Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
8Static
static
1Fableborne...ne.zip
windows10-ltsc 2021-x64
8Fableborne...oP.vbs
windows10-ltsc 2021-x64
1Fableborne...oP.vbs
windows10-ltsc 2021-x64
1Fableborne...toP.js
windows10-ltsc 2021-x64
3Fableborne...toP.js
windows10-ltsc 2021-x64
3Fableborne...toP.js
windows10-ltsc 2021-x64
3Fableborne...toP.js
windows10-ltsc 2021-x64
3Fableborne...oP.vbs
windows10-ltsc 2021-x64
1Fableborne...oP.vbs
windows10-ltsc 2021-x64
1Fableborne...dow.js
windows10-ltsc 2021-x64
3Fableborne...del.js
windows10-ltsc 2021-x64
3Fableborne...ntu.sh
windows10-ltsc 2021-x64
3Fableborne...bot.py
windows10-ltsc 2021-x64
3Fableborne...xie.py
windows10-ltsc 2021-x64
3Fableborne...ils.py
windows10-ltsc 2021-x64
3Fableborne...ond.js
windows10-ltsc 2021-x64
3Fableborne...ill.js
windows10-ltsc 2021-x64
3Fableborne...oP.vbs
windows10-ltsc 2021-x64
1Fableborne...es.vbs
windows10-ltsc 2021-x64
1Fableborne...ges.js
windows10-ltsc 2021-x64
3Fableborne...nts.js
windows10-ltsc 2021-x64
3Analysis
-
max time kernel
929s -
max time network
930s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20250113-en -
resource tags
arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system -
submitted
16/01/2025, 18:46
Static task
static1
Behavioral task
behavioral1
Sample
Fableborne-Crypto-Bot-Crypto-Game-Auto-Farm-Clicker-Cheat-Token-Hack-Api-fableborne.zip
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral2
Sample
Fableborne-Crypto-Bot-Crypto-Game-Auto-Farm-Clicker-Cheat-Token-Hack-Api-fableborne/Fableborne-AutoP.vbs
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral3
Sample
Fableborne-Crypto-Bot-Crypto-Game-Auto-Farm-Clicker-Cheat-Token-Hack-Api-fableborne/Fableborne-AutoP.vbs
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral4
Sample
Fableborne-Crypto-Bot-Crypto-Game-Auto-Farm-Clicker-Cheat-Token-Hack-Api-fableborne/Fableborne-AutoP.js
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral5
Sample
Fableborne-Crypto-Bot-Crypto-Game-Auto-Farm-Clicker-Cheat-Token-Hack-Api-fableborne/Fableborne-AutoP.js
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral6
Sample
Fableborne-Crypto-Bot-Crypto-Game-Auto-Farm-Clicker-Cheat-Token-Hack-Api-fableborne/Fableborne-AutoP.js
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral7
Sample
Fableborne-Crypto-Bot-Crypto-Game-Auto-Farm-Clicker-Cheat-Token-Hack-Api-fableborne/Fableborne-AutoP.js
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral8
Sample
Fableborne-Crypto-Bot-Crypto-Game-Auto-Farm-Clicker-Cheat-Token-Hack-Api-fableborne/Fableborne-AutoP.vbs
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral9
Sample
Fableborne-Crypto-Bot-Crypto-Game-Auto-Farm-Clicker-Cheat-Token-Hack-Api-fableborne/Fableborne-AutoP.vbs
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral10
Sample
Fableborne-Crypto-Bot-Crypto-Game-Auto-Farm-Clicker-Cheat-Token-Hack-Api-fableborne/Fableborne-AutoPlay/MVVM/NosTaleWindow.js
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral11
Sample
Fableborne-Crypto-Bot-Crypto-Game-Auto-Farm-Clicker-Cheat-Token-Hack-Api-fableborne/Fableborne-AutoPlay/MVVM/ViewModel.js
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral12
Sample
Fableborne-Crypto-Bot-Crypto-Game-Auto-Farm-Clicker-Cheat-Token-Hack-Api-fableborne/Fableborne-AutoPlay/MVVM/install_ubuntu.sh
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral13
Sample
Fableborne-Crypto-Bot-Crypto-Game-Auto-Farm-Clicker-Cheat-Token-Hack-Api-fableborne/Fableborne-AutoPlay/MVVM/pyaxie-bot.py
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral14
Sample
Fableborne-Crypto-Bot-Crypto-Game-Auto-Farm-Clicker-Cheat-Token-Hack-Api-fableborne/Fableborne-AutoPlay/MVVM/pyaxie.py
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral15
Sample
Fableborne-Crypto-Bot-Crypto-Game-Auto-Farm-Clicker-Cheat-Token-Hack-Api-fableborne/Fableborne-AutoPlay/MVVM/pyaxie_utils.py
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral16
Sample
Fableborne-Crypto-Bot-Crypto-Game-Auto-Farm-Clicker-Cheat-Token-Hack-Api-fableborne/Fableborne-AutoPlay/MiniGames/Fishpond.js
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral17
Sample
Fableborne-Crypto-Bot-Crypto-Game-Auto-Farm-Clicker-Cheat-Token-Hack-Api-fableborne/Fableborne-AutoPlay/MiniGames/Sawmill.js
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral18
Sample
Fableborne-Crypto-Bot-Crypto-Game-Auto-Farm-Clicker-Cheat-Token-Hack-Api-fableborne/Fableborne-AutoP.vbs
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral19
Sample
Fableborne-Crypto-Bot-Crypto-Game-Auto-Farm-Clicker-Cheat-Token-Hack-Api-fableborne/Fableborne-AutoPlay/Properties/Resources.vbs
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral20
Sample
Fableborne-Crypto-Bot-Crypto-Game-Auto-Farm-Clicker-Cheat-Token-Hack-Api-fableborne/Fableborne-AutoPlay/Utils/Images.js
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral21
Sample
Fableborne-Crypto-Bot-Crypto-Game-Auto-Farm-Clicker-Cheat-Token-Hack-Api-fableborne/Fableborne-AutoPlay/Utils/ReadPoints.js
Resource
win10ltsc2021-20250113-en
General
-
Target
Fableborne-Crypto-Bot-Crypto-Game-Auto-Farm-Clicker-Cheat-Token-Hack-Api-fableborne.zip
-
Size
528KB
-
MD5
fd393da6ef1eda107461de3d083e0672
-
SHA1
258ff54463920e639223c40e542253e6e34d53f5
-
SHA256
6b375c48ad15457b59515cb32a1654772fb18d7f1f5b2921c359975150bd89ef
-
SHA512
86e082b76f9f9d99a623eefe2b374109728e418f769aa5a49c62c5afb4e43c175229cd809ec2b6c49079fd9556dfcfd756702a3bd59f9d311caeaa61b07ea350
-
SSDEEP
12288:PQINU1clpaQP2w6sJKW/vrsbd6t1Do7UB6i9w9ZSNQaSRC0MsoJo8DMNZvTU//:YkU1clpaQP2w6sJKW/vrsbd6tJo7zizt
Malware Config
Signatures
-
Blocklisted process makes network request 10 IoCs
flow pid Process 595 10484 powershell.exe 597 10484 powershell.exe 598 10484 powershell.exe 603 10484 powershell.exe 604 10484 powershell.exe 684 1404 powershell.exe 686 1404 powershell.exe 687 1404 powershell.exe 688 1404 powershell.exe 689 1404 powershell.exe -
Downloads MZ/PE file
-
Checks computer location settings 2 TTPs 46 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Control Panel\International\Geo\Nation Code.exe Key value queried \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Control Panel\International\Geo\Nation Microsoft.VisualStudio.Reliability.Monitor.exe Key value queried \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Control Panel\International\Geo\Nation Microsoft.VisualStudio.Code.ServiceHost.exe Key value queried \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Control Panel\International\Geo\Nation Code.exe Key value queried \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Control Panel\International\Geo\Nation Code.exe Key value queried \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Control Panel\International\Geo\Nation Code.exe Key value queried \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Control Panel\International\Geo\Nation Microsoft.CodeAnalysis.LanguageServer.exe Key value queried \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Control Panel\International\Geo\Nation Microsoft.ServiceHub.Controller.exe Key value queried \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Control Panel\International\Geo\Nation Code.exe Key value queried \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Control Panel\International\Geo\Nation Code.exe Key value queried \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Control Panel\International\Geo\Nation Code.exe Key value queried \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Control Panel\International\Geo\Nation Microsoft.CodeAnalysis.LanguageServer.exe Key value queried \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Control Panel\International\Geo\Nation dotnet.exe Key value queried \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Control Panel\International\Geo\Nation Code.exe Key value queried \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Control Panel\International\Geo\Nation Code.exe Key value queried \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Control Panel\International\Geo\Nation Code.exe Key value queried \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Control Panel\International\Geo\Nation Code.exe Key value queried \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Control Panel\International\Geo\Nation Microsoft.ServiceHub.Controller.exe Key value queried \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Control Panel\International\Geo\Nation Microsoft.VisualStudio.Code.ServiceHost.exe Key value queried \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Control Panel\International\Geo\Nation Microsoft.CodeAnalysis.LanguageServer.exe Key value queried \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Control Panel\International\Geo\Nation VSCodeUserSetup-x64-1.96.3.tmp Key value queried \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Control Panel\International\Geo\Nation Code.exe Key value queried \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Control Panel\International\Geo\Nation Microsoft.VisualStudio.Reliability.Monitor.exe Key value queried \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Control Panel\International\Geo\Nation Microsoft.VisualStudio.Code.ServiceHost.exe Key value queried \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Control Panel\International\Geo\Nation Code.exe Key value queried \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Control Panel\International\Geo\Nation Code.exe Key value queried \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Control Panel\International\Geo\Nation Code.exe Key value queried \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Control Panel\International\Geo\Nation Code.exe Key value queried \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Control Panel\International\Geo\Nation Code.exe Key value queried \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Control Panel\International\Geo\Nation Microsoft.VisualStudio.Code.Server.exe Key value queried \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Control Panel\International\Geo\Nation dotnet.exe Key value queried \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Control Panel\International\Geo\Nation Code.exe Key value queried \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Control Panel\International\Geo\Nation Code.exe Key value queried \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Control Panel\International\Geo\Nation Code.exe Key value queried \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Control Panel\International\Geo\Nation dotnet.exe Key value queried \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Control Panel\International\Geo\Nation dotnet-sdk-9.0.102-win-x64.exe Key value queried \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Control Panel\International\Geo\Nation Code.exe Key value queried \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Control Panel\International\Geo\Nation Code.exe Key value queried \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Control Panel\International\Geo\Nation Code.exe Key value queried \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Control Panel\International\Geo\Nation Code.exe Key value queried \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Control Panel\International\Geo\Nation Microsoft.CodeAnalysis.LanguageServer.exe Key value queried \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Control Panel\International\Geo\Nation Microsoft.VisualStudio.Code.Server.exe Key value queried \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Control Panel\International\Geo\Nation Microsoft.VisualStudio.Code.ServiceHost.exe Key value queried \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Control Panel\International\Geo\Nation Code.exe Key value queried \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Control Panel\International\Geo\Nation Code.exe Key value queried \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Control Panel\International\Geo\Nation Code.exe -
Executes dropped EXE 64 IoCs
pid Process 4880 VSCodeUserSetup-x64-1.96.3.exe 5916 VSCodeUserSetup-x64-1.96.3.tmp 5364 Code.exe 3268 Code.exe 4012 Code.exe 2120 Code.exe 1760 Code.exe 6028 Code.exe 4332 Code.exe 3856 Code.exe 6276 Code.exe 6252 code-tunnel.exe 7068 Code.exe 6176 vsce-sign.exe 6676 Code.exe 6712 Code.exe 6884 vsce-sign.exe 6988 vsce-sign.exe 3256 vsce-sign.exe 7160 vsce-sign.exe 6568 vsce-sign.exe 4036 vsce-sign.exe 2800 vsce-sign.exe 5348 vsce-sign.exe 7368 vsce-sign.exe 10648 Code.exe 10716 Code.exe 10552 Code.exe 10344 Code.exe 10996 Code.exe 10976 Code.exe 11828 vsce-sign.exe 7680 Code.exe 2148 Code.exe 12244 Code.exe 10700 Code.exe 10720 Code.exe 9868 Microsoft.CodeAnalysis.LanguageServer.exe 1576 Code.exe 10276 Code.exe 11056 Code.exe 9600 Code.exe 7380 Code.exe 8220 Code.exe 8428 Code.exe 6556 Code.exe 11940 Code.exe 8736 Code.exe 11604 Code.exe 3228 code-tunnel.exe 7600 Code.exe 1916 Code.exe 8792 Code.exe 11480 rg.exe 9260 rg.exe 9380 rg.exe 3404 rg.exe 12048 rg.exe 9564 Microsoft.CodeAnalysis.LanguageServer.exe 10612 rg.exe 8800 Code.exe 8608 escape-node-job.exe 7772 Microsoft.VisualStudio.Code.Server.exe 8716 Microsoft.ServiceHub.Controller.exe -
Loads dropped DLL 64 IoCs
pid Process 5364 Code.exe 3268 Code.exe 4012 Code.exe 3268 Code.exe 3268 Code.exe 3268 Code.exe 3268 Code.exe 5364 Code.exe 5364 Code.exe 5364 Code.exe 5364 Code.exe 5364 Code.exe 5364 Code.exe 5364 Code.exe 5364 Code.exe 2120 Code.exe 1760 Code.exe 4332 Code.exe 6028 Code.exe 3856 Code.exe 6028 Code.exe 6276 Code.exe 4332 Code.exe 5364 Code.exe 7068 Code.exe 6676 Code.exe 6712 Code.exe 10648 Code.exe 10648 Code.exe 10716 Code.exe 10552 Code.exe 10344 Code.exe 10996 Code.exe 10976 Code.exe 4332 Code.exe 4332 Code.exe 4332 Code.exe 2148 Code.exe 12244 Code.exe 10700 Code.exe 10720 Code.exe 2148 Code.exe 10700 Code.exe 10700 Code.exe 10700 Code.exe 10700 Code.exe 2148 Code.exe 9868 Microsoft.CodeAnalysis.LanguageServer.exe 9868 Microsoft.CodeAnalysis.LanguageServer.exe 9868 Microsoft.CodeAnalysis.LanguageServer.exe 9868 Microsoft.CodeAnalysis.LanguageServer.exe 9868 Microsoft.CodeAnalysis.LanguageServer.exe 9868 Microsoft.CodeAnalysis.LanguageServer.exe 9868 Microsoft.CodeAnalysis.LanguageServer.exe 9868 Microsoft.CodeAnalysis.LanguageServer.exe 9868 Microsoft.CodeAnalysis.LanguageServer.exe 9868 Microsoft.CodeAnalysis.LanguageServer.exe 9868 Microsoft.CodeAnalysis.LanguageServer.exe 9868 Microsoft.CodeAnalysis.LanguageServer.exe 9868 Microsoft.CodeAnalysis.LanguageServer.exe 9868 Microsoft.CodeAnalysis.LanguageServer.exe 9868 Microsoft.CodeAnalysis.LanguageServer.exe 9868 Microsoft.CodeAnalysis.LanguageServer.exe 9868 Microsoft.CodeAnalysis.LanguageServer.exe -
