7bda1c7dfc670489155db2f8fc1f48c209b92fb6145a320d677dccf0bce921b6

Analysis

max time kernel
150s
max time network
154s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
14/05/2024, 07:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

VSCodeUserSetup-x64-1.87.2.exe
Size

93.5MB
MD5

daf5ea4330bfe2a799fa9d74803a636b
SHA1

2b36e6e9836b76cf602ea6b0ad67f348059fab2d
SHA256

7bda1c7dfc670489155db2f8fc1f48c209b92fb6145a320d677dccf0bce921b6
SHA512

d6ce4a9f3d40bafee932ac82aed55b73e762bf7922d87d7c292690798f007d40d539104d860c974787496d01c34e953bdb75503ab724dc3075f6a8166103c77e
SSDEEP

1572864:gVtCdWPuGW1eo/30U7AmCw59hGTdpWi8hved2+uDzlpM+7i6gGVLgsO9vMQrIO:HdGW1eA97AR/1QeIlpM+sinOmO

Score

7^/10

discovery execution

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
4712	icacls.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	Code.exe

Executes dropped EXE 10 IoCs

pid	Process
4336	VSCodeUserSetup-x64-1.87.2.tmp
4792	Code.exe
2620	Code.exe
1892	Code.exe
3592	Code.exe
544	Code.exe
2016	Code.exe
2572	Code.exe
4336	Code.exe
1560	code-tunnel.exe

Loads dropped DLL 22 IoCs

pid	Process
4792	Code.exe
2620	Code.exe
1892	Code.exe
4792	Code.exe
2620	Code.exe
2620	Code.exe
2620	Code.exe
2620	Code.exe
4792	Code.exe
4792	Code.exe
4792	Code.exe
4792	Code.exe
4792	Code.exe
4792	Code.exe
3592	Code.exe
544	Code.exe
2016	Code.exe
2572	Code.exe
4336	Code.exe
2016	Code.exe
2572	Code.exe
4792	Code.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
3200	powershell.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Code.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Code.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Code.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Code.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Code.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Code.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	Code.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\VSCode.bowerrc\shell\open\command	VSCodeUserSetup-x64-1.87.2.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\VSCode.md\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\" \"%1\""	VSCodeUserSetup-x64-1.87.2.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\VSCode.bash\AppUserModelID = "Microsoft.VisualStudioCode"	VSCodeUserSetup-x64-1.87.2.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\.mkd\OpenWithProgids\VSCode.mkd	VSCodeUserSetup-x64-1.87.2.tmp
Key created	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\VSCode.cls\shell\open	VSCodeUserSetup-x64-1.87.2.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\VSCode.m\shell\open\Icon = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\""	VSCodeUserSetup-x64-1.87.2.tmp
Key created	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\VSCode.hxx\shell\open	VSCodeUserSetup-x64-1.87.2.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\VSCode.ml\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\resources\\app\\resources\\win32\\default.ico"	VSCodeUserSetup-x64-1.87.2.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\VSCode.profile\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\resources\\app\\resources\\win32\\shell.ico"	VSCodeUserSetup-x64-1.87.2.tmp
Key created	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\VSCode.shtml\shell\open	VSCodeUserSetup-x64-1.87.2.tmp
Key created	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\VSCode.wxl\shell\open\command	VSCodeUserSetup-x64-1.87.2.tmp
Key created	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\.edn	VSCodeUserSetup-x64-1.87.2.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\VSCode.hh\ = "C++ Header Source File"	VSCodeUserSetup-x64-1.87.2.tmp
Key created	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\VSCode.ini\DefaultIcon	VSCodeUserSetup-x64-1.87.2.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\VSCode.svg\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\resources\\app\\resources\\win32\\default.ico"	VSCodeUserSetup-x64-1.87.2.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\VSCode.bash_logout\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\" \"%1\""	VSCodeUserSetup-x64-1.87.2.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\VSCode.cc\AppUserModelID = "Microsoft.VisualStudioCode"	VSCodeUserSetup-x64-1.87.2.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\VSCode.h\AppUserModelID = "Microsoft.VisualStudioCode"	VSCodeUserSetup-x64-1.87.2.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\VSCode.sh\AppUserModelID = "Microsoft.VisualStudioCode"	VSCodeUserSetup-x64-1.87.2.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\VSCode.aspx\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\" \"%1\""	VSCodeUserSetup-x64-1.87.2.tmp
Key created	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\VSCode.rhistory\shell\open\command	VSCodeUserSetup-x64-1.87.2.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\.rprofile\OpenWithProgids\VSCode.rprofile	VSCodeUserSetup-x64-1.87.2.tmp
Key created	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\.cljx	VSCodeUserSetup-x64-1.87.2.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\VSCode.cs\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\" \"%1\""	VSCodeUserSetup-x64-1.87.2.tmp
Key created	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\VSCode.mdtext\shell\open\command	VSCodeUserSetup-x64-1.87.2.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\VSCode.pm6\AppUserModelID = "Microsoft.VisualStudioCode"	VSCodeUserSetup-x64-1.87.2.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\VSCode.psm1\AppUserModelID = "Microsoft.VisualStudioCode"	VSCodeUserSetup-x64-1.87.2.tmp
Key created	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\.cs	VSCodeUserSetup-x64-1.87.2.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\.edn\OpenWithProgids\VSCode.edn	VSCodeUserSetup-x64-1.87.2.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\VSCode.fsx\ = "F# Script Source File"	VSCodeUserSetup-x64-1.87.2.tmp
Key created	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\.h\OpenWithProgids	VSCodeUserSetup-x64-1.87.2.tmp
Key created	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\VSCode.jsx\DefaultIcon	VSCodeUserSetup-x64-1.87.2.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\VSCode.mkdn\AppUserModelID = "Microsoft.VisualStudioCode"	VSCodeUserSetup-x64-1.87.2.tmp
Key created	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\VSCode.plist\shell	VSCodeUserSetup-x64-1.87.2.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\.editorconfig\OpenWithProgids\VSCode.editorconfig	VSCodeUserSetup-x64-1.87.2.tmp
Key created	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\VSCode.cxx	VSCodeUserSetup-x64-1.87.2.tmp
Key created	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\VSCode.fsscript\shell	VSCodeUserSetup-x64-1.87.2.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\VSCode.mdown\AppUserModelID = "Microsoft.VisualStudioCode"	VSCodeUserSetup-x64-1.87.2.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\VSCode.pod\shell\open\Icon = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\""	VSCodeUserSetup-x64-1.87.2.tmp
Key created	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\VSCode.pp\DefaultIcon	VSCodeUserSetup-x64-1.87.2.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\VSCode.cpp\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\resources\\app\\resources\\win32\\cpp.ico"	VSCodeUserSetup-x64-1.87.2.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\.csx\OpenWithProgids\VSCode.csx	VSCodeUserSetup-x64-1.87.2.tmp
Key created	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\.rt	VSCodeUserSetup-x64-1.87.2.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\VSCode.aspx\ = "ASPX Source File"	VSCodeUserSetup-x64-1.87.2.tmp
Key created	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\VSCode.java\shell	VSCodeUserSetup-x64-1.87.2.tmp
Key created	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\VSCode.log\shell\open	VSCodeUserSetup-x64-1.87.2.tmp
Key created	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\VSCode.m\shell\open\command	VSCodeUserSetup-x64-1.87.2.tmp
Key created	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\VSCode.mkdn	VSCodeUserSetup-x64-1.87.2.tmp
Key created	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\VSCode.profile\shell\open	VSCodeUserSetup-x64-1.87.2.tmp
Key created	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\VSCode.cc\DefaultIcon	VSCodeUserSetup-x64-1.87.2.tmp
Key created	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\VSCode.csx\shell	VSCodeUserSetup-x64-1.87.2.tmp
Key created	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\VSCode.json\DefaultIcon	VSCodeUserSetup-x64-1.87.2.tmp
Key created	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\.pl6	VSCodeUserSetup-x64-1.87.2.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\.rb\OpenWithProgids\VSCode.rb	VSCodeUserSetup-x64-1.87.2.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\VSCode.wxi\AppUserModelID = "Microsoft.VisualStudioCode"	VSCodeUserSetup-x64-1.87.2.tmp
Key created	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\VSCode.cjs\DefaultIcon	VSCodeUserSetup-x64-1.87.2.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\VSCode.gemspec\shell\open\Icon = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\""	VSCodeUserSetup-x64-1.87.2.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\VSCode.gitattributes\AlwaysShowExt	VSCodeUserSetup-x64-1.87.2.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\VSCode.vue\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\" \"%1\""	VSCodeUserSetup-x64-1.87.2.tmp
Key created	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\VSCode.cc\shell\open	VSCodeUserSetup-x64-1.87.2.tmp
Key created	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\.js\OpenWithProgids	VSCodeUserSetup-x64-1.87.2.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\.fsscript\OpenWithProgids\VSCode.fsscript	VSCodeUserSetup-x64-1.87.2.tmp
Key created	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\.rprofile	VSCodeUserSetup-x64-1.87.2.tmp
Key created	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Applications\Code.exe\shell\open	VSCodeUserSetup-x64-1.87.2.tmp

