdb97be8aa77e54ee38d998121ed71
SHA256 4a8205d11ac8da3d00a2d8933482f71447bbfe73b0ad131e3dd839539531a72c
SHA512 033575dca64fd6a7538908c530020c43cc767bc3ab3b1715869887b270221cf44dc4bc9a29c16e5ffd7f87d9c6c1623de8ed5e721d66983f591b8fdd2c214193

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

MD5 969297ce8d25587dcf44fd5e38e51f28
SHA1 0038ba358fd4793d44053e5c63dfa66bbf055d15
SHA256 075a8705576fc0e5dcada7ac62222a69d8d6553189b38ce623560c3d542693d9
SHA512 a4f957c19fb54232ee57559bb13c8eae2930ea54a49a87e4ea0b274bfdf949f42bcf8c120b268d523b2179c2faf47ed2115b81a35c951417ff21044de631297a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

MD5 2b66d93c82a06797cdfd9df96a09e74a
SHA1 5f7eb526ee8a0c519b5d86c845fea8afd15b0c28
SHA256 d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954
SHA512 95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0b2dc795b9cc7fe5bb1595da1adaa2c0
SHA1 a711a486e1b10536ae78abcf3bf161da31e075bc
SHA256 4cf3c9c37e6da74a00e47c534db138a8d90c593043d01d18a4f34c0bbb7ae0ca
SHA512 9adc966337d76c97e1ea901562e05d5e51a1a7dc302f74bf5cab78e2f35f5f8690d731af038a7cf25bbd174500a9b6165c7a5e6b42ac5b7ea8953039846f883d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9c6dd744e8026f7fbf312c0ec975dba5
SHA1 953713d21a6a1f97896a8636edf4b9b2482fc09e
SHA256 0842d5fb8ba6924cef2b0899c290be9e8f61bdebe1dd96db11b1255ca717fefe
SHA512 c88f0db906c9738b0306030cfed60fc55c22047db37aca6810902531af44e7bf8b35d87db122e55bddc23fbefd911a6cd67c8cbf7f6a09e61ff5c4d4f4c0ab3d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 534effb461b6a339d97418dfa26b770c
SHA1 77888b5fc01ac4dc7dfdc4af424c31dd700616dd
SHA256 1127ef125f08742f13999ae6a691cd9a1a6812152d43027b880743485d2df67d
SHA512 82f319b6e8d80f0e1790f7b34b3c2a230436019fce6989a7e4e26ce636cbbd2d87f56354c92104fa13cffd18382b57e7561d4cceb61cff7a8670fcb9ff6d98e5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

MD5 20d4b8fa017a12a108c87f540836e250
SHA1 1ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA256 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 0e8103d7d5484df54ae4b0352a9c9912
SHA1 99b75d61c09e528f16001af5300e6a28d4854f95
SHA256 4182ebc373f51d12dcf30e0dadc132758ab2131396f3593f9569059a0f9d9a60
SHA512 a3c9d24b161ddfa772e745087153ace196a264230c7b9f9ad568971e4e2c254dd4a2e6dc38b35cebbea15bdb247d428b9c096400409c0569395f0b6a62fe0ea5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57efaf.TMP

MD5 262fc895cd0831b2c19ddefaf8f68bb0
SHA1 b4942a5722a0940435d7e669fb4051a2a1d1a8f7
SHA256 ce23e895631213c0c4273b50837b6a05c7912aee23edac421ce2747389b3b093
SHA512 199e52ba28386f200f9ad9c796a9f75fed9394e3961b561e172bbadb83e8a4180050ae72c442746f0b8fa0b0645bda1f3c7e2091f9c92edd204afca2ff383f23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3f5c50bc7903c7b0dbb31a804a98076e
SHA1 064cdee884811d46ccf2e552377b5eb19e49b587
SHA256 77864ad60b8f60f7d707a262fb31f12804613acd509184a59f3ab11b2df532a5
SHA512 aa28112fa16db654a823ffcabbcc64042fe57629e71e95c43d22c8b7284ef70656094063f7e3b1ced3960eccf52fcdb369d6424453605b339ddbc72b717b308c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e32add610b7baf24c3c16c011763c59e
SHA1 f640fa31e1a1c64875fa69949374c3b6889cec30
SHA256 e78efa255ce82c65d0cc87242a1fc72ddf8ced22aa72315265a85eb9705ae200
SHA512 3028d433847dac3bba3296a409fd413b8a088a812927988385be995f34be9fea6c5a9d0e33d872797ffa71b46bf07d3e1b604e1fab865d28d270b2ec55e0c769

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57f702.TMP

MD5 39a3d7cc2d8911da7e85ea635f6b4b89
SHA1 359d5d8cd4b7e6a262b27fb9957829a20b327484
SHA256 6862a09dea514edf2d26ad58d87d6cf34dc5d1976a8ae3c9c00b4b5724364da2
SHA512 cd72cf0343f0cf9f436e347798786868574592ec91ef494636b4218894bef0c431e96835057f5363869031e9082f1d89d30f914514fa4d3b251023f5a5f6220d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe582074.TMP

MD5 1ab48d72f7e26698d6ccf9f073ba3f83
SHA1 ed34648693a92484fbcdc1303dfe66f211313bc6
SHA256 9f49825982ba9b4611619166f9aa6f088a7feff192f6bf5471b806877c5a43f8
SHA512 ba694f6f9a6aab3c64f1a1892586a14a152f352a799bda2494152f4b9b2948ba51d2b7067e68b84b93c51d568332c13a1fe86b660462d0f1dc73b67aa490fa83

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

MD5 37617f6dd9d139cbad487e92d870d68a
SHA1 08b60c8d0e0046d9a55050cdcab1c47dee750dc1
SHA256 8ae8d8cb18d0d1ba8287984cd4fbd886c8e9b80a2294f796fe7d8764b182191a
SHA512 6e30d4fceec3f7955fb4fab24a87eb206c6ebe3265cea927766489e14d68558ed7b74442996e0c2e901257831856ce3e174cc9cbf4b4bd100645292383d488ca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

MD5 56c732d49022f0efdf08ed4747900cba
SHA1 64112d02aaa4f07490572d314652f74c74161d3e
SHA256 8822da74b231ebbe71fa9a7c51705d94ca8bc5a01de9aff43880fd3bf3c275fb
SHA512 920e2b441d145c9c03bb7012b7ffc01bd438b48d7f7605eac9ca29cce242a705f7b2d3f3f28be56c3746b5557cfbde17106a2ce698ccc5a2518392d00cbe2994

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

MD5 e904511783d5030b61246e71570284c7
SHA1 b867fba676b252b7963d90a2740f2e6e8e061be4
SHA256 c966eb20c4d109a8b10b4d3a96b64e36354602003dfc30f52bfe495c6a65e0fe
SHA512 f876f4256406aeddc6fbf8dd85e1deb92468e31d7ac30583ff0a6dbc2b6fff8cb11329a38cfabf01d29dc34464287405f24c25d1cf0bd6e2262d65076112d8c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

MD5 3f8927c365639daa9b2c270898e3cf9d
SHA1 c8da31c97c56671c910d28010f754319f1d90fa6
SHA256 fc80d48a732def35ab6168d8fd957a6f13f3c912d7f9baf960c17249e4a9a1f2
SHA512 d75b93f30989428883cb5e76f6125b09f565414cf45d59053527db48c6cf2ac7f54ed9e8f6a713c855cd5d89531145592ef27048cf1c0f63d7434cfb669dbd72

