Analysis Overview
Threat Level: Likely malicious
The file https://cdn.discordapp.com/attachments/1204893083012046949/1210261044891492433/musci_nitro_generator.exe?ex=65e9ea6e&is=65d7756e&hm=360123f7aa3d4195267fdf512abf516ac9670830ea68fd8450ceaaa3aa9ad0af& was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Checks computer location settings
Modifies file permissions
Executes dropped EXE
Enumerates physical storage devices
Detects Pyinstaller
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies registry class
NTFS ADS
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-22 17:45
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-22 17:45
Reported
2024-02-22 17:48
Platform
win10v2004-20240221-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\VSCodeUserSetup-x64-1.86.2.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\VSCodeUserSetup-x64-1.86.2.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\VSCodeUserSetup-x64-1.86.2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-JBEQ7.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-RUNN9.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.m\shell\open\Icon = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\"" | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.asp\shell\open | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.h\shell | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\.jav\OpenWithProgids\VSCode.jav | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.cpp\AppUserModelID = "Microsoft.VisualStudioCode" | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\.lua\OpenWithProgids | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\.h\OpenWithProgids\VSCode.h | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.cfg\shell\open\command | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\.coffee | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.dockerfile\ = "Dockerfile Source File" | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.jsp\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\.mdoc\OpenWithProgids\VSCode.mdoc | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.asp | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\.cpp\OpenWithProgids | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.cpp\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.eyaml\AppUserModelID = "Microsoft.VisualStudioCode" | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.java\ = "Java Source File" | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.java\shell\open\command | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.aspx\shell\open\command | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\.c++\OpenWithProgids | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.ipynb\shell\open\command | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.gemspec\shell\open\Icon = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\"" | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\.go\OpenWithProgids\VSCode.go | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.jshtm\AppUserModelID = "Microsoft.VisualStudioCode" | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.json\shell\open\Icon = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\"" | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\.md\OpenWithProgids | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.clojure\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.config\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\resources\\app\\resources\\win32\\config.ico" | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\.cs\OpenWithProgids | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.cxx\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.cc\ = "C++ Source File" | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\.csproj | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.fs\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\resources\\app\\resources\\win32\\default.ico" | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.go\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.jscsrc\ = "JSCS RC Source File" | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3054445511-921769590-4013668107-1000\{C654471C-6859-4FAE-A3A7-D51D57B16AE4} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\.bash_login | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\.bashrc\OpenWithProgids | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.jscsrc\AppUserModelID = "Microsoft.VisualStudioCode" | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.md\shell | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.hh\shell\open | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.hbs\ = "Handlebars Source File" | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.hbs\shell\open\Icon = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\"" | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.hh\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.html\shell\open\command | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.ini\shell\open\command | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\.bashrc\OpenWithProgids\VSCode.bashrc | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\.bowerrc | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.cjs\ = "JavaScript Source File" | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.mdoc\shell\open\command | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\.ipynb\OpenWithProgids | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.m\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.md\shell\open\command | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.cjs\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\.js\OpenWithProgids | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.makefile\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.hpp\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.hxx\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\resources\\app\\resources\\win32\\cpp.ico" | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\.aspx\OpenWithProgids\VSCode.aspx | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.csproj\AppUserModelID = "Microsoft.VisualStudioCode" | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.diff\AppUserModelID = "Microsoft.VisualStudioCode" | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.mkd\ = "Markdown Source File" | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\.code-workspace\OpenWithProgids | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\VSCode.cmake\AppUserModelID = "Microsoft.VisualStudioCode" | C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 555125.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 243679.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1204893083012046949/1210261044891492433/musci_nitro_generator.exe?ex=65e9ea6e&is=65d7756e&hm=360123f7aa3d4195267fdf512abf516ac9670830ea68fd8450ceaaa3aa9ad0af&
