hxxp://google[.]com

Analysis

max time kernel
192s
max time network
201s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
21-12-2024 03:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

8^/10

microsoft credential_access defense_evasion discovery execution phishing spyware stealer

Malware Config

Signatures

Downloads MZ/PE file
A potential corporate email address has been identified in the URL: [email protected]?v
phishing
Credentials from Password Stores: Windows Credential Manager 1 TTPs
Suspicious access to Credentials History.
credential_access stealer

Windows Credential Manager
T1555.004

Executes dropped EXE 28 IoCs

pid	Process
568	VSCodeSetup-x64-1.96.2.exe
3448	VSCodeSetup-x64-1.96.2.tmp
3876	Code.exe
772	Code.exe
4568	Code.exe
488	Code.exe
3220	Code.exe
4624	Code.exe
4088	Code.exe
3716	Code.exe
2824	Code.exe
4496	code-tunnel.exe
3420	Code.exe
4464	vsce-sign.exe
6776	Code.exe
6868	Code.exe
7272	Code.exe
7292	Code.exe
7836	rg.exe
5528	Code.exe
5140	Code.exe
1760	Code.exe
5332	Code.exe
5620	Code.exe
5668	rg.exe
6324	Code.exe
3340	rg.exe
6540	rg.exe

Loads dropped DLL 36 IoCs

pid	Process
3876	Code.exe
772	Code.exe
4568	Code.exe
772	Code.exe
772	Code.exe
772	Code.exe
772	Code.exe
3876	Code.exe
3876	Code.exe
3876	Code.exe
3876	Code.exe
3876	Code.exe
3876	Code.exe
3876	Code.exe
488	Code.exe
3876	Code.exe
3220	Code.exe
4624	Code.exe
4088	Code.exe
3716	Code.exe
4624	Code.exe
2824	Code.exe
4088	Code.exe
3876	Code.exe
3420	Code.exe
6868	Code.exe
7272	Code.exe
7292	Code.exe
7272	Code.exe
7292	Code.exe
5528	Code.exe
5140	Code.exe
5332	Code.exe
1760	Code.exe
5620	Code.exe
6324	Code.exe

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
4184	icacls.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135
Detected potential entity reuse from brand MICROSOFT.
phishing microsoft

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft VS Code\resources\app\node_modules\undici\lib\core\is-VND1R.tmp	VSCodeSetup-x64-1.96.2.tmp
File created	C:\Program Files\Microsoft VS Code\resources\app\node_modules\@vscode\vsce-sign\bin\is-J16OF.tmp	VSCodeSetup-x64-1.96.2.tmp
File created	C:\Program Files\Microsoft VS Code\resources\app\node_modules\font-ligatures\dist\processors\is-9VAUM.tmp	VSCodeSetup-x64-1.96.2.tmp
File created	C:\Program Files\Microsoft VS Code\resources\app\node_modules\@microsoft\applicationinsights-core-js\dist\is-SAS0F.tmp	VSCodeSetup-x64-1.96.2.tmp
File created	C:\Program Files\Microsoft VS Code\resources\app\node_modules\inherits\is-J3DV4.tmp	VSCodeSetup-x64-1.96.2.tmp
File created	C:\Program Files\Microsoft VS Code\resources\app\node_modules\smart-buffer\is-S9RJS.tmp	VSCodeSetup-x64-1.96.2.tmp
File created	C:\Program Files\Microsoft VS Code\resources\app\extensions\html-language-features\is-I1H5V.tmp	VSCodeSetup-x64-1.96.2.tmp
File created	C:\Program Files\Microsoft VS Code\resources\app\extensions\ms-vscode.js-debug\resources\dark\is-PKGJR.tmp	VSCodeSetup-x64-1.96.2.tmp
File created	C:\Program Files\Microsoft VS Code\resources\app\node_modules\inherits\is-OKE68.tmp	VSCodeSetup-x64-1.96.2.tmp
File created	C:\Program Files\Microsoft VS Code\resources\app\node_modules\node-pty\lib\is-88EU2.tmp	VSCodeSetup-x64-1.96.2.tmp
File created	C:\Program Files\Microsoft VS Code\resources\app\node_modules\@vscode\sqlite3\lib\is-UVLK4.tmp	VSCodeSetup-x64-1.96.2.tmp
File created	C:\Program Files\Microsoft VS Code\resources\app\node_modules\define-lazy-prop\is-MGCQC.tmp	VSCodeSetup-x64-1.96.2.tmp
File created	C:\Program Files\Microsoft VS Code\resources\app\node_modules\@vscode\deviceid\is-L0AL3.tmp	VSCodeSetup-x64-1.96.2.tmp
File created	C:\Program Files\Microsoft VS Code\resources\app\node_modules\picomatch\lib\is-PL9S7.tmp	VSCodeSetup-x64-1.96.2.tmp
File created	C:\Program Files\Microsoft VS Code\locales\is-IRB4P.tmp	VSCodeSetup-x64-1.96.2.tmp
File created	C:\Program Files\Microsoft VS Code\resources\app\extensions\theme-defaults\themes\is-TKP78.tmp	VSCodeSetup-x64-1.96.2.tmp
File created	C:\Program Files\Microsoft VS Code\resources\app\extensions\html-language-features\schemas\is-USNIQ.tmp	VSCodeSetup-x64-1.96.2.tmp
File created	C:\Program Files\Microsoft VS Code\resources\app\node_modules\picomatch\is-IPHND.tmp	VSCodeSetup-x64-1.96.2.tmp
File created	C:\Program Files\Microsoft VS Code\resources\app\node_modules\readable-stream\is-R5NB2.tmp	VSCodeSetup-x64-1.96.2.tmp
File created	C:\Program Files\Microsoft VS Code\resources\app\node_modules\@xterm\addon-unicode11\lib\is-KDB2U.tmp	VSCodeSetup-x64-1.96.2.tmp
File created	C:\Program Files\Microsoft VS Code\resources\app\node_modules\yazl\is-E3THH.tmp	VSCodeSetup-x64-1.96.2.tmp
File opened for modification	C:\Program Files\Microsoft VS Code\unins000.dat	VSCodeSetup-x64-1.96.2.tmp
File created	C:\Program Files\Microsoft VS Code\resources\app\extensions\pug\syntaxes\is-N12SF.tmp	VSCodeSetup-x64-1.96.2.tmp
File created	C:\Program Files\Microsoft VS Code\resources\app\licenses\is-ALDLA.tmp	VSCodeSetup-x64-1.96.2.tmp
File created	C:\Program Files\Microsoft VS Code\resources\app\extensions\ms-vscode.js-debug\src\is-LN24M.tmp	VSCodeSetup-x64-1.96.2.tmp
File created	C:\Program Files\Microsoft VS Code\resources\app\extensions\markdown-basics\is-CVON4.tmp	VSCodeSetup-x64-1.96.2.tmp
File created	C:\Program Files\Microsoft VS Code\resources\app\resources\win32\is-FGH3N.tmp	VSCodeSetup-x64-1.96.2.tmp
File created	C:\Program Files\Microsoft VS Code\resources\app\node_modules\@vscode\sudo-prompt\is-ALUR6.tmp	VSCodeSetup-x64-1.96.2.tmp
File created	C:\Program Files\Microsoft VS Code\resources\app\node_modules\mkdirp\bin\is-VN328.tmp	VSCodeSetup-x64-1.96.2.tmp
File created	C:\Program Files\Microsoft VS Code\resources\app\node_modules\undici\lib\web\websocket\is-P2IQ5.tmp	VSCodeSetup-x64-1.96.2.tmp
File created	C:\Program Files\Microsoft VS Code\resources\app\extensions\markdown-math\notebook-out\fonts\is-70QLE.tmp	VSCodeSetup-x64-1.96.2.tmp
File created	C:\Program Files\Microsoft VS Code\resources\app\node_modules\@microsoft\1ds-post-js\is-U4LHV.tmp	VSCodeSetup-x64-1.96.2.tmp
File created	C:\Program Files\Microsoft VS Code\resources\app\out\media\is-KNETD.tmp	VSCodeSetup-x64-1.96.2.tmp
File created	C:\Program Files\Microsoft VS Code\resources\app\out\vs\workbench\is-MREAB.tmp	VSCodeSetup-x64-1.96.2.tmp
File created	C:\Program Files\Microsoft VS Code\bin\is-BM65R.tmp	VSCodeSetup-x64-1.96.2.tmp
File created	C:\Program Files\Microsoft VS Code\resources\app\extensions\theme-kimbie-dark\is-K2QI9.tmp	VSCodeSetup-x64-1.96.2.tmp
File created	C:\Program Files\Microsoft VS Code\resources\app\node_modules\chrome-remote-interface\bin\is-0EMH6.tmp	VSCodeSetup-x64-1.96.2.tmp
File created	C:\Program Files\Microsoft VS Code\resources\app\node_modules\file-uri-to-path\is-RTNEF.tmp	VSCodeSetup-x64-1.96.2.tmp
File created	C:\Program Files\Microsoft VS Code\resources\app\node_modules\semver\classes\is-TMI9A.tmp	VSCodeSetup-x64-1.96.2.tmp
File created	C:\Program Files\Microsoft VS Code\resources\app\node_modules\vscode-regexpp\is-OGROE.tmp	VSCodeSetup-x64-1.96.2.tmp
File created	C:\Program Files\Microsoft VS Code\resources\app\extensions\clojure\syntaxes\is-P4G0F.tmp	VSCodeSetup-x64-1.96.2.tmp
File created	C:\Program Files\Microsoft VS Code\resources\app\extensions\debug-auto-launch\is-MI095.tmp	VSCodeSetup-x64-1.96.2.tmp
File created	C:\Program Files\Microsoft VS Code\resources\app\node_modules\semver\ranges\is-55ILI.tmp	VSCodeSetup-x64-1.96.2.tmp
File created	C:\Program Files\Microsoft VS Code\resources\app\out\vs\platform\accessibilitySignal\browser\media\is-4AFMS.tmp	VSCodeSetup-x64-1.96.2.tmp
File created	C:\Program Files\Microsoft VS Code\resources\app\resources\win32\is-G67HQ.tmp	VSCodeSetup-x64-1.96.2.tmp
File created	C:\Program Files\Microsoft VS Code\resources\app\extensions\node_modules\typescript\lib\is-KJ8SI.tmp	VSCodeSetup-x64-1.96.2.tmp
File created	C:\Program Files\Microsoft VS Code\resources\app\node_modules\opentype.js\dist\is-MMQBM.tmp	VSCodeSetup-x64-1.96.2.tmp
File created	C:\Program Files\Microsoft VS Code\resources\app\node_modules\ieee754\is-GEM40.tmp	VSCodeSetup-x64-1.96.2.tmp
File created	C:\Program Files\Microsoft VS Code\resources\app\node_modules\undici\lib\web\websocket\is-T920L.tmp	VSCodeSetup-x64-1.96.2.tmp
File created	C:\Program Files\Microsoft VS Code\resources\app\extensions\typescript-language-features\resources\walkthroughs\is-NUUGA.tmp	VSCodeSetup-x64-1.96.2.tmp
File created	C:\Program Files\Microsoft VS Code\resources\app\node_modules\@microsoft\applicationinsights-shims\dist\umd\is-QEBTJ.tmp	VSCodeSetup-x64-1.96.2.tmp
File created	C:\Program Files\Microsoft VS Code\resources\app\extensions\markdown-math\notebook-out\fonts\is-S76BO.tmp	VSCodeSetup-x64-1.96.2.tmp
File created	C:\Program Files\Microsoft VS Code\resources\app\extensions\node_modules\typescript\lib\is-FH3FT.tmp	VSCodeSetup-x64-1.96.2.tmp
File created	C:\Program Files\Microsoft VS Code\resources\app\extensions\node_modules\typescript\lib\is-DUOE7.tmp	VSCodeSetup-x64-1.96.2.tmp
File created	C:\Program Files\Microsoft VS Code\resources\app\node_modules\@microsoft\applicationinsights-shims\dist\esm\is-V5Q2O.tmp	VSCodeSetup-x64-1.96.2.tmp
File created	C:\Program Files\Microsoft VS Code\resources\app\node_modules\@xterm\xterm\is-B1ISD.tmp	VSCodeSetup-x64-1.96.2.tmp
File created	C:\Program Files\Microsoft VS Code\resources\app\node_modules\jschardet\scripts\is-37JIE.tmp	VSCodeSetup-x64-1.96.2.tmp
File created	C:\Program Files\Microsoft VS Code\resources\app\node_modules\semver\internal\is-ADEDU.tmp	VSCodeSetup-x64-1.96.2.tmp
File created	C:\Program Files\Microsoft VS Code\resources\app\node_modules\uuid\dist\esm-browser\is-PUD8N.tmp	VSCodeSetup-x64-1.96.2.tmp
File created	C:\Program Files\Microsoft VS Code\resources\app\extensions\git\resources\icons\light\is-VS4VD.tmp	VSCodeSetup-x64-1.96.2.tmp
File created	C:\Program Files\Microsoft VS Code\resources\app\extensions\github\dist\is-B3BKU.tmp	VSCodeSetup-x64-1.96.2.tmp
File created	C:\Program Files\Microsoft VS Code\resources\app\node_modules.asar.unpacked\vsda\rust\web\is-JDSCQ.tmp	VSCodeSetup-x64-1.96.2.tmp
File created	C:\Program Files\Microsoft VS Code\resources\app\node_modules\undici\lib\web\cache\is-LQK89.tmp	VSCodeSetup-x64-1.96.2.tmp
File created	C:\Program Files\Microsoft VS Code\resources\app\extensions\debug-server-ready\is-ATO6O.tmp	VSCodeSetup-x64-1.96.2.tmp

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	Code.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\VSCodeSetup-x64-1.96.2.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
2364	powershell.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VSCodeSetup-x64-1.96.2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VSCodeSetup-x64-1.96.2.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
1760	Code.exe
5620	Code.exe

