Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system -
submitted
22/02/2024, 17:45
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://cdn.discordapp.com/attachments/1204893083012046949/1210261044891492433/musci_nitro_generator.exe?ex=65e9ea6e&is=65d7756e&hm=360123f7aa3d4195267fdf512abf516ac9670830ea68fd8450ceaaa3aa9ad0af&
Resource
win10v2004-20240221-en
General
-
Target
https://cdn.discordapp.com/attachments/1204893083012046949/1210261044891492433/musci_nitro_generator.exe?ex=65e9ea6e&is=65d7756e&hm=360123f7aa3d4195267fdf512abf516ac9670830ea68fd8450ceaaa3aa9ad0af&
Malware Config
Signatures
-
Downloads MZ/PE file
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000\Control Panel\International\Geo\Nation VSCodeUserSetup-x64-1.86.2.tmp -
Executes dropped EXE 6 IoCs
pid Process 5956 VSCodeUserSetup-x64-1.86.2.exe 5176 VSCodeUserSetup-x64-1.86.2.exe 1528 VSCodeUserSetup-x64-1.86.2.exe 2284 VSCodeUserSetup-x64-1.86.2.tmp 4528 VSCodeUserSetup-x64-1.86.2.tmp 6100 VSCodeUserSetup-x64-1.86.2.tmp -
Modifies file permissions 1 TTPs 1 IoCs
pid Process 5552 icacls.exe -
Detects Pyinstaller 1 IoCs
resource yara_rule behavioral1/files/0x0002000000022706-36.dat pyinstaller -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 64 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.m\shell\open\Icon = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\"" VSCodeUserSetup-x64-1.86.2.tmp Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.asp\shell\open VSCodeUserSetup-x64-1.86.2.tmp Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.h\shell VSCodeUserSetup-x64-1.86.2.tmp Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\.jav\OpenWithProgids\VSCode.jav VSCodeUserSetup-x64-1.86.2.tmp Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.cpp\AppUserModelID = "Microsoft.VisualStudioCode" VSCodeUserSetup-x64-1.86.2.tmp Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\.lua\OpenWithProgids VSCodeUserSetup-x64-1.86.2.tmp Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\.h\OpenWithProgids\VSCode.h VSCodeUserSetup-x64-1.86.2.tmp Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.cfg\shell\open\command VSCodeUserSetup-x64-1.86.2.tmp Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\.coffee VSCodeUserSetup-x64-1.86.2.tmp Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.dockerfile\ = "Dockerfile Source File" VSCodeUserSetup-x64-1.86.2.tmp Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.jsp\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\" \"%1\"" VSCodeUserSetup-x64-1.86.2.tmp Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\.mdoc\OpenWithProgids\VSCode.mdoc VSCodeUserSetup-x64-1.86.2.tmp Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.asp VSCodeUserSetup-x64-1.86.2.tmp Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\.cpp\OpenWithProgids VSCodeUserSetup-x64-1.86.2.tmp Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.cpp\DefaultIcon VSCodeUserSetup-x64-1.86.2.tmp Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.eyaml\AppUserModelID = "Microsoft.VisualStudioCode" VSCodeUserSetup-x64-1.86.2.tmp Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.java\ = "Java Source File" VSCodeUserSetup-x64-1.86.2.tmp Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.java\shell\open\command