Malware Analysis Report

2025-08-11 06:03

Sample ID 240222-wbz3zsdb8v
Target https://cdn.discordapp.com/attachments/1204893083012046949/1210261044891492433/musci_nitro_generator.exe?ex=65e9ea6e&is=65d7756e&hm=360123f7aa3d4195267fdf512abf516ac9670830ea68fd8450ceaaa3aa9ad0af&
Tags
discovery pyinstaller
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://cdn.discordapp.com/attachments/1204893083012046949/1210261044891492433/musci_nitro_generator.exe?ex=65e9ea6e&is=65d7756e&hm=360123f7aa3d4195267fdf512abf516ac9670830ea68fd8450ceaaa3aa9ad0af& was found to be: Likely malicious.

Malicious Activity Summary

discovery pyinstaller

Downloads MZ/PE file

Checks computer location settings

Modifies file permissions

Executes dropped EXE

Enumerates physical storage devices

Detects Pyinstaller

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies registry class

NTFS ADS

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-22 17:45

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-22 17:45

Reported

2024-02-22 17:48

Platform

win10v2004-20240221-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1204893083012046949/1210261044891492433/musci_nitro_generator.exe?ex=65e9ea6e&is=65d7756e&hm=360123f7aa3d4195267fdf512abf516ac9670830ea68fd8450ceaaa3aa9ad0af&

Signatures

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\icacls.exe N/A

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.m\shell\open\Icon = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\"" C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.asp\shell\open C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.h\shell C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\.jav\OpenWithProgids\VSCode.jav C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.cpp\AppUserModelID = "Microsoft.VisualStudioCode" C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\.lua\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\.h\OpenWithProgids\VSCode.h C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.cfg\shell\open\command C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\.coffee C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.dockerfile\ = "Dockerfile Source File" C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.jsp\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\" \"%1\"" C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\.mdoc\OpenWithProgids\VSCode.mdoc C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.asp C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\.cpp\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.cpp\DefaultIcon C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.eyaml\AppUserModelID = "Microsoft.VisualStudioCode" C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.java\ = "Java Source File" C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.java\shell\open\command C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.aspx\shell\open\command C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\.c++\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.ipynb\shell\open\command C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.gemspec\shell\open\Icon = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\"" C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\.go\OpenWithProgids\VSCode.go C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.jshtm\AppUserModelID = "Microsoft.VisualStudioCode" C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.json\shell\open\Icon = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\"" C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\.md\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.clojure\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\" \"%1\"" C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.config\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\resources\\app\\resources\\win32\\config.ico" C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\.cs\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.cxx\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\" \"%1\"" C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.cc\ = "C++ Source File" C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\.csproj C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.fs\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\resources\\app\\resources\\win32\\default.ico" C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.go\DefaultIcon C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.jscsrc\ = "JSCS RC Source File" C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3054445511-921769590-4013668107-1000\{C654471C-6859-4FAE-A3A7-D51D57B16AE4} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\.bash_login C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\.bashrc\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.jscsrc\AppUserModelID = "Microsoft.VisualStudioCode" C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.md\shell C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.hh\shell\open C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.hbs\ = "Handlebars Source File" C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.hbs\shell\open\Icon = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\"" C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.hh\DefaultIcon C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.html\shell\open\command C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.ini\shell\open\command C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\.bashrc\OpenWithProgids\VSCode.bashrc C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\.bowerrc C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.cjs\ = "JavaScript Source File" C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.mdoc\shell\open\command C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\.ipynb\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.m\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\" \"%1\"" C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.md\shell\open\command C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.cjs\DefaultIcon C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\.js\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.makefile\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\" \"%1\"" C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.hpp\DefaultIcon C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.hxx\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\resources\\app\\resources\\win32\\cpp.ico" C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\.aspx\OpenWithProgids\VSCode.aspx C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.csproj\AppUserModelID = "Microsoft.VisualStudioCode" C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.diff\AppUserModelID = "Microsoft.VisualStudioCode" C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.mkd\ = "Markdown Source File" C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\.code-workspace\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.cmake\AppUserModelID = "Microsoft.VisualStudioCode" C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 555125.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 243679.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4168 wrote to memory of 3444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 3444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 1980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 1980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4168 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1204893083012046949/1210261044891492433/musci_nitro_generator.exe?ex=65e9ea6e&is=65d7756e&hm=360123f7aa3d4195267fdf512abf516ac9670830ea68fd8450ceaaa3aa9ad0af&