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\518febd0-8b60-4075-9c52-a6ee17599662.tmp

MD5 948debc0aedc3fce414847738a3dc7df
SHA1 8f354a26fbc267406a4cf1b0ac0a0ddda465dc88
SHA256 5ae5b11996edeee86b3e686a2ee920791f91b9562428652a779e3b064ffdb981
SHA512 471e8d50478922dfd8a7fe4e41d9338769f949b6e9b7181e5df2cbd9ad4b88cd5778ce83d229c42fc7f270eaa3eeb702533402d25fd5f4fe8ccb74c96807851a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9d7f476d8ef17882a907f71f829b3c76
SHA1 1da80d730187876ca3ca29fe075a5fa9eaf65d91
SHA256 8958b442eb62d76b71107ac7c13119eb3a43d40937b37722ca058cef1723a95e
SHA512 0b9b270ce60455e0c2474ccb68896bfad4cc7973f7c6d82268903e1dc0fea2974594be68508f23305cdbb5e8a5528d2c5dcafdb0fde3b287473a0abdce172c2a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 2205002c03eeb8af9de70d2c9b36c8a9
SHA1 a5e46c62b4c91b5161dad3d207afe29e36bf83d7
SHA256 82a03170a3a98aad24e3cd0dfd0f095df3ec17ba3bfad0b9b53192f134027f59
SHA512 85afbced5e23db042a2a638d102d5aef1ce76cbf5e277b4110a71a0eb62f76784a7ea78eb4e5c568e91d95cad60483b383911ba48e24196342ef5bc5eeb4745c

C:\Program Files\chrome_Unpacker_BeginUnzipping184_898111947\manifest.json

MD5 c3419069a1c30140b77045aba38f12cf
SHA1 11920f0c1e55cadc7d2893d1eebb268b3459762a
SHA256 db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f
SHA512 c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

C:\Program Files\chrome_Unpacker_BeginUnzipping184_898111947\LICENSE

MD5 ee002cb9e51bb8dfa89640a406a1090a
SHA1 49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2
SHA256 3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b
SHA512 d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 46534336bbde494d6135fd6f40b21ff5
SHA1 854880127517360ec1ec875eb1e0aff9f59714f8
SHA256 3a12752b05578cfee5f7c96a9fc3a5fb10eb31f74742ac778367873635f34008
SHA512 bc53855a485ba35e9f42429f81eef76c2f56c07700060438e02a8ee1eecf4bfccdfc6257bcd5a3a72db4be3f704b6f0809485e1a0151845e800039c64575aa03

C:\Program Files\chrome_Unpacker_BeginUnzipping184_1320617171\manifest.json

MD5 6607494855f7b5c0348eecd49ef7ce46
SHA1 2c844dd9ea648efec08776757bc376b5a6f9eb71
SHA256 37c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd
SHA512 8cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 0979afaa724f0bad5d24c1b8e7892dfc
SHA1 03ab8d4a823ea46cf465c1835fe9fdf43e391fe0
SHA256 34d85781a49024655ecc0e1be975a0dc6d672c961a75e093d19a396e604174db
SHA512 62bac76f334b7d0ce7dfb456c9a0d28ee33ce1c7ac3e04c8f9c2f4ec6a8a43cfc3d6af5bc7f381c2d864b832c3f362d34236dd711b8fb49a4d0db9abe787f018

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

MD5 6292855183930f0fd9847bde479bb057
SHA1 0cab2aae46f07d3bcfe7c21e56aa1b8eea8f0047
SHA256 342897cc84f5d4db88cb7744371c5b7c708b27f3f17d6dc188d7ad01fb48f1e9
SHA512 a136186ea0a52f112c5aa1a0dcf7df807253a1110f71b4b18463c6d344559a5a583a67dddc67023c3365e7e143b60faac365e76f6e8dca028439ecc073bb6244

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 125cb8106faca134fe59a1cac7202346
SHA1 4885b240174e08b209e633504c5f65766b51e78c
SHA256 340bb0803491f5453de08050edd1ecb526dad006db99ce0a3d58841a72229561
SHA512 0227be5ace946342470b31dd57ef78ac305361617773f977ecaaec7a2a1336db399ce15a3eef58db02d0bed53ee9c3ba80bcf7ac02d7b6de81e97805227e152e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.4.18.1\typosquatting_list.pb

MD5 9cc0b895391b57b727aa33c9726290fc
SHA1 5d0e6946979b7cae22fd9a02e1df69e1fdb73624
SHA256 ee177ed63dc6421b74f786428dce7ab84f06e2d565399f96fc8c5a2186f6a9ef
SHA512 af3137e5b62e207616c441425cdfa22d5bcb9e195ab2d59dba43b39f857e8ecd85b30aec9e45f5a7b6dc6470f073c1e0c2203dc8e3b384eebdeaf44d84f2e8d3

C:\Program Files\chrome_Unpacker_BeginUnzipping184_925336970\manifest.json

MD5 95be3969ec6c6f9649430a301555a1f7
SHA1 49e369ec2e3b392879d6fbeaaa6752705044bf50
SHA256 e00d423af4689db6f1b2efbd5e338f260bf1ed6799746855471e6006464a2216
SHA512 ccf958beaf2890e878aa927ceec5dc78a680317662398c7e450f707b7f6403f44eaf1dc757692c02f09c590d5800c33c6963f60c3bfa02ae7844d66080418e29

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\MANIFEST-000001

MD5 2bd6f0c573044d75afd133cb6e64ef4f
SHA1 17935617df5fc31150adc9452ec66a9d8b9e2eda
SHA256 a1c2fa2efa59f9b2053a0814bc301e1868a3bbf28162cc68d7f4370e47918a56
SHA512 dfd67ed7ee9123256c04c4f387d302274f1b9efb1c024bc81b633d8c499eee5450c31050904f90983ab6144f9ecfd4cf07c66756dbe7b6522e4f9b68e52e1907

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\50219413-064b-4316-b347-4372d100ca8f\index-dir\the-real-index

MD5 bb61bea7e49e69bdb8b665471bcd49a1
SHA1 dd355287a33a5f35f9c9242d4f252f739e21c7d0
SHA256 6d1593bb145dd915a491c57e9fffe5ebd98c72c5888cc0dd4c6d1303687bbf70
SHA512 a7cae045ea9a3cf070acda190e1f2449a67497ee57ab8ced4acebd4f469384d2400ed421aa4ac7313bef76f6dae820cc17b95228dcb49d321887c94fee2a5fa0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\50219413-064b-4316-b347-4372d100ca8f\index-dir\the-real-index~RFe5c21f7.TMP

MD5 098e93202d7d71c5c20e38b7d048b03a
SHA1 816242f14df854397e6bd16295ceba86ee02d1c5
SHA256 d5b3368a8ae688dd992c8d1c3668a6e82a22f7bdc2cf30f4cb27d323981220b4
SHA512 4e3a226aa0415b8ba522097328d6b533f3b44c8c69441969c338f4188be15b05f669f4085e427f389d5ecd34e8cc84550944d26e2adf398ad724eb4ff9bc7f43

