hxxps://github[.]com/Viper4K/malware/archive/refs/heads/master[.]zip

Resubmissions

14-12-2024 14:50

241214-r7ls1svqdy 10

14-12-2024 14:44

241214-r4e63avpfv 10

14-12-2024 14:40

241214-r12kwswrhr 6

14-12-2024 14:37

241214-rzfl2awrfl 10

Analysis

max time kernel
173s
max time network
208s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14-12-2024 14:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Viper4K/malware/archive/refs/heads/master.zip

Score

6^/10

discovery

Malware Config

Signatures

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\H:	MasterSlave.exe
File opened (read-only)	\??\K:	MasterSlave.exe
File opened (read-only)	\??\L:	MasterSlave.exe
File opened (read-only)	\??\X:	MasterSlave.exe
File opened (read-only)	\??\V:	MasterSlave.exe
File opened (read-only)	\??\V:	MasterSlave.exe
File opened (read-only)	\??\Z:	MasterSlave.exe
File opened (read-only)	\??\H:	MasterSlave.exe
File opened (read-only)	\??\M:	MasterSlave.exe
File opened (read-only)	\??\Q:	MasterSlave.exe
File opened (read-only)	\??\T:	MasterSlave.exe
File opened (read-only)	\??\I:	MasterSlave.exe
File opened (read-only)	\??\L:	MasterSlave.exe
File opened (read-only)	\??\N:	MasterSlave.exe
File opened (read-only)	\??\Q:	MasterSlave.exe
File opened (read-only)	\??\X:	MasterSlave.exe
File opened (read-only)	\??\B:	MasterSlave.exe
File opened (read-only)	\??\G:	MasterSlave.exe
File opened (read-only)	\??\K:	MasterSlave.exe
File opened (read-only)	\??\Y:	MasterSlave.exe
File opened (read-only)	\??\S:	MasterSlave.exe
File opened (read-only)	\??\E:	MasterSlave.exe
File opened (read-only)	\??\N:	MasterSlave.exe
File opened (read-only)	\??\U:	MasterSlave.exe
File opened (read-only)	\??\A:	MasterSlave.exe
File opened (read-only)	\??\G:	MasterSlave.exe
File opened (read-only)	\??\O:	MasterSlave.exe
File opened (read-only)	\??\A:	MasterSlave.exe
File opened (read-only)	\??\J:	MasterSlave.exe
File opened (read-only)	\??\O:	MasterSlave.exe
File opened (read-only)	\??\S:	MasterSlave.exe
File opened (read-only)	\??\W:	MasterSlave.exe
File opened (read-only)	\??\Z:	MasterSlave.exe
File opened (read-only)	\??\R:	MasterSlave.exe
File opened (read-only)	\??\T:	MasterSlave.exe
File opened (read-only)	\??\Y:	MasterSlave.exe
File opened (read-only)	\??\B:	MasterSlave.exe
File opened (read-only)	\??\E:	MasterSlave.exe
File opened (read-only)	\??\J:	MasterSlave.exe
File opened (read-only)	\??\M:	MasterSlave.exe
File opened (read-only)	\??\P:	MasterSlave.exe
File opened (read-only)	\??\U:	MasterSlave.exe
File opened (read-only)	\??\W:	MasterSlave.exe
File opened (read-only)	\??\I:	MasterSlave.exe
File opened (read-only)	\??\P:	MasterSlave.exe
File opened (read-only)	\??\R:	MasterSlave.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 25 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AryanRatClient.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MasterSlave.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MasterSlave.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MasterSlave.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MasterSlave.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MasterSlave.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 21 IoCs

pid	Process
404	msedge.exe
404	msedge.exe
3216	msedge.exe
3216	msedge.exe
4668	identity_helper.exe
4668	identity_helper.exe
1656	msedge.exe
1656	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
1588	msedge.exe
1588	msedge.exe
2400	msedge.exe
2400	msedge.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4308	AryanRatClient.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: 33	2932	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2932	AUDIODG.EXE
Token: SeDebugPrivilege	5028	taskmgr.exe
Token: SeSystemProfilePrivilege	5028	taskmgr.exe
Token: SeCreateGlobalPrivilege	5028	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1112	MasterSlave.exe
1320	MasterSlave.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3216 wrote to memory of 1268	3216	msedge.exe	82
PID 3216 wrote to memory of 1268	3216	msedge.exe	82
PID 3216 wrote to memory of 2896	3216	msedge.exe	83
PID 3216 wrote to memory of 2896	3216	msedge.exe	83
PID 3216 wrote to memory of 2896	3216	msedge.exe	83
PID 3216 wrote to memory of 2896	3216	msedge.exe	83
PID 3216 wrote to memory of 2896	3216	msedge.exe	83
PID 3216 wrote to memory of 2896	3216	msedge.exe	83
PID 3216 wrote to memory of 2896	3216	msedge.exe	83
PID 3216 wrote to memory of 2896	3216	msedge.exe	83
PID 3216 wrote to memory of 2896	3216	msedge.exe	83
PID 3216 wrote to memory of 2896	3216	msedge.exe	83
PID 3216 wrote to memory of 2896	3216	msedge.exe	83
PID 3216 wrote to memory of 2896	3216	msedge.exe	83
PID 3216 wrote to memory of 2896	3216	msedge.exe	83
PID 3216 wrote to memory of 2896	3216	msedge.exe	83
PID 3216 wrote to memory of 2896	3216	msedge.exe	83
PID 3216 wrote to memory of 2896	3216	msedge.exe	83
PID 3216 wrote to memory of 2896	3216	msedge.exe	83
PID 3216 wrote to memory of 2896	3216	msedge.exe	83
PID 3216 wrote to memory of 2896	3216	msedge.exe	83
PID 3216 wrote to memory of 2896	3216	msedge.exe	83
PID 3216 wrote to memory of 2896	3216	msedge.exe	83
PID 3216 wrote to memory of 2896	3216	msedge.exe	83
PID 3216 wrote to memory of 2896	3216	msedge.exe	83
PID 3216 wrote to memory of 2896	3216	msedge.exe	83
PID 3216 wrote to memory of 2896	3216	msedge.exe	83
PID 3216 wrote to memory of 2896	3216	msedge.exe	83
PID 3216 wrote to memory of 2896	3216	msedge.exe	83
PID 3216 wrote to memory of 2896	3216	msedge.exe	83
PID 3216 wrote to memory of 2896	3216	msedge.exe	83
PID 3216 wrote to memory of 2896	3216	msedge.exe	83
PID 3216 wrote to memory of 2896	3216	msedge.exe	83
PID 3216 wrote to memory of 2896	3216	msedge.exe	83
PID 3216 wrote to memory of 2896	3216	msedge.exe	83
PID 3216 wrote to memory of 2896	3216	msedge.exe	83
PID 3216 wrote to memory of 2896	3216	msedge.exe	83
PID 3216 wrote to memory of 2896	3216	msedge.exe	83
PID 3216 wrote to memory of 2896	3216	msedge.exe	83
PID 3216 wrote to memory of 2896	3216	msedge.exe	83
PID 3216 wrote to memory of 2896	3216	msedge.exe	83
PID 3216 wrote to memory of 2896	3216	msedge.exe	83
PID 3216 wrote to memory of 404	3216	msedge.exe	84
PID 3216 wrote to memory of 404	3216	msedge.exe	84
PID 3216 wrote to memory of 3528	3216	msedge.exe	85
PID 3216 wrote to memory of 3528	3216	msedge.exe	85
PID 3216 wrote to memory of 3528	3216	msedge.exe	85
PID 3216 wrote to memory of 3528	3216	msedge.exe	85
PID 3216 wrote to memory of 3528	3216	msedge.exe	85
PID 3216 wrote to memory of 3528	3216	msedge.exe	85
PID 3216 wrote to memory of 3528	3216	msedge.exe	85
PID 3216 wrote to memory of 3528	3216	msedge.exe	85
PID 3216 wrote to memory of 3528	3216	msedge.exe	85
PID 3216 wrote to memory of 3528	3216	msedge.exe	85
PID 3216 wrote to memory of 3528	3216	msedge.exe	85
PID 3216 wrote to memory of 3528	3216	msedge.exe	85
PID 3216 wrote to memory of 3528	3216	msedge.exe	85
PID 3216 wrote to memory of 3528	3216	msedge.exe	85
PID 3216 wrote to memory of 3528	3216	msedge.exe	85
PID 3216 wrote to memory of 3528	3216	msedge.exe	85
PID 3216 wrote to memory of 3528	3216	msedge.exe	85
PID 3216 wrote to memory of 3528	3216	msedge.exe	85
PID 3216 wrote to memory of 3528	3216	msedge.exe	85
PID 3216 wrote to memory of 3528	3216	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Viper4K/malware/archive/refs/heads/master.zip
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc0a8746f8,0x7ffc0a874708,0x7ffc0a874718
  2⤵
  PID:1268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,7539441518173739669,8156932221692106844,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,7539441518173739669,8156932221692106844,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,7539441518173739669,8156932221692106844,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
  2⤵
  PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7539441518173739669,8156932221692106844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7539441518173739669,8156932221692106844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7539441518173739669,8156932221692106844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7539441518173739669,8156932221692106844,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,7539441518173739669,8156932221692106844,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:8
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,7539441518173739669,8156932221692106844,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7539441518173739669,8156932221692106844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7539441518173739669,8156932221692106844,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
  2⤵
  PID:312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,7539441518173739669,8156932221692106844,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5156 /prefetch:8
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7539441518173739669,8156932221692106844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,7539441518173739669,8156932221692106844,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4792 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,7539441518173739669,8156932221692106844,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6068 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7539441518173739669,8156932221692106844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4288 /prefetch:1
  2⤵
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7539441518173739669,8156932221692106844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7539441518173739669,8156932221692106844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:1112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7539441518173739669,8156932221692106844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7539441518173739669,8156932221692106844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7539441518173739669,8156932221692106844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2100,7539441518173739669,8156932221692106844,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6276 /prefetch:8
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7539441518173739669,8156932221692106844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6972 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7539441518173739669,8156932221692106844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6856 /prefetch:1
  2⤵
  PID:2964