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3200	powershell.exe
3200	powershell.exe
4336	VSCodeUserSetup-x64-1.87.2.tmp
4336	VSCodeUserSetup-x64-1.87.2.tmp

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3200	powershell.exe
Token: SeShutdownPrivilege	4792	Code.exe
Token: SeCreatePagefilePrivilege	4792	Code.exe
Token: SeShutdownPrivilege	4792	Code.exe
Token: SeCreatePagefilePrivilege	4792	Code.exe
Token: SeShutdownPrivilege	4792	Code.exe
Token: SeCreatePagefilePrivilege	4792	Code.exe
Token: SeShutdownPrivilege	4792	Code.exe
Token: SeCreatePagefilePrivilege	4792	Code.exe
Token: SeShutdownPrivilege	4792	Code.exe
Token: SeCreatePagefilePrivilege	4792	Code.exe
Token: SeShutdownPrivilege	4792	Code.exe
Token: SeCreatePagefilePrivilege	4792	Code.exe
Token: SeShutdownPrivilege	4792	Code.exe
Token: SeCreatePagefilePrivilege	4792	Code.exe
Token: SeShutdownPrivilege	4792	Code.exe
Token: SeCreatePagefilePrivilege	4792	Code.exe
Token: SeShutdownPrivilege	4792	Code.exe
Token: SeCreatePagefilePrivilege	4792	Code.exe
Token: SeShutdownPrivilege	4792	Code.exe
Token: SeCreatePagefilePrivilege	4792	Code.exe
Token: SeShutdownPrivilege	4792	Code.exe
Token: SeCreatePagefilePrivilege	4792	Code.exe
Token: SeShutdownPrivilege	4792	Code.exe
Token: SeCreatePagefilePrivilege	4792	Code.exe
Token: SeShutdownPrivilege	4792	Code.exe
Token: SeCreatePagefilePrivilege	4792	Code.exe
Token: SeShutdownPrivilege	4792	Code.exe
Token: SeCreatePagefilePrivilege	4792	Code.exe
Token: SeShutdownPrivilege	4792	Code.exe
Token: SeCreatePagefilePrivilege	4792	Code.exe
Token: SeShutdownPrivilege	4792	Code.exe
Token: SeCreatePagefilePrivilege	4792	Code.exe
Token: SeShutdownPrivilege	4792	Code.exe
Token: SeCreatePagefilePrivilege	4792	Code.exe
Token: SeShutdownPrivilege	4792	Code.exe
Token: SeCreatePagefilePrivilege	4792	Code.exe
Token: SeShutdownPrivilege	4792	Code.exe
Token: SeCreatePagefilePrivilege	4792	Code.exe
Token: SeShutdownPrivilege	4792	Code.exe
Token: SeCreatePagefilePrivilege	4792	Code.exe
Token: SeShutdownPrivilege	4792	Code.exe
Token: SeCreatePagefilePrivilege	4792	Code.exe
Token: SeShutdownPrivilege	4792	Code.exe
Token: SeCreatePagefilePrivilege	4792	Code.exe
Token: SeShutdownPrivilege	4792	Code.exe
Token: SeCreatePagefilePrivilege	4792	Code.exe
Token: SeShutdownPrivilege	4792	Code.exe
Token: SeCreatePagefilePrivilege	4792	Code.exe
Token: SeShutdownPrivilege	4792	Code.exe
Token: SeCreatePagefilePrivilege	4792	Code.exe
Token: SeShutdownPrivilege	4792	Code.exe
Token: SeCreatePagefilePrivilege	4792	Code.exe
Token: SeShutdownPrivilege	4792	Code.exe
Token: SeCreatePagefilePrivilege	4792	Code.exe
Token: SeShutdownPrivilege	4792	Code.exe
Token: SeCreatePagefilePrivilege	4792	Code.exe
Token: SeShutdownPrivilege	4792	Code.exe
Token: SeCreatePagefilePrivilege	4792	Code.exe
Token: SeShutdownPrivilege	4792	Code.exe
Token: SeCreatePagefilePrivilege	4792	Code.exe
Token: SeShutdownPrivilege	4792	Code.exe
Token: SeCreatePagefilePrivilege	4792	Code.exe
Token: SeShutdownPrivilege	4792	Code.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4336	VSCodeUserSetup-x64-1.87.2.tmp