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc7fe246f8,0x7ffc7fe24708,0x7ffc7fe24718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5112 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6412 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6292 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5732 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5612 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6964 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1928 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3768 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3580 /prefetch:8

C:\Users\Admin\Downloads\VSCodeUserSetup-x64-1.86.2.exe

"C:\Users\Admin\Downloads\VSCodeUserSetup-x64-1.86.2.exe"

C:\Users\Admin\Downloads\VSCodeUserSetup-x64-1.86.2.exe

"C:\Users\Admin\Downloads\VSCodeUserSetup-x64-1.86.2.exe"

C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp

"C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp" /SL5="$20276,97901463,828416,C:\Users\Admin\Downloads\VSCodeUserSetup-x64-1.86.2.exe"

C:\Users\Admin\Downloads\VSCodeUserSetup-x64-1.86.2.exe

"C:\Users\Admin\Downloads\VSCodeUserSetup-x64-1.86.2.exe"

C:\Users\Admin\AppData\Local\Temp\is-JBEQ7.tmp\VSCodeUserSetup-x64-1.86.2.tmp

"C:\Users\Admin\AppData\Local\Temp\is-JBEQ7.tmp\VSCodeUserSetup-x64-1.86.2.tmp" /SL5="$801F6,97901463,828416,C:\Users\Admin\Downloads\VSCodeUserSetup-x64-1.86.2.exe"

C:\Users\Admin\AppData\Local\Temp\is-RUNN9.tmp\VSCodeUserSetup-x64-1.86.2.tmp

"C:\Users\Admin\AppData\Local\Temp\is-RUNN9.tmp\VSCodeUserSetup-x64-1.86.2.tmp" /SL5="$30286,97901463,828416,C:\Users\Admin\Downloads\VSCodeUserSetup-x64-1.86.2.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "Get-WmiObject Win32_Process | Where-Object { $_.ExecutablePath -eq 'C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\bin\code-tunnel.exe' } | Select @{Name='Id'; Expression={$_.ProcessId}} | Stop-Process -Force"

C:\Windows\system32\icacls.exe

"C:\Windows\system32\icacls.exe" "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code" /inheritancelevel:r /grant:r "*S-1-5-18:(OI)(CI)F" /grant:r "*S-1-5-32-544:(OI)(CI)F" /grant:r "*S-1-5-11:(OI)(CI)RX" /grant:r "*S-1-5-32-545:(OI)(CI)RX" /grant:r "*S-1-3-0:(OI)(CI)F" /grant:r "Admin:(OI)(CI)F"