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4584

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4308

C:\Users\Admin\Downloads\malware-master\malware-master\AryanRAT\Client\AryanRatClient.exe
"C:\Users\Admin\Downloads\malware-master\malware-master\AryanRAT\Client\AryanRatClient.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:4308

C:\Users\Admin\Downloads\malware-master\malware-master\MasterSlave (test)\MasterSlave.exe
"C:\Users\Admin\Downloads\malware-master\malware-master\MasterSlave (test)\MasterSlave.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4676
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c @echo off
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2136
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c dir c
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1080
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c md VIRUS
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=kSS_tDfeLOk
  2⤵
  PID:5000
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc0a8746f8,0x7ffc0a874708,0x7ffc0a874718
    3⤵
    PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://thoughtcatalog.com/juliet-escoria/2013/12/16-steps-to-kill-someone-and-not-get-caught/
  2⤵
  PID:2724
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffc0a8746f8,0x7ffc0a874708,0x7ffc0a874718
    3⤵
    PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.topgunsupply.com/sig-sauer-p226r-9mm-nitron-siglite-night-sights-da-sa.html
  2⤵
  PID:3152
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc0a8746f8,0x7ffc0a874708,0x7ffc0a874718
    3⤵
    PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.amazon.com/Disaster-Bag-Body/dp/B0012C9UGK
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of SendNotifyMessage
  PID:2400
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc0a8746f8,0x7ffc0a874708,0x7ffc0a874718
    3⤵
    PID:456
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,3045177489014585073,13102163319658187846,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
    3⤵
    PID:4740
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,3045177489014585073,13102163319658187846,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1588
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,3045177489014585073,13102163319658187846,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
    3⤵
    PID:64
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3045177489014585073,13102163319658187846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
    3⤵
    PID:4056
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3045177489014585073,13102163319658187846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
    3⤵
    PID:2176
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3045177489014585073,13102163319658187846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
    3⤵
    PID:404
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3045177489014585073,13102163319658187846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
    3⤵
    PID:2216
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3045177489014585073,13102163319658187846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
    3⤵
    PID:5292
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2100,3045177489014585073,13102163319658187846,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5376 /prefetch:8
    3⤵
    PID:5300
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3045177489014585073,13102163319658187846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
    3⤵
    PID:5308
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3045177489014585073,13102163319658187846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
    3⤵
    PID:5408
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3045177489014585073,13102163319658187846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
    3⤵
    PID:5504
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3045177489014585073,13102163319658187846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
    3⤵
    PID:5528
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3045177489014585073,13102163319658187846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1
    3⤵
    PID:5872
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3045177489014585073,13102163319658187846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:1
    3⤵
    PID:5932
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3045177489014585073,13102163319658187846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
    3⤵
    PID:5908
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3045177489014585073,13102163319658187846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
    3⤵
    PID:5224
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3045177489014585073,13102163319658187846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
    3⤵
    PID:5260
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3045177489014585073,13102163319658187846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
    3⤵
    PID:4576
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3045177489014585073,13102163319658187846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7080 /prefetch:1
    3⤵
    PID:6980
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,3045177489014585073,13102163319658187846,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7788 /prefetch:8
    3⤵
    PID:6988
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,3045177489014585073,13102163319658187846,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7788 /prefetch:8
    3⤵
    PID:7000
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3045177489014585073,13102163319658187846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
    3⤵
    PID:7008
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3045177489014585073,13102163319658187846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7660 /prefetch:1
    3⤵
    PID:6312
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3045177489014585073,13102163319658187846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1
    3⤵
    PID:6392
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3045177489014585073,13102163319658187846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
    3⤵
    PID:6888
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3045177489014585073,13102163319658187846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8016 /prefetch:1
    3⤵
    PID:6960
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3045177489014585073,13102163319658187846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:1
    3⤵
    PID:6964
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3045177489014585073,13102163319658187846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7568 /prefetch:1
    3⤵
    PID:5236
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3045177489014585073,13102163319658187846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6512 /prefetch:1
    3⤵
    PID:6912
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3045177489014585073,13102163319658187846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1
    3⤵
    PID:6564
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3045177489014585073,13102163319658187846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1
    3⤵
    PID:5592
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3045177489014585073,13102163319658187846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
    3⤵
    PID:3504
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3045177489014585073,13102163319658187846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
    3⤵
    PID:6804
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3045177489014585073,13102163319658187846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6596 /prefetch:1
    3⤵
    PID:6828
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3045177489014585073,13102163319658187846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2800 /prefetch:1
    3⤵
    PID:4964
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3045177489014585073,13102163319658187846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
    3⤵
    PID:3992
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3045177489014585073,13102163319658187846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9172 /prefetch:1
    3⤵
    PID:2640
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3045177489014585073,13102163319658187846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7980 /prefetch:1
    3⤵
    PID:6884
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3045177489014585073,13102163319658187846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9100 /prefetch:1
    3⤵
    PID:2704
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3045177489014585073,13102163319658187846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3652 /prefetch:1
    3⤵
    PID:6592
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3045177489014585073,13102163319658187846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8464 /prefetch:1
    3⤵
    PID:7372
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3045177489014585073,13102163319658187846,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8424 /prefetch:1
    3⤵
    PID:2264
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3045177489014585073,13102163319658187846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8596 /prefetch:1
    3⤵
    PID:7460
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3045177489014585073,13102163319658187846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1
    3⤵
    PID:7452
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3045177489014585073,13102163319658187846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8960 /prefetch:1
    3⤵
    PID:5772
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3045177489014585073,13102163319658187846,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8420 /prefetch:1
    3⤵
    PID:6292
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c MasterSlave.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2272
- - C:\Users\Admin\Downloads\malware-master\malware-master\MasterSlave (test)\MasterSlave.exe
    MasterSlave.exe
    3⤵
    - Enumerates connected drives
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1112
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c @echo off
      4⤵
      System Location Discovery: System Language Discovery
      PID:2580
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c dir c
      4⤵
      System Location Discovery: System Language Discovery
      PID:4884
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c md VIRUS
      4⤵
      System Location Discovery: System Language Discovery
      PID:4352
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=kSS_tDfeLOk
      4⤵
      PID:1832
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x100,0x128,0x7ffc0a8746f8,0x7ffc0a874708,0x7ffc0a874718
        5⤵
        
        PID:3104
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c MasterSlave.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1184
    - - C:\Users\Admin\Downloads\malware-master\malware-master\MasterSlave (test)\MasterSlave.exe
        
        MasterSlave.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2424
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c @echo off
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3116
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c dir c
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4352
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c md VIRUS
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4716
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=kSS_tDfeLOk
        6⤵
        
        PID:224
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc0a8746f8,0x7ffc0a874708,0x7ffc0a874718
        7⤵
        
        PID:4428
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c MasterSlave.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1464
        
        C:\Users\Admin\Downloads\malware-master\malware-master\MasterSlave (test)\MasterSlave.exe
        
        MasterSlave.exe
        7⤵
        Enumerates connected drives
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1320
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c @echo off
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1304
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c dir c
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3700
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c md VIRUS
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3984
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=kSS_tDfeLOk
        8⤵
        
        PID:316
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc0a8746f8,0x7ffc0a874708,0x7ffc0a874718
        9⤵
        
        PID:220
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c MasterSlave.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5536
        
        C:\Users\Admin\Downloads\malware-master\malware-master\MasterSlave (test)\MasterSlave.exe
        
        MasterSlave.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5812
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c @echo off
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:5832
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c dir c
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:5856
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c md VIRUS
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:5872
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=kSS_tDfeLOk
        10⤵
        
        PID:5960
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0xf8,0xfc,0x128,0x7ffc0a8746f8,0x7ffc0a874708,0x7ffc0a874718
        11⤵
        