VSCodeUserSetup-x64-1.86.2.tmp Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.aspx\shell\open\command VSCodeUserSetup-x64-1.86.2.tmp Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\.c++\OpenWithProgids VSCodeUserSetup-x64-1.86.2.tmp Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.ipynb\shell\open\command VSCodeUserSetup-x64-1.86.2.tmp Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.gemspec\shell\open\Icon = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\"" VSCodeUserSetup-x64-1.86.2.tmp Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\.go\OpenWithProgids\VSCode.go VSCodeUserSetup-x64-1.86.2.tmp Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.jshtm\AppUserModelID = "Microsoft.VisualStudioCode" VSCodeUserSetup-x64-1.86.2.tmp Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.json\shell\open\Icon = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\"" VSCodeUserSetup-x64-1.86.2.tmp Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\.md\OpenWithProgids VSCodeUserSetup-x64-1.86.2.tmp Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.clojure\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\" \"%1\"" VSCodeUserSetup-x64-1.86.2.tmp Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.config\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\resources\\app\\resources\\win32\\config.ico" VSCodeUserSetup-x64-1.86.2.tmp Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\.cs\OpenWithProgids VSCodeUserSetup-x64-1.86.2.tmp Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.cxx\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\" \"%1\"" VSCodeUserSetup-x64-1.86.2.tmp Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.cc\ = "C++ Source File" VSCodeUserSetup-x64-1.86.2.tmp Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\.csproj VSCodeUserSetup-x64-1.86.2.tmp Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.fs\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\resources\\app\\resources\\win32\\default.ico" VSCodeUserSetup-x64-1.86.2.tmp Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.go\DefaultIcon VSCodeUserSetup-x64-1.86.2.tmp Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.jscsrc\ = "JSCS RC Source File" VSCodeUserSetup-x64-1.86.2.tmp Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3054445511-921769590-4013668107-1000\{C654471C-6859-4FAE-A3A7-D51D57B16AE4} msedge.exe Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\.bash_login VSCodeUserSetup-x64-1.86.2.tmp Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\.bashrc\OpenWithProgids VSCodeUserSetup-x64-1.86.2.tmp Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.jscsrc\AppUserModelID = "Microsoft.VisualStudioCode" VSCodeUserSetup-x64-1.86.2.tmp Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.md\shell VSCodeUserSetup-x64-1.86.2.tmp Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.hh\shell\open VSCodeUserSetup-x64-1.86.2.tmp Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.hbs\ = "Handlebars Source File" VSCodeUserSetup-x64-1.86.2.tmp Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.hbs\shell\open\Icon = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\"" VSCodeUserSetup-x64-1.86.2.tmp Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.hh\DefaultIcon VSCodeUserSetup-x64-1.86.2.tmp Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.html\shell\open\command