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 996 wrote to memory of 4336	996	VSCodeUserSetup-x64-1.87.2.exe	80
PID 996 wrote to memory of 4336	996	VSCodeUserSetup-x64-1.87.2.exe	80
PID 996 wrote to memory of 4336	996	VSCodeUserSetup-x64-1.87.2.exe	80
PID 4336 wrote to memory of 3200	4336	VSCodeUserSetup-x64-1.87.2.tmp	85
PID 4336 wrote to memory of 3200	4336	VSCodeUserSetup-x64-1.87.2.tmp	85
PID 4336 wrote to memory of 3200	4336	VSCodeUserSetup-x64-1.87.2.tmp	85
PID 4336 wrote to memory of 4712	4336	VSCodeUserSetup-x64-1.87.2.tmp	88
PID 4336 wrote to memory of 4712	4336	VSCodeUserSetup-x64-1.87.2.tmp	88
PID 4336 wrote to memory of 4792	4336	VSCodeUserSetup-x64-1.87.2.tmp	92
PID 4336 wrote to memory of 4792	4336	VSCodeUserSetup-x64-1.87.2.tmp	92
PID 4792 wrote to memory of 2620	4792	Code.exe	93
PID 4792 wrote to memory of 2620	4792	Code.exe	93
PID 4792 wrote to memory of 2620	4792	Code.exe	93
PID 4792 wrote to memory of 2620	4792	Code.exe	93
PID 4792 wrote to memory of 2620	4792	Code.exe	93
PID 4792 wrote to memory of 2620	4792	Code.exe	93
PID 4792 wrote to memory of 2620	4792	Code.exe	93
PID 4792 wrote to memory of 2620	4792	Code.exe	93
PID 4792 wrote to memory of 2620	4792	Code.exe	93
PID 4792 wrote to memory of 2620	4792	Code.exe	93
PID 4792 wrote to memory of 2620	4792	Code.exe	93
PID 4792 wrote to memory of 2620	4792	Code.exe	93
PID 4792 wrote to memory of 2620	4792	Code.exe	93
PID 4792 wrote to memory of 2620	4792	Code.exe	93
PID 4792 wrote to memory of 2620	4792	Code.exe	93
PID 4792 wrote to memory of 2620	4792	Code.exe	93
PID 4792 wrote to memory of 2620	4792	Code.exe	93
PID 4792 wrote to memory of 2620	4792	Code.exe	93
PID 4792 wrote to memory of 2620	4792	Code.exe	93
PID 4792 wrote to memory of 2620	4792	Code.exe	93
PID 4792 wrote to memory of 2620	4792	Code.exe	93
PID 4792 wrote to memory of 2620	4792	Code.exe	93
PID 4792 wrote to memory of 2620	4792	Code.exe	93
PID 4792 wrote to memory of 2620	4792	Code.exe	93
PID 4792 wrote to memory of 2620	4792	Code.exe	93
PID 4792 wrote to memory of 2620	4792	Code.exe	93
PID 4792 wrote to memory of 2620	4792	Code.exe	93
PID 4792 wrote to memory of 2620	4792	Code.exe	93
PID 4792 wrote to memory of 2620	4792	Code.exe	93
PID 4792 wrote to memory of 2620	4792	Code.exe	93
PID 4792 wrote to memory of 2620	4792	Code.exe	93
PID 4792 wrote to memory of 2620	4792	Code.exe	93
PID 4792 wrote to memory of 2620	4792	Code.exe	93
PID 4792 wrote to memory of 2620	4792	Code.exe	93
PID 4792 wrote to memory of 2620	4792	Code.exe	93
PID 4792 wrote to memory of 1892	4792	Code.exe	94
PID 4792 wrote to memory of 1892	4792	Code.exe	94
PID 4792 wrote to memory of 3592	4792	Code.exe	95
PID 4792 wrote to memory of 3592	4792	Code.exe	95
PID 4792 wrote to memory of 3592	4792	Code.exe	95
PID 4792 wrote to memory of 3592	4792	Code.exe	95
PID 4792 wrote to memory of 3592	4792	Code.exe	95
PID 4792 wrote to memory of 3592	4792	Code.exe	95
PID 4792 wrote to memory of 3592	4792	Code.exe	95
PID 4792 wrote to memory of 3592	4792	Code.exe	95
PID 4792 wrote to memory of 3592	4792	Code.exe	95
PID 4792 wrote to memory of 3592	4792	Code.exe	95
PID 4792 wrote to memory of 3592	4792	Code.exe	95
PID 4792 wrote to memory of 3592	4792	Code.exe	95
PID 4792 wrote to memory of 3592	4792	Code.exe	95
PID 4792 wrote to memory of 3592	4792	Code.exe	95
PID 4792 wrote to memory of 3592	4792	Code.exe	95
PID 4792 wrote to memory of 3592	4792	Code.exe	95
PID 4792 wrote to memory of 3592	4792	Code.exe	95

C:\Users\Admin\AppData\Local\Temp\VSCodeUserSetup-x64-1.87.2.exe
"C:\Users\Admin\AppData\Local\Temp\VSCodeUserSetup-x64-1.87.2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:996
- C:\Users\Admin\AppData\Local\Temp\is-IKO6U.tmp\VSCodeUserSetup-x64-1.87.2.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-IKO6U.tmp\VSCodeUserSetup-x64-1.87.2.tmp" /SL5="$40234,97027660,828416,C:\Users\Admin\AppData\Local\Temp\VSCodeUserSetup-x64-1.87.2.exe"
  2⤵
  - Executes dropped EXE
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:4336
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "Get-WmiObject Win32_Process | Where-Object { $_.ExecutablePath -eq 'C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\bin\code-tunnel.exe' } | Select @{Name='Id'; Expression={$_.ProcessId}} | Stop-Process -Force"
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3200
- - C:\Windows\system32\icacls.exe
    "C:\Windows\system32\icacls.exe" "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code" /inheritancelevel:r /grant:r "*S-1-5-18:(OI)(CI)F" /grant:r "*S-1-5-32-544:(OI)(CI)F" /grant:r "*S-1-5-11:(OI)(CI)RX" /grant:r "*S-1-5-32-545:(OI)(CI)RX" /grant:r "*S-1-3-0:(OI)(CI)F" /grant:r "Admin:(OI)(CI)F"
    3⤵
    - Modifies file permissions
    PID:4712
- - C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
    "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe"
    3⤵
    - Drops file in Windows directory
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:4792
  - - C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
      "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1628 --field-trial-handle=1632,i,11904928303985272100,14952979849336075297,262144 --disable-features=CalculateNativeWinOcclusion,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2620
  - - C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
      "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --mojo-platform-channel-handle=1868 --field-trial-handle=1632,i,11904928303985272100,14952979849336075297,262144 --disable-features=CalculateNativeWinOcclusion,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1892
  - - C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
      "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --app-user-model-id=Microsoft.VisualStudioCode --app-path="C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app" --enable-sandbox --enable-blink-features=HighlightAPI --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2872 --field-trial-handle=1632,i,11904928303985272100,14952979849336075297,262144 --disable-features=CalculateNativeWinOcclusion,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --vscode-window-config=vscode:7005c1cc-e56f-4138-8be9-a16b47aab7cc /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3592
  - - C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
      "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=utility --utility-sub-type=node.mojom.NodeService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --mojo-platform-channel-handle=3388 --field-trial-handle=1632,i,11904928303985272100,14952979849336075297,262144 --disable-features=CalculateNativeWinOcclusion,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:544
    - - \??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\bin\code-tunnel.exe
        
        "c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\bin\code-tunnel.exe" tunnel status
        5⤵
        Executes dropped EXE
        
        PID:1560
  - - C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
      "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=utility --utility-sub-type=node.mojom.NodeService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --mojo-platform-channel-handle=3384 --field-trial-handle=1632,i,11904928303985272100,14952979849336075297,262144 --disable-features=CalculateNativeWinOcclusion,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2016
  - - C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
      "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=utility --utility-sub-type=node.mojom.NodeService --lang=en-US --service-sandbox-type=none --dns-result-order=ipv4first --inspect-port=0 --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --mojo-platform-channel-handle=3448 --field-trial-handle=1632,i,11904928303985272100,14952979849336075297,262144 --disable-features=CalculateNativeWinOcclusion,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2572
  - - C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe
      "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --app-user-model-id=Microsoft.VisualStudioCode --app-path="C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app" --enable-sandbox --enable-blink-features=HighlightAPI --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3788 --field-trial-handle=1632,i,11904928303985272100,14952979849336075297,262144 --disable-features=CalculateNativeWinOcclusion,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --vscode-window-config=vscode:7005c1cc-e56f-4138-8be9-a16b47aab7cc /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4336
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "wsl.exe -l -q"
      4⤵
      PID:3284
  - - C:\Windows\System32\wsl.exe
      C:\Windows\System32\wsl.exe --status
      4⤵
      PID:4320

