487b08f664da5845cfa5fb63adc958b68eb2b58aaf5542d894f0a2a4bf93444c

Analysis

max time kernel
50s
max time network
90s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
27/04/2024, 08:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

VSCodeUserSetup-x64-1.88.1.exe
Size

94.9MB
MD5

d6b7bbcbebf6655c2535192071c3bdd3
SHA1

390f78056d1e38808e9f8dce2111aede641c0f6c
SHA256

487b08f664da5845cfa5fb63adc958b68eb2b58aaf5542d894f0a2a4bf93444c
SHA512

999c96f486d61828d8ad9b8f4f8670b469d3c83c0ddcd256af5d827812251b5f539536cd508675c88ab49978c63f0971639e750a5ab9ac9774296245a014493d
SSDEEP

1572864:JdJOViSOlLe6Euk9/0f9Y5JeLTTh7V15gb2cxDKK7mphNZIpRie5U:/ICEH/0faJeLT17lgb2CWK7+a+QU

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
1980	icacls.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	VSCodeUserSetup-x64-1.88.1.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	Code.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Executes dropped EXE 4 IoCs

pid	Process
4860	VSCodeUserSetup-x64-1.88.1.tmp
4092	Code.exe
4496	Code.exe
760	Code.exe

Loads dropped DLL 8 IoCs

pid	Process
4092	Code.exe
4496	Code.exe
760	Code.exe
4496	Code.exe
4496	Code.exe
4496	Code.exe
4496	Code.exe
4092	Code.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\.mdtxt\OpenWithProgids\VSCode.mdtxt	VSCodeUserSetup-x64-1.88.1.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\.pm6\OpenWithProgids\VSCode.pm6	VSCodeUserSetup-x64-1.88.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\VSCode.py\DefaultIcon	VSCodeUserSetup-x64-1.88.1.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\VSCode.tex\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\resources\\app\\resources\\win32\\default.ico"	VSCodeUserSetup-x64-1.88.1.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\.csproj\OpenWithProgids\VSCode.csproj	VSCodeUserSetup-x64-1.88.1.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\VSCode.mk\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\" \"%1\""	VSCodeUserSetup-x64-1.88.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\VSCode.scss\shell	VSCodeUserSetup-x64-1.88.1.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\VSCode.t\shell\open\Icon = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\""	VSCodeUserSetup-x64-1.88.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\VSCode.wxi\DefaultIcon	VSCodeUserSetup-x64-1.88.1.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\VSCode.zsh\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\" \"%1\""	VSCodeUserSetup-x64-1.88.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\.config	VSCodeUserSetup-x64-1.88.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\.coffee	VSCodeUserSetup-x64-1.88.1.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\VSCode.log\shell\open\Icon = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\""	VSCodeUserSetup-x64-1.88.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\.rhistory	VSCodeUserSetup-x64-1.88.1.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\.bash\OpenWithProgids\VSCode.bash	VSCodeUserSetup-x64-1.88.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\VSCode.sql\DefaultIcon	VSCodeUserSetup-x64-1.88.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\VSCode.sql\shell\open\command	VSCodeUserSetup-x64-1.88.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\.h	VSCodeUserSetup-x64-1.88.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\VSCode.mk	VSCodeUserSetup-x64-1.88.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\.profile	VSCodeUserSetup-x64-1.88.1.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\VSCode.rt\shell\open\Icon = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\""	VSCodeUserSetup-x64-1.88.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\VSCode.fsscript\shell\open	VSCodeUserSetup-x64-1.88.1.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\VSCode.hh\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\" \"%1\""	VSCodeUserSetup-x64-1.88.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\VSCode.code-workspace	VSCodeUserSetup-x64-1.88.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\VSCode.jshtm\DefaultIcon	VSCodeUserSetup-x64-1.88.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\VSCode.pp\shell	VSCodeUserSetup-x64-1.88.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\.rs\OpenWithProgids	VSCodeUserSetup-x64-1.88.1.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\VSCode.bash\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\" \"%1\""	VSCodeUserSetup-x64-1.88.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\VSCode.rst\shell\open	VSCodeUserSetup-x64-1.88.1.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\.mkd\OpenWithProgids\VSCode.mkd	VSCodeUserSetup-x64-1.88.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\.dtd	VSCodeUserSetup-x64-1.88.1.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\VSCode.erb\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\resources\\app\\resources\\win32\\ruby.ico"	VSCodeUserSetup-x64-1.88.1.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\VSCode.h\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\" \"%1\""	VSCodeUserSetup-x64-1.88.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\VSCode.pl	VSCodeUserSetup-x64-1.88.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\VSCode.bowerrc\DefaultIcon	VSCodeUserSetup-x64-1.88.1.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\VSCode.cs\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\resources\\app\\resources\\win32\\csharp.ico"	VSCodeUserSetup-x64-1.88.1.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\VSCode.m\ = "Objective C Source File"	VSCodeUserSetup-x64-1.88.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\.mkd\OpenWithProgids	VSCodeUserSetup-x64-1.88.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\VSCode.pl6\shell\open\command	VSCodeUserSetup-x64-1.88.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\VSCode.plist\shell\open	VSCodeUserSetup-x64-1.88.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\.cs	VSCodeUserSetup-x64-1.88.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\.pp	VSCodeUserSetup-x64-1.88.1.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\VSCode.rb\ = "Ruby Source File"	VSCodeUserSetup-x64-1.88.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\VSCode.svg\shell	VSCodeUserSetup-x64-1.88.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\VSCode.dot\shell\open	VSCodeUserSetup-x64-1.88.1.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\.log\OpenWithProgids\VSCode.log	VSCodeUserSetup-x64-1.88.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\.h++	VSCodeUserSetup-x64-1.88.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\.jsp\OpenWithProgids	VSCodeUserSetup-x64-1.88.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\.clojure\OpenWithProgids	VSCodeUserSetup-x64-1.88.1.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\VSCode.erb\AppUserModelID = "Microsoft.VisualStudioCode"	VSCodeUserSetup-x64-1.88.1.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\VSCode.h\AppUserModelID = "Microsoft.VisualStudioCode"	VSCodeUserSetup-x64-1.88.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\VSCode.cc	VSCodeUserSetup-x64-1.88.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\VSCode.dart\DefaultIcon	VSCodeUserSetup-x64-1.88.1.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\VSCode.bash_login\ = "Bash Login Source File"	VSCodeUserSetup-x64-1.88.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\VSCode.jshintrc\shell\open\command	VSCodeUserSetup-x64-1.88.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\VSCode.rs	VSCodeUserSetup-x64-1.88.1.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\VSCode.yaml\ = "Yaml Source File"	VSCodeUserSetup-x64-1.88.1.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\VSCode.bash\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\resources\\app\\resources\\win32\\shell.ico"	VSCodeUserSetup-x64-1.88.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\VSCode.ml	VSCodeUserSetup-x64-1.88.1.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\VSCode.toml\ = "Toml Source File"	VSCodeUserSetup-x64-1.88.1.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\.js\OpenWithProgids\VSCode.js	VSCodeUserSetup-x64-1.88.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\VSCode.ctp	VSCodeUserSetup-x64-1.88.1.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\VSCode.handlebars\shell\open\Icon = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\""	VSCodeUserSetup-x64-1.88.1.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\VSCode.mdoc\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\" \"%1\""	VSCodeUserSetup-x64-1.88.1.tmp