VSCodeUserSetup-x64-1.86.2.tmp Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.ini\shell\open\command VSCodeUserSetup-x64-1.86.2.tmp Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\.bashrc\OpenWithProgids\VSCode.bashrc VSCodeUserSetup-x64-1.86.2.tmp Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\.bowerrc VSCodeUserSetup-x64-1.86.2.tmp Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.cjs\ = "JavaScript Source File" VSCodeUserSetup-x64-1.86.2.tmp Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.mdoc\shell\open\command VSCodeUserSetup-x64-1.86.2.tmp Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\.ipynb\OpenWithProgids VSCodeUserSetup-x64-1.86.2.tmp Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.m\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\" \"%1\"" VSCodeUserSetup-x64-1.86.2.tmp Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.md\shell\open\command VSCodeUserSetup-x64-1.86.2.tmp Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.cjs\DefaultIcon VSCodeUserSetup-x64-1.86.2.tmp Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\.js\OpenWithProgids VSCodeUserSetup-x64-1.86.2.tmp Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.makefile\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\" \"%1\"" VSCodeUserSetup-x64-1.86.2.tmp Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.hpp\DefaultIcon VSCodeUserSetup-x64-1.86.2.tmp Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.hxx\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\resources\\app\\resources\\win32\\cpp.ico" VSCodeUserSetup-x64-1.86.2.tmp Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\.aspx\OpenWithProgids\VSCode.aspx VSCodeUserSetup-x64-1.86.2.tmp Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.csproj\AppUserModelID = "Microsoft.VisualStudioCode" VSCodeUserSetup-x64-1.86.2.tmp Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.diff\AppUserModelID = "Microsoft.VisualStudioCode" VSCodeUserSetup-x64-1.86.2.tmp Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.mkd\ = "Markdown Source File" VSCodeUserSetup-x64-1.86.2.tmp Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\.code-workspace\OpenWithProgids VSCodeUserSetup-x64-1.86.2.tmp Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.cmake\AppUserModelID = "Microsoft.VisualStudioCode" VSCodeUserSetup-x64-1.86.2.tmp -
NTFS ADS 2 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 555125.crdownload:SmartScreen msedge.exe File opened for modification C:\Users\Admin\Downloads\Unconfirmed 243679.crdownload:SmartScreen msedge.exe -
Suspicious behavior: EnumeratesProcesses 16 IoCs
pid Process 1980 msedge.exe 1980 msedge.exe 4168 msedge.exe 4168 msedge.exe 4516 identity_helper.exe 4516 identity_helper.exe 2528 msedge.exe 2528 msedge.exe 5876 msedge.exe 5876 msedge.exe 804 msedge.exe 804 msedge.exe 1292 powershell.exe 1292 powershell.exe 2284 VSCodeUserSetup-x64-1.86.2.tmp 2284 VSCodeUserSetup-x64-1.86.2.tmp -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs