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc7fe246f8,0x7ffc7fe24708,0x7ffc7fe24718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5112 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6412 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6292 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5732 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5612 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1928 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2168,8442034851531880113,18242772808225629363,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3580 /prefetch:8
C:\Users\Admin\Downloads\VSCodeUserSetup-x64-1.86.2.exe
"C:\Users\Admin\Downloads\VSCodeUserSetup-x64-1.86.2.exe"
C:\Users\Admin\Downloads\VSCodeUserSetup-x64-1.86.2.exe
"C:\Users\Admin\Downloads\VSCodeUserSetup-x64-1.86.2.exe"
C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp
"C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp" /SL5="$20276,97901463,828416,C:\Users\Admin\Downloads\VSCodeUserSetup-x64-1.86.2.exe"
C:\Users\Admin\Downloads\VSCodeUserSetup-x64-1.86.2.exe
"C:\Users\Admin\Downloads\VSCodeUserSetup-x64-1.86.2.exe"
C:\Users\Admin\AppData\Local\Temp\is-JBEQ7.tmp\VSCodeUserSetup-x64-1.86.2.tmp
"C:\Users\Admin\AppData\Local\Temp\is-JBEQ7.tmp\VSCodeUserSetup-x64-1.86.2.tmp" /SL5="$801F6,97901463,828416,C:\Users\Admin\Downloads\VSCodeUserSetup-x64-1.86.2.exe"
C:\Users\Admin\AppData\Local\Temp\is-RUNN9.tmp\VSCodeUserSetup-x64-1.86.2.tmp
"C:\Users\Admin\AppData\Local\Temp\is-RUNN9.tmp\VSCodeUserSetup-x64-1.86.2.tmp" /SL5="$30286,97901463,828416,C:\Users\Admin\Downloads\VSCodeUserSetup-x64-1.86.2.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "Get-WmiObject Win32_Process | Where-Object { $_.ExecutablePath -eq 'C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\bin\code-tunnel.exe' } | Select @{Name='Id'; Expression={$_.ProcessId}} | Stop-Process -Force"
C:\Windows\system32\icacls.exe
"C:\Windows\system32\icacls.exe" "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code" /inheritancelevel:r /grant:r "*S-1-5-18:(OI)(CI)F" /grant:r "*S-1-5-32-544:(OI)(CI)F" /grant:r "*S-1-5-11:(OI)(CI)RX" /grant:r "*S-1-5-32-545:(OI)(CI)RX" /grant:r "*S-1-3-0:(OI)(CI)F" /grant:r "Admin:(OI)(CI)F"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 233.133.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| GB | 92.123.128.143:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 143.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 92.123.128.185:443 | th.bing.com | tcp |
| GB | 92.123.128.192:443 | r.bing.com | tcp |
| GB | 92.123.128.192:443 | r.bing.com | tcp |
| GB | 92.123.128.185:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 185.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 40.126.31.67:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | code.visualstudio.com | udp |
| US | 13.107.246.64:443 | code.visualstudio.com | tcp |
| US | 13.107.246.64:443 | code.visualstudio.com | tcp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.253.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.253.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 149.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.253.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 20.189.173.16:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 16.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.121.82.140.in-addr.arpa | udp |
| US | 20.189.173.16:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 2.17.5.133:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | marketplace.visualstudio.com | udp |