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Code.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Code.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	Code.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Code.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Code.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Code.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Code.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133792239273393777"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.containerfile	VSCodeSetup-x64-1.96.2.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VSCode.dockerfile\ = "Dockerfile Source File"	VSCodeSetup-x64-1.96.2.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VSCode.mdown\AppUserModelID = "Microsoft.VisualStudioCode"	VSCodeSetup-x64-1.96.2.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VSCode.sh\shell\open\command\ = "\"C:\\Program Files\\Microsoft VS Code\\Code.exe\" \"%1\""	VSCodeSetup-x64-1.96.2.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VSCode.t	VSCodeSetup-x64-1.96.2.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.yaml\OpenWithProgids\VSCode.yaml	VSCodeSetup-x64-1.96.2.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.zsh\OpenWithProgids\VSCode.zsh	VSCodeSetup-x64-1.96.2.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VSCode.pm6\AppUserModelID = "Microsoft.VisualStudioCode"	VSCodeSetup-x64-1.96.2.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VSCode.rst\shell\open\Icon = "\"C:\\Program Files\\Microsoft VS Code\\Code.exe\""	VSCodeSetup-x64-1.96.2.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\VSCode.cfg\shell\open\command	VSCodeSetup-x64-1.96.2.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\VSCode.t\shell\open	VSCodeSetup-x64-1.96.2.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\VSCode.wxs\DefaultIcon	VSCodeSetup-x64-1.96.2.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\VSCode.dockerfile\shell\open\command	VSCodeSetup-x64-1.96.2.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.pl\OpenWithProgids\VSCode.pl	VSCodeSetup-x64-1.96.2.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VSCode.pyi\shell\open\command\ = "\"C:\\Program Files\\Microsoft VS Code\\Code.exe\" \"%1\""	VSCodeSetup-x64-1.96.2.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VSCode.cfg\DefaultIcon\ = "C:\\Program Files\\Microsoft VS Code\\resources\\app\\resources\\win32\\config.ico"	VSCodeSetup-x64-1.96.2.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\VSCode.cs	VSCodeSetup-x64-1.96.2.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VSCode.dtd\ = "Document Type Definition Source File"	VSCodeSetup-x64-1.96.2.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VSCode.java\AppUserModelID = "Microsoft.VisualStudioCode"	VSCodeSetup-x64-1.96.2.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VSCode.ps1\ = "PowerShell Source File"	VSCodeSetup-x64-1.96.2.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VSCode.r\shell\open	VSCodeSetup-x64-1.96.2.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VSCode.containerfile\DefaultIcon\ = "C:\\Program Files\\Microsoft VS Code\\resources\\app\\resources\\win32\\default.ico"	VSCodeSetup-x64-1.96.2.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\VSCode.mdoc\shell\open	VSCodeSetup-x64-1.96.2.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.gemspec	VSCodeSetup-x64-1.96.2.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VSCode.go\shell\open	VSCodeSetup-x64-1.96.2.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\.pl6\OpenWithProgids	VSCodeSetup-x64-1.96.2.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VSCode.pl6\AppUserModelID = "Microsoft.VisualStudioCode"	VSCodeSetup-x64-1.96.2.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VSCode.r\DefaultIcon\ = "C:\\Program Files\\Microsoft VS Code\\resources\\app\\resources\\win32\\default.ico"	VSCodeSetup-x64-1.96.2.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\VSCode.rst\shell\open	VSCodeSetup-x64-1.96.2.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VSCode.rt	VSCodeSetup-x64-1.96.2.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VSCode.cxx\shell\open\Icon = "\"C:\\Program Files\\Microsoft VS Code\\Code.exe\""	VSCodeSetup-x64-1.96.2.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VSCode.dot\shell\open\command\ = "\"C:\\Program Files\\Microsoft VS Code\\Code.exe\" \"%1\""	VSCodeSetup-x64-1.96.2.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VSCode.handlebars\shell\open\Icon = "\"C:\\Program Files\\Microsoft VS Code\\Code.exe\""	VSCodeSetup-x64-1.96.2.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\VSCode.hbs\DefaultIcon	VSCodeSetup-x64-1.96.2.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VSCode.scss\shell\open	VSCodeSetup-x64-1.96.2.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VSCode.cjs\shell\open	VSCodeSetup-x64-1.96.2.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VSCode.clojure\AppUserModelID = "Microsoft.VisualStudioCode"	VSCodeSetup-x64-1.96.2.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VSCode.erb\shell\open	VSCodeSetup-x64-1.96.2.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.handlebars	VSCodeSetup-x64-1.96.2.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\VSCode.hbs\shell\open\command	VSCodeSetup-x64-1.96.2.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VSCode.properties\AppUserModelID = "Microsoft.VisualStudioCode"	VSCodeSetup-x64-1.96.2.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.rprofile\OpenWithProgids	VSCodeSetup-x64-1.96.2.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VSCode.c++\shell	VSCodeSetup-x64-1.96.2.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VSCode.hh\shell\open	VSCodeSetup-x64-1.96.2.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\VSCode.rb	VSCodeSetup-x64-1.96.2.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.toml\OpenWithProgids\VSCode.toml	VSCodeSetup-x64-1.96.2.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\VSCode.markdown\shell\open\command	VSCodeSetup-x64-1.96.2.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VSCode.svg\shell\open\Icon = "\"C:\\Program Files\\Microsoft VS Code\\Code.exe\""	VSCodeSetup-x64-1.96.2.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.bash_logout\OpenWithProgids\VSCode.bash_logout	VSCodeSetup-x64-1.96.2.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\VSCode.mdwn\DefaultIcon	VSCodeSetup-x64-1.96.2.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\VSCode.mkdn	VSCodeSetup-x64-1.96.2.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VSCode.php\ = "PHP Source File"	VSCodeSetup-x64-1.96.2.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VSCode.shtml\DefaultIcon\ = "C:\\Program Files\\Microsoft VS Code\\resources\\app\\resources\\win32\\html.ico"	VSCodeSetup-x64-1.96.2.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.cljs\OpenWithProgids	VSCodeSetup-x64-1.96.2.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VSCode.cls\shell	VSCodeSetup-x64-1.96.2.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.json\OpenWithProgids\VSCode.json	VSCodeSetup-x64-1.96.2.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VSCode.lua\ = "Lua Source File"	VSCodeSetup-x64-1.96.2.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VSCode.npmignore\shell	VSCodeSetup-x64-1.96.2.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\VSCode.xml	VSCodeSetup-x64-1.96.2.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VSCode.pod\DefaultIcon\ = "C:\\Program Files\\Microsoft VS Code\\resources\\app\\resources\\win32\\default.ico"	VSCodeSetup-x64-1.96.2.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VSCode.c\shell\open	VSCodeSetup-x64-1.96.2.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.gemspec\OpenWithProgids\VSCode.gemspec	VSCodeSetup-x64-1.96.2.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.groovy	VSCodeSetup-x64-1.96.2.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\VSCode.jscsrc\shell\open\command	VSCodeSetup-x64-1.96.2.tmp

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\VSCodeSetup-x64-1.96.2.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1472	chrome.exe
1472	chrome.exe
2364	powershell.exe
2364	powershell.exe
3448	VSCodeSetup-x64-1.96.2.tmp
3448	VSCodeSetup-x64-1.96.2.tmp
992	chrome.exe
992	chrome.exe
992	chrome.exe
992	chrome.exe
4688	msedge.exe
4688	msedge.exe
8124	msedge.exe
8124	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
8124	msedge.exe
8124	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
8124	msedge.exe
8124	msedge.exe
8124	msedge.exe
8124	msedge.exe
8124	msedge.exe
8124	msedge.exe
8124	msedge.exe
8124	msedge.exe
8124	msedge.exe
8124	msedge.exe
8124	msedge.exe
8124	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3876	Code.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1472 wrote to memory of 3400	1472	chrome.exe	77
PID 1472 wrote to memory of 3400	1472	chrome.exe	77
PID 1472 wrote to memory of 3668	1472	chrome.exe	78
PID 1472 wrote to memory of 3668	1472	chrome.exe	78
PID 1472 wrote to memory of 3668	1472	chrome.exe	78
PID 1472 wrote to memory of 3668	1472	chrome.exe	78
PID 1472 wrote to memory of 3668	1472	chrome.exe	78
PID 1472 wrote to memory of 3668	1472	chrome.exe	78
PID 1472 wrote to memory of 3668	1472	chrome.exe	78
PID 1472 wrote to memory of 3668	1472	chrome.exe	78
PID 1472 wrote to memory of 3668	1472	chrome.exe	78
PID 1472 wrote to memory of 3668	1472	chrome.exe	78
PID 1472 wrote to memory of 3668	1472	chrome.exe	78
PID 1472 wrote to memory of 3668	1472	chrome.exe	78
PID 1472 wrote to memory of 3668	1472	chrome.exe	78
PID 1472 wrote to memory of 3668	1472	chrome.exe	78
PID 1472 wrote to memory of 3668	1472	chrome.exe	78
PID 1472 wrote to memory of 3668	1472	chrome.exe	78
PID 1472 wrote to memory of 3668	1472	chrome.exe	78
PID 1472 wrote to memory of 3668	1472	chrome.exe	78
PID 1472 wrote to memory of 3668	1472	chrome.exe	78
PID 1472 wrote to memory of 3668	1472	chrome.exe	78
PID 1472 wrote to memory of 3668	1472	chrome.exe	78
PID 1472 wrote to memory of 3668	1472	chrome.exe	78
PID 1472 wrote to memory of 3668	1472	chrome.exe	78
PID 1472 wrote to memory of 3668	1472	chrome.exe	78
PID 1472 wrote to memory of 3668	1472	chrome.exe	78
PID 1472 wrote to memory of 3668	1472	chrome.exe	78
PID 1472 wrote to memory of 3668	1472	chrome.exe	78
PID 1472 wrote to memory of 3668	1472	chrome.exe	78
PID 1472 wrote to memory of 3668	1472	chrome.exe	78
PID 1472 wrote to memory of 3668	1472	chrome.exe	78
PID 1472 wrote to memory of 4020	1472	chrome.exe	79
PID 1472 wrote to memory of 4020	1472	chrome.exe	79
PID 1472 wrote to memory of 4556	1472	chrome.exe	80
PID 1472 wrote to memory of 4556	1472	chrome.exe	80
PID 1472 wrote to memory of 4556	1472	chrome.exe	80
PID 1472 wrote to memory of 4556	1472	chrome.exe	80
PID 1472 wrote to memory of 4556	1472	chrome.exe	80
PID 1472 wrote to memory of 4556	1472	chrome.exe	80
PID 1472 wrote to memory of 4556	1472	chrome.exe	80
PID 1472 wrote to memory of 4556	1472	chrome.exe	80
PID 1472 wrote to memory of 4556	1472	chrome.exe	80
PID 1472 wrote to memory of 4556	1472	chrome.exe	80
PID 1472 wrote to memory of 4556	1472	chrome.exe	80
PID 1472 wrote to memory of 4556	1472	chrome.exe	80
PID 1472 wrote to memory of 4556	1472	chrome.exe	80
PID 1472 wrote to memory of 4556	1472	chrome.exe	80
PID 1472 wrote to memory of 4556	1472	chrome.exe	80
PID 1472 wrote to memory of 4556	1472	chrome.exe	80
PID 1472 wrote to memory of 4556	1472	chrome.exe	80
PID 1472 wrote to memory of 4556	1472	chrome.exe	80
PID 1472 wrote to memory of 4556	1472	chrome.exe	80
PID 1472 wrote to memory of 4556	1472	chrome.exe	80
PID 1472 wrote to memory of 4556	1472	chrome.exe	80
PID 1472 wrote to memory of 4556	1472	chrome.exe	80
PID 1472 wrote to memory of 4556	1472	chrome.exe	80
PID 1472 wrote to memory of 4556	1472	chrome.exe	80
PID 1472 wrote to memory of 4556	1472	chrome.exe	80
PID 1472 wrote to memory of 4556	1472	chrome.exe	80
PID 1472 wrote to memory of 4556	1472	chrome.exe	80
PID 1472 wrote to memory of 4556	1472	chrome.exe	80
PID 1472 wrote to memory of 4556	1472	chrome.exe	80
PID 1472 wrote to memory of 4556	1472	chrome.exe	80

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://google.com
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb976cc40,0x7ffcb976cc4c,0x7ffcb976cc58
  2⤵
  PID:3400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1780,i,17383462894511318524,18190139636796151317,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1776 /prefetch:2
  2⤵
  PID:3668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2044,i,17383462894511318524,18190139636796151317,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2100 /prefetch:3
  2⤵
  PID:4020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2168,i,17383462894511318524,18190139636796151317,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2252 /prefetch:8
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3008,i,17383462894511318524,18190139636796151317,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3044 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3012,i,17383462894511318524,18190139636796151317,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4088,i,17383462894511318524,18190139636796151317,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4384 /prefetch:1
  2⤵
  PID:4188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4592,i,17383462894511318524,18190139636796151317,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4588 /prefetch:8
  2⤵
  PID:3292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4716,i,17383462894511318524,18190139636796151317,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3308,i,17383462894511318524,18190139636796151317,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3024 /prefetch:8
  2⤵
  PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4612,i,17383462894511318524,18190139636796151317,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4336 /prefetch:8
  2⤵
  PID:3472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3184,i,17383462894511318524,18190139636796151317,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4284,i,17383462894511318524,18190139636796151317,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:3728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5440,i,17383462894511318524,18190139636796151317,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5456 /prefetch:8
  2⤵
  PID:3816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5436,i,17383462894511318524,18190139636796151317,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  PID:1668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4544,i,17383462894511318524,18190139636796151317,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4588 /prefetch:1
  2⤵
  PID:1652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5412,i,17383462894511318524,18190139636796151317,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4548 /prefetch:1
  2⤵
  PID:3364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4616,i,17383462894511318524,18190139636796151317,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5128 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:1368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5928,i,17383462894511318524,18190139636796151317,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6072,i,17383462894511318524,18190139636796151317,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6080 /prefetch:8
  2⤵
  PID:4880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6104,i,17383462894511318524,18190139636796151317,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6060 /prefetch:8
  2⤵
  PID:3888
- C:\Users\Admin\Downloads\VSCodeSetup-x64-1.96.2.exe
  "C:\Users\Admin\Downloads\VSCodeSetup-x64-1.96.2.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:568
- - C:\Users\Admin\AppData\Local\Temp\is-MKE3G.tmp\VSCodeSetup-x64-1.96.2.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-MKE3G.tmp\VSCodeSetup-x64-1.96.2.tmp" /SL5="$80268,103880876,828416,C:\Users\Admin\Downloads\VSCodeSetup-x64-1.96.2.exe"
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    PID:3448
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "Get-WmiObject Win32_Process | Where-Object { $_.ExecutablePath -eq 'C:\Program Files\Microsoft VS Code\bin\code-tunnel.exe' } | Select @{Name='Id'; Expression={$_.ProcessId}} | Stop-Process -Force"
      4⤵
      Command and Scripting Interpreter: PowerShell
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2364
  - - C:\Windows\system32\icacls.exe
      "C:\Windows\system32\icacls.exe" "C:\Program Files\Microsoft VS Code" /inheritancelevel:r /grant:r "*S-1-5-18:(OI)(CI)F" /grant:r "*S-1-5-32-544:(OI)(CI)F" /grant:r "*S-1-5-11:(OI)(CI)RX" /grant:r "*S-1-5-32-545:(OI)(CI)RX"
      4⤵
      Modifies file permissions
      PID:4184
  - - C:\Program Files\Microsoft VS Code\Code.exe
      "C:\Program Files\Microsoft VS Code\Code.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in Windows directory
      Checks processor information in registry
      Suspicious use of SetWindowsHookEx
      PID:3876
    - - C:\Program Files\Microsoft VS Code\Code.exe
        