pid Process 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1292 powershell.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe 4168 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4168 wrote to memory of 3444 4168 msedge.exe 68 PID 4168 wrote to memory of 3444 4168 msedge.exe 68 PID 4168 wrote to memory of 2124 4168 msedge.exe 90 PID 4168 wrote to memory of 2124 4168 msedge.exe 90 PID 4168 wrote to memory of 2124 4168 msedge.exe 90 PID 4168 wrote to memory of 2124 4168 msedge.exe 90 PID 4168 wrote to memory of 2124 4168 msedge.exe 90 PID 4168 wrote to memory of 2124 4168 msedge.exe 90 PID 4168 wrote to memory of 2124 4168 msedge.exe 90 PID 4168 wrote to memory of 2124 4168 msedge.exe 90 PID 4168 wrote to memory of 2124 4168 msedge.exe 90 PID 4168 wrote to memory of 2124 4168 msedge.exe 90 PID 4168 wrote to memory of 2124 4168 msedge.exe 90 PID 4168 wrote to memory of 2124 4168 msedge.exe 90 PID 4168 wrote to memory of 2124 4168 msedge.exe 90 PID 4168 wrote to memory of 2124 4168 msedge.exe 90 PID 4168 wrote to memory of 2124 4168 msedge.exe 90 PID 4168 wrote to memory of 2124 4168 msedge.exe 90 PID 4168 wrote to memory of 2124 4168 msedge.exe 90 PID 4168 wrote to memory of 2124 4168 msedge.exe 90 PID 4168 wrote to memory of 2124 4168 msedge.exe 90 PID 4168 wrote to memory of 2124 4168 msedge.exe 90 PID 4168 wrote to memory of 2124 4168 msedge.exe 90 PID 4168 wrote to memory of 2124 4168 msedge.exe 90 PID 4168 wrote to memory of 2124 4168 msedge.exe 90 PID 4168 wrote to memory of 2124 4168 msedge.exe 90 PID 4168 wrote to memory of 2124 4168 msedge.exe 90 PID 4168 wrote to memory of 2124 4168 msedge.exe 90 PID 4168 wrote to memory of 2124 4168 msedge.exe 90 PID 4168 wrote to memory of 2124 4168 msedge.exe 90 PID 4168 wrote to memory of 2124 4168 msedge.exe 90 PID 4168 wrote to memory of 2124 4168 msedge.exe 90 PID 4168 wrote to memory of 2124 4168 msedge.exe 90 PID 4168 wrote to memory of 2124 4168 msedge.exe 90 PID 4168 wrote to memory of 2124 4168 msedge.exe 90 PID 4168 wrote to memory of 2124 4168 msedge.exe 90 PID 4168 wrote to memory of 2124 4168 msedge.exe 90 PID 4168 wrote to memory of 2124 4168 msedge.exe 90 PID 4168 wrote to memory of 2124 4168 msedge.exe 90 PID 4168 wrote to memory of 2124 4168 msedge.exe 90 PID 4168 wrote to memory of 2124 4168 msedge.exe 90 PID 4168 wrote to memory of 2124 4168 msedge.exe 90 PID 4168 wrote to memory of 1980 4168 msedge.exe 89 PID 4168 wrote to memory of 1980 4168 msedge.exe 89 PID 4168 wrote to memory of 1820 4168 msedge.exe 91 PID 4168 wrote to memory of 1820 4168 msedge.exe 91 PID 4168 wrote to memory of 1820 4168 msedge.exe 91 PID 4168 wrote to memory of 1820 4168 msedge.exe 91 PID 4168 wrote to memory of 1820 4168 msedge.exe 91 PID 4168 wrote to memory of 1820 4168 msedge.exe 91 PID 4168 wrote to memory of 1820 4168 msedge.exe 91 PID 4168 wrote to memory of 1820 4168 msedge.exe 91 PID 4168 wrote to memory of 1820 4168 msedge.exe 91 PID 4168 wrote to memory of 1820 4168 msedge.exe 91 PID 4168 wrote to memory of 1820 4168 msedge.exe 91 PID 4168 wrote to memory of 1820 4168 msedge.exe 91 PID 4168 wrote to memory of 1820 4168 msedge.exe 91 PID 4168 wrote to memory of 1820 4168 msedge.exe 91 PID 4168 wrote to memory of 1820 4168 msedge.exe 91 PID 4168 wrote to memory of 1820 4168 msedge.exe 91 PID 4168 wrote to memory of 1820 4168 msedge.exe 91 PID 4168 wrote to memory of 1820 4168 msedge.exe 91 PID 4168 wrote to memory of 1820 4168 msedge.exe 91 PID 4168 wrote to memory of 1820 4168 msedge.exe 91