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\.vscode\argv.json

Filesize
798B

MD5
518b15dd64efdfd55b3c80754a652ba7

SHA1
c6cfd7fc6c1812f8ac74e47ed623bac0963f9e71

SHA256
4ed33a336d60edecf26fd5d1194cc3ffaf15682fd09255c91e9eb33856539fb3

SHA512
eee5d7a08e8ea5856045c17d1187dd6ac52d7c60e3c7fc6577a11deaf637e2d3d73207a02836213d067c8c200126da2a5f6e4a2e2d879a051350431c85ebd0b8

Download Submit
C:\Users\Admin\.vscode\extensions\extensions.json

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\chrome_100_percent.pak

Filesize
132KB

MD5
a0e681fdd4613e0fff6fb8bf33a00ef1

SHA1
6789bacfe0b244ab6872bd3acc1e92030276011e

SHA256
86f6b8ffa8788603a433d425a4bc3c4031e5d394762fd53257b0d4b1cfb2ffa2

SHA512
6f6a1a8bfe3d33f3fa5f6134dac7cd8c017e38e5e2a75a93a958addbb17a601c5707d99a2af67e52c0a3d5206142209703701cd3fab44e0323a4553caee86196

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\chrome_200_percent.pak

Filesize
190KB

MD5
c37bd7a6b677a37313b7ecc4ff01b6f5

SHA1
79db970c44347bd3566cefb6cabd1995e8e173df

SHA256
8c1ae81d19fd6323a02eb460e075e2f25aba322bc7d46f2e6edb1c4600e6537a

SHA512
a7b07133fa05593b102a0e5e5788b29488cb74656c5ee25de897c2ba2b2a7b05c0663ade74a003f7d6df2134d0b75f0ad25e15e9c9e0969e9453b7fc40b9f8bb

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\d3dcompiler_47.dll

Filesize
4.7MB

MD5
8db2fee2d622b5c6fead3f8ec14d962a

SHA1
ec908f377b43b39e6d36600d1e964eab96ce7ef3

SHA256
5070c1d0e65147f32bc06e8933c878655ac35d11066c8927661f82dfb2172398

SHA512
9f564b1d1def7f70efeb9cf020bdda28590f828b91069dfd48b77fef7587fc36f6e8d2a5ca51efefbfe48f819a608efaa891a995c05a80d7003e84c265ca0724

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\ffmpeg.dll

Filesize
2.4MB

MD5
0807b80e04c21b57b59de8a83e841418

SHA1
418f61a5c8f0305b07461631a5ebfa9a76216a6a

SHA256
c43935201acd9f17675379d55db9a5c39773c983b4fc721915e7dbfe8396a258

SHA512
3ca862464d48d6f8aca0beb75c6df37c27503189a14990951f2721be0a89ed0e6bd00390b7655a46e91835324184632a26f556b8b868511edcb51e506832c4b4

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\icudtl.dat

Filesize
10.2MB

MD5
e0f1ad85c0933ecce2e003a2c59ae726

SHA1
a8539fc5a233558edfa264a34f7af6187c3f0d4f

SHA256
f5170aa2b388d23bebf98784dd488a9bcb741470384a6a9a8d7a2638d768defb

SHA512
714ed5ae44dfa4812081b8de42401197c235a4fa05206597f4c7b4170dd37e8360cc75d176399b735c9aec200f5b7d5c81c07b9ab58cbca8dc08861c6814fb28

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\libEGL.dll

Filesize
497KB

MD5
e56cdb4e85e46b59f27b6578ad25d355

SHA1
c43c31c5153a4fab8dc840316a3c8f400ad00d1e

SHA256
90f686cef7fd89aeaaa0cc9ba80a5856780076c3f7a9f4034c3fc012a5561d5e

SHA512
1507564e1c4d7b881a726e8f6b85af5835ed56fab3de52b1d60de18e70c2bc973af7e578e7622cacb05d004bd85c2670678ad9d4f7248595e258e1dc2363014a

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\libGLESv2.dll

Filesize
7.3MB

MD5
679c8a442c3b505be7220b69b10c3915

SHA1
eae62ae1bf33f23d9acef80a5e84b1b1018698fc

SHA256
931034224d8e6be813958cc737619a7e959e27853765bd7a39b241eed486e166

SHA512
a4cf8ee240c9d2dbee259508c9ea9056358dce7a7c4a98713b3ab03e8db9ef54522579128d9f2c02dc39942eb58bf9dd45d328249d80e6685507c7624c743bb3

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\locales\en-US.pak

Filesize
405KB

MD5
807e696d8e9c2f2b9c496d2ee8597765

SHA1
b3dfc5c31d31eba4027c22b46b1c16620cb1db47

SHA256
51c83234f1092346c044d2414c3f66f7b907ac5a0043ac6e0553d1e952e8b887

SHA512
ce1b18093eafa36ee87c7eaf12e6fed6eccb1b604df77ff027fcaf85013d21a481b33f971a16f2a17d8012cbd20b31b25c3a608be2765b7272c9aceb480db373

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources.pak

Filesize
5.1MB

MD5
d1601eb2b32d9be1dff034abc9d3b470

SHA1
6a71196a97f31483311d9b8f3df50aa93828bc9f

SHA256
4b539fa01e0ec37d9dc01795bf085952e228d52e9e8e3b3b54504f6d3273a3cb

SHA512
19b1db74f5a3c900e07076ae6d29c8549980a7feef9e0ceb4c2c96da85b4a6f43da903c16f27eff6fdb64ce09a5a11f7d5ad049b1315138a680e98252fec8984

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\licenses\is-FNTMT.tmp

Filesize
179KB

MD5
575506a8774d119bc036fc34a0a3b08a

SHA1
87864ccab15ab97a8698c1bdaa7db88d7a8dbcdf

SHA256
a8e9fd8d817925e0457587f9252dfd977bf17a4155a7ea67bf230d3283036a79

SHA512
39f515f5f7da39fd6e026cc3f7bbb269a60c635a51338073cf752352635936834280a68c1deb46fdfb263293716bafdc31ef569663175b0bea6385acbc36e24c

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar

Filesize
11.7MB

MD5
1dcc4978a88fb1a09a2d45c2c743d84d

SHA1
52eeddba62373d4e47be795a681a6a67dc3a78e7

SHA256
725b8076f02da4c7b564ff5fc7ffc7bcd400906a5ca0ba3db7af8dac05624256

SHA512
131fde8438d55a14d7281ea5de27fcb02ead97069455b59a2dcfa344fba397474c882deb27fa7b254c4561c5416a6ce16ee1e712bba0b4ca1436d5d0f7932822

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\@vscode\policy-watcher\build\Release\vscode-policy-watcher.node

Filesize
165KB

MD5
29cedc4b10c1e2d94840deb1a0d034af

SHA1
ed8db8765fdf49724f5fa68c2b944e11f974a45b

SHA256
ca46ee0b46e2f5cbc1927368f9ce041b9f0c3fd5d84ac8d3e595c2176e61b78d

SHA512
27ac6db8260d1d91ec9ba69a0891093e335297a12bbdbdfc0f23b971371ca1ad35de74048c46a542c6d099a7880b6b727d18c55313f40f5b4661b6df75fde318