        PID:5980
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c MasterSlave.exe
        10⤵
        
        PID:5172
        
        C:\Users\Admin\Downloads\malware-master\malware-master\MasterSlave (test)\MasterSlave.exe
        
        MasterSlave.exe
        11⤵
        
        PID:5192
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c @echo off
        12⤵
        
        PID:5224
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c dir c
        12⤵
        
        PID:5228
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c md VIRUS
        12⤵
        
        PID:5252
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=kSS_tDfeLOk
        12⤵
        
        PID:1140
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0xf8,0x134,0x7ffc0a8746f8,0x7ffc0a874708,0x7ffc0a874718
        13⤵
        
        PID:5480
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://thoughtcatalog.com/juliet-escoria/2013/12/16-steps-to-kill-someone-and-not-get-caught/
        12⤵
        
        PID:5884
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc0a8746f8,0x7ffc0a874708,0x7ffc0a874718
        13⤵
        
        PID:5916
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c MasterSlave.exe
        8⤵
        
        PID:6860
        
        C:\Users\Admin\Downloads\malware-master\malware-master\MasterSlave (test)\MasterSlave.exe
        
        MasterSlave.exe
        9⤵
        
        PID:6876
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c @echo off
        10⤵
        
        PID:6900
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c dir c
        10⤵
        
        PID:6916
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c md VIRUS
        10⤵
        
        PID:6932
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=kSS_tDfeLOk
        10⤵
        
        PID:6192
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc0a8746f8,0x7ffc0a874708,0x7ffc0a874718
        11⤵
        
        PID:6252
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c MasterSlave.exe
        6⤵
        
        PID:1020
        
        C:\Users\Admin\Downloads\malware-master\malware-master\MasterSlave (test)\MasterSlave.exe
        
        MasterSlave.exe
        7⤵
        
        PID:5276
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c @echo off
        8⤵
        
        PID:5532
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c dir c
        8⤵
        
        PID:5616
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c md VIRUS
        8⤵
        
        PID:5664
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=kSS_tDfeLOk
        8⤵
        
        PID:6608
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffc0a8746f8,0x7ffc0a874708,0x7ffc0a874718
        9⤵
        
        PID:6624
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c MasterSlave.exe
        8⤵
        
        PID:6852
        
        C:\Users\Admin\Downloads\malware-master\malware-master\MasterSlave (test)\MasterSlave.exe
        
        MasterSlave.exe
        9⤵
        
        PID:6912
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c @echo off
        10⤵
        
        PID:6924
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c dir c
        10⤵
        
        PID:6936
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c md VIRUS
        10⤵
        
        PID:5680
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=kSS_tDfeLOk
        10⤵
        
        PID:6952
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc0a8746f8,0x7ffc0a874708,0x7ffc0a874718
        11⤵
        
        PID:6868
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c MasterSlave.exe
        8⤵
        
        PID:2704
        
        C:\Users\Admin\Downloads\malware-master\malware-master\MasterSlave (test)\MasterSlave.exe
        
        MasterSlave.exe
        9⤵
        
        PID:2404
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c @echo off
        10⤵
        
        PID:6864
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c dir c
        10⤵
        
        PID:824
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c md VIRUS
        10⤵
        
        PID:5780
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=kSS_tDfeLOk
        10⤵
        
        PID:5600
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x120,0x124,0xf8,0x128,0x7ffc0a8746f8,0x7ffc0a874708,0x7ffc0a874718
        11⤵
        
        PID:5604
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c MasterSlave.exe
        10⤵
        
        PID:6204
        
        C:\Users\Admin\Downloads\malware-master\malware-master\MasterSlave (test)\MasterSlave.exe
        
        MasterSlave.exe
        11⤵
        
        PID:7424
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c @echo off
        12⤵
        
        PID:7464
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c dir c
        12⤵
        
        PID:7744
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c md VIRUS
        12⤵
        
        PID:7820
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=kSS_tDfeLOk
        12⤵
        
        PID:7924
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x100,0x128,0x7ffc0a8746f8,0x7ffc0a874708,0x7ffc0a874718
        13⤵
        
        PID:7944
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c MasterSlave.exe
        12⤵
        
        PID:7932
        
        C:\Users\Admin\Downloads\malware-master\malware-master\MasterSlave (test)\MasterSlave.exe
        
        MasterSlave.exe
        13⤵
        
        PID:8008
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c @echo off
        14⤵
        
        PID:8040
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c dir c
        14⤵
        
        PID:8068
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c md VIRUS
        14⤵
        
        PID:8080
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=kSS_tDfeLOk
        14⤵
        
        PID:7380
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc0a8746f8,0x7ffc0a874708,0x7ffc0a874718
        15⤵
        
        PID:7392
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c MasterSlave.exe
        14⤵
        
        PID:7688
        
        C:\Users\Admin\Downloads\malware-master\malware-master\MasterSlave (test)\MasterSlave.exe
        
        MasterSlave.exe
        15⤵
        
        PID:7696
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c @echo off
        16⤵
        
        PID:7720
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c dir c
        16⤵
        
        PID:7464
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c md VIRUS
        16⤵
        
        PID:7756
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=kSS_tDfeLOk
        16⤵
        
        PID:5180
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc0a8746f8,0x7ffc0a874708,0x7ffc0a874718
        17⤵
        
        PID:3704
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c MasterSlave.exe
        16⤵
        
        PID:8076
        
        C:\Users\Admin\Downloads\malware-master\malware-master\MasterSlave (test)\MasterSlave.exe
        
        MasterSlave.exe
        17⤵
        
        PID:8080
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c @echo off
        18⤵
        
        PID:2260
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c dir c
        18⤵
        
        PID:5596
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c md VIRUS
        18⤵
        
        PID:8132
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=kSS_tDfeLOk
        18⤵
        
        PID:5712
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc0a8746f8,0x7ffc0a874708,0x7ffc0a874718
        19⤵
        
        PID:5728
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c MasterSlave.exe
      4⤵
      PID:6592
    - - C:\Users\Admin\Downloads\malware-master\malware-master\MasterSlave (test)\MasterSlave.exe
        
        MasterSlave.exe
        5⤵
        
        PID:6728
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c @echo off
        6⤵
        
        PID:6752
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c dir c
        6⤵
        
        PID:6804
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c md VIRUS
        6⤵
        
        PID:6812
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=kSS_tDfeLOk
        6⤵
        
        PID:5948
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0x11c,0x12c,0x7ffc0a8746f8,0x7ffc0a874708,0x7ffc0a874718
        7⤵
        
        PID:6944
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://thoughtcatalog.com/juliet-escoria/2013/12/16-steps-to-kill-someone-and-not-get-caught/
        6⤵
        
        PID:3272
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc0a8746f8,0x7ffc0a874708,0x7ffc0a874718
        7⤵
        
        PID:5908

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3492

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x324 0x2f4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:468

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3020

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:5028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
390c19203f97c52758d1dd26c828d666

SHA1
98b32ed9a10b61774d3172086a87890e7a4ce3e3

SHA256
a2e06dbacd8cd632b1d3f23ac50f2b5beea948c0861ad7aa7c0816f4811c4efa

SHA512
b88fc7b850a8b168f777954749bd739d0cfe129f397d56080c16e24a92a90877cc732b3fcf166bee46ee1ef822e198c237a37478e9bad14564a17b4fa6302f46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
74e31252bcf6ad202c5b9fe5df0659a6

SHA1
8c969a20c834098021364d1cc3293bbec4bfb261

SHA256
f4c9d4007bafc5eef25b00abd03db6e2a815dab96b9f2c1bfdf785c3db54e157

SHA512
b07a8d85a0a7025eba294f1f8862be7480e492e3bcbf49fd22a8dd4de0d2ee35c73471f4b575c34ba3ea82371d36fe8815d8432d3a1e0ebedb0fdf92f7b0b720

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
72fcf5993ae3cf097597c02f9367cbad

SHA1
5332fc3724fbfdf03cc3109c3d4db775f268e524

SHA256
d50599999a6ccf4e88440301173788ffe7161b51afe329f37d34d3a20e35cd80

SHA512
dffb7dc38c4c20fbe909658ec492ceb66f79be1c47a6ca19fdef9462082dd374670284e6ab1a70a759e7565d019268b07cdf73ca48400471580c86308121d912

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
f8f0606e42622ab2216603dc59011429

SHA1
32d3369b861f3ed581c7084ecbca1b089b48645c

SHA256
344f8e664b6b40cb411c3b7151a831f021f3708786c3a2651ada4ed2ba684755

SHA512
72a6f9d4de18aba65af23fd9450107f08170ea41f8a4c81e5040ca680a1adc6588680fffcef9ec4e192c2b7670055eebc43429efc8cde3d48d985815b9123bae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000058