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1204893083012046949/1210261044891492433/musci_nitro_generator.exe?ex=65e9ea6e&is=65d7756e&hm=360123f7aa3d4195267fdf512abf516ac9670830ea68fd8450ceaaa3aa9ad0af&1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4168 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc7fe246f8,0x7ffc7fe24708,0x7ffc7fe247182⤵PID:3444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:22⤵PID:2124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:82⤵PID:1820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:12⤵PID:4568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:12⤵PID:1068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:82⤵PID:1628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:12⤵PID:4640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:12⤵PID:2940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:12⤵PID:3912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5112 /prefetch:82⤵PID:2712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:12⤵PID:2856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:12⤵PID:4412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6412 /prefetch:82⤵PID:1892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6292 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:12⤵PID:5380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:12⤵PID:5624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5732 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:5876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5612 /prefetch:82⤵PID:5868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:12⤵PID:3756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:12⤵PID:4452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:12⤵PID:3968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:12⤵PID:6076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:12⤵PID:6056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:12⤵PID:5664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:12⤵PID:5708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:12⤵PID:5980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6964 /prefetch:12⤵PID:6028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1928 /prefetch:82⤵PID:4928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3768 /prefetch:12⤵PID:4228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3580 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:804
-
-
C:\Users\Admin\Downloads\VSCodeUserSetup-x64-1.86.2.exe"C:\Users\Admin\Downloads\VSCodeUserSetup-x64-1.86.2.exe"2⤵
- Executes dropped EXE
PID:5956 -
C:\Users\Admin\AppData\Local\Temp\is-JBEQ7.tmp\VSCodeUserSetup-x64-1.86.2.tmp"C:\Users\Admin\AppData\Local\Temp\is-JBEQ7.tmp\VSCodeUserSetup-x64-1.86.2.tmp" /SL5="$801F6,97901463,828416,C:\Users\Admin\Downloads\VSCodeUserSetup-x64-1.86.2.exe"3⤵
- Executes dropped EXE
PID:4528
-
-
-
C:\Users\Admin\Downloads\VSCodeUserSetup-x64-1.86.2.exe"C:\Users\Admin\Downloads\VSCodeUserSetup-x64-1.86.2.exe"2⤵
- Executes dropped EXE
PID:5176 -
C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp"C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp" /SL5="$20276,97901463,828416,C:\Users\Admin\Downloads\VSCodeUserSetup-x64-1.86.2.exe"3⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2284 -