| US | 13.107.42.18:443 | marketplace.visualstudio.com | tcp |
| US | 8.8.8.8:53 | 133.5.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.42.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mem.gfx.ms | udp |
| US | 8.8.8.8:53 | web.vortex.data.microsoft.com | udp |
| US | 8.8.8.8:53 | assets.onestore.ms | udp |
| US | 13.107.253.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| GB | 104.84.71.30:443 | assets.onestore.ms | tcp |
| US | 8.8.8.8:53 | microsoftwindows.112.2o7.net | udp |
| FR | 63.140.62.17:443 | microsoftwindows.112.2o7.net | tcp |
| US | 8.8.8.8:53 | ms-python.gallerycdn.vsassets.io | udp |
| US | 8.8.8.8:53 | vscjava.gallerycdn.vsassets.io | udp |
| US | 8.8.8.8:53 | ms-vscode.gallerycdn.vsassets.io | udp |
| US | 8.8.8.8:53 | github.gallerycdn.vsassets.io | udp |
| FR | 68.232.34.200:443 | github.gallerycdn.vsassets.io | tcp |
| FR | 68.232.34.200:443 | github.gallerycdn.vsassets.io | tcp |
| FR | 68.232.34.200:443 | github.gallerycdn.vsassets.io | tcp |
| FR | 68.232.34.200:443 | github.gallerycdn.vsassets.io | tcp |
| US | 8.8.8.8:53 | vscode.download.prss.microsoft.com | udp |
| US | 152.199.21.175:443 | vscode.download.prss.microsoft.com | tcp |
| US | 8.8.8.8:53 | 17.62.140.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.71.84.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.34.232.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3782686f747f4a85739b170a3898b645 |
| SHA1 | 81ae1c4fd3d1fddb50b3773e66439367788c219c |
| SHA256 | 67ee813be3c6598a8ea02cd5bb5453fc0aa114606e3fc7ad216f205fe46dfc13 |
| SHA512 | 54eb860107637a611150ff18ac57856257bf650f70dce822de234aee644423080b570632208d38e45e2f0d2bf60ca2684d3c3480f9637ea4ad81f2bcfb9f24d5 |
\??\pipe\LOCAL\crashpad_4168_EOTIINYFJGPUSZDF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 58670ac03d80eb4bd1cec7ac5672d2e8 |
| SHA1 | 276295d2f9e58fb0b8ef03bd9567227fb94e03f7 |
| SHA256 | 76e1645d9c4f363b34e554822cfe0d53ff1fce5e994acdf1edeff13ae8df30f8 |
| SHA512 | 99fe23263de36ec0c8b6b3b0205df264250392cc9c0dd8fa28cf954ff39f9541f722f96a84fbc0b4e42cfd042f064525a6be4b220c0180109f8b1d51bbdef8ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4fbd3e5bf46c0d67d13afdec6f8d921d |
| SHA1 | 708795d467822d705be86ad89c5ead75743caeda |
| SHA256 | 1fe7ea6912ba5c3310a596f4962075a0cabb3a15293168e4cf2b83d46b9bf948 |
| SHA512 | 5c6f564adebca8a7c166ac872eebda28dca608fc112b258f1d16eb12a982c8045d447ee395072e2801b77a5c97bd68ae682e733459bf9e281c6ae3fc2990f71d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\Downloads\Unconfirmed 555125.crdownload
| MD5 | b2cc572e04d6f74a8be2dff71ec27b12 |
| SHA1 | 67ebbaf7e0550b394d57e38ef6e0ce994411b0fc |
| SHA256 | 02ececbcc249cd1aa7ee69532716790916e45aaa5824224f04eb7cd3040ca2bc |
| SHA512 | 264a9b0adf0221c293d048d6fea9654d9300ae792402e53a903fff9e88b308eb3ad4cd3530999e1c9d37a57476bc9e70290526ef742cd13c90708dec05b2c566 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 15fa766847e814654929118399976580 |
| SHA1 | 5ca7a5a60c26feb600ddb4800d4d506b848733d8 |
| SHA256 | af0b28e2c8bd77f4183510a518b765d75b5be92faefbf38791d0ac223df9308e |
| SHA512 | 1fac469de07a32ad114017c5487d497d3c0e44ea1b6093cdc9ffd9cb9a948d2fa869321b5cd12ad91dc9a877e8deaba4d0db882bab9fee0d089be939bc8cac6c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4df2ad0000165aa4ece0adb43e923f23 |
| SHA1 | 99854a3acfaa4c8de93019c9f0c2d4aa9b61bd0f |
| SHA256 | 6ede77ed06ebf9f7922d0a9ad5a17103b4bc917d563875f8c09a34ba34583d7a |