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3452	powershell.exe
3452	powershell.exe
4860	VSCodeUserSetup-x64-1.88.1.tmp
4860	VSCodeUserSetup-x64-1.88.1.tmp

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	3452	powershell.exe
Token: SeShutdownPrivilege	4092	Code.exe
Token: SeCreatePagefilePrivilege	4092	Code.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4860	VSCodeUserSetup-x64-1.88.1.tmp

Suspicious use of WriteProcessMemory 42 IoCs

description	pid	Process	procid_target
PID 4440 wrote to memory of 4860	4440	VSCodeUserSetup-x64-1.88.1.exe	88
PID 4440 wrote to memory of 4860	4440	VSCodeUserSetup-x64-1.88.1.exe	88
PID 4440 wrote to memory of 4860	4440	VSCodeUserSetup-x64-1.88.1.exe	88
PID 4860 wrote to memory of 3452	4860	VSCodeUserSetup-x64-1.88.1.tmp	90
PID 4860 wrote to memory of 3452	4860	VSCodeUserSetup-x64-1.88.1.tmp	90
PID 4860 wrote to memory of 3452	4860	VSCodeUserSetup-x64-1.88.1.tmp	90
PID 4860 wrote to memory of 1980	4860	VSCodeUserSetup-x64-1.88.1.tmp	93
PID 4860 wrote to memory of 1980	4860	VSCodeUserSetup-x64-1.88.1.tmp	93
PID 4860 wrote to memory of 4092	4860	VSCodeUserSetup-x64-1.88.1.tmp	101
PID 4860 wrote to memory of 4092	4860	VSCodeUserSetup-x64-1.88.1.tmp	101
PID 4092 wrote to memory of 4496	4092	Code.exe	103
PID 4092 wrote to memory of 4496	4092	Code.exe	103
PID 4092 wrote to memory of 4496	4092	Code.exe	103
PID 4092 wrote to memory of 4496	4092	Code.exe	103
PID 4092 wrote to memory of 4496	4092	Code.exe	103
PID 4092 wrote to memory of 4496	4092	Code.exe	103
PID 4092 wrote to memory of 4496	4092	Code.exe	103
PID 4092 wrote to memory of 4496	4092	Code.exe	103
PID 4092 wrote to memory of 4496	4092	Code.exe	103
PID 4092 wrote to memory of 4496	4092	Code.exe	103
PID 4092 wrote to memory of 4496	4092	Code.exe	103
PID 4092 wrote to memory of 4496	4092	Code.exe	103
PID 4092 wrote to memory of 4496	4092	Code.exe	103
PID 4092 wrote to memory of 4496	4092	Code.exe	103
PID 4092 wrote to memory of 4496	4092	Code.exe	103
PID 4092 wrote to memory of 4496	4092	Code.exe	103
PID 4092 wrote to memory of 4496	4092	Code.exe	103
PID 4092 wrote to memory of 4496	4092	Code.exe	103
PID 4092 wrote to memory of 4496	4092	Code.exe	103
PID 4092 wrote to memory of 4496	4092	Code.exe	103
PID 4092 wrote to memory of 4496	4092	Code.exe	103
PID 4092 wrote to memory of 4496	4092	Code.exe	103
PID 4092 wrote to memory of 4496	4092	Code.exe	103
PID 4092 wrote to memory of 4496	4092	Code.exe	103
PID 4092 wrote to memory of 4496	4092	Code.exe	103
PID 4092 wrote to memory of 4496	4092	Code.exe	103
PID 4092 wrote to memory of 4496	4092	Code.exe	103
PID 4092 wrote to memory of 4496	4092	Code.exe	103
PID 4092 wrote to memory of 4496	4092	Code.exe	103
PID 4092 wrote to memory of 4496	4092	Code.exe	103
PID 4092 wrote to memory of 760	4092	Code.exe	104
PID 4092 wrote to memory of 760	4092	Code.exe	104