Filesize
380KB

MD5
3df0d4d4b188762d9349bf357acd4fd3

SHA1
b7e255c58806e205af780a7a6d6d342f568fe9c7

SHA256
3076b5d1d1ba1c66e03ed731c775af359f7b275ccd22a5df6a15de0fa55e43d2

SHA512
ccd5e22ccd00ff5ca6f7f08f95293f4f8d09e6c13670070d760300d394e945a7af3d7df3e74a19f0093a8ab771efc3a7278768d2caed43a1808746308025312a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\03f1de3522d488cf_0

Filesize
67KB

MD5
3a075a36e17edeba91604638d557d48b

SHA1
c7b05dabaf1edcf56355a316a1001f7fe140acd5

SHA256
f2f78c69f9f183849a2606dd4b1a46c4cb323e148e54b06901dbf73247c77c80

SHA512
b9941b6e0b9f7fab0a447b35a6d8ede272fe831479e19d97f726beca266bfdeb83a67b058516042e653cca8f1a31d4132612fa91cb0b20e4bfe421bd69573d5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0f834b0477f212f2_0

Filesize
298B

MD5
fb4b36e0708c055aca54cc8d323cd710

SHA1
105b57a8e8a8e27d1b5a6c848ab01ef8b8a7c1be

SHA256
9d72e0f0ff1f43b7a3745f67f532a2292d2965d073597b3e95148e5ab7900258

SHA512
f6ca0518476c8de674a2e2cf7a56a739fabfafee64216e3193071fb0e46fc0fa82ef748fa324ffc73b00c69d23458adc2c1c0e2070fa3130877da6d7add7cf5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\295654bba1942dbe_0

Filesize
3KB

MD5
bca53b975cf8159804b06968f7732ff4

SHA1
7760e56b8b65f0e56567706eee15dedc38e4dfd0

SHA256
49f8c5b31ad04bf47e74152b223e16d0b6542e582a223882d5b6372a49f71ccc

SHA512
7c7b5ae9f58ffa1739ff96c053f3eddf7d409b4c29c15724f26333de508a75f2d9e57e9c3bf4f1c5083db2dc2c4c71a172d659f98e20a87ce948bb704b770699

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\302aa5d0f1eb1ff0_0

Filesize
279B

MD5
f93c10e47ea7e1582d81353eb8466ce0

SHA1
45d7b1a9672f37fd883e73c45ccf2ad6dd6b85e7

SHA256
44e8e27440fd44032746fab34075ab99d80da27dcd90266b70d15c348f997a7c

SHA512
c21e897ef1c91ce957f8d7599761b416439b87da7f6c83cc84378b7928c25214064532451e95b05d7fb5e9ff47d5eda40e261645b24ff43b2afa35f84dceadf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3347005875c236ff_0

Filesize
3KB

MD5
56906b893b17b8a8162f6410dfd4a040

SHA1
aefff82895ac535418a2ebdf0b2c97e69bf7e6df

SHA256
f8ca1da65beaff208f0392714ee7f153cfcd57287560887520b247290077771b

SHA512
99eb9dc1f3d4d41e30043c0f62c2cbf630df2cfa420dca898ccd919f9121933ada9fdd7786b0c3d1c8ad97e96e36b87f81a5a7bdc83b22310311424af4ba10e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\335e69ddec2b9ac6_0

Filesize
7KB

MD5
9202726223e9a90b6c87a73678c05184

SHA1
0d26caa8ba5c667512b054c6674af774f39959d4

SHA256
7f209789c08fa3a6d32180e54c8789f8596c4cc11ecf10b3c4eb32015361fad0

SHA512
024bfd30ac410b5467f18a5525785b54369644b0131f1dd3ce6e229742947e2f924ad3558c25bfe1679ce7a362ad690512f5916f8716659e92725513cc227f22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4429108901655eda_0

Filesize
9KB

MD5
95c5102a1f422f2c4a2624cc124f14b1

SHA1
ab6e3aaf5cb8c1167c8979b2870caba9137344a0

SHA256
db29a0551b09a34e98b7220a5477e47db86fe3ce7f7b0cb826fe20b5540a50cf

SHA512
14acdea89e59806b5634f555e84cb4b8eb318b115fa6378be5543667e01760256db970029b2292c191caf2978854527a37340d60a95b7b2cef751e8e63f6a296

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\46c510bd2f5b4ba3_0

Filesize
55KB

MD5
35921efa0ef0b88c8074ec12455af7b0

SHA1
fa0a5292b18ad10f267355adc8bb99dd0113e2de

SHA256
16185a5869c7f48fddc917581569a2f1d5829c3e63be81f923206c711be6ed77

SHA512
be414766ed399bd452e1fc7505b1c2c3f5e25887199c18772ba1a6fee78668128de89469e0e9adf1747c24bcb54a9a9a61050c9938d4541a9d836b0a9c780ccf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\557b0a327b3dfa14_0

Filesize
349B

MD5
0b053027a1ffd9ce5d761667d9f7dc14

SHA1
e6b6474935b0111fee5ff5499d1dc6b4d7db3ada

SHA256
808b21fa7acfa4aae90f64f93e74747140a9470dc04b5b0e09cf7350cfcff14b

SHA512
829dd61ff46b86a1a9e64789cbef55ebc21a1759236d453babd7f5a8fcc1683e115e1a4e7d1ab0247752ed223032a6552044eff4e92c2f5a97d063758da6f678

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7fe5f7b540f066db_0

Filesize
25KB

MD5
cc07b8a11709d0dfab1b21e6fa924880

SHA1
d95b4bd94be9b12f3ebc2a8550097f43f6d11a89

SHA256
187b8a2a07197d023b372169c72b7f7c70cf671034e07ac9b5769126e3ea6b65

SHA512
517d0a6be46d07ca92a15ba02e711a2711cdac4eb49000a888e5a5eb27d7e3dac8397f11635715f8428e385ce5ffc4ba40795fb2001b2b359d674d31c43bc882

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\840a9b4875b411b0_0

Filesize
1.3MB

MD5
0af8ed5747f0feeb24f4c63a96831217

SHA1
4caf0629de89b7f1374d14c7cd10f79667897f13

SHA256
55e86d60563a7353a11a1192f1462a296ba868787baab36496d89189fd5e70d9

SHA512
f6839fd9f56e8d966a5af600283b558acc32925eaf633ab3ae3c1fdf598761fe18f56a46d9632974921afe79d0736d6dace7113b4c5e7ceaec03defb47cdfe4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9279784eecf87c32_0

Filesize
9KB

MD5
94ebfedd16b09cdc303a7429ce291846

SHA1
60fb8ead4761855d703f2e4870eb1231a8265871

SHA256
8f53d1e9d29d8ce92f1d04c720e7827d9f50566b34deeb2482647a2a5fb891ab

SHA512
ce6401efa66f306603fb0567e7380223a033a9e6c510ed5b4de273ec36f66fa06ed79191f82f68eb3416a62be8b0b60475e32bfddada8f08828de92efe0febe4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\97452bfa04ffacb8_0

Filesize
10KB

MD5
02b2ec0c5af59746e5f90a4d4f86ae7b

SHA1
91dd932cad1b6a40cd072f26e04b60d9d861e009

SHA256
7f546ced5dde149f76a4c971b312c1cd9e35421cb4bf1ab301bb16bd10bf7666

SHA512
a635ad0c8d3a18839ac2628e6efded9df709701e7a7a9904ef6979370c472036e233744c27ea93ed45708e9adc878e944cdd17916e97c787bb151c16f87510e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a9962c444657f64b_0

Filesize
7.7MB

MD5
96114dd52a50a680afb961afd4a89218

SHA1
a6828c8ce1f31ee9073c55b84447941663583287

SHA256
ebedac0c89de2bbd63514288d854dd6f35e86e5a5ac584b9a4f83bede8d5fe81

SHA512
aed685c461f52eec66961b734e3d0a6efb465b48c8519e604daa648c816c2266b9798fbc73ea9a371f42518ea281f138c898dab17276cc01b6ce7cf7a087f4f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cfdf9cb92c6a6088_0

Filesize
281B

MD5
a23ac2401258d1f02e2a3e0ef1a64d8c

SHA1
b57174529e7641a57571e9971883d4dc04afc789

SHA256
48b5791244eaa04f1651300a60170394235a3b46ff1b16e00814e21272a24a28

SHA512
c3e0d9b16c5053015ee1f60c4515eb2d8c11a5ea35327482aea639fdb95d3ba24ce507bba355f3d1511dd2392e091211ef8efcac27d18822f7aecd560e476d5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d1c87fcc57a928a2_0

Filesize
60KB

MD5
d0abb31d9b3766ce5089f3da15814f89

SHA1
df084f41fe9751961b2b39d1e9800aa6a807075d

SHA256
b5abc8683e5d321086516659c73bfd1f6f4892d5d3cd87dbbc3953c76ae284f5

SHA512
77b25acaeb1231f301a34353f01700d9f159e49f8df2f3a8c545497464b2ee86e3c201c85c5d2d79ee185d7726eec6bb7e3cc090ca358d84f6b970ee04f25f84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e9545717e6d151d2_0