| SHA512 | fe14524a4fd6fa1a3b056131fc6540a3373ac964575b8c9ecb84104d48f5d370188f2eaf1ea1de4b96368dfd3b5d3af2357ece27dba363b36a6c0fa6e23ffc14 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d722e9f575ab50a1ae23ff04716e17e7 |
| SHA1 | 4b6dc896c5784dac89f7ecac269ddd04ffb24260 |
| SHA256 | b18c65ebc223f4461c18eba361aace5033ff21c3a164b310cca42ebe23c8b03a |
| SHA512 | 868b9a08ccebc6ad937c53cd7245b4cf06f54c24fd1acc726167f16eda7647fb3db6670ccc2fdd1e89820e0a617f4db9fbc983bf4eb6237062a7ce32d59b54c9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 16b2990b73ff442d9b9dfb8b6451c666 |
| SHA1 | 1e0b9014f9146e94398d77c12a527762b9db3cfe |
| SHA256 | 48a1bf8dfa2007ee2cd0b1ce04f37ee5ceeeb1c38ac643ad7fdafdc5aa076bad |
| SHA512 | 72d970c6906b043da77babec5f3db8ac8e5e6c4c234085da72cab6cb901169179566b0cfe95ee0a89ec49eac137c182ae7edd94dda2ddf9e51ce8309060bf7a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581131.TMP
| MD5 | cb489ce9deb944dd7e24aa0b5d2a93c9 |
| SHA1 | 4d89db2a5bc81422767ee734ecf4f76d91edbdf2 |
| SHA256 | 5b9f7c0f3e96eed9e43005908f707e197082b82d9a22c39a79f44c8d2f0cbbed |
| SHA512 | 161f80fd0b32bb5c75c886a418795e35e38c12a7c71db5cbea76359621ea92085d375a449d4d42096f56fb24f365646b126c0c9b6618ad41f3a1d97e50183c18 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f7bcda60a9fa2171c59e3d35c2c1d61b |
| SHA1 | 420c0082fd99efe133bd4e74a82af9630129bae8 |
| SHA256 | b20d7696214932ea055eed408a37eaa9998c38b4dbceb08fddae2a45ffbcdb5f |
| SHA512 | d555458c1b1cc45b9bd92372d39ec968166d84f1d44edd36ee50997dee1aee39175290a1031976792ae2e20612f80ed8e50a5e0237755fb4f636b86b8a3a296a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | aff9cfde65b1271b2f924f0187f292cc |
| SHA1 | 7d2cfb936ca0067a1c8e9cb42cec847985cca8cd |
| SHA256 | 11109ad2834b41ebac7db0500a58824fbeba465a4e07cacb74c4e97395e78275 |
| SHA512 | 1dadc226520f2802590525a30dc5603ab4faba5128206db351b771af083e27be45b02701b52410ef9639b693e0145322d7bcf508999fa0145c1b83246808e55e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d0c8760556ec4fe4df81faeadb654b0a |
| SHA1 | 6765933a73c89897d765434ac41f9babcd72e287 |
| SHA256 | 5e755bcb72a6e5c73ac548419771ebc29eaab707fe967a5f3ffb99fcc0890711 |
| SHA512 | 3ae4b9db809c176e0845a0ea192fd693d652c6ab81b40cc9a48272ba654ef135d2a180a6b6e60b84e483579c92c240493935a268fa4da64a2833491aaf81a297 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 58e07cfe9f06d5ede6efbbfd5affc2d4 |
| SHA1 | ccd35d8c3e195111bdadc2161d920f49ed6171a1 |
| SHA256 | 91145233bbd4e05e349313f068de3bae622c61eded8eaeb11abee8f3fbaf4049 |
| SHA512 | b91f4a457519b6d111b6fe7075cdf3df45fd1b998d6e1be0e7f8f2d664348111f6b8af638d7575d9aa21c0110fdac7bfed674924ab209cd2e820c8fbdca5314c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2244af78b002d6767ffa2a139e9927bc |
| SHA1 | cb60e3818004d8ba7adaccd95c4398f9a321f7df |
| SHA256 | 3a123552ba8db76439ffbb8449bd79b6a1d98283d3050909c0cdb95c2c7c97bd |
| SHA512 | d4ba1f0f0caa0f707e1f2de1573d093717e131596c49ede376889b5c45d4d2a77dcdf73f5f66114e713e64af75875b7501e73601441a40ef5ccd4b2268ed03c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 0a3a8b3b95ea9d2f83eb694f944b0a01 |
| SHA1 | 476a9b1ae212104dae97e2591be31ff61fb4e836 |
| SHA256 | c08135b681178a06deaf728938d073a49a1a9103be3d18ef2b8f8d954302756a |
| SHA512 | cf384ca6217be99b057d65d9022b081414827460c1b53addc92d4cfcb67b2b446029addceaaca04e216334b2db0a4548a9c676379d41cb016d82af3aef8da13c |
C:\Users\Admin\Downloads\VSCodeUserSetup-x64-1.86.2.exe
| MD5 | 108232815fb303a5bc3393e18e157950 |
| SHA1 | c3eb4243578e08eeef66d010ca3a2064d55e0a42 |
| SHA256 | 38fa888025954400a8446896455e57a0ed6908c8f05ce458d60a81e4244a8122 |