C:\Users\Admin\AppData\Local\Temp\VSCodeUserSetup-x64-1.88.1.exe
"C:\Users\Admin\AppData\Local\Temp\VSCodeUserSetup-x64-1.88.1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4440
- C:\Users\Admin\AppData\Local\Temp\is-DJJ57.tmp\VSCodeUserSetup-x64-1.88.1.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-DJJ57.tmp\VSCodeUserSetup-x64-1.88.1.tmp" /SL5="$30218,98457173,828416,C:\Users\Admin\AppData\Local\Temp\VSCodeUserSetup-x64-1.88.1.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:4860
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "Get-WmiObject Win32_Process | Where-Object { $_.ExecutablePath -eq 'C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\bin\code-tunnel.exe' } | Select @{Name='Id'; Expression={$_.ProcessId}} | Stop-Process -Force"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3452
- - C:\Windows\system32\icacls.exe
    "C:\Windows\system32\icacls.exe" "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code" /inheritancelevel:r /grant:r "*S-1-5-18:(OI)(CI)F" /grant:r "*S-1-5-32-544:(OI)(CI)F" /grant:r "*S-1-5-11:(OI)(CI)RX" /grant:r "*S-1-5-32-545:(OI)(CI)RX" /grant:r "*S-1-3-0:(OI)(CI)F" /grant:r "Admin:(OI)(CI)F"
    3⤵
    - Modifies file permissions
    PID:1980
- - C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
    "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:4092
  - - C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
      "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1660 --field-trial-handle=1664,i,1196438556854024116,10335367498535211177,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4496
  - - C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
      "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --mojo-platform-channel-handle=1772 --field-trial-handle=1664,i,1196438556854024116,10335367498535211177,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:760
  - - C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
      "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --app-user-model-id=Microsoft.VisualStudioCode --app-path="C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app" --enable-sandbox --enable-blink-features=HighlightAPI --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=3004 --field-trial-handle=1664,i,1196438556854024116,10335367498535211177,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --vscode-window-config=vscode:6a821c45-421a-405d-9d71-c9140d9ca318 /prefetch:1
      4⤵
      PID:3328
  - - C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
      "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=utility --utility-sub-type=node.mojom.NodeService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --mojo-platform-channel-handle=3300 --field-trial-handle=1664,i,1196438556854024116,10335367498535211177,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
      4⤵
      PID:728
    - - \??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\bin\code-tunnel.exe
        
        "c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\bin\code-tunnel.exe" tunnel status
        5⤵
        
        PID:4200
  - - C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
      "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=utility --utility-sub-type=node.mojom.NodeService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --mojo-platform-channel-handle=3760 --field-trial-handle=1664,i,1196438556854024116,10335367498535211177,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
      4⤵
      PID:4316
  - - C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
      "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=utility --utility-sub-type=node.mojom.NodeService --lang=en-US --service-sandbox-type=none --dns-result-order=ipv4first --inspect-port=0 --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --mojo-platform-channel-handle=3828 --field-trial-handle=1664,i,1196438556854024116,10335367498535211177,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
      4⤵
      PID:2984
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "wsl.exe -l -q"
      4⤵
      PID:3460
    - - C:\Windows\system32\wsl.exe
        
        wsl.exe -l -q
        5⤵
        
        PID:784
  - - C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
      "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --app-user-model-id=Microsoft.VisualStudioCode --app-path="C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app" --enable-sandbox --enable-blink-features=HighlightAPI --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4264 --field-trial-handle=1664,i,1196438556854024116,10335367498535211177,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --vscode-window-config=vscode:6a821c45-421a-405d-9d71-c9140d9ca318 /prefetch:1
      4⤵
      PID:520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\.vscode\argv.json

Filesize
798B

MD5
4aef8a63811be488e544b34bd97607e6

SHA1
36dd91a7b88b258c1e996435c6364e9faf2d4687

SHA256
3a7039681d0cd72966f60a6302e42b2d4308f4ed1bc24a5cef9498ca49bd5a18

SHA512
ac500290f50b958b22dc47934b52ec8c00412d0c5608cb42d3f5df907037a905e6cfbf81b6438c29d4b908022dca5afaaeb4b528e80b54521a6b6ecc555ae98f

Download Submit
C:\Users\Admin\.vscode\extensions\extensions.json

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe

Filesize
160.1MB

MD5
2dbc2f3a9d2dd9158b34633b297ed03a

SHA1
b07768ab0fa91ef6671d8febcd89728f7d77276e

SHA256
4af9be688407bec3eff53ab89ab8ce469ea959fdf7e6dd5f3de832b846b86c9f

SHA512
b0debe83ef299d5187ae13331bc211e55b05fccddf234d4879b01480b14152078ee9efb4a1217382b2b3aec6846f2ac582fd1dafc385f4d786c122d8f81e6a15

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe

Filesize
154.8MB

MD5
e32f3f724dd3a4b13e13bd678b528bf3

SHA1
d6cd38922e34fedb760b8addbdc615d2c0bf5ae0

SHA256
2a7c8b1a20f173fa277da35d9cef3729486a2c64806b9b6113f9aaad3066d8ad

SHA512
5b482e56ed2eb8ac75561d7fa65c97510ed75346869ad9f9ed23d597978c85d11b496cc1f0accc1b285ff5903eb8b390326ddacc1420f2fda56aef28cc3c52fa

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe

Filesize
59.9MB

MD5
e5d79e75aa3302c2c31cf4eee296db1d

SHA1
977351f5ed67b548b7d5f9a8e96ebf8db2b53133

SHA256
93b053079ac25629c11c4233d2dcfab8dfc3249201d52ee3e6d95b4d76faa3ce

SHA512
c0ee1a4926c85d32efaab0aae71896d1fe36e5fe6dd7d642512678fc689ae1830590bd5491e36f5f870c8b28d9fd2e6d5a04f4c0eb068235d3f0991b2ad2f1a6

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe

Filesize
57.1MB

MD5
814cd63fb6d7153371870e332fd92d1c

SHA1
b4be85429adc7971e9600daf7e994702f913907e

SHA256
96dc8175b397f5ee94f5b0b3c9b49b2fd535d91a1361809cf03a8527860fe420

SHA512
a03ce9a00377bd35666c9803efc595de20ba8b2338e0b0b213d39b08fede3e2821d9d09c260873acf9b914e0836bf8658a89a912ddb3eaf41020532774b6024a

