Malware Analysis Report

2025-05-28 17:58

Sample ID 250516-3zz68acj91
Target https://epicpbglobal.zapto.org/
Tags
latentbot discovery persistence privilege_escalation trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://epicpbglobal.zapto.org/ was found to be: Known bad.

Malicious Activity Summary

latentbot discovery persistence privilege_escalation trojan upx

Latentbot family

LatentBot

Loads dropped DLL

Checks computer location settings

Executes dropped EXE

Event Triggered Execution: Component Object Model Hijacking

Checks installed software on the system

Legitimate hosting services abused for malware hosting/C2

Drops file in System32 directory

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Program crash

Browser Information Discovery

Enumerates physical storage devices

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Checks processor information in registry

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

Modifies data under HKEY_USERS

Modifies registry class

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-05-16 23:57

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-05-16 23:57

Reported

2025-05-17 00:08

Platform

win10v2004-20250502-en

Max time kernel

649s

Max time network

553s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://epicpbglobal.zapto.org/

Signatures

LatentBot

trojan latentbot

Latentbot family

latentbot

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PointBlank.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PointBlank.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PointBlank.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PointBlank.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PointBlank.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PointBlank.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PointBlank.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PointBlank.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PointBlank.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PointBlank.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PointBlank.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PointBlank.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PointBlank.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PointBlank.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PointBlank.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PointBlank.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PointBlank.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PointBlank.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PointBlank.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PointBlank.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PointBlank.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PointBlank.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PointBlank.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PointBlank.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PointBlank.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PointBlank.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PointBlank.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PointBlank.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PointBlank.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PointBlank.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PointBlank.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PointBlank.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PointBlank.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PointBlank.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PointBlank.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PointBlank.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PointBlank.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PointBlank.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PointBlank.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PointBlank.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PointBlank.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PointBlank.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PointBlank.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PointBlank.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PointBlank.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PointBlank.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PointBlank.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PointBlank.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PointBlank.exe N/A

Checks installed software on the system

discovery

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A drive.google.com N/A N/A
N/A drive.google.com N/A N/A
N/A drive.google.com N/A N/A
N/A drive.google.com N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\bdmpegv64.dll C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\BDMPEG1SETUP.EXE N/A
File created C:\Windows\system32\bdmpega64.acm C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\BDMPEG1SETUP.EXE N/A
File created C:\Windows\SysWOW64\bdmjpeg.dll C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\BDMPEG1SETUP.EXE N/A
File created C:\Windows\SysWOW64\bdmpegv.dll C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\BDMPEG1SETUP.EXE N/A
File created C:\Windows\SysWOW64\bdmpega.acm C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\BDMPEG1SETUP.EXE N/A
File created C:\Windows\system32\bdmjpeg64.dll C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\BDMPEG1SETUP.EXE N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2504_916951865\_metadata\verified_contents.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2504_1839639619\json\i18n-tokenized-card\pt-BR\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2672_707624198\v1FieldTypes.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2504_1103690927\hyph-en-gb.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2504_1103690927\hyph-it.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2504_1839639619\json\i18n-ec\da\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2504_1839639619\Mini-Wallet\miniwallet.bundle.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2504_916951865\LICENSE C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2504_1839639619\json\i18n-mobile-hub\nl\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2504_1103690927\hyph-as.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2504_32412867\adblock_snippet.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2504_736149082\shopping_fre.html C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2504_1839639619\json\i18n-ec\fi\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2504_1839639619\json\i18n-hub\fr\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2504_1839639619\json\i18n-notification-shared\de\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2672_1078917640\manifest.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2504_1516384306\manifest.fingerprint C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2504_1103690927\hyph-lt.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2504_1103690927\hyph-und-ethi.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2504_736149082\auto_open_controller.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2504_1839639619\bnpl\bnpl.html C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2504_1839639619\json\i18n-hub\fr-CA\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2504_1839639619\json\i18n-mobile-hub\ru\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2672_707624198\manifest.fingerprint C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2672_1938653338\test.txt C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2504_1103690927\hyph-en-us.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2504_1103690927\hyph-es.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2504_1103690927\hyph-lv.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2504_1103690927\hyph-pt.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2504_1839639619\json\i18n-tokenized-card\ja\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2504_1839639619\wallet-webui-992.268aa821c3090dce03cb.chunk.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2672_2019422434\keys.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files (x86)\BandiMPEG1\uninstall.exe C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\BDMPEG1SETUP.EXE N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2672_707624198\autofill_bypass_cache_forms.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2504_1103690927\manifest.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2504_1839639619\json\i18n-shared-components\da\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2504_1839639619\json\i18n-shared-components\pt-BR\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2504_1516384306\deny_domains.list C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2672_882585306\_metadata\verified_contents.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2672_707624198\regex_patterns.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2504_1839639619\bnpl\bnpl.bundle.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2504_1839639619\json\i18n-notification-shared\sv\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2504_1839639619\json\i18n-notification-shared\zh-Hans\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2504_1839639619\json\wallet\super_coupon.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2504_1839639619\json\wallet\wallet-pre-stable.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2504_1839639619\wallet-webui-560.da6c8914bf5007e1044c.chunk.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2672_2019422434\manifest.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2504_1103690927\hyph-or.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2504_1839639619\json\i18n-ec\cs\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2504_1839639619\json\i18n-notification-shared\nl\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2504_1839639619\json\wallet\wallet-checkout\checkoutdata.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2504_1839639619\Mini-Wallet\miniwallet.bundle.js.LICENSE.txt C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2504_1839639619\json\i18n-hub\zh-Hans\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2504_1839639619\json\i18n-notification-shared\id\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2504_1839639619\Tokenized-Card\tokenized-card.bundle.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2504_1839639619\json\i18n-notification\fr-CA\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2504_1839639619\app-setup.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2504_1839639619\json\i18n-hub\es\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2504_1839639619\json\i18n-hub\zh-Hant\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2504_1839639619\json\i18n-mobile-hub\ja\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2504_1839639619\json\i18n-notification\el\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2504_1839639619\json\i18n-shared-components\de\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2504_1839639619\json\i18n-tokenized-card\es\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2504_1103690927\hyph-eu.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PointBlank.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\BDMPEG1SETUP.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133919134971513981" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\FilterData = 02000000010080ff02000000000000003070693300000000000000000200000000000000000000003074793300000000700000008000000031747933000000007000000090000000317069330800000000000000010000000000000000000000307479330000000070000000a00000007669647300001000800000aa00389b714d50454700001000800000aa00389b714d50473100001000800000aa00389b7100000000000000000000000000000000 C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\BDMPEG1SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\InprocServer32\ThreadingModel = "Both" C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\BDMPEG1SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\ = "Bandisoft MPEG-1 Video Decoder" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A1C6833E-A3EC-4397-9FA9-151792F3408F} C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\BDMPEG1SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F4F5C9E9-CFCC-4C65-A8BD-0423A338F188} C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\ = "Bandisoft MPEG-1 Audio Decoder" C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\BDMPEG1SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\InprocServer32 C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\BDMPEG1SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\InprocServer32\ = "C:\\Program Files (x86)\\BandiMPEG1\\bdfilters.dll" C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\BDMPEG1SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F4F5C9E9-CFCC-4C65-A8BD-0423A338F188}\InprocServer32\ThreadingModel = "Both" C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\BDMPEG1SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\InprocServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F4F5C9E9-CFCC-4C65-A8BD-0423A338F188}\InprocServer32\ = "C:\\Program Files (x86)\\BandiMPEG1\\bdfilters64.dll" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3951986358-4006919840-1009690842-1000\{1046958B-0176-43B7-A32A-93A71F31BD3D} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A1C6833E-A3EC-4397-9FA9-151792F3408F}\InprocServer32\ = "C:\\Program Files (x86)\\BandiMPEG1\\bdfilters.dll" C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\BDMPEG1SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\InprocServer32\ = "C:\\Program Files (x86)\\BandiMPEG1\\bdfilters64.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\InprocServer32\ = "C:\\Program Files (x86)\\BandiMPEG1\\bdfilters64.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F4F5C9E9-CFCC-4C65-A8BD-0423A338F188}\InprocServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\CLSID = "{E2E7539A-CECF-4A6A-B187-939943ECEF05}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{89C4B786-A490-4A3E-AA70-E6A8C61D3689} C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\BDMPEG1SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\ = "Bandisoft MPEG-1 Video Decoder" C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\BDMPEG1SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E2E7539A-CECF-4A6A-B187-939943ECEF05} C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\BDMPEG1SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F4F5C9E9-CFCC-4C65-A8BD-0423A338F188}\ = "Bandisoft MPEG-1 Audio Property" C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\BDMPEG1SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\FriendlyName = "Bandisoft MPEG-1 Audio Decoder" C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\BDMPEG1SETUP.EXE N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\FilterData = 02000000010080ff020000000000000030706933000000000000000001000000000000000000000030747933000000006000000070000000317069330800000000000000010000000000000000000000307479330000000060000000800000006175647300001000800000aa00389b715000000000001000800000aa00389b710100000000001000800000aa00389b71 C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\BDMPEG1SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F4F5C9E9-CFCC-4C65-A8BD-0423A338F188}\InprocServer32 C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\BDMPEG1SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F4F5C9E9-CFCC-4C65-A8BD-0423A338F188}\InprocServer32\ = "C:\\Program Files (x86)\\BandiMPEG1\\bdfilters.dll" C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\BDMPEG1SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\FriendlyName = "Bandisoft MPEG-1 Video Decoder" C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\BDMPEG1SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A1C6833E-A3EC-4397-9FA9-151792F3408F}\ = "Bandisoft MPEG-1 Video Property" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F4F5C9E9-CFCC-4C65-A8BD-0423A338F188}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3951986358-4006919840-1009690842-1000\{3E472B8E-15CB-4C1A-B74F-43F4E62FDF29} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\InprocServer32 C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\BDMPEG1SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\FriendlyName = "Bandisoft MPEG-1 Audio Decoder" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A1C6833E-A3EC-4397-9FA9-151792F3408F}\InprocServer32\ThreadingModel = "Both" C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\BDMPEG1SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{89C4B786-A490-4A3E-AA70-E6A8C61D3689} C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\BDMPEG1SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\CLSID = "{E2E7539A-CECF-4A6A-B187-939943ECEF05}" C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\BDMPEG1SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{89C4B786-A490-4A3E-AA70-E6A8C61D3689} C:\Windows\system32\regsvr32.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\FilterData = 02000000010080ff02000000000000003070693300000000000000000200000000000000000000003074793300000000700000008000000031747933000000007000000090000000317069330800000000000000010000000000000000000000307479330000000070000000a00000007669647300001000800000aa00389b714d50454700001000800000aa00389b714d50473100001000800000aa00389b7100000000000000000000000000000000 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\FriendlyName = "Bandisoft MPEG-1 Video Decoder" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\InprocServer32\ = "C:\\Program Files (x86)\\BandiMPEG1\\bdfilters.dll" C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\BDMPEG1SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A1C6833E-A3EC-4397-9FA9-151792F3408F}\ = "Bandisoft MPEG-1 Video Property" C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\BDMPEG1SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A1C6833E-A3EC-4397-9FA9-151792F3408F}\InprocServer32 C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\BDMPEG1SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F4F5C9E9-CFCC-4C65-A8BD-0423A338F188} C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\BDMPEG1SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E2E7539A-CECF-4A6A-B187-939943ECEF05} C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\InprocServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A1C6833E-A3EC-4397-9FA9-151792F3408F} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{89C4B786-A490-4A3E-AA70-E6A8C61D3689} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{E2E7539A-CECF-4A6A-B187-939943ECEF05} C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\BDMPEG1SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A1C6833E-A3EC-4397-9FA9-151792F3408F}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\FilterData = 02000000010080ff020000000000000030706933000000000000000001000000000000000000000030747933000000006000000070000000317069330800000000000000010000000000000000000000307479330000000060000000800000006175647300001000800000aa00389b715000000000001000800000aa00389b710100000000001000800000aa00389b71 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A1C6833E-A3EC-4397-9FA9-151792F3408F}\InprocServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F4F5C9E9-CFCC-4C65-A8BD-0423A338F188}\ = "Bandisoft MPEG-1 Audio Property" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A1C6833E-A3EC-4397-9FA9-151792F3408F}\InprocServer32\ = "C:\\Program Files (x86)\\BandiMPEG1\\bdfilters64.dll" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\CLSID = "{89C4B786-A490-4A3E-AA70-E6A8C61D3689}" C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\BDMPEG1SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\ = "Bandisoft MPEG-1 Audio Decoder" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\InprocServer32\ThreadingModel = "Both" C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\BDMPEG1SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\CLSID = "{89C4B786-A490-4A3E-AA70-E6A8C61D3689}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{E2E7539A-CECF-4A6A-B187-939943ECEF05} C:\Windows\system32\regsvr32.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2672 wrote to memory of 224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 5964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 5964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 5372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 5372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 5372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 5372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 5372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 5372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 5372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 5372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 5372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 5372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 5372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 5372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 5372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 5372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 5372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 5372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 5372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 5372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 5372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 5372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 5372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 5372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 5372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 5372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 5372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 5372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 5372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 5372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 5372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 5372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 5372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 5372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 5372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 5372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 5372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 5372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 5372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 5372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 5372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 5372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 5372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 5372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 5372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 5372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 5372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 5372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 5372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 5372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 5372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 5372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 5372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 2384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 2384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 2384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 2384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 2384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 2384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 2384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 2384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2672 wrote to memory of 2384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://epicpbglobal.zapto.org/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x360,0x7ff965a5f208,0x7ff965a5f214,0x7ff965a5f220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1772,i,10122461843090803550,15287642230528710156,262144 --variations-seed-version --mojo-platform-channel-handle=2224 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2196,i,10122461843090803550,15287642230528710156,262144 --variations-seed-version --mojo-platform-channel-handle=2168 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2004,i,10122461843090803550,15287642230528710156,262144 --variations-seed-version --mojo-platform-channel-handle=2644 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3496,i,10122461843090803550,15287642230528710156,262144 --variations-seed-version --mojo-platform-channel-handle=3516 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3504,i,10122461843090803550,15287642230528710156,262144 --variations-seed-version --mojo-platform-channel-handle=3540 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4944,i,10122461843090803550,15287642230528710156,262144 --variations-seed-version --mojo-platform-channel-handle=4832 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4bc 0x308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5020,i,10122461843090803550,15287642230528710156,262144 --variations-seed-version --mojo-platform-channel-handle=5368 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5320,i,10122461843090803550,15287642230528710156,262144 --variations-seed-version --mojo-platform-channel-handle=5400 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5912,i,10122461843090803550,15287642230528710156,262144 --variations-seed-version --mojo-platform-channel-handle=5920 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6204,i,10122461843090803550,15287642230528710156,262144 --variations-seed-version --mojo-platform-channel-handle=6228 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6204,i,10122461843090803550,15287642230528710156,262144 --variations-seed-version --mojo-platform-channel-handle=6228 /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --always-read-main-dll --field-trial-handle=5960,i,10122461843090803550,15287642230528710156,262144 --variations-seed-version --mojo-platform-channel-handle=5984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --always-read-main-dll --field-trial-handle=6444,i,10122461843090803550,15287642230528710156,262144 --variations-seed-version --mojo-platform-channel-handle=6464 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=704,i,10122461843090803550,15287642230528710156,262144 --variations-seed-version --mojo-platform-channel-handle=6268 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6432,i,10122461843090803550,15287642230528710156,262144 --variations-seed-version --mojo-platform-channel-handle=5996 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6384,i,10122461843090803550,15287642230528710156,262144 --variations-seed-version --mojo-platform-channel-handle=6028 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=5924,i,10122461843090803550,15287642230528710156,262144 --variations-seed-version --mojo-platform-channel-handle=4880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=6760,i,10122461843090803550,15287642230528710156,262144 --variations-seed-version --mojo-platform-channel-handle=6812 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --always-read-main-dll --field-trial-handle=3816,i,10122461843090803550,15287642230528710156,262144 --variations-seed-version --mojo-platform-channel-handle=3328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6952,i,10122461843090803550,15287642230528710156,262144 --variations-seed-version --mojo-platform-channel-handle=6748 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --always-read-main-dll --field-trial-handle=5428,i,10122461843090803550,15287642230528710156,262144 --variations-seed-version --mojo-platform-channel-handle=5456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=6860,i,10122461843090803550,15287642230528710156,262144 --variations-seed-version --mojo-platform-channel-handle=2700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=7036,i,10122461843090803550,15287642230528710156,262144 --variations-seed-version --mojo-platform-channel-handle=3684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5948,i,10122461843090803550,15287642230528710156,262144 --variations-seed-version --mojo-platform-channel-handle=6468 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6436,i,10122461843090803550,15287642230528710156,262144 --variations-seed-version --mojo-platform-channel-handle=6816 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=7024,i,10122461843090803550,15287642230528710156,262144 --variations-seed-version --mojo-platform-channel-handle=5416 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5512,i,10122461843090803550,15287642230528710156,262144 --variations-seed-version --mojo-platform-channel-handle=6660 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5056,i,10122461843090803550,15287642230528710156,262144 --variations-seed-version --mojo-platform-channel-handle=5792 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2828,i,10122461843090803550,15287642230528710156,262144 --variations-seed-version --mojo-platform-channel-handle=3300 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=1140,i,10122461843090803550,15287642230528710156,262144 --variations-seed-version --mojo-platform-channel-handle=2680 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3516,i,10122461843090803550,15287642230528710156,262144 --variations-seed-version --mojo-platform-channel-handle=6228 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6028,i,10122461843090803550,15287642230528710156,262144 --variations-seed-version --mojo-platform-channel-handle=5412 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5076,i,10122461843090803550,15287642230528710156,262144 --variations-seed-version --mojo-platform-channel-handle=5528 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6680,i,10122461843090803550,15287642230528710156,262144 --variations-seed-version --mojo-platform-channel-handle=7068 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7276,i,10122461843090803550,15287642230528710156,262144 --variations-seed-version --mojo-platform-channel-handle=7008 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x2b0,0x7ff965a5f208,0x7ff965a5f214,0x7ff965a5f220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1924,i,11677709899427126220,17359416911813594140,262144 --variations-seed-version --mojo-platform-channel-handle=2032 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1980,i,11677709899427126220,17359416911813594140,262144 --variations-seed-version --mojo-platform-channel-handle=1968 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2568,i,11677709899427126220,17359416911813594140,262144 --variations-seed-version --mojo-platform-channel-handle=2600 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4140,i,11677709899427126220,17359416911813594140,262144 --variations-seed-version --mojo-platform-channel-handle=2636 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4544,i,11677709899427126220,17359416911813594140,262144 --variations-seed-version --mojo-platform-channel-handle=3784 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4544,i,11677709899427126220,17359416911813594140,262144 --variations-seed-version --mojo-platform-channel-handle=3784 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\EPIC-GLOBAL\" -ad -an -ai#7zMap11187:80:7zEvent22274