Modifies file permissions 1 TTPs 1 IoCs
pid Process 3268 icacls.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{f38c80ed-7c21-42c4-a9d2-58226fd818b3} = "\"C:\\ProgramData\\Package Cache\\{f38c80ed-7c21-42c4-a9d2-58226fd818b3}\\dotnet-sdk-9.0.102-win-x64.exe\" /burn.runonce" dotnet-sdk-9.0.102-win-x64.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\L: msiexec.exe File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\Q: msiexec.exe File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\R: msiexec.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\W: msiexec.exe File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\O: msiexec.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\Y: msiexec.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs
flow ioc 381 raw.githubusercontent.com 382 raw.githubusercontent.com 383 raw.githubusercontent.com 507 raw.githubusercontent.com 508 raw.githubusercontent.com -
pid Process 4936 dotnet.exe 9980 dotnet.exe 5348 vsce-sign.exe 7368 vsce-sign.exe 9868 Microsoft.CodeAnalysis.LanguageServer.exe 9564 Microsoft.CodeAnalysis.LanguageServer.exe 9020 dotnet.exe 9324 Microsoft.CodeAnalysis.LanguageServer.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\dotnet\sdk\9.0.102\FSharp\it\FSharp.Core.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\9.0.102\cs\NuGet.Credentials.resources.dll msiexec.exe File created C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\9.0.1\analyzers\dotnet\cs\Microsoft.AspNetCore.App.CodeFixes.dll msiexec.exe File created C:\Program Files\dotnet\sdk\9.0.102\DotnetTools\dotnet-format\System.Composition.Convention.dll msiexec.exe File created C:\Program Files\dotnet\sdk\9.0.102\Sdks\Microsoft.SourceLink.Common\tools\net\zh-Hant\Microsoft.SourceLink.Common.resources.dll msiexec.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\9.0.1\fr\PresentationFramework.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\9.0.102\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelinteroperability_5_all_warnaserror.globalconfig msiexec.exe File created C:\Program Files\dotnet\sdk\9.0.102\Containers\tasks\net472\ja\Microsoft.NET.Build.Containers.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\9.0.102\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelnaming_5_all.globalconfig msiexec.exe File created C:\Program Files\dotnet\sdk\9.0.102\Containers\tasks\net9.0\ko\Microsoft.NET.Build.Containers.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\9.0.102\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelreliability_6_all_warnaserror.globalconfig msiexec.exe File created C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\9.0.1\ref\net9.0\System.IO.FileSystem.AccessControl.xml msiexec.exe File created C:\Program Files\dotnet\packs\NETStandard.Library.Ref\2.1.0\ref\netstandard2.1\System.Buffers.dll msiexec.exe File created C:\Program Files\dotnet\sdk\9.0.102\DotnetTools\dotnet-watch\9.0.102-servicing.24611.3\tools\net9.0\any\Microsoft.CodeAnalysis.Elfie.dll msiexec.exe File created C:\Program Files\dotnet\sdk\9.0.102\Sdks\Microsoft.SourceLink.GitHub\tools\netframework\it\Microsoft.SourceLink.GitHub.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\9.0.102\ja\NuGet.DependencyResolver.Core.resources.dll msiexec.exe File created C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\9.0.1\Microsoft.AspNetCore.Http.dll msiexec.exe File created C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\9.0.1\ref\net9.0\System.Text.Encoding.dll msiexec.exe File created C:\Program Files\dotnet\packs\NETStandard.Library.Ref\2.1.0\ref\netstandard2.1\System.Threading.Thread.dll msiexec.exe File created C:\Program Files\dotnet\sdk\9.0.102\de\Microsoft.TestPlatform.CoreUtilities.resources.dll msiexec.exe File created C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\9.0.1\ref\net9.0\Microsoft.Extensions.Http.dll msiexec.exe File created C:\Program Files\dotnet\sdk\9.0.102\Containers\containerize\tr\System.CommandLine.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\9.0.102\Sdks\Microsoft.SourceLink.Bitbucket.Git\tools\net\it\Microsoft.SourceLink.Bitbucket.Git.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\9.0.102\DotnetTools\dotnet-format\System.Security.Cryptography.Xml.dll msiexec.exe File created C:\Program Files\dotnet\sdk\9.0.102\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelperformance_10_all.globalconfig msiexec.exe File created C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\9.0.1\ref\net9.0\System.Runtime.Serialization.Xml.xml msiexec.exe File created C:\Program Files\dotnet\packs\Microsoft.WindowsDesktop.App.Ref\9.0.1\ref\net9.0\System.Windows.Forms.Primitives.xml msiexec.exe File created C:\Program Files\dotnet\sdk\9.0.102\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelperformance_8_default_warnaserror.globalconfig msiexec.exe File created C:\Program Files\dotnet\sdk\9.0.102\DotnetTools\dotnet-format\pt-BR\Microsoft.CodeAnalysis.CSharp.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\9.0.102\DotnetTools\dotnet-watch\9.0.102-servicing.24611.3\tools\net9.0\any\BuildHost-net472\System.Threading.Tasks.Extensions.dll msiexec.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\9.0.1\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll msiexec.exe File created C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\9.0.1\ref\net9.0\Microsoft.AspNetCore.Mvc.ViewFeatures.dll msiexec.exe File created C:\Program Files\dotnet\sdk\9.0.102\FSharp\System.Security.Cryptography.Xml.dll msiexec.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\9.0.1\clrgc.dll msiexec.exe File created C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\9.0.1\analyzers\dotnet\roslyn4.4\cs\tr\Microsoft.Extensions.Options.SourceGeneration.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\9.0.102\Sdks\Microsoft.NET.Sdk\tools\net9.0\fr\Microsoft.DotNet.ApiCompat.Task.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\9.0.102\Containers\tasks\net9.0\Microsoft.NET.Build.Containers.deps.json msiexec.exe File created C:\Program Files\dotnet\sdk\9.0.102\es\Microsoft.DotNet.Cli.Sln.Internal.resources.dll msiexec.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\9.0.1\System.Buffers.dll msiexec.exe File created C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\9.0.1\analyzers\dotnet\cs\pt-BR\System.Text.Json.SourceGeneration.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\9.0.102\TestHostNetFramework\pt-BR\Microsoft.TestPlatform.CoreUtilities.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\9.0.102\Sdks\Microsoft.NET.Sdk.Publish\targets\PublishTargets\Microsoft.NET.Sdk.Publish.Kudu.targets msiexec.exe File created C:\Program Files\dotnet\sdk\9.0.102\Sdks\Microsoft.Build.Tasks.Git\tools\net\zh-Hans\Microsoft.Build.Tasks.Git.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\9.0.102\Sdks\Microsoft.SourceLink.AzureRepos.Git\tools\net\fr\Microsoft.SourceLink.AzureRepos.Git.resources.dll msiexec.exe File created C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\9.0.1\ref\net9.0\System.Diagnostics.Tools.dll msiexec.exe File created C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\9.0.1\ref\net9.0\System.Net.Mail.xml msiexec.exe File created C:\Program Files\dotnet\sdk\9.0.102\Microsoft\Microsoft.NET.Build.Extensions\net461\lib\System.Xml.XDocument.dll msiexec.exe File created C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\9.0.1\THIRD-PARTY-NOTICES.txt msiexec.exe File created C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\9.0.1\ref\net9.0\Microsoft.AspNetCore.Authentication.Abstractions.dll msiexec.exe File created C:\Program Files\dotnet\sdk\9.0.102\Sdks\Microsoft.SourceLink.Bitbucket.Git\tools\netframework\es\Microsoft.SourceLink.Bitbucket.Git.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\9.0.102\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelinteroperability_5_minimum_warnaserror.globalconfig msiexec.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\9.0.1\pl\System.Windows.Input.Manipulations.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\9.0.102\FSharp\runtimes\win\lib\net9.0\System.Diagnostics.EventLog.Messages.dll msiexec.exe File created C:\Program Files\dotnet\sdk\9.0.102\DotnetTools\dotnet-watch\9.0.102-servicing.24611.3\tools\net9.0\any\zh-Hans\Microsoft.CodeAnalysis.Workspaces.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\9.0.102\Sdks\Microsoft.NET.Sdk\analyzers\pt-BR\Microsoft.CodeAnalysis.NetAnalyzers.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\9.0.102\DotnetTools\dotnet-format\zh-Hans\dotnet-format.resources.dll msiexec.exe File created C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\9.0.1\ref\net9.0\System.Net.Requests.dll msiexec.exe File created C:\Program Files\dotnet\packs\Microsoft.NETCore.App.Ref\9.0.1\ref\net9.0\System.Security.SecureString.dll msiexec.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\9.0.1\zh-Hant\PresentationUI.resources.dll msiexec.exe File created C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\9.0.1\Microsoft.Extensions.Caching.Abstractions.dll msiexec.exe File created C:\Program Files\dotnet\sdk\9.0.102\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelglobalization_8_recommended_warnaserror.globalconfig msiexec.exe File created C:\Program Files\dotnet\sdk\9.0.102\fr\Microsoft.TestPlatform.CommunicationUtilities.resources.dll msiexec.exe File created C:\Program Files\dotnet\sdk\9.0.102\Sdks\Microsoft.NET.Sdk\analyzers\build\config\analysislevelnaming_10_none.globalconfig msiexec.exe File created C:\Program Files\dotnet\packs\Microsoft.WindowsDesktop.App.Ref\9.0.1\ref\net9.0\System.Windows.Input.Manipulations.dll msiexec.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\Installer\e5f95ea.msi msiexec.exe File created C:\Windows\Installer\e5f960c.msi msiexec.exe File created C:\Windows\Installer\SourceHash{ED4843DF-A375-4522-AAC8-81456F595023} msiexec.exe File opened for modification C:\Windows\Installer\MSIDC69.tmp msiexec.exe File created C:\Windows\Installer\inprogressinstallinfo.ipi msiexec.exe File created C:\Windows\Installer\e5f95c2.msi msiexec.exe File created C:\Windows\Installer\SourceHash{A7036CFB-B403-4598-85FF-D397ABB88173} msiexec.exe File created C:\Windows\Installer\SourceHash{736FFE9E-6571-4059-B73D-F97F07E9F98D} msiexec.exe File opened for modification C:\Windows\Installer\MSID03E.tmp msiexec.exe File created C:\Windows\Installer\e5f9612.msi msiexec.exe File opened for modification C:\Windows\Installer\e5f962b.msi msiexec.exe File opened for modification C:\Windows\SystemTemp Code.exe File created C:\Windows\Installer\e5f95c1.msi msiexec.exe File opened for modification C:\Windows\Installer\MSIAFF2.tmp msiexec.exe File created C:\Windows\Installer\e5f9616.msi msiexec.exe File created C:\Windows\Installer\SourceHash{3147923D-653F-4494-8FDC-3738E733EDB3} msiexec.exe File created C:\Windows\Installer\e5f9626.msi msiexec.exe File opened for modification C:\Windows\Installer\e5f95bb.msi msiexec.exe File created C:\Windows\Installer\e5f95e5.msi msiexec.exe File opened for modification C:\Windows\Installer\e5f95ea.msi msiexec.exe File created C:\Windows\Installer\e5f95fd.msi msiexec.exe File opened for modification C:\Windows\Installer\e5f95fe.msi msiexec.exe File opened for modification C:\Windows\Installer\e5f9630.msi msiexec.exe File opened for modification C:\Windows\Installer\e5f9635.msi msiexec.exe File opened for modification C:\Windows\Installer\e5f95d6.msi msiexec.exe File created C:\Windows\Installer\e5f95db.msi msiexec.exe File created C:\Windows\Installer\SourceHash{76737228-5B3F-4431-9C02-BC3C1B25198B} msiexec.exe File opened for modification C:\Windows\Installer\MSIC4CC.tmp msiexec.exe File created C:\Windows\Installer\SourceHash{3BF99384-85F0-49DC-A595-3B5785EB053D} msiexec.exe File opened for modification C:\Windows\SystemTemp Code.exe File opened for modification C:\Windows\Installer\$PatchCache$\Managed\63337BB296F4141479799EDBF63E89A0\64.8.8795 msiexec.exe File opened for modification C:\Windows\Installer\e5f95d1.msi msiexec.exe File created C:\Windows\Installer\SourceHash{D495A8C6-191D-4CE2-91B3-05AC7A46052F} msiexec.exe File created C:\Windows\Installer\e5f960d.msi msiexec.exe File opened for modification C:\Windows\Installer\MSIEAC8.tmp msiexec.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log msiexec.exe File created C:\Windows\Installer\$PatchCache$\Managed\63337BB296F4141479799EDBF63E89A0\64.8.8795\fileCoreHostExe msiexec.exe File created C:\Windows\Installer\e5f95e9.msi msiexec.exe File opened for modification C:\Windows\Installer\MSIBFE8.tmp msiexec.exe File opened for modification C:\Windows\SystemTemp Code.exe File opened for modification C:\Windows\Installer\MSI9DD1.tmp msiexec.exe File created C:\Windows\Installer\e5f95bb.msi msiexec.exe File opened for modification C:\Windows\Installer\MSIB4D8.tmp msiexec.exe File created C:\Windows\Installer\SourceHash{99053FAE-3A7C-381D-948A-6F614864781D} msiexec.exe File opened for modification C:\Windows\Installer\MSID390.tmp msiexec.exe File created C:\Windows\Installer\SourceHash{332C3F8D-8B59-3ED7-86F4-F052497D83A1} msiexec.exe File opened for modification C:\Windows\Installer\MSIADBD.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSIAF36.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSIC579.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSID169.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSIDE12.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSIA1AE.tmp msiexec.exe File opened for modification C:\Windows\Installer\$PatchCache$\Managed\63337BB296F4141479799EDBF63E89A0\64.8.8795\fileCoreHostExe msiexec.exe File opened for modification C:\Windows\Installer\MSIABE5.tmp msiexec.exe File opened for modification C:\Windows\Installer\e5f95c7.msi msiexec.exe File created C:\Windows\Installer\e5f95d5.msi msiexec.exe File opened for modification C:\Windows\Installer\MSID908.tmp msiexec.exe File opened for modification C:\Windows\Installer\e5f9617.msi msiexec.exe File opened for modification C:\Windows\Installer\MSIA110.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSID341.tmp msiexec.exe File created C:\Windows\Installer\e5f9607.msi msiexec.exe File opened for modification C:\Windows\Installer\MSICF13.tmp msiexec.exe File created C:\Windows\Installer\e5f963f.msi msiexec.exe File created C:\Windows\Installer\SourceHash{ABB11EA1-8B33-4442-BF21-1CBFC3607489} msiexec.exe -
Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs
When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.