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\chrome_100_percent.pak

Filesize
163KB

MD5
4fc6564b727baa5fecf6bf3f6116cc64

SHA1
6ced7b16dc1abe862820dfe25f4fe7ead1d3f518

SHA256
b7805392bfce11118165e3a4e747ac0ca515e4e0ceadab356d685575f6aa45fb

SHA512
fa7eab7c9b67208bd076b2cbda575b5cc16a81f59cc9bba9512a0e85af97e2f3adebc543d0d847d348d513b9c7e8bef375ab2fef662387d87c82b296d76dffa2

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\chrome_200_percent.pak

Filesize
222KB

MD5
47668ac5038e68a565e0a9243df3c9e5

SHA1
38408f73501162d96757a72c63e41e78541c8e8e

SHA256
fac820a98b746a04ce14ec40c7268d6a58819133972b538f9720a5363c862e32

SHA512
5412041c923057ff320aba09674b309b7fd71ede7e467f47df54f92b7c124e3040914d6b8083272ef9f985eef1626eaf4606b17a3cae97cfe507fb74bc6f0f89

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\d3dcompiler_47.dll

Filesize
4.7MB

MD5
24f050afa53f9b0f99b227d13588f260

SHA1
c6d5af41008a54a796ee9129630e7446142b4cc4

SHA256
ad60647d64dd465b5620eae2aa90bddc8b8993e94fa1faa658d61574539d6ebc

SHA512
afd8f738c9ae56658243e6e8be95dcb8d9f65550dd65a96738823aa8877dab6247ba00b8fdb52be4d7e9b76b61ec698f724bf0297a73b52d12d68ee1527acd4f

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\ffmpeg.dll

Filesize
2.4MB

MD5
8d90ae3041b1e5b274af07b46ece0da3

SHA1
fbc66ad1c2fb42a75fb1623c6293df1f6a327c9a

SHA256
bb87ff9e282bd3a8d5af32ad1338284107c592672d2e2ac31c674e44458222ce

SHA512
4634d923027b292bb3379614628d22c448c13aae3c206f82bc7526fd97e8677956bbb5e6f91359526764904b2c6ed6622eba0fc8a88fbedc291bea18cfc89b32

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\icudtl.dat

Filesize
10.2MB

MD5
e0f1ad85c0933ecce2e003a2c59ae726

SHA1
a8539fc5a233558edfa264a34f7af6187c3f0d4f

SHA256
f5170aa2b388d23bebf98784dd488a9bcb741470384a6a9a8d7a2638d768defb

SHA512
714ed5ae44dfa4812081b8de42401197c235a4fa05206597f4c7b4170dd37e8360cc75d176399b735c9aec200f5b7d5c81c07b9ab58cbca8dc08861c6814fb28

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\libEGL.dll

Filesize
487KB

MD5
d5f15db28cb5e847888e632498dbccd3

SHA1
46118a5e3d8d5653bc2b82893f16ecd9bc796acd

SHA256
61d47c092919596065f41223d301d1c6dfab091ea8e377219c14d574a25e0aa6

SHA512
4f82cad9d3456aee0880d8ec0bcfea9a6b05e73c06d1ba61759b37852f78c3d5adc8fa1357874114c0634424df6eb9639f47da435cdda26330951b2a8c8c423d

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\libGLESv2.dll

Filesize
7.5MB

MD5
7d330333e4cc61491de621c4f10af417

SHA1
803ccbcb886ae60b9d82f5fd385b543cdf0b2717

SHA256
355aa42e33c64255599faac870c0f48968a582bf917633e31dbc3c3930649d86

SHA512
fd38d442cc8750f20853b547f8ff3b6a89bd6507a46c8a862c2801238823b6fa3dceef337010b5f4213693c49dfa10c7c7a27ab8db3034ebd028e31d1199083b

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\locales\en-US.pak

Filesize
421KB

MD5
46781191216fe988a5f1053c13cf077f

SHA1
7b9cbed06294e0babd05e8ecd1613a58db52d841

SHA256
4efb796dc05ad270a720c33e5d2ca2b4c46d154c4f40ed1a91d5e80abfdfa2e0

SHA512
cdfa34c42c2c13cccb12169295ea77c1de2555f3caaed0a54dfbd38210cba92c44ed0e072e99b630d5e28b623c48c039fb6a3abfbd486a24193929cc375d3db4

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources.pak

Filesize
4.9MB

MD5
32d9d2c1771da260703565050578995a

SHA1
a697d50adc92016d1320211ccb0c33beed13f290

SHA256
5ab3bf7009ccd05e3a4c7fdf0932bbf12f34ef666ed59e66a76c14da1e51129c

SHA512
071c6e37f2712ba46a14e67a5d1eeb263ef61e099876a17f289b38037eb019dd8ffa5a15e0357d1dc045db51a909b41d9699393a60108d12df8c5d46e0c446d6

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\licenses\is-D3K7D.tmp

Filesize
179KB

MD5
575506a8774d119bc036fc34a0a3b08a

SHA1
87864ccab15ab97a8698c1bdaa7db88d7a8dbcdf

SHA256
a8e9fd8d817925e0457587f9252dfd977bf17a4155a7ea67bf230d3283036a79

SHA512
39f515f5f7da39fd6e026cc3f7bbb269a60c635a51338073cf752352635936834280a68c1deb46fdfb263293716bafdc31ef569663175b0bea6385acbc36e24c

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar

Filesize
11.7MB

MD5
fb65d101ed25a5c2ae3abba69707656d

SHA1
579dc0fde871f742b675f789631fc229df1ea8f4

SHA256
5104d4394076ffdb6e78de44f5e063d5d7afc6bdedb86a125d518fb68c2ae532

SHA512
26b53b4b64975b8e3aad5df72b7759987d7112bafb8ab79655a92608b251af203adfbd7f56d22f358931fb65b30c70e67581b7497eca0847f16aa0dae648c443