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "Get-WmiObject Win32_Process | Where-Object { $_.ExecutablePath -eq 'C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\bin\code-tunnel.exe' } | Select @{Name='Id'; Expression={$_.ProcessId}} | Stop-Process -Force"4⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1292
-
-
C:\Windows\system32\icacls.exe"C:\Windows\system32\icacls.exe" "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code" /inheritancelevel:r /grant:r "*S-1-5-18:(OI)(CI)F" /grant:r "*S-1-5-32-544:(OI)(CI)F" /grant:r "*S-1-5-11:(OI)(CI)RX" /grant:r "*S-1-5-32-545:(OI)(CI)RX" /grant:r "*S-1-3-0:(OI)(CI)F" /grant:r "Admin:(OI)(CI)F"4⤵
- Modifies file permissions
PID:5552
-
-
-
-
C:\Users\Admin\Downloads\VSCodeUserSetup-x64-1.86.2.exe"C:\Users\Admin\Downloads\VSCodeUserSetup-x64-1.86.2.exe"2⤵
- Executes dropped EXE
PID:1528 -
C:\Users\Admin\AppData\Local\Temp\is-RUNN9.tmp\VSCodeUserSetup-x64-1.86.2.tmp"C:\Users\Admin\AppData\Local\Temp\is-RUNN9.tmp\VSCodeUserSetup-x64-1.86.2.tmp" /SL5="$30286,97901463,828416,C:\Users\Admin\Downloads\VSCodeUserSetup-x64-1.86.2.exe"3⤵
- Executes dropped EXE
PID:6100
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2356
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3556
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:5620
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD558670ac03d80eb4bd1cec7ac5672d2e8
SHA1276295d2f9e58fb0b8ef03bd9567227fb94e03f7
SHA25676e1645d9c4f363b34e554822cfe0d53ff1fce5e994acdf1edeff13ae8df30f8
SHA51299fe23263de36ec0c8b6b3b0205df264250392cc9c0dd8fa28cf954ff39f9541f722f96a84fbc0b4e42cfd042f064525a6be4b220c0180109f8b1d51bbdef8ff
-
Filesize
152B
MD53782686f747f4a85739b170a3898b645
SHA181ae1c4fd3d1fddb50b3773e66439367788c219c
SHA25667ee813be3c6598a8ea02cd5bb5453fc0aa114606e3fc7ad216f205fe46dfc13
SHA51254eb860107637a611150ff18ac57856257bf650f70dce822de234aee644423080b570632208d38e45e2f0d2bf60ca2684d3c3480f9637ea4ad81f2bcfb9f24d5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD5aff9cfde65b1271b2f924f0187f292cc
SHA17d2cfb936ca0067a1c8e9cb42cec847985cca8cd
SHA25611109ad2834b41ebac7db0500a58824fbeba465a4e07cacb74c4e97395e78275
SHA5121dadc226520f2802590525a30dc5603ab4faba5128206db351b771af083e27be45b02701b52410ef9639b693e0145322d7bcf508999fa0145c1b83246808e55e
-
Filesize
1KB
MD50a3a8b3b95ea9d2f83eb694f944b0a01
SHA1476a9b1ae212104dae97e2591be31ff61fb4e836
SHA256c08135b681178a06deaf728938d073a49a1a9103be3d18ef2b8f8d954302756a
SHA512cf384ca6217be99b057d65d9022b081414827460c1b53addc92d4cfcb67b2b446029addceaaca04e216334b2db0a4548a9c676379d41cb016d82af3aef8da13c
-
Filesize
6KB
MD54fbd3e5bf46c0d67d13afdec6f8d921d
SHA1708795d467822d705be86ad89c5ead75743caeda
SHA2561fe7ea6912ba5c3310a596f4962075a0cabb3a15293168e4cf2b83d46b9bf948
SHA5125c6f564adebca8a7c166ac872eebda28dca608fc112b258f1d16eb12a982c8045d447ee395072e2801b77a5c97bd68ae682e733459bf9e281c6ae3fc2990f71d
-
Filesize
7KB
MD5c5394e719df9fcc350e4422965e8a13f
SHA18875e9653b98869bc58b056013fa2276fd429b5d
SHA256beb37076be42e86bda48d8ed0fcd22a3399cdf8f30b301865df7b273edc7aacd
SHA5122917e02f22e0274df434e9d0c4a6e22063c1a12c2fc571e7909e83c734404a464bae8c81146575c2db8d428cefe4cfb517e87384c69460ab9c75ceba33d7bb93
-
Filesize
7KB
MD5d722e9f575ab50a1ae23ff04716e17e7
SHA14b6dc896c5784dac89f7ecac269ddd04ffb24260
SHA256b18c65ebc223f4461c18eba361aace5033ff21c3a164b310cca42ebe23c8b03a