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2764,i,11677709899427126220,17359416911813594140,262144 --variations-seed-version --mojo-platform-channel-handle=4804 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4784,i,11677709899427126220,17359416911813594140,262144 --variations-seed-version --mojo-platform-channel-handle=4848 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4792,i,11677709899427126220,17359416911813594140,262144 --variations-seed-version --mojo-platform-channel-handle=4892 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4616,i,11677709899427126220,17359416911813594140,262144 --variations-seed-version --mojo-platform-channel-handle=4892 /prefetch:8

C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe

"C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4624,i,11677709899427126220,17359416911813594140,262144 --variations-seed-version --mojo-platform-channel-handle=4932 /prefetch:8

C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe

"C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4996,i,11677709899427126220,17359416911813594140,262144 --variations-seed-version --mojo-platform-channel-handle=4968 /prefetch:8

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4876 -ip 4876

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 3804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=772,i,11677709899427126220,17359416911813594140,262144 --variations-seed-version --mojo-platform-channel-handle=4992 /prefetch:8

C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe

"C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=4980,i,11677709899427126220,17359416911813594140,262144 --variations-seed-version --mojo-platform-channel-handle=4908 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=776,i,11677709899427126220,17359416911813594140,262144 --variations-seed-version --mojo-platform-channel-handle=4932 /prefetch:8

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3400 -ip 3400

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 3560

C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PointBlank.exe

"C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PointBlank.exe"

C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\BDMPEG1SETUP.EXE

"C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\BDMPEG1SETUP.EXE" /S

C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe

"C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe"

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" /s "C:\Program Files (x86)\BandiMPEG1\bdfilters64.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files (x86)\BandiMPEG1\bdfilters64.dll"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff943c5dcf8,0x7ff943c5dd04,0x7ff943c5dd10

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1964,i,5161816274978538687,15266142504492671240,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=1960 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1628,i,5161816274978538687,15266142504492671240,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=2284 /prefetch:3