Filesize
57KB

MD5
fd171eee5c041bc0e6c2e4a6a8851429

SHA1
f213621be5b400e0093413365d087a505261478c

SHA256
8d56c270e4ad9c6d19066e613706b041cb6ecaab185f516b77121b315c4f808c

SHA512
18b59e260c16d32cdf694b3defad4db2747203c9116f3917e95845ccd39a77a9c68fe553ba6e6463c558a531e724b23a550e35f07ca8f69011b7850095ace170

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f165b4ae2b6d5b07_0

Filesize
2KB

MD5
6810c902a0deb5e1fe6fbf8a864d7505

SHA1
9baf0a43c491deaa159fdd55820788731fb7a67a

SHA256
29b5822f936906a3c678ff59bd158c73cb62df9511843b8d3cd96e68e67eb19b

SHA512
9ddd06d1415f359058d1b33a99cf953ee1a8a7d7313f6c51767bb004e0c2adb5b994199bd2c949e7c969cffb1560a8d75cad6ccaee335f29c62ecb5a74f698a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f32467c5b3de2b7f_0

Filesize
40KB

MD5
a2c12ef1c40841754cbe9f47f54c1bfb

SHA1
7c3232e3c6cedc242209940324972fb35202243a

SHA256
90264b2edc2fa77e1fca5008163ed859d61f7560e4c7b7817f825d4ea3785bb6

SHA512
36ac005f2895bf6d17fae6cc0dee87767ab38273a6a9e7b6b90f3758433b7efff032527e3f5676c93364e5825f447623db12c89cb54be8efe05e9a2fc5ed5cfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fa8e2c001b2b4c10_0

Filesize
74KB

MD5
a44293e51a006dca74688c6efb42b9ff

SHA1
e76160257f31dee74a74658f1ed848de3f204f60

SHA256
4cea6ddc841c1a3a7ba8738aded1bc8c9e959535a33074dabfe133094c594d8b

SHA512
04d867681814a74030776b0ed40d7bfe0e906a7df69b22d0e677a74f31fb355b22088178f5ac4ed1e14c46c0c694f80d9d4de927b99e155ebbc8d3e5e34b5712

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f4564de703662c43cfcf5c23e54a5700

SHA1
db121c909a1d7359c1f7ec2fb89f3d4029b23a8e

SHA256
ad9350a3fac50044e0594cfeddf2c102a83d55888ce10c9eb8386f50d77881c7

SHA512
c0558ba14f3284b0f1414551066cce59f85089bcaae6ed2eed1937ed79a18edd980977c74d0cc114108068ec9ac79ecbb506065de736db1088b60e46be60d987

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
91c2ab7da48e26c7eee22bc60705dcf5

SHA1
8277f77f72e1244f1e6ac67e104c7515183daa83

SHA256
23eb914aef225a206b8044bc5a91f44f2e4e40a57052b22851df663b694749f7

SHA512
1f03a760c39fb10b876d3f9db7185f6e30a5635e0778cee9040ab7d4147519929a775058022da873db321682062fe67b038b1aace2c42fefc66cc1559cf5c5b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
8c55494f0abb9452d8801ab62811b3e5

SHA1
5f506b25b59fd32f5580358517266d4130114a1b

SHA256
70a9fe685d3ce3f2f1f87162eedf17eb20045aebe39bc60d07ed09f659b63339

SHA512
2873ea291c147dd4cebdf0ebd75a52003664421ef8e166ffe048870c8cd26f1c93ecd5d6e83afab8ae8a59383bef7a063cde3c7d0b6fecde43572597a25dd75a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
19df175f407f6b424650b5bd1af0ecc5

SHA1
b46792a5729341dfb69dbc1be5b0e499c4b37d8b

SHA256
9cae5a59ab28ac12279531c834e8261b43258159289e94928b1146d0b6226f13

SHA512
86f9962c0b8b154aadbec4a7a11b8d5af27f187248209a4112c6ff025af97256c7a42308a4841c6f77915e713b31331abc10024b51f29a57c9ccf68e3fb15331

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
2aefd64d0c48677273884737007d3b9d

SHA1
2e5016f58c35772afd7c48cbb279070eb99fc967

SHA256
a90939ecb0331d1dd0137079639047049e2d5bc54cc65e5c5a0fb9ea2355937b

SHA512
152503f195ca61de5b9a3fdf8cebc00f02a6a4dc06e9521ac8ebeb7f9c2e047bdd46236e2b934602ec356e3cc6e4bd33e1f8b72fa4b585be1bbd3850449eb05e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
9d7c0d44af3a769f61ac072a00be0c94

SHA1
50254a8c9f87edd2ce1e7b9387d99082eefa50d0

SHA256
10052764184a4a3553f60dcf23d07e9fbe17d72bee7dda49c9ab7c21077d71d2

SHA512
39a2be5def353cc24caa67406c5a9ab4d26f7d1af1cb476970674b726780def056a7d3ebd1678954bccca86fc5deef99fceaa71fdc787e7097343f501d5e47ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
1KB

MD5
b174e07d9eedf9c0829c6b28021f77fe

SHA1
a2f0d1581657bf1528ac91804e848f9ff9db357e

SHA256
568d45a1ed98439bc8310f2b1a6c952be43c4650ab4ce75bfb49d679cb6e4172

SHA512
d66fb1897c3d86eb34c0093b347e35a13087a7b456a22a049b87a833427191a07b20edf3744baad94f8d1584ef595aaed0066ee816b397ecfbe52d348b4cc7a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
3KB

MD5
1ff79f1112b6af416d6f69e41fd4d595

SHA1
1d57ea3e1c47035305403eb2bb76f47df0aba265

SHA256
c98664426ca24b021e7785ac7a5f0e7ad17567c71695cae45c84e9062005474d

SHA512
42f9015f22c9f0c4b90d9962af7a13d34d1dd733551bffdb7edc00f3b5b7694e04b497fe857133255627c2bdbfcf687b1abcd603aef55e4135e589225b310991

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
75f1789c5a6a766b3a6de85aa92d7811

SHA1
e16e224d1d2a4a181a6808628e86de967fdcce08

SHA256
98e4332db63eb36d290407778a556e7400f7f64d6e7d7692a5b3ef23cfe269c2

SHA512
844c3edf9cef7d4756ad19bbe2266b57ebaee902cf6bc8855c0d1530d358970c2ffbe18457fee683efebb4b0e939f301a14981b71e8b869a73b9e8f98c5082f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
255B

MD5
d11edf9e08a127c768843acea41d0bc5

SHA1
ff1af9b39de4a3f547407fd9864ffdd2bb6c7354

SHA256
217e4d9d1412e45abf7a653f72a5ab8b53bc8fc6f377f52a042668a41abc7478

SHA512
92c3f0def567b0e2f2523ed25eb9d4abff06070b8be744fea4a6678f25f292439d7bc0c8015eaa6281b7f43149eebb3d3821cd6d6436598481113694b11ddea3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
2aa54a6ed362e33563a4c0655b7b9c5d

SHA1
ae0e0c2b7cddafc52c3cc2291619c6e6a6ba6714

SHA256
3ac7ae0655d103a4ac2d4d080f27ba0e29a4e2961768ac026fc14ecbf07b6b0a

SHA512
63b1dcc6850234770a46658f3bef545fda4e070de3520b0ec3f801999849caf6e21def87278b7fe922f65c98bbe2e6fa756b54b76834be1fa31e311e709bb2c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
155977e07285945d2735806718cbfda5

SHA1
210f76fa5e1c948ece54bec9efc4ec54cd1c22c3

SHA256
3de06f84b9f32317f0f902461c1ed16fd6c738fb0ee4cd6fce31fb9341bf8287

SHA512
e8ae85b7abe5dccbfd68383e8141e445985a6505705dd1acf6bf59190a274492e318c957ae09a7cfe9fd3923dc6de5fcdbbd5f71fbbc92f397b5622e16ff9868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
8d40622ea7cb2895a69a0cf578bd186b

SHA1
074290bae3a75b254059441dc6c5ad8a3ff22aca

SHA256
22edc2170ec94bcc8cb6fa99401754b4d26ec297bbee3b86b4f0a19f4ffd1247

SHA512
433ff14372356de39e3bfc1e572372ae4259bdd1f36853b89d3dbf9fb511c8392b46b79baf6e5610a747edf3a2b0782aa2e2621ac145e106ae3b4d35aaf9bc9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
e15cff421cd7e53d25ba17388e108e1f

SHA1
43bb4a0f2327ba06f808a0488fffbfc1e93dbcdd

SHA256
a150de5d2c5719a819f1ee6713f8255931e442ab89bd558f60b519855fc12fcd

SHA512
432bb921cb0a136c8396945edd41bbf8b00f1ed21e8db544037a1313191cac881dbcacb4c68bdca1a4abee7f4f458b7eb5aedf974ae78eb21d5a3b8d35a309c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
7f11ee3a175b788e05229ec216db961c