SHA512868b9a08ccebc6ad937c53cd7245b4cf06f54c24fd1acc726167f16eda7647fb3db6670ccc2fdd1e89820e0a617f4db9fbc983bf4eb6237062a7ce32d59b54c9
-
Filesize
7KB
MD5f7bcda60a9fa2171c59e3d35c2c1d61b
SHA1420c0082fd99efe133bd4e74a82af9630129bae8
SHA256b20d7696214932ea055eed408a37eaa9998c38b4dbceb08fddae2a45ffbcdb5f
SHA512d555458c1b1cc45b9bd92372d39ec968166d84f1d44edd36ee50997dee1aee39175290a1031976792ae2e20612f80ed8e50a5e0237755fb4f636b86b8a3a296a
-
Filesize
7KB
MD5d0c8760556ec4fe4df81faeadb654b0a
SHA16765933a73c89897d765434ac41f9babcd72e287
SHA2565e755bcb72a6e5c73ac548419771ebc29eaab707fe967a5f3ffb99fcc0890711
SHA5123ae4b9db809c176e0845a0ea192fd693d652c6ab81b40cc9a48272ba654ef135d2a180a6b6e60b84e483579c92c240493935a268fa4da64a2833491aaf81a297
-
Filesize
6KB
MD54df2ad0000165aa4ece0adb43e923f23
SHA199854a3acfaa4c8de93019c9f0c2d4aa9b61bd0f
SHA2566ede77ed06ebf9f7922d0a9ad5a17103b4bc917d563875f8c09a34ba34583d7a
SHA512fe14524a4fd6fa1a3b056131fc6540a3373ac964575b8c9ecb84104d48f5d370188f2eaf1ea1de4b96368dfd3b5d3af2357ece27dba363b36a6c0fa6e23ffc14
-
Filesize
1KB
MD558e07cfe9f06d5ede6efbbfd5affc2d4
SHA1ccd35d8c3e195111bdadc2161d920f49ed6171a1
SHA25691145233bbd4e05e349313f068de3bae622c61eded8eaeb11abee8f3fbaf4049
SHA512b91f4a457519b6d111b6fe7075cdf3df45fd1b998d6e1be0e7f8f2d664348111f6b8af638d7575d9aa21c0110fdac7bfed674924ab209cd2e820c8fbdca5314c
-
Filesize
1KB
MD516b2990b73ff442d9b9dfb8b6451c666
SHA11e0b9014f9146e94398d77c12a527762b9db3cfe
SHA25648a1bf8dfa2007ee2cd0b1ce04f37ee5ceeeb1c38ac643ad7fdafdc5aa076bad
SHA51272d970c6906b043da77babec5f3db8ac8e5e6c4c234085da72cab6cb901169179566b0cfe95ee0a89ec49eac137c182ae7edd94dda2ddf9e51ce8309060bf7a6
-
Filesize
1KB
MD5cb489ce9deb944dd7e24aa0b5d2a93c9
SHA14d89db2a5bc81422767ee734ecf4f76d91edbdf2
SHA2565b9f7c0f3e96eed9e43005908f707e197082b82d9a22c39a79f44c8d2f0cbbed
SHA512161f80fd0b32bb5c75c886a418795e35e38c12a7c71db5cbea76359621ea92085d375a449d4d42096f56fb24f365646b126c0c9b6618ad41f3a1d97e50183c18
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD515fa766847e814654929118399976580
SHA15ca7a5a60c26feb600ddb4800d4d506b848733d8
SHA256af0b28e2c8bd77f4183510a518b765d75b5be92faefbf38791d0ac223df9308e
SHA5121fac469de07a32ad114017c5487d497d3c0e44ea1b6093cdc9ffd9cb9a948d2fa869321b5cd12ad91dc9a877e8deaba4d0db882bab9fee0d089be939bc8cac6c
-
Filesize
12KB
MD5f5ee4766128f9bd539e59b843e356c6d
SHA1d38d3570b068762daa79761fc180a18370d6441b
SHA25685ab819618afaf39711acbb5ad9f6e0fea857ad7fa3c64ef6f97e0ae1e8b896e
SHA512258912d72f356b99403efb4a47194ca004cc48a1c6f7d252c7ffe61fbc6b209f77cd799c30fb0495dc99f33f340389c17ce337ed08e4bf6228aaf2a7a9de83f2
-
Filesize
12KB
MD52244af78b002d6767ffa2a139e9927bc
SHA1cb60e3818004d8ba7adaccd95c4398f9a321f7df
SHA2563a123552ba8db76439ffbb8449bd79b6a1d98283d3050909c0cdb95c2c7c97bd
SHA512d4ba1f0f0caa0f707e1f2de1573d093717e131596c49ede376889b5c45d4d2a77dcdf73f5f66114e713e64af75875b7501e73601441a40ef5ccd4b2268ed03c4
-
Filesize
179KB
MD5575506a8774d119bc036fc34a0a3b08a
SHA187864ccab15ab97a8698c1bdaa7db88d7a8dbcdf
SHA256a8e9fd8d817925e0457587f9252dfd977bf17a4155a7ea67bf230d3283036a79
SHA51239f515f5f7da39fd6e026cc3f7bbb269a60c635a51338073cf752352635936834280a68c1deb46fdfb263293716bafdc31ef569663175b0bea6385acbc36e24c
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
2.4MB
MD5e7e00fe7171f0552c39b2a5effd16e21