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2404,i,5161816274978538687,15266142504492671240,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=2412 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3248,i,5161816274978538687,15266142504492671240,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=3256 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3544,i,5161816274978538687,15266142504492671240,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=3564 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4512,i,5161816274978538687,15266142504492671240,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=4576 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4736,i,5161816274978538687,15266142504492671240,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=4716 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5252,i,5161816274978538687,15266142504492671240,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5264 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5540,i,5161816274978538687,15266142504492671240,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5552 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5548,i,5161816274978538687,15266142504492671240,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5720 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5744,i,5161816274978538687,15266142504492671240,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5784 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4184,i,11677709899427126220,17359416911813594140,262144 --variations-seed-version --mojo-platform-channel-handle=4004 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5892,i,5161816274978538687,15266142504492671240,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=3588 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5912,i,5161816274978538687,15266142504492671240,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=4868 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5584,i,5161816274978538687,15266142504492671240,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5868 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=244,i,5161816274978538687,15266142504492671240,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5832 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3404,i,5161816274978538687,15266142504492671240,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5380 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3376,i,5161816274978538687,15266142504492671240,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=4772 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 epicpbglobal.zapto.org udp
US 8.8.8.8:53 epicpbglobal.zapto.org udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 150.171.27.11:80 edge.microsoft.com tcp
BR 15.228.43.224:443 epicpbglobal.zapto.org tcp
US 8.8.8.8:53 copilot.microsoft.com udp
US 8.8.8.8:53 copilot.microsoft.com udp
US 13.107.246.64:443 api.edgeoffer.microsoft.com tcp
US 150.171.28.11:443 edge.microsoft.com tcp
GB 2.18.27.68:443 copilot.microsoft.com tcp
BR 15.228.43.224:443 epicpbglobal.zapto.org tcp
US 13.107.246.64:443 api.edgeoffer.microsoft.com tcp
GB 2.18.27.68:443 copilot.microsoft.com tcp
US 150.171.28.11:443 edge.microsoft.com tcp
BR 15.228.43.224:443 epicpbglobal.zapto.org tcp
BR 15.228.43.224:443 epicpbglobal.zapto.org tcp
BR 15.228.43.224:443 epicpbglobal.zapto.org tcp
BR 15.228.43.224:443 epicpbglobal.zapto.org tcp
BR 15.228.43.224:443 epicpbglobal.zapto.org tcp
BR 15.228.43.224:443 epicpbglobal.zapto.org tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 kit.fontawesome.com udp
US 8.8.8.8:53 kit.fontawesome.com udp
GB 216.58.201.100:443 www.google.com udp
US 172.64.147.188:443 kit.fontawesome.com tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 151.101.65.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 104.17.25.14:443 cdnjs.cloudflare.com udp
BR 15.228.43.224:443 epicpbglobal.zapto.org tcp
BR 15.228.43.224:443 epicpbglobal.zapto.org tcp
BR 15.228.43.224:443 epicpbglobal.zapto.org tcp
BR 15.228.43.224:443 epicpbglobal.zapto.org tcp
BR 15.228.43.224:443 epicpbglobal.zapto.org tcp
US 151.101.65.229:443 cdn.jsdelivr.net udp
BR 15.228.43.224:443 epicpbglobal.zapto.org tcp
US 8.8.8.8:53 ka-f.fontawesome.com udp
US 8.8.8.8:53 ka-f.fontawesome.com udp
US 104.21.26.223:443 ka-f.fontawesome.com udp
US 104.17.25.14:443 cdnjs.cloudflare.com udp
GB 2.18.27.76:443 www.bing.com tcp
GB 2.18.27.76:443 www.bing.com tcp
BR 15.228.43.224:443 epicpbglobal.zapto.org tcp
GB 2.18.27.76:443 www.bing.com tcp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 code.jquery.com udp
BR 15.228.43.224:443 epicpbglobal.zapto.org tcp
US 151.101.194.137:443 code.jquery.com tcp
BR 15.228.43.224:443 epicpbglobal.zapto.org tcp
BR 15.228.43.224:443 epicpbglobal.zapto.org tcp
US 150.171.28.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 update.googleapis.com udp
US 8.8.8.8:53 update.googleapis.com udp
GB 216.58.213.3:443 update.googleapis.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.28.11:443 edge.microsoft.com tcp
N/A 224.0.0.251:5353 udp
BR 15.228.43.224:443 epicpbglobal.zapto.org tcp
BR 15.228.43.224:443 epicpbglobal.zapto.org tcp
GB 216.58.201.100:443 www.google.com udp
US 172.64.147.188:443 kit.fontawesome.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com udp
US 104.21.26.223:443 ka-f.fontawesome.com udp
US 151.101.194.137:443 code.jquery.com tcp
US 8.8.8.8:53 drive.google.com udp
US 8.8.8.8:53 drive.google.com udp
GB 142.250.179.238:443 drive.google.com tcp
GB 142.250.179.238:443 drive.google.com tcp
US 8.8.8.8:53 ogads-pa.clients6.google.com udp
US 8.8.8.8:53 ogads-pa.clients6.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.187.234:443 ogads-pa.clients6.google.com tcp
GB 172.217.169.14:443 apis.google.com tcp
GB 142.250.187.234:443 ogads-pa.clients6.google.com udp
GB 142.250.179.238:443 drive.google.com udp
GB 172.217.169.14:443 apis.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com tcp
US 8.8.8.8:53 youtube.googleapis.com udp
US 8.8.8.8:53 youtube.googleapis.com udp
GB 142.250.187.206:443 play.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.187.206:443 play.google.com udp
BE 64.233.166.84:443 accounts.google.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 clients6.google.com udp
US 8.8.8.8:53 clients6.google.com udp
US 8.8.8.8:53 blobcomments-pa.clients6.google.com udp
US 8.8.8.8:53 blobcomments-pa.clients6.google.com udp
US 150.171.27.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 142.250.179.238:443 clients6.google.com tcp
GB 216.58.212.202:443 blobcomments-pa.clients6.google.com tcp
GB 172.217.16.227:443 ssl.gstatic.com tcp
BE 64.233.166.84:443 accounts.google.com udp
GB 172.217.16.227:443 ssl.gstatic.com tcp
GB 172.217.16.227:443 ssl.gstatic.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 216.58.201.100:443 www.google.com udp
GB 216.58.212.202:443 blobcomments-pa.clients6.google.com udp
GB 172.217.16.227:443 ssl.gstatic.com udp
US 8.8.8.8:53 peoplestackwebexperiments-pa.clients6.google.com udp
US 8.8.8.8:53 peoplestackwebexperiments-pa.clients6.google.com udp
GB 216.58.204.74:443 peoplestackwebexperiments-pa.clients6.google.com tcp
GB 216.58.204.74:443 peoplestackwebexperiments-pa.clients6.google.com tcp
GB 216.58.204.74:443 peoplestackwebexperiments-pa.clients6.google.com udp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 13.107.246.64:443 edge-consumer-static.azureedge.net tcp
US 8.8.8.8:53 drive.usercontent.google.com udp
US 8.8.8.8:53 drive.usercontent.google.com udp
GB 142.250.187.225:443 drive.usercontent.google.com tcp
GB 142.250.187.225:443 drive.usercontent.google.com tcp
GB 142.250.187.225:443 drive.usercontent.google.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 172.217.16.227:443 ssl.gstatic.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 nleditor.osi.office.net udp
US 8.8.8.8:53 nleditor.osi.office.net udp
NL 52.111.243.42:443 nleditor.osi.office.net tcp
US 8.8.8.8:53 static.edge.microsoftapp.net udp
US 8.8.8.8:53 static.edge.microsoftapp.net udp
US 150.171.28.11:443 edge.microsoft.com tcp
US 13.107.246.64:443 static.edge.microsoftapp.net tcp
GB 2.18.27.82:443 www.bing.com udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 199.232.214.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 199.232.210.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.187.227:80 c.pki.goog tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
GB 2.18.27.82:443 www.bing.com udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
GB 142.250.187.225:443 drive.usercontent.google.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.28.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
GB 142.250.187.225:443 drive.usercontent.google.com udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
GB 142.250.187.225:443 drive.usercontent.google.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
GB 2.18.27.82:443 www.bing.com udp
GB 2.18.27.82:443 www.bing.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
GB 142.250.187.225:443 drive.usercontent.google.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
GB 142.250.187.225:443 drive.usercontent.google.com udp
GB 142.250.187.225:443 drive.usercontent.google.com udp
GB 142.250.187.225:443 drive.usercontent.google.com udp
US 199.232.214.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.27.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.28.11:443 edge.microsoft.com tcp
GB 2.18.27.76:443 www.bing.com tcp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 13.107.246.64:443 edge-consumer-static.azureedge.net tcp
US 8.8.8.8:53 static.edge.microsoftapp.net udp
US 8.8.8.8:53 static.edge.microsoftapp.net udp
US 13.107.246.64:443 static.edge.microsoftapp.net tcp
US 150.171.28.11:443 edge.microsoft.com tcp
US 199.232.214.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 epicpbglobal.zapto.org udp
BR 15.228.43.224:443 epicpbglobal.zapto.org tcp
US 8.8.8.8:53 epicglobal.online udp
US 172.67.136.19:80 epicglobal.online tcp
US 172.67.136.19:443 epicglobal.online tcp
BR 15.228.43.224:443 tcp
BR 15.228.43.224:443 tcp
US 172.67.136.19:80 tcp
US 172.67.136.19:443 tcp
BR 15.228.43.224:443 tcp
BR 15.228.43.224:443 tcp
US 172.67.136.19:443 tcp
US 8.8.8.8:53 udp
GB 142.250.187.227:80 tcp
US 8.8.8.8:53 udp
US 172.67.136.19:80 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 172.67.136.19:443 tcp
US 104.17.25.14:443 tcp
N/A 151.101.2.137:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
GB 142.250.187.227:80 tcp
N/A 172.64.149.23:80 tcp
US 8.8.8.8:53 udp
N/A 104.18.38.233:80 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
GB 172.217.169.3:443 tcp
US 104.17.25.14:443 tcp
US 8.8.8.8:53 udp
BR 15.228.43.224:443 tcp
BR 15.228.43.224:443 tcp
US 172.67.136.19:80 tcp
US 172.67.136.19:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
BR 15.228.43.224:443 tcp
US 172.67.136.19:443 tcp
BR 15.228.43.224:443 tcp
US 172.67.136.19:443 tcp
GB 172.217.169.3:443 tcp
US 104.17.25.14:443 tcp
US 8.8.8.8:53 udp
N/A 213.188.196.246:80 tcp
N/A 213.188.196.246:80 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
BR 15.228.43.224:443 tcp
BR 15.228.43.224:443 tcp
US 172.67.136.19:80 tcp
US 172.67.136.19:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 216.58.201.106:443 tcp
US 8.8.8.8:53 udp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
GB 142.250.179.238:443 udp
US 8.8.8.8:53 udp
N/A 104.21.52.62:80 tcp
N/A 104.21.52.62:80 tcp
N/A 104.21.52.62:443 tcp
US 8.8.8.8:53 udp
N/A 104.21.52.62:443 udp
N/A 35.190.80.1:443 tcp
US 8.8.8.8:53 udp
N/A 104.16.80.73:443 tcp
N/A 35.190.80.1:443 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 104.21.48.185:80 tcp
N/A 104.21.48.185:80 tcp
N/A 104.21.48.185:443 tcp
US 8.8.8.8:53 udp
N/A 104.21.48.185:443 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 142.250.200.42:443 tcp
US 8.8.8.8:53 udp
GB 172.217.169.3:443 tcp
US 8.8.8.8:53 udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8559bb201301bac4263e09772221dc97
SHA1 60e730eb5fc38020a46d371afc3c85ab563298ca
SHA256 d238effd0fe1b99e7a87fc29545185513d27298b390a3079f064f448febb2780
SHA512 a4b672e8a2996f71addd40496af8ae9fd10d0ed81136e46b7fba7ef6ae377b4dd5ed4d6cf6cc7de11d6b86a0d66ed4b06ed17af514f1ba7977d77ddaf4707bb0

\??\pipe\crashpad_2672_SAVCIMMSOMAOHGWA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c33396e3022b6ed994f5f5893a2e851a
SHA1 c0fbb753a97acabe431ee8aa5d21ef1d4603cbf5
SHA256 01d8a123f4bafb28989d538511f2d8ac4dfc90bbe97dbcf3425bb0b243d5e638
SHA512 53b6cee71724f1be8ffed43edeca7f4fdd697a1874c69939c40a090a09f5c497fe8f4f6ad62bb88cc095075b3c88d8b73a4ae76f6637c079c24bc0e1d6cede6f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

MD5 ded10abe275eca37477a233b8942aa6c
SHA1 0c3866dbfbc1f4edd844a85c1a37add2f7c79170
SHA256 fd20e51acca4feeffef8da09dc39700322b122dc327fc5bc0900236158c4e781
SHA512 6e68b3783d215bbfc081063623071c6903f69c106b7ae4fb0b62ba9e481cd72ac0de240bca276c0fb11c8853eda797e7ace8e3e217d2a432a027a8c130c96c9a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

MD5 5ccff0d1df9ea1e1ae93bebbeb4a4b14
SHA1 0f2626aa4eaf4c499c211c602b57496faca0744f
SHA256 02d3eb7110f46786367ad65bc816da61eb2090beca0a5c371cff60d88f449b9a
SHA512 83268f5c5879be5bb9f992e467c6d00d25b7dcc736fcf19eec2c3327bb65076a7666ae6c4448f2b7a24007d1675d7ec4791fafa5cc12ac7c89be19b100d79de8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

MD5 06d55006c2dec078a94558b85ae01aef
SHA1 6a9b33e794b38153f67d433b30ac2a7cf66761e6
SHA256 088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd
SHA512 ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c2c7d000dc94a65671407395adbf3e59
SHA1 b52ff4e18292c2fb0f1b32ea9b2c0e5e26c119c9
SHA256 20fa6d5587ddb7ac109f9fa9e3ac5adda480a5493a897f883da83daaa9279819
SHA512 0f13959426ede0c9a5673178c108d4bd2b3997ab213ff9ed37625e9d44f1afaeb3144c62c9b2f6c3068040c8858f5f01819f90cc52620f72159ebe585d9ba454

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000084

MD5 caed203dc25415e18f9399e8707da208
SHA1 2eff3fd8d27cf7040540e054561a47b4c1dc609f
SHA256 186cf4199b045c833e9b0de87569fe60d7766aa2fc382aa55ec0c9028612f62a
SHA512 5c07040192194da42b090cf5d83f48b5077e545a386ac98f71d234273c63f1afdb19b0a5429913375891efa798ed6cb0a4dbc81de335f82f7e5affe207ffb959

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 05625d36c70e342c206c92429005a9c0
SHA1 3a8bdad8cb60d2d90627eec0b30cf7e37424c985
SHA256 1813c893b229cda2cdf489a3c5684e55c9a320426e0c22edf9ec4d88286d5c75
SHA512 058434e149fa87a4e3d614355a3aa8f13ce7f632251ac4b28666b89f3bc918229b68a9aa3e0cc9a16e23fda720025c62a199ecea462c695b03876051b3ad13f5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 f767c7548750f471ef35d62bb23fad04
SHA1 c2e6a497bbe846e89fa561c417248edc5f152319
SHA256 5a2373fce09c5823498362745441ce8903866cbfdf6ad0e52922ce9d5139e751
SHA512 fa876796cb336560e591fe8dd1376306ea00d05ad9670ed7823d5a72e44d39c9dfb9c0c5a66b5b305e644b23c7c368ba36c4be9925c0593fc2c7cadc0234dbed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

MD5 20d4b8fa017a12a108c87f540836e250
SHA1 1ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA256 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000075

MD5 d26ea04ff863963a16cf129f7ffa0121
SHA1 69b28c7c76d1812d0a61af69f48eec0c7bbb9264
SHA256 c052d63cf699b9c7532ddb0932ec70960d05a7a6f29744dcbec82879f4ac0ecf
SHA512 25dccfd5f6a07b2491a80c7a64e60f0f2809528d371dcd5147a9cae53ee64bf215b9f1b7c783b8b3145061177f0c9249bd7708f6968c9c472d377dc6dbcd2c54