SHA1
0dac89e3e6bf6caae05acc27ebccd8decd93dfaa

SHA256
14b57df5cddc5e9a96ff34f358a9412c14404f369c340c9249e5164eb378c532

SHA512
eec91311eaaec1cdbb7db54e8ba9c2c74c3f3ee736b702776b3c79fa4b2a6ae12a0ce028aa2bb46824abad181b7e0c0561bd1764fe6f6c595a6f7c40739ae44a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
1c3e6b8676f899af3b8d7d73de9eb908

SHA1
ea876b144808853a8d0ca75a8ff2c0a5f67030c0

SHA256
c3b1534abb9852375719b1cf9aa37a7af7ba6c79531f520aadf26b7f2aa2fe0b

SHA512
bb2f20b355cbc046d3a1d68c4b03ab0fbaed9b4c71a2ea706756498a9d147926f0d07d4feb570dd72025941bf916d95d9ca6a893d00a3d0a454a302084a3e439

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
42fe188e6532bb919de0743e5aeec093

SHA1
6249c970e920f86c18b68a545629e12276fb799a

SHA256
adbe452e86baf2553d7746e9dea9fa58b5a224d9dbd36fdd6c8c3e8d46733216

SHA512
596b06f41aaa02984ce838d8496b832a2a31458e85d522813e1b3bf6b0cd9e08e8eb3b55e85c102a2ad8450eec54c61b1c68cc8f682cff540310d2c05bd74f9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1cd0965c3781e4a2ac122a45cd346c39

SHA1
9b9d63dd559208971164ab84870c45e1cc948df8

SHA256
ef1f8b3f7125e6cdab2815c333b4b65038874cd1e3a7d0fcdcff264bf52947e6

SHA512
db6021ce49c01a843c2742f55fcc99f57550223f9cbf72a20dd1cd6f0fe89175ac0d75dd2bcce3b63f7733aac765a04dd75db987b6e96d1399ecdd932c183e09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
b56953600a037228bc0fd58826051c89

SHA1
3926f47aadaf3155d11499bea0bc9139fdcc8425

SHA256
3ba591a96228b40f70096973ed0a422c997d2deed23a98b16546bec424b5a5cb

SHA512
dc909d8e725ae1831ef0cdd68704f83e37497d1ae83986501c12e5a47622f7150294381ff8aa70aff785ad5838686fda243508ae61c60cf8412667ad05c056a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
1a28ab1db3462fec6647cf6f8ce63fac

SHA1
30e7ad4a1e114e4d807da810509e448acf78a64c

SHA256
1ef87d57dfebdccc299ec27530e2140884c8283267f03ddee3054e64cfe293a4

SHA512
2571ddbc60e02b870943288bc8437d0918e129a57eb66e204925ef7e488dd02abc875379119707f0a468eceacc221521d1b06ffd13438ec90ebdeb6f008ce75b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9689341e-a90d-425d-9e9f-cf5e1b2a7a01\index-dir\the-real-index

Filesize
2KB

MD5
f1ef8448369866fe397c7a77d1459259

SHA1
86e7befb023b5ef6c79827338eb108b3996b9399

SHA256
e11dfb30fc9ee64a75c4b7e9654587aa3d7cf5df27cf134eac4139210137633a

SHA512
933ab71a130a1a5d7b0d53b7f8c8ae2ab34d6fd974197e4e54d55ad0f9a5351b1ad34d33005afa8c6b0d402d6ca6dd4cc139e5dbc42eab9f733388db443a949c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9689341e-a90d-425d-9e9f-cf5e1b2a7a01\index-dir\the-real-index~RFe59f3cc.TMP

Filesize
48B

MD5
9500f13f0278d19ea43bae968a5b098a

SHA1
51ee3c7331861f67ba916cc6b4390e0f0d29330c

SHA256
27c61716e2af042d854731b1ca6e30d3f24222874deb7702b9a0a835f6daca7d

SHA512
9321e208d66260bff68797e2978d9d50a06112001b4a5454e106a4462c8693b00b615582d0072fe9889b6926b9d142c72eb71a1374f49c8a21396d99943b2bfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\dddd8705-548f-4026-8fc0-ed65fe8e6b02\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
986e9d13a01a935c88aedc9edb14ef9a

SHA1
7a8d251301bddbacfc26003dcac216b243ec98bf

SHA256
8fa24ca3dc02f650e27569e4adc334120b0aba479dc49b9ef7c8245a81727559

SHA512
d220c61e60dcca2f44b04e4dd7f5699a7262360e923cf7de37bb1236d2c69f7b32a7eaf33dbddf263165f3d704d65b8d1ceced15bda83c127cb72b1d17a47704

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
c4aaf904bd6f72dc299b92731360032b

SHA1
3babc4fa65d163de2a5e804c451fe81725c202ca

SHA256
a3d9801a64ab986dc9310dffcdaa1432716b8425d34be9fd389edefdfd14dd31

SHA512
8a20106e70ba2d296a59675c9c42290533e05c55004d5734e6ac0e3f4adc1b139ea7d67f4db756cccfe091e36e948a9733d2b1497092639f06f952e1325fac1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
baa3d3cf5612b476e1195070a8e6134c

SHA1
7ec2ebd2f51818319ef06fe7cbaa8f2f1f74bebe

SHA256
65adafed36f38304bfaa9208fce6cfdf283dd00d3e3eb08e95e4b48ebd1f47f2

SHA512
a5372bd24ca73edc99519a88a71020367df4a68c691f2584a8a0c96d4326aaae061bb060a0924ab4e13279457a9cca95508634f29d80416189112e29b3c53ecb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
aead437790a055430ec59f3ab98e9120

SHA1
eae8b2a8e95bb8f8e1dd586657bd1d5c3f8dac27

SHA256
b2e5c4efec3169ce77e47570423fa7d56234649c5b5722166f66599fe8b6f004

SHA512
c8eb2225fea59a7382ba9bd4edbe681a819899bb7bb637140809b31d68610f7513e18363e5d2477f9574e81d03495c03aef554dc1455d93120b95f32ea327117

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
a36383bf2c4fe468d9fbb79809d9e7c4

SHA1
d71ac235eaeb02d25f7186903dbfe34575c49c4e

SHA256
ec6357b7839bade94e42846de62bf92345fa05f5a8e6d0bb8a09dae371d20b37

SHA512
7ae227ba2147356771c145c0d047255343876f1a8466b97060c93616555ed750f7ac937cf761c78a210abf08759670674aa6f940954524aee4ac17226224c28c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
29797d3cec3973a23a9080866df9a7ea

SHA1
f5bc44c8ece416138b3ed74ef3a4bf0cd0a3df54

SHA256
dda9a070c7883452c4a93a2bff1121c2f2eb4681cc07a7247e57594ed67a82e1

SHA512
f8b775d74b6d8937a45d208610978cf570142b5df2b88281bebbab3bfb973bc5d9023d3b8845737c27104784676b4b5697e9efbde1359a869dbcb705769cfe06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
b1158b6eea27aa78b5e5577878d6da85

SHA1
db3ad7b17ea631c6e5d5d5d0f9c28073541d53d2

SHA256
1dc9122969853f092569b30b2c281bef6c9d22d6ec120bfcfe4779231ff9dd12

SHA512
6ad29e839ca6c8ef30b15d913f691c31db45f2de120366d8b40f96c0415a04a949ad25ffacaff4d8f0267a6ec943309a0d465d41f30c2fd63147dc3631b579b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
87dd53a6ffb453ae9ab382fba999496d

SHA1
fb46190e10e732da48d024238c215f06b53a933d

SHA256
24aa6f6f10ce0d214a56471aa2871e4df0a8ec8bd009d34e15890ed7ad99c469

SHA512
592b175fea394ac57dfe7fc2a116d40873107cd654012353bcfb091688ff519522b61d5bc711a5db5f54690c26852e05c6cafb05e7e6a493e20983234c9edcab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
b76eb13d4ff3144cd8d1135f4dfdf50b

SHA1
ce1f529baa297698ca39aa54b5caf2bc48996bf2

SHA256
e2d853453456534897f8fbc3d36d6f8df4a6e6401924dc538336d14813935ea3

SHA512
c3b508d05bac908c67c5baad6c543640d4410d2194bf65cdacf0fca31b40d691da3087d936e661ea36e8ff315237b14be08046793e2946c1568aaddefa9c3b78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe59c46f.TMP

Filesize
89B

MD5
83e7540aae2decd726f204d681d8c273

SHA1
6706d9e947ce560610eff4201576b27af485bbc1

SHA256
0231a9aa45d84713d58bc54f45f532190eadfe777e71fdc6ce7f622a8481e1d2

SHA512
84d82c3fe8e5a0276c73511032ad8574dea98ac90599e3be9766055922ee9782ac441f73b7491b1d51859fbc440bb9e5e87e04540e850c04247e99df34c19328