Network

Country Destination Domain Proto
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.133.233:443 cdn.discordapp.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 233.133.159.162.in-addr.arpa udp
US 8.8.8.8:53 203.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
GB 92.123.128.143:443 www.bing.com tcp
US 8.8.8.8:53 143.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 92.123.128.185:443 th.bing.com tcp
GB 92.123.128.192:443 r.bing.com tcp
GB 92.123.128.192:443 r.bing.com tcp
GB 92.123.128.185:443 th.bing.com tcp
US 8.8.8.8:53 185.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 192.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 40.126.31.67:443 login.microsoftonline.com tcp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 code.visualstudio.com udp
US 13.107.246.64:443 code.visualstudio.com tcp
US 13.107.246.64:443 code.visualstudio.com tcp
US 8.8.8.8:53 js.monitor.azure.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.253.64:443 wcpstatic.microsoft.com tcp
US 13.107.253.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 149.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 64.253.107.13.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
DE 140.82.121.6:443 api.github.com tcp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 20.189.173.16:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 16.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 6.121.82.140.in-addr.arpa udp
US 20.189.173.16:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 140.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
GB 2.17.5.133:443 www.microsoft.com tcp
US 8.8.8.8:53 marketplace.visualstudio.com udp
US 13.107.42.18:443 marketplace.visualstudio.com tcp
US 8.8.8.8:53 133.5.17.2.in-addr.arpa udp
US 8.8.8.8:53 18.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 mem.gfx.ms udp
US 8.8.8.8:53 web.vortex.data.microsoft.com udp
US 8.8.8.8:53 assets.onestore.ms udp
US 13.107.253.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 mem.gfx.ms tcp
GB 104.84.71.30:443 assets.onestore.ms tcp
US 8.8.8.8:53 microsoftwindows.112.2o7.net udp
FR 63.140.62.17:443 microsoftwindows.112.2o7.net tcp
US 8.8.8.8:53 ms-python.gallerycdn.vsassets.io udp
US 8.8.8.8:53 vscjava.gallerycdn.vsassets.io udp
US 8.8.8.8:53 ms-vscode.gallerycdn.vsassets.io udp
US 8.8.8.8:53 github.gallerycdn.vsassets.io udp
FR 68.232.34.200:443 github.gallerycdn.vsassets.io tcp
FR 68.232.34.200:443 github.gallerycdn.vsassets.io tcp
FR 68.232.34.200:443 github.gallerycdn.vsassets.io tcp
FR 68.232.34.200:443 github.gallerycdn.vsassets.io tcp
US 8.8.8.8:53 vscode.download.prss.microsoft.com udp
US 152.199.21.175:443 vscode.download.prss.microsoft.com tcp
US 8.8.8.8:53 17.62.140.63.in-addr.arpa udp
US 8.8.8.8:53 30.71.84.104.in-addr.arpa udp
US 8.8.8.8:53 99.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 175.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 200.34.232.68.in-addr.arpa udp
US 8.8.8.8:53 198.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 75.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 5.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 3782686f747f4a85739b170a3898b645
SHA1 81ae1c4fd3d1fddb50b3773e66439367788c219c
SHA256 67ee813be3c6598a8ea02cd5bb5453fc0aa114606e3fc7ad216f205fe46dfc13
SHA512 54eb860107637a611150ff18ac57856257bf650f70dce822de234aee644423080b570632208d38e45e2f0d2bf60ca2684d3c3480f9637ea4ad81f2bcfb9f24d5

\??\pipe\LOCAL\crashpad_4168_EOTIINYFJGPUSZDF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 58670ac03d80eb4bd1cec7ac5672d2e8
SHA1 276295d2f9e58fb0b8ef03bd9567227fb94e03f7
SHA256 76e1645d9c4f363b34e554822cfe0d53ff1fce5e994acdf1edeff13ae8df30f8
SHA512 99fe23263de36ec0c8b6b3b0205df264250392cc9c0dd8fa28cf954ff39f9541f722f96a84fbc0b4e42cfd042f064525a6be4b220c0180109f8b1d51bbdef8ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4fbd3e5bf46c0d67d13afdec6f8d921d
SHA1 708795d467822d705be86ad89c5ead75743caeda
SHA256 1fe7ea6912ba5c3310a596f4962075a0cabb3a15293168e4cf2b83d46b9bf948
SHA512 5c6f564adebca8a7c166ac872eebda28dca608fc112b258f1d16eb12a982c8045d447ee395072e2801b77a5c97bd68ae682e733459bf9e281c6ae3fc2990f71d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\Downloads\Unconfirmed 555125.crdownload

MD5 b2cc572e04d6f74a8be2dff71ec27b12
SHA1 67ebbaf7e0550b394d57e38ef6e0ce994411b0fc
SHA256 02ececbcc249cd1aa7ee69532716790916e45aaa5824224f04eb7cd3040ca2bc
SHA512 264a9b0adf0221c293d048d6fea9654d9300ae792402e53a903fff9e88b308eb3ad4cd3530999e1c9d37a57476bc9e70290526ef742cd13c90708dec05b2c566