| SHA512 | d3aa25e298587fbbf99b22a74da9de49a2a6c1ecdba660ac9486b3cfd5afad0b66666892d22a0f8e7d2b73dcdd11dfb41cc583f2a7acd0c65dee5f5a474f043f |
C:\Users\Admin\Downloads\VSCodeUserSetup-x64-1.86.2.exe
| MD5 | ef972fb3dc4eca4490da9957da7cffc0 |
| SHA1 | 46b2f3bc8bf43cb8a04a4108892ce5cc2d758541 |
| SHA256 | a2a7cd9b707d8a96ee04ff556bcf036c8ce1883df9d3f4c9f01ebae742fcb9b7 |
| SHA512 | f5b8d49ca22b18c4f7e3fdec52911e0a9f048836a68822d390dc26e4a30c2d932a016c8d6e8fd8c9000c48186bfba0ca1ede0da7520cf83153e9d6a73629e565 |
C:\Users\Admin\Downloads\VSCodeUserSetup-x64-1.86.2.exe
| MD5 | c9ae0891310460f92071eb4cbacaa9ae |
| SHA1 | fac5d244a9b87cea85965071ffcf0478a4187f68 |
| SHA256 | d6bfdff2efa88f519be5c95c9f4c8182c3c5b53ca2fbbb99ffb7415333c4770d |
| SHA512 | 8dbcdf03fb6e1be897a504799b2fcdef87d394da7e34fd2e00465cce2c39d2ec4c20b9039ababf84dfa93978de4ee7673aa5d1c7fe5adba7fe798f7131c8c4a9 |
C:\Users\Admin\Downloads\VSCodeUserSetup-x64-1.86.2.exe
| MD5 | 409e2f701405236209179f6281c510a0 |
| SHA1 | b540a0db0a2082cc9a835dd9ad20e57b7d701ff9 |
| SHA256 | cdb75d5a1f67efc9536c16138a796d2a932935cda4c6baa932ecf078fc5b0960 |
| SHA512 | a23e3fb3bafb18ae976652da6f916c42753d94d5e5b7807673ae5872bbcd907f96cc8dd2d868230e17b2c61f6863eb67304aa1410bf0c0e80ebedad535cb1254 |
memory/5176-449-0x0000000000400000-0x00000000004D8000-memory.dmp
memory/5956-451-0x0000000000400000-0x00000000004D8000-memory.dmp
C:\Users\Admin\Downloads\VSCodeUserSetup-x64-1.86.2.exe
| MD5 | 8fa616e66cf010e44ae0acd21544cd87 |
| SHA1 | 22c7b9015b7686a9d683d68c9bbb8ba22fc9986c |
| SHA256 | 06c1bcbb63f305ea927ad783a91f9d9b298216e8990d85551a5da49a4a8ff893 |
| SHA512 | 85c43de242729933381cb518b92fa8191bd7befe66d9260c1ee53a102751788f478f823d31f9375c796fa8967b3c08b1bc519981bb2a634f4a169b24544f3ea9 |
memory/1528-459-0x0000000000400000-0x00000000004D8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp
| MD5 | 155c1887c07ace4e2a4c0572824cece5 |
| SHA1 | a4ffad575d5499ef5acd60e98e97ff485ce841f0 |
| SHA256 | 025f27926de473509fbc41c07015b86dcde0d98f19ccc43beb7e2c923661a558 |
| SHA512 | dc2807bc39fdd526db5c97fb6a68538487eba3148101c3e5ee2841d63df6003f5488dca24db70a3c88f3b3d104a61e810976418e11d1eb8e2d4aec980467842a |
C:\Users\Admin\AppData\Local\Temp\is-KF24K.tmp\VSCodeUserSetup-x64-1.86.2.tmp
| MD5 | 5de24223729694185d371e8b0e79c342 |
| SHA1 | 9f5d123c671956f22bcb787843022f33fbe180ce |
| SHA256 | e247dc379a980df690dae32b454eb991bcc55ccf6e45b232144068122fe5d010 |
| SHA512 | c709c235f5a645abbf387d45bb3b6db6ce37c3e92b4663730109d077cb6eda855ad9cfcb510209237247a565e386f5a83639b0b3b4505f6faa05d01b1b987183 |
C:\Users\Admin\AppData\Local\Temp\is-JBEQ7.tmp\VSCodeUserSetup-x64-1.86.2.tmp
| MD5 | e7e00fe7171f0552c39b2a5effd16e21 |
| SHA1 | 84e3931f15639fffeda12c14bece8731e6129839 |
| SHA256 | 826e946bd2ef365115a5b0b7e18f92c04267b349d95111f73fec9e9556193842 |
| SHA512 | 223f52002fb4b0ca49b19e10db35bf13a83f4f7eb0a2b9d6030d1f26c7916134119306a13547b33d71d9069dbfbe22003a081c1bf3f8021d933d261c4f397867 |
memory/4528-475-0x0000000002640000-0x0000000002641000-memory.dmp
memory/2284-476-0x0000000000B60000-0x0000000000B61000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f5ee4766128f9bd539e59b843e356c6d |
| SHA1 | d38d3570b068762daa79761fc180a18370d6441b |
| SHA256 | 85ab819618afaf39711acbb5ad9f6e0fea857ad7fa3c64ef6f97e0ae1e8b896e |
| SHA512 | 258912d72f356b99403efb4a47194ca004cc48a1c6f7d252c7ffe61fbc6b209f77cd799c30fb0495dc99f33f340389c17ce337ed08e4bf6228aaf2a7a9de83f2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c5394e719df9fcc350e4422965e8a13f |