        "C:\Program Files\Microsoft VS Code\Code.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --gpu-preferences=UAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1728,i,15721823944404052834,17429537055325651004,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1720 /prefetch:2
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:772
    - - C:\Program Files\Microsoft VS Code\Code.exe
        
        "C:\Program Files\Microsoft VS Code\Code.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --field-trial-handle=1972,i,15721823944404052834,17429537055325651004,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1968 /prefetch:11
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4568
    - - C:\Program Files\Microsoft VS Code\Code.exe
        
        "C:\Program Files\Microsoft VS Code\Code.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --app-user-model-id=Microsoft.VisualStudioCode --app-path="C:\Program Files\Microsoft VS Code\resources\app" --enable-sandbox --enable-blink-features=HighlightAPI --disable-blink-features=FontMatchingCTMigration,StandardizedBrowserZoom, --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --field-trial-handle=3112,i,15721823944404052834,17429537055325651004,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3100 --vscode-window-config=vscode:5f451678-c8be-4754-95fd-6c57a6b4d07b /prefetch:1
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:488
    - - C:\Program Files\Microsoft VS Code\Code.exe
        
        "C:\Program Files\Microsoft VS Code\Code.exe" --type=utility --utility-sub-type=node.mojom.NodeService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --field-trial-handle=2736,i,15721823944404052834,17429537055325651004,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3552 /prefetch:14
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3220
      - \??\c:\Program Files\Microsoft VS Code\bin\code-tunnel.exe
        
        "c:\Program Files\Microsoft VS Code\bin\code-tunnel.exe" tunnel status
        6⤵
        Executes dropped EXE
        
        PID:4496
      - \??\c:\Program Files\Microsoft VS Code\resources\app\node_modules\@vscode\vsce-sign\bin\vsce-sign.exe
        
        "c:\Program Files\Microsoft VS Code\resources\app\node_modules\@vscode\vsce-sign\bin\vsce-sign.exe" verify --package c:\Users\Admin\AppData\Roaming\Code\CachedExtensionVSIXs\stevenrutlidge.mnemonic-validator-1.0.10 --signaturearchive c:\Users\Admin\AppData\Roaming\Code\CachedExtensionVSIXs\stevenrutlidge.mnemonic-validator-1.0.10.sigzip
        6⤵
        Executes dropped EXE
        
        PID:4464
    - - C:\Program Files\Microsoft VS Code\Code.exe
        
        "C:\Program Files\Microsoft VS Code\Code.exe" --type=utility --utility-sub-type=node.mojom.NodeService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --field-trial-handle=3604,i,15721823944404052834,17429537055325651004,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3596 /prefetch:14
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4624
    - - C:\Program Files\Microsoft VS Code\Code.exe
        
        "C:\Program Files\Microsoft VS Code\Code.exe" --type=utility --utility-sub-type=node.mojom.NodeService --lang=en-US --service-sandbox-type=none --dns-result-order=ipv4first --inspect-port=0 --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --field-trial-handle=3696,i,15721823944404052834,17429537055325651004,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3692 /prefetch:14
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4088
    - - C:\Program Files\Microsoft VS Code\Code.exe
        
        "C:\Program Files\Microsoft VS Code\Code.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --app-user-model-id=Microsoft.VisualStudioCode --app-path="C:\Program Files\Microsoft VS Code\resources\app" --enable-sandbox --enable-blink-features=HighlightAPI --disable-blink-features=FontMatchingCTMigration,StandardizedBrowserZoom, --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4192,i,15721823944404052834,17429537055325651004,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=4200 --vscode-window-config=vscode:5f451678-c8be-4754-95fd-6c57a6b4d07b /prefetch:1
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3716
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "wsl.exe -l -q"
        5⤵
        
        PID:1196
    - - C:\Program Files\Microsoft VS Code\Code.exe
        
        "C:\Program Files\Microsoft VS Code\Code.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --app-user-model-id=Microsoft.VisualStudioCode --app-path="C:\Program Files\Microsoft VS Code\resources\app" --enable-sandbox --enable-blink-features=HighlightAPI --disable-blink-features=FontMatchingCTMigration,StandardizedBrowserZoom, --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4256,i,15721823944404052834,17429537055325651004,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=4260 --vscode-window-config=vscode:5f451678-c8be-4754-95fd-6c57a6b4d07b /prefetch:1
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2824
    - - C:\Windows\System32\wsl.exe
        
        C:\Windows\System32\wsl.exe --status
        5⤵
        
        PID:2944
    - - C:\Program Files\Microsoft VS Code\Code.exe
        
        "C:\Program Files\Microsoft VS Code\Code.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --app-user-model-id=Microsoft.VisualStudioCode --app-path="C:\Program Files\Microsoft VS Code\resources\app" --enable-sandbox --enable-blink-features=HighlightAPI --disable-blink-features=FontMatchingCTMigration,StandardizedBrowserZoom, --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3448,i,15721823944404052834,17429537055325651004,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=4204 --vscode-window-config=vscode:5f451678-c8be-4754-95fd-6c57a6b4d07b /prefetch:1
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3420
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "wsl.exe -l -q"
        5⤵
        
        PID:7804
      - C:\Windows\system32\wsl.exe
        
        wsl.exe -l -q
        6⤵
        
        PID:7864
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/stevenrutlidge/validiator.git
        5⤵
        Enumerates system info in registry
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        Suspicious use of SendNotifyMessage
        
        PID:8124
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffca3433cb8,0x7ffca3433cc8,0x7ffca3433cd8
        6⤵
        
        PID:8140
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1868,7352887827358276115,4015069225483160503,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1880 /prefetch:2
        6⤵
        
        PID:1956
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1868,7352887827358276115,4015069225483160503,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4688
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1868,7352887827358276115,4015069225483160503,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
        6⤵
        
        PID:4648
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7352887827358276115,4015069225483160503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
        6⤵
        
        PID:5308
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7352887827358276115,4015069225483160503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
        6⤵
        
        PID:5312
    - - C:\Program Files\Microsoft VS Code\Code.exe
        
        "C:\Program Files\Microsoft VS Code\Code.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --app-user-model-id=Microsoft.VisualStudioCode --app-path="C:\Program Files\Microsoft VS Code\resources\app" --enable-sandbox --enable-blink-features=HighlightAPI --disable-blink-features=FontMatchingCTMigration,StandardizedBrowserZoom, --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4460,i,15721823944404052834,17429537055325651004,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=4464 --vscode-window-config=vscode:5f451678-c8be-4754-95fd-6c57a6b4d07b /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:6776
    - - C:\Program Files\Microsoft VS Code\Code.exe
        
        "C:\Program Files\Microsoft VS Code\Code.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --app-user-model-id=Microsoft.VisualStudioCode --app-path="C:\Program Files\Microsoft VS Code\resources\app" --enable-sandbox --enable-blink-features=HighlightAPI --disable-blink-features=FontMatchingCTMigration,StandardizedBrowserZoom, --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4356,i,15721823944404052834,17429537055325651004,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=4396 --vscode-window-config=vscode:5f451678-c8be-4754-95fd-6c57a6b4d07b /prefetch:1
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:6868
    - - C:\Program Files\Microsoft VS Code\Code.exe
        
        "C:\Program Files\Microsoft VS Code\Code.exe" --type=utility --utility-sub-type=node.mojom.NodeService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --field-trial-handle=3660,i,15721823944404052834,17429537055325651004,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3536 /prefetch:14
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:7272
    - - C:\Program Files\Microsoft VS Code\Code.exe
        
        "C:\Program Files\Microsoft VS Code\Code.exe" --type=utility --utility-sub-type=node.mojom.NodeService --lang=en-US --service-sandbox-type=none --dns-result-order=ipv4first --inspect-port=0 --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --field-trial-handle=5348,i,15721823944404052834,17429537055325651004,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=4896 /prefetch:14
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:7292
      - \??\c:\Program Files\Microsoft VS Code\resources\app\node_modules\@vscode\ripgrep\bin\rg.exe
        
        "c:\Program Files\Microsoft VS Code\resources\app\node_modules\@vscode\ripgrep\bin\rg.exe" --files --hidden --case-sensitive --no-require-git -g **/* -g !**/.git -g !**/.svn -g !**/.hg -g !**/CVS -g !**/.DS_Store -g !**/Thumbs.db -g !**/node_modules/** --no-ignore --follow --no-config --no-ignore-global
        6⤵
        Executes dropped EXE
        
        PID:7836
      - C:\Program Files\Microsoft VS Code\Code.exe
        
        "C:\Program Files\Microsoft VS Code\Code.exe" "c:\Program Files\Microsoft VS Code\resources\app\extensions\html-language-features\server\dist\node\htmlServerMain" --node-ipc --clientProcessId=7292
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5528
      - C:\Program Files\Microsoft VS Code\Code.exe
        
        "C:\Program Files\Microsoft VS Code\Code.exe" "c:\Program Files\Microsoft VS Code\resources\app\extensions\json-language-features\server\dist\node\jsonServerMain" --node-ipc --clientProcessId=7292
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5140
      - C:\Program Files\Microsoft VS Code\Code.exe
        
        "C:\Program Files\Microsoft VS Code\Code.exe" --max-old-space-size=3072 "c:\Program Files\Microsoft VS Code\resources\app\extensions\node_modules\typescript\lib\tsserver.js" --serverMode partialSemantic --useInferredProjectPerProjectRoot --disableAutomaticTypingAcquisition --cancellationPipeName C:\Users\Admin\AppData\Local\Temp\vscode-typescript\a3685a6b7f51a9b0a5b9\tscancellation-07efb3376eed6fefb470.tmp* --locale en --noGetErrOnBackgroundUpdate --canUseWatchEvents --validateDefaultNpmLocation --useNodeIpc
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:1760
      - C:\Program Files\Microsoft VS Code\Code.exe
        
        "C:\Program Files\Microsoft VS Code\Code.exe" --max-old-space-size=3072 "c:\Program Files\Microsoft VS Code\resources\app\extensions\node_modules\typescript\lib\tsserver.js" --useInferredProjectPerProjectRoot --enableTelemetry --cancellationPipeName C:\Users\Admin\AppData\Local\Temp\vscode-typescript\a3685a6b7f51a9b0a5b9\tscancellation-411ae71b48146528c28a.tmp* --locale en --noGetErrOnBackgroundUpdate --canUseWatchEvents --validateDefaultNpmLocation --useNodeIpc
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5332
        
        C:\Program Files\Microsoft VS Code\Code.exe
        
        "C:\Program Files\Microsoft VS Code\Code.exe" "c:/Program Files/Microsoft VS Code/resources/app/extensions/node_modules/typescript/lib/typingsInstaller.js" --globalTypingsCacheLocation C:/Users/Admin/AppData/Local/Microsoft/TypeScript/5.7 --enableTelemetry --typesMapLocation "c:/Program Files/Microsoft VS Code/resources/app/extensions/node_modules/typescript/lib/typesMap.json" --validateDefaultNpmLocation
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:5620
      - \??\c:\Program Files\Microsoft VS Code\resources\app\node_modules\@vscode\ripgrep\bin\rg.exe
        
        "c:\Program Files\Microsoft VS Code\resources\app\node_modules\@vscode\ripgrep\bin\rg.exe" --files --hidden --case-sensitive --no-require-git -g **/package.json -g !**/.git -g !**/.svn -g !**/.hg -g !**/CVS -g !**/.DS_Store -g !**/Thumbs.db --no-ignore --follow --no-config --no-ignore-global
        6⤵
        Executes dropped EXE
        
        PID:5668
      - C:\Program Files\Microsoft VS Code\Code.exe
        
        "C:\Program Files\Microsoft VS Code\Code.exe" "c:\Program Files\Microsoft VS Code\resources\app\extensions\markdown-language-features\dist\serverWorkerMain" --node-ipc --clientProcessId=7292
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:6324
      - \??\c:\Program Files\Microsoft VS Code\resources\app\node_modules\@vscode\ripgrep\bin\rg.exe
        
        "c:\Program Files\Microsoft VS Code\resources\app\node_modules\@vscode\ripgrep\bin\rg.exe" --files --hidden --case-sensitive --no-require-git -g **/tsconfig*.json -g !**/.git -g !**/.svn -g !**/.hg -g !**/CVS -g !**/.DS_Store -g !**/Thumbs.db -g !**/{node_modules,.*}/** --no-ignore --follow --no-config --no-ignore-global
        6⤵
        Executes dropped EXE
        
        PID:3340
      - \??\c:\Program Files\Microsoft VS Code\resources\app\node_modules\@vscode\ripgrep\bin\rg.exe
        
        "c:\Program Files\Microsoft VS Code\resources\app\node_modules\@vscode\ripgrep\bin\rg.exe" --files --hidden --case-sensitive --no-require-git -g **/package.json -g !**/.git -g !**/.svn -g !**/.hg -g !**/CVS -g !**/.DS_Store -g !**/Thumbs.db -g !**/{node_modules,.vscode-test}/** --no-ignore --follow --no-config --no-ignore-global
        6⤵
        Executes dropped EXE
        
        PID:6540
      - C:\Program Files\Microsoft VS Code\Code.exe
        
        "C:\Program Files\Microsoft VS Code\Code.exe" "c:\Program Files\Microsoft VS Code\resources\app\extensions\css-language-features\server\dist\node\cssServerMain" --node-ipc --clientProcessId=7292
        6⤵
        
        PID:6660
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "wsl.exe -l -q"
        5⤵
        
        PID:7484
      - C:\Windows\system32\wsl.exe
        
        wsl.exe -l -q
        6⤵
        
        PID:6512
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "wsl.exe -l -q"
        5⤵
        
        PID:7816
      - C:\Windows\system32\wsl.exe
        
        wsl.exe -l -q
        6⤵
        
        PID:7880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6048,i,17383462894511318524,18190139636796151317,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6320 /prefetch:1
  2⤵
  PID:1768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5776,i,17383462894511318524,18190139636796151317,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5948 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:992

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4552

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2832

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5208

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5324

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Windows Credential Manager

T1555.004

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft VS Code\chrome_100_percent.pak