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000088

MD5 039ed3c33d6eae5f5a96e423a9cfe5d1
SHA1 021a3e052cbc9da2782b4847a39aceaeaf3a1b96
SHA256 ef53b6d56186d1a28477d287b123bbf41d063a938180630b1046cd7cee998cdf
SHA512 a1be7b923bf55df997ac5a3fe6b08c98ab19cdc73e53bfb1ee1456981149274faada504899194accec12242228e3a4e5f60d1c5c7220c5a33a8c523a4f26abbb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00008e

MD5 c0e7e9804344821db2cc2a62b7f01934
SHA1 aa3665e106750113935a8fde437151fe8ab6fd8c
SHA256 f209523a8343fcce79e951dbfdca90a2367c620b61a9f8066ba207d550a681a2
SHA512 47548be00718de70cbe9f1aa24c076d8b2c41d1cb50e9788af4eaaa2f6d332417b03db3979dbd5e5c2be84044df19ccf9b1fdd465947419b6b94c21e895966d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 b74dd1901f54a400c3e638ea2599c6b5
SHA1 884cf025bae4a1b1295a09f60a21e26e8d5f382e
SHA256 44a717c913ef02fbb791a5d0a99d995d5ce8339b42d2cb37b4a89db3e117d846
SHA512 c33101fb19950a9d7bc4ffbcb7036575393ae296c41c98ae65aecfbccf32b802155d2fa7b52a86ffd565fb98d5575ad841a2a78a04fc3e8e901019b9687581ee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe582863.TMP

MD5 53ed3f8085e85c1a00127de4e0295cb0
SHA1 3c9a783d1b0515c90d97e629906920f1ecc8a71b
SHA256 0e8dec99603661fab40fb7fd94a31f908450d47ca33774db109abcf5dccb7ed2
SHA512 5ff332d162a2a95f7de4e8dca65103d11787d5614d90342a38495a4d7ef215718e643bfb0cffd4719db74d62c78dcb7998b374b0993183080dfb9ac0895ed238

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

MD5 e46a67fb2c1279c2d8d327196a8b3ed8
SHA1 6084dc9a7c21111af48acd7b2b973ff701c00457
SHA256 c26d6d697cf3f2cc972fefe1929aea6afc78dd117bced557a6998a2822f81aa0
SHA512 3843adc2b7f7dde37d5a7b7e7476ef54f2c2ddcc89b274f349f8f9f787d9e6838bd2217802e6d3f5ff8c918c8b5e5fd25a8993f813d7e1e74056393eb5c90f51

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe582dc2.TMP

MD5 3f2033e865df5b86d004d987674b0f1f
SHA1 3fb12408daaa1dd4701715221b0c3c6f8afeda06
SHA256 294b67208063792a955faa538442b380c186da0dbea930951fe6c7a46751133b
SHA512 8711d1764ba12309d0947a6bd8a718677c89aff8550dbdf71ff15ac1356c5b13361283be1b9c333901f5b10f61f428dbb4680326c4e2a553825368dcf2e2b5d5

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 095194d83ec1eb43bb0eb92420b41c18
SHA1 f5cc6836212e1dbe32dcf32012eca0377de83e14
SHA256 9d60ee9d69b637e92412f13099efc088206685ed23c2c3892697827ce4034cba
SHA512 3149ed2d769e1f0cfb7feea376c1b067839f4b396762360de0a925584f304743fff453ae43b1de3712579ae920285a7776949067173e1d4c22309190c7e3cbaa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

MD5 0a603c50a5017dda77c2c23b8a7c468e
SHA1 774925234123e3d7d082dd5bff50e42cc44311d2
SHA256 3c751a20c83a34f5d0271deaa74d6bae9aca18b03a5f1776ca7fcb93334adb6b
SHA512 28b51c2d793ab7c726d95629466a882f56ea65f06a4d977ea394e2e662ad0a7669c43f15566f563d50a2e227301bf25f7c8120b428d45dcb57cc0015e70f8406

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 6d70bfef6387bad8ecd7ae564417f0fb
SHA1 609593edfd30aab4b8870b489f6cbd7171ae96ec
SHA256 cd443359db99064b7a018237c4dc5cbdcf2ac32f0e104ab79fce692980bacc8b
SHA512 dc6f0079b28f9c5e3b69f6fe382d107897e9c0ada4fe8b1651abbbb29a6e6f8815d6d48b92520b807c47eb605e01473d93c998aa477745339916f2d30ec0e4ed

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5862bc.TMP

MD5 00f2ebac241bd332e253f6e09d680f14
SHA1 2681b8b4b900385f3de212640a1cb8129eee7d6b
SHA256 0fbd0db98e59e11fa9a5b0be83de7702940c9d9c9a7d29ac4179c583dca6b93e
SHA512 c8c3c753983e7495442ad78c7177262fffde91fb3a4cc90414819a1253516503f5df48c2efad7425cae531732f8a9ab4fd16108d4caa532e45fae6cc801a416c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 e975312266514c718fdcb5db8e97d9c6
SHA1 50d09ace3636f4996209bbd3529f030d69bf9e9b
SHA256 28a21a46902ddc6adfa63f02d0c8f7f868ea9283bcb2af17ad1181e1dd5fde4d
SHA512 be67bb5c9724fe403e2665ab252a3e4e2a8d76e5e2255b18a1fd6b65e19f4e25fc620a380284b3ea46ac87ea646cff89f1f4c49717f243a58e3c0e149edd1824

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cc4f845377359d88b2a1ed345ceaa97b
SHA1 6a64c0dfe473b3ad5142e38f77c4412d3eb89775
SHA256 e0649a55a5c1d2161e708f279a7f105ce451edaa46a957dff31f1aa1f6ce2f87
SHA512 3f1cb6f897ac2e506ef9aa771a40d11975293ae4744e5ea2b5de3071c72310110a10cbe597df80bcc9cd25598ebfc398b508d7b7be3fe808ee7047b7ccda1aa0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

MD5 9e2c6546f51577f8ce9f9863c90683f9
SHA1 360b3a5efc5bc93acb3e0b91b45d7e94f79c0463
SHA256 07c2f34fb25aea122064517a3fda47a9b60c322ce3ad51aad6aa7e9ac6e3f24f
SHA512 b441c28df971c9576e9b844a00dca874171eb23c9436b2cca4a19afff7b1be001090f4ac54e376ea77c26e3ef2aa7b7c2e040fc1159172fc304d21e0f35ebf2d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000a0

MD5 bc5060fdbb0e6c17f88b0ef9eb19de06
SHA1 49fdfc73f283c1a05d24d6ecd549b6b7f8f9a4bd
SHA256 4b80cb3975c3177f6845c4fde418549e37257425db6594fd4984901d67d040bf
SHA512 0529d839e4542cca72127d3c84589d7fecc1e57c28bf713fd8e585bd2ca98b04e3a94e5a665859db8c9d8706c56616b8a4ad1974cb7ef28f2514d9ec9db7ab02

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d1f17f7461e687bf1ce6600811ae58fa
SHA1 d41da618f6a234d29d96cc1a3e77ec95958331b3
SHA256 ae1f5b3986b004527acc21490970e5aa9b0b9862807e27090d3e460af8d24a4c
SHA512 5ecaf32177d5685b2b9bd70af0291ca44753aab5b7a35b1af8dfc3ccc4a23dddc285419034dc9a49e52dfa82da0580d9622ab3cc21012fc57a8022030d63ec73

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 8d9f1c56957613d5c7c591d2aa6264c0
SHA1 c0063c60ad12f6cf46d2c1d67ed353bcebdd124f
SHA256 e50ffee6ce2d3b53ae67247b0c7895b0ddf59ec397bea4530cc7a5a5548f4b22
SHA512 ff2096f88af79ea29195cf187fb2635187259dda113a12a443834e7e48b0b78a4ba13e480f398ffaccae8755db3f738a25618c8eb52afab02fe3c5089df79e67

C:\Program Files\chrome_Unpacker_BeginUnzipping2672_882585306\manifest.json

MD5 c3419069a1c30140b77045aba38f12cf
SHA1 11920f0c1e55cadc7d2893d1eebb268b3459762a
SHA256 db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f
SHA512 c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

C:\Program Files\chrome_Unpacker_BeginUnzipping2672_882585306\LICENSE

MD5 ee002cb9e51bb8dfa89640a406a1090a
SHA1 49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2
SHA256 3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b
SHA512 d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

C:\Program Files\chrome_Unpacker_BeginUnzipping2672_2019422434\manifest.json

MD5 89217e000f3145a2523e43f947208e79
SHA1 cd7915d003ee87f2babc9ee9add12841022710ac
SHA256 6722a860c855cf94a54fd1ffdd3801c4c949f5b67d8601ad300264931057f2bb
SHA512 385257ef9c67d80006eb350ac79718f30e08d810a1568454806f2505b482e0093f784d0d4cd24078317f863db500898343ce69391c0ae7fc767697f6da38eeaf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.5.15.1\keys.json

MD5 03f15dff10ac451682f8a308674ddf77
SHA1 c723e23c49bed8a52b8f947b2cb8879a110fc94b
SHA256 f967e18d5b1839ba801212f032e7e6dd92f7ba6958bc3ae9b122d9fadf2b1bf4
SHA512 df8fdc89cc1e6f2edce49b41bd9f71dc7f7a8daab40f1355415119f9c0a0d5067337d966472ad49f855ecb9a89bee8d1711d8a869589a03e469530ee8d7e0f3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ad8bf2545dc4c3395c209e4556816cba
SHA1 e2fccaaacfb0c863ff3903577e9a921ba3c46dc2
SHA256 7eb5ab27065483d529c2e66b863ec5943ed686b02905f97a49f0e49911998933
SHA512 f3f4afb46f38d2bdd56bb524c72df8beafdfd4a1a0fd621350af04fbed27764c56d480cd99a1d20a50cbcb4857834068f6b7cab678cae0e6ad73d14bcaa226f1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 2a773a38e6d78d4f0ac90fec9bcd2fc8
SHA1 88e3517abbc9c9c7cca5e63fb1c81cbd58c8a06d
SHA256 6adf599dd10ad5a18c6b78b38b19a35656446c7efcf97683b9f0494bebce69bb
SHA512 e2d8e35f2b90b64c00510592648b7ee88c4d90ed68895f1fa55dc0d5e367a757a2ce16a041252c0b8f5fb647236f5d3c087fc793ba2ffcac704b0d75c430f69f

C:\Program Files\chrome_Unpacker_BeginUnzipping2672_1078917640\manifest.json

MD5 778202dc964e7fb0ab5bed004f33fb14
SHA1 932ed013275e2c1172575885246c937c7cca87af
SHA256 4474f08d1718da148ddb55aeb998886c053f6539c2fee3b3b1796f3855792ff9
SHA512 9105af9928af4bcceb2cdc2161137ef6b07f4b97d663bbf27086f80dd266e967a5524aa5aec3f457493a0c4b98aa092aac6bd5062e72cbd4d939402c92093948

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 3b3bc1de2e707ef08e6ce222ce725c96
SHA1 ed43d19114af493e7a2174a92a55651e76e0fff4
SHA256 9159339a4413b8c79d0a7ce754506962cecb98e8f2b4a82a3f00f508f3de17e2
SHA512 1bfec63265352c331229397f39bac1ee52e45a3ac9149e06d6a3804096e919e16ad1260c12e33cbdb0ed3e758e2a9dc7cc8b92473552095444b2690ee78b06e6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.16\edge_autofill_global_block_list.json

MD5 83fa257627cb07f25d59201b73b39c90
SHA1 4f0997b451e4c4a3b4d6b6641eb9ae27ef2b2e3d
SHA256 dfe5c91426765e7cbd52598f2de41e5196cde1242dd941a824419ec94224a135
SHA512 bc7258fb88aa77a36f2145402b3fefbabf3e21473294f1227b0cd7f3a75ee9f1e77bd30e3d5df740340a7f66d25d5637c6299d3cd3c50181bf5beac4f6fb33e8

C:\Program Files\chrome_Unpacker_BeginUnzipping2672_707624198\manifest.json

MD5 4e81f856241f98ee1d9f66c50d82be04
SHA1 35baa5754a213e3238d8827cf1bea868f9e8187c
SHA256 3cd3e4d5f61b46b8ce46662b10c6ba8fe34ac8e103e15f672fa7fb222b8416aa
SHA512 70643b61d2c7769af52a34c2d87f6230cb61985decb865ecf376855b3f1888fdf3aa477573f647e2e09c09ebf036a711b5a57f333f0285d05eae5972c7d31afe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.16\autofill_bypass_cache_forms.json