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

MD5 964ada514eabe61915f013fd4eaafafd
SHA1 1b6aa7f954a6bf0aff06428ff7464bce4cf4c428
SHA256 2e02b6492ca018f315d8a61bb2fb6cd430c44301b7f53e807dd3a801eaa054a4
SHA512 b2c83af58a7dc0e3868c78b1c5027e5f240d8f963c19f5b1db7f0645e2e3879aaf81ba9dbf77da7668e2f374460d0dd25f3b1883310c9315423feedd00a620df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

MD5 f5eae59e64d638eb2f0719ce973966c1
SHA1 4aebb61fd8527246f7c6bda3f473a1c5132bc861
SHA256 b824fb7c7d4a83be824ec38f5583a9e2fb67c528fdabcf6f4ed22b6434b1b621
SHA512 3c732291c514a3af494bed4b95718c9e11391c9db2b89ab073dfad77839a46fdf5f06e71ab5b7ffc38377d51a2fc3ef9517011f575b2da024f61dbc80a750d6e

C:\Program Files\chrome_Unpacker_BeginUnzipping184_2139253816\manifest.json

MD5 a64e2a4236e705215a3fd5cb2697a71f
SHA1 1c73e6aad8f44ade36df31a23eaaf8cd0cae826d
SHA256 014e9fc1219beefc428ec749633125c9bff7febc3be73a14a8f18a6691cd2846
SHA512 75b30c0c8cef490aaf923afbdb5385d4770de82e698f71f8f126a6af5ef16f3a90d0c27687f405274177b1a5250436efddd228a6d2949651f43bd926e8a1cc99

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\crs.pb

MD5 2b59269e7efdd95ba14eeb780dfb98c2
SHA1 b3f84cbc37a79eeecb8f1f39b615577d78600096
SHA256 ff2ced650772249abb57f6f19c5d0322d6df22c85c7cf2be193b6134e1b95172
SHA512 e4b454db2248021e0d198805ea54f1c0cfd84b9716a9348b1d0e0acb7c6fb5dd0839e532a5eb6d4410ab759d6688dd6cce8375ad55a150d738d280993142e9d7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\kp_pinslist.pb

MD5 0779206f78d8b0d540445a10cb51670c
SHA1 67f0f916be73bf5cffd3f4c4aa8d122c7d73ad54
SHA256 bf0945921058b9e67db61e6a559531af2f9b78d5fbedb0b411384225bdd366ec
SHA512 4140b2debe9c0b04e1e59be1387dca0e8e2f3cbc1f67830cbc723864acc2276cde9529295dcb4138fa0e2e116416658753fe46901dfa572bdfe6c7fb67bd8478

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\ct_config.pb

MD5 811b65320a82ebd6686fabf4bb1cb81a
SHA1 c660d448114043babec5d1c9c2584df6fab7f69b
SHA256 52687dd0c06f86a2298a4442ab8afa9b608271ec01a67217d7b58dab7e507bdf
SHA512 33350cce447508269b7714d9e551560553e020d6acf37a6a6021dc497d4008ce9e532dd615ad68872d75da22ac2039ef0b4fa70c23ec4b58043c468d5d75fd81

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f3ce5ecc677b92948c7a17f688c5dcba
SHA1 d43ba24836d76c4f7080e7d4a92d5fe28b1f59c6
SHA256 f594bae0f3b62179e5bdb6b5d80fd8f2fe5a36e2e1d0948c4643c3a91a00d73c
SHA512 4c260726726d732eae3292a70cbbf18ea3e2b6e8ecee13c07923cc0198a2ef52cc2f850694aea8f76c657a3dd8a19ff0accaf4a6467517180d72189e662826fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnGraphiteCache\data_1

MD5 f3d6069e103a0b0bcb773f6ec4487d14
SHA1 4cea324b659e346542e4084600cda9a74f932b49
SHA256 1b253d8a9ddc50ea40d9325461be4041a6d7bb98892fdfbad2ac0d5c9e5609e1
SHA512 41c5fe6e4f7c9e97cff283e0f9751f4350743c83839b52e62299272bacb4072236798295182cb36049d8adf09a3adcff25c34896527d8e2d626df8f918a47a4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2afdccc30393d00b1e92a98f5d3cce87
SHA1 6e700d3f8cfa89b7ee155a542edb4c2bc278b3e7
SHA256 e150183679813881903782b19bc9c633073676a003fbc97c9ca666dfeadb69c9
SHA512 698448e65ae7cc3701bbe5fef4543b9c9ddc5be670a03c62c0fb07dafd38e598fd6f1f54cace1e00a419ec98a9bcd6c8c2f32a64499266d4548c79945394cdbb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\339d6a77-c602-4d15-9a2f-ce101ed68f16.tmp

MD5 4ca5d58619346d9742eb3f81ba2fad3c
SHA1 fa7291ab4d94d8d75bfb36ebb6a69c64d20277a2
SHA256 d2be140cf6abd8a11a9beaf023ec025fb8f25f68e8b34e981cfefd9b511e2559
SHA512 6948d6c48375ffd4dd110fac2814ccb54b1d2c354325727a262c256229bec48421fdf6f807207ed9ca6aea2c80214c2b4fec974c6a40c4b5aa03cc17415d7175

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 27858fb80777e23293f35c2a1b35a985
SHA1 51a906174cc175be85ca5ab1c361501a2e961572
SHA256 6b177a3cc2008194e7ac9ff341d7ede2b085d0bfe69655a0e83b34335b72e712
SHA512 16b9924873dc1a9e8274be4500669095aba7ade909b106aa959afe762246c10a3c2319495a7fa18fac01212e53141eb0a37dcc602adbbb6a57cf6c2634f25451

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2172eb52338616bb048efe543b6d6b60
SHA1 efe3376312194717f4faef2c5a664ce4cb240ebd
SHA256 054896cfc082794c14231d72dfc31537f619e91d70412567b0e6bbbf5bf08d86
SHA512 9b9e34cae7cf6a102ba02a50be188f1878ed566f9eb024ad900b3c7c036e9f200b302feda18c3da0d69d5e6253fcbef067082ef0f574919cc06b5415577ff2d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations

MD5 961e3604f228b0d10541ebf921500c86
SHA1 6e00570d9f78d9cfebe67d4da5efe546543949a7
SHA256 f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed
SHA512 535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

MD5 3e45022839c8def44fd96e24f29a9f4b
SHA1 c798352b5a0860f8edfd5c1589cf6e5842c5c226
SHA256 01a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd
SHA512 2888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

MD5 c4e0706e54718df45a891289c8e994e7
SHA1 2aeabfe3b82c4116ca1306c47a8d3d84629d07f0
SHA256 1eca0519d05d594d718ae94b62bd407393bd7d123b1e794bac478007bc2ebebd
SHA512 898a018b40269cac0847b542f4ef44c7e1cf40b58fc3507053cfaf0d04fbd83e0351b474194b3b7a5f2321ffe24b45a24e77e1e451777443f2cd1db72c29e4b6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 e6e85d68a9b37184fdb2990866bea67d
SHA1 11e917fd35d4487d4946b867dc262296bae2fdec
SHA256 a256f10fa85d0d78a878e19e1996dba73b103c0005f9dd7284fc7951876f657f
SHA512 37e009de8bf57edb128c2eb5244cb6871c6fb0c8b0cf4faa27cec2a40f18ea70c3752c177940a47f16fa53c5597c15b3f870b16f0ad0e4f1b4f3b5dc12dfc4a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