description ioc Process File created C:\Users\Admin\Downloads\VSCodeUserSetup-x64-1.96.3.exe:Zone.Identifier firefox.exe -
pid Process 10984 powershell.exe 1404 powershell.exe 9316 powershell.exe 10376 powershell.exe 1724 powershell.exe 4944 powershell.exe 12228 powershell.exe 10484 powershell.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 41 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language powershell.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Microsoft.CodeAnalysis.LanguageServer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Microsoft.VisualStudio.Code.Server.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language VSCodeUserSetup-x64-1.96.3.tmp Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Microsoft.CodeAnalysis.LanguageServer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Microsoft.VisualStudio.Code.Server.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language dotnet-sdk-9.0.102-win-x64.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language dotnet-sdk-9.0.102-win-x64.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Microsoft.CodeAnalysis.LanguageServer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language VSCodeUserSetup-x64-1.96.3.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language dotnet-sdk-9.0.102-win-x64.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe -
System Time Discovery 1 TTPs 64 IoCs
Adversary may gather the system time and/or time zone settings from a local or remote system.
pid Process 10484 cmd.exe 8888 cmd.exe 8972 dotnet.exe 6660 dotnet.exe 9024 dotnet.exe 7872 cmd.exe 11008 dotnet.exe 7340 cmd.exe 6472 cmd.exe 4528 dotnet.exe 8780 dotnet.exe 5676 dotnet.exe 9688 cmd.exe 6324 Microsoft.VisualStudio.Code.ServiceHost.exe 8188 Microsoft.CodeAnalysis.LanguageServer.exe 9744 cmd.exe 9544 cmd.exe 9996 cmd.exe 6184 dotnet.exe 8172 cmd.exe 1556 dotnet.exe 1712 dotnet.exe 7576 dotnet.exe 10732 dotnet.exe 8676 cmd.exe 11212 dotnet.exe 4352 cmd.exe 10820 Microsoft.CodeAnalysis.Workspaces.MSBuild.BuildHost.exe 7624 cmd.exe 10452 cmd.exe 1404 powershell.exe 8636 cmd.exe 9428 cmd.exe 9932 dotnet.exe 11912 cmd.exe 9612 dotnet.exe 9084 dotnet.exe 8176 cmd.exe 7248 dotnet.exe 4440 cmd.exe 5328 dotnet.exe 6308 dotnet.exe 2052 cmd.exe 8560 cmd.exe 5680 dotnet.exe 2856 dotnet.exe 9456 Microsoft.VisualStudio.Code.ServiceHost.exe 7972 cmd.exe 9024 dotnet.exe 12024 dotnet.exe 10484 powershell.exe 6816 cmd.exe 3916 cmd.exe 11180 cmd.exe 11012 dotnet.exe 1112 dotnet.exe 8980 cmd.exe 8432 cmd.exe 8508 dotnet.exe 7912 dotnet.exe 10180 cmd.exe 7460 dotnet.exe 7516 cmd.exe 6176 vsce-sign.exe -
Checks processor information in registry 2 TTPs 46 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString Microsoft.CodeAnalysis.LanguageServer.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString Code.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz Microsoft.CodeAnalysis.LanguageServer.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString Code.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Microsoft.VisualStudio.Code.Server.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz Code.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString Microsoft.VisualStudio.Code.Server.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz Code.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz Microsoft.VisualStudio.Code.Server.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Microsoft.CodeAnalysis.LanguageServer.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Microsoft.VisualStudio.Code.Server.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 Code.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Code.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz Code.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString Code.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 Code.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz Code.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Microsoft.CodeAnalysis.LanguageServer.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz Code.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString Microsoft.CodeAnalysis.LanguageServer.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 Code.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString Microsoft.CodeAnalysis.LanguageServer.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Code.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz Code.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 Code.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 Code.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString Code.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz Microsoft.VisualStudio.Code.Server.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString Code.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Microsoft.CodeAnalysis.LanguageServer.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString Microsoft.VisualStudio.Code.Server.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Code.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString Code.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 Code.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz Microsoft.CodeAnalysis.LanguageServer.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz Microsoft.CodeAnalysis.LanguageServer.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe -
Enumerates system info in registry 2 TTPs 9 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Kills process with taskkill 64 IoCs
pid Process 2632 taskkill.exe 5328 taskkill.exe 8256 taskkill.exe 11040 taskkill.exe 12020 taskkill.exe 8520 taskkill.exe 8104 taskkill.exe 11936 taskkill.exe 8328 taskkill.exe 10708 taskkill.exe 11216 taskkill.exe 6968 taskkill.exe 7408 taskkill.exe 8464 taskkill.exe 10460 taskkill.exe 12060 taskkill.exe 11152 taskkill.exe 7484 taskkill.exe 2836 taskkill.exe 10208 taskkill.exe 6504 taskkill.exe 10452 taskkill.exe 8664 taskkill.exe 11340 taskkill.exe 9852 taskkill.exe 7252 taskkill.exe 8864 taskkill.exe 12056 taskkill.exe 9520 taskkill.exe 8688 taskkill.exe 10112 taskkill.exe 6616 taskkill.exe 8368 taskkill.exe 11920 taskkill.exe 10232 taskkill.exe 11036 taskkill.exe 6460 taskkill.exe 6936 taskkill.exe 8280 taskkill.exe 6932 taskkill.exe 10452 taskkill.exe 11224 taskkill.exe 9748 taskkill.exe 10220 taskkill.exe 11028 taskkill.exe 10148 taskkill.exe 9780 taskkill.exe 9992 taskkill.exe 5280 taskkill.exe 7532 taskkill.exe 5576 taskkill.exe 6220 taskkill.exe 7284 taskkill.exe 6840 taskkill.exe 10968 taskkill.exe 11732 taskkill.exe 1476 taskkill.exe 10492 taskkill.exe 10788 taskkill.exe 5720 taskkill.exe 6912 taskkill.exe 9932 taskkill.exe 6820 taskkill.exe 6920 taskkill.exe -
Modifies data under HKEY_USERS 62 IoCs
description ioc Process Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\29 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2f msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\36 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\39 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3C msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3F msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\30 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\37 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\DeveloperTools dotnet.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\DeveloperTools\deviceid = "d2d8b80b-f0ac-4267-aca1-884ebb137652" dotnet.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\39 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\42 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2D msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\31 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\43 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2c msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2d msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\32 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\33 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\37 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\38 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\27 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3c msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2E msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\32 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\36 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3D msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\42 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\28 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\29 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2e msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2F msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\40 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\30 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3E msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3e msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\35 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3B msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\41 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\41\52C64B7E msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3a msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3A msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3b msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2B msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2C msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\31 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\33 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3d msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\34 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\35 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3f msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\40 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\41 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\34 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\38 msiexec.exe -
Modifies registry class 64 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000_Classes\.wxi\OpenWithProgids VSCodeUserSetup-x64-1.96.3.tmp Set value (str) \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000_Classes\Applications\Code.exe\shell\open\Icon = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\"" VSCodeUserSetup-x64-1.96.3.tmp Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BFC6307A304B895458FF3D79BA8B1837\Version = "402681297" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E9EFF637175695047BD39FF7709E9FD8\SourceList\Media msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\65EB95FC413B71B43B2CB8177986D165\SourceList\PackageName = "250dac7f9982e125eb665370a4d2d401-x64.msi" msiexec.exe Set value (str) \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000_Classes\.diff\OpenWithProgids\VSCode.diff VSCodeUserSetup-x64-1.96.3.tmp Set value (str) \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000_Classes\VSCode.mdoc\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\resources\\app\\resources\\win32\\markdown.ico" VSCodeUserSetup-x64-1.96.3.tmp Key created \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000_Classes\.pyi\OpenWithProgids VSCodeUserSetup-x64-1.96.3.tmp Set value (str) \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000_Classes\VSCode.pyi\AppUserModelID = "Microsoft.VisualStudioCode" VSCodeUserSetup-x64-1.96.3.tmp Key created \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000_Classes\VSCode.rs\shell\open VSCodeUserSetup-x64-1.96.3.tmp Key created \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000_Classes\.svgz\OpenWithProgids VSCodeUserSetup-x64-1.96.3.tmp Set value (str) \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000_Classes\Directory\Background\shell\VSCode\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\" \"%V\"" VSCodeUserSetup-x64-1.96.3.tmp Set value (str) \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000_Classes\.fsscript\OpenWithProgids\VSCode.fsscript VSCodeUserSetup-x64-1.96.3.tmp Key created \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000_Classes\.less VSCodeUserSetup-x64-1.96.3.tmp Key created \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000_Classes\VSCode.ps1\shell\open\command VSCodeUserSetup-x64-1.96.3.tmp Set value (int) \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" Code.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\D8F3C23395B87DE3684F0F2594D7381A\FT_DepProvider msiexec.exe Set value (str) \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000_Classes\VSCode.aspx\shell\open\Icon = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\"" VSCodeUserSetup-x64-1.96.3.tmp Set value (str) \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000_Classes\VSCode.containerfile\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\" \"%1\"" VSCodeUserSetup-x64-1.96.3.tmp Key created \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000_Classes\VSCode.handlebars\shell\open\command VSCodeUserSetup-x64-1.96.3.tmp Key created \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000_Classes\.less\OpenWithProgids VSCodeUserSetup-x64-1.96.3.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0FDA5EBAC1D43BA4596269530B53D71D msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\82273767F3B51344C920CBC3B15291B8\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{76737228-5B3F-4431-9C02-BC3C1B25198B}v35.0.7\\" msiexec.exe Key created \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000_Classes\.pl\OpenWithProgids VSCodeUserSetup-x64-1.96.3.tmp Set value (str) \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000_Classes\VSCode.txt\shell\open\Icon = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\"" VSCodeUserSetup-x64-1.96.3.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\94D2BECFCD01E073E912E7BC434C612C msiexec.exe Set value (str) \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000_Classes\VSCode.jshintrc\AppUserModelID = "Microsoft.VisualStudioCode" VSCodeUserSetup-x64-1.96.3.tmp Key created \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000_Classes\VSCode.lua\shell\open\command VSCodeUserSetup-x64-1.96.3.tmp Key created \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000_Classes\.mkdn VSCodeUserSetup-x64-1.96.3.tmp Set value (str) \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000_Classes\VSCode.plist\ = "Properties file Source File" VSCodeUserSetup-x64-1.96.3.tmp Key created \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000_Classes\.xhtml VSCodeUserSetup-x64-1.96.3.tmp Set value (str) \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000_Classes\VSCode.ascx\ = "ASCX Source File" VSCodeUserSetup-x64-1.96.3.tmp Key created \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000_Classes\VSCode.asp\shell\open VSCodeUserSetup-x64-1.96.3.tmp Set value (str) \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000_Classes\VSCode.gitconfig\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\resources\\app\\resources\\win32\\config.ico" VSCodeUserSetup-x64-1.96.3.tmp Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\NetCore_Templates_9.0_36.8.53199_x64 dotnet-sdk-9.0.102-win-x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.NET.Sdk.Aspire,8.0.100,8.2.2,x64\ = "{2E5C5364-621F-4F22-8B81-18524D6F0361}" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\2974ACF0A7D8B1B35B6B251434DF9DA8 msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F6ABEA8F2E626544888227E05FF9EDC0\Language = "1033" msiexec.exe Key created \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000_Classes\VSCode.asp\shell\open\command VSCodeUserSetup-x64-1.96.3.