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\@vscode\spdlog\build\Release\spdlog.node

Filesize
569KB

MD5
965890267480b0a4a58c08c5ceaf53ba

SHA1
2e4c580a40a34e3cc18bb557829a1d361db6ce10

SHA256
9d458e7c08268f80b61ca4c8b76c59e6a139d1083175e77a2ef0bb780e54fb22

SHA512
db14576f51b0c12d279eecd129d3b43ce7497443cd3dc9393b06b79d8e915b2f943e914b90f8e43cac76f1cd27109429c26764e684a4f13eee94c0c9a1574383

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\@vscode\sqlite3\build\Release\vscode-sqlite3.node

Filesize
1.6MB

MD5
0a69385e31003bc0d98e8165135b27c7

SHA1
e2741db4469e1791ad4ec4cffff6dae4ae15191e

SHA256
8c6d2e726f2254b9f121c2a5900b5c164e26f1b5f91ea546d92dc58bbff3907d

SHA512
c16cc2cc08be9e1e37d8a4bb9d9869059b839a06a015d4c60a6bf318f81989a15090d54d5751326a62e41766c1d0b473203ffc058b4dadcfc19482b81b6a7e75

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\@vscode\windows-mutex\build\Release\CreateMutex.node

Filesize
151KB

MD5
8dd01389c7a30ddceab20c3eede39b52

SHA1
084dec80125fd817d4e78478451ca5110bc54346

SHA256
00f4b59eef5503af42cb6ce9aaa1bdf00b7712968eca76fe27936dfd97261eef

SHA512
2e0b7dc24c31cf43ba97d7fd41ef53fdde3b2cf9c3c072949938fd8dd071c8e4a4fef78e0210c2671a2eb4d7c3bd10fec1e4bff1d8fddc8b02ba90e0784c228a

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\@vscode\windows-registry\build\Release\winregistry.node

Filesize
124KB

MD5
9e3e5a282bc1c6da21b8bb915cfaacac

SHA1
9f5a50b78cf08c4a1bccab54f908a3bf7572428f

SHA256
630d93df55029d75a49a8bb97f9ccde5304aa1bb2e08f4a380516633efaae7de

SHA512
6dfb088ad0023d06745a19d4c31e2f245a5a324c0d034f55a6b6d96d9b02dc13fdaa2ffb55c8a592a42468fb6d86f2afdc0b6f06de0c4e798c519522d5bb25db

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-is-elevated\build\Release\iselevated.node

Filesize
118KB

MD5
dd8d65731ca6feabad78f081ef8b1650

SHA1
7f2ac9131a09846549b5eeef50e3df9b21c6d566

SHA256
25b231c6a3920add8cf505164049779bad55fa171ba6b3fc885319831a76c490

SHA512
ed690441e054986dfedb386f010a170f721391f7379596a9846059e1688e927a85ebc842d45f65051013963e99b24c38bfd859aad9e1e719d84bac2dc382bc1a

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-keymap\build\Release\keymapping.node

Filesize
170KB

MD5
8111580984f047231cf0f92c7cc2d4e6

SHA1
7c6b40950af0022f61766381a6c17e32a0b8e0c2

SHA256
fdeba842b6725ad6eaf280cf123d4726eb8ab265fd2346fb04f2811a96d8fcc8

SHA512
acabdd4fc3302c2377fafe8ec31e92cf567992a12cd4166367d6513f38ec9953b1c77c65f98ad1a238e76997b70f39b0acf8ad5e23957d81b0a37e53a7b7aa34

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\out\main.js

Filesize
54KB

MD5
77145c42f4c5ad0aeef7268bd1146b10

SHA1
dbe2e6362de29393e5d9b4ded23a4c450d31b0a7

SHA256
d76dfff6e9017af320dda49b166ef9a045c5e5f41ca76afc5caccabb8526be63

SHA512
62fcfece034a9f17870cedc462e3e86cefed2f4984960464b7460da807a52484a7c6c5870fcd16696d3b2e4e66e8312deb713de71e91b8c01017992e1093a9ec

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\base\browser\ui\codicons\codicon\codicon.ttf

Filesize
77KB

MD5
b7764eb8526a2795f48c2ec2d2efa57f

SHA1
be14cf99579915141e66a70ad7f6959100038e3b

SHA256
a3faa75556eecb57d5e4b98b35888ad56a2508ce8d33db6f80f9990621dbb1b0

SHA512
a2b923db4c0eeff3d11abc0c1e886c1e7453ee3b80d256b884f2b16ca9efa691ae98ff9db132235f650f613b440a8e626e336ee72a6fa22fdfd4c3de37d7eab0

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\code\electron-main\main.js

Filesize
887KB

MD5
0406a92666112e501732bdf33403793b

SHA1
28a452e290e6f55af048dc69d0f2024cdd47a748

SHA256
6e7424829ef6286b07c03a4ea30199735a63306cee18d937cac951aabc8cd5db

SHA512
2760989b47aed8e73002b54e3c1c52e92f23dc35afb42bffc9c364d8594eb3c74d02ef6ad827e3de5b9162028a00bb189649f18345c8d6c2cd629911e8710fb8

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\code\electron-main\main.nls.js

Filesize
22KB

MD5
d73449b7decbcd8884f5e0869d973029

SHA1
d2dc2ce9421ed86b2118bc534be35fd156c448a0

SHA256
b63e50eb473479930aebf2f73460ec2bf5fb5c6ad282131c787e3f9a24ed6269

SHA512
6c7d960b1aa86554c90daa8cdc3e47e9da6077affd10300baffda55e50ef3a1670982afdfb5a1137ed8c075ee7feeb38c69dec09317a2eaccfc304cf4dbb521d

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\code\electron-sandbox\workbench\workbench.html

Filesize
1KB

MD5
758fc1e6066d814b937747d70fadd2d0

SHA1
bf94b3bbe56c113236a0bd4f5214e5f4e63a95e7

SHA256
30e1df1ecb88f822f89cfc320108ee14202316898d7a9faf72f8cbd2c2c395bc

SHA512
06a91dce84c3125fd47e88d119cd4249de1d3ff9557a246a4748629f00986d6f13ab22a6a2c9f2aa0529ba07b4379af03e171c26c5d681a773fc13b5e90e127e

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\code\electron-sandbox\workbench\workbench.js

Filesize
42KB

MD5
2681c820bcfc1c2918dfed2d9c5d5218

SHA1
5c0d61ae9c29480c088445cde01daf3de475259c

SHA256
d73212d55e5da405aff4dd7b51d1a8a5024b2f3bc167e0d99c264a8c11154db9

SHA512
d3df036d515028a39068fbd52f12c36da03baa2cce28b3380d512018f0a29899abaa76962c4cd3e11f6759ddbf88d9226172bc1c0b16bf23556f3b96f5958953

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\workbench\workbench.desktop.main.css

Filesize
629KB

MD5
9ca47ad4649ccacc91053d50da93448a

SHA1
2b9f14912153b1cbbd4cfc706eaf7e3911f28402

SHA256
161730e9c1efa4c2b5b4359030f3a2d5d461b96e240d218137df1cea015ec23d

SHA512
8f1dff69fae63a05a01b7ec3422275d62e099148744bac2bfd431097c1d456ce7a7b7c01013efaa1191839af0c59bc08878f3082bd75d0488418af3c36eecc31