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 15fa766847e814654929118399976580
SHA1 5ca7a5a60c26feb600ddb4800d4d506b848733d8
SHA256 af0b28e2c8bd77f4183510a518b765d75b5be92faefbf38791d0ac223df9308e
SHA512 1fac469de07a32ad114017c5487d497d3c0e44ea1b6093cdc9ffd9cb9a948d2fa869321b5cd12ad91dc9a877e8deaba4d0db882bab9fee0d089be939bc8cac6c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4df2ad0000165aa4ece0adb43e923f23
SHA1 99854a3acfaa4c8de93019c9f0c2d4aa9b61bd0f
SHA256 6ede77ed06ebf9f7922d0a9ad5a17103b4bc917d563875f8c09a34ba34583d7a
SHA512 fe14524a4fd6fa1a3b056131fc6540a3373ac964575b8c9ecb84104d48f5d370188f2eaf1ea1de4b96368dfd3b5d3af2357ece27dba363b36a6c0fa6e23ffc14

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d722e9f575ab50a1ae23ff04716e17e7
SHA1 4b6dc896c5784dac89f7ecac269ddd04ffb24260
SHA256 b18c65ebc223f4461c18eba361aace5033ff21c3a164b310cca42ebe23c8b03a
SHA512 868b9a08ccebc6ad937c53cd7245b4cf06f54c24fd1acc726167f16eda7647fb3db6670ccc2fdd1e89820e0a617f4db9fbc983bf4eb6237062a7ce32d59b54c9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 16b2990b73ff442d9b9dfb8b6451c666
SHA1 1e0b9014f9146e94398d77c12a527762b9db3cfe
SHA256 48a1bf8dfa2007ee2cd0b1ce04f37ee5ceeeb1c38ac643ad7fdafdc5aa076bad
SHA512 72d970c6906b043da77babec5f3db8ac8e5e6c4c234085da72cab6cb901169179566b0cfe95ee0a89ec49eac137c182ae7edd94dda2ddf9e51ce8309060bf7a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581131.TMP

MD5 cb489ce9deb944dd7e24aa0b5d2a93c9
SHA1 4d89db2a5bc81422767ee734ecf4f76d91edbdf2
SHA256 5b9f7c0f3e96eed9e43005908f707e197082b82d9a22c39a79f44c8d2f0cbbed
SHA512 161f80fd0b32bb5c75c886a418795e35e38c12a7c71db5cbea76359621ea92085d375a449d4d42096f56fb24f365646b126c0c9b6618ad41f3a1d97e50183c18

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f7bcda60a9fa2171c59e3d35c2c1d61b
SHA1 420c0082fd99efe133bd4e74a82af9630129bae8
SHA256 b20d7696214932ea055eed408a37eaa9998c38b4dbceb08fddae2a45ffbcdb5f
SHA512 d555458c1b1cc45b9bd92372d39ec968166d84f1d44edd36ee50997dee1aee39175290a1031976792ae2e20612f80ed8e50a5e0237755fb4f636b86b8a3a296a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 aff9cfde65b1271b2f924f0187f292cc
SHA1 7d2cfb936ca0067a1c8e9cb42cec847985cca8cd
SHA256 11109ad2834b41ebac7db0500a58824fbeba465a4e07cacb74c4e97395e78275
SHA512 1dadc226520f2802590525a30dc5603ab4faba5128206db351b771af083e27be45b02701b52410ef9639b693e0145322d7bcf508999fa0145c1b83246808e55e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d0c8760556ec4fe4df81faeadb654b0a
SHA1 6765933a73c89897d765434ac41f9babcd72e287
SHA256 5e755bcb72a6e5c73ac548419771ebc29eaab707fe967a5f3ffb99fcc0890711
SHA512 3ae4b9db809c176e0845a0ea192fd693d652c6ab81b40cc9a48272ba654ef135d2a180a6b6e60b84e483579c92c240493935a268fa4da64a2833491aaf81a297