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\@vscode\policy-watcher\build\Release\vscode-policy-watcher.node

Filesize
165KB

MD5
9bc2f170c8b186605f0ee3dccc9a42c2

SHA1
6ad3bd3349d69154a30786e0901155b6ae7414d1

SHA256
e15f26aa245903834641f519e1ec8311d8a697ad21f20240a405c5fe77825903

SHA512
81ce441691fd13329688024587dd059ccb388c54ffd882072b0e2651d42977591856fd9b5a59c55a8adcda6549df0908989bcff702fc672e72968861aa722e82

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\@vscode\spdlog\build\Release\spdlog.node

Filesize
569KB

MD5
6c5b819bee65f719139fbe6db1d6e651

SHA1
017aa2f722878aa9389fd60fe1d033da9adc271e

SHA256
f0282775deeab3c65f9a66720883853f8c71365a0efdae106b125ac70181e4b5

SHA512
639169983bf5cdb2d9df105afc97d2d25fc3cc9eb1573fbcf207ae2ef8d38eb3eec7c6c196b3bec30561d54b8e07ce82bac8bb4309d0d1c475a4f2dc8a4b28ce

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\@vscode\sqlite3\build\Release\vscode-sqlite3.node

Filesize
1.6MB

MD5
d77b00a891b6df43613044376e4fea66

SHA1
306a4b50b10699b51179f19ec0bc98355b152230

SHA256
c9387fbcf3a077290bc1290370a9dd1f07e7e9ca6e92d18fb904f1e402df7274

SHA512
c33e093cd02b5052c45f3ece99138b46e368e70c9795e9a95832139a2b1095746db573d2a6eacefd793c3c70ce76b1dbab5da8745cf75b0a53f8d21de82218ca

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\@vscode\windows-mutex\build\Release\CreateMutex.node

Filesize
151KB

MD5
820c5d6cc47c4e54e30605aaaccc6af5

SHA1
ca3d1ff429f7c961874dc6a597a8a2b692f8d432

SHA256
a0e789cbbd272a4d6e36b229bba00124669a59fa0fa6d9ad1c4787c096a9a151

SHA512
d3da3f689c55302d7bdf6c827a570e06eddfcc8b6d560b6b3f1e81fe1e24806235cd7f92cbf22f7cc500f296e07d08e03ac4effe0a6aaf598cd53f0ac306004c

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\@vscode\windows-registry\build\Release\winregistry.node

Filesize
124KB

MD5
ea79443d76eaf6e78659fa34f532411e

SHA1
4dfe6b702a6cbe4b039feebe6bdc9f2c05a8cb1a

SHA256
b2ab4e7398832e7063ba20970ca07ff823786c5742660aad2f00a9db02c7d538

SHA512
ce3e9a40051a4b6e4f53bc0b632d5740be10c795ff93b655acf6c7a659d373b9305af3eebb3cba50cc8b51725e3308bd472fe28a6882e537b6368fefd237e608

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-is-elevated\build\Release\iselevated.node

Filesize
118KB

MD5
1afe9638c76b0fa8634f3c226de16a6c

SHA1
e429808f39809f4f64e37c3cce2ca152f2de4b6a

SHA256
57fba054fe135859a29c2ed60a6fbe632540ce54ec5d965f01c895bef73304dd

SHA512
1af7b45a1dbc258e0bc0a82c19ed47f694747e33440251b9bba6b6e2da893fa678c508627d09b5545d7dc6677b135d323f702dc46d7267a62e29fbd208fc1306

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-keymap\build\Release\keymapping.node

Filesize
170KB

MD5
089f41678da094d720b606a7c4f8c72e

SHA1
68363a200613af57b6ce153fc7ec1b19d0e3d478

SHA256
2161378f1176c2844fee28a67e841f5d7537ddf9efef547cb435aef35c99051e

SHA512
0ddb6a438d8eb7f91e096506aad65a8d5b1759f92734d79e9a436489ed24d955f1866cec53de8cf619546550360d4b199fb627cb6c24eda486caf1333d746a13

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\out\main.js

Filesize
53KB

MD5
5f9f8fa46f8d731709658443995332c1

SHA1
c0b081fa3c1684483c69b9de1d1eb38cf56b166f

SHA256
00106667d9fa4b3ddbd26596d14be7d824b4cfc55f57f1fc7d3376baa0acf49d

SHA512
94043825882b3b897bc104ad866af4e146ca9adc57cdf9b488a96493b3a65f6c446723c82bcbf630da28f6950bce73ba6d32960b4f8b62bfa5a958d03dd8610f

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\code\electron-main\main.js

Filesize
895KB

MD5
5ef7cfc3bf658f055e241409c7c0b75f

SHA1
40f53f1e62843e2c9a810c0c27fa962bfed3da8d

SHA256
3e1b35cdd1e0597c0c85d0ec15aee8ea7454877e762575e913039ed2a92c33bf

SHA512
3d95da4b8569c4514f465c2a0a842cc46e51e33fa2ccdc139420aabed153fd8cd93ab2bf97c41ff3e4f8e91d22b749c67f4fcf70a6516ce579675b983fcfea53

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\code\electron-main\main.nls.js

Filesize
22KB

MD5
7da60decf5374894f2f3fa7f9e33145f

SHA1
3bbf15bbe81cf87dfb2852df6e39e8b0917d8e52

SHA256
6bba1919fa83501f0b2c2ad00018481d6d648ccdaa095071f06f9d195bd9436d

SHA512
7c6e770aeaaa337712274e0aa1a1516d3200ccf12270dc6c5160d9bc4c93a745373d10e94fe01ffef35f862b264b4a2b5f3c7096e9ce129dd151026e6a76a656

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\code\electron-sandbox\workbench\workbench.html