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\workbench\workbench.desktop.main.js

Filesize
10.2MB

MD5
5518eb29bf8e97469c3f44987fa42a5c

SHA1
01a9abaaeb2f7dda4c3a312ac147c12086431d73

SHA256
8bc3dc1e3d3df5b3db5c72e87cc2463f16851b3a64458446ad10dcd40a3770fb

SHA512
d6e4b619a61c9e425decf947d6a86590fb970abef2e678003e1853a77c8401be4709cbcd35293ccfda1ffeeaa18c06a72867fe37106c7eca63aec50ff7139ef1

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\workbench\workbench.desktop.main.nls.js

Filesize
619KB

MD5
c58075480556acfccd30a7704b0af7e4

SHA1
5341fe92b9249997df19a938ad6518945ce5bf80

SHA256
cc698ea66e2b6700188825549cb626c9c93499d13aa18fdc772bce672d0a8fd8

SHA512
f30903d45ffcb85127cc2d10239e03880aa987a18b2e06130667d4a7e7fb1595d4e1d0e7a91120c77a695d8656b695e94a1c3ba9016947c1673c4d8615bfd9ea

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\package.json

Filesize
9KB

MD5
e38eda4af6a9b334edfcadfa1e7f324f

SHA1
778daa108b17b8638d181749f061b837cfcb3a6b

SHA256
acb81804bf6f924489a43045cbfa8f383125748ef4a745bec3200216b3697f31

SHA512
e4c19f834f7320cc5c94ddefb580d909b8e16491b54e68459d60b7f28e7e515c8524eb748d951f41ac0ac719431e4272ab4b32127e726805ee1651c82b138f82

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\product.json

Filesize
52KB

MD5
a6e4969060c32ba3566cc9ebae463c85

SHA1
e05ff82f835275235081172195a9f705f27284b4

SHA256
8c8df51184925314e3664dadaa8c22177792e2daa25595c8e6cf8a070741bb19

SHA512
1c3ea885406dd2c51c701889963b35f4ce7381605c447907ba2360604bb8ef4b599e1d198fc48096b30dda24a7e08ef1cb8566830fe4b729f2a9d4754ccdcbe2

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\v8_context_snapshot.bin

Filesize
611KB

MD5
c888aa7c2d1e7cd35a4389875e0e5224

SHA1
3933ba3765305e6bca6b5d21b612b4f298a777f5

SHA256
af3c29a83e8ddbd359c8800ba4271780258cd2461ae795d2defb6ed1b02cad26

SHA512
ade89280958aa38403b9f5eeb14915490294d168509f9438d5b19193990dbeb3660bc9af3295416679089deb1c86742b4aa52138a59fee8daf69d173f1ab0698

Download Submit
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\vk_swiftshader.dll

Filesize
5.0MB

MD5
b3877d8eb017b572248f06aae39f7e2c

SHA1
0d16edaccdb7a94ea84dc54acd90b56eed26f36b

SHA256
aba6651b3c36202c42ca07513bbe4b2336dfa1e85b43b22ac9f61874306db800

SHA512
5e566ba91aad60f3cfbaf0a8ab94b4f587a515bbb28233fc62d1409547e0231c24fb095325b769b3260b5c62485b9d21c7123c0f80ca5dbcd6023ae1baa443c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_lh22cpmf.bid.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-IKO6U.tmp\VSCodeUserSetup-x64-1.87.2.tmp

Filesize
2.5MB

MD5
08bad8b3ab24228153d39cf2fe9bc594

SHA1
29a7be666f2324bb4251ec26797ff10509295f11

SHA256
b42ca875bd9277a36314da74737b17c0b5acec9d7371eadc749321435422fbc6

SHA512
9652a1ec8367be9665f9c2eac55dc8c9077318e4343e9a316d350c4593759ccaaeeacf7cd77d334741d3c653dc0e28a640acb87c9f19d894b3a89784eeb9f5d6

Download Submit
C:\Users\Admin\AppData\Roaming\Code\CachedData\863d2581ecda6849923a2118d93a088b0745d9d6\chrome\js\index-dir\the-real-index

Filesize
48B

MD5
9b5dea3e507658137dd80c0f6d983c45

SHA1
74d00bd68cb36cbae2b94043bca9eaa0922e5480

SHA256
9d50de0d39dc10b22f470ee8e7976da82f0f8a3146cdd6f73ef51de56c1802ea

SHA512
fbd9ce2043cb267f64c8263b7150eb00884dc913473b1cd5945017945ef9d383e56c7364ff885c8722013dce1dcfddbb7d1cf8e23db6bf70f15940fd47463a29

Download Submit
C:\Users\Admin\AppData\Roaming\Code\CachedData\863d2581ecda6849923a2118d93a088b0745d9d6\chrome\js\index-dir\the-real-index

Filesize
216B

MD5
4f00648f2b618f30d1efc66de909d19e

SHA1
ff5c271a97ffaf10d0b4da9c6c974959e3d1c66d

SHA256
1356cafd6cfe89b103641dda9cd331e9d12eb6ac70a0d470e1492530c348813e

SHA512
f7601e434299da64971e97747fe61ec83685d047f795580fc6a94a49f7b8fc090ce2d40353886b6292fe4400a7943f726ca733eceb48360e138843f89008908b

Download Submit
C:\Users\Admin\AppData\Roaming\Code\Network\Network Persistent State

Filesize
650B

MD5
e2d5d53f2c7aea8f1bb1598fa2af0431

SHA1
03dc3a41f9a40f564e537adf4084ab34b4997b17

SHA256
d38c681f693faf6fb8b3d9bec223db18e1eb8ac15c25b1424e4a66d5b40a4767

SHA512
aa69f0d3c5d16543ab1428a8bc178feecd33343c8260241d57996fd65e02707c45ba79566d212872c9d02e97e5fff249eed04f31ebcc3b76446840aa3b9c4faf

Download Submit
C:\Users\Admin\AppData\Roaming\Code\Network\Network Persistent State~RFe596a88.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\Code\Service Worker\CacheStorage\1806ad932d63b071231039141109e1ed44155046\3d604ae7-75a0-4ac0-a3a9-fad30108c966\index-dir\the-real-index

Filesize
144B

MD5
988da32669b52aa48b7930868334345e

SHA1
3ab607530bbd0127107c6d300d47143e6cd11af3

SHA256
5623a5088a192453052ee2fa65d937edcb823c4ae25248e5977bbf9e113d80f1

SHA512
3986e9f10dd166755b03cb00ba1c4dd98684ec595ef2f0361c3ea2d9fa84506f23c69f2437d70e3de4d303830046d4e1f29cdb9697d1f0fc6fc0a27263638243

Download Submit
C:\Users\Admin\AppData\Roaming\Code\Service Worker\CacheStorage\1806ad932d63b071231039141109e1ed44155046\3d604ae7-75a0-4ac0-a3a9-fad30108c966\index-dir\the-real-index~RFe58ab2f.TMP

Filesize
48B

MD5
7995c280326ca576ac5aa8b0ff1421b9

SHA1
746c3d9f3ebcda03ecf75ac7d4c08f66b5e1b2ea

SHA256
e5def239d6a98f0b37c0b9385cb78a62e34d5609feaea5af53c9ab8d2b2acb60

SHA512
9f8f85e82744e775b7c869a539acfa31389175312b993d7b42560b9e4a26f22be7fd7f324c85cc0484ae1a3c1ec5d31b1e843d142d913f88192bf93f85254d8f