Filesize
147KB

MD5
3c72d78266a90ed10dc0b0da7fdc6790

SHA1
6690eb15b179c8790e13956527ebbf3d274eef9b

SHA256
14a6a393c60f62df9bc1036e98346cd557e0ae73e8c7552d163fa64da77804d7

SHA512
b1babf1c37b566a5f0e5f84156f7ab59872690ba0bdd51850525f86769bfebc245f83988a3508945cf7617d73cd25e8469228974dd2c38415388b6a378552420

Download Submit
C:\Program Files\Microsoft VS Code\chrome_200_percent.pak

Filesize
222KB

MD5
3969308aae1dc1c2105bbd25901bcd01

SHA1
a32f3c8341944da75e3eed5ef30602a98ec75b48

SHA256
20c93f2cfd69f3249cdfd46f317b37a9432ecc0de73323d24ecf65ce0f3c1bb6

SHA512
f81ed1890b46f7d9f6096b9ef5daab5b21788952efb5c4dcd6b8fd43e4673a91607c748f31434c84a180d943928d83928037058493e7e9b48c3de1fc8025df7f

Download Submit
C:\Program Files\Microsoft VS Code\d3dcompiler_47.dll

Filesize
4.7MB

MD5
456f88c6f9c6ed46a0663411297a9b09

SHA1
51e95fd42ccc2a7a9632bf01519e26d09149c6ce

SHA256
8db806b9cf2b4de55b89b4c56c1b9faaf2c02f325f68d16c425fb56868a8a34e

SHA512
0073e05ba6cf2b1cf383a928f277c9c950fafd685db03d7435aae1185533e273ebf9821c6feab9ae51dce1ae1569e000974341b0713a9ca1566965fe7a26fcd3

Download Submit
C:\Program Files\Microsoft VS Code\ffmpeg.dll

Filesize
2.7MB

MD5
24948b8c6c572c934c97d16d17bd824f

SHA1
c7d270db672a229db1bda14b2b81232f6623f4b8

SHA256
a40971acc7e2ffc18d66737a06696eba03eb897d50b74c0a81dabf004ad0c00d

SHA512
a5409e73cc5a7fbd8ba1b50e8ac4d779ffe78996b59dcced8643e5a287a5a8a267f475c79c8271ea0583166136a39d9ea77b01944381e49c5c62cf2c05870f51

Download Submit
C:\Program Files\Microsoft VS Code\icudtl.dat

Filesize
10.0MB

MD5
ffd67c1e24cb35dc109a24024b1ba7ec

SHA1
99f545bc396878c7a53e98a79017d9531af7c1f5

SHA256
9ae98c06cbb0ea43c5cd6b5725310c008c65e46072421a1118cb88e1de9a8b92

SHA512
e1a865e685d2d3bacd0916d4238a79462519d887feb273a251120bb6af2b4481d025f3b21ce9a1a95a49371a0aa3ecf072175ba756974e831dbfde1f0feaeb79

Download Submit
C:\Program Files\Microsoft VS Code\libEGL.dll

Filesize
493KB

MD5
71924c9a60aa206e6ba6c6be2b8d9ce8

SHA1
6700dae30a9e9d7679340b0d3a72b73e6294b2da

SHA256
c920b7d52c57ab57f6fb7bd93deef5144eae88808d66c9b9ec220cd187441a33

SHA512
8a91976b7d17445c194d8779b50ca91422b7244bffbb3ff0f8cf9cf37eef22e73fcc2714e851b4a283596a43416f855d807de25848ff5079ae61608633ba0b53

Download Submit
C:\Program Files\Microsoft VS Code\libGLESv2.dll

Filesize
8.0MB

MD5
cca7d1da31f29d33200690a4fb071b5f

SHA1
4f2419ba191aca62b1f0a630a990d4525ef28a24

SHA256
6963cd9ad691553c736c19c0f93716f9ebc8b6a26d1656683e7ed0783671c66b

SHA512
744b76cabf2dbe81140a06357157b649b3016b8b325d6aa11d994e77ada46f29ad614d3d4af36d4236960edc3114aae032fefd2d4ec6d6a29c70d4fe70cca07c

Download Submit
C:\Program Files\Microsoft VS Code\locales\en-US.pak

Filesize
460KB

MD5
be79f74edbe7c2a7b50c44c104a33266

SHA1
9f39efd4cfd49ee4d7bce6e6c601aeaec600535f

SHA256
9faeb0cc66c1dfcbcfab26062db9ecc48d07a88cb519cc1e18ca795ddbbacf5c

SHA512
d1927fcb10d239d1c1fe0c9ea2f789da51df256dc4e9824022660b6865aa57ddad3e22d040e0edebf68183986cab1c4759e22491bfe6ab59b251797d69835247

Download Submit
C:\Program Files\Microsoft VS Code\resources.pak

Filesize
5.2MB

MD5
40ae74810ef26162d444d89109923e16

SHA1
caaac2371116c0031cd54aa2ac7d0ebc880e9742

SHA256
4970d5f2090f02bc788e5247ebaadd32698e035fe2a2ea7ebfe0c4841a0a9306

SHA512
280e5e12a6a783969dcdc360505dc6f302e232d960eeac0eeb6333695d83fc2e6794fb337d5b531f78414f6a3e6728d0dd27603ca4305b2f1579ebcd38b74634

Download Submit
C:\Program Files\Microsoft VS Code\resources\app\extensions\json-language-features\server\is-3U2I8.tmp

Filesize
39B

MD5
13fd4bf74cf2be8e582df89172fd5c43

SHA1
d14bb4302c9f89913859d245ad2f16feb5c9431a

SHA256
d9b82212418bc1f48866ef2ecfe4217d54745af57694ba5df0b01e6ad3e98933

SHA512
fe6f8972a161ff1eaa4eb748f1de523f47f6c7f5bafef607152bb7301c3bec435ec79dd81875e29c99f092368dae58cbf559bd08a8c8517634f8e7334f173c02

Download Submit
C:\Program Files\Microsoft VS Code\resources\app\licenses\is-C7H1F.tmp

Filesize
179KB

MD5
575506a8774d119bc036fc34a0a3b08a

SHA1
87864ccab15ab97a8698c1bdaa7db88d7a8dbcdf

SHA256
a8e9fd8d817925e0457587f9252dfd977bf17a4155a7ea67bf230d3283036a79

SHA512
39f515f5f7da39fd6e026cc3f7bbb269a60c635a51338073cf752352635936834280a68c1deb46fdfb263293716bafdc31ef569663175b0bea6385acbc36e24c

Download Submit
C:\Program Files\Microsoft VS Code\resources\app\node_modules\@microsoft\applicationinsights-core-js\NOTICE

Filesize
631B

MD5
d6bd36f686fd435d25f2fc093c70d2ba

SHA1
9cd1dfde85276609358cf9b08865b801647d1bc5

SHA256
88c7bfe272ff8a305c79644131fceb45e09faa1b9cdabd196b4f50b477f0dd20

SHA512
eb758b22aaab89c125074251f1320a4a6a0404d45f8ad64d68aed354a03ca7c073b04b4d45c23fa8d01d90d627d422e74ad60c106f03f0e4a510fb7b60c2377a

Download Submit
C:\Program Files\Microsoft VS Code\resources\app\node_modules\@microsoft\applicationinsights-core-js\is-JKTHV.tmp

Filesize
854B

MD5
5d483bc2a4edb9b663c253e975b0c404

SHA1
18c5a5d1fe7e1190f527e8a0cab5a6bbeea92b5d

SHA256
667450844c99658ea65acb29a73f60504a599cfa40138471e943ed3e5e5bdf41

SHA512
61d86762e9dca8e330e9a05bfef364a013d45878a353247a0fe656b132e74ee86cd1d562a541e5a7859418a48009565d12b8245a8cb336c01317005c23cc511a

Download Submit
C:\Program Files\Microsoft VS Code\resources\app\node_modules\@microsoft\dynamicproto-js\is-4NU5S.tmp

Filesize
1KB

MD5
7f571235285d97bbfd3df146c554c260

SHA1
aede5ad1228cf790788df06dd052f91e0d1b8391

SHA256
904dc4d8749877f1dba1cda48200d2462dccbeb7c134d5e4ef6fa75e0198c8fe

SHA512
f32e03ca8847c2f16226377644cfd561bed53fe608484a755dd39909265834918c25f8b600b735617fd15caeab41781176c5b17d0fedfa906a3df5b15eb3a922

Download Submit
C:\Program Files\Microsoft VS Code\resources\app\node_modules\@microsoft\dynamicproto-js\is-G3G1T.tmp

Filesize
2KB

MD5
558a3afce83d0e53014d19717f654349

SHA1
0e8972dc842e81d5f3cf73a5d7c7bfda53fa5ab5

SHA256
dd0376320839eaab4124f03d94447b20e324d9eb19a7ec400dfbd01bc24bab47

SHA512
7a34a2edcf3a44525a304611ac0230b0b2ce0bfa19dd85d47c74a46e879f2ef21bcab647285c656164292f161454eed9d8239cb63fb16ca2348f11db5d3034ac

Download Submit
C:\Program Files\Microsoft VS Code\resources\app\node_modules\@vscode\iconv-lite-umd\is-KF6OF.tmp

Filesize
1KB

MD5
d4a904ca135bb7bc912156fee12726f0

SHA1
689ec0681815ecc32bee639c68e7740add7bd301

SHA256
c2cfccb812fe482101a8f04597dfc5a9991a6b2748266c47ac91b6a5aae15383

SHA512
1d0688424f69c0e7322aeb720e4e28d9af3b5a7a2dc18b8b198156e377a61a6e05bc824528fca0f8e61ac39b137a028029ff82e5229ad400a3cc22e2bdb687ad

Download Submit
C:\Program Files\Microsoft VS Code\resources\app\node_modules\@vscode\node-addon-api\is-02UA1.tmp

Filesize
3KB

MD5
a4dcdbe197a6a3be69d7599c59e64458

SHA1
965ecc349b636e97697222acde08052b52e7f169

SHA256
4fdc94bad2981f680269f302e7ec6dcb76e33fede92e97a908faf205bacc6271

SHA512
0af3e0e1f70d0247ed654c79720d41f69e3a567f2c6880b649eca8aec57e9cec56d5467966f4baf6ab879a730a013feaf0ba64ae204de4b1f1615db4deddf5ee

Download Submit
C:\Program Files\Microsoft VS Code\resources\app\node_modules\@vscode\policy-watcher\build\Release\vscode-policy-watcher.node

Filesize
165KB

MD5
df0c11732f74cc436357653cf94e0e2d

SHA1
d8919328b7e216edbfd2c0b520602b5e2a6f8ee0

SHA256
047b251d3f3157a2e1ac997b695fe7d7fa6e223bfa74cbd478c9d4dfd80fe5d0

SHA512
23e556ac20c5191bfd46eb5428e018643a0b550b67fe4eefe7ec9de3f8203913fa06a033786b35037d23c7f77df485f281ca60c257914e85281d944d622fac9f

Download Submit
C:\Program Files\Microsoft VS Code\resources\app\node_modules\@vscode\policy-watcher\index.js

Filesize
625B

MD5
6a188b79cf5f61ed97466184df7f0590

SHA1
216241d1be7f21c168db7cb0d8c61f3401f350b0

SHA256
7f83d801ed592f833e64bd45d88d637cd117be5b7c4ac5fde59438d75bed74c1

SHA512
9f49e5d4380508bb1a7584a56385e447a011128f7e6d7a7629305581de66dba8f3cd70b4a0a7d6abb7a835bcf96b5d166d60a0d4d84db099e70e9d7b6ba3c57e

Download Submit
C:\Program Files\Microsoft VS Code\resources\app\node_modules\@vscode\policy-watcher\package.json

Filesize
430B

MD5
1ec4ea9352ae3de0316272c18fc8e360

SHA1
97cc4f32fa1c4ffecc49d2e1f790d32a8cab964c

SHA256
15016dfee153412954f60ac1011f241451a9b7fbb68ba986b9cd5d885cdcbd38

SHA512
3d35ea59565de3d2b0c021a106e18a44c9637d4ae69a86d513c1c186769da73d2d69b14a7a4f80794c1c50bd3573d62b77b7a3fadf3647cf188ca2b308b23215

Download Submit
C:\Program Files\Microsoft VS Code\resources\app\node_modules\bindings\bindings.js

Filesize
5KB

MD5
13c05ea1a2f638b707aa56eea958810c

SHA1
c93878e75a9f0545f73aa8d6fba3a761c4ceda36

SHA256
8e32a0d37f20bd6f7d5bdbf99d041aa27be47cbbe5172ac13ebf7380a10b3bf6

SHA512
f356619fa479c72086138eed34fbdcf501bb6f263249e5cf3b1069b2d6c120afc32d9b2ee89d9a41b2f516251c8bbf5d9913e78105961a989e136ac03146657f

Download Submit
C:\Program Files\Microsoft VS Code\resources\app\node_modules\bindings\package.json

Filesize
660B

MD5
17005447df8440e0e386849b8fa2b682

SHA1
14bbbadeb1307b1f711ee10093d5b46a7889677c

SHA256
a87721fe406e1f1798fef44d697b46ea1efe346fda118010334713346ee4207c

SHA512
a61aa9260b34479feb762f81f23ec26104d311fee81bb299efa00fc7091d3ae7f10047f6d91bd3bcfec7152b754c9fc6fe97ac280b3c00abc945a25ef387105d

Download Submit
C:\Program Files\Microsoft VS Code\resources\app\node_modules\file-uri-to-path\index.js

Filesize
1KB

MD5
d98f7c699c54e0e90f408a44feb3188b

SHA1
0ffd660201ce0749053d108c53e5606b9da158d6

SHA256
e62293e871bdd5a7449ff3c7956c9536ec1d2ea7369461de77322b5256bb93e7

SHA512
7389081fbf3b16f0ad99f556337679be895e04930e36bfc8f99720e013f28b68bdd4579f11eb41dd4cc7a64a36ec26a6e6539d42d5888696f71e7d2d9c8784dc

Download Submit
C:\Program Files\Microsoft VS Code\resources\app\node_modules\file-uri-to-path\package.json

Filesize
717B

MD5
65f30030f0e7b2eff552eaabd8bb1fe1

SHA1
5dee8a540c467ffbf9025481180c77a06a9f46f2

SHA256
71eb1e24bb9694f89c613fa0aa307f977dd43f41d11794c7b48fabf6c55f66b0

SHA512
763c372773f093de60fdbe0bdd5d0b6362882e22eaebed51f70ea50fa3087417b5c517ea9ea057b56d40f019cea042a6e8c387356da1b9b9d39c2a5f16e7b5d4