Filesize
1KB

MD5
758fc1e6066d814b937747d70fadd2d0

SHA1
bf94b3bbe56c113236a0bd4f5214e5f4e63a95e7

SHA256
30e1df1ecb88f822f89cfc320108ee14202316898d7a9faf72f8cbd2c2c395bc

SHA512
06a91dce84c3125fd47e88d119cd4249de1d3ff9557a246a4748629f00986d6f13ab22a6a2c9f2aa0529ba07b4379af03e171c26c5d681a773fc13b5e90e127e

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\code\electron-sandbox\workbench\workbench.js

Filesize
41KB

MD5
66bab0e4942a845c3587089fe0b4c1c1

SHA1
a968d96bbac4d96454554244277df6f5991de4bc

SHA256
ad64549a16ec6e134eaef05df59114f6299d1a03ee78af4e2e448a6f27ba27e0

SHA512
fb9c2f3d9853a45dc35d8b714d1197e1b6404990d02e7e58c30d47578ba901a71a7a855d27b8403988e503181300c0bef66811148d3781fac512bed93b7f619d

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\workbench\workbench.desktop.main.css

Filesize
649KB

MD5
60d5b1132aae1c2886f49d473a089777

SHA1
dad9169d8d75ce48f0a956e513908c0bb1d35e5f

SHA256
6cbf46fc86b833d3f9725f29e2a1c610d8d1ffc55ea9cb5cd23e5a9b575f2c89

SHA512
ea9599c92de3476042972438d80eaa3a2f30957c6480c58137fca8f15f0fde24f5d65b6aba10de3284a0eceac5e0fba11123465b6617bf9492d54dfebf070519

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\workbench\workbench.desktop.main.js

Filesize
10.4MB

MD5
9ddd943e13c86a2d4b77ffda7b890b95

SHA1
f48d299403ddfa992b506e102d89394d83b876d8

SHA256
4449df865564de1e8a65b6a0b878198ef62d1ddd1b5a6f5d8b4e32a98a72e01b

SHA512
95f9b098ef64b6105d94f353610ed1f77faf6fa44f24f6f9467c9d79b823764732ae6077126222be5765f88400cc0c16ced9df78adc1af44de3196b07559600d

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\workbench\workbench.desktop.main.nls.js

Filesize
635KB

MD5
826b7196701f8809adb1479edd440a6e

SHA1
bef1c739758a45941e65261bbed37d4cfd655e74

SHA256
3a90ad30c5b40c918a6b32e1303a34283b0eeebf73478165d1b9cba6d7996b73

SHA512
818a9e00070bfdb07d81ef818847968eabe5cca0622a684c7159b9d10fae9a3d9b0ea08687074728c0b4ba2dcde5196f81e995060eabbdbdbd2a78e20a2654ee

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\package.json

Filesize
9KB

MD5
0a100bccc1ea4608dc4849a3588bb6c2

SHA1
a24c603c7df368d7101d460cc018bd0ca717dbe0

SHA256
d88ab26234a0d8e5cbd9a4268e0f99f5dfc33c81231ddcf674951f36e8e2dad3

SHA512
dd0f471cffedda839cf12bfedc6aedab53f7e2233a0b766e2761cce8f1ecf36cfc2973c0ef66c93730617dc293a86c4f638154c35e95d7b6f868dea08e8a134d

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\product.json

Filesize
53KB

MD5
07dcfda50eb49a7b65dea91994287df9

SHA1
4e96d6f94feabbeffb5bb2b7c1774f1747403af7

SHA256
6a235405599632545f0c0273ae8334196ab90fe3f217fd892b4d16d046b304f9

SHA512
2983c5b222e94288ca80aa270c66d67bdd28b21a9dc18cd81351a24f43db35bfaeb31aa8f4f2463dc82c2782e25205e94c70d3ffc088dd730ba485af01285c5c

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\v8_context_snapshot.bin

Filesize
627KB

MD5
21ea21006467e1a619d2971c68571429

SHA1
aff3095129b2e9a66477101af5735302bd4ec237

SHA256
4316f4c498f6210c80c228ecd12ea1c5974bbcd8369c33a4f63def6b32c464f0

SHA512
c97e813a9fe7857cdeb1cf35f57c8ee46bd5aa6ba7144ecc1975a419cba117d61f4c2002639bd0d02e82873232a8c23c3d03d87edd85880e1e27f949e89ea1bf

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\vk_swiftshader.dll

Filesize
5.0MB

MD5
429bf50cd37ed85535f29907b8056179

SHA1
31e8dd47ac09427c85a961a81ff7f618a5735cf0

SHA256
9d095a97be70bb14dbc6e248d7cfa899707fe744852382bff4b38bdb0ee5a5b7

SHA512
de719ebf9d28671e5a7e5bfea014bf9e1fe06386c7dd71b8db30cf559e048e90ab1fc78d4c436c5d91aeb08972bb4516e1e9aae62d740a1d6043b8f616e3cc27

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_3ttdh2mx.n1s.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DJJ57.tmp\VSCodeUserSetup-x64-1.88.1.tmp

Filesize
2.5MB

MD5
36333c1bab6e5d7847cd1929819c08f1

SHA1
7b1436c3257fc986cdce20a4eb035f697217ae5a

SHA256
93901367dab8338de5e7e7d11a6e616fac048a7c915252f3553c154d906371ea

SHA512
b218df064210c314985596cc49ef5ee6017469ccfabf955c66bf9e3ccdecf853160854ddd37b875bcb9f979d33ece93758eb7f89cbb8214cc7cbe8c1f45478dc

Download Submit
C:\Users\Admin\AppData\Roaming\Code\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\Code\Service Worker\ScriptCache\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Roaming\Code\User\globalStorage\storage.json