MD5 7c3e8dca07dcffd147091475b9b07863
SHA1 abeb09af4cca31e2e4a8f75f3b12deea32b67b21
SHA256 1215e534f5b94529532e82c5f7a92b7962608a832ec098eded64cb4f580e3354
SHA512 480702786847cae75a16943c37e4de65c3936010f3f21072e3d073050d8e1b550c3341a5435c8875e9a4991b3f83353fe470a4cf4a0af6631588025723298777

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006d

MD5 7169a953b7c6c199456cc8b7988fe604
SHA1 495a0259efe3b23263cad46b63e277732c30b590
SHA256 2de6e76069ed1aa1fe3e50584dc053b863638d71d0862bbdbb3203494ae851a0
SHA512 2116fff551de0d3fa83450bbefe11afebd81e4516167ea4749e81c09e4247f822db4bb26c9e749b17f6309fd7105cf3353f51bff48aae2c80446df5503494bd8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007a

MD5 25835ba37aeab3c50e1b0ee66d4ecac1
SHA1 704958a63f7781b4bf3fd6a108b9777ae296ab4b
SHA256 a5539304e11d06f558c4d80d0f2429fa267ad828cdb28a11c08ac69bb494c830
SHA512 c4399cbd55f2082dc0dcb2d9341d2b4937abf37224a4b5fbaba49dcb5e7a4175b3fe729474c7bb75a1ee8913e92456eb349a4cd5731fde15eea98d4df846b374

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000079

MD5 b86c368a89724406060a8b3944ea1c6e
SHA1 8a731ff19eaf4f44d89956ced4985b13cf05ad6e
SHA256 85f9cdc264d75c8924e39ab0a80f1733bd99ddd4ddb42a9e8dda78e0aad01195
SHA512 b8643f4ddcd0cba13ef10f45a1c37249ae63518060a7aabff2479091b5e2ff40db5d99f98a3596f9d409f83e87c8f21e7c85d40c5295c4e4dbd8701aa25d2536

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000078

MD5 3e9313d6f4361a0417b114999bf8af91
SHA1 2fe0e4984b9ffd98a545db0fa8758a9d36c166a5
SHA256 bf0b155281295096013c1181673ee6bcb5aeebe0ba163166f0026f3a747b0161
SHA512 ab2f42c3cd7346ff248ff929c063d987b3caf176adbde44db39415e83fa1634544ef28697df683ddd9fc80983922c1c82d50bdd9178ec220331af4a2d888b7c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000077

MD5 a6a0ebf99e19050022c411cd4ec8b2a6
SHA1 26cae2338b3a360e69ea050961899579682e1691
SHA256 e95ddc3cbaa57e41aadeccede91ba457f8920e5de4bbd87453e7f00e6d44212e
SHA512 fb35b1cf0b89112f71740cb948b25c5c1fe5cef5b053677974a2c1a08568273e62cc679410d00c2caeffbde75822b83a1d6de4f825e85c411aa9bc5f0c39b459

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000076

MD5 e45da7adeca3d43feb19fa7736201689
SHA1 7e10560e5ba072b6744cb06066cec4d37c631f16
SHA256 cc90a2b68dabba4496647c4e8644ad0ca0444c3fffa5355100482731b2959618
SHA512 f841c42a049680cd0ed489c670f66703dbfb3a6cfed258fec5768cddf35c70b2c1099151d2bde5b57219acc7c40e0dedd313590c360f9e458223f3d102bd788d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000075

MD5 0931d657c03a7e21f461178758aa2e19
SHA1 0dc7d1527ac7015ec4db478ed1bde56b64fdcde0
SHA256 95e971e60878307902a92bc76c5d5e54bdd040e68834ac0b332f59526c68b1b3
SHA512 736674c3ec882e86ab16f6618a5b219cc34840a20e0e49e580b043863241a2fab4fc3197b7ea9cae40d09c5552fbf6c5b3a2d77b4e9d2a85741195f4e95ffdd3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000074

MD5 a2a82c886b7e60a03bddfe859bca2e27
SHA1 65c0c74305047ee6d25f4f1b49cd894ddd3404c5
SHA256 9019887dee896a51afcf4c49711e1c5b82c493a342555e41d80ac0f0124a9483
SHA512 b742dcc15b34630c0e0c03a50b099c94be5d6c9916a3abe0f687b91a26872d7c67333409b6863616a361c44bdf364936836920cd62ab51fc96b5600effea0b66

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000073

MD5 fc4f627ddf54943afa716e1ac1c695c3
SHA1 5377bdb788bc19b76e5b7cb8bcb9110394bf1812
SHA256 1c569628639cf777d2a69e37daa3c970165d1e1fc7f4518b4810b050810d0d88
SHA512 be9e9c47914d2973311e017bfd9846a7aaa88b3b90f49a45edb86aa594f32c2040aa25d1bfa927745524a7a145f2095b6f853de62d3a2118353633b990a3f2ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000072

MD5 d26ea04ff863963a16cf129f7ffa0121
SHA1 69b28c7c76d1812d0a61af69f48eec0c7bbb9264
SHA256 c052d63cf699b9c7532ddb0932ec70960d05a7a6f29744dcbec82879f4ac0ecf
SHA512 25dccfd5f6a07b2491a80c7a64e60f0f2809528d371dcd5147a9cae53ee64bf215b9f1b7c783b8b3145061177f0c9249bd7708f6968c9c472d377dc6dbcd2c54

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000071

MD5 9a01b69183a9604ab3a439e388b30501
SHA1 8ed1d59003d0dbe6360481017b44665153665fbe
SHA256 20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2
SHA512 0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000070

MD5 a134abde9daa53eb4b62686b01550e90
SHA1 c5215e863d37b220221ab2bdd4a0ad2df838b0ee
SHA256 09c25ab6ae4e999501ef4fe5f5d9ee11b30a2a3b1b817670cd14c0a3f4584a41
SHA512 1f5f1e9d2c03be137ead56fe7e2d24a928b9b0a0eb81f23f6cb307b04e6ce826e7bed518d481c3f0e3e0d06e0ee00a98dfd5fb78b4dc95ddf62898165f0b611f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006f

MD5 41c8cc1c9119dfe6b0c743e2105016ef
SHA1 3419160efefb0f89f68534c41f5d1e82790ba7a2
SHA256 858fd43c91e7aba711e5c0fede2e2802267c636c88b8708c886983c1bb379140
SHA512 dc0cd5b4b34bdda5f7a2e58f4cdb45f5b569d8bce15df4a12d3d13687fd5c54dcd6897e19514884bdd51d3dd6f46c93ff359d3b105bbc67e578147015b6b2a1a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006e

MD5 05153540ea642c0264327ba6c1133e16
SHA1 c896199bdee0ff8045c315e33202e1fae96315e8
SHA256 8b59db5487fc771e16f7c05d84de7cfb1eba1a68b378b35f4834e7113bdf69ef
SHA512 06cc065996bb142aec3af7de2d3a3a61e36512c19ffff312b25f0fe3d66a7bffd4707dd017b891db7a0cb5f927354aa0470c650f8ebebdc4b45fcc376be2bc6d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3