SHA184e3931f15639fffeda12c14bece8731e6129839
SHA256826e946bd2ef365115a5b0b7e18f92c04267b349d95111f73fec9e9556193842
SHA512223f52002fb4b0ca49b19e10db35bf13a83f4f7eb0a2b9d6030d1f26c7916134119306a13547b33d71d9069dbfbe22003a081c1bf3f8021d933d261c4f397867
-
Filesize
320KB
MD55de24223729694185d371e8b0e79c342
SHA19f5d123c671956f22bcb787843022f33fbe180ce
SHA256e247dc379a980df690dae32b454eb991bcc55ccf6e45b232144068122fe5d010
SHA512c709c235f5a645abbf387d45bb3b6db6ce37c3e92b4663730109d077cb6eda855ad9cfcb510209237247a565e386f5a83639b0b3b4505f6faa05d01b1b987183
-
Filesize
256KB
MD5155c1887c07ace4e2a4c0572824cece5
SHA1a4ffad575d5499ef5acd60e98e97ff485ce841f0
SHA256025f27926de473509fbc41c07015b86dcde0d98f19ccc43beb7e2c923661a558
SHA512dc2807bc39fdd526db5c97fb6a68538487eba3148101c3e5ee2841d63df6003f5488dca24db70a3c88f3b3d104a61e810976418e11d1eb8e2d4aec980467842a
-
Filesize
1.3MB
MD5fe0e344f65b4f3824fecbc4f08aece17
SHA10fa19a023d7f986b0a7da4d1f5d44c5af746909d
SHA256a73b6530727d6face78cbf2763e7a75c476537e67869c682b45e82e26fea2aa3
SHA51208de97c08ba20ca5d30f0a719b43a07efabb22b271697e80dd4ca9e4f0d4bd28f2738677849fd26840875f0f928acae16b597f1d2699dd6638615ddbaa9f4e89
-
Filesize
1.2MB
MD5243a43997b6f4cd1b6ff8b93278d5da4
SHA173c715d36ece3eaeb40dc64152ba140e856ac9a7
SHA2564c539858103a101f5409b15a63593761855710f1e5e430bdb41fb3e4b9a6efbf
SHA512642a4a560a150d1127869d9ecd1faf0c27278738301dfaa6832beb655d9d17d6168c98406c5fee1845dede45642e92c1fd8c1808e404df2a5fac855e553a34ea
-
Filesize
8.4MB
MD5b2cc572e04d6f74a8be2dff71ec27b12
SHA167ebbaf7e0550b394d57e38ef6e0ce994411b0fc
SHA25602ececbcc249cd1aa7ee69532716790916e45aaa5824224f04eb7cd3040ca2bc
SHA512264a9b0adf0221c293d048d6fea9654d9300ae792402e53a903fff9e88b308eb3ad4cd3530999e1c9d37a57476bc9e70290526ef742cd13c90708dec05b2c566
-
Filesize
18.6MB
MD5108232815fb303a5bc3393e18e157950
SHA1c3eb4243578e08eeef66d010ca3a2064d55e0a42
SHA25638fa888025954400a8446896455e57a0ed6908c8f05ce458d60a81e4244a8122
SHA512d3aa25e298587fbbf99b22a74da9de49a2a6c1ecdba660ac9486b3cfd5afad0b66666892d22a0f8e7d2b73dcdd11dfb41cc583f2a7acd0c65dee5f5a474f043f
-
Filesize
2.1MB
MD5c9ae0891310460f92071eb4cbacaa9ae
SHA1fac5d244a9b87cea85965071ffcf0478a4187f68
SHA256d6bfdff2efa88f519be5c95c9f4c8182c3c5b53ca2fbbb99ffb7415333c4770d
SHA5128dbcdf03fb6e1be897a504799b2fcdef87d394da7e34fd2e00465cce2c39d2ec4c20b9039ababf84dfa93978de4ee7673aa5d1c7fe5adba7fe798f7131c8c4a9
-
Filesize
1.8MB
MD5ef972fb3dc4eca4490da9957da7cffc0
SHA146b2f3bc8bf43cb8a04a4108892ce5cc2d758541
SHA256a2a7cd9b707d8a96ee04ff556bcf036c8ce1883df9d3f4c9f01ebae742fcb9b7
SHA512f5b8d49ca22b18c4f7e3fdec52911e0a9f048836a68822d390dc26e4a30c2d932a016c8d6e8fd8c9000c48186bfba0ca1ede0da7520cf83153e9d6a73629e565
-
Filesize
960KB
MD5409e2f701405236209179f6281c510a0
SHA1b540a0db0a2082cc9a835dd9ad20e57b7d701ff9
SHA256cdb75d5a1f67efc9536c16138a796d2a932935cda4c6baa932ecf078fc5b0960
SHA512a23e3fb3bafb18ae976652da6f916c42753d94d5e5b7807673ae5872bbcd907f96cc8dd2d868230e17b2c61f6863eb67304aa1410bf0c0e80ebedad535cb1254
-
Filesize
896KB
MD58fa616e66cf010e44ae0acd21544cd87
SHA122c7b9015b7686a9d683d68c9bbb8ba22fc9986c
SHA25606c1bcbb63f305ea927ad783a91f9d9b298216e8990d85551a5da49a4a8ff893
SHA51285c43de242729933381cb518b92fa8191bd7befe66d9260c1ee53a102751788f478f823d31f9375c796fa8967b3c08b1bc519981bb2a634f4a169b24544f3ea9