Filesize
587B

MD5
9576d52069ed86cb9a809c9f40727e1a

SHA1
29b51bd9fd0373c3640c26d2b0d95e5547f1fea7

SHA256
86e915d0a868245a7bfec7a3627c0e1210d29afff5ed1dbc1ae72a1d5a88b13e

SHA512
8e4bbc2d84424af6d4a9713debf290960a2f8a0292bfc72b17cbb20978eb9189d775a6fce9c53e3a5909601b11db2f861a5d09290c547d33c79cc6285ea4f681

Download Submit
C:\Users\Admin\AppData\Roaming\Code\User\globalStorage\storage.json

Filesize
1KB

MD5
30b1864536d7c25453b79e016a8543f6

SHA1
af8df727a7c11bb6e6811b84408e11f1da0edcc3

SHA256
1cc92a891a669d37c480a31f20c2ed9418058d3fb388c70c91e098b2954c39fc

SHA512
de18d8c45473709c3ac53ebbcc5bf6aa570653682396a74f173df9cf43e8cd76c0509b9a5fe317b5eeb35c3ecfa39377e4d60abb3d6543825b6cc4735c7622d1

Download Submit
C:\Users\Admin\AppData\Roaming\Code\User\globalStorage\storage.json

Filesize
172B

MD5
c75c19e02f4cd28970abc6590c916c67

SHA1
316f580e859556c359b6d40ba7fac630597b8502

SHA256
5d818be1e0e819c2c882a6123457f2dad1197f97da6b3069f76d389c642577b5

SHA512
0a728d6fccd7eb8ffeaf8d85d8d77e6ba7b6410070a7a3c9309fb376c30b5de674e2485af483b72c5d923af268a92b1fb8ae4279657cd658fe91b15c6a8b774e

Download Submit
C:\Users\Admin\AppData\Roaming\Code\User\globalStorage\storage.json

Filesize
956B

MD5
f367d1bb02549e6ce101d713136dccc4

SHA1
a623ffcff1a3c725c6fb647a50bac5d19ad282cd

SHA256
62aa5cfd02203e605e8a917b9a7f4ec9e446601f1819b5b6fedda89d8a87399c

SHA512
857e26f1407b750b710f93e4786a1229e590901acd383349eab680f04b69e47ad364dd0e343ee922fbe9923a5f699861f1e40bf07a97e67a31086fc6616c69b4

Download Submit
C:\Users\Admin\AppData\Roaming\Code\User\globalStorage\storage.json.vsctmp

Filesize
987B

MD5
7fc7d47f03c6cf5930a3c48089918b9d

SHA1
ca260d458f6ce0aaf90d2b04dde9e66da1b7af5f

SHA256
04839e5e752206e32868873b6631d22cbb9c6ef34a314fdb71d44676daf839fe

SHA512
446cc66dcf949ff4873cd14666b151c10008d77fba596788f775857798ef0dc3fc7a98ae0899ce3908f301d03b1df9a7c32d3dda7da7f441072f80b567c7b615

Download Submit
C:\Users\Admin\AppData\Roaming\Code\machineid

Filesize
36B

MD5
6f91d4014b04a6db4213ad148c04d7a3

SHA1
8730dac3bb3441fe9296a944aa533568c18a7f38

SHA256
02ce8d46989e547fecd5511affd0fea8711cd321f915341004cb10b957933a4e

SHA512
7b30b3a4c720f8de2c9957827147c688289ddff51c75fd00da006abcbeeb870032e0d919c7e8025dd84ceb0fd4b6061700d1d251059049c30dc033e275a79d0a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\out\bootstrap-amd.js

Filesize
1KB

MD5
6397558f2c06c4d4b1ef6140b016505b

SHA1
867f1a7e2cb3d8224bbc49725455129a534216f8

SHA256
26c6ab831be12a2dec9b0a7deec18afd7c2545b5e065e4c047ccd1055c857634

SHA512
8441e0917cb2bb0422929fe496b65cf95cd9b28dc669895745797921a1d64ef098af51e6b1572d0d1cb1b49eeb265bb7157ec1013482cec108501787befbdebf

Download Submit
\??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\out\bootstrap-fork.js

Filesize
2KB

MD5
df64beec310f1f7da52759152b4eadb8

SHA1
9236467e2945730a4e5a7f47afcea25c9d4bdca2

SHA256
e9375424922f3eee94339291dc28dc70998a6f676063c3842b9e700fa6628be4

SHA512
574c58fad36bfabb15eff381f72ceaf76d9523e1effedf0e3ef8b0cc291fddd746dad5388ef517abe2be9e08da7ab3f8a926055e6d885fc225fc865c85ddf16e

Download Submit
\??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\out\bootstrap-node.js

Filesize
1KB

MD5
480c9960fa9f4dc22c017609f518f737

SHA1
acefa6b1276d2338c8694392c0a3666cd8113593

SHA256
32b34cfa17c720c077857c85c8b3400c7c4b318d055ffb2564f55371c9bd58ad

SHA512
135f5bfeb83e18851b30599a299fa216de895089f6755438a46d2bbfeb8608f3d4179a776225aea2560663445f2a4797dbc7b944c83ed6d61a07a3bd41ea1728

Download Submit
\??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\out\bootstrap.js

Filesize
2KB

MD5
14006e04803824a53d6779f930e5a1ed

SHA1
6ce506140b08db7f56f406ab7342de5461c60ab8

SHA256
50c07b4b189be0e13fdee0ada8c9deab0a2507bb52e578c7b0593bd0054b98ff

SHA512
8cdbf8ba946bc833c0a5ed8eddcef3bacdf28ce7f662d95af400d4e0ae2dbd58aefe57fe2642fd13b3a38fea99136ca12139d2e2237181f94ee19a60582ad0f8

Download Submit
\??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\base\common\performance.js