Download Submit
C:\Program Files\Microsoft VS Code\resources\app\node_modules\font-ligatures\node_modules\yallist\is-M3JPI.tmp

Filesize
765B

MD5
82703a69f6d7411dde679954c2fd9dca

SHA1
bb408e929caeb1731945b2ba54bc337edb87cc66

SHA256
4ec3d4c66cd87f5c8d8ad911b10f99bf27cb00cdfcff82621956e379186b016b

SHA512
3fa748e59fb3af0c5293530844faa9606d9271836489d2c8013417779d10cc180187f5e670477f9ec77d341e0ef64eab7dcfb876c6390f027bc6f869a12d0f46

Download Submit
C:\Program Files\Microsoft VS Code\resources\app\node_modules\get-system-fonts\is-8R3V6.tmp

Filesize
1KB

MD5
48f746785d13ed477ca30d5c51a4c4e6

SHA1
d13f2bfcfa7a060b06a04ee994d169e881029bca

SHA256
5c15db361b74f2f3fcbc4bbf0c6c62f781d491493a8be312f3147edfb0bb4fdc

SHA512
602f8d4bda9fe8d1663246015754db4797709ef836caf61f1ae388312232f3795c2354b8481d57876053b59797f09e147fe20a274e439b72c82761096cdcd804

Download Submit
C:\Program Files\Microsoft VS Code\resources\app\node_modules\get-system-fonts\is-CBRID.tmp

Filesize
608B

MD5
ca2429de1d04b8f8ec219352b058d58e

SHA1
312f5876880afe956e8e5427d205253519ca8d0f

SHA256
5a926f15d47257e382ac5e82aedc2f41a009ce6a74735b8cb8b554fab45435bc

SHA512
8135d90e36bd1fd6e734c7abc84611154bb2ea1c5c4a177aeac63adb65b7ecbcf6c29973b37a009c1f99e5c7c60906911903c4486024c320532eb489461adcbc

Download Submit
C:\Program Files\Microsoft VS Code\resources\app\node_modules\get-system-fonts\is-E1LAV.tmp

Filesize
312B

MD5
4eeffb9111b31ec10b006aa5476bdc02

SHA1
b5d1a9cc9e48f086593bbc8c60cf317f18dedd7b

SHA256
e232c0453d8aa680d2963d574596cc8d1d4f6df26241f75bea184fcf44b0d639

SHA512
9bfc9a1df5d465de6a9cc5eef83ad64a878bde421644fcb0dbf4a8b8c0f6b7724f6051cb2065b17c832c55f2931467b1509c55fac841b4c5bb8390a15e8a4c3b

Download Submit
C:\Program Files\Microsoft VS Code\resources\app\node_modules\is-docker\is-MTCA7.tmp

Filesize
1KB

MD5
d5f2a6dd0192dcc7c833e50bb9017337

SHA1
80674912e3033be358331910ba27d5812369c2fc

SHA256
5c932d88256b4ab958f64a856fa48e8bd1f55bc1d96b8149c65689e0c61789d3

SHA512
d1f336ff272bc6b96dc9a04a7d0ef8f02936dd594f514060340478ee575fe01d55fc7a174df5814a4faf72c8462b012998eca7bb898e3f9a3e87205fb9135af2

Download Submit
C:\Program Files\Microsoft VS Code\resources\app\node_modules\is-number\is-PQP74.tmp

Filesize
1KB

MD5
0f64900f8f30e53054962c9f1fc3205b

SHA1
6210a5e4e9224b4fc8ef250fe227311daa2bc5ac

SHA256
35bdd8a44339719441900fb50fbefc5e2dca1ca662cbaed7a687de842c8b70f2

SHA512
72392bccd8964c88ec8aa3d815746a2b6a4466d9c7ca8f428d7d0f3e2bb11674ef494ca335c8b255eee5825c087a77bb45a5d60025f318b78a64e19beccd23c7

Download Submit
C:\Program Files\Microsoft VS Code\resources\app\node_modules\minizlib\node_modules\yallist\is-5TGCO.tmp

Filesize
207B

MD5
815f2c408219f81bfc71cf9e216480e0

SHA1
357867d11a5f3f9a52d44300e107ef4b8ceb9830

SHA256
d02451fa396de7f9ec93cc6fb3b07aaa7be637acb3409a9ddebd1c2de9279c1a

SHA512
81d1017d8a57daaf0be2d1d9c28295dfd1a1436aa79a96f0beef8afbccbc7e9ee554685d5cfa5a710b651a7d97a3f928a06a884d12d8ebd780db6c2ee8d7835b

Download Submit
C:\Program Files\Microsoft VS Code\resources\app\node_modules\minizlib\node_modules\yallist\is-KRA3U.tmp

Filesize
652B

MD5
b15d27bf2cf04083fef9389ce68aa620

SHA1
d6a16b480cbd582f969b3d0ed89a157316268d10

SHA256
c56b604bce814520105739e9559142ea9d4417454ebb933fd5687ca1d8d89bd5

SHA512
bc85712c39269457748b985b9956a6a4c0742976e8e57da32e12f9e3b05c1fc3a916f56d83194376cecaa2b41e0e27cad3725a68e0793e891a0022710f51ced4

Download Submit
C:\Program Files\Microsoft VS Code\resources\app\node_modules\minizlib\node_modules\yallist\is-SUPTJ.tmp

Filesize
8KB

MD5
f0730c76a34cefcb8ac8b20fdd3d1044

SHA1
2b9d967d60fadfc9f15b946dfea21e05b41eb6d3

SHA256
69a10f726d26f8d804a3deaeac89f0106ddfa03d576d13971002fffc8f0e8a56

SHA512
314e2e5eea8678119100acdab251fdb723040d562b34ff373debfdbdad7107399d33c61545d03190207e5c32e5bd85897d526c7582fb2ce4363ec49abf71bb36

Download Submit
C:\Program Files\Microsoft VS Code\resources\app\node_modules\socks-proxy-agent\is-9QPAQ.tmp

Filesize
1KB

MD5
e0788eaca177f42808ee36bc32bb522f

SHA1
06000e5076e6e4b51294a87d836817a74c8af65c

SHA256
8d8c55319c7729d57be811c747452636688d54f19701ee0752b6b15ad3771d9a

SHA512
dc037410a930a54ee25a8fdaaa9bcd3c310b9abd81ffd2dc8a75205da44dbe7a1ad1d058d85271e73b7ec5ccf07ccd7109fc6ebbbfc2e2499695515f34392dea

Download Submit
C:\Program Files\Microsoft VS Code\resources\app\node_modules\tas-client-umd\is-426Q1.tmp

Filesize
1KB

MD5
b98fddd052bb2f5ddbcdbd417ffb26a8

SHA1
03e1fe6fd0bc6d73c3cd3370d5f0a73c4fcb60d6

SHA256
27ebda9d51f0a56b7e281ccd8230a27236dcb51c05f64b07869ecf6e965d68b0

SHA512
7d79aae4c9beb85811a3e122a2b12aad231f519dd12a461ac49d52864a735a6b05a263d433c11ede1406d2e49b6dc62dd38487eb7bd8c079d7198a20cf85fc4d

Download Submit
C:\Program Files\Microsoft VS Code\resources\app\node_modules\vscode-oniguruma\is-AUSRM.tmp

Filesize
2KB

MD5
5061208d6c3443a6e0d7d587a04b4fc3

SHA1
e1e38d82e592ca62732bc6d6fbdbea3e9cf25d28

SHA256
81ed58e26769508df9a2f761dad55b52c6c9de62fff06195b2702fcb7a97e883

SHA512
a27a1bd86fbbcf0d2baba12ff8857abfe08a73563a36493845f45c83d5ab3997a2d28ff61cc6f1a2a289cec90884e4cbbaf9e8405d060971531441acb7d77740

Download Submit
C:\Program Files\Microsoft VS Code\resources\app\node_modules\yazl\is-BGQ3T.tmp

Filesize
1KB

MD5
e62df7ee79458f947161db54ea09ad4d

SHA1
05f44660099e9e996cc01c6b1c276dd4e9a10f5f

SHA256
b303783d5eb7ca50b853ffa5f145e4e7998fab339831d848f507ca6cd970577a

SHA512
8fe80ba23a121b3374d93e164bb80ed47759b39d5a863aa6df32ee294aa95d3d22a4a365636c7603375919e449ef8a1587e354a9d2c2fbf33dd01a33a6ae53bf

Download Submit
C:\Program Files\Microsoft VS Code\resources\app\out\main.js

Filesize
834KB

MD5
f10e35f18aa85a987bf84a24286193bc

SHA1
5a00f15497e5440c5bc0b03bad901622c5aa960b

SHA256
20dd0e481bc0ccdf0cfe6ad596fbc0f1c01d8c23e1686a76b04a8b2154ef1506

SHA512
822bd74a57f98520eaa20865e211437e2148097144e8020700b63f39016653bd76d05a9bddc9695f28ba85f294fb81b764ebb00977da284d5b6ec594812e6398

Download Submit
C:\Program Files\Microsoft VS Code\resources\app\out\nls.messages.json

Filesize
650KB

MD5
550a40c81b92b417ba8c1fa2fb000127

SHA1
f7ef302b6c3b63ca80a8cd938757619488e9818d

SHA256
46e103fc18d7ad06b5d3cda4bb56210ab92ef3b16856c5be2dc09176e257eda5

SHA512
e2995be7f49afe60342b1423cfe205fdcc395be1e0ab34285e8642d46a48eee5238309b36f078e1a6ecc12761ad721bb14e97e0b9c03c34412a27b05832a988b

Download Submit
C:\Program Files\Microsoft VS Code\resources\app\package.json

Filesize
9KB

MD5
ee03903a127a43938db4026d97e0dba4

SHA1
ed88ab114df7d093d5c5a32efe52a9958a82b133

SHA256
f7a7f4587e3230faa67ccb87ff5e5a08f347655a4c1a4b61376bf5d7dd789b43

SHA512
a6bb12447bcf70e740e8bc72a130b36fc77bd08da66980a8b3aba3d769699b3c2d1af2b2471fdea5ca8c3489173cadad1be1e73d7daac62f86fca40d42377256

Download Submit
C:\Program Files\Microsoft VS Code\resources\app\product.json

Filesize
55KB

MD5
9487504ad716c221c9281083dac5218a

SHA1
1bb7204b082769e0c9a934a5002898236f57212c

SHA256
38e0ba069fa4915cb69e6d1c3d4b38b22a532b51b4a12cae0262dc9898c54f66

SHA512
c58321c1a64adef895447173545071014bfcd241925a7608b012c9e491a0c467cb590007930550fdbeda3c8aa1a498178809e326f319e438cd0bf4e4c7c7fffd

Download Submit
C:\Program Files\Microsoft VS Code\v8_context_snapshot.bin

Filesize
650KB

MD5
08f9074440e9244de237e2c8f133899a

SHA1
b4e8d26add8083b3ed2cdc0fd78fa2ec5a2bcf07

SHA256
b86e95e4c75168329bb0957967cf7714365339cae5d5e63aff89331f340461fc

SHA512
4a0a2a06b75f69f4c988ad38a04eb9decce6b79f171491ed81744a594a8bc38bb367433baf8357017299ef9a22d4295cb2dacb30cf90f2c5363cc4e5880ca4e5

Download Submit
C:\Program Files\Microsoft VS Code\vk_swiftshader.dll

Filesize
5.2MB

MD5
9a1af34fa949243290d05283030a1a1a

SHA1
119450a02d7325c3d78f316c047e35b08a68329a

SHA256
7204bb5e398aff7f5b085e76b38e3e910d92ce0525a781679eae916ce83666b9

SHA512
43bd786fae53a3446b8bc73a6d3c2a189e185e04a44e8e69e7181a7e94320c6aedbd31329c880eec2b1f16a70d55dbf5b91d94c092257cd8b9e5b9a1248b635a

Download Submit
C:\Users\Admin\.vscode\argv.json

Filesize
798B

MD5
5ec60af48218644d3d4c274302c57740

SHA1
e2551acd5deb0f265e24debd8f0588dee8501689

SHA256
a07bca8ff048161aa6eda4090de7ce7f80e7d2e2772605b8cbd5dfc7ce206b44

SHA512
ef24c2d97944cf9bb6aae39c61fff9944ef52a949acc28fa5b6a7c8372784e30c78522f3bbfdc74b68a9654f2326e8d9b2dbd8e3e10ce3f04f6937a6982e2e0a

Download Submit
C:\Users\Admin\.vscode\extensions\.4c632648-282a-4ada-b950-32e007c23877\node_modules\uuid\dist\cjs-browser\test\v35.test.d.ts

Filesize
11B

MD5
e2ebd7ddedcadeeadbf819c35985c768

SHA1
b878c11a77128e74c3cf15c93ef2ceddf2aa0b38

SHA256
8e609bb71c20b858c77f0e9f90bb1319db8477b13f9f965f1a1e18524bf50881

SHA512
4ee1c88f8c3f4e4cd34cb6c00339bf9d6d036ff4ade3af49e871cc8966b84c729d8b75492acc6413c9a664ac00a57958223ac13c4229da8c62ebe6a53e4f783f

Download Submit
C:\Users\Admin\.vscode\extensions\.4c632648-282a-4ada-b950-32e007c23877\node_modules\uuid\dist\cjs\index.d.ts

Filesize
669B

MD5
152e8e466519c308cf854c694be6b3cd

SHA1
c11357f5d035b6507c8a767fab26ffd2c8775479

SHA256
badcc9d59770b91987e962f8e3ddfa1e06671b0e4c5e2738bbd002255cad3f38

SHA512
664cddce3227290ef568fa02147fc24817f9df6582cfca94dd7d2bd79ec6a9c936c26fb6ffae255f3df5cbacc60fbd661fce0b239304718c4ae985dda08e6f57

Download Submit
C:\Users\Admin\.vscode\extensions\.4c632648-282a-4ada-b950-32e007c23877\node_modules\uuid\dist\cjs\max.d.ts

Filesize
89B

MD5
b9d1df21ed755bfaca5227f728480f21

SHA1
7503c1bb8ddb05ded2e042e30be2a77eb1951a6a

SHA256
6ada175c0c585e89569e8feb8ff6fc9fc443d7f9ca6340b456e0f94cbef559bf

SHA512
771b3770c34b236a7ac74fc091643b587533a0392f9880ccefd603189c0d66dbe10aa53e48833dbdede2d34feb0e5189a998037455ca7f29c12a757067920541