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

Filesize
931B

MD5
4824e28d8f723fbe7439b466deb7af4c

SHA1
b9b1cfef79bef81ac4c1bb5ad6a27b9c2a52aa92

SHA256
f7ec789a0bd068eb7745f9b19017df7ce0f90ade15e140f025198a8457500f64

SHA512
b483acde18de318e7ccf19efbbab18dbfec3e011f0da5d7aedffc3b051e95ca7652fdc0f4464e166523c5ee020d1009760c89d61bab1127ad1d6ab9a44b0e86a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Filesize
297B

MD5
944fb748fdc7b17831354a5101fdee6e

SHA1
8e2086f98def920596e191725caf94159438b9b8

SHA256
a40093a70787a9a2346c2b37491cd94cbf897df65d729de339f400301f77a165

SHA512
8fd6e062e7deeed9c27e3bb17d1b6804915278645e56bb033c7fbc8e6da3a0bda72600c2bbceafb401d153ddfed2ef032b8e935fc896675c53566bbe2360a6a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
eeeb3bd7945af82a2b7bdaf0b728b54e

SHA1
7973b1b97bb82a4ca9e4660f173d6caf568904c2

SHA256
ea3e7a2c8896d003b2a26b4db72109bc894ae888d98b8846d0344e9ec2ce7264

SHA512
94829849f5a5a9a03cd2c1b08e14c80777e44f1408ed5c0a0b6c7ccd457b6e54f501127ee83f9456fbc8c5547ae4672f77f42131fb52c8c08b9c4876e12c1d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59f3cc.TMP

Filesize
48B

MD5
23bd4162aa5d4acc06fac8834891723d

SHA1
e6ff21f0c765ffa1cce84e01405ad7fc79080a3a

SHA256
9c14ab3c2ccb74e31f9be955c55dee5a05996ac84f203031dad7e83cd63f0d5e

SHA512
c0e4156f6523a80d50e6aede6268cd825d50752d95b177e618155f9b15dbada471c79e342ada25a28f1469e30183dd2d9b7976673c85f5170e1ccb95204e08ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
2KB

MD5
8ba7563ea956c9f6747935a679679dea

SHA1
c77a9bbb8a57ad7dbca4bbd1e397639976e5b5bf

SHA256
b93fecacb4a573504a4d135dbf402860ed180a42ecbb39fe6ac4cb7c1f49397a

SHA512
9f6a9a0153d95605397af86f0dcd9426ffbd0d8e3d237d7de8287641db28abb2927d37f3b76fa364993b5d30e38e5100308cb1daa34fd639b816f0066677fac0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
acaf983ec1ecba539704c89a390fe742

SHA1
4c429fc7134cb0d279884442c857bc70ab96d2fd

SHA256
cfba0174725de02d1e8f8ad952e1cdbb9c2322815831274669ffdb3447ac9cfb

SHA512
269ab63b7a8ca79697157b79e4c200eb0fff34a09c2e255ccf2868a704593b806b721494db2eb12c6ce72cf2b6fc6ad6ecb00100649fa0aa5e5531458fb2ca91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13378660837382664

Filesize
17KB

MD5
32e38a65529fde5185c1134c0f5facc1

SHA1
a5522d480dca997bdd6358109cad45b100c34010

SHA256
211636e9b573d4d3185a4c8b09249bece99857b14dfb1396b057551ac48a3940

SHA512
7a81555671824c7b5779c266843a9a0fbfcb63fc842b8c7fe5aebf55602f56395fa02bbbd6ee310929e0636b9ad684a274567c8a8e0944973b8901708fe3838e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
184B

MD5
67aae48b6f1b2f8676977d891e09862c

SHA1
cad475c970f1a0bd8b4e409b0b44481894c54036

SHA256
95d9e90f284192655e63c8f96ee6cb84705ef45d25516250821ec7c05035a37f

SHA512
a9a3ca6837a3f552611e327f8a29dc1f221e53526be104117c66ce020eaca6030857fe8c06a22b09ed8f7d120fd59043c5fa4e1632d12758a2ec1471f4276bea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
fc468c7188535d6b9f1fe97afcf80135

SHA1
db13a4da0f787a41d0f1399ec2ee7c18b9743b0b

SHA256
1e286c35cf1dead44ef3bf207a2f4783f66cbeff7f9b7d1b7fd4748b6544de89

SHA512
35fbb3c16eb3e240d9a5e26d4d92b0dcfc86c935f1fa1afdb822cde4388e39f35c834052c7128eaf85a78a3a0368d45f651a07eae967f0999c175a5cba0cf78a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
1b8f28653bec2605e8c0fc7c4fcc4ff3

SHA1
4c2c4bbfa4b0cc0939ec4def458ae71903237236

SHA256
9bb2c4f07c22428b75adcc611f6eb97e9308d8522c237c68d603a321df5cbac5

SHA512
8bea0df5e44f6f157f7fe1980a9297d0a1946176fc650f69e4a050f810ab78b13418ff1d6329e729b5a6616c9bdc57de6fce5c3ebe2c7f7f9b2d8aa0d2e7660f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c75cdfc9a78aff2fa682471bb3d895c8

SHA1
95a462abd247e6c40bf8314fccc7f4dc8f70537f

SHA256
03b607c33a1257a2a0e5679e480e47c0093034c83a724d5d68452c796b414aae

SHA512
642da883721c78893bbe9d6077abf9c1f247586f4ea910ec49df3524c0332bace5788fef144062196317f201b2098d51b6ebbd1a13af2743875562eb17739cc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
c60e36f1000136d9c59db6ee4159fd64

SHA1
aec250eb034a4aa1634498c017b53b2de67c5701

SHA256
ffef90207d6ff11dcc61acc163cda91a444a2d25335bcfa45685609d7f90c0e3

SHA512
c730a3b50333315da1e33b00d4d74fe9153eac0d5629b2bfb2108be0e0f2ca3f04cfaebcd4cd40a8d6728a6788eda661ae8cf54e98c12c2d5b80028280157ef3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c3af49fc1fdf15447169de7f04c8c6d6

SHA1
e9b661d94c96d556f40808e46f9faf85f04a458d

SHA256
bee9a92ac4d07c7b92e307ad3ab549a6c268dbd4e6cdce997031cf1b9f3f3ae0

SHA512
f045001283aabeb7d584291a5a561856faa8b8359ab68f6983b2171c8cf6f6e7ae06a0fa27a999b1fc6cf23180af68ffbeaad436a6a2cf908386fc3b5fec3f8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c96bc51be4e13676aaa0380ae0d9b947

SHA1
07adc04a2aa8e65f1e84f0ac1eafc2501bad5c25

SHA256
9c3a42111d2968ecb4e065a9d6f5e13d1c3689b84c24f063cbdf375a7da4d2a8

SHA512
34a59bd2e02d50734a31d438ece552cb8884d94366b5da7f996160a797ff13e26d387a73b55e8c82e8cf35d50de0ba6afb65fccb830911df4836dbd4b682468a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
106ba2e362008c0d721a58958718db10

SHA1
ae52e55e670aeddbe489182df73f9ea715843692

SHA256
40d4007d2011c32e4394fe39d50d1ad3abb9babed1e581c284b173aa1769c04b

SHA512
3f76c008eff32c0c80e15b6a35bacc65924c87838361517a27f41f144afa4b728dfbef270cc21007b2eec3651f5bdef0fcb966f73cd1f12287476975e5bd3358

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59d354.TMP

Filesize
371B

MD5
aea14a46fbd5ead46b515ca4146a067e

SHA1
895d2783351bac31e90c2dd330bdae1f0e332fab

SHA256
aae04a2411479c5203c58ddb5ea4711163ee83e0a3e370b8ff3eddff1bb97850

SHA512
e966afad8708d4c4bef24fc32b882365f57ad441ec956309fbbe3b68bab0049598e7e68fa2e8c9a72551ba18010d26c53a39d54242193e040eec3300846eb646

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
73355106734bc2c274aa6073d864c88e

SHA1
6b4ff06b6da4240f82c5b6d7959601582dea8fad

SHA256
854fbe05f52a29ec5546dc9a388499343cc00417cc10d9da7cc966151ae0140d

SHA512
efa0844de89f305cafbedb792d371311588fd2aa3fc7e67c8e57b4f70647a02969a30873e960c8ede91a32e3812301de50b8827bd083c464138f65e86c20975b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
92KB

MD5
c079e7cec4ded09b413a3781428896e5

SHA1
cd81fa1ff3268e7dbbc1bbfdea305de66635759e

SHA256
bd8e54ba01936cca3ef860d2c8a3cb9a81d30371afc655f14f6d81d0c1e6d8ee

SHA512
49613dc7925a96f456205b0cf2b55bb8f45be33982b667c5fb58b2578dc30360e612c48250f76ae13e447c41f33271690b16512fe0077b13a5b078e9aca6535d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
17KB