MD5 657619dfdcad4ede8cb3bce687245352
SHA1 4e90740deff75f29e7c86a0505c5ecd0bace37e7
SHA256 ccc005692a83be45452895b7ea8a6390944d629868a0edd3f1db294caf090fa8
SHA512 eb799df954ed4d19e79a0a5f0d7fa311d4e87ca76574b16355ae4489f82904bea9e75223e3392d21a675260b7db91166610f0f42f9a798bd155483ece0f0bbfe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2

MD5 1f37e7a760a0dad4ada00938091ed19b
SHA1 25dfb54d911d3d830241cee211c3db2c33b6e369
SHA256 c9747d12090e1fa8dce7697dcd9bf589458ece16f9926a7654df72d143c17326
SHA512 6afd9e1359e16b0417e3cc709874d6952aee2ed289426602659f7a92ea4c442639909939cb661226806a8627d8f93c3c9533dae79473ec4f0a175d404766a130

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1

MD5 8dba5ccbe29d1f287fff508ac80173e1
SHA1 c015288cd7bce38c5e9c1467617ffda5374d1f1d
SHA256 dd25afdaa9bc7cbd3fbaa4dcfe576eef3da6418ea4c2368b78b842f55ce41050
SHA512 39c22711aed16303244171c714bdc23a029ea97bf7f1803932a25f9c6351d1c1131bfceac177f7e673605d02f6ca0d37007c28e4f19db54b275bc0cbf6a6e9bf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0

MD5 909bf420cabaede4ba34c51f27374b90
SHA1 2c843bda66fb408e6243a74f91b59a70971e6e66
SHA256 419e334e01f1b5ee3405f6ac07e5eda43d3ee6bd13de1ca5e5dbcd8cf0a1dad1
SHA512 341eb36853f706bc581dd91168f005aa1d665782de8f69d7538c31f8f950363c493a496c799d37188cfdca5952e04e7bd553344407892cae125af913c5c22afa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

MD5 9a0775c1d676e887634f7fa6a7cb2ffc
SHA1 f7e4ac79c4ba287c844e11fea1a721fa53d004a0
SHA256 cce101746eea66b646acda1ca9aa5bc666bdcd4a407f21e1fa8714e85f6f2f31
SHA512 62f4d58f47020f932c44531e7ebf19aa5e63af912a4d0d148e2441a3465fb38e008e4df8582640d6c99d3d08952bdcb4453f1ebc936c803324430e5e7320595f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

MD5 1f1fed9559eb236a85a9ef75ee31d410
SHA1 fcfc0a759a055d0405c2f8eac4b4fa031a6a4099
SHA256 144b6d6ed9a8bd59272041d9dee054dd17eca7381162604a4986558ad7ffee11
SHA512 4eeaf24c9a912e31f540383ca1e95b2bd519229bbd26f79f19e2c5280d572889ad1ae8ea4e5199e2a0bb6e5269af1191ec0a862b18288b2ccb0c2c6ebc7d174e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

MD5 bafb64eb740cb4ccd682faddd3664f46
SHA1 fd89940696e9fa5c0e461a7e93b0a1457708156b
SHA256 7a4fef3034ea94efae37daa778b569c2c4b90ae91396a2d47bea5b23f1d81d6d
SHA512 be4b9b308d41b0ac8c3def74e5c2dc135c64770cede4b1cd780c29f953601b3a2792af155782d9f73787cc33562158de164eca42f422478cf463fe075f81b151

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

MD5 0b7efd74cd90d56750d5bb741235eb11
SHA1 13a0e07f1b6eeca09351a15ba8586c12c821d2e8
SHA256 717ff6e7c5bca8b01840e44be09287ff35fa8f3bf040845c59e4e6b6d192b263
SHA512 36e8d8837aed559ed9ddc02c11c235a4f4386aa757605faeebf42489983f46e5d8441866f604861d0929e66feeeac9063ac14bab85fe578e4ee1fd3bd6327301

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6d139966933f97a691a090cb7a7371d5
SHA1 7d6b60f6e9a9778403d2b6a823192941c6b95c52
SHA256 932952373d280a4b4e070228763d64a1d39996d4e74f14c5b359d3b84cb7e166
SHA512 72cf955a7737c473b77cef7bc695885ebe22c6dd97e19bc0ce595d4a3df355d13740697929676f7ae28d2ad89bc6822f8a836b578e2e2aac19445786d342137e

C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\Gui\Image\white_tiger.i3i

MD5 7db3989c5bf995e5ce13a998f1b27dc1
SHA1 3e62744600b0bda02357286e2027deb9156a95e0
SHA256 afd97b0ac9a9f36b8959236da79f6879c90ca88c95b2d3c6da4d0ffb967fde2e
SHA512 837eab60508490ef2b8bdd59ab668dcdcf1222053e9ac8185e98ec193e9abf39f4db307c999fd579d0f483176481f2da8c2b2183e268ba8340fe76710cf5dc1a

C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\Locale\Thai\UI_V11\VTexList\Bg_1.i3VTexImage

MD5 dabb7cd749169d9d758014a4d3557b82
SHA1 15e6b06bd8fab9151715cec0ec2965c59aa743fe
SHA256 18d6fe65fc4fba27b6f2e61e93858a4dcc91aeb5893be3e9512f2233053e8c66
SHA512 3fd91dcbfed5dff9c1f584b45b0463cefad1dca119ea26c445d8aeaadf52ad6555888662831d58cfd542553c4d450876147593be8b6b0b27bdcc7bc17d5a5149

C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\Locale\Thai\UI_V11\VTexList\FaceGear_3.i3VTexImage

MD5 18eb6c500ba896a69fbb6351b4ca5c41
SHA1 90908ce069742679d57bb6a15b942a8fa6f9754b
SHA256 f0f63b66d2cac94b2cbfa9d10c48ef4a9c4df7e607bd9af17e947ec3856832be
SHA512 47ace0a1e1fdcd74bcf77273ac68ff51c735f27aff6f6261ed6338653363dcf2233ffab45820ed0b2543652c8178e00f43472e01e98acfb2f473e0b44c1d5815

C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\Locale\Thai\UI_V11\VTexList\item_cash_A43.i3VTexImage

MD5 14b7716cf52a450ed3d4882c7c84f946
SHA1 34696ef0e4cc80b5a1e18648827c7af13a6cf636
SHA256 c17c0dcb9ec507546e538c212eaa81ed476b8c4ad77cd88db190c75290ac19a3
SHA512 2f6f3cdf54954d1cfb4bd854d86bd7b40ebae4131c03b9f1045e0ddbaf27afab086f2abfaa5187db842c90ee0357bc8710c78d104379b1c50a3f61c994e80f68

C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\Locale\Thai\UI_V11\VTexList\item_cash_set29.i3VTexImage

MD5 aec79cf88b840ee66911dcc884a1614b
SHA1 4b2021a15b5e3731cd1b28f3f112223d9fc53a62
SHA256 24288edb65c69160a1f385e5d2004be93de7c367eb5e77202e6a712a11cc7420
SHA512 9ac8cb59292f66d19d639d4ee43f196e27d767f689b63b7417a160fa48b0c351a9a6defc87f019f2801d3ec39b055facbbde14f033da1c139290c4ab982b2f15

C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\Locale\Thai\UI_V11\VTexList\item_head_07.i3VTexImage