Download Submit
C:\Users\Admin\.vscode\extensions\.4c632648-282a-4ada-b950-32e007c23877\node_modules\uuid\dist\cjs\nil.d.ts

Filesize
89B

MD5
0d7c5c89e4592a261fe1c4f3b23b0cde

SHA1
5ff8d06364798881778eb2d0c753fb865f41d4bb

SHA256
e56e4d95fad615c97eb0ae39c329a4cda9c0af178273a9173676cc9b14b58520

SHA512
248539d656a2be896a9c4c0830da656a229f07fdb423f1cd411d1cd1629cc50a020660cb871c60814c7707ae76821c3a77a74c739c88d5140bdc8203f0e81834

Download Submit
C:\Users\Admin\.vscode\extensions\.4c632648-282a-4ada-b950-32e007c23877\node_modules\uuid\dist\cjs\parse.d.ts

Filesize
72B

MD5
295e1cd4ffb220dad3e437096b0e1ab1

SHA1
288cdfe3c7549907e783550da8b81b71fbb455ed

SHA256
73e8dfd5e7d2abc18bdb5c5873e64dbdd1082408dd1921cad6ff7130d8339334

SHA512
48c34d9c5f235f8fff9c56915f29c6fb60d74fbac31bfe201f5743c71322240671d67e02a35853b7da4c56562f4d94a26103ca80bf1782847bf0f377795c1c67

Download Submit
C:\Users\Admin\.vscode\extensions\.4c632648-282a-4ada-b950-32e007c23877\node_modules\uuid\dist\cjs\regex.d.ts

Filesize
57B

MD5
adf1a830e0fed425f8421c2ddde75bc6

SHA1
5f4f9b6c04dd8630c9036a1f6fe463a1eb9e0e28

SHA256
f972c1a3ed268843b93ccca541c48a3265ced25031ce6bef2fe1f9de10c4d345

SHA512
b3e3d289e11ed539f25c70c24723c55e3ffa88d1697ae225a9ea5b3aed70b396cc099e3597d8463cf00da0a8312e60191bb9279b5d298909b08f652591286279

Download Submit
C:\Users\Admin\.vscode\extensions\.4c632648-282a-4ada-b950-32e007c23877\node_modules\uuid\dist\cjs\rng.d.ts

Filesize
43B

MD5
069dd342250840b2aeed753e40b57404

SHA1
63e9cf9f465aa97ab40136a0c1c26f5dbe968b05

SHA256
43b8bf0182f6c141c27b92470c429aa455ea9613e7ff8ca6f157efb94ea16375

SHA512
7313cb1265bee177b0858d65e8b78e09994262cd3ca7f58a3569c03d97b6964ad3bb91403c30c53a700f16ef45e94fbbc52c31a0d7485741e21e5b30c6e2ba27

Download Submit
C:\Users\Admin\.vscode\extensions\.4c632648-282a-4ada-b950-32e007c23877\node_modules\uuid\dist\cjs\stringify.d.ts

Filesize
179B

MD5
b719b709c200883a0570564c60c3f525

SHA1
f6c3e4d4dd555ae4eb58ab2f39bd86412d7a57f2

SHA256
fc820b2f0c21501f51f79b58a21d3fa7ae5659fc1812784dbfbb72af147659ee

SHA512
ff2c7e67d7bac3c5d23457b50d4e970228c72758969915dcdcc3fdf438e710f2d4ce054ecd8b35fbb93819ba240626274ec490b1540d574c9f5fc572b9649c7c

Download Submit
C:\Users\Admin\.vscode\extensions\.4c632648-282a-4ada-b950-32e007c23877\node_modules\uuid\dist\cjs\test\test_constants.d.ts

Filesize
739B

MD5
48f2fb3a80f2b24df31d56fec4abda6e

SHA1
d7a0e08223b55c9dbff6b7faf73e5e3212c74c87

SHA256
50fad1c161f710a409fba90712ad7b69b155e882bf0ca7448a01ab88d6ebc70b

SHA512
c3ecb37227c5e6a87fcb5f6b3aea2fb864ed457eeb630365358ab77311b33dd6b4aae1b9dce8e2802259a2863ea535ba5aa634eb731c940f5ae0fcbcaf018e72

Download Submit
C:\Users\Admin\.vscode\extensions\.4c632648-282a-4ada-b950-32e007c23877\node_modules\uuid\dist\cjs\types.d.ts

Filesize
499B

MD5
b64fd9c8e87e4402c1a78c51a91f948f

SHA1
8c5dde070e614f85cd6d9325ab553ecfcc35edae

SHA256
a65cf458c879172bef4012d3397612e7357bf72971b09db5bb5bf8fca0957612

SHA512
c122fda515c5655b06d945d49da5347300132250f35615843850f452cf46aa6eddf736f5d00edf4715a0822edc4e41fa16bbee054a953e910b37d62a81b056e7

Download Submit
C:\Users\Admin\.vscode\extensions\.4c632648-282a-4ada-b950-32e007c23877\node_modules\uuid\dist\cjs\v1.d.ts

Filesize
461B

MD5
106b564012f4e57707abfd27e9038bd3

SHA1
fce15746bbc2cc5f15c373884cdd0505994dfef9

SHA256
d128037db3a40d1d8ae8ec36431e6a4678df56d236729f620e58f4a37f9f33d0

SHA512
d3d62be26175c95bc6b036043bfc7e07122df7ec657ebc99544c7a87fd32050d3da1307cac0fa3463211dec56d1d56a4a167a25d23183fefd8afad90816fc6c4

Download Submit
C:\Users\Admin\.vscode\extensions\.4c632648-282a-4ada-b950-32e007c23877\node_modules\uuid\dist\cjs\v1ToV6.d.ts

Filesize
116B

MD5
1dd197e037b107d06cf1883282dbc005

SHA1
5e6ade6e4d67914701409c6d3d216849f5152fa6

SHA256
31501b8fc4279e78f6a05ca35e365e73c0b0c57d06dbe8faecb10c7254ce7714

SHA512
e4b4dece23592b9aa652da1ee4ffa64742255b81d288756f6b3b7e68cc2ec28ac28d3e37f829dace693c6addcc6faab668b55af5612c4f5b66cf2009dac37d7d

Download Submit
C:\Users\Admin\.vscode\extensions\.4c632648-282a-4ada-b950-32e007c23877\node_modules\uuid\dist\cjs\v3.d.ts

Filesize
393B

MD5
4291649268cc53d9bd7794644fcbb627

SHA1
751df3f8947c5fde5bb31bf9c53ecae0e4289f8e

SHA256
c3b65655e9b7b290340f3a1c73c7e02907dd290a288de5e62726350da39b96b1

SHA512
7902d091079e36e0d1d961b1dc946db8b61694c39324d9475ca9f77d4437991bacd5990b178517ba24e63588a388bb4180a71d00b26e96b893ea7cc34d6016ac

Download Submit
C:\Users\Admin\.vscode\extensions\.4c632648-282a-4ada-b950-32e007c23877\node_modules\uuid\dist\cjs\v35.d.ts

Filesize
481B

MD5
41f4a682ebaa29a4d18a93dc877f1a6a

SHA1
f39f27e243bfb9ef97972dc9d38fcaab965f40b4

SHA256
9985141f349552055b7b6b5082384fdbc1758ba14ff51fada049347628b4e018

SHA512
50e87f7b7d3cd6b60f057138e2f282a418f3b835faefe210bfba51307e035d5afde437f39df4d11d0590746490e16ce0ecc2d49748d8f3d538a680382c6aea36

Download Submit
C:\Users\Admin\.vscode\extensions\.4c632648-282a-4ada-b950-32e007c23877\node_modules\uuid\dist\cjs\v4.d.ts

Filesize
260B

MD5
65ae65a35b524999c916d3ced6841602

SHA1
56fbe65776aa21a5a14279a674f0b3a5a3a2d60c

SHA256
c0398181fff2b85eef72a8abfad6a8b31bc5989a3a763fd3d0fd61154e55bcfc

SHA512
88429167409bf233cb68a2aeaa3f59a0399fbe5733b5f9fefef92ee0ac1dd93e129556b1214d96c390a05f9700c21a2ffe536f69fbcc0861a4571ed6fc1e8df5

Download Submit
C:\Users\Admin\.vscode\extensions\.4c632648-282a-4ada-b950-32e007c23877\node_modules\uuid\dist\cjs\v5.d.ts

Filesize
393B

MD5
03272d907066b07d9d6a7e4b31e974d5

SHA1
436e99667d00c5a9298410e4d8cd23be1e9d33df

SHA256
89daadaa769a9bf8c1fa26a464e06459197a5914ed42702e1ce439bb5915b767

SHA512
ad572b3cb0059cb37107d7e30afe1039d61a93aeebb45c024416e4a3aea120e44093d029b8401d190da45320a7690887af8be7b5df90776805a87aa6e83841ed

Download Submit
C:\Users\Admin\.vscode\extensions\.4c632648-282a-4ada-b950-32e007c23877\node_modules\uuid\dist\cjs\v6.d.ts

Filesize
260B

MD5
f69da31d6981acb065441688c03aafd4

SHA1
04da058c2abe334104088d4d4a07fdaa564800dd

SHA256
83af685afea5d13d6cd6a8db34aba9aec7962c289bb6c92e770e838e7d5faec9

SHA512
53491a52883f5b41f5c349d0dc21bceaa4f50f9dc1d23b984734197d48bf2f902aaad34f747a715a8fc45f5dcfcf9b3488f1a9b6090eed51948f5568b2fce5e5

Download Submit
C:\Users\Admin\.vscode\extensions\.4c632648-282a-4ada-b950-32e007c23877\node_modules\uuid\dist\cjs\v6ToV1.d.ts

Filesize
116B

MD5
c8bb7f1bff6236c8f5c0aa002621cc6f

SHA1
acbcdc36a8728bb75591077fc3cde918752770f4

SHA256
d05bd4d28c12545827349b0ac3a79c50658d68147dad38d13e97e22353544496

SHA512
f6d6b57fb77bbbef46e92b98e319afea0335e92bc85882816cc65ef3fa202867ceee0c7cc3170b2e61668cbc538cb6e98e8030e28a5655132e34a7e06c3fef51

Download Submit
C:\Users\Admin\.vscode\extensions\.4c632648-282a-4ada-b950-32e007c23877\node_modules\uuid\dist\cjs\v7.d.ts

Filesize
413B

MD5
06849ce3ae5a8928c9533d2412cb9a23

SHA1
cd06607ed86fbb2a9b6586af3414066f8e968d43

SHA256
b99abb32e0aa47c71bf14b6bd2ebc526a4afcee1553c157e49864e41868bdfa4

SHA512
4de5557339d4e8064d5af19047772b7d01ae8b3d365b66a68a9e9289b326a1d2e210a1c3207c25a8e965077841cee24d3b8830ca5f3a916bb25adfddb13073e0

Download Submit
C:\Users\Admin\.vscode\extensions\.4c632648-282a-4ada-b950-32e007c23877\node_modules\uuid\dist\cjs\validate.d.ts

Filesize
76B

MD5
6bb06ff8cdea7ba641b983343fab9feb

SHA1
e81f184bed04dc2072afbc2730872dc4353d0ec4

SHA256
04ace6bedd6f59c30ea6df1f0f8d432c728c8bc5c5fd0c5c1c80242d3ab51977

SHA512
4772dda42d1c21bacfb908730e480e42e77abe116cbbcb9de97cf43a9197d08ddddef951bcfe607026bce1644d6960365214cf1df4a5fad5854b87837631efc8

Download Submit
C:\Users\Admin\.vscode\extensions\.4c632648-282a-4ada-b950-32e007c23877\node_modules\uuid\dist\cjs\version.d.ts

Filesize
72B

MD5
16fa8e0f8555ba97a793a44764d4a296

SHA1
d083c0328078128fe65225eeb9e224e1b92deb36

SHA256
57a8a7772769c35ba7b4b1ba125f0812deec5c7102a0d04d9e15b1d22880c9e8

SHA512
505aebdc6e35bb56c6684cabb9011e1d866163e5020ffac368638cd0f69741eeb9d4e669e6ffc68d10aa8b9a856aee062a4559cc7918beaa4cfe3cf9e1c65ac0

Download Submit
C:\Users\Admin\.vscode\extensions\.4c632648-282a-4ada-b950-32e007c23877\package.json

Filesize
6KB

MD5
a1c6f08b6618517de05736d75cea841e

SHA1
27219b80e74bf0e9c8eba97a6bc962600a839a24

SHA256
419771a774ba3e1e1c6497e1ca4f1b34728443b8e91557e9f9e0cdab0c1a799b

SHA512
2736685bf97afcd9a0fdd627bbbd5f546e160a7a22b31530dd191264cc7425aedf4a37e907566d5c1393de383a0a2ac2c0ef87142411012afff247cdd53af62a

Download Submit
C:\Users\Admin\.vscode\extensions\extensions.json

Filesize
829B

MD5
3d4a61128b20b0b314b6ad87067422f3

SHA1
ef8cb7b02fadb12509e999dd28a61e2022eedc02

SHA256
25fa05029f77b951796f41548cf0a29ae86f27afe592caadeab23855fb0fdd34

SHA512
f9d6431a96e9021c0ca6e865dff23d8de553b9b7e083496e54b15a15b9d73ba94d8a3b69e47af80c8f769f745c167baeefac0a383a0fc3a2e7078528e9614cc5

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
def7b8e6879df2019d7bc07a44b79ffc

SHA1
3aa23647e70604a562a41540238caab33de8d24b

SHA256
6b1f50bac70915ba4fa8da12098b920d87cc1e3cbc3cb11f8fcebc10aaed2fdf

SHA512
57078516422aae975f6c1af840c57880e9c52f06ac0d7adca5ebb136d7585cfd68d35a11c8e694e63dc3c605bb1122aaf439ebae35b5aaf83d2f37eefe8c3fba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
f388dcb849619429cd3aa5153ddd1500

SHA1
380a4cc6f7561045b2fbb9c9f9e1ae119c9a4f33

SHA256
4a88063b3019937b0bed57e91e64ad772a5ab54ab0c624c2bfb1c61ea9dde424

SHA512
07f59874c8d0d56ec33f620a07563e388d9c86cd6094b5a7b7a51baa35d03170b9c494a8a80692ad8e30e90c148db1c85d697cf37c8a4634e0540473befa6d89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
35a0fc7afc883ab2c1844d2ec052fb0e