MD5 8060c129d08468ed3f3f3d09f13540ce
SHA1 f979419a76d5abfc89007d91f35412420aeae611
SHA256 b32bfdb89e35959aaf3e61ae58d0be1da94a12b6667e281c9567295efdd92f92
SHA512 99d0d9c816a680d7c0a28845aab7e8f33084688b1f3be4845f9cca596384b7a0811b9586c86ba9152de54cafcdea5871a6febbee1d5b3df6c778cdcb66f42cfa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.16\v1FieldTypes.json

MD5 c1a0d30e5eebef19db1b7e68fc79d2be
SHA1 de4ccb9e7ea5850363d0e7124c01da766425039c
SHA256 f3232a4e83ffc6ee2447aba5a49b8fd7ba13bcfd82fa09ae744c44996f7fcdd1
SHA512 f0eafae0260783ea3e85fe34cc0f145db7f402949a2ae809d37578e49baf767ad408bf2e79e2275d04891cd1977e8a018d6eeb5b95e839083f3722a960ccb57a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

MD5 9b51411953623a9bd647cc9f864c7663
SHA1 4cb636bf97ad1b668a7fa90132255d74b691e2bb
SHA256 fba90726e19aded20df1805fe8c1722e5edad8dcf27399c71103e588d9a9f477
SHA512 ef93ebdda141478e130771338f5865beb956d4c9fbcdfd876ce7c0542c3be41892bea160d339010e0ad28aa6ea27db8ffa2b8a2421e368b112ddc216d014c1db

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\MANIFEST-000001

MD5 d8f05632431eac266ba4d9c3d2c63c91
SHA1 b2058640486df41b0dc17ca4567a5ff941d37f26
SHA256 9a34d446eaefd20269f02049b5350a34e1effb46dbae03bd310c6f2e6847370b
SHA512 156f5928f9187cd3d22f4c8e244875c0aff4c8d5e0c9fcb853b9e76fd8016b16f8b15d6bfe0c4a545de5dac8bcafd3bbbfaa7212cc8c7085e2d54bdf616dd1fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\6a0b3401-ba8e-47a2-8521-5e5405facff3\index-dir\the-real-index~RFe5c40ba.TMP

MD5 1c87a33a7c7fc120f3cda8e49b5c25fc
SHA1 4a66bde18214f8e3c7d1a2ad4b1b8237503515fa
SHA256 d3146395ebec4289b0b2341f4b2d7382eb794a4119cd487ea454894b1d43ec14
SHA512 1ec368eb79152a53e62dba521209cd3c48e9c8925c5dc8613e3d65b4224806e3a99777c8abe1e90bb8aacb26cdad481317f51401d1bdde9615fe3239b0e3a7e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\6a0b3401-ba8e-47a2-8521-5e5405facff3\index-dir\temp-index

MD5 58b1c3c76f6c8bb3c62d87cbe1d7af45
SHA1 277ab5c2da276d9ff0b8f34d5bf1234f610077cf
SHA256 ab3b983b791602f5794488f515706d4ae806ebc98e5069bc4e0070ec86cc869e
SHA512 d475166fb0f6de720aa0c04ef741429b8ed7dfff7a1ba3f3a43f697e4e715215520c699dae77d8d547ae7f67f2b24d43a38720f44d7923bd579adaf24dcadb25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

MD5 87f54d09b74e54b92631cb6326b221c2
SHA1 b9d3ab1c3636acff6896c61699f8641261563873
SHA256 9f52670588f5bf08cc5b90f462fd196efb77f02f45b79af0f03c2e299cc339ca
SHA512 e55aa3bf7c0e2c991d719deb69d90d9b5f5d370f84b0e2772e99a9682fca8a9a1296c59e810486f79094898f1d2034bdff074e5bbd72eff75a11310f96230968

C:\Program Files\chrome_Unpacker_BeginUnzipping2672_1938653338\manifest.json

MD5 b721bdf2924d658186ac8868dbd2c008
SHA1 914aacc65bb7933bd73aa06f8bd2ca0b04de3858
SHA256 dc6a19395ad3a24ee3805f6e90c6b16fdc141a51ac7fbb99fb784e423f8962f3
SHA512 4c1c16f714a2e2436697bc801f7e2f684010c833e3d5fe6ed68d6f3e630afa495412ea5a1b46f4bbbb1102feede84e72f32686910492510cbce71888a85b5fda

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 171a23861e97ca58034582cb2bac3a07
SHA1 618a7ce3d3a847582867fac04ad3ef1b97547c41
SHA256 026342131fbbe5bfbb475f79cb16a16ed4bb3da314ad8e1b4929b084794ff240
SHA512 86b3d7880a95a9cffb4caf507ea913b31d2e49d7f1f97f9c0727d0f4823191550ff17a850c1de3239d289fd1c6529581c61c70ea3a1c7c07309f34713defed25

C:\Program Files\chrome_Unpacker_BeginUnzipping2672_598939780\manifest.json

MD5 ba25fcf816a017558d3434583e9746b8
SHA1 be05c87f7adf6b21273a4e94b3592618b6a4a624
SHA256 0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11
SHA512 3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9d0535190a5c97292f020d61fbdb87d6
SHA1 3e2da77205fa8ab86b84f1f8569e2c614000ff82
SHA256 2afca66adede4ceb051c43f0382d3e6e154e11a5f434ce5aacfef7cfe0c3400f
SHA512 039186cfad180803ce807b054ce72cd07e985334765281057d2e07d093f8753da973c406ac229dff8b524cc9a505caac8c78469d23296ea34c5a82a7a6b3cbcd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a9b828395bb794f266bf9c19b020b7a8
SHA1 2989e0b10d9e5d8e2e37222da7f51289b88ce2cc
SHA256 369844699ec412079e1fd62698d1e5f6fd1f9652e26a739aba10907a628d619c
SHA512 e7d0eeef0c329ee421b8f42aba2b5b436786657a6c3550e4c2fb88327ea3e439f312ccb77e33b23db1fc87cd992e5758a543f3bb4a6b039b2e83791864118ce1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e6f4da3fb160d71221646bb527de842f
SHA1 a7fee81d20da1c2c2c92211b04139c87ba72f1e0
SHA256 1bb5bc4ee941e6f4a8ae29349227476afa0319ee240a2a4fb3e9bd953f3c8b30
SHA512 2600c0f2069375755aba342189b9857811daf9b9d8f192254bba31122a7e01fa6ba3c5f49bc3389b6cda96f0bd3d6751f265c74a67690ec7e4d3b4569af512b4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 b7afac77d0f4ac126201f045210e04a1
SHA1 589301963833fe1bb15dd25d3356611b0e62a309
SHA256 e1f8e7479924bf3e938ce5c63546ad9423fd6339371c606d921646fb0280fd6a
SHA512 a07f4a99794267cd7f1989f6d86363423a3c7eef99f7a2f5556b1438530fef3d98c5186d6bc9fc1713915d8554f013212b95c5cf17ecbd3664e2c253bde726e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1

MD5 959b1927f15d43117cfe03100e76cbeb
SHA1 9297e8c35a5dee688af00d48e5433d76d8ed08f8
SHA256 616df9471fd32fb54f4332a584feda56d3f4f22b0a94292e19e20b633facb94a
SHA512 1d79ea1f7816143499532268d7743d1473683176bc485e98f95d6f4ed1d84281034af2bc75e0537b8c3042ee725b62b93b0a978be28a2c0e928e999c1454b464

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 cc10292a2dab9aa77d3ac0c9affc84ac
SHA1 2e13c437c97aac1799735720412b6237ba864e0b
SHA256 a44d8fb65e529a23acfebca59a42e1a1037a7ed42a9b93af95e8d7cf01487959
SHA512 268b55a9cc71eafb46296abbf3f1314090ad6111b66e97f7b45c04456913bcd3fe60f85259c46e2ffc7a68095410223cd7d4fd7f44bf8f0ff4a83ba8824013bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations

MD5 961e3604f228b0d10541ebf921500c86
SHA1 6e00570d9f78d9cfebe67d4da5efe546543949a7
SHA256 f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed
SHA512 535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

MD5 3e45022839c8def44fd96e24f29a9f4b
SHA1 c798352b5a0860f8edfd5c1589cf6e5842c5c226
SHA256 01a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd
SHA512 2888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

MD5 d967e6c3d01fe3bb9699412964072f74
SHA1 a5e2a3104e651a6abd2021db2f2df7bf7e2e1538
SHA256 0278bc8f7a8d06dcd3f22d552aad75c4a0af495bd13e77c992a56b4e89309060
SHA512 54a920213dc5ba33397e7693f2972997127c80cd82b94f8943ab97a8481c596a98e6d662f3c5213871e941d1186f61ba49ee3daf9eea52dcef52ae72638549bf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

MD5 de042f18973e35f06e8aab99580f8bf8
SHA1 8e734b9c7c9679cda1b412b96d2e6a2b76852667
SHA256 63f9443dfda81322d6ab92d64bae511c0b1edb167da2ea7a728da426c208fa0b
SHA512 82a3728dad7e19e84420136d0a610fe63ed4ada9419ac03387401cfdad76b80a5c1304a1198bc21c10041ee3614bb1ebe378a56a441ed77bab85b39a9a1823ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007b

MD5 a134abde9daa53eb4b62686b01550e90
SHA1 c5215e863d37b220221ab2bdd4a0ad2df838b0ee
SHA256 09c25ab6ae4e999501ef4fe5f5d9ee11b30a2a3b1b817670cd14c0a3f4584a41
SHA512 1f5f1e9d2c03be137ead56fe7e2d24a928b9b0a0eb81f23f6cb307b04e6ce826e7bed518d481c3f0e3e0d06e0ee00a98dfd5fb78b4dc95ddf62898165f0b611f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007a

MD5 b86c368a89724406060a8b3944ea1c6e
SHA1 8a731ff19eaf4f44d89956ced4985b13cf05ad6e
SHA256 85f9cdc264d75c8924e39ab0a80f1733bd99ddd4ddb42a9e8dda78e0aad01195
SHA512 b8643f4ddcd0cba13ef10f45a1c37249ae63518060a7aabff2479091b5e2ff40db5d99f98a3596f9d409f83e87c8f21e7c85d40c5295c4e4dbd8701aa25d2536

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000079

MD5 be6063af2f340f8480f2101e38952fd3
SHA1 07fbf9b3ae22489886fa656eaa28f861dafc1eae
SHA256 40e82ba7c3f1bcceac0198d1af624f55203dd27786a4fa2634a05fcc7da140f3
SHA512 bce33bdcf1c71dbb601a8517cbcbb8c0d9790724a6a6f9831df31dfe4bef6fdc716a58c8a7d7ee1d3d3df400a9d7710b8eb6567be654f2508678324d70358222

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000078

MD5 8b0ddedbb27cbc9971c8667caa8a0cc1
SHA1 4350f9ba93384634faf35f41c503c99c767f1069
SHA256 748332090c4b8e20f95d0ff59f0be20fa9c889359d3b36d4b886d73376054207
SHA512 d3b4791b988fcfd9911a2158163d0c44d6797650890b5d4ac769417e09d8fc2c67edc595be8e7927de0519a85eeb3577d0c7e385bdc99d762c7a6cfbad021b39

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000077

MD5 9a01b69183a9604ab3a439e388b30501
SHA1 8ed1d59003d0dbe6360481017b44665153665fbe
SHA256 20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2
SHA512 0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000076

MD5 c64278386c2bbb5e293e11b94ca2f6d1
SHA1 6b99aa650bd12a36caa14e0127435d8f4cd3ba73
SHA256 7152a6933ee3d690ec2af3d09da9d701723d16aa3410a6d80f28ff8866f3b880
SHA512 0ccdc1515510d902c0b4a48b863c48bad86e1f766b1f9c890a64e28d91ee7c6d488241c531fc094d15b29c211da71e092587a987e24ee8e67ef8ea99c284e821

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000074

MD5 351af0830223ae89a8b9df75fa3bb694
SHA1 d9b435fcdf91a8157bcf438593c8c750130a1615
SHA256 cf9718cdeb6e9714a29225656d23bba8f81d4487a200febdfaa1083c80fb9534
SHA512 e954f6a3656cbf484df9bc8b32dc3812be9375537119cb9b5631b9a3dd96ec3fa14aa72543022d5e044b8d4ccc6dacb32470fdc4f55106737182300f00630e8b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000073