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 58e07cfe9f06d5ede6efbbfd5affc2d4
SHA1 ccd35d8c3e195111bdadc2161d920f49ed6171a1
SHA256 91145233bbd4e05e349313f068de3bae622c61eded8eaeb11abee8f3fbaf4049
SHA512 b91f4a457519b6d111b6fe7075cdf3df45fd1b998d6e1be0e7f8f2d664348111f6b8af638d7575d9aa21c0110fdac7bfed674924ab209cd2e820c8fbdca5314c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2244af78b002d6767ffa2a139e9927bc
SHA1 cb60e3818004d8ba7adaccd95c4398f9a321f7df
SHA256 3a123552ba8db76439ffbb8449bd79b6a1d98283d3050909c0cdb95c2c7c97bd
SHA512 d4ba1f0f0caa0f707e1f2de1573d093717e131596c49ede376889b5c45d4d2a77dcdf73f5f66114e713e64af75875b7501e73601441a40ef5ccd4b2268ed03c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 0a3a8b3b95ea9d2f83eb694f944b0a01
SHA1 476a9b1ae212104dae97e2591be31ff61fb4e836
SHA256 c08135b681178a06deaf728938d073a49a1a9103be3d18ef2b8f8d954302756a
SHA512 cf384ca6217be99b057d65d9022b081414827460c1b53addc92d4cfcb67b2b446029addceaaca04e216334b2db0a4548a9c676379d41cb016d82af3aef8da13c

C:\Users\Admin\Downloads\VSCodeUserSetup-x64-1.86.2.exe

MD5 108232815fb303a5bc3393e18e157950
SHA1 c3eb4243578e08eeef66d010ca3a2064d55e0a42
SHA256 38fa888025954400a8446896455e57a0ed6908c8f05ce458d60a81e4244a8122
SHA512 d3aa25e298587fbbf99b22a74da9de49a2a6c1ecdba660ac9486b3cfd5afad0b66666892d22a0f8e7d2b73dcdd11dfb41cc583f2a7acd0c65dee5f5a474f043f

C:\Users\Admin\Downloads\VSCodeUserSetup-x64-1.86.2.exe

MD5 ef972fb3dc4eca4490da9957da7cffc0
SHA1 46b2f3bc8bf43cb8a04a4108892ce5cc2d758541
SHA256 a2a7cd9b707d8a96ee04ff556bcf036c8ce1883df9d3f4c9f01ebae742fcb9b7
SHA512 f5b8d49ca22b18c4f7e3fdec52911e0a9f048836a68822d390dc26e4a30c2d932a016c8d6e8fd8c9000c48186bfba0ca1ede0da7520cf83153e9d6a73629e565

C:\Users\Admin\Downloads\VSCodeUserSetup-x64-1.86.2.exe

MD5 c9ae0891310460f92071eb4cbacaa9ae
SHA1 fac5d244a9b87cea85965071ffcf0478a4187f68
SHA256 d6bfdff2efa88f519be5c95c9f4c8182c3c5b53ca2fbbb99ffb7415333c4770d
SHA512 8dbcdf03fb6e1be897a504799b2fcdef87d394da7e34fd2e00465cce2c39d2ec4c20b9039ababf84dfa93978de4ee7673aa5d1c7fe5adba7fe798f7131c8c4a9