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_9.0_x64\Version = "72.4.26282" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\57C84C618D24A6E448B5322370251409 msiexec.exe Key created \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000_Classes\VSCode.bashrc VSCodeUserSetup-x64-1.96.3.tmp Set value (str) \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000_Classes\VSCode.json\shell\open\Icon = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\"" VSCodeUserSetup-x64-1.96.3.tmp Key created \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000_Classes\VSCode.xhtml\DefaultIcon VSCodeUserSetup-x64-1.96.3.tmp Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A80DA75CFF3B1A6439C38309B2C797FA\Version = "1207985834" msiexec.exe Key created \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000_Classes\.cmake\OpenWithProgids VSCodeUserSetup-x64-1.96.3.tmp Key created \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000_Classes\.dockerfile VSCodeUserSetup-x64-1.96.3.tmp Key created \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000_Classes\VSCode.hh\DefaultIcon VSCodeUserSetup-x64-1.96.3.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7B72E2FB1B98B5D4D86081EFCF198ABC\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{BF2E27B7-89B1-4D5B-8D06-18FEFC91A8CB}v72.4.26276\\" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\FD3484DE573A2254AA8C1854F6950532 msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A80DA75CFF3B1A6439C38309B2C797FA\SourceList\Media msiexec.exe Set value (str) \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000_Classes\.c\OpenWithProgids\VSCode.c VSCodeUserSetup-x64-1.96.3.tmp Set value (str) \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000_Classes\VSCode.clj\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\" \"%1\"" VSCodeUserSetup-x64-1.96.3.tmp Key created \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000_Classes\.code-workspace\OpenWithProgids VSCodeUserSetup-x64-1.96.3.tmp Set value (str) \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000_Classes\VSCode.mdtext\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\" \"%1\"" VSCodeUserSetup-x64-1.96.3.tmp Set value (str) \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000_Classes\VSCode.r\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe\" \"%1\"" VSCodeUserSetup-x64-1.96.3.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\netstandard_targeting_pack_24.0.28113_x64\Version = "24.0.28113" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\E6C6E1F643BEF123BBC28258DFCE6CC0\48399FB30F58CD945A59B37558BE50D3 msiexec.exe Key created \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000_Classes\VSCode.editorconfig\DefaultIcon VSCodeUserSetup-x64-1.96.3.tmp Set value (str) \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000_Classes\VSCode.edn\ = "Extensible Data Notation Source File" VSCodeUserSetup-x64-1.96.3.tmp Set value (str) \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000_Classes\VSCode.jav\ = "Java Source File" VSCodeUserSetup-x64-1.96.3.tmp Key created \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000_Classes\VSCode.tex\shell\open VSCodeUserSetup-x64-1.96.3.tmp Set value (int) \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193" Code.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8D5B79C8D4281C14F8D17BB071803DBD\Language = "1033" msiexec.exe -
description ioc Process Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e vsce-sign.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e vsce-sign.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e75490f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e vsce-sign.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e199604000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e vsce-sign.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 vsce-sign.exe -
NTFS ADS 2 IoCs
description ioc Process File created C:\Users\Admin\Downloads\VSCodeUserSetup-x64-1.96.3.exe:Zone.Identifier firefox.exe File opened for modification C:\Users\Admin\Downloads\Unconfirmed 136936.crdownload:SmartScreen msedge.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 4944 powershell.exe 4944 powershell.exe 4944 powershell.exe 5916 VSCodeUserSetup-x64-1.96.3.tmp 5916 VSCodeUserSetup-x64-1.96.3.tmp 10648 Code.exe 10648 Code.exe 7916 msedge.exe 7916 msedge.exe 8120 msedge.exe 8120 msedge.exe 8480 msedge.exe 8480 msedge.exe 6452 msedge.exe 6452 msedge.exe 11420 identity_helper.exe 11420 identity_helper.exe 12100 msedge.exe 12100 msedge.exe 12184 powershell.exe 12184 powershell.exe 12184 powershell.exe 12228 powershell.exe 12228 powershell.exe 12228 powershell.exe 10484 powershell.exe 10484 powershell.exe 10484 powershell.exe 11412 powershell.exe 11412 powershell.exe 11412 powershell.exe 10984 powershell.exe 10984 powershell.exe 10984 powershell.exe 1404 powershell.exe 1404 powershell.exe 1404 powershell.exe 8832 Code.exe 8832 Code.exe 8100 msedge.exe 8100 msedge.exe 7592 msedge.exe 7592 msedge.exe 10844 identity_helper.exe 10844 identity_helper.exe 5352 msedge.exe 5352 msedge.exe 11192 msiexec.exe 11192 msiexec.exe 11192 msiexec.exe 11192 msiexec.exe 11192 msiexec.exe 11192 msiexec.exe 11192 msiexec.exe 11192 msiexec.exe 11192 msiexec.exe 11192 msiexec.exe 11192 msiexec.exe 11192 msiexec.exe 11192 msiexec.exe 11192 msiexec.exe 11192 msiexec.exe 11192 msiexec.exe 11192 msiexec.exe -
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
pid Process 6352 OpenWith.exe 9600 Code.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs
pid Process 8120 msedge.exe 8120 msedge.exe 6452 msedge.exe 6452 msedge.exe 6452 msedge.exe 6452 msedge.exe 6452 msedge.exe 6452 msedge.exe 6452 msedge.exe 6452 msedge.exe 7592 msedge.exe 7592 msedge.exe 7592 msedge.exe 7592 msedge.exe 7592 msedge.exe 7592 msedge.exe 7592 msedge.exe 7592 msedge.exe 7592 msedge.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeRestorePrivilege 4668 7zFM.exe Token: 35 4668 7zFM.exe Token: SeSecurityPrivilege 4668 7zFM.exe Token: SeDebugPrivilege 1200 firefox.exe Token: SeDebugPrivilege 1200 firefox.exe Token: SeDebugPrivilege 5916 VSCodeUserSetup-x64-1.96.3.tmp Token: SeDebugPrivilege 5916 VSCodeUserSetup-x64-1.96.3.tmp Token: SeDebugPrivilege 5916 VSCodeUserSetup-x64-1.96.3.tmp Token: SeDebugPrivilege 4944 powershell.exe Token: SeDebugPrivilege 5916 VSCodeUserSetup-x64-1.96.3.tmp Token: SeDebugPrivilege 5916 VSCodeUserSetup-x64-1.96.3.tmp Token: SeDebugPrivilege 5916 VSCodeUserSetup-x64-1.96.3.tmp Token: SeDebugPrivilege 5916 VSCodeUserSetup-x64-1.96.3.tmp Token: SeDebugPrivilege 5916 VSCodeUserSetup-x64-1.96.3.tmp Token: SeDebugPrivilege 5916 VSCodeUserSetup-x64-1.96.3.tmp Token: SeDebugPrivilege 5916 VSCodeUserSetup-x64-1.96.3.tmp Token: SeShutdownPrivilege 5364 Code.exe Token: SeCreatePagefilePrivilege 5364 Code.exe Token: SeShutdownPrivilege 5364 Code.exe Token: SeCreatePagefilePrivilege 5364 Code.exe Token: SeShutdownPrivilege 5364 Code.exe Token: SeCreatePagefilePrivilege 5364 Code.exe Token: SeDebugPrivilege 5364 Code.exe Token: SeDebugPrivilege 5364 Code.exe Token: SeShutdownPrivilege 5364 Code.exe Token: SeCreatePagefilePrivilege 5364 Code.exe Token: SeShutdownPrivilege 5364 Code.exe Token: SeCreatePagefilePrivilege 5364 Code.exe Token: SeShutdownPrivilege 5364 Code.exe Token: SeCreatePagefilePrivilege 5364 Code.exe Token: SeShutdownPrivilege 5364 Code.exe Token: SeCreatePagefilePrivilege 5364 Code.exe Token: SeShutdownPrivilege 5364 Code.exe Token: SeCreatePagefilePrivilege 5364 Code.exe Token: SeShutdownPrivilege 5364 Code.exe Token: SeCreatePagefilePrivilege 5364 Code.exe Token: SeShutdownPrivilege 5364 Code.exe Token: SeCreatePagefilePrivilege 5364 Code.exe Token: SeShutdownPrivilege 5364 Code.exe Token: SeCreatePagefilePrivilege 5364 Code.exe Token: SeShutdownPrivilege 5364 Code.exe Token: SeCreatePagefilePrivilege 5364 Code.exe Token: SeShutdownPrivilege 5364 Code.exe Token: SeCreatePagefilePrivilege 5364 Code.exe Token: SeShutdownPrivilege 5364 Code.exe Token: SeCreatePagefilePrivilege 5364 Code.exe Token: SeShutdownPrivilege 5364 Code.exe Token: SeCreatePagefilePrivilege 5364 Code.exe Token: SeShutdownPrivilege 5364 Code.exe Token: SeCreatePagefilePrivilege 5364 Code.exe Token: SeShutdownPrivilege 5364 Code.exe Token: SeCreatePagefilePrivilege 5364 Code.exe Token: SeShutdownPrivilege 5364 Code.exe Token: SeCreatePagefilePrivilege 5364 Code.exe Token: SeShutdownPrivilege 5364 Code.exe Token: SeCreatePagefilePrivilege 5364 Code.exe Token: SeShutdownPrivilege 5364 Code.exe Token: SeCreatePagefilePrivilege 5364 Code.exe Token: SeShutdownPrivilege 5364 Code.exe Token: SeCreatePagefilePrivilege 5364 Code.exe Token: SeShutdownPrivilege 5364 Code.exe Token: SeCreatePagefilePrivilege 5364 Code.exe Token: SeShutdownPrivilege 5364 Code.exe Token: SeCreatePagefilePrivilege 5364 Code.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 4668 7zFM.exe 4668 7zFM.exe 1200 firefox.exe 1200 firefox.exe 1200 firefox.exe 1200 firefox.exe 1200 firefox.exe 1200 firefox.exe 1200 firefox.exe 1200 firefox.exe 1200 firefox.exe 1200 firefox.exe 1200 firefox.exe 1200 firefox.exe 1200 firefox.exe 1200 firefox.exe 1200 firefox.exe 1200 firefox.exe 1200 firefox.exe 1200 firefox.exe 1200 firefox.exe 1200 firefox.exe 1200 firefox.exe 1200 firefox.exe 1200 firefox.exe 5916 VSCodeUserSetup-x64-1.96.3.tmp 5364 Code.exe 8120 msedge.exe 8120 msedge.exe 6452 msedge.exe 6452 msedge.exe 6452 msedge.exe 6452 msedge.exe 6452 msedge.exe 6452 msedge.exe 6452 msedge.exe 6452 msedge.exe 6452 msedge.exe 6452 msedge.exe 6452 msedge.exe 6452 msedge.exe 6452 msedge.exe 6452 msedge.exe 6452 msedge.exe 6452 msedge.exe 6452 msedge.exe 6452 msedge.exe 6452 msedge.exe 6452 msedge.exe 6452 msedge.exe 6452 msedge.exe 6452 msedge.exe 6452 msedge.exe 6452 msedge.exe 6452 msedge.exe 6452 msedge.exe 6452 msedge.exe 6452 msedge.exe 6452 msedge.exe 6452 msedge.exe 6452 msedge.exe 6452 msedge.exe 6452 msedge.exe 6452 msedge.exe -
Suspicious use of SendNotifyMessage 22 IoCs
pid Process 1200 firefox.exe 1200 firefox.exe 1200 firefox.exe 1200 firefox.exe 1200 firefox.exe 1200 firefox.exe 1200 firefox.exe 1200 firefox.exe 1200 firefox.exe 1200 firefox.exe 1200 firefox.exe 1200 firefox.exe 1200 firefox.exe 1200 firefox.exe 1200 firefox.exe 1200 firefox.exe 1200 firefox.exe 1200 firefox.exe 1200 firefox.exe 1200 firefox.exe 1200 firefox.exe 1200 firefox.exe -
Suspicious use of SetWindowsHookEx 26 IoCs
pid Process 1200 firefox.exe 1200 firefox.exe 1200 firefox.exe 1200 firefox.exe 6352 OpenWith.exe 6352 OpenWith.exe 6352 OpenWith.exe 6352 OpenWith.exe 6352 OpenWith.exe 6352 OpenWith.exe 6352 OpenWith.exe 6352 OpenWith.exe 6352 OpenWith.exe 6352 OpenWith.exe 6352 OpenWith.exe 6352 OpenWith.exe 6352 OpenWith.exe 6352 OpenWith.exe 6352 OpenWith.exe 6352 OpenWith.exe 6352 OpenWith.exe 6352 OpenWith.exe 6352 OpenWith.exe 6352 OpenWith.exe 6352 OpenWith.exe 9600 Code.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1564 wrote to memory of 1200 1564 firefox.exe 88 PID 1564 wrote to memory of 1200 1564 firefox.exe 88 PID 1564 wrote to memory of 1200 1564 firefox.exe 88 PID 1564 wrote to memory of 1200 1564 firefox.exe 88 PID 1564 wrote to memory of 1200 1564 firefox.exe 88 PID 1564 wrote to memory of 1200 1564 firefox.exe 88 PID 1564 wrote to memory of 1200 1564 firefox.exe 88 PID 1564 wrote to memory of 1200 1564 firefox.exe 88 PID 1564 wrote to memory of 1200 1564 firefox.exe 88 PID 1564 wrote to memory of 1200 1564 firefox.exe 88 PID 1564 wrote to memory of 1200 1564 firefox.exe 88 PID 1200 wrote to memory of 1232 1200 firefox.exe 89 PID 1200 wrote to memory of 1232 1200 firefox.exe 89 PID 1200 wrote to memory of 1232 1200 firefox.exe 89 PID 1200 wrote to memory of 1232 1200 firefox.exe 89 PID 1200 wrote to memory of 1232 1200 firefox.exe 89 PID 1200 wrote to memory of 1232 1200 firefox.exe 89 PID 1200 wrote to memory of 1232 1200 firefox.exe 89 PID 1200 wrote to memory of 1232 1200 firefox.exe 89 PID 1200 wrote to memory of 1232 1200 firefox.exe 89 PID 1200 wrote to memory of 1232 1200 firefox.exe 89 PID 1200 wrote to memory of 1232 1200 firefox.exe 89 PID 1200 wrote to memory of 1232 1200 firefox.exe 89 PID 1200 wrote to memory of 1232 1200 firefox.exe 89 PID 1200 wrote to memory of 1232 1200 firefox.exe 89 PID 1200 wrote to memory of 1232 1200 firefox.exe 89 PID 1200 wrote to memory of 1232 1200 firefox.exe 89 PID 1200 wrote to memory of 1232 1200 firefox.exe 89 PID 1200 wrote to memory of 1232 1200 firefox.exe 89 PID 1200 wrote to memory of 1232 1200 firefox.exe 89 PID 1200 wrote to memory of 1232 1200 firefox.exe 89 PID 1200 wrote to memory of 1232 1200 firefox.exe 89 PID 1200 wrote to memory of 1232 1200 firefox.exe 89 PID 1200 wrote to memory of 1232 1200 firefox.exe 89 PID 1200 wrote to memory of 1232 1200 firefox.exe 89 PID 1200 wrote to memory of 1232 1200 firefox.exe 89 PID 1200 wrote to memory of 1232 1200 firefox.exe 89 PID 1200 wrote to memory of 1232 1200 firefox.exe 89 PID 1200 wrote to memory of 1232 1200 firefox.exe 89 PID 1200 wrote to memory of 1232 1200 firefox.exe 89 PID 1200 wrote to memory of 1232 1200 firefox.exe 89 PID 1200 wrote to memory of 1232 1200 firefox.exe 89 PID 1200 wrote to memory of 1232 1200 firefox.exe 89 PID 1200 wrote to memory of 1232 1200 firefox.exe 89 PID 1200 wrote to memory of 1232 1200 firefox.exe 89 PID 1200 wrote to memory of 1232 1200 firefox.exe 89 PID 1200 wrote to memory of 1232 1200 firefox.exe 89 PID 1200 wrote to memory of 1232 1200 firefox.exe 89 PID 1200 wrote to memory of 1232 1200 firefox.exe 89 PID 1200 wrote to memory of 1232 1200 firefox.exe 89 PID 1200 wrote to memory of 1232 1200 firefox.exe 89 PID 1200 wrote to memory of 1232 1200 firefox.exe 89 PID 1200 wrote to memory of 1232 1200 firefox.exe 89 PID 1200 wrote to memory of 1232 1200 firefox.exe 89 PID 1200 wrote to memory of 1232 1200 firefox.exe 89 PID 1200 wrote to memory of 1232 1200 firefox.exe 89 PID 1200 wrote to memory of 5028 1200 firefox.exe 90 PID 1200 wrote to memory of 5028 1200 firefox.exe 90 PID 1200 wrote to memory of 5028 1200 firefox.exe 90 PID 1200 wrote to memory of 5028 1200 firefox.exe 90 PID 1200 wrote to memory of 5028 1200 firefox.exe 90 PID 1200 wrote to memory of 5028 1200 firefox.exe 90 PID 1200 wrote to memory of 5028 1200 firefox.exe 90 PID 1200 wrote to memory of 5028 1200 firefox.exe 90 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Fableborne-Crypto-Bot-Crypto-Game-Auto-Farm-Clicker-Cheat-Token-Hack-Api-fableborne.zip"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4668
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1564 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- Checks processor information in registry