MD5 0ecbc3a89591b3a2049ea03befae8766
SHA1 b67ad51257f65bc51901932bad982e0c2b9192ae
SHA256 a28b27cdadbfb5ce8c2ba62ec574fb8681dd2779662c51ae3595fcf4fc955ca9
SHA512 0d88aa8d719ac428cf498406275bbf3059a4970be3bade44d1b493574c8ae5a380b3de99d981936f090f3991c26a0f6ad2ef1ff01fb2a3f145157f5818f66781

C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\Locale\Thai\UI_V11\VTexList\Item_Spray_03.i3VTexImage

MD5 928ac2e83bb1a634cea0cbef8502347f
SHA1 4049679fe14139bb5c28ab821976eae5077b5fe3
SHA256 5e6c0b28dd6244aea5366406bf399b006fe5461c9e850cc7f2276243ac51f984
SHA512 3c62d058ab1fa7bc952453c4dbf91d4f2f144db563003d9fd0bb8daf24bca7f8e08b58e95ebb00b262e4085b52c99d9356cb32f21aa013480d7bcb37ec62e025

C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\Locale\Thai\UI_V11\VTexList\NameCard_008.i3VTexImage

MD5 c1e87821665a8fd7030c2d36eb8f6888
SHA1 b110ce894247f6bd79db59031115e574ce06a828
SHA256 f6e5093b6872cd93cf2ed671cf8515a5f0ba91de1800cfcf67687dcfbab13d71
SHA512 014a8225f7b3ba18edc8cc51ad6f01adef3320955c8b1addd29a3ff1d922f3e42170f79acc9e521005c4544702c2bedb160cc990ce3ddadc72a878f45f9dbdda

C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\Locale\Thai\UI_V11\VTexList\UI_Source_12.i3VTexImage

MD5 ca092297bc8e69c75b3596505a3afdac
SHA1 affafeaa27d42526c2399cd7c15680514936cbdf
SHA256 ad558a2dd18eb945eb58e024fccd85de5efc17ba282c2ea93590c07b5edf08b9
SHA512 6d91d9c8c55abf43d57a7f4a38f3cc00a055b244154a310c8f73b19b8c1cea51fc31068e02b8f642ab67dda3e2cfd9d62b08ddfccff65d8c95fd584b7e41c345

C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\Locale\Thai\UI_V11\VTexList\Ul_Source_2.i3VTexImage

MD5 f1a90c67fc3903358af5eecab4526635
SHA1 afe1e3f98e78d19d1e8614c0ad41764c2770b27e
SHA256 b74d1a0dc40336946c654b0c04aa0021f832fc9e34a25531f7b957d0516090b2
SHA512 4a81a8912b5b50b7cf2abd350e05ee76ef4a52dc235d07217e3494c848ca4393898f849e122fce2ed2abd9ca8f9462056d5db49b0c1d635a970530d85f1e36bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 39542550a61c16df282a541555ffdf5f
SHA1 bb407ef286f4b861209418d5c274756439c1aa40
SHA256 644378b00fc8cc98b8d6496e8730e4fac45dd2efa6f3884eeac4da9c564b4094
SHA512 5ce1c8b807e892316b862cd889a00d6f50928ef02f2eda03149335dcb1ffb6c053e50dec5d753f910344b27e69e5083479d8dc1eb89eac56da83f2528ab4aed5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

MD5 c57f26680cfa14b03cd29c0752f20b73
SHA1 81132de0cfcbbd465f5ede0a355b87a329e3ea69
SHA256 3b573640d5181a3cd9df140f2849b221b5e1167b0bb0e9bcbccea21c4a838063
SHA512 aceb94f6454a37fcffe8fe51328404c70dc2bd31d9c0e3076f7ea9daaa5742b47316fdb4b4db0031ca4febdf9d71aa9bcbdc4baece91348e0e979e5b0ebff06f

C:\Program Files\chrome_Unpacker_BeginUnzipping2624_2065848441\_metadata\verified_contents.json

MD5 68e6b5733e04ab7bf19699a84d8abbc2
SHA1 1c11f06ca1ad3ed8116d356ab9164fd1d52b5cf0
SHA256 f095f969d6711f53f97747371c83d5d634eaef21c54cb1a6a1cc5b816d633709
SHA512 9dc5d824a55c969820d5d1fbb0ca7773361f044ae0c255e7c48d994e16ce169fceac3de180a3a544ebef32337ea535683115584d592370e5fe7d85c68b86c891

C:\Program Files\chrome_Unpacker_BeginUnzipping2624_2065848441\manifest.fingerprint

MD5 8294c363a7eb84b4fc2faa7f8608d584
SHA1 00df15e2d5167f81c86bca8930d749ebe2716f55
SHA256 c6602cb5c85369350d8351675f006fc58aea20b8abf922a2c64700070daaa694
SHA512 22ed0211822f6f60fe46184fb6e5e7fcb2b3a9d2e19f25fb6e84e1ca3a5d645183959309549cdb07c999b345cfdd9a1351f3474e03fb8d451b0f093d44844d7c

C:\Program Files\chrome_Unpacker_BeginUnzipping2624_2065848441\sets.json

MD5 eea4913a6625beb838b3e4e79999b627
SHA1 1b4966850f1b117041407413b70bfa925fd83703
SHA256 20ef4de871ece3c5f14867c4ae8465999c7a2cc1633525e752320e61f78a373c
SHA512 31b1429a5facd6787f6bb45216a4ab1c724c79438c18ebfa8c19ced83149c17783fd492a03197110a75aaf38486a9f58828ca30b58d41e0fe89dfe8bdfc8a004

C:\Program Files\chrome_Unpacker_BeginUnzipping2624_404883887\deny_domains.list

MD5 085a334bdb7c8e27b7d925a596bfc19a
SHA1 1e4ad53dc335af5c6a8da2e4b4a175f37fafe2f2
SHA256 f51a7acfffec56d6751561966d947d3fd199b74528c07dabdcf5fcb33d5b2e85
SHA512 c883cb43c97a136825c6fd143f539210c234c66f9b76dfd8431f6ff014094e20b9410d7462aadee2344df8ca158def6b9a807e7cadbdfa947f6f8592e7283e34

C:\Program Files\chrome_Unpacker_BeginUnzipping2624_404883887\deny_etld1_domains.list

MD5 93c7fc76f7223d043593c999de1c0bea
SHA1 dd7c906c629466fe53a29d3945e31801065b5b1a
SHA256 0db8861eb771d2662ecabd8c7125c5453d6f3d976c14401ecb252e1f85b018d6
SHA512 55c752b20ebf883adaf0bf696fbe7c3f94b06d5bff907b39e9f43358ee7a58336024145b77ba315393609853c54a701ec25592ffc32b9ed3e2ce4857a4186c8e

C:\Program Files\chrome_Unpacker_BeginUnzipping2624_404883887\deny_full_domains.list

MD5 a3b6c4249c181157cf292b749209fb49
SHA1 f3704c2d69b8f1c7738104f2d9fadf5ae644702b
SHA256 2edfd6823e18cb7a1e9e6abf571ef33c5be863cb5ea891ffa3df9a06fd0bfe98
SHA512 113df193b92ac3312b4e983434d0fb61fde5f3675ea00687ab6f9c53f17635bc5dba2970a5af6dc176618d962f982ab514b82d9ffbf894e315a31797887d35f0

C:\Program Files\chrome_Unpacker_BeginUnzipping2624_404883887\manifest.fingerprint