MD5
dbdd2ded5bdc713c7218c70711fde9d7

SHA1
d3251717fcf33d0a3922f73ab51622073c85dbd3

SHA256
6d54a56314ae724660efefbb16b9d6ec505b8b0bc3959050409dd37a36738e5d

SHA512
951169c3d0ede2adb3875d45afcff8e9643ba8d8869afc92e8f8ff676d43bbf0e907c72fbbe74f453019af45e0be18b0187a2213987dc2c8c4ed58a3675a2263

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
c2e6b71fecb6b34d79861a7a01728bf3

SHA1
018ba02c2a730daf9532a1ceeb09e05e3730114d

SHA256
ae1c5b9a9d7e743f27f69cd89fc7e898647c5425b71c485181511b00972f14c0

SHA512
0f3d9e10ca348318ea1d6dcbccbd29e06813d2f0ce246fc73f980965401e70fdd0e3cada5d3c34343dd5a343bb333a5f318ced7afce26bc4958c1797cc2e5e12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
623B

MD5
02716441965ae60a30543af5e8d65a16

SHA1
b41d1563a4754f4399d67f86329d76a22dddcda0

SHA256
d03051c7529834da0a7ca6d7be5799f2a726ca72e19c85594051af7af4cf44c1

SHA512
d87aed1c5e619e067b9f34973ba53444a244c42cb8f0c9b3ef1b8f7d68a9cf33976360fcc4d495254321497c2cb20d46e9e2168e2027e4aac6aa7edde59b584e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
d61270dfaa6a7a5c51ba25e7dae16d77

SHA1
3bfd7505754410ebb9c2b9daf7d6941f4d74a7dd

SHA256
b8d798a115cc36bb99db4150d3642c4af4e363179904cb0fdc904b8c35e90855

SHA512
345ec7e57cbfd644414abb80679c6d954e88cb73913669108cff01d308145a8ee38cc4ce0ab6d469677664af4f49630c4b91c8af0c3af3264f93373fcadc84ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
eb23fbbb1fb78d5bebc7ec4b1a62933a

SHA1
de39a321954c3d9c478b0ddb8bbe7c774f00b2fe

SHA256
7953600d0f276928849eb2bd39224f52b2873d16a219338454952b5718a4a856

SHA512
1cc6208c8d24db0939cab682c32da9a61c9f73f365e8660e175c792f0ca9906a39e283497043a2f093b6c050a148f2d85782dd0d0e9f07ed5eba902d4f27aa4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8572a8c6b0b43580ab7a982c75b61535

SHA1
a978d08a5920613e23a312a269fd0f05e3744f53

SHA256
f851c0f4607fe2093332ee7fef9f233b141093ca9bbaceaa774b48648dde69d8

SHA512
87c33ce16a99cf5666494dc6df6a366526eef5f6d8d496d6cc62203da54785fc6da3c06fa12ecf4b98188f9865df21aaa180983eb919af0abec4b42b77e9d563

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c763912f78e75495e386f7c69a41d7c0

SHA1
509cdfc8faf31a4107a737cbd52acbf9a657bd53

SHA256
8f3f47eeda85c56b08aaf866f3eb934c693a50f0cf0338cabb7dce5612285d57

SHA512
b07f43dfb1f52c39c743f2d5613e7a4b025f8eaddf2680212a8e5dc274404bc71a20bffdf05826de02b2de1092a850615dda84164c26078833a3c530799427bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
aefa6168ad93e948bd01c9e837ac5f0e

SHA1
fa94e074b15d094dbbda57d1eb6721fcf628428a

SHA256
1264b355eabd6c34e81a4cdb23c002288cf55b73c1aff97cb0b33231ad75bc5c

SHA512
59c71d4f33c41df5992a4021c42c40e8a97e81f96f0ccabe94cfa733d9ad9321c43366930e6867a112131b2465ed8de919b8236d4e16a0c2e2d78a2e71ab830f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
97fa95e38ec85c900477cf5312b02d40

SHA1
9ee5411afa308b3fc76763b1a5a5a8ab94646825

SHA256
a172b9937fce31e1b19ee8e6e11823312238583ebe807a9083c9a50150e94046

SHA512
0483e35cb070a0dcae8b2e349a7e91d13191692f53e8fb7b9fb25347a119533f4c9bc40e281b5f4f68a2db84785e643fdb185e7a3bb3c7757adecf44d636c479

Download Submit
C:\Users\Admin\Downloads\malware-master.zip

Filesize
47.0MB

MD5
5eba758ab6c01a378d8f67c30e327cba

SHA1
5e0040767b9093e337ee6384f8a2830ddf2a0f76

SHA256
5d8e8e31e5529bf443f5d654a21bc0ec836520348ee91b185eb1477d67258bd6

SHA512
e4a8b7760cd6e8f02ae54f9f3b0b9980a9fef6a820ccdd1a5821aefbca8469887c33e346ea216575ccca003aa0c85fd51b7317a0552124dfd8c29e469fbd3d2c

Download Submit
memory/1112-937-0x0000000000400000-0x0000000000907000-memory.dmp

Filesize
5.0MB

Download
memory/1112-938-0x0000000068100000-0x0000000068159000-memory.dmp

Filesize
356KB

Download
memory/1320-1046-0x0000000000400000-0x0000000000907000-memory.dmp

Filesize
5.0MB

Download
memory/1320-1047-0x0000000068100000-0x0000000068159000-memory.dmp

Filesize
356KB

Download
memory/2404-1422-0x0000000000400000-0x0000000000907000-memory.dmp

Filesize
5.0MB

Download
memory/2404-1423-0x0000000068100000-0x0000000068159000-memory.dmp

Filesize
356KB

Download
memory/2424-1032-0x0000000000400000-0x0000000000907000-memory.dmp

Filesize
5.0MB

Download
memory/2424-1033-0x0000000068100000-0x0000000068159000-memory.dmp

Filesize
356KB

Download
memory/4308-156-0x0000000000400000-0x000000000048E000-memory.dmp

Filesize
568KB

Download
memory/4308-99-0x0000000000400000-0x000000000048E000-memory.dmp

Filesize
568KB

Download
memory/4676-338-0x0000000068100000-0x0000000068159000-memory.dmp

Filesize
356KB

Download
memory/4676-337-0x0000000000400000-0x0000000000907000-memory.dmp

Filesize
5.0MB

Download
memory/5028-865-0x000001E62AC40000-0x000001E62AC41000-memory.dmp

Filesize
4KB

Download
memory/5028-868-0x000001E62AC40000-0x000001E62AC41000-memory.dmp

Filesize
4KB

Download
memory/5028-866-0x000001E62AC40000-0x000001E62AC41000-memory.dmp

Filesize
4KB

Download
memory/5028-871-0x000001E62AC40000-0x000001E62AC41000-memory.dmp

Filesize
4KB

Download
memory/5028-870-0x000001E62AC40000-0x000001E62AC41000-memory.dmp

Filesize
4KB

Download
memory/5028-860-0x000001E62AC40000-0x000001E62AC41000-memory.dmp

Filesize
4KB

Download
memory/5028-859-0x000001E62AC40000-0x000001E62AC41000-memory.dmp

Filesize
4KB

Download
memory/5028-867-0x000001E62AC40000-0x000001E62AC41000-memory.dmp

Filesize
4KB

Download
memory/5028-869-0x000001E62AC40000-0x000001E62AC41000-memory.dmp

Filesize
4KB

Download
memory/5028-858-0x000001E62AC40000-0x000001E62AC41000-memory.dmp

Filesize
4KB

Download
memory/5192-1159-0x0000000000400000-0x0000000000907000-memory.dmp

Filesize
5.0MB

Download
memory/5192-1160-0x0000000068100000-0x0000000068159000-memory.dmp

Filesize
356KB

Download
memory/5276-1302-0x0000000000400000-0x0000000000907000-memory.dmp

Filesize
5.0MB

Download
memory/5276-1303-0x0000000068100000-0x0000000068159000-memory.dmp

Filesize
356KB

Download
memory/5812-1093-0x0000000000400000-0x0000000000907000-memory.dmp

Filesize
5.0MB

Download
memory/5812-1094-0x0000000068100000-0x0000000068159000-memory.dmp

Filesize
356KB

Download
memory/6728-1401-0x0000000068100000-0x0000000068159000-memory.dmp

Filesize
356KB

Download
memory/6728-1400-0x0000000000400000-0x0000000000907000-memory.dmp

Filesize
5.0MB

Download
memory/6876-1194-0x0000000000400000-0x0000000000907000-memory.dmp

Filesize
5.0MB

Download
memory/6876-1197-0x0000000068100000-0x0000000068159000-memory.dmp

Filesize
356KB

Download
memory/6912-1285-0x0000000068100000-0x0000000068159000-memory.dmp

Filesize
356KB

Download
memory/6912-1284-0x0000000000400000-0x0000000000907000-memory.dmp

Filesize
5.0MB

Download
memory/7424-1413-0x0000000068100000-0x0000000068159000-memory.dmp

Filesize
356KB

Download
memory/7424-1412-0x0000000000400000-0x0000000000907000-memory.dmp

Filesize
5.0MB

Download