Filesize
1KB

MD5
63b6f40a16c49fd6d8dec8b04dca49d9

SHA1
d6672930b7e2cf1c0d5b06cfd2e0df72552d954d

SHA256
6c42dcfa541418f493677d217461009e1c4b73014dd444df0a9a480dbf4fff9d

SHA512
51634a0a962592da9720978880bd703e2488aa16514e742ad1d9ae654b125411e4bcffe6b262225e1f37804dbbfc4f35853c45ce6813a2e990cfeb62d423f9b8

Download Submit
\??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\base\parts\sandbox\electron-sandbox\preload.js

Filesize
2KB

MD5
cf362aef78a522062aa622bfa359eead

SHA1
7e7ed107d454e711fcb05e5c6b23c5a3e1e689a3

SHA256
8e4b95de0f15acb2ebccdb80e1d00f7bcebb7388c28ead0268c0bde6aa4e5882

SHA512
c701483f119e28dd4cbb11c3f6dd16837f3afb7d04b7875624f31306e4d631bf6a3ca7cd7f219eaf9355e31399b64d71af0b46a098945eb02e6af00f9c894984

Download Submit
\??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\code\node\sharedProcess\sharedProcessMain.js

Filesize
847KB

MD5
a1653dfc1d025579a319a8a33816dfba

SHA1
9ff0244ee59278b04dd2e05f05ecad4ad85251e2

SHA256
b99046c0ab54e9009609c9b6e6fa1dfa88c1118ec2187f836dccaa7393ceb0bb

SHA512
46d1eb12660bd872a8023efa941c9f82a953d19e3aa9ca2423bdbc207a3ecd62bf50df743cd9ff6869302756c1a759412ddb054e8970eee38415637c3804054d

Download Submit
\??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\code\node\sharedProcess\sharedProcessMain.nls.js

Filesize
14KB

MD5
f2d42ff58d777d80571329531d78a0c7

SHA1
99c0d1ee9bb67dcb695e3ca59307b719b3706143

SHA256
e55a06b1ee236c825fe5f48e77f5a2c47d3ab65ffe29a42fd44ba7609cec6890

SHA512
4a94fff27a454c16eb71a14371431a80aab44ab9fe1603233b0fbffddbf8c57add82c6c8ae0c6f85a29b2a45b2c02a4213aeba94a08a51fcfffec649cac854fe

Download Submit
\??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\loader.js

Filesize
32KB

MD5
3a79fb9ad9301a2e2d850d02682f6c7c

SHA1
f798e196697365105b4ed070dd0f3a7c08bec4f2

SHA256
8c5f99f6f1c8f54f7fe83e6623b68bdabe78e1213dc9fd91c019dcd5f1fdfc7f

SHA512
a9092cddc0935b266e415fb090bfe17e81b611c6a37c5b99aad848818504610709f9fde87b8b2cef4747c2e072175291bf71ba0aca9799155857913a7797e4aa

Download Submit
memory/3328-2239-0x00007FFAFE210000-0x00007FFAFE211000-memory.dmp

Filesize
4KB

Download
memory/3328-2240-0x00007FFAFCDE0000-0x00007FFAFCDE1000-memory.dmp

Filesize
4KB

Download
memory/3452-37-0x0000000007DD0000-0x000000000844A000-memory.dmp

Filesize
6.5MB

Download
memory/3452-36-0x00000000071A0000-0x0000000007744000-memory.dmp

Filesize
5.6MB

Download
memory/3452-13-0x00000000025C0000-0x00000000025F6000-memory.dmp

Filesize
216KB

Download
memory/3452-30-0x00000000056A0000-0x00000000059F4000-memory.dmp

Filesize
3.3MB

Download
memory/3452-31-0x0000000005B70000-0x0000000005B8E000-memory.dmp

Filesize
120KB

Download
memory/3452-15-0x00000000048C0000-0x00000000048D0000-memory.dmp

Filesize
64KB

Download
memory/3452-40-0x0000000072320000-0x0000000072AD0000-memory.dmp

Filesize
7.7MB

Download
memory/3452-17-0x0000000004F00000-0x0000000005528000-memory.dmp

Filesize
6.2MB

Download
memory/3452-16-0x00000000048C0000-0x00000000048D0000-memory.dmp

Filesize
64KB

Download
memory/3452-18-0x0000000004C00000-0x0000000004C22000-memory.dmp

Filesize
136KB

Download
memory/3452-20-0x0000000005530000-0x0000000005596000-memory.dmp

Filesize
408KB

Download
memory/3452-19-0x0000000004E60000-0x0000000004EC6000-memory.dmp

Filesize
408KB

Download
memory/3452-14-0x0000000072320000-0x0000000072AD0000-memory.dmp

Filesize
7.7MB

Download
memory/3452-35-0x00000000060E0000-0x0000000006102000-memory.dmp

Filesize
136KB

Download
memory/3452-34-0x0000000006050000-0x000000000606A000-memory.dmp

Filesize
104KB

Download
memory/3452-32-0x0000000005BC0000-0x0000000005C0C000-memory.dmp

Filesize
304KB

Download
memory/3452-33-0x0000000006B50000-0x0000000006BE6000-memory.dmp

Filesize
600KB

Download
memory/4440-8-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4440-0-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4440-2143-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4440-2-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4860-11-0x0000000000400000-0x000000000068E000-memory.dmp

Filesize
2.6MB

Download
memory/4860-71-0x0000000000400000-0x000000000068E000-memory.dmp

Filesize
2.6MB

Download
memory/4860-9-0x0000000000400000-0x000000000068E000-memory.dmp

Filesize
2.6MB

Download
memory/4860-6-0x0000000000B60000-0x0000000000B61000-memory.dmp

Filesize
4KB

Download
memory/4860-12-0x0000000000B60000-0x0000000000B61000-memory.dmp

Filesize
4KB

Download
memory/4860-2140-0x0000000000400000-0x000000000068E000-memory.dmp

Filesize
2.6MB

Download
memory/4860-2139-0x0000000000400000-0x000000000068E000-memory.dmp

Filesize
2.6MB

Download