C:\Users\Admin\Downloads\VSCodeUserSetup-x64-1.86.2.exe

MD5 409e2f701405236209179f6281c510a0
SHA1 b540a0db0a2082cc9a835dd9ad20e57b7d701ff9
SHA256 cdb75d5a1f67efc9536c16138a796d2a932935cda4c6baa932ecf078fc5b0960
SHA512 a23e3fb3bafb18ae976652da6f916c42753d94d5e5b7807673ae5872bbcd907f96cc8dd2d868230e17b2c61f6863eb67304aa1410bf0c0e80ebedad535cb1254

memory/5176-449-0x0000000000400000-0x00000000004D8000-memory.dmp

memory/5956-451-0x0000000000400000-0x00000000004D8000-memory.dmp

C:\Users\Admin\Downloads\VSCodeUserSetup-x64-1.86.2.exe

MD5 8fa616e66cf010e44ae0acd21544cd87
SHA1 22c7b9015b7686a9d683d68c9bbb8ba22fc9986c
SHA256 06c1bcbb63f305ea927ad783a91f9d9b298216e8990d85551a5da49a4a8ff893
SHA512 85c43de242729933381cb518b92fa8191bd7befe66d9260c1ee53a102751788f478f823d31f9375c796fa8967b3c08b1bc519981bb2a634f4a169b24544f3ea9

memory/1528-459-0x0000000000400000-0x00000000004D8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp

MD5 155c1887c07ace4e2a4c0572824cece5
SHA1 a4ffad575d5499ef5acd60e98e97ff485ce841f0
SHA256 025f27926de473509fbc41c07015b86dcde0d98f19ccc43beb7e2c923661a558
SHA512 dc2807bc39fdd526db5c97fb6a68538487eba3148101c3e5ee2841d63df6003f5488dca24db70a3c88f3b3d104a61e810976418e11d1eb8e2d4aec980467842a

C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp

MD5 5de24223729694185d371e8b0e79c342
SHA1 9f5d123c671956f22bcb787843022f33fbe180ce
SHA256 e247dc379a980df690dae32b454eb991bcc55ccf6e45b232144068122fe5d010
SHA512 c709c235f5a645abbf387d45bb3b6db6ce37c3e92b4663730109d077cb6eda855ad9cfcb510209237247a565e386f5a83639b0b3b4505f6faa05d01b1b987183

C:\Users\Admin\AppData\Local\Temp\is-JBEQ7.tmp\VSCodeUserSetup-x64-1.86.2.tmp

MD5 e7e00fe7171f0552c39b2a5effd16e21
SHA1 84e3931f15639fffeda12c14bece8731e6129839
SHA256 826e946bd2ef365115a5b0b7e18f92c04267b349d95111f73fec9e9556193842
SHA512 223f52002fb4b0ca49b19e10db35bf13a83f4f7eb0a2b9d6030d1f26c7916134119306a13547b33d71d9069dbfbe22003a081c1bf3f8021d933d261c4f397867

memory/4528-475-0x0000000002640000-0x0000000002641000-memory.dmp

memory/2284-476-0x0000000000B60000-0x0000000000B61000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f5ee4766128f9bd539e59b843e356c6d
SHA1 d38d3570b068762daa79761fc180a18370d6441b
SHA256 85ab819618afaf39711acbb5ad9f6e0fea857ad7fa3c64ef6f97e0ae1e8b896e
SHA512 258912d72f356b99403efb4a47194ca004cc48a1c6f7d252c7ffe61fbc6b209f77cd799c30fb0495dc99f33f340389c17ce337ed08e4bf6228aaf2a7a9de83f2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c5394e719df9fcc350e4422965e8a13f
SHA1 8875e9653b98869bc58b056013fa2276fd429b5d
SHA256 beb37076be42e86bda48d8ed0fcd22a3399cdf8f30b301865df7b273edc7aacd
SHA512 2917e02f22e0274df434e9d0c4a6e22063c1a12c2fc571e7909e83c734404a464bae8c81146575c2db8d428cefe4cfb517e87384c69460ab9c75ceba33d7bb93

C:\Users\Admin\AppData\Local\Temp\is-RUNN9.tmp\VSCodeUserSetup-x64-1.86.2.tmp

MD5 fe0e344f65b4f3824fecbc4f08aece17
SHA1 0fa19a023d7f986b0a7da4d1f5d44c5af746909d
SHA256 a73b6530727d6face78cbf2763e7a75c476537e67869c682b45e82e26fea2aa3
SHA512 08de97c08ba20ca5d30f0a719b43a07efabb22b271697e80dd4ca9e4f0d4bd28f2738677849fd26840875f0f928acae16b597f1d2699dd6638615ddbaa9f4e89