MD5 52ff085d1d684dd24bb78912c89584c7
SHA1 7db389ed9090acc3b2c7a75cd8d0262f8026905f
SHA256 94e44901dc161544d473d7df0bb62b0e0467633ecd1769fb9b9b008967e15d1d
SHA512 9ba663419dfaac64ab326296272045cf86923857462ab7f45597b98f843e222578dad6775fa61f0dff99f9e56af3c40c3dbb24679786dd6cc78d0f7838ce1b3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000072

MD5 63b528b7d51c7dfcb9a7bee7fc1aba37
SHA1 8530a68e11bfd85bbb9fce922462b08ef1810763
SHA256 3030a03f24fc7876a8684799c25acdf58c6b354b0f23e224e9994e35d5f37e28
SHA512 2b81607c6cc720b47e025642bc3a600461b9520f4762ecb7fc25402f5f471ed48274f5181c836372818f2a0f43df3e9a794d3dd6f4cc4671b034609cbfd7e75a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000071

MD5 05153540ea642c0264327ba6c1133e16
SHA1 c896199bdee0ff8045c315e33202e1fae96315e8
SHA256 8b59db5487fc771e16f7c05d84de7cfb1eba1a68b378b35f4834e7113bdf69ef
SHA512 06cc065996bb142aec3af7de2d3a3a61e36512c19ffff312b25f0fe3d66a7bffd4707dd017b891db7a0cb5f927354aa0470c650f8ebebdc4b45fcc376be2bc6d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000070

MD5 aa522cc3306f285a769b0342e82f452c
SHA1 3820ad3d8ac3d7e42510688e7f5ae9ebc6e39e29
SHA256 37437f49a027b5b2c0d2925167acf7665a7d7dae08523b402d703e8a74ecfd21
SHA512 c601885324dcdd82f92bb103211d807091a57ef4f6d602a90d4e31ba0d7e6eb9c717cf10ef48823af2f48ef276952e92911acaaf4c49e1cfd2e174c28c4eb469

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006f

MD5 1f71a8705633e092f61b51bcfedbabbb
SHA1 734de3cf8cebec41efb6139ad505c79f9699e374
SHA256 40f088fce01605128e76e724490a6dabb727793e37a075ce6b2d37a53bcd7635
SHA512 bb6d3289034f402aa04dd6cf3773af78fcb2f9b7ad8f4dbafde6c5036f83ca20ebec1a1012487f8e92b96f164c98ecabdd2b4a2d085f452927e244b3547c217b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006e

MD5 ad98ec5f85af39954f0ee0c4aa162825
SHA1 4a279f956d7e853025d189e49a4cfe4c49222d30
SHA256 53182447fd3b943abe96b078559307b6f629203f983c3474fd1ee040fd927546
SHA512 9d29e958ff4a04e13e9860f5e43432139c43344148afb07f16310f0256f29d2766dd814d0c62572242ba40ddd7563740024037fc6c7978e917dca5b04bab7162

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3

MD5 54ff7f67554f44e37bbb62d12f26a841
SHA1 22f65437e9ef12414e7f81e00cb85170457da71c
SHA256 30467c171cdf0b4d53613264cd61157ce632c5fb120f9239f0c17fd77299cad1
SHA512 645309b02062fb2a43595521a58ca82aaf4bf8aa87c898d809424e6c69929e33b2af7c9aa888e9cf553a432e585f530042ae7f05df06c0339630f7bb991c3e15

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2

MD5 dc7a4ba086d8d457eb09f3a30bb255d7
SHA1 48cdfef20a286ddf7895dd37fd163ed0dfb94592
SHA256 46ac8c4b1fa86fe178595ec01446485be982eb088eb1bb75f86ae038634fd89c
SHA512 b3a04a575809ef8f91a8059e0daa5bfa38c87233c892a19bcbefef843ed2eedfbf436d34eae00998c983ff5de5bf38a2183e51d2cabcd285da5142a8942eeb75

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1

MD5 cb3a10e4d6c396b28165d0a886a4c868
SHA1 041be845b6dd080e6b47bbe36ec9a3eae85d5463
SHA256 0427b7b5d8dae57dc26aed2bfc6280233ad6e5046a84fe7909eef295fe9adabf
SHA512 6b696989162eddabe04f360d3b34e8ea76f19e6ca164bc712fe7a17d88f92db1c7df1d1c193df2133975ad5639dad5af4141f8aed72f4e333df8b7f06a5377b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0

MD5 76e3084ba2694c51c406de4c81d31df1
SHA1 a05a5fff63071815b2e8d96c6986d449c7192f41
SHA256 98cfd7110a2c3f7bebdc5241770f598bac22a798399b6e54ffb56863701bd25e
SHA512 1661503f050c23006fab5bd4e353ca183bd239c42a32e36ec6f88c6d26ab3fe5d1d8a07568260cce527e92ac69591930b095406ad4f8cc6a4419ceb416ecb250

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

MD5 d5a72dd6c11ac56b5c5b78820d244f3a
SHA1 7ca3d33ed15812979bca70ac25fd56ed191da858
SHA256 d369d14f0ac82987b47d5152214c47c1224f7caaeb1229b3a6af3d21ec2c0532
SHA512 532b46a4dd957850df741b25931c96909db9173f2fb9da2a5b2a19a8f561a9301d4391e70d5eac8310f3f27aa0f98cf94d89eab2d4a8e639f6227348db6f57d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

MD5 77bd34d8f497f6fab357c640fa76ff6c
SHA1 b3954a8fd419c18c2427da933faa8baf0b2f73d1
SHA256 2643b340ba87ab15a9500f1cf499d87cd27b753b67e9851ed21752159cf61761
SHA512 19abf4248f5966570d522d9c01f30de59466e2eb79f56df97cc4c14631f05728b84d0d528850cddef1d2c34743166031080716ff9e12dc42929c88c0707e3af3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

MD5 f1fe8a25cb8de4744496b8d4022dd2aa
SHA1 38d10abfd26101e047ff5a48e9b83979678c78f4
SHA256 74675a116c837f22444fa635dbea626b811776d17ae679600c27c4d3eff71cff
SHA512 62e45c1d6edebe875b26d4f65b9cd8ec248032848b78b48c7d6047868f2cee44cddf145edf662b51a40a81d7d65f9a6aa298367ddef73d624696852da9d637fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 5dc0104ec705fe3a58d3c4de11b59985
SHA1 d19a132d935672f4258479b95ba2cd0e1e804e3b
SHA256 e1e87d435b9b356be76be804472d80cbabe0c840e920cd220585b9d2a3d74388
SHA512 ff81c93658a1d1d2d93e2789de5704d61f0aa11e3d6ec5567d643bfe9379416fc359d974148fa9528574749abadf73dcd34219c8e831c986212470e703edb53e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e3e22c74c97dce2e08e397551fba105a
SHA1 94bf13cc65e74038b898d0f6a34cea6512608514
SHA256 ac000179ad97bb5dc3552b89c3c22054d3c4c9efa8a8bdf5ed397bd2ac05f84f
SHA512 57bdc32e3de6e723ded432c5b586d0da69041bdf158e37943a5606dd6717adb1073f3aa0eca3cc1606af73aa956460c30a01cdc40c947d0b5b4da6cbd37117e0

C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\Gui\Image\white_tiger.i3i

MD5 7db3989c5bf995e5ce13a998f1b27dc1
SHA1 3e62744600b0bda02357286e2027deb9156a95e0
SHA256 afd97b0ac9a9f36b8959236da79f6879c90ca88c95b2d3c6da4d0ffb967fde2e
SHA512 837eab60508490ef2b8bdd59ab668dcdcf1222053e9ac8185e98ec193e9abf39f4db307c999fd579d0f483176481f2da8c2b2183e268ba8340fe76710cf5dc1a

C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\Locale\Thai\UI_V11\VTexList\Bg_1.i3VTexImage

MD5 dabb7cd749169d9d758014a4d3557b82
SHA1 15e6b06bd8fab9151715cec0ec2965c59aa743fe
SHA256 18d6fe65fc4fba27b6f2e61e93858a4dcc91aeb5893be3e9512f2233053e8c66
SHA512 3fd91dcbfed5dff9c1f584b45b0463cefad1dca119ea26c445d8aeaadf52ad6555888662831d58cfd542553c4d450876147593be8b6b0b27bdcc7bc17d5a5149

C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\Locale\Thai\UI_V11\VTexList\FaceGear_3.i3VTexImage

MD5 18eb6c500ba896a69fbb6351b4ca5c41
SHA1 90908ce069742679d57bb6a15b942a8fa6f9754b
SHA256 f0f63b66d2cac94b2cbfa9d10c48ef4a9c4df7e607bd9af17e947ec3856832be
SHA512 47ace0a1e1fdcd74bcf77273ac68ff51c735f27aff6f6261ed6338653363dcf2233ffab45820ed0b2543652c8178e00f43472e01e98acfb2f473e0b44c1d5815

C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\Locale\Thai\UI_V11\VTexList\item_cash_A43.i3VTexImage

MD5 14b7716cf52a450ed3d4882c7c84f946
SHA1 34696ef0e4cc80b5a1e18648827c7af13a6cf636
SHA256 c17c0dcb9ec507546e538c212eaa81ed476b8c4ad77cd88db190c75290ac19a3
SHA512 2f6f3cdf54954d1cfb4bd854d86bd7b40ebae4131c03b9f1045e0ddbaf27afab086f2abfaa5187db842c90ee0357bc8710c78d104379b1c50a3f61c994e80f68

C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\Locale\Thai\UI_V11\VTexList\item_cash_set29.i3VTexImage

MD5 aec79cf88b840ee66911dcc884a1614b
SHA1 4b2021a15b5e3731cd1b28f3f112223d9fc53a62
SHA256 24288edb65c69160a1f385e5d2004be93de7c367eb5e77202e6a712a11cc7420
SHA512 9ac8cb59292f66d19d639d4ee43f196e27d767f689b63b7417a160fa48b0c351a9a6defc87f019f2801d3ec39b055facbbde14f033da1c139290c4ab982b2f15

C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\Locale\Thai\UI_V11\VTexList\item_head_07.i3VTexImage

MD5 0ecbc3a89591b3a2049ea03befae8766
SHA1 b67ad51257f65bc51901932bad982e0c2b9192ae
SHA256 a28b27cdadbfb5ce8c2ba62ec574fb8681dd2779662c51ae3595fcf4fc955ca9
SHA512 0d88aa8d719ac428cf498406275bbf3059a4970be3bade44d1b493574c8ae5a380b3de99d981936f090f3991c26a0f6ad2ef1ff01fb2a3f145157f5818f66781

C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\Locale\Thai\UI_V11\VTexList\Item_Spray_03.i3VTexImage

MD5 928ac2e83bb1a634cea0cbef8502347f
SHA1 4049679fe14139bb5c28ab821976eae5077b5fe3
SHA256 5e6c0b28dd6244aea5366406bf399b006fe5461c9e850cc7f2276243ac51f984
SHA512 3c62d058ab1fa7bc952453c4dbf91d4f2f144db563003d9fd0bb8daf24bca7f8e08b58e95ebb00b262e4085b52c99d9356cb32f21aa013480d7bcb37ec62e025

C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\Locale\Thai\UI_V11\VTexList\NameCard_008.i3VTexImage

MD5 c1e87821665a8fd7030c2d36eb8f6888
SHA1 b110ce894247f6bd79db59031115e574ce06a828
SHA256 f6e5093b6872cd93cf2ed671cf8515a5f0ba91de1800cfcf67687dcfbab13d71
SHA512 014a8225f7b3ba18edc8cc51ad6f01adef3320955c8b1addd29a3ff1d922f3e42170f79acc9e521005c4544702c2bedb160cc990ce3ddadc72a878f45f9dbdda

C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\Locale\Thai\UI_V11\VTexList\UI_Source_12.i3VTexImage

MD5 ca092297bc8e69c75b3596505a3afdac
SHA1 affafeaa27d42526c2399cd7c15680514936cbdf
SHA256 ad558a2dd18eb945eb58e024fccd85de5efc17ba282c2ea93590c07b5edf08b9
SHA512 6d91d9c8c55abf43d57a7f4a38f3cc00a055b244154a310c8f73b19b8c1cea51fc31068e02b8f642ab67dda3e2cfd9d62b08ddfccff65d8c95fd584b7e41c345

C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\Locale\Thai\UI_V11\VTexList\Ul_Source_2.i3VTexImage