SHA1
19423ca2f742d9e59d17d0349051fe25cc2c2a20

SHA256
f916fa4af17f7bbbb9c79899bc0fe426dc8086255c44694cd70f7203e953b8a3

SHA512
4c8cd214cd6f31547d631262e9f5f4b6e2f199c4c7b18df7f76f546a26adbd41557eb0a465102ed4f03d6d520d3aaee3c006b7f2dfb4912d7e2ff0fdee64cf52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
b03819e8203330b482ef3641e4e20704

SHA1
d7a1beeeea6051f938abd29d17a07500726ee01d

SHA256
45b8e525c451561fead3ab537459aeba7d9007c559c02c84d691bc0a28a1eb35

SHA512
87e4345d42a576eee3bb0dafb9bcda9465238bf9f77f52853c9702bf4c247c40d3546e9308dc62cad8be1cf8e5719419bc604c566edf802ac75f99354b1eae5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
d851fbb278baac2c2f14cd689b1e0253

SHA1
91ab767fedad7e306cad7c5a8535000af73759c0

SHA256
331f587d7c28628c48579e9c729b9ba5a9de32199c9043688062f1069a7dfa91

SHA512
abab16da936147d71add0e60a23ba4098577a0c73b90a27c8e5c2adb06941de31aae650a8697a7a25273a741ba96993f1ad12eac3c8a185a8257fe8f5d0effe1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
522a96faa1f83ab7e9e3279c1507fd1b

SHA1
8a66350066194820c83a596e6d9adb84deb50aeb

SHA256
209a72b063f55b3433a247fd9c1506dcec0331819e985ce651c2a18c6504a5b0

SHA512
5abcccbcff278768fd34c8e836a6f89c74131a407e485764703dd67db5fe450cb5b91757074f543cd7889b451114ea36f6e991857089d4477a82ddceddbd60e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
a3138221a4508d3af965aecf420b2373

SHA1
596dac84afe4c102e622c59bf418a0c41ea1c940

SHA256
9d03d745c8e2a515fd79d21547d5bb750f122f53c3e2e0746c8b6ed24a657665

SHA512
30af05b0041b870a071fb8217508181924f538af0a1ea770293fd659852985a236116e4e9fcfbaf59db5eadba3fb30bfb13e8f04b2633166e1c01aafb4d620a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b8114dd3bcfd633c0cd6e8359a855682

SHA1
a0b2ec523a4a8dfc3e556a62121c6bceaff3a780

SHA256
fb8a8bc3e60f5dee7847bf9c52f968bc0c60dd7971c50a693dd38d9ec2d89f95

SHA512
d9d53162ce47532575f8316ae01c70bd1e63def135954e0ef48ae35743e071cb8eb71988d8e1f84bd8776bd58af90e47f0230d60425dd32f8a63de5783e42666

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
01791498577feb2a035a8dc94efdf28a

SHA1
951b486e081b2ef847355c2b74b9d9fb40765566

SHA256
e9449af7faa6da3a1b943f73d324899dc70853dffdfb77a43246f2c6cf4a22e0

SHA512
088bb971da19abf67c73d96584195d8899ce9b5673b66d1a035d365a2bb87767e5869f799aa57bab49a2733c74205f447a735c2b72fd121473303acdacb49220

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a525b3ed0ec142e4e7a75dfd995260fa

SHA1
0e10459e9ede75197b3e28c658b41004b3183be5

SHA256
e762bcf78a1763bdd60c7546d26073f5652b980cb40365b657182bacf0d3bfac

SHA512
d3fb281ecb4f2a87484634043f7ecdb2e90daf2b73a2c816eea4d46de8abd73fc4faf8ea7f4e45ee382e6363b08835aa173e61fc2f3456cd3ffe9b0cda1b7593

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ded860bf890ff01fe38a69a5b7dfa0c9

SHA1
36a5f93c9a1645ebc3787db8979de37d3df2940f

SHA256
3ba9759a6107a71e82ed1f6066019ee88ee7d54266c5646b83b28597248493f5

SHA512
837be20ab443389755e88a027da1b43a270fdee41c005c26721766ae83bf7b296309094274241ecdc52898139785aaccc4c0e96934d1b21d1ea9664ffc4221ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
14f5f81ef52c134556441e8f01f81118

SHA1
f34e950826db29e62db58b980d0d5ad0cb05fce9

SHA256
1abce6e577e5f8c531d9840859ec6bbe77ea06863f6b92b33454072e43da8b6c

SHA512
0189b61a6c5506f2ff44f9aeb5018481948633a1a36559565ebb9a885fc4d934f4ac841e9a4353aaebc8ca0f3c2f20cc2638e97f4d2db3c79ec1869706adefff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f8e22108637c45b8b837da06ec358443

SHA1
3695ac41511280e5d7789f359cb62cf5a99fbbcc

SHA256
518fea8c211d2e0f2588097d34ada4362ab0b7d21f2a7f3b8c46e9b7feb76eb7

SHA512
d1dd00c3df57db901a591c31e31e8398e168f8f5ecf70fe594a35d7c9ed666c6438666c3ce6619463a444d8306cc2d851496459c8b1519471e3c7c52cd228b47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
63fff7d6e295e9c0463f83f69938ddc2

SHA1
26c86d396a8821c0f8da6319ed765c57e955fb90

SHA256
25504f11615fbad87212c8938e5d1c6eab2abc4ea2c7e2253d55fdf86e5f1771

SHA512
fbddfbdcd8b28b6949afc003b567392c9428e6c74d8330fe67119a7994affad659299b52c8ca099ab5960c167d7fb40a080c53ce88577cadeab76694ba4938bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b12d8bf9d3222d3eb511a40139882b6f

SHA1
c5a187b42c90a0ae5f2ea38669dd47e4cbdaec84

SHA256
38a40aa587a2086ce2fee28ecbe5f6055439ae471fcb9c86dd75ea1ea758dd10

SHA512
5629c03e75d2f848780ab78dcfb94da460984f082f66489d1106535db77fd07bd3d8f62724e76d3aa8675985e111f5fc419b8be5d1dc79266f3b16da8e80cd9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4e170e83f7c3317ba38aadee20845729

SHA1
7aa49045b6c353ffa40bbbb681caad1a8063d26c

SHA256
3182aa30bd7dc6525ac8764fd0e3a94a4eaa12edd7a28804d05f5a00b32e33ed

SHA512
25126f186b779d421d9cf293a3068a9913ef683ea9e09fa3eb5b00b290a2e2a9a557ddac00f4a01f0f238cf129a3e653a297a34bd8a67b27b48774814937f83e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cd6d771286ec5daaeffdbae653321ae3

SHA1
e80dc397e6f8a1ed3311ec0829baf986c6cad235

SHA256
ec75b0f64bd21798788d923f4a7a2a4c99cc59f9648638023baf4fb5d03dd8fd

SHA512
baa12bac6d19d77d88bc2ed607f63edb578e73afa3fa731dc3e008459cbe6e0c4188b5c1be9384e27d484685619321f1b182965a7097f2230d249640d0dd70c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7bace3834733956bf2845707b818a13d

SHA1
6717e21a5881e412253bfbe11e0e253ce3066782

SHA256
76f7f940e9a69f1acbe07e5542cc86cc07cdd35495506758c1c66702e930945d

SHA512
85e54781cebe40fa39e4598711ab1da4b3a9e6af9dcb5cccaae023b31da34575f54931f489d21ca639c44a0ff977051ec200d78d14b148699edd3157ba420eef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
33427283a87f9e4b7fae94e74f704e34

SHA1
120530c67e97476fee855928793bfd5d05bfb1c1

SHA256
a8f578db55d046469699bfe2645f04a01060ab3fcb576076f2ee1c69646cb031

SHA512
3809c387437de4cabb27d65907559b384aba6fd1c2ff5a6fccbe06cf83fcbc17ac3c1f587730466c2cd770c6e6ab51a9d9fc97102da975112c1b1b91581b86b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3a9f692462f73c59f3a9cfd7178fac5b

SHA1
103b248ac51e6866c171331b172f1075a9996ca3

SHA256
bc40437358caa28d877555577d8c88d76380f221690309c2f7b5909551ca1202

SHA512
c251880135a62ced8c67d4ecf38a3f18dcf3f7d9cd869950bece34998b57a9c93f47da8193bd851df4b2676959a458733a578f4dd705c2b3992d3dab7505b2d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7dc11d461d3fb365dd5d49d3c5a46dc3

SHA1
ba808bdb4cbe1c0f831fec23bead2d2b1824de14

SHA256
52a31b3a9bb2742052053ce33d6e4e2a6c14cc0ee90492e189acb772dc57e6fe

SHA512
0412ebf8aa0aa1a78242331df0d987f214ecaa1e4ad1f57233c86b0e9f0e3147684e180ff3bb395422b5ce7e4f86ebb65f4c281f5a08e6fbb5d41e2dec7031f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
09aa9fecbdeea9c6d4e89e2585cf0584

SHA1
6c4308926375e6e4c73bbea614d49f7a87958c6b

SHA256
7e852ae312f26ad09fb2d8a191f7b02eb0584d9ae5c10fc40b3c74af20222cc8

SHA512
529070050b9a53eeac7ca98fd55740a9d63b52328e6161391fe989c6233633f4285fb618ba9cd0e9ff7132eb0c69ebdc4043d46c67174f217ab7571d2eb8ed47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8e2304d464809482b593f4c668bf2145

SHA1
9aee8e641e198d78d7076c984e7a94587737e025

SHA256
138e1f6c449a08ac9dc870b3f08ec732a89273be06f175e6257374c5fbf9406a

SHA512
c98dd8c7326e142522da82b0beafcf3d63c6cf5a2c1eaec25de6352ea8858feeadd6952da70becf134248e12e5c8465d7160ddd327c14ef4bfdcf69d23e98d00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\afad0bad-8d8a-48d8-a694-eecd6c50eb4a.tmp

Filesize
10KB

MD5
95361f18fbcf8288643f55b1f3443b7c

SHA1
ab7b6be9ea38555cee4708fa25b4bd8fbc0c9b47

SHA256
df4a8651c87f1635d50d24e4165e9645e710063f8cb7651aead87c1f5b8a3f95

SHA512
7db2b981f59e88d497145c151fb1b07beb4dfc2318dc2f4098fe282aca52adcae91b0165810ac04eace6e2dd681fae96beb6b8e596b4b397d12d8b5c15b18e1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
b89a8e3fe92a8c92a10373cf33b191b4

SHA1
b97cba71943981daf3167acd5b4af923f1ef2ae6

SHA256
cdabc76740859647158485cc5b49a03dbe2cde7d80f1f3fe42a595ef5cd4e852

SHA512
a9a32d459ba082199c24493f20838758847d33ed19591fce270921fcef89321123597fcd89cbb74c349f342ec11d9baeb207e533c701a6924f06a8ce5069afc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
d3bfaa0bb4466b7bb6e52be8213f340e

SHA1
50f204147e359a833d724992bc5c25e42ce77148

SHA256
5d3e492ec90a52b0bcd019a733d8ae666b9bde8eac0e2cd28be14ac0310bb4ac

SHA512
671a97b1fa35bf0b0d1d09bb28b553b3d5d70319253c38a54a9f38bec7e67f4141201c33998d3d29d032caa0508ad707d28de4c2b6d22ca87a8eee49c342ef2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
e2e21000a64469a9ac7760680bc8f10a

SHA1
09a0f05e15a52e6b0ed0a232949a73bd6bc121cf

SHA256
d9af22ef6e61777e1fd16fb2a69290f44e7f589c81966cc7244eb4ce490ca336

SHA512
000300ad4ae26b748a96f2536f47e8097501ddea0635adc6fdc5d86b95bcc5ca9d328d35c41ae1cc081a6b6864649fd11b98c1724e54657c7e59d82c8b96543a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
15cf0bfeef2cb65123686bdecf40a100

SHA1
587ab67596396208944596ba23caf87f5d04f8ee

SHA256
797fd74665d71be4449d3284b590d6441f1784875946006003d42745b0ddc827

SHA512
87a26499950915e35e660d838232515db08a11f81656af62fbdd34c9321e869ff7f47de6fc29f971369fd13befaea6e60f885d7279139d14f77e4cd9fad168b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
051a939f60dced99602add88b5b71f58

SHA1
a71acd61be911ff6ff7e5a9e5965597c8c7c0765

SHA256
2cff121889a0a77f49cdc4564bdd1320cf588c9dcd36012dbc3669cf73015d10

SHA512
a9c72ed43b895089a9e036aba6da96213fedd2f05f0a69ae8d1fa07851ac8263e58af86c7103ce4b4f9cfe92f9c9d0a46085c066a54ce825ef53505fdb988d1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
003b92b33b2eb97e6c1a0929121829b8

SHA1
6f18e96c7a2e07fb5a80acb3c9916748fd48827a

SHA256
8001f251d5932a62bfe17b0ba3686ce255ecf9adb95a06ecb954faa096be3e54

SHA512
18005c6c07475e6dd1ec310fe511353381cf0f15d086cf20dc6ed8825c872944185c767f80306e56fec9380804933aa37a8f12c720398b4b3b42cb216b41cf77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
23d19b09f93c2c1174af90df33d3a46f

SHA1
24717539b8470938b8c8b67249f02ff8d18d06de

SHA256
bf1d452d4874463e75a8ba9373691aa374afe06486389f2c255522f6859c48ba

SHA512
4883eba98d7df16caa2a7bde71a012f6a92fdfa16f5e28ece7809310d80ea010e37a443bc9a09a8ac7ce8a8283215daed6519fa3798cc7979fa12f174297c57f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
409B

MD5
b12ee6b010e965ed924892682077404b

SHA1
cc06dbdc7cf807fb8aa0f90749f5f07c2fcf55fa

SHA256
fefc13d455791d6cc3d8bee48121ca6d7c21e147fd45c504f236bce95e0ea58d

SHA512
b4178d1bc5b95dbabbc5dd1f902f2601b39904279d56b725a9c4aeacf9c27860c02207b1409298c911976540a30eb194c469f7fea64cb3a117755e57a56c3e1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c414831ef95490dfe9dcb82b42af5f9f

SHA1
cdd1fc22fb69490a5fc3993b7c534d6793c81233

SHA256
05ac1657c99f1e89ba3e9417ba48b125106bb8a14ddc65794ac42f2e1c9c6014

SHA512
04bf374f58c743c4be32281771b60aacc5bfb1e0cda896ee8296146c7171f047a73e5a479fc9789cc17dd0ba033df6494be486e254a6161301218e687deff92c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2a63a72e73a5726adc30159593d75e39