C:\Users\Admin\AppData\Local\Temp\is-RUNN9.tmp\VSCodeUserSetup-x64-1.86.2.tmp

MD5 243a43997b6f4cd1b6ff8b93278d5da4
SHA1 73c715d36ece3eaeb40dc64152ba140e856ac9a7
SHA256 4c539858103a101f5409b15a63593761855710f1e5e430bdb41fb3e4b9a6efbf
SHA512 642a4a560a150d1127869d9ecd1faf0c27278738301dfaa6832beb655d9d17d6168c98406c5fee1845dede45642e92c1fd8c1808e404df2a5fac855e553a34ea

memory/6100-592-0x0000000002650000-0x0000000002651000-memory.dmp

memory/5956-598-0x0000000000400000-0x00000000004D8000-memory.dmp

memory/6100-601-0x0000000000400000-0x000000000068E000-memory.dmp

memory/2284-600-0x0000000000400000-0x000000000068E000-memory.dmp

memory/1528-602-0x0000000000400000-0x00000000004D8000-memory.dmp

memory/4528-603-0x0000000000400000-0x000000000068E000-memory.dmp

memory/1528-605-0x0000000000400000-0x00000000004D8000-memory.dmp

memory/5176-599-0x0000000000400000-0x00000000004D8000-memory.dmp

memory/1292-614-0x00000000728F0000-0x00000000730A0000-memory.dmp

memory/1292-615-0x0000000004E40000-0x0000000004E50000-memory.dmp

memory/1292-616-0x0000000004D50000-0x0000000004D86000-memory.dmp

memory/1292-617-0x0000000004E40000-0x0000000004E50000-memory.dmp

memory/1292-618-0x0000000005480000-0x0000000005AA8000-memory.dmp

memory/1292-619-0x0000000005360000-0x0000000005382000-memory.dmp

memory/1292-620-0x0000000005400000-0x0000000005466000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_m4p1wunj.03g.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/1292-626-0x0000000005CE0000-0x0000000005D46000-memory.dmp

memory/1292-631-0x0000000005D50000-0x00000000060A4000-memory.dmp

memory/1292-632-0x0000000006320000-0x000000000633E000-memory.dmp

memory/1292-633-0x0000000006360000-0x00000000063AC000-memory.dmp

memory/1292-636-0x0000000004E40000-0x0000000004E50000-memory.dmp

memory/1292-637-0x0000000007310000-0x00000000073A6000-memory.dmp

memory/1292-638-0x0000000006820000-0x000000000683A000-memory.dmp

memory/1292-639-0x0000000006870000-0x0000000006892000-memory.dmp

memory/1292-640-0x0000000007960000-0x0000000007F04000-memory.dmp

memory/1292-641-0x0000000008590000-0x0000000008C0A000-memory.dmp

memory/1292-644-0x00000000728F0000-0x00000000730A0000-memory.dmp

memory/2284-645-0x0000000000400000-0x000000000068E000-memory.dmp

memory/2284-653-0x0000000000B60000-0x0000000000B61000-memory.dmp

memory/2284-736-0x0000000000400000-0x000000000068E000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\licenses\is-CA6BF.tmp

MD5 575506a8774d119bc036fc34a0a3b08a
SHA1 87864ccab15ab97a8698c1bdaa7db88d7a8dbcdf
SHA256 a8e9fd8d817925e0457587f9252dfd977bf17a4155a7ea67bf230d3283036a79
SHA512 39f515f5f7da39fd6e026cc3f7bbb269a60c635a51338073cf752352635936834280a68c1deb46fdfb263293716bafdc31ef569663175b0bea6385acbc36e24c

memory/2284-2528-0x0000000000400000-0x000000000068E000-memory.dmp