MD5 f1a90c67fc3903358af5eecab4526635
SHA1 afe1e3f98e78d19d1e8614c0ad41764c2770b27e
SHA256 b74d1a0dc40336946c654b0c04aa0021f832fc9e34a25531f7b957d0516090b2
SHA512 4a81a8912b5b50b7cf2abd350e05ee76ef4a52dc235d07217e3494c848ca4393898f849e122fce2ed2abd9ca8f9462056d5db49b0c1d635a970530d85f1e36bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5e56e5b88d79c5b1bf57d6b31bb42a06
SHA1 b3e515e6c7152a3a9d311db0ecd4720cb207ff8f
SHA256 84a7c8e382483e081eea649c5fb8e66dcdc641e700c952083443dc20511d4d35
SHA512 95e984a9c5ca7becc6f4ba315c198f0fae1c6cd8b36ddd1d6248b5590d7bdad91e756e0117c2d7f0725a7bc4ed1f022443803c8e7f70602800d5f5ce7d9a8125

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

MD5 2a4565437820504472b46d3c0f62d4a3
SHA1 c16ce05810fb4fced20bfab2d1b5da18fc71f897
SHA256 eb8bc0381078978862d006e060b7028c21c5d1ba929961033ea4afa112c9419a
SHA512 da454eb31e5edd992dbe782ca30ac7ad5e22b849c1a3796348b9b1367064e8c789b3c8d65d62a9bb9b34c3dda53520d409e2c19ea7c3b8a010598ff4da81b0a2

C:\Program Files\chrome_Unpacker_BeginUnzipping2504_916951865\_metadata\verified_contents.json

MD5 68e6b5733e04ab7bf19699a84d8abbc2
SHA1 1c11f06ca1ad3ed8116d356ab9164fd1d52b5cf0
SHA256 f095f969d6711f53f97747371c83d5d634eaef21c54cb1a6a1cc5b816d633709
SHA512 9dc5d824a55c969820d5d1fbb0ca7773361f044ae0c255e7c48d994e16ce169fceac3de180a3a544ebef32337ea535683115584d592370e5fe7d85c68b86c891

C:\Program Files\chrome_Unpacker_BeginUnzipping2504_916951865\sets.json

MD5 eea4913a6625beb838b3e4e79999b627
SHA1 1b4966850f1b117041407413b70bfa925fd83703
SHA256 20ef4de871ece3c5f14867c4ae8465999c7a2cc1633525e752320e61f78a373c
SHA512 31b1429a5facd6787f6bb45216a4ab1c724c79438c18ebfa8c19ced83149c17783fd492a03197110a75aaf38486a9f58828ca30b58d41e0fe89dfe8bdfc8a004

C:\Program Files\chrome_Unpacker_BeginUnzipping2504_916951865\manifest.fingerprint

MD5 8294c363a7eb84b4fc2faa7f8608d584
SHA1 00df15e2d5167f81c86bca8930d749ebe2716f55
SHA256 c6602cb5c85369350d8351675f006fc58aea20b8abf922a2c64700070daaa694
SHA512 22ed0211822f6f60fe46184fb6e5e7fcb2b3a9d2e19f25fb6e84e1ca3a5d645183959309549cdb07c999b345cfdd9a1351f3474e03fb8d451b0f093d44844d7c

memory/4692-13581-0x0000000000DE0000-0x0000000002974000-memory.dmp

memory/4692-13582-0x0000000007820000-0x0000000007DC4000-memory.dmp

memory/4692-13583-0x0000000007360000-0x00000000073F2000-memory.dmp

memory/4692-13584-0x0000000007520000-0x000000000752A000-memory.dmp

C:\Program Files\chrome_Unpacker_BeginUnzipping2504_1516384306\manifest.fingerprint

MD5 c00b0e76dd1d6803e161f3064b6e6692
SHA1 0d7fd4a321a38026b31b2b70c6d2a9f84db47fff
SHA256 e3dd51712598d3fc268cf56a6859747e596e79402cdd4099da9a79a4faab8d82
SHA512 d594f2c56571845110a0b221ec22e06f0aace0602b7035acf32f0af4e3e4e6791bd5c9be1088f3310a5cb4b607014ee3fa6e71ead190be7ddcddde8cddfe2e9e

C:\Program Files\chrome_Unpacker_BeginUnzipping2504_1516384306\deny_full_domains.list

MD5 a2ecdd4b8ebcd6c999dd980b8d6816a2
SHA1 599101e9f287540a46f808e08aaaf3a031c261a2
SHA256 b77eadb997ddc9dd4dce6565355b5ee59656b0d6b9e30a9672941b74e69920d4
SHA512 bdb7f7ca9e78e2e4082396ec8aa468ce63985c9a5e34fdea07c1d2e033cca56d345aa18d26a6d9c5a6fc1d025f1fb80e3906de35c3ea799c38659f9ded708eb3

C:\Program Files\chrome_Unpacker_BeginUnzipping2504_1516384306\deny_etld1_domains.list

MD5 eda89a2b55db30e05fa86cfe82dea445
SHA1 e5a6d07b82fc5c0f45f609d8e4eca85b1c76f57d
SHA256 5bf6736f4862211a3c667c23ac5d2ae8b5eb15a56b86881ad465d5724509b224
SHA512 940f4ee0b01308d99b4f98b8a298bd39c36b03f622ac6dc9bb87c7632ee9f1cb01e553468a797c3c40b98e1f72c0f9ad131041a356ae68fcc4983f0e0f37d6ef

C:\Program Files\chrome_Unpacker_BeginUnzipping2504_1516384306\deny_domains.list

MD5 085a334bdb7c8e27b7d925a596bfc19a
SHA1 1e4ad53dc335af5c6a8da2e4b4a175f37fafe2f2
SHA256 f51a7acfffec56d6751561966d947d3fd199b74528c07dabdcf5fcb33d5b2e85
SHA512 c883cb43c97a136825c6fd143f539210c234c66f9b76dfd8431f6ff014094e20b9410d7462aadee2344df8ca158def6b9a807e7cadbdfa947f6f8592e7283e34

C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.log

MD5 67117ba1049d2dde1f0c3787a9ad69df
SHA1 66f95b7e5d9b66cd90e62b1accb2829d954051f5
SHA256 779fa705af496ad71dcb3f2da3904da251074d4e4a52465b1b1936c02f3a69c8
SHA512 4dadca8e748afce8ed663227e58fae9833ce97159c193c0d6c7de3d526461f13087d59ae3e1c4d8ec1163be465bfb5be9c829155d1540e14c4eb093b8387d0ce

memory/4692-13616-0x000000000A400000-0x000000000A4B2000-memory.dmp

memory/4692-13617-0x00000000085D0000-0x00000000085F2000-memory.dmp

memory/4692-13618-0x000000000C290000-0x000000000C5E4000-memory.dmp

memory/4692-13630-0x000000000C7C0000-0x000000000C888000-memory.dmp

C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\PBLauncher.exe

MD5 a89e36a8f1f3a08ce2e27e8dd90eddb1
SHA1 4bdffd993271bd4a9f6141d60263de22db66dd51
SHA256 26948efa16741ec8439d52e64f0b207c1caed1aacba69f843ac2706152143b56
SHA512 c79d7f9b1adb6e90168520ca8dcdf45dfa92ca673ff7541c36bd36486ac12cd5cf1eb5f0bc935afe8beb1dff5fae287674c20bdc0927c97f6319579667600d7e

memory/4692-13637-0x000000000CA20000-0x000000000CBA6000-memory.dmp

memory/4876-13643-0x0000000000810000-0x0000000003204000-memory.dmp

C:\Program Files\chrome_Unpacker_BeginUnzipping2504_1103690927\hyph-hi.hyb

MD5 0807cf29fc4c5d7d87c1689eb2e0baaa
SHA1 d0914fb069469d47a36d339ca70164253fccf022
SHA256 f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42
SHA512 5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

C:\Program Files\chrome_Unpacker_BeginUnzipping2504_1103690927\hyph-as.hyb

MD5 8961fdd3db036dd43002659a4e4a7365
SHA1 7b2fa321d50d5417e6c8d48145e86d15b7ff8321
SHA256 c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe
SHA512 531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

C:\Program Files\chrome_Unpacker_BeginUnzipping2504_1103690927\manifest.json

MD5 2617c38bed67a4190fc499142b6f2867
SHA1 a37f0251cd6be0a6983d9a04193b773f86d31da1
SHA256 d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665
SHA512 b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0

C:\Program Files\chrome_Unpacker_BeginUnzipping2504_1103690927\hyph-nb.hyb

MD5 677edd1a17d50f0bd11783f58725d0e7
SHA1 98fedc5862c78f3b03daed1ff9efbe5e31c205ee
SHA256 c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0
SHA512 c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\UserFileList.dat

MD5 c6d6ad42bb59bf3bf33f0d6a0ed8f174
SHA1 3762fc80eaaf6392372bd92fd4a7093e94dbd5b8
SHA256 45d4fc3b88a3893f2289a9dbe621b927b6c698a499b15d4623126a63e1dc6b7d
SHA512 e7bec3b989e34c66dff2cedd3a414e93dd76178a958d65e2e3dcf9728c4711f9fca268189790d37fa89554f873d06447f59ce920a9ebf2160f6dccd21bb51e13

memory/4876-13939-0x0000000010E70000-0x0000000010F50000-memory.dmp

memory/4876-13940-0x0000000010A90000-0x0000000010AD2000-memory.dmp

memory/4876-13941-0x00000000132E0000-0x000000001337C000-memory.dmp

C:\Program Files\chrome_Unpacker_BeginUnzipping2504_32412867\manifest.json

MD5 a4edf901d950a9758ffe578ff1b03212
SHA1 cda83d7736a1c05a7d2cb0b6704653c27b4a4ca5
SHA256 aaca603fa9d65fefeaa198a93d03f2511de66b6398cc34dde6233eab492eebfd
SHA512 835d6a31e56d400ace235ee94e16bc1e24bf1477e7e3524180d12b312a58422ce1a579daa423881e50bc2b314e50f5587e6fd98ea68a1ffcf294a7f187cdbac8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.80\LICENSE

MD5 aad9405766b20014ab3beb08b99536de
SHA1 486a379bdfeecdc99ed3f4617f35ae65babe9d47
SHA256 ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d
SHA512 bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.80\Filtering Rules

MD5 faf01ed2c0020f8fa512ff379d82c211
SHA1 233d104dfe718231837e33c5543085b6dba5cd8b
SHA256 192ca12bc520edee8b5a8844cc870cc4a669fb9c1449dad33a69fc5ce112c750
SHA512 8ee475bc419950f08933be92c390087b67a7914825dce81eef4786012bf641f86f447239bb8d08602a407627b3846f12c52f365eae2af32fe5d22d5ee7133c31

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\2.1.48.0\edge_checkout_page_validator.js

MD5 8631f9fcfdcf0242e245e6f2bbd6ae10
SHA1 dbd910242b114b63c86b5a9a7223cc27181e3643
SHA256 46231bd2fabaf3c805efbf228807f9966000fb8aded64606bac0c62c8889f44d
SHA512 c6138d0815a3425765392d7976a612493edfbfa47cf4384c5250efe29cdfdd66395790b6519cc82e9a708d5c4fb2c151d13ddeebc6d2598ecfba969eae9596dd

C:\Program Files\chrome_Unpacker_BeginUnzipping2504_736149082\manifest.json

MD5 e2fcce7d03aafaa60ec488a6992d8a0e
SHA1 87d6f7ffe269d3d1e4fc9a527a4172511d2a2ccc
SHA256 c5203b164645f0dd241352786caf6e1e5cb5afb64743eced8972b0458c4f06d6
SHA512 1ed7de57ec1037cc35224abccdca707011cd04f8b20347e1f9d53696ddb8c62ef875ab6a4d0a6bf71cb234b9e14ad1f6121e194e8f78ce5ffc38b7d7701f0bbd

C:\Users\Admin\AppData\Local\EPIC_GLOBAL\PBLauncher.exe_Url_k0ozdaaejnyjfrnlt3t4vjqv4jcsgd5j\2025.0.0.1\syh4bxyw.newcfg