Download Submit
C:\Users\Admin\AppData\Roaming\Code\Service Worker\CacheStorage\1806ad932d63b071231039141109e1ed44155046\index.txt

Filesize
221B

MD5
ededcfe127e98ea7b9774a696c5cf257

SHA1
e683be4e819952f249ad7d0820ddd33e5e079e30

SHA256
11c337ccbc5fc9c4417f160e1cfd4bd9f0a72b8f006197bbe5e73a92a0a7e432

SHA512
2fd82a10f1567c2a148d523e59bea2c95f8d52e2919bf11ada58230e75c55613affed9b44147ffd7a8cc66db17c21444a28b25391aac9a987561efffb0871f77

Download Submit
C:\Users\Admin\AppData\Roaming\Code\Service Worker\CacheStorage\1806ad932d63b071231039141109e1ed44155046\index.txt~RFe58ab5e.TMP

Filesize
226B

MD5
fd5b0c61406bab3d5079279d5bad266c

SHA1
e3bc2c174fb911d7c49aa09da25f6f40892b72ee

SHA256
25497a277f4c9f400dda2137a5a42c981a905b7fc5e2199b236aaadcca8d383d

SHA512
5680f2acd5f7fb1b0547150085c8f352bddcf206eab64719c4edab51c1e3bd98d7eacd20b5f8607afe96d52a3937d57fabe5741a78575e24abf78eff1bc7cb0b

Download Submit
C:\Users\Admin\AppData\Roaming\Code\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\Code\Service Worker\ScriptCache\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Roaming\Code\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
b7ceabaa37c77662751fc0d37d85eaa7

SHA1
f56a8c6f087072fa3c09a607374a58ed89d17a2f

SHA256
243b5d5abd93d2e335d472c1eeecdfaa0a7196a26785c2671a86c7d37858bbac

SHA512
f7c18cbe4805b291733660f7797073e07194c2d0b496717b2bb2fbf7a855e095ea583b694454f3bf1a3593e7a09c4b7b72a789125727613cbdc2f081a1d8631e

Download Submit
C:\Users\Admin\AppData\Roaming\Code\Service Worker\ScriptCache\index-dir\the-real-index~RFe58aaf1.TMP

Filesize
72B

MD5
ebed9f63afa2e97b5aa74df197a22d72

SHA1
59776d1ecd2b11d10e0ebf3a79328c772543a438

SHA256
5f51fe143033171823bdab6fd5485c11faaa4a5f10d8f32df8998581737d4dc7

SHA512
2a363d5ddf439ed0e6b5c6386fac2bd25d6d3bc97c73679118260c7e26d96e0eadef46056823f651511faeed0c7b722d33bcb90971d217fcbb090b29b0b41715

Download Submit
C:\Users\Admin\AppData\Roaming\Code\User\globalStorage\storage.json

Filesize
172B

MD5
c75c19e02f4cd28970abc6590c916c67

SHA1
316f580e859556c359b6d40ba7fac630597b8502

SHA256
5d818be1e0e819c2c882a6123457f2dad1197f97da6b3069f76d389c642577b5

SHA512
0a728d6fccd7eb8ffeaf8d85d8d77e6ba7b6410070a7a3c9309fb376c30b5de674e2485af483b72c5d923af268a92b1fb8ae4279657cd658fe91b15c6a8b774e

Download Submit
C:\Users\Admin\AppData\Roaming\Code\User\globalStorage\storage.json.vsctmp

Filesize
1KB

MD5
0c55fcfe95f67481bc2669cb9a94e2b6

SHA1
14c1e4299f52ce7552d9410b7303e24c8fd609d2

SHA256
c73b628a528427298c5f36c7ec63a8e7aa988667a02f54741119569b9b661bd0

SHA512
64237d4fb8ea04db2426a242bb488011ee55c33ee9de3b96c5d50786cdbffd5b72b6d714baaef567158a7bd2806e5490d2cea01cb439dc67eff7f542747df06c

Download Submit
C:\Users\Admin\AppData\Roaming\Code\User\globalStorage\storage.json.vsctmp

Filesize
587B

MD5
5aaef6c62145b5c8dd44d00037341a5e

SHA1
3f6c1cfe6f8118c32e837009ff4740f83a1be9ef

SHA256
e0e8cb895207fcb97f7bf0acf69c434979ddc9a5769b6366e7eb9b6073f07259

SHA512
589141cae992aef0cd30710b746d6a4782abfd3cf1c3fdd6974b6815833e61d6ba639671460c1b1aaeae263a4973d5cc8f51b0df266e8acfb4325d402b686a48

Download Submit
C:\Users\Admin\AppData\Roaming\Code\User\globalStorage\storage.json.vsctmp

Filesize
1KB

MD5
2623d1d65c09a8ed531ee00200cbb706

SHA1
568f426da057e335b57b1d832d50ee071566160a

SHA256
924ebd506d1842750d876e5f880fed7477f928a9924c5c4b94f443bd5d981d54

SHA512
e35b9657b748db34c2b4019bb829ad4cf2ca65263074faec5e3df90695aa9ad5d2358e90388be95b166fe905ec7660460ec976607fcbf67a9e13a0fd02bf7b8b

Download Submit
C:\Users\Admin\AppData\Roaming\Code\User\globalStorage\storage.json.vsctmp

Filesize
618B

MD5
62793367f636e44714f3c3df5f9255b0

SHA1
1f911e4f7cbeedb7d0c95c39149ba6decefe46a3

SHA256
b858c8b31408ca761f75e14fff9c34b660e605be9cad95157e16e56ad334b96f

SHA512
90376579ddcd28c31cd9b61fedbd866eebcbcdfaa0ca00e8d69d399519457a82ec16046196e9c7781be7c9aac34da1859a9a02677eaac78b446cd27b7ac8a653

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\extensions\bat\package.json

Filesize
771B

MD5
1e22094fafab2866f78cd1b8bb73d064

SHA1
fac617fe1d76d60213fd2b80c0f1439e8601342f

SHA256
42c92eb0bbba2d51399d75efe2fa103e07a4adc63fa55ce71a07485f772be40f

SHA512
a9b798b984d7931faa865b62df571ff4d3579a7e3bcee1054cfc00821a85ce53e469a2ae16c6ad69c0d975d4d80e01c1900c516ae9cee9dc2bdef05b6c0f425e

Download Submit
\??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\extensions\clojure\package.json

Filesize
811B

MD5
25e6ef69ede839e0c3d07e7c9bfc773a

SHA1
a5d12534ef9789161b85e149e4f29fbe7707283b

SHA256
e841f4905101662239dad6063ded97ba4c00b221db48a3abd1ac3c1b14abe169

SHA512
cb1488ec9719d46a4b088f74d0ed944362e5915aad95d7a5743467977e24ff33cf250d2c8f63843b0a669c546e0bb1c41cd2ed39bb33aeae25cb73e10d3894ff

Download Submit
\??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\extensions\coffeescript\package.json