MD5 a287310073c3b178dc97cb38269847da
SHA1 ab283f53827794fffcfbf8603d33a3d9f6a5bbf2
SHA256 3af99da8ebc689d4324a15e3f059e379c9be7e523b5b26efb9261cb507a6f6d3
SHA512 bdd9f96341fc74032c9ae8677e6a06badae1ab60f4ae48ced84853a0a57a16e16c68d636bb821f10fbd06779462ed3fca5d4eb903e5235f519dfdd46b1d7e95c

memory/5104-13346-0x0000000000950000-0x00000000024E4000-memory.dmp

memory/5104-13347-0x00000000073F0000-0x0000000007994000-memory.dmp

memory/5104-13348-0x0000000006D90000-0x0000000006E22000-memory.dmp

memory/5104-13349-0x0000000006FA0000-0x0000000006FAA000-memory.dmp

C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.log

MD5 439e3c83e0238821ee4e0549695ae85f
SHA1 4ad392a74ffd612ab7a0184c94b51b9c4af40638
SHA256 2f298c8c331aace1c80594cc6549c39a78a423c19e29502b090395d50819ddee
SHA512 157015527aac0015cd1eb47e5e1e3c4d8e0f408b8dc4a3bf9105cdfcf3e1a4feef982cc88ed9cf4a8098959b8ad0574d9a3afb5fb299b50c6f9ab0b382cf3895

memory/5104-13354-0x0000000009720000-0x00000000097D2000-memory.dmp

memory/5104-13355-0x000000000B340000-0x000000000B362000-memory.dmp

memory/5104-13356-0x000000000B640000-0x000000000B994000-memory.dmp

C:\Program Files\chrome_Unpacker_BeginUnzipping2624_1525361382\manifest.json

MD5 811f0436837c701dc1cea3d6292b3922
SHA1 4e51a3e9f5cbf8c9c96985dabe8ffc2de28dae87
SHA256 dbfb38a16e33a39c35ac50bd81782e4608be14954f1df69ac8272c0b9ce87a5d
SHA512 21e7bf2f8333b2900bcbcb871ede14684073249597d105095dc7d3f101e7ccc326068732f11d4a167365f245a3f2205793f520c7666d7f948e70919b40b43d35

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Well Known Domains\1.2.0.0\well_known_domains.dll

MD5 f5f5b37fd514776f455864502c852773
SHA1 8d5ed434173fd77feb33cb6cb0fad5e2388d97c6
SHA256 2778063e5ded354d852004e80492edb3a0f731b838bb27ba3a233bc937592f6e
SHA512 b0931f1cae171190e6ec8880f4d560cc7b3d5bffe1db11525bd133eaf51e2e0b3c920ea194d6c7577f95e7b4b4380f7845c82eb2898ad1f5c35d4550f93a14b6

C:\Program Files\chrome_Unpacker_BeginUnzipping2624_2132810238\manifest.json

MD5 ba25fcf816a017558d3434583e9746b8
SHA1 be05c87f7adf6b21273a4e94b3592618b6a4a624
SHA256 0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11
SHA512 3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f

C:\Program Files\chrome_Unpacker_BeginUnzipping2624_46628663\hyph-as.hyb

MD5 8961fdd3db036dd43002659a4e4a7365
SHA1 7b2fa321d50d5417e6c8d48145e86d15b7ff8321
SHA256 c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe
SHA512 531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

C:\Program Files\chrome_Unpacker_BeginUnzipping2624_46628663\hyph-hi.hyb

MD5 0807cf29fc4c5d7d87c1689eb2e0baaa
SHA1 d0914fb069469d47a36d339ca70164253fccf022
SHA256 f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42
SHA512 5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

C:\Program Files\chrome_Unpacker_BeginUnzipping2624_46628663\hyph-nb.hyb

MD5 677edd1a17d50f0bd11783f58725d0e7
SHA1 98fedc5862c78f3b03daed1ff9efbe5e31c205ee
SHA256 c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0
SHA512 c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

C:\Program Files\chrome_Unpacker_BeginUnzipping2624_46628663\manifest.json

MD5 2617c38bed67a4190fc499142b6f2867
SHA1 a37f0251cd6be0a6983d9a04193b773f86d31da1
SHA256 d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665
SHA512 b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0

C:\Program Files\chrome_Unpacker_BeginUnzipping2624_770978171\manifest.json

MD5 d20acf8558cf23f01769cf4aa61237e0
SHA1 c4b21384309b0ff177d9cd3aa4198ab327eb2993
SHA256 3493b321a7fc5e183ed6f223ae55ce962541717d0b332d16bdc7cbcadf7e6f78
SHA512 73d082cbd71f6d0f06c7afc1bf63ee41c9a8e501df3e56f21a551b2d369a0afc8306894c8e0a38d0324e2ac403ec506ac1ecd8e9b61a9cb27134a229ccb13725

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.76\LICENSE

MD5 aad9405766b20014ab3beb08b99536de
SHA1 486a379bdfeecdc99ed3f4617f35ae65babe9d47
SHA256 ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d
SHA512 bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.76\Filtering Rules

MD5 d7c9c6d2e1d9ae242d68a8316f41198c
SHA1 8d2ddccc88a10468e5bffad1bd377be82d053357
SHA256 f215127185b2ee6b01e12b6ca75d3e5c4e454598dd4aed36124ae13d59afd547
SHA512 7fd14824e9200dd99e1fd2cee402656dc0cfc3d0a60058c5eb05c68e9e65b7f0b47e550fb4d6c2b59eba204dbf3ef9e69dc9723b43a9b3ccd5412d6b77715fc3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\2.1.39.0\edge_checkout_page_validator.js

MD5 1db0c159a8afc8073ed9f0a83f782ae8
SHA1 0874d03928cc347db7f5c7720fa6c23321671fb7
SHA256 f7ee28dee8d78ac7456a683cbc673e8b3b57bc9a1ba37c0d6d5d4332a7534d93
SHA512 4fda31e15918efa31ebbd69965e3fa1702daf6b1995af2c010a63e55030ee2f3affb4c45ea6275b7d4c35c0e61bdfbd3051872f392725394489b4c43e8cb3bf1

C:\Program Files\chrome_Unpacker_BeginUnzipping2624_137583703\manifest.json

MD5 207f8230e8e90b79c9a957fcecb35037
SHA1 838fd6a9aa7ac1083a1b0cdaa29ed39e7e593a51
SHA256 fcd7d9808d01ba6f20fef9d34aa6dfaed249bfedf85cf12ce8299d58df3250a1
SHA512 8cf890bcb56d20f45a91b6d46940f7a5cf98307cd80ca05561704a2965f2984634dfd3a07d3aac089cbb2c8fafdf74b8152fc1f6c1404fe338c5eac4efa5f5f2

C:\Program Files\chrome_Unpacker_BeginUnzipping2624_855591547\manifest.json

MD5 0d77c27baa669b0714c49b73e68447ea
SHA1 65103c9707e083c5503ad9979560ba1bb7634ae4
SHA256 c853d6a286d9d31a382c6d3fb109d5336d275651950f22b8243289eb6125b516
SHA512 1f011c405ec558229a1f5e2923b38b7054144c66d4c69d658c9c2c371f6cc365317485c274cafcab80bcb88f989b0be4c43c763933de3f86362a79ec1e962ff3