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1200 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1964 -parentBuildID 20240401114208 -prefsHandle 1880 -prefMapHandle 1872 -prefsLen 27137 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8daec4e0-ca89-41f8-84ab-b79782eba184} 1200 "\\.\pipe\gecko-crash-server-pipe.1200" gpu3⤵PID:1232
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2372 -parentBuildID 20240401114208 -prefsHandle 2364 -prefMapHandle 2360 -prefsLen 27015 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {130ebdc2-fd12-4a6b-8f07-a4dba811f9dd} 1200 "\\.\pipe\gecko-crash-server-pipe.1200" socket3⤵PID:5028
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2964 -childID 1 -isForBrowser -prefsHandle 2988 -prefMapHandle 3000 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d4a906d-0b98-4a27-9bfc-55128e1bd8ab} 1200 "\\.\pipe\gecko-crash-server-pipe.1200" tab3⤵PID:1908
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4016 -childID 2 -isForBrowser -prefsHandle 4008 -prefMapHandle 4004 -prefsLen 32389 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8365e695-80d1-4256-a0c1-0399832017fc} 1200 "\\.\pipe\gecko-crash-server-pipe.1200" tab3⤵PID:4664
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4948 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4944 -prefMapHandle 4936 -prefsLen 32389 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {428f68d1-2b85-4d58-af2f-6a3e82280793} 1200 "\\.\pipe\gecko-crash-server-pipe.1200" utility3⤵
- Checks processor information in registry
PID:844
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4032 -childID 3 -isForBrowser -prefsHandle 2784 -prefMapHandle 1384 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a2c1eedc-42a8-4d4e-93c1-56291eeefe4f} 1200 "\\.\pipe\gecko-crash-server-pipe.1200" tab3⤵PID:4788
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5672 -childID 4 -isForBrowser -prefsHandle 1540 -prefMapHandle 1408 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {58b6782f-ed1f-4fd3-a5a0-3a98343089b4} 1200 "\\.\pipe\gecko-crash-server-pipe.1200" tab3⤵PID:3540
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5828 -childID 5 -isForBrowser -prefsHandle 5836 -prefMapHandle 5844 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b0225fd5-909e-42fb-af47-f1ead562fb7a} 1200 "\\.\pipe\gecko-crash-server-pipe.1200" tab3⤵PID:3684
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5696 -childID 6 -isForBrowser -prefsHandle 5704 -prefMapHandle 5708 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {94d28896-4440-4e72-be54-32b949750d55} 1200 "\\.\pipe\gecko-crash-server-pipe.1200" tab3⤵PID:220
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6068 -parentBuildID 20240401114208 -prefsHandle 6220 -prefMapHandle 5624 -prefsLen 32642 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e8af98c-24cf-4aed-9bf4-02249d925bb4} 1200 "\\.\pipe\gecko-crash-server-pipe.1200" rdd3⤵PID:5724
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5616 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 5588 -prefMapHandle 5628 -prefsLen 32642 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd125c3c-7598-4ba3-8b3a-d4e659291efb} 1200 "\\.\pipe\gecko-crash-server-pipe.1200" utility3⤵
- Checks processor information in registry
PID:5732
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5552 -childID 7 -isForBrowser -prefsHandle 6332 -prefMapHandle 5592 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {68aaad07-d5f5-46a9-b917-57943c669e0a} 1200 "\\.\pipe\gecko-crash-server-pipe.1200" tab3⤵PID:5928
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5988 -childID 8 -isForBrowser -prefsHandle 5688 -prefMapHandle 6036 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd6a8ecd-60ca-4a31-8f96-3dac481cae1f} 1200 "\\.\pipe\gecko-crash-server-pipe.1200" tab3⤵PID:5416
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5860 -childID 9 -isForBrowser -prefsHandle 6608 -prefMapHandle 6616 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1a6d836-0e11-4d0f-927b-b410443fc609} 1200 "\\.\pipe\gecko-crash-server-pipe.1200" tab3⤵PID:5436
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6808 -childID 10 -isForBrowser -prefsHandle 6636 -prefMapHandle 6640 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {37b54e92-b820-4a74-901e-7785017de243} 1200 "\\.\pipe\gecko-crash-server-pipe.1200" tab3⤵PID:5696
-
-
C:\Users\Admin\Downloads\VSCodeUserSetup-x64-1.96.3.exe"C:\Users\Admin\Downloads\VSCodeUserSetup-x64-1.96.3.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4880 -
C:\Users\Admin\AppData\Local\Temp\is-NR1FU.tmp\VSCodeUserSetup-x64-1.96.3.tmp"C:\Users\Admin\AppData\Local\Temp\is-NR1FU.tmp\VSCodeUserSetup-x64-1.96.3.tmp" /SL5="$B0264,103871940,828416,C:\Users\Admin\Downloads\VSCodeUserSetup-x64-1.96.3.exe"4⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5916 -
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "Get-WmiObject Win32_Process | Where-Object { $_.ExecutablePath -eq 'C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\bin\code-tunnel.exe' } | Select @{Name='Id'; Expression={$_.ProcessId}} | Stop-Process -Force"5⤵
- Command and Scripting Interpreter: PowerShell
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4944
-
-
C:\Windows\system32\icacls.exe"C:\Windows\system32\icacls.exe" "C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code" /inheritancelevel:r /grant:r "*S-1-5-18:(OI)(CI)F" /grant:r "*S-1-5-32-544:(OI)(CI)F" /grant:r "*S-1-5-11:(OI)(CI)RX" /grant:r "*S-1-5-32-545:(OI)(CI)RX" /grant:r "*S-1-3-0:(OI)(CI)F" /grant:r "Admin:(OI)(CI)F"5⤵
- Modifies file permissions
PID:3268
-
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe"C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe"5⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5364 -
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe"C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --gpu-preferences=UAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1816,i,7572927676434762253,4390245065614849917,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1808 /prefetch:26⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3268
-
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe"C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --field-trial-handle=2000,i,7572927676434762253,4390245065614849917,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1828 /prefetch:36⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4012
-
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe"C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --app-user-model-id=Microsoft.VisualStudioCode --app-path="C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app" --enable-sandbox --enable-blink-features=HighlightAPI --disable-blink-features=FontMatchingCTMigration,StandardizedBrowserZoom, --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --field-trial-handle=3320,i,7572927676434762253,4390245065614849917,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3316 --vscode-window-config=vscode:2d436cb0-1c2b-4f6b-8f62-9242d5c94014 /prefetch:16⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:2120
-
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe"C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=utility --utility-sub-type=node.mojom.NodeService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --field-trial-handle=3796,i,7572927676434762253,4390245065614849917,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3800 /prefetch:86⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:1760 -
\??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\bin\code-tunnel.exe"c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\bin\code-tunnel.exe" tunnel status7⤵
- Executes dropped EXE
PID:6252
-
-
\??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\vsce-sign\bin\vsce-sign.exe"c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\vsce-sign\bin\vsce-sign.exe" verify --package c:\Users\Admin\AppData\Roaming\Code\CachedExtensionVSIXs\ms-dotnettools.vscode-dotnet-runtime-2.2.5 --signaturearchive c:\Users\Admin\AppData\Roaming\Code\CachedExtensionVSIXs\ms-dotnettools.vscode-dotnet-runtime-2.2.5.sigzip7⤵
- Executes dropped EXE
- System Time Discovery
PID:6176
-
-
\??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\vsce-sign\bin\vsce-sign.exe"c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\vsce-sign\bin\vsce-sign.exe" verify --package c:\Users\Admin\AppData\Roaming\Code\CachedExtensionVSIXs\ms-toolsai.vscode-jupyter-cell-tags-0.1.9 --signaturearchive c:\Users\Admin\AppData\Roaming\Code\CachedExtensionVSIXs\ms-toolsai.vscode-jupyter-cell-tags-0.1.9.sigzip7⤵
- Executes dropped EXE
- Modifies system certificate store
PID:6884
-
-
\??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\vsce-sign\bin\vsce-sign.exe"c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\vsce-sign\bin\vsce-sign.exe" verify --package c:\Users\Admin\AppData\Roaming\Code\CachedExtensionVSIXs\ms-toolsai.jupyter-keymap-1.1.2 --signaturearchive c:\Users\Admin\AppData\Roaming\Code\CachedExtensionVSIXs\ms-toolsai.jupyter-keymap-1.1.2.sigzip7⤵
- Executes dropped EXE
PID:6988
-
-
\??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\vsce-sign\bin\vsce-sign.exe"c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\vsce-sign\bin\vsce-sign.exe" verify --package c:\Users\Admin\AppData\Roaming\Code\CachedExtensionVSIXs\ms-dotnettools.vscode-dotnet-pack-1.0.13 --signaturearchive c:\Users\Admin\AppData\Roaming\Code\CachedExtensionVSIXs\ms-dotnettools.vscode-dotnet-pack-1.0.13.sigzip7⤵
- Executes dropped EXE
PID:3256
-
-
\??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\vsce-sign\bin\vsce-sign.exe"c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\vsce-sign\bin\vsce-sign.exe" verify --package c:\Users\Admin\AppData\Roaming\Code\CachedExtensionVSIXs\ms-dotnettools.dotnet-interactive-vscode-1.0.5568010 --signaturearchive c:\Users\Admin\AppData\Roaming\Code\CachedExtensionVSIXs\ms-dotnettools.dotnet-interactive-vscode-1.0.5568010.sigzip7⤵
- Executes dropped EXE
PID:7160
-
-
\??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\vsce-sign\bin\vsce-sign.exe"c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\vsce-sign\bin\vsce-sign.exe" verify --package c:\Users\Admin\AppData\Roaming\Code\CachedExtensionVSIXs\ms-toolsai.vscode-jupyter-slideshow-0.1.6 --signaturearchive c:\Users\Admin\AppData\Roaming\Code\CachedExtensionVSIXs\ms-toolsai.vscode-jupyter-slideshow-0.1.6.sigzip7⤵
- Executes dropped EXE
PID:6568
-
-
\??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\vsce-sign\bin\vsce-sign.exe"c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\vsce-sign\bin\vsce-sign.exe" verify --package c:\Users\Admin\AppData\Roaming\Code\CachedExtensionVSIXs\ms-toolsai.jupyter-renderers-1.0.21 --signaturearchive c:\Users\Admin\AppData\Roaming\Code\CachedExtensionVSIXs\ms-toolsai.jupyter-renderers-1.0.21.sigzip7⤵
- Executes dropped EXE
PID:4036
-
-
\??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\vsce-sign\bin\vsce-sign.exe"c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\vsce-sign\bin\vsce-sign.exe" verify --package c:\Users\Admin\AppData\Roaming\Code\CachedExtensionVSIXs\ms-toolsai.jupyter-2024.11.0-win32-x64 --signaturearchive c:\Users\Admin\AppData\Roaming\Code\CachedExtensionVSIXs\ms-toolsai.jupyter-2024.11.0-win32-x64.sigzip7⤵
- Executes dropped EXE
PID:2800
-
-
\??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\vsce-sign\bin\vsce-sign.exe"c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\vsce-sign\bin\vsce-sign.exe" verify --package c:\Users\Admin\AppData\Roaming\Code\CachedExtensionVSIXs\ionide.ionide-fsharp-7.22.0 --signaturearchive c:\Users\Admin\AppData\Roaming\Code\CachedExtensionVSIXs\ionide.ionide-fsharp-7.22.0.sigzip7⤵
- Executes dropped EXE
- Network Service Discovery
PID:5348
-
-
\??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\vsce-sign\bin\vsce-sign.exe"c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\vsce-sign\bin\vsce-sign.exe" verify --package c:\Users\Admin\AppData\Roaming\Code\CachedExtensionVSIXs\ms-dotnettools.csharp-2.61.28-win32-x64 --signaturearchive c:\Users\Admin\AppData\Roaming\Code\CachedExtensionVSIXs\ms-dotnettools.csharp-2.61.28-win32-x64.sigzip7⤵
- Executes dropped EXE
- Network Service Discovery
PID:7368
-
-
\??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\vsce-sign\bin\vsce-sign.exe"c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\vsce-sign\bin\vsce-sign.exe" verify --package c:\Users\Admin\AppData\Roaming\Code\CachedExtensionVSIXs\ms-dotnettools.csdevkit-1.15.34-win32-x64 --signaturearchive c:\Users\Admin\AppData\Roaming\Code\CachedExtensionVSIXs\ms-dotnettools.csdevkit-1.15.34-win32-x64.sigzip7⤵
- Executes dropped EXE
PID:11828
-
-
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe"C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=utility --utility-sub-type=node.mojom.NodeService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --field-trial-handle=3828,i,7572927676434762253,4390245065614849917,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3820 /prefetch:86⤵
- Executes dropped EXE
- Loads dropped DLL
PID:6028
-
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe"C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=utility --utility-sub-type=node.mojom.NodeService --lang=en-US --service-sandbox-type=none --dns-result-order=ipv4first --inspect-port=0 --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --field-trial-handle=3924,i,7572927676434762253,4390245065614849917,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3904 /prefetch:86⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:4332 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "dotnet --info"7⤵PID:8920
-
C:\Program Files\dotnet\dotnet.exedotnet --info8⤵PID:9128
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "dotnet --list-runtimes"7⤵
- System Time Discovery
PID:8980 -
C:\Program Files\dotnet\dotnet.exedotnet --list-runtimes8⤵
- System Time Discovery
PID:9084
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "echo %PATH%"7⤵PID:9072
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 9072 /f /t7⤵PID:9060
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "where where"7⤵PID:11236
-
C:\Windows\system32\where.exewhere where8⤵PID:9116
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 11236 /f /t7⤵PID:12052
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "where dotnet"7⤵PID:12056
-
C:\Windows\system32\where.exewhere dotnet8⤵PID:3404
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 12056 /f /t7⤵PID:2272
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001"7⤵PID:8960
-
C:\Windows\system32\chcp.comchcp 650018⤵PID:7900
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 8960 /f /t7⤵
- Kills process with taskkill
PID:8104
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001 | "C:\Program Files\dotnet\dotnet.exe" --list-runtimes"7⤵
- System Time Discovery
PID:8176 -
C:\Windows\system32\chcp.comchcp 650018⤵PID:7588
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --list-runtimes8⤵
- System Time Discovery
PID:7576
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 8176 /f /t7⤵PID:8188