Filesize
979B

MD5
99429503e8cbcf7b356110bf52617cf2

SHA1
1b50c39a3f8383c5b5c5da89a03b4f9f46130163

SHA256
c1f3a57e987368ab64badd7317920906a48129c32de3dea0fdcf0a6156d6b9d8

SHA512
f11e5ee749ec8dbe3e05a538e08a5434e5422fec5cd971aafb9f10fca064e03e334a06d4011e6d25815c341b77938c42d4f5275214b6f03b0eb288c6a400caad

Download Submit
\??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\extensions\configuration-editing\package.json

Filesize
3KB

MD5
f5d7afc0e5768020c9ec5bba5ff8e5f3

SHA1
e5ac6d60df1f78274c7f99bb424c13a3e1cff6cc

SHA256
ae498e632f7cddbc62faf8fff91825d1eb9e02272a229646ed5efb65345feb53

SHA512
105bdd700a22599f5f58c7b490faee68a362fe10b336b76ad2a8c847896a021f28475ea9b03c7da6be4ccaed06bb6fd64ea4ab2ce502c0c5d34c793dc69b6759

Download Submit
\??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\extensions\cpp\package.json

Filesize
1KB

MD5
1c43e53ed97e54614f03fa469dbd5cce

SHA1
20e41e6ba99028455f24cd797ba6963df07255c3

SHA256
dc8411f965bad0323a3ab19aaefd9d1776c56d7f8beb02fcee51ad97fa93b086

SHA512
36175e37c68dc1ce0cb50d1d3a196d2689016e860f7452977a73b0564df5cc113407c365e8e747cffe0bacb23e228fac6ba8fed98e4ebcb2212f6107dcf71597

Download Submit
\??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\extensions\csharp\package.json

Filesize
855B

MD5
0d80ef098430da05bf642cb5f02149c8

SHA1
7b4f2e1d6219fddd5b3d607cacefb78cc7f12cf5

SHA256
34dd3c20a8f3e6cc3801716c12bdb8efa1a02d3504d120f25e380a2c9ab64419

SHA512
975c61d9fcb82cffbb58c028facf6ac094a8e21ff6e99597a9e16d744b9719b5eb4718fcf8e3f973f4d80b57af162cabf71b9683e503d1423edbcbd3176f0c1c

Download Submit
\??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\extensions\css-language-features\package.json

Filesize
16KB

MD5
03c26015c9eee9a2a01322b27b169d1f

SHA1
c87a5d2a244e5f9f1e59791793e8afbe424214a2

SHA256
dfb1b5600d806c8ff192ac2046b1d486143f4216892277ba0838e95f546dfb90

SHA512
843352c36d3987e7a24fd90d493267f1424419c8ed1ace576659c6900da6dfbc78829497bfab4823b2517480801d446806ab9b991e529124f25b8d1af7b6fe01

Download Submit
\??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\extensions\css\package.json

Filesize
739B

MD5
6e4ba5ea1287ef4a0049fc58d44687c6

SHA1
3706e2656f5cdc7d4ef4094bb512a9fbcc257c5f

SHA256
a56810c715aa462cec304dd9b7d1c21422dc2c711776461a2a8d394bb5f0434a

SHA512
55feb495e27cc250eeb9f969c48cb991696c44fc3cad180138a56bc45784bc18fbd20c5acb8d08158f3c7386c34bdb8d7e1c0ffa1208d2992246d183c60a97a4

Download Submit
\??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\extensions\dart\package.json

Filesize
595B

MD5
4b6b4faf4d7a577d4b59b52d7f73e399

SHA1
d1c2561acf2befd365d07c5325c307355859289d

SHA256
3152275d736be77861f04e1734cdbb969efb15725dc590c33dc564d1551bdc1c

SHA512
fa945c732ed23385d559c7feeb785dfcdeebd73e9bac92a19859469bf5d20dd825542483124b6969a3aa984c638731aacdc4180c4b72f232f7ae35bf51d9d95d

Download Submit
\??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\base\parts\sandbox\electron-sandbox\preload.js

Filesize
2KB

MD5
c99ffd59320e3080795530e5014a5d7a

SHA1
7fbb48b3f94b5f2aaff701bcee1add6f68908a4d

SHA256
9cf2ad18fe9c1135f1823b11d9a44b2ee2fc607f15fd7bff3caa09fc66b2b6dc

SHA512
b5faae3748332d42fed57b900dd56d3319b10f80e91f9e34c469703eb12bca9c56c1c47d5006b89062783c568f3549493d47ca854b41a60ecabbf4ff4ba9ec39

Download Submit
memory/996-2-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/996-2183-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/996-8-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/996-0-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/3200-30-0x00000000061E0000-0x000000000622C000-memory.dmp

Filesize
304KB

Download
memory/3200-18-0x0000000005BD0000-0x0000000005C36000-memory.dmp

Filesize
408KB

Download
memory/3200-12-0x000000007270E000-0x000000007270F000-memory.dmp

Filesize
4KB

Download
memory/3200-38-0x0000000072700000-0x0000000072EB1000-memory.dmp

Filesize
7.7MB

Download
memory/3200-35-0x00000000083F0000-0x0000000008A6A000-memory.dmp

Filesize
6.5MB

Download
memory/3200-34-0x00000000077C0000-0x0000000007D66000-memory.dmp

Filesize
5.6MB

Download
memory/3200-33-0x0000000006700000-0x0000000006722000-memory.dmp

Filesize
136KB

Download
memory/3200-31-0x0000000007170000-0x0000000007206000-memory.dmp

Filesize
600KB

Download
memory/3200-32-0x00000000066B0000-0x00000000066CA000-memory.dmp

Filesize
104KB

Download
memory/3200-13-0x0000000002D00000-0x0000000002D36000-memory.dmp

Filesize
216KB

Download
memory/3200-29-0x00000000061A0000-0x00000000061BE000-memory.dmp

Filesize
120KB

Download
memory/3200-28-0x0000000005CB0000-0x0000000006007000-memory.dmp

Filesize
3.3MB

Download
memory/3200-19-0x0000000005C40000-0x0000000005CA6000-memory.dmp

Filesize
408KB

Download
memory/3200-15-0x0000000005430000-0x0000000005A5A000-memory.dmp

Filesize
6.2MB

Download
memory/3200-17-0x00000000052F0000-0x0000000005312000-memory.dmp

Filesize
136KB

Download
memory/3200-16-0x0000000072700000-0x0000000072EB1000-memory.dmp

Filesize
7.7MB

Download
memory/3200-14-0x0000000072700000-0x0000000072EB1000-memory.dmp

Filesize
7.7MB

Download
memory/3592-2233-0x00007FFE29CD0000-0x00007FFE29CD1000-memory.dmp

Filesize
4KB

Download
memory/3592-2234-0x00007FFE28A10000-0x00007FFE28A11000-memory.dmp

Filesize
4KB

Download
memory/4336-69-0x0000000000400000-0x000000000068E000-memory.dmp

Filesize
2.6MB

Download
memory/4336-2118-0x0000000000400000-0x000000000068E000-memory.dmp

Filesize
2.6MB

Download
memory/4336-11-0x0000000000400000-0x000000000068E000-memory.dmp

Filesize
2.6MB

Download
memory/4336-9-0x0000000000400000-0x000000000068E000-memory.dmp

Filesize
2.6MB

Download
memory/4336-2149-0x0000000000400000-0x000000000068E000-memory.dmp

Filesize
2.6MB

Download
memory/4336-6-0x0000000000400000-0x000000000068E000-memory.dmp

Filesize
2.6MB

Download