MD5 042609a265ed681c1ef19305a73f4c8b
SHA1 7b5d53803878f1c8a74d8f6724e77b5c2cdeeb0b
SHA256 1eb30ff7e4b0301345c0eff6d698adae8f4f7214c0b5feaa41ad6613177a9ed0
SHA512 5d1979bae8a9dc2945a90be10753058c97b2f207582c018dc40fb2da86ac91b67216c28b95f5ee8cbd7525a032298fe2cb0e59a3a24868ba77d8b19050e258a6

memory/4636-14167-0x00000000015A0000-0x0000000001737000-memory.dmp

memory/4636-14169-0x0000000001490000-0x00000000015DF000-memory.dmp

memory/4636-14173-0x0000000001BD0000-0x0000000001C50000-memory.dmp

memory/4636-14180-0x0000000001F90000-0x0000000001FB6000-memory.dmp

memory/4636-14182-0x0000000001FC0000-0x00000000020C9000-memory.dmp

memory/4636-14179-0x0000000001CF0000-0x0000000001D73000-memory.dmp

memory/4636-14178-0x0000000001D90000-0x0000000001DDD000-memory.dmp

memory/4636-14175-0x0000000001C60000-0x0000000001CDC000-memory.dmp

memory/4636-14176-0x0000000001070000-0x0000000001090000-memory.dmp

memory/4636-14170-0x00000000015E0000-0x0000000001843000-memory.dmp

memory/4636-14171-0x0000000001B80000-0x0000000001BCC000-memory.dmp

memory/4636-14184-0x0000000074670000-0x00000000746D6000-memory.dmp

memory/4636-14183-0x0000000001DE0000-0x0000000001F77000-memory.dmp

C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\BC.log

MD5 fca459ba24fceae300803d75d07fac47
SHA1 ab7697ea3fab6c72a2e1a80b4379b123239d9c82
SHA256 a27ddfe1fdfebfaff59714a5991688cdf62fcce242b37c007fa449632bbe8f92
SHA512 0826e014acb620bfa382505ba6f8226e682f9a6d7de61c268de30f7d5abbcb67815034230e814b7bffc47f241e7f8c7ecfe7180a8bf0f389574a0a3b6ecfde16

memory/4636-14204-0x0000000074670000-0x00000000746D6000-memory.dmp

memory/4636-14203-0x0000000001DE0000-0x0000000001F77000-memory.dmp

memory/4636-14200-0x0000000070A40000-0x0000000070A7A000-memory.dmp

memory/4636-14199-0x000000006EB80000-0x000000006EC09000-memory.dmp

memory/4636-14198-0x0000000065980000-0x000000006599D000-memory.dmp

C:\Program Files (x86)\BandiMPEG1\bdfilters.dll

MD5 6b87395b023987187c8da6fb51f041c2
SHA1 d8d1fa443c1099a763e08e1c32350a080ddb4f6a
SHA256 a31f65ca486df487a041241fc426bcaa409d94c0c69cb6db04596e3db7175027
SHA512 b4a01ef9eb035cf63adedae962b893d40c971c33d3104046e97337b22a0ebc9f78df7733ad7a238b2c81319abae2d08ea7e5ebc5dce1373bc8a57cc9882d62c5

C:\Users\Admin\AppData\Local\Temp\nssD392.tmp\System.dll

MD5 959ea64598b9a3e494c00e8fa793be7e
SHA1 40f284a3b92c2f04b1038def79579d4b3d066ee0
SHA256 03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b
SHA512 5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64

memory/1852-14240-0x000000000FA70000-0x000000000FDC4000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 82b79f5d7051c74f1c65bb33549ae504
SHA1 a2e0bc7830a790027a19f132895b59191a6b8c52
SHA256 af630ea7f99e67708d6663e1f6450087ced870b2974fad6babefa464a68d1197
SHA512 20118b817cb6ce22b797bb927a806d12348ab047360f8bc92fdd2173e3c5797873f69d30c85800de781e5c1fb139baa8a38be1bcd038b1ac5bb1eded60ebe0eb

C:\Users\Admin\Desktop\EPIC-GLOBAL\EPIC-GLOBAL\_LauncherPatchFiles\UserFileList.zip

MD5 002cddd21cb077f85b15dc3c305ace4f
SHA1 d0f4af75b019d31017e774d19e326cc78bab6cc4
SHA256 e897522e7a3a9930f862c27d5a2fbd358c4df88c03b63b6a14fa7e1636d961c3
SHA512 e416dc2f641a3f28c38934171e16e28bdb09a4deeb818f8b4db8ae303439d6b0999bcfd035cb7cc20cf16f10772ad1bbf0c2af84f1ef5ae1cd8baf840e25d495

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\dee22555-4f93-4d24-b363-f8d28d5e9526.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 1b9de966f740d437c943fea430b3bd5e
SHA1 857ca04e35797b801d7b4de94dd8de842085d7c5
SHA256 5b34b04da7916096853835b4f8432180f8fd52f4dc99074f65a25e8236242a6b
SHA512 df8c8767864822b37cf90e16c91e970e11cbf7e4a2b4fae0f4c7e1d1fe0481ad848341eb4fea0b0a56c64c18aab9881c512524cb295d957dd6c37e50d3fb643f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 0f8b679661c681d4f05e1b92c725d480
SHA1 f4c9b1a201840a5477fa884a386efc82f3055df4
SHA256 a9a5a6a3fb29543c42d10e855ee3b99686f40f48583f52547d4560c5d8777937
SHA512 a126d0eacbac631e30787771ecbc3f2cbba5aa6fbe68c1d5f256d2daa3dc5fcaa77b43437a681efdfd2afd70b1226126f7350f4032bf9feffaa9678c18b32c19

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d0af295f952c440ca72e8f727bc2c920
SHA1 424e17fb2eeb0181ff37c03d545edbdc50df627d
SHA256 c8f9bdc343b3fc132d17ea43396d56216f51446993294bc04d7bb657654c18fc
SHA512 73fd60a93d177fa381a8bce8335e0074216952e31b94c54e00a67515f88d4acfbf5e2f97a3d6011abbc5fc48d03d412739125035ac0613ee938a77a1394ac39a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 16e116a94c34710b1a14476f4f6cafb0
SHA1 e60b68ea911afae9e9b06efe8924780a5395081c
SHA256 e5918750e800d9e425b9aeb19deecc525c6d21af216565e08dbe494cae1a9d54
SHA512 d01d0c5c79dad627ab4fa1ce484644b3498dd8b732a8335a1eca2cfee622682b1d5e9d40eaeadf6bebc72a71e66291700f6b5314e97c9bbf4db99f42533f143c

C:\Program Files\chrome_Unpacker_BeginUnzipping2504_1839639619\manifest.json

MD5 78699748c15ada274bbfa14df60daca0
SHA1 21643ee8e91b993d7d69f05083baf1bcad8c3550
SHA256 db408980e38d1b04ec5e100187f66f90de20912eff8328c04ae668c65bbfe871
SHA512 46f66027235a8bed942ef4c045d552581cee8b5edb7ce2d44ab80e711022fb740c82e697d926de79bed1fe30cc4db5df2fb2bc9f20a9a6c80c0ef1b2e1074595

C:\Program Files\chrome_Unpacker_BeginUnzipping2504_1839639619\Tokenized-Card\tokenized-card.bundle.js.LICENSE.txt

MD5 8595bdd96ab7d24cc60eb749ce1b8b82
SHA1 3b612cc3d05e372c5ac91124f3756bbf099b378d
SHA256 363f376ab7893c808866a830fafbcd96ae6be93ec7a85fabf52246273cf56831
SHA512 555c0c384b6fcfc2311b47c0b07f8e34243de528cf1891e74546b6f4cda338d75c2e2392827372dc39e668ed4c2fd1a02112d8136d2364f9cab9ee4fa1bd87f5

C:\Program Files\chrome_Unpacker_BeginUnzipping2504_1839639619\Notification\notification_fast.bundle.js.LICENSE.txt

MD5 7bf61e84e614585030a26b0b148f4d79
SHA1 c4ffbc5c6aa599e578d3f5524a59a99228eea400
SHA256 38ed54eb53300fdb6e997c39c9fc83a224a1fd9fa06a0b6d200aa12ea278c179
SHA512 ca5f2d3a4f200371927c265b9fb91b8bcd0fbad711559f796f77b695b9038638f763a040024ed185e67be3a7b58fab22a6f8114e73fdbd1cccdda6ef94ff88f3

C:\Program Files\chrome_Unpacker_BeginUnzipping2504_1839639619\json\i18n-tokenized-card\fr-CA\strings.json

MD5 cd247582beb274ca64f720aa588ffbc0
SHA1 4aaeef0905e67b490d4a9508ed5d4a406263ed9c
SHA256 c67b555372582b07df86a6ce3329a854e349ba9525d7be0672517bab0ac14db5
SHA512 bf8fa4bd7c84038fae9eddb483ae4a31d847d5d47b408b3ea84d46d564f15dfc2bae6256eac4a852dd1c4ad8e58bc542e3df30396be05f30ed07e489ebe52895

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18352.18349.8\json\wallet\wallet-stable.json

MD5 05f65948a88bd669597fc3b4e225ecae
SHA1 5397b14065e49ff908c66c51fc09f53fff7caed7
SHA256 0e329e63d8457bef61d0986a521f81d747a09dadf3b1136f2011942ba14d9fc0
SHA512 ed7b767a741d18c0dd35e0311db752120e0f090d39ef976d541cbc5ae78fa32655cb3f9c27cddef6ca8091ca8bf31513254a748bc8b95353897f6198a667cf58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18352.18349.8\json\wallet\wallet-tokenization-config.json

MD5 ae3bd0f89f8a8cdeb1ea6eea1636cbdd
SHA1 1801bc211e260ba8f8099727ea820ecf636c684a
SHA256 0088d5ebd8360ad66bd7bcc80b9754939775d4118cb7605fc1f514c707f0e20d
SHA512 69aff97091813d9d400bb332426c36e6b133a4b571b521e8fb6ad1a2b8124a3c5da8f3a9c52b8840152cf7adbd2ac653102aa2210632aa64b129cf7704d5b4fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18352.18349.8\json\wallet\wallet-notification-config.json

MD5 4cdefd9eb040c2755db20aa8ea5ee8f7
SHA1 f649fcd1c12c26fb90906c4c2ec0a9127af275f4
SHA256 bb26ce6fe9416918e9f92fcc4a6fe8a641eceea54985356637991cf6d768f9fd
SHA512 7e23b91eab88c472eec664f7254c5513fc5de78e2e0151b0bcc86c3cd0bf2cb5d8bb0345d27afdd9f8fcb10be96feaa753f09e301fa92b8d76f4300600577209

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18352.18349.8\json\wallet\wallet-checkout-eligible-sites.json

MD5 ed22bc3ded6df0109b9e594867473559
SHA1 ee39eb80dc23f7fd764199cbe4a153c4edc2e768
SHA256 2abefae3d72e7c4f5cdc94eb0ee552612d843a26faf4a7bd061c73839e19d7eb
SHA512 fb337c0a0107dc37a3067bcd6f60ffb8f63ee892a0ff729dcdf67c7a21fec95a742a274853e8947489108d7543c13b9479e02574f490bc217e8a182f08543aa3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b7f2e82bcf080dee36b1ac9e2019b55b
SHA1 c1f84519aa34eea3019802b055599aa301977eac
SHA256 8a0bcb0e9babd4a78f461c5ca475e4cceef0c394c8fb266c67df6b85b18712f2
SHA512 17b3a0559cbb47a04bb8834668568462af6eb6b8e35f63b6840a642606b21f0846f299b4a6b9409d2b364c70dadcca817c6fdc123e22ca1b437ab48f05c51257

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 f80a958ae5395b44ad75e89b6ac1135a
SHA1 0e7f84b22bb13af33528bf4214063ba73bace4cd
SHA256 7febd8de9c4f1d30a957a2f0527dd7a73aaf935c211ea59b2e7e5b549f64b749
SHA512 b90ee1323b7a4bdbb9c55e5040587fea7169ddc502607ad7e9526dc7f234345d99f56b5588e55a8159ab2c34b515c66ba453a9fd168ba7e8bff57fce26812f41

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe613f5a.TMP

MD5 ea7c7fb47412a40944cde7e2c5307908
SHA1 5b2cd63ba5bca3c181538e728ae8e1b338fe84e3
SHA256 edc044af1d6bcb3aee41f796f6fad38185f98f5f70fdf8fb7fbe556123e83ee9
SHA512 660fbc0d906bf6d932c8070e06f1c92db8811d444f6a20977f6f8002b9e83c2d1f5ff7277b6500f16542a7b7eafc71f005994d0afc507e6d1d6b08df6e46b4a2