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001"7⤵PID:6172
-
C:\Windows\system32\chcp.comchcp 650018⤵PID:9740
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 6172 /f /t7⤵
- Kills process with taskkill
PID:9748
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001 | "C:\Program Files\dotnet\dotnet.exe" --list-runtimes"7⤵
- System Time Discovery
PID:9744 -
C:\Windows\system32\chcp.comchcp 650018⤵PID:9692
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --list-runtimes8⤵PID:9532
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 9744 /f /t7⤵
- Kills process with taskkill
PID:2836
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Program Files\dotnet\dotnet.exe" --info"7⤵PID:7268
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --info8⤵PID:9888
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 7268 /f /t7⤵
- Kills process with taskkill
PID:9932
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001"7⤵PID:9940
-
C:\Windows\system32\chcp.comchcp 650018⤵PID:10036
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 9940 /f /t7⤵PID:9908
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001 | "C:\Program Files\dotnet\dotnet.exe" --list-sdks"7⤵PID:10056
-
C:\Windows\system32\chcp.comchcp 650018⤵PID:10088
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --list-sdks8⤵PID:10064
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 10056 /f /t7⤵
- Kills process with taskkill
PID:10112
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "echo %PATH%"7⤵PID:10156
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 10156 /f /t7⤵
- Kills process with taskkill
PID:10208
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "where where"7⤵PID:10168
-
C:\Windows\system32\where.exewhere where8⤵PID:10932
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 10168 /f /t7⤵
- Kills process with taskkill
PID:11036
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "where dotnet"7⤵PID:10956
-
C:\Windows\system32\where.exewhere dotnet8⤵PID:11000
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 10956 /f /t7⤵PID:5356
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001"7⤵PID:7204
-
C:\Windows\system32\chcp.comchcp 650018⤵PID:7292
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 7204 /f /t7⤵PID:7784
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001 | "C:\Program Files\dotnet\dotnet.exe" --list-runtimes"7⤵
- System Time Discovery
PID:7624 -
C:\Windows\system32\chcp.comchcp 650018⤵PID:2844
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --list-runtimes8⤵
- System Time Discovery
PID:7248
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 7624 /f /t7⤵
- Kills process with taskkill
PID:6460
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001"7⤵PID:7344
-
C:\Windows\system32\chcp.comchcp 650018⤵PID:7400
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 7344 /f /t7⤵PID:8424
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001 | "C:\Program Files\dotnet\dotnet.exe" --list-runtimes"7⤵
- System Time Discovery
PID:8432 -
C:\Windows\system32\chcp.comchcp 650018⤵PID:8032
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --list-runtimes8⤵PID:8808
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 8432 /f /t7⤵
- Kills process with taskkill
PID:8368
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001"7⤵PID:7076
-
C:\Windows\system32\chcp.comchcp 650018⤵PID:8496
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 7076 /f /t7⤵PID:11292
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001 | "C:\Program Files\dotnet\dotnet.exe" --list-runtimes"7⤵PID:4800
-
C:\Windows\system32\chcp.comchcp 650018⤵PID:11712
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --list-runtimes8⤵PID:6552
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 4800 /f /t7⤵PID:5488
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Program Files\dotnet\dotnet.exe" --info"7⤵PID:8200
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --info8⤵PID:11772
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 8200 /f /t7⤵
- Kills process with taskkill
PID:11936
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001"7⤵PID:11944
-
C:\Windows\system32\chcp.comchcp 650018⤵PID:11804
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 11944 /f /t7⤵PID:11996
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001 | "C:\Program Files\dotnet\dotnet.exe" --list-sdks"7⤵PID:11832
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV18⤵PID:11828
-
-
C:\Windows\system32\chcp.comchcp 650018⤵PID:12172
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --list-sdks8⤵PID:11916
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 11832 /f /t7⤵PID:11892
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\dotnet\Setup\InstalledVersions\x64\sharedhost /v Path"7⤵PID:11880
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\dotnet\Setup\InstalledVersions\x64\sharedhost /v Path8⤵PID:2112
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 11880 /f /t7⤵
- Kills process with taskkill
PID:6820
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001"7⤵PID:5248
-
C:\Windows\system32\chcp.comchcp 650018⤵PID:1444
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 5248 /f /t7⤵PID:9600
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001 | "C:\Program Files\dotnet\dotnet.exe" --list-runtimes"7⤵
- System Time Discovery
PID:4440 -
C:\Windows\system32\chcp.comchcp 650018⤵PID:3916
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --list-runtimes8⤵
- System Time Discovery
PID:8508
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 4440 /f /t7⤵
- Kills process with taskkill
PID:2632
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001"7⤵PID:11148
-
C:\Windows\system32\chcp.comchcp 650018⤵PID:4368
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 11148 /f /t7⤵
- Kills process with taskkill
PID:10492
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001 | "C:\Program Files\dotnet\dotnet.exe" --list-runtimes"7⤵
- System Time Discovery
PID:10484 -
C:\Windows\system32\chcp.comchcp 650018⤵PID:1892
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --list-runtimes8⤵
- System Time Discovery
PID:10732
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 10484 /f /t7⤵
- Kills process with taskkill
PID:10788
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Program Files\dotnet\dotnet.exe" --info"7⤵PID:10784
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --info8⤵PID:1244
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 10784 /f /t7⤵PID:10736
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001"7⤵PID:10560
-
C:\Windows\system32\chcp.comchcp 650018⤵PID:6712
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 10560 /f /t7⤵PID:8080
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001 | "C:\Program Files\dotnet\dotnet.exe" --list-sdks"7⤵PID:3012
-
C:\Windows\system32\chcp.comchcp 650018⤵PID:10688
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --list-sdks8⤵PID:5832
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 3012 /f /t7⤵
- Kills process with taskkill
PID:5328
-
-
C:\Windows\system32\reg.exeC:\Windows\system32\reg.exe query "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings"7⤵PID:2228
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "echo %PATH%"7⤵PID:5620
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 5620 /f /t7⤵PID:10852
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "where where"7⤵PID:10716
-
C:\Windows\system32\where.exewhere where8⤵PID:2092
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 10716 /f /t7⤵PID:7452
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "where dotnet"7⤵PID:5640
-
C:\Windows\system32\where.exewhere dotnet8⤵PID:4480
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 5640 /f /t7⤵PID:6232
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001"7⤵PID:12008
-
C:\Windows\system32\chcp.comchcp 650018⤵PID:10280
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 12008 /f /t7⤵
- Kills process with taskkill
PID:10460
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001 | "C:\Program Files\dotnet\dotnet.exe" --list-runtimes"7⤵
- System Time Discovery
PID:10452 -
C:\Windows\system32\chcp.comchcp 650018⤵PID:6412
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --list-runtimes8⤵
- System Time Discovery
PID:7912
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 10452 /f /t7⤵PID:7932
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001"7⤵PID:7940
-
C:\Windows\system32\chcp.comchcp 650018⤵PID:9300
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 7940 /f /t7⤵PID:8772
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001 | "C:\Program Files\dotnet\dotnet.exe" --list-runtimes"7⤵
- System Time Discovery
PID:8676 -
C:\Windows\system32\chcp.comchcp 650018⤵PID:11192
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --list-runtimes8⤵PID:11204
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 8676 /f /t7⤵PID:6560
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Program Files\dotnet\dotnet.exe" --info"7⤵PID:4880
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --info8⤵PID:6176
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 4880 /f /t7⤵
- Kills process with taskkill
PID:6932
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001"7⤵PID:6968
-
C:\Windows\system32\chcp.comchcp 650018⤵PID:8748
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 6968 /f /t7⤵
- Kills process with taskkill
PID:6616
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001 | "C:\Program Files\dotnet\dotnet.exe" --list-sdks"7⤵PID:7092
-
C:\Windows\system32\chcp.comchcp 650018⤵PID:7068
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --list-sdks8⤵PID:6800
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 7092 /f /t7⤵PID:6788
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "echo %PATH%"7⤵PID:6364
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 6364 /f /t7⤵PID:7340
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "where where"7⤵PID:1416
-
C:\Windows\system32\where.exewhere where8⤵PID:5384
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 1416 /f /t7⤵PID:6732
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "where dotnet"7⤵PID:6624
-
C:\Windows\system32\where.exewhere dotnet8⤵PID:11248
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 6624 /f /t7⤵PID:7672
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001"7⤵PID:7664
-
C:\Windows\system32\chcp.comchcp 650018⤵PID:9008
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 7664 /f /t7⤵
- Kills process with taskkill
PID:8864 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV18⤵PID:8848
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001 | "C:\Program Files\dotnet\dotnet.exe" --list-runtimes"7⤵
- System Time Discovery
PID:8888 -
C:\Windows\system32\chcp.comchcp 650018⤵PID:8892
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --list-runtimes8⤵
- System Time Discovery
PID:8972
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 8888 /f /t7⤵PID:9132
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001"7⤵PID:9056
-
C:\Windows\system32\chcp.comchcp 650018⤵PID:7820
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 9056 /f /t7⤵PID:9116
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001 | "C:\Program Files\dotnet\dotnet.exe" --list-runtimes"7⤵
- System Time Discovery
PID:9544 -
C:\Windows\system32\chcp.comchcp 650018⤵PID:12040
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --list-runtimes8⤵
- System Time Discovery
PID:12024
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 9544 /f /t7⤵
- Kills process with taskkill
PID:12060
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001"7⤵PID:4824
-
C:\Windows\system32\chcp.comchcp 650018⤵PID:8124
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 4824 /f /t7⤵PID:8960
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001 | "C:\Program Files\dotnet\dotnet.exe" --list-runtimes"7⤵PID:8660
-
C:\Windows\system32\chcp.comchcp 650018⤵PID:9584
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --list-runtimes8⤵
- System Time Discovery
PID:6308
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 8660 /f /t7⤵PID:6384
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Program Files\dotnet\dotnet.exe" --info"7⤵PID:7576
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --info8⤵PID:9244
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 7576 /f /t7⤵PID:7040
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001"7⤵PID:9704
-
C:\Windows\system32\chcp.comchcp 650018⤵PID:9804
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 9704 /f /t7⤵
- Kills process with taskkill
PID:9780
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001 | "C:\Program Files\dotnet\dotnet.exe" --list-sdks"7⤵PID:7948
-
C:\Windows\system32\chcp.comchcp 650018⤵PID:9892
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --list-sdks8⤵PID:9916
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 7948 /f /t7⤵
- Kills process with taskkill
PID:9852
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\dotnet\Setup\InstalledVersions\x64\sharedhost /v Path"7⤵PID:9924
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\dotnet\Setup\InstalledVersions\x64\sharedhost /v Path8⤵PID:9952
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 9924 /f /t7⤵PID:10004
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001"7⤵PID:10020
-
C:\Windows\system32\chcp.comchcp 650018⤵PID:9968
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 10020 /f /t7⤵PID:10000
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001 | "C:\Program Files\dotnet\dotnet.exe" --list-runtimes"7⤵
- System Time Discovery
PID:9996 -
C:\Windows\system32\chcp.comchcp 650018⤵PID:1108
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --list-runtimes8⤵
- System Time Discovery
PID:1112
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 9996 /f /t7⤵
- Kills process with taskkill
PID:10220
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001"7⤵PID:10224
-
C:\Windows\system32\chcp.comchcp 650018⤵PID:10928
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 10224 /f /t7⤵PID:5872
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001 | "C:\Program Files\dotnet\dotnet.exe" --list-runtimes"7⤵PID:10936
-
C:\Windows\system32\chcp.comchcp 650018⤵PID:10952
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --list-runtimes8⤵
- System Time Discovery
PID:11008
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 10936 /f /t7⤵
- Kills process with taskkill
PID:10968
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Program Files\dotnet\dotnet.exe" --info"7⤵PID:5988
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --info8⤵PID:7608
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 5988 /f /t7⤵PID:7172
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001"7⤵PID:7276
-
C:\Windows\system32\chcp.comchcp 650018⤵PID:7324
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 7276 /f /t7⤵PID:7720
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001 | "C:\Program Files\dotnet\dotnet.exe" --list-sdks"7⤵PID:7260
-
C:\Windows\system32\chcp.comchcp 650018⤵PID:7392
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --list-sdks8⤵PID:7344
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 7260 /f /t7⤵