C:\Program Files\chrome_Unpacker_BeginUnzipping2624_855591547\Tokenized-Card\tokenized-card.bundle.js.LICENSE.txt

MD5 8595bdd96ab7d24cc60eb749ce1b8b82
SHA1 3b612cc3d05e372c5ac91124f3756bbf099b378d
SHA256 363f376ab7893c808866a830fafbcd96ae6be93ec7a85fabf52246273cf56831
SHA512 555c0c384b6fcfc2311b47c0b07f8e34243de528cf1891e74546b6f4cda338d75c2e2392827372dc39e668ed4c2fd1a02112d8136d2364f9cab9ee4fa1bd87f5

C:\Program Files\chrome_Unpacker_BeginUnzipping2624_855591547\Notification\notification_fast.bundle.js.LICENSE.txt

MD5 7bf61e84e614585030a26b0b148f4d79
SHA1 c4ffbc5c6aa599e578d3f5524a59a99228eea400
SHA256 38ed54eb53300fdb6e997c39c9fc83a224a1fd9fa06a0b6d200aa12ea278c179
SHA512 ca5f2d3a4f200371927c265b9fb91b8bcd0fbad711559f796f77b695b9038638f763a040024ed185e67be3a7b58fab22a6f8114e73fdbd1cccdda6ef94ff88f3

C:\Program Files\chrome_Unpacker_BeginUnzipping2624_855591547\json\i18n-tokenized-card\fr-CA\strings.json

MD5 cd247582beb274ca64f720aa588ffbc0
SHA1 4aaeef0905e67b490d4a9508ed5d4a406263ed9c
SHA256 c67b555372582b07df86a6ce3329a854e349ba9525d7be0672517bab0ac14db5
SHA512 bf8fa4bd7c84038fae9eddb483ae4a31d847d5d47b408b3ea84d46d564f15dfc2bae6256eac4a852dd1c4ad8e58bc542e3df30396be05f30ed07e489ebe52895

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18347.18346.65\json\wallet\wallet-checkout-eligible-sites.json

MD5 16d41ebc643fd34addf3704a3be1acdd
SHA1 b7fadc8afa56fbf4026b8c176112632c63be58a0
SHA256 b962497993e2cd24039474bc84be430f8f6e6ab0f52010e90351dc3ff259336c
SHA512 8d58aa30613a2376ccc729278d166a9b3ec87eca95544b9dec1ee9300e7dd987326ea42d05dca3f1cc08186685f2fdaf53c24fd2b756c1ed9f2b46436689dc74

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18347.18346.65\json\wallet\wallet-stable.json

MD5 05f65948a88bd669597fc3b4e225ecae
SHA1 5397b14065e49ff908c66c51fc09f53fff7caed7
SHA256 0e329e63d8457bef61d0986a521f81d747a09dadf3b1136f2011942ba14d9fc0
SHA512 ed7b767a741d18c0dd35e0311db752120e0f090d39ef976d541cbc5ae78fa32655cb3f9c27cddef6ca8091ca8bf31513254a748bc8b95353897f6198a667cf58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18347.18346.65\json\wallet\wallet-tokenization-config.json

MD5 ae3bd0f89f8a8cdeb1ea6eea1636cbdd
SHA1 1801bc211e260ba8f8099727ea820ecf636c684a
SHA256 0088d5ebd8360ad66bd7bcc80b9754939775d4118cb7605fc1f514c707f0e20d
SHA512 69aff97091813d9d400bb332426c36e6b133a4b571b521e8fb6ad1a2b8124a3c5da8f3a9c52b8840152cf7adbd2ac653102aa2210632aa64b129cf7704d5b4fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18347.18346.65\json\wallet\wallet-notification-config.json

MD5 4cdefd9eb040c2755db20aa8ea5ee8f7
SHA1 f649fcd1c12c26fb90906c4c2ec0a9127af275f4
SHA256 bb26ce6fe9416918e9f92fcc4a6fe8a641eceea54985356637991cf6d768f9fd
SHA512 7e23b91eab88c472eec664f7254c5513fc5de78e2e0151b0bcc86c3cd0bf2cb5d8bb0345d27afdd9f8fcb10be96feaa753f09e301fa92b8d76f4300600577209

C:\Program Files\chrome_Unpacker_BeginUnzipping2624_235717050\manifest.json

MD5 578c9dbc62724b9d481ec9484a347b37
SHA1 a6f5a3884fd37b7f04f93147f9498c11ed5c2c2d
SHA256 005a2386e5da2e6a5975f1180fe9b325da57c61c0b4f1b853b8bcf66ec98f0a0
SHA512 2060eb35fb0015926915f603c8e1742b448a21c5a794f9ec2bebd04e170184c60a31cee0682f4fd48b65cff6ade70befd77ba0446cc42d6fe1de68d93b8ea640

memory/5104-14971-0x0000000009C00000-0x0000000009CC8000-memory.dmp

C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe

MD5 58127809314b9309ce090619a169f0f0
SHA1 258d0d4a7c1bb293efe25897033cf31e48b04cd9
SHA256 c12f7f58515e7ed58d18ce9596e09eac217733f4e57c77850dd9254589d75bae
SHA512 e8866bb5b5a6f06d7bd6c6cb4c737153c43dbe8a9ec4d4c4a56f79094a532e0fc4532a75a55d9c433eb50a696a45e587e635a2442efe79bf7b2fd49bfd3c821a

memory/5104-14978-0x000000000B380000-0x000000000B506000-memory.dmp

memory/4468-14984-0x0000000000460000-0x0000000001FB8000-memory.dmp

C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\UserFileList.dat

MD5 c6d6ad42bb59bf3bf33f0d6a0ed8f174
SHA1 3762fc80eaaf6392372bd92fd4a7093e94dbd5b8
SHA256 45d4fc3b88a3893f2289a9dbe621b927b6c698a499b15d4623126a63e1dc6b7d
SHA512 e7bec3b989e34c66dff2cedd3a414e93dd76178a958d65e2e3dcf9728c4711f9fca268189790d37fa89554f873d06447f59ce920a9ebf2160f6dccd21bb51e13

memory/4468-15002-0x000000000C000000-0x000000000C0E0000-memory.dmp

memory/4468-15003-0x000000000BB80000-0x000000000BBC2000-memory.dmp

memory/4468-15004-0x000000000CA20000-0x000000000CABC000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

MD5 60aba015242cbed16ee0288004760c5c
SHA1 1e62599ae94cf8f8758f992b541b74e7dbd3448c
SHA256 ae1b67fce36edabf0b2b1c6bfa59af01a4cd9276a5efa41cf48cf45222b10595
SHA512 2f1eb43b8dce0e181a2330547cab5a8b033fba39ee3679e8e3f10a7243bc8dfd27ebf087be7074b8936cddf3cdc0fa892b6f56b0bfa24260a4c3850f4dd96aab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

MD5 59ecba26be122ff235256dcd7696346c
SHA1 299a65129e7dcea6303b2bb2c3a25cf54f23ef42
SHA256 3fddb277d0655d370848a8aa291c6ceace9e8f2c2191b97078a3a1a7078a946a
SHA512 5350eca320033fd3396dde4462a00de2a2f878bdf5cb7ca4e43f93ca8359828120ef808f60fa109dd86ea243837680e95524155bf3a227090679f3d6e8297d84