SHA1
c2b9e0178d4d75e7940033e71cb924c181309a8a

SHA256
1c69fc03670deb9f9e7796282f1bc26cee410a206262e2a2cbafc180a4a3b205

SHA512
35af40a941761cecc83526fe287d645c7b798b323a0a550bcd4ccd97a71b42549af4557ff4c05fc73f77d839fc8eee30bd13aec80bc289203fefa8a1feb06d9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d27b735cde91a90c736deac1d691390f

SHA1
8f66b357ca42ad60d7c72a440d3f1c8d61ed4ede

SHA256
538441093f8f0074f4ae86784ad28bf7a6c33ba4e8ef7d80fbd893398ada8071

SHA512
055e8177e5c1be150103da70752dc59718814967faa904c3db0ac52ea2ff43824fde5586744e74e18f2354fe21085211d4cb978ebd83ad3d006becf85343eb43

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_uh4b3o4q.bmw.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-MKE3G.tmp\VSCodeSetup-x64-1.96.2.tmp

Filesize
2.5MB

MD5
3520bfe9d8786232a8f864c3032fa545

SHA1
2213dc47eed186fbc340fe61aa8c1d1d8523b8c8

SHA256
f6d4a7227f1402a9285d1a9be3db1660a2a4f802f57cefa1e3a80b3a124f0613

SHA512
82733685a5f99405b47a2433f456d56007a92cc522645be85c55d2f230bade7ed2097e93c026f511f9b1333f3495552e6d43fe97c565af99b3b53276f539cf82

Download Submit
C:\Users\Admin\AppData\Roaming\Code\CachedData\fabdb6a30b49f79a7aba0f2ad9df9b399473380f\chrome\js\index-dir\the-real-index

Filesize
144B

MD5
2f4f3e7c17d7daec8923243c3c6420a7

SHA1
a5bce175a8f6e4d9529b0a31c8f6d7a2e5c9900c

SHA256
4f9c40a8f5f1d9c0b377711312442cb81d6d1306735a9d322921182ab584fc69

SHA512
45c3f989caa5d67058b13b68cb643315b0c2174a26312028c503096956a37928b9fd80d6e88cf669ea6d887c6e3cf5e6a7766167797431f85af6aa86079afe8a

Download Submit
C:\Users\Admin\AppData\Roaming\Code\CachedData\fabdb6a30b49f79a7aba0f2ad9df9b399473380f\chrome\js\index-dir\the-real-index~RFe5968d2.TMP

Filesize
48B

MD5
62141a140a85b58a66a50b26ae342e83

SHA1
cc539470bfb1e047de33ea0a7146f92cb809f71c

SHA256
f85ce3f548a1daa27ed4ca288c776a88592c2d32cad6cc6f6ef7621f9e664df3

SHA512
457ec6e04eaa58e5f3ba24ceff8d4fa4b0dc13742a1ef13f64a2b4698242a97a9a44db102d6188bb4cf6eade9657b718c6ece7d05fa9cfefb89696d059cdad8b

Download Submit
C:\Users\Admin\AppData\Roaming\Code\CachedData\fabdb6a30b49f79a7aba0f2ad9df9b399473380f\chrome\wasm\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Roaming\Code\CachedProfilesData\__default__profile__\extensions.builtin.cache

Filesize
783KB

MD5
78b4c9b88ee75e71575cdf2e74ec1ca5

SHA1
bef3423a0c8390283ce3b37eb57961115a3bf6b4

SHA256
c552cd8974a2e47a6eec5a65083d802fbd3e1b0d3cd16fa02cc63c10fd746a47

SHA512
afc7aec5a64d991b46e47fb4f85c005969e7842ce44aaf3223bb838c21d56eed3939720923aefa9852dba6117d174184b792183b3191428f012fe936fcb5cff3

Download Submit
C:\Users\Admin\AppData\Roaming\Code\Code Cache\wasm\index-dir\the-real-index

Filesize
48B

MD5
9bb430a1712e8ad635b703f4d8506bcd

SHA1
30d5ab788ec7cff9079621406df25e30e3dc3706

SHA256
8e281c8baac6374d7c401220c91c29bf6d3af3726cb751d2a99fcfae06f0aeb4

SHA512
9b2ab40204e7f4ef8f74f026a99c3de8791a49df8775a8c052ca9291b0657ae14ccf185af37f93c6988be9145e5a636843eef700ef182b114ebaf205256a5da8

Download Submit
C:\Users\Admin\AppData\Roaming\Code\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Roaming\Code\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\Code\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Roaming\Code\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\Code\Network\Network Persistent State

Filesize
652B

MD5
5e5acacd85b8c085279fa4d2922bfaf0

SHA1
13653f401176dbf4cadd1d1829c5f9344445ef9c

SHA256
00b80e48b86c868152fb4e452335ec59854107db662800b7101438c42abcd55f

SHA512
0291ac24134dee31084efd42a9a78a95625627f87d05ae877d64cb852166d6f6e7cada4536ce7a4af6769e574183cd78c9437ec45387e5ecd985c2a7e78a9779

Download Submit
C:\Users\Admin\AppData\Roaming\Code\Network\Network Persistent State~RFe5a2ee1.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\Code\Network\TransportSecurity

Filesize
518B

MD5
e7490738068d3d0a0d1c650b5723c29a

SHA1
0766549b6515d849eb1f409e6ba669986c366ebf

SHA256
b212e66c0d3d447cb519335a8353a25b56ec99a704353d0fc9fb2df870491b61

SHA512
21007e030f16d09693b2bb15ba7ac4ffc9e47bb023cc111e3046f110a83cd75219a7dba1a4a5fef3522dcf48022ffb6dd686982c0c7945211522718d89468c18

Download Submit
C:\Users\Admin\AppData\Roaming\Code\Network\TransportSecurity

Filesize
690B

MD5
75238ced2298deca20b143ae581d0f58

SHA1
7ab96a670bdbf4c5f17cf361079db140b361824d

SHA256
4c5b93aa21fe614fc83c12c305afe2b28f2bda2c9ba608957fa6bd625d01c6fc

SHA512
19eb425d6b132a0836bd5f3356ac3857bad68d6c53d70376bc6cc3b750aa0a51f186df1823afe14b8da915591f7aa366d00e02be54f90c69ee6615c06c7f62fb

Download Submit
C:\Users\Admin\AppData\Roaming\Code\Network\TransportSecurity~RFe59af32.TMP

Filesize
518B

MD5
8cf0bbbdccb18cf39b0a898a7e0cc52c

SHA1
27247eac6407aa7b0e22a9130a40276b2b08f450

SHA256
01bb8dc26cac7ce475789750ecfa132134ae754fbc576ede5a83d41648c15075

SHA512
bec253b8f7231925c2e1d17c395e562a108f31c669b58e702f3b93ce7b8cc674ec92759c19727c2db2f6467649181735d42f48e6f5a01d9dd89f177d92a11763

Download Submit
C:\Users\Admin\AppData\Roaming\Code\User\globalStorage\storage.json

Filesize
1KB

MD5
848753be44bbd412c3c7bfd23758a926

SHA1
16762a1618a9baa95d5a85c24e4b7391375c065f

SHA256
21b2b5ef9251ae536de00119167dd7926cbe3fb68334101983a2d0c03e3bd9ef

SHA512
cec7c2a9ab9416eb48aa2739d4cace80a68365a11653b852296ff39ca34a19ba1b2ebe8b864c27160c679c735160ea3f5944c91abc1ae0632a76d2e23c342945

Download Submit
C:\Users\Admin\AppData\Roaming\Code\User\globalStorage\storage.json

Filesize
2KB

MD5
aa03ce2fba67703745b8558ff5eec0b0

SHA1
0e15d18b0a2e6075137df187427924ae0d170e50

SHA256
290de339e0a2280a799d9c13c2ae1f552d7fea46f41aa25854497fbd32e604e2

SHA512
bd557a07b968b9716c4afd6ecef09e81794b96274bb04ac1e5b5fecae6272b37526259249a4f51041cbf024c14f5a944519a41461cee7cf4a2e320eca3dafd5d

Download Submit
C:\Users\Admin\AppData\Roaming\Code\User\globalStorage\storage.json

Filesize
97B

MD5
19be3964cd78e19ddcffc9bec7609a70

SHA1
ac3fbacaef4b5acdd5af0e22f310e0f67db8ec25

SHA256
9fdd375e0ad9451e6eac8e5ab3a230b176b7ca96a291415e0952c6d1259621af

SHA512
2956c412186e812619843226dffd9b0ef91468d801c3da3b06305cb05811ef3a9935b3e11be8d0ce0faa46235042453fa1d4283dc1760c83e53e3c5ae38de244

Download Submit
C:\Users\Admin\AppData\Roaming\Code\User\globalStorage\storage.json

Filesize
1KB

MD5
62620d16ee5912f71e531062679b89be

SHA1
90377f5b9bbb809d568d23be1ed330cf964e3e62

SHA256
127f59db52f900f4725bab5125b6e60e2bb4aa9af4f6af67ebc4448d2693f77d

SHA512
e6dce4d3b795504c523016013db3c321b55ae964d6e41db8a88b1583f9125023077850a805dd6126372bfae08f35674ff08d97ef77d793ce620cbd3772a5d4e4

Download Submit
C:\Users\Admin\AppData\Roaming\Code\User\globalStorage\storage.json.vsctmp

Filesize
606B

MD5
3ca71664ce8be1783bfff84923bf9933

SHA1
a042c8d043e705db2d33d3e42aab2429f8507599

SHA256
d9d1ff3b68d6b47d24ed07f85a5b5e7ea96a7482a1bad5aac393e057924b6cd1

SHA512
dee6e91be1a4d7e5fabe01353395ef56998e6844f216bb62c8c3bc13e9d0f267a548dede70b0e1e904eda874fffa2a9957cc5aad1345ecb913ac7daf6c6c304a

Download Submit
C:\Users\Admin\AppData\Roaming\Code\User\globalStorage\storage.json.vsctmp

Filesize
1KB

MD5
be43e01fca1c2565088f6fcdff52db85

SHA1
ea4513d37ec2effcc7560cb6f93c03b4e62444fb

SHA256
7d80ea1989b6df5a98464b886996c5010b2f05fde536b72b1ae752092624b751

SHA512
c74795d1bbc5bb35400d8e041847ba152b129925d7aefcbb496e9f558b2dca2510ad63025d176e3e6b6171e6f83fa766d320800d1480c8d95b0dbf5fae04deb0

Download Submit
C:\Users\Admin\AppData\Roaming\Code\User\globalStorage\storage.json.vsctmp

Filesize
1KB

MD5
7c9e339cd8785fa30b812eb8808376e5

SHA1
8eaff56a205e5f87d35fb247543b74432fcb3cd6

SHA256
a217f6395f2a0e5c01144e326205c893b6c2af902597754bd5856e8453a990c1

SHA512
b8293984839883a14d5aec90796dae856dee73c6a7a0266c0e49b23c1a1362e0932972681c89f56c2ef8a4d1c53e86c7a8c582f85c859085cd81382190415469

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1ced32d74a95c7bc.customDestinations-ms

Filesize
2KB

MD5
a8ab7f0ae69faa1f45d748e856496f5b

SHA1
a2501ecfedd5408cac4b18d881fce9d6710fe7ea

SHA256
b9dd6ab95424a517b859a8a095dce8e9547056c33c48700b5d2758cf66af174f

SHA512
928a75fdaec88c92a7241c4d44b33528c6466e04807d097254551499f82b9334c694d3aba270e775c2a7cebbdfad4401b0848d279a86b38f2b9915a7b6f207f7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1ced32d74a95c7bc.customDestinations-ms

Filesize
1KB

MD5
48ee5f6034cb6925a1623f51e50d372b

SHA1
d6f4cd3590f62e7bc6a0fae67415c5c0efe44584

SHA256
ae933ac18b4c7d1bf869bb2a2e6cdd74bc2d51ab3dd459cf246c1ffca48a5676

SHA512
f7c179f41901b06a04b65f8007f4a4d24525aa067ea6916431218bfe2c61a5a8afd5c68e44f739febf9da647a9541c66c8430f35bf8ebb111e347826863adbc5

Download Submit
C:\Users\Admin\Downloads\VSCodeSetup-x64-1.96.2.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/488-5536-0x00007FFCC7F00000-0x00007FFCC7F01000-memory.dmp

Filesize
4KB

Download
memory/488-5535-0x00007FFCC6270000-0x00007FFCC6271000-memory.dmp

Filesize
4KB

Download
memory/568-5466-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/568-663-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/568-771-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/568-662-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/2364-719-0x0000000006E50000-0x0000000006E6A000-memory.dmp

Filesize
104KB

Download
memory/2364-720-0x0000000006EC0000-0x0000000006EE2000-memory.dmp

Filesize
136KB

Download
memory/2364-706-0x00000000063E0000-0x0000000006446000-memory.dmp

Filesize
408KB

Download
memory/2364-705-0x0000000006370000-0x00000000063D6000-memory.dmp

Filesize
408KB

Download
memory/2364-704-0x0000000005AA0000-0x0000000005AC2000-memory.dmp

Filesize
136KB

Download
memory/2364-702-0x00000000054A0000-0x00000000054D6000-memory.dmp

Filesize
216KB

Download
memory/2364-716-0x0000000006920000-0x000000000693E000-memory.dmp

Filesize
120KB

Download
memory/2364-717-0x0000000006960000-0x00000000069AC000-memory.dmp

Filesize
304KB

Download
memory/2364-718-0x0000000007AE0000-0x0000000007B76000-memory.dmp

Filesize
600KB

Download
memory/2364-715-0x0000000006450000-0x00000000067A7000-memory.dmp

Filesize
3.3MB

Download
memory/2364-722-0x0000000008D60000-0x00000000093DA000-memory.dmp

Filesize
6.5MB

Download
memory/2364-703-0x0000000005B50000-0x000000000617A000-memory.dmp

Filesize
6.2MB

Download
memory/2364-721-0x0000000008130000-0x00000000086D6000-memory.dmp

Filesize
5.6MB

Download
memory/3448-5387-0x0000000000400000-0x000000000068E000-memory.dmp

Filesize
2.6MB

Download
memory/3448-790-0x0000000000400000-0x000000000068E000-memory.dmp

Filesize
2.6MB

Download
memory/3448-668-0x0000000000400000-0x000000000068E000-memory.dmp

Filesize
2.6MB

Download
memory/3448-800-0x0000000000400000-0x000000000068E000-memory.dmp

Filesize
2.6MB

Download
memory/3448-5460-0x0000000000400000-0x000000000068E000-memory.dmp

Filesize
2.6MB

Download
memory/3448-3077-0x0000000000400000-0x000000000068E000-memory.dmp

Filesize
2.6MB

Download