- Kills process with taskkill
PID:8256
-
-
C:\Windows\system32\reg.exeC:\Windows\system32\reg.exe query "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings"7⤵PID:8268
-
-
C:\Windows\system32\reg.exeC:\Windows\system32\reg.exe query "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings"7⤵PID:8736
-
-
C:\Windows\system32\reg.exeC:\Windows\system32\reg.exe query "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings"7⤵PID:11984
-
-
C:\Windows\system32\reg.exeC:\Windows\system32\reg.exe query "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings"7⤵PID:11960
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "powershell.exe"7⤵PID:11816
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe8⤵
- Suspicious behavior: EnumeratesProcesses
PID:12184
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 11816 /f /t7⤵PID:12216
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "powershell.exe -command $ExecutionContext.SessionState.LanguageMode"7⤵PID:12132
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command $ExecutionContext.SessionState.LanguageMode8⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
PID:12228
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "powershell.exe -NoProfile -NonInteractive -NoLogo -ExecutionPolicy unrestricted -Command "& { [Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor [Net.SecurityProtocolType]::Tls12; & 'c:\Users\Admin\.vscode\extensions\ms-dotnettools.vscode-dotnet-runtime-2.2.5\dist\install scripts\dotnet-install.ps1' -InstallDir 'c:\Users\Admin\AppData\Roaming\Code\User\globalStorage\ms-dotnettools.vscode-dotnet-runtime\.dotnet\8.0.12~x64' -Version 8.0.12 -Verbose -Runtime dotnet -Architecture x64 }""7⤵
- System Time Discovery
PID:9428 -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -NoProfile -NonInteractive -NoLogo -ExecutionPolicy unrestricted -Command "& { [Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor [Net.SecurityProtocolType]::Tls12; & 'c:\Users\Admin\.vscode\extensions\ms-dotnettools.vscode-dotnet-runtime-2.2.5\dist\install scripts\dotnet-install.ps1' -InstallDir 'c:\Users\Admin\AppData\Roaming\Code\User\globalStorage\ms-dotnettools.vscode-dotnet-runtime\.dotnet\8.0.12~x64' -Version 8.0.12 -Verbose -Runtime dotnet -Architecture x64 }"8⤵
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
- System Time Discovery
- Suspicious behavior: EnumeratesProcesses
PID:10484
-
-
-
\??\c:\Users\Admin\.vscode\extensions\ms-dotnettools.csharp-2.61.28-win32-x64\.roslyn\Microsoft.CodeAnalysis.LanguageServer.exec:\Users\Admin\.vscode\extensions\ms-dotnettools.csharp-2.61.28-win32-x64\.roslyn\Microsoft.CodeAnalysis.LanguageServer.exe --logLevel Information --razorSourceGenerator c:\Users\Admin\.vscode\extensions\ms-dotnettools.csharp-2.61.28-win32-x64\.razor\Microsoft.CodeAnalysis.Razor.Compiler.dll --razorDesignTimePath c:\Users\Admin\.vscode\extensions\ms-dotnettools.csharp-2.61.28-win32-x64\.razor\Targets\Microsoft.NET.Sdk.Razor.DesignTime.targets --devKitDependencyPath c:\Users\Admin\.vscode\extensions\ms-dotnettools.csharp-2.61.28-win32-x64\.roslynDevKit\Microsoft.VisualStudio.LanguageServices.DevKit.dll --sessionId 3646b101-cc8a-4644-9088-c7e64f0364ab1737053303318 --extension c:\Users\Admin\.vscode\extensions\ms-dotnettools.csharp-2.61.28-win32-x64\.xamlTools\Microsoft.VisualStudio.DesignTools.CodeAnalysis.dll --extension c:\Users\Admin\.vscode\extensions\ms-dotnettools.csharp-2.61.28-win32-x64\.xamlTools\Microsoft.VisualStudio.DesignTools.CodeAnalysis.Diagnostics.dll --telemetryLevel all --extensionLogDirectory c:\Users\Admin\AppData\Roaming\Code\logs\20250116T184821\window1\exthost\ms-dotnettools.csharp7⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Network Service Discovery
- System Location Discovery: System Language Discovery
- Checks processor information in registry
PID:9868 -
C:\Windows\SYSTEM32\getmac.exe"getmac"8⤵PID:9968
-
-
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe"C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" "c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\extensions\json-language-features\server\dist\node\jsonServerMain" --node-ipc --clientProcessId=43327⤵
- Executes dropped EXE
PID:1576
-
-
C:\Program Files\dotnet\dotnet.exedotnet --info7⤵PID:10860
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "wsl.exe -l -q"6⤵PID:5356
-
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe"C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --app-user-model-id=Microsoft.VisualStudioCode --app-path="C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app" --enable-sandbox --enable-blink-features=HighlightAPI --disable-blink-features=FontMatchingCTMigration,StandardizedBrowserZoom, --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4072,i,7572927676434762253,4390245065614849917,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=4080 --vscode-window-config=vscode:2d436cb0-1c2b-4f6b-8f62-9242d5c94014 /prefetch:16⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:3856
-
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe"C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --app-user-model-id=Microsoft.VisualStudioCode --app-path="C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app" --enable-sandbox --enable-blink-features=HighlightAPI --disable-blink-features=FontMatchingCTMigration,StandardizedBrowserZoom, --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4412,i,7572927676434762253,4390245065614849917,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=4416 --vscode-window-config=vscode:2d436cb0-1c2b-4f6b-8f62-9242d5c94014 /prefetch:16⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:6276
-
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe"C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --app-user-model-id=Microsoft.VisualStudioCode --app-path="C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app" --enable-sandbox --enable-blink-features=HighlightAPI --disable-blink-features=FontMatchingCTMigration,StandardizedBrowserZoom, --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4008,i,7572927676434762253,4390245065614849917,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3888 --vscode-window-config=vscode:2d436cb0-1c2b-4f6b-8f62-9242d5c94014 /prefetch:16⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:7068
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "wsl.exe -l -q"6⤵PID:6332
-
C:\Windows\system32\wsl.exewsl.exe -l -q7⤵PID:6636
-
-
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe"C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --app-user-model-id=Microsoft.VisualStudioCode --app-path="C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app" --enable-sandbox --enable-blink-features=HighlightAPI --disable-blink-features=FontMatchingCTMigration,StandardizedBrowserZoom, --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4048,i,7572927676434762253,4390245065614849917,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=4108 --vscode-window-config=vscode:2d436cb0-1c2b-4f6b-8f62-9242d5c94014 /prefetch:16⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:6676
-
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe"C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --app-user-model-id=Microsoft.VisualStudioCode --app-path="C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app" --enable-sandbox --enable-blink-features=HighlightAPI --disable-blink-features=FontMatchingCTMigration,StandardizedBrowserZoom, --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4000,i,7572927676434762253,4390245065614849917,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3984 --vscode-window-config=vscode:2d436cb0-1c2b-4f6b-8f62-9242d5c94014 /prefetch:16⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:6712
-
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe"C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --gpu-preferences=UAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=4108,i,7572927676434762253,4390245065614849917,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=4528 /prefetch:86⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:10648
-
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe"C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --app-user-model-id=Microsoft.VisualStudioCode --app-path="C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app" --enable-sandbox --enable-blink-features=HighlightAPI --disable-blink-features=FontMatchingCTMigration,StandardizedBrowserZoom, --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3976,i,7572927676434762253,4390245065614849917,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=4444 --vscode-window-config=vscode:2d436cb0-1c2b-4f6b-8f62-9242d5c94014 /prefetch:16⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:10716
-
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe"C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --app-user-model-id=Microsoft.VisualStudioCode --app-path="C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app" --enable-sandbox --enable-blink-features=HighlightAPI --disable-blink-features=FontMatchingCTMigration,StandardizedBrowserZoom, --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4912,i,7572927676434762253,4390245065614849917,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=4908 --vscode-window-config=vscode:2d436cb0-1c2b-4f6b-8f62-9242d5c94014 /prefetch:16⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:10552
-
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe"C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --app-user-model-id=Microsoft.VisualStudioCode --app-path="C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app" --enable-sandbox --enable-blink-features=HighlightAPI --disable-blink-features=FontMatchingCTMigration,StandardizedBrowserZoom, --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4444,i,7572927676434762253,4390245065614849917,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=4640 --vscode-window-config=vscode:2d436cb0-1c2b-4f6b-8f62-9242d5c94014 /prefetch:16⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:10344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://marketplace.visualstudio.com/items?itemName=ms-dotnettools.csdevkit6⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:8120 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffb70be46f8,0x7ffb70be4708,0x7ffb70be47187⤵PID:7880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,17525615422706978323,14299705920869106469,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:27⤵PID:7924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,17525615422706978323,14299705920869106469,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:37⤵
- Suspicious behavior: EnumeratesProcesses
PID:7916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,17525615422706978323,14299705920869106469,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:87⤵PID:9552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17525615422706978323,14299705920869106469,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3748 /prefetch:17⤵PID:8780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17525615422706978323,14299705920869106469,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3756 /prefetch:17⤵PID:8672
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "wsl.exe -l -q"6⤵PID:10116
-
C:\Windows\system32\wsl.exewsl.exe -l -q7⤵PID:10208
-
-
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe"C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --app-user-model-id=Microsoft.VisualStudioCode --app-path="C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app" --enable-sandbox --enable-blink-features=HighlightAPI --disable-blink-features=FontMatchingCTMigration,StandardizedBrowserZoom, --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4560,i,7572927676434762253,4390245065614849917,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=4460 --vscode-window-config=vscode:2d436cb0-1c2b-4f6b-8f62-9242d5c94014 /prefetch:16⤵
- Executes dropped EXE
- Loads dropped DLL
PID:10996
-
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe"C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --app-user-model-id=Microsoft.VisualStudioCode --app-path="C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app" --enable-sandbox --enable-blink-features=HighlightAPI --disable-blink-features=FontMatchingCTMigration,StandardizedBrowserZoom, --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5044,i,7572927676434762253,4390245065614849917,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=4448 --vscode-window-config=vscode:2d436cb0-1c2b-4f6b-8f62-9242d5c94014 /prefetch:16⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:10976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://marketplace.visualstudio.com/_apis/public/gallery/publishers/ms-dotnettools/vsextensions/vscode-dotnet-pack/1.0.13/vspackage6⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:6452 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffb70be46f8,0x7ffb70be4708,0x7ffb70be47187⤵PID:7368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,12594766186304029984,8215065265703533909,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:27⤵PID:8448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,12594766186304029984,8215065265703533909,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:37⤵
- Suspicious behavior: EnumeratesProcesses
PID:8480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,12594766186304029984,8215065265703533909,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3040 /prefetch:87⤵PID:8684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,12594766186304029984,8215065265703533909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:17⤵PID:8736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,12594766186304029984,8215065265703533909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:17⤵PID:9228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,12594766186304029984,8215065265703533909,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:87⤵PID:11296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,12594766186304029984,8215065265703533909,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:87⤵
- Suspicious behavior: EnumeratesProcesses
PID:11420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2216,12594766186304029984,8215065265703533909,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5756 /prefetch:87⤵PID:11520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,12594766186304029984,8215065265703533909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:17⤵PID:11528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,12594766186304029984,8215065265703533909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:17⤵PID:1492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,12594766186304029984,8215065265703533909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:17⤵PID:5148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,12594766186304029984,8215065265703533909,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:17⤵PID:3664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,12594766186304029984,8215065265703533909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4424 /prefetch:17⤵PID:6956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,12594766186304029984,8215065265703533909,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:17⤵PID:6980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2216,12594766186304029984,8215065265703533909,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:87⤵
- Suspicious behavior: EnumeratesProcesses
PID:12100
-
-
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe"C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --app-user-model-id=Microsoft.VisualStudioCode --app-path="C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app" --enable-sandbox --enable-blink-features=HighlightAPI --disable-blink-features=FontMatchingCTMigration,StandardizedBrowserZoom, --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=4988,i,7572927676434762253,4390245065614849917,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=5024 --vscode-window-config=vscode:2d436cb0-1c2b-4f6b-8f62-9242d5c94014 /prefetch:16⤵
- Executes dropped EXE
PID:7680
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "wsl.exe -l -q"6⤵PID:8888
-
C:\Windows\system32\wsl.exewsl.exe -l -q7⤵PID:8848
-
-
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe"C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --app-user-model-id=Microsoft.VisualStudioCode --app-path="C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app" --enable-sandbox --enable-blink-features=HighlightAPI --disable-blink-features=FontMatchingCTMigration,StandardizedBrowserZoom, --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=4608,i,7572927676434762253,4390245065614849917,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=4676 --vscode-window-config=vscode:2d436cb0-1c2b-4f6b-8f62-9242d5c94014 /prefetch:16⤵
- Checks computer location settings
- Executes dropped EXE
PID:10276
-
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe"C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=utility --utility-sub-type=node.mojom.NodeService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --field-trial-handle=5004,i,7572927676434762253,4390245065614849917,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=4736 /prefetch:86⤵
- Executes dropped EXE
PID:11056
-
-
-
-
-
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:11168
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:188
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:10536
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:9460
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:7076
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:6352 -
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe"C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" "C:\Users\Admin\Downloads\ms-dotnettools.vscode-dotnet-pack-1.0.13.vsix"2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:2148 -
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe"C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\Code /prefetch:4 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\Code\Crashpad --url=appcenter://code?aid=a4e3233c-699c-46ec-b4f4-9c2a77254662&uid=ef6f41dd-eeff-4493-850f-f698dd9de73c&iid=ef6f41dd-eeff-4493-850f-f698dd9de73c&sid=ef6f41dd-eeff-4493-850f-f698dd9de73c --annotation=_companyName=Microsoft --annotation=_productName=VSCode --annotation=_version=1.96.3 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=32.2.6 --initial-client-data=0x48c,0x490,0x494,0x488,0x498,0x7ff7a38060b8,0x7ff7a38060c4,0x7ff7a38060d03⤵
- Executes dropped EXE
- Loads dropped DLL
PID:12244
-
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe"C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --gpu-preferences=UAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1832,i,2210030981294759295,11176676617823758961,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1824 /prefetch:23⤵
- Executes dropped EXE
- Loads dropped DLL
PID:10700
-
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe"C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --field-trial-handle=2360,i,2210030981294759295,11176676617823758961,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2356 /prefetch:33⤵
- Executes dropped EXE
- Loads dropped DLL
PID:10720
-
-
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe"C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" "C:\Users\Admin\Desktop\Fableborne-Crypto-Bot-Crypto-Game-Auto-Farm-Clicker-Cheat-Token-Hack-Api-fableborne\Fableborne-Robot.sln"1⤵
- Checks computer location settings
- Executes dropped EXE
- Drops file in Windows directory
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:9600 -
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe"C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\Code /prefetch:4 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\Code\Crashpad --url=appcenter://code?aid=a4e3233c-699c-46ec-b4f4-9c2a77254662&uid=ef6f41dd-eeff-4493-850f-f698dd9de73c&iid=ef6f41dd-eeff-4493-850f-f698dd9de73c&sid=ef6f41dd-eeff-4493-850f-f698dd9de73c --annotation=_companyName=Microsoft --annotation=_productName=VSCode --annotation=_version=1.96.3 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=32.2.6 --initial-client-data=0x474,0x478,0x47c,0x470,0x480,0x7ff7a38060b8,0x7ff7a38060c4,0x7ff7a38060d02⤵
- Executes dropped EXE
PID:7380
-
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe"C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --gpu-preferences=UAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1848,i,1042497478286513560,8234979831247775611,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1836 /prefetch:22⤵
- Executes dropped EXE
PID:8220
-
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe"C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --field-trial-handle=2364,i,1042497478286513560,8234979831247775611,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2360 /prefetch:32⤵
- Executes dropped EXE
PID:8428
-
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe"C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --app-user-model-id=Microsoft.VisualStudioCode --app-path="C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app" --enable-sandbox --enable-blink-features=HighlightAPI --disable-blink-features=FontMatchingCTMigration,StandardizedBrowserZoom, --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --field-trial-handle=3184,i,1042497478286513560,8234979831247775611,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3180 --vscode-window-config=vscode:1b32411e-8e39-4e46-9049-ed4722a54b49 /prefetch:12⤵
- Checks computer location settings
- Executes dropped EXE
PID:6556
-
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe"C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=utility --utility-sub-type=node.mojom.NodeService --lang=en-US --service-sandbox-type=none --dns-result-order=ipv4first --inspect-port=0 --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --field-trial-handle=2640,i,1042497478286513560,8234979831247775611,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2652 /prefetch:82⤵
- Checks computer location settings
- Executes dropped EXE
PID:11940
-
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe"C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=utility --utility-sub-type=node.mojom.NodeService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --field-trial-handle=3900,i,1042497478286513560,8234979831247775611,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3852 /prefetch:82⤵
- Checks computer location settings
- Executes dropped EXE
PID:8736 -
\??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\bin\code-tunnel.exe"c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\bin\code-tunnel.exe" tunnel status3⤵
- Executes dropped EXE
PID:3228
-
-
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe"C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=utility --utility-sub-type=node.mojom.NodeService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --field-trial-handle=3952,i,1042497478286513560,8234979831247775611,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3948 /prefetch:82⤵
- Executes dropped EXE
PID:11604
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "wsl.exe -l -q"2⤵PID:2668
-
C:\Windows\system32\wsl.exewsl.exe -l -q3⤵PID:8504
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "wsl.exe -l -q"2⤵PID:2092
-
C:\Windows\system32\wsl.exewsl.exe -l -q3⤵PID:1420
-
-
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe"C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=utility --utility-sub-type=node.mojom.NodeService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --field-trial-handle=3820,i,1042497478286513560,8234979831247775611,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3848 /prefetch:82⤵
- Executes dropped EXE
PID:7600
-
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe"C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=utility --utility-sub-type=node.mojom.NodeService --lang=en-US --service-sandbox-type=none --dns-result-order=ipv4first --inspect-port=0 --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --field-trial-handle=4008,i,1042497478286513560,8234979831247775611,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3856 /prefetch:82⤵
- Checks computer location settings
- Executes dropped EXE
PID:1916 -
\??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\ripgrep\bin\rg.exe"c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\ripgrep\bin\rg.exe" --files --hidden --case-sensitive --no-require-git -g **/*.fs -g **/*.fsproj -g **/*.fsx -g **/*.sln -g !**/.git -g !**/.svn -g !**/.hg -g !**/CVS -g !**/.DS_Store -g !**/Thumbs.db -g !**/node_modules -g !**/bower_components -g !**/*.code-search --no-ignore-parent --follow --quiet --no-config --no-ignore-global3⤵
- Executes dropped EXE
PID:11480
-
-
\??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\ripgrep\bin\rg.exe"c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\ripgrep\bin\rg.exe" --files --hidden --case-sensitive --no-require-git -g **/*.csproj -g !**/.git -g !**/.svn -g !**/.hg -g !**/CVS -g !**/.DS_Store -g !**/Thumbs.db -g !**/node_modules -g !**/bower_components -g !**/*.code-search --no-ignore-parent --follow --quiet --no-config --no-ignore-global3⤵
- Executes dropped EXE
PID:9260
-
-
\??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\ripgrep\bin\rg.exe"c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\ripgrep\bin\rg.exe" --files --hidden --case-sensitive --no-require-git -g **/*.{csproj,csx,cake} -g !**/.git -g !**/.svn -g !**/.hg -g !**/CVS -g !**/.DS_Store -g !**/Thumbs.db -g !**/node_modules -g !**/bower_components -g !**/*.code-search --no-ignore-parent --follow --quiet --no-config --no-ignore-global3⤵
- Executes dropped EXE
PID:9380
-
-
C:\Windows\system32\cmd.execmd /C where dotnet3⤵PID:8324
-
C:\Windows\system32\where.exewhere dotnet4⤵PID:8468
-
-
-
C:\Windows\system32\cmd.execmd /C where dotnet3⤵PID:9208
-
C:\Windows\system32\where.exewhere dotnet4⤵PID:8068
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "echo %PATH%"3⤵PID:6492
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 6492 /f /t3⤵PID:12256
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "where where"3⤵PID:11340
-
C:\Windows\system32\where.exewhere where4⤵PID:1264
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 11340 /f /t3⤵PID:7016
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "where dotnet"3⤵PID:6864
-
C:\Windows\system32\where.exewhere dotnet4⤵PID:6636
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 6864 /f /t3⤵PID:7104
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001"3⤵PID:6724
-
C:\Windows\system32\chcp.comchcp 650014⤵PID:6800
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 6724 /f /t3⤵PID:6740
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001 | "C:\Program Files\dotnet\dotnet.exe" --list-runtimes"3⤵
- System Time Discovery
PID:2052 -
C:\Windows\system32\chcp.comchcp 650014⤵PID:8520
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --list-runtimes4⤵PID:1176
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 2052 /f /t3⤵
- Kills process with taskkill
PID:6920
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001"3⤵PID:7116
-
C:\Windows\system32\chcp.comchcp 650014⤵PID:8668
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 7116 /f /t3⤵PID:6124
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001 | "C:\Program Files\dotnet\dotnet.exe" --list-runtimes"3⤵
- System Time Discovery
PID:6816 -
C:\Windows\system32\chcp.comchcp 650014⤵PID:6700
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --list-runtimes4⤵
- System Time Discovery
PID:11212
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 6816 /f /t3⤵
- Kills process with taskkill
PID:11224
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Program Files\dotnet\dotnet.exe" --info"3⤵PID:11208
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --info4⤵PID:7676
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 11208 /f /t3⤵PID:7692
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001"3⤵PID:7644
-
C:\Windows\system32\chcp.comchcp 650014⤵PID:8964
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 7644 /f /t3⤵PID:7512
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001 | "C:\Program Files\dotnet\dotnet.exe" --list-sdks"3⤵PID:9044
-
C:\Windows\system32\chcp.comchcp 650014⤵PID:12104
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --list-sdks4⤵PID:7584
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 9044 /f /t3⤵
- Kills process with taskkill
PID:5576
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "echo %PATH%"3⤵PID:9100
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 9100 /f /t3⤵PID:12028
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "where where"3⤵PID:7828
-
C:\Windows\system32\where.exewhere where4⤵PID:12012
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 7828 /f /t3⤵
- Kills process with taskkill
PID:12056
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "where dotnet"3⤵PID:6708
-
C:\Windows\system32\where.exewhere dotnet4⤵PID:6148
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 6708 /f /t3⤵
- Kills process with taskkill
PID:6220
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001"3⤵PID:11592
-
C:\Windows\system32\chcp.comchcp 650014⤵PID:8072
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 11592 /f /t3⤵
- Kills process with taskkill
PID:9520
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001 | "C:\Program Files\dotnet\dotnet.exe" --list-runtimes"3⤵PID:9804
-
C:\Windows\system32\chcp.comchcp 650014⤵PID:9560
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --list-runtimes4⤵PID:10780
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 9804 /f /t3⤵PID:5140
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001"3⤵PID:10516
-
C:\Windows\system32\chcp.comchcp 650014⤵PID:9720
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 10516 /f /t3⤵PID:9864
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001 | "C:\Program Files\dotnet\dotnet.exe" --list-runtimes"3⤵PID:9916
-
C:\Windows\system32\chcp.comchcp 650014⤵PID:9888
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --list-runtimes4⤵PID:9912