| SHA1 | 8875e9653b98869bc58b056013fa2276fd429b5d |
| SHA256 | beb37076be42e86bda48d8ed0fcd22a3399cdf8f30b301865df7b273edc7aacd |
| SHA512 | 2917e02f22e0274df434e9d0c4a6e22063c1a12c2fc571e7909e83c734404a464bae8c81146575c2db8d428cefe4cfb517e87384c69460ab9c75ceba33d7bb93 |
C:\Users\Admin\AppData\Local\Temp\is-RUNN9.tmp\VSCodeUserSetup-x64-1.86.2.tmp
| MD5 | fe0e344f65b4f3824fecbc4f08aece17 |
| SHA1 | 0fa19a023d7f986b0a7da4d1f5d44c5af746909d |
| SHA256 | a73b6530727d6face78cbf2763e7a75c476537e67869c682b45e82e26fea2aa3 |
| SHA512 | 08de97c08ba20ca5d30f0a719b43a07efabb22b271697e80dd4ca9e4f0d4bd28f2738677849fd26840875f0f928acae16b597f1d2699dd6638615ddbaa9f4e89 |
C:\Users\Admin\AppData\Local\Temp\is-RUNN9.tmp\VSCodeUserSetup-x64-1.86.2.tmp
| MD5 | 243a43997b6f4cd1b6ff8b93278d5da4 |
| SHA1 | 73c715d36ece3eaeb40dc64152ba140e856ac9a7 |
| SHA256 | 4c539858103a101f5409b15a63593761855710f1e5e430bdb41fb3e4b9a6efbf |
| SHA512 | 642a4a560a150d1127869d9ecd1faf0c27278738301dfaa6832beb655d9d17d6168c98406c5fee1845dede45642e92c1fd8c1808e404df2a5fac855e553a34ea |
memory/6100-592-0x0000000002650000-0x0000000002651000-memory.dmp
memory/5956-598-0x0000000000400000-0x00000000004D8000-memory.dmp
memory/6100-601-0x0000000000400000-0x000000000068E000-memory.dmp
memory/2284-600-0x0000000000400000-0x000000000068E000-memory.dmp
memory/1528-602-0x0000000000400000-0x00000000004D8000-memory.dmp
memory/4528-603-0x0000000000400000-0x000000000068E000-memory.dmp
memory/1528-605-0x0000000000400000-0x00000000004D8000-memory.dmp
memory/5176-599-0x0000000000400000-0x00000000004D8000-memory.dmp
memory/1292-614-0x00000000728F0000-0x00000000730A0000-memory.dmp
memory/1292-615-0x0000000004E40000-0x0000000004E50000-memory.dmp
memory/1292-616-0x0000000004D50000-0x0000000004D86000-memory.dmp
memory/1292-617-0x0000000004E40000-0x0000000004E50000-memory.dmp
memory/1292-618-0x0000000005480000-0x0000000005AA8000-memory.dmp
memory/1292-619-0x0000000005360000-0x0000000005382000-memory.dmp
memory/1292-620-0x0000000005400000-0x0000000005466000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_m4p1wunj.03g.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/1292-626-0x0000000005CE0000-0x0000000005D46000-memory.dmp
memory/1292-631-0x0000000005D50000-0x00000000060A4000-memory.dmp
memory/1292-632-0x0000000006320000-0x000000000633E000-memory.dmp
memory/1292-633-0x0000000006360000-0x00000000063AC000-memory.dmp
memory/1292-636-0x0000000004E40000-0x0000000004E50000-memory.dmp
memory/1292-637-0x0000000007310000-0x00000000073A6000-memory.dmp
memory/1292-638-0x0000000006820000-0x000000000683A000-memory.dmp
memory/1292-639-0x0000000006870000-0x0000000006892000-memory.dmp
memory/1292-640-0x0000000007960000-0x0000000007F04000-memory.dmp
memory/1292-641-0x0000000008590000-0x0000000008C0A000-memory.dmp
memory/1292-644-0x00000000728F0000-0x00000000730A0000-memory.dmp
memory/2284-645-0x0000000000400000-0x000000000068E000-memory.dmp
memory/2284-653-0x0000000000B60000-0x0000000000B61000-memory.dmp
memory/2284-736-0x0000000000400000-0x000000000068E000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\licenses\is-CA6BF.tmp
| MD5 | 575506a8774d119bc036fc34a0a3b08a |
| SHA1 | 87864ccab15ab97a8698c1bdaa7db88d7a8dbcdf |
| SHA256 | a8e9fd8d817925e0457587f9252dfd977bf17a4155a7ea67bf230d3283036a79 |
| SHA512 | 39f515f5f7da39fd6e026cc3f7bbb269a60c635a51338073cf752352635936834280a68c1deb46fdfb263293716bafdc31ef569663175b0bea6385acbc36e24c |
memory/2284-2528-0x0000000000400000-0x000000000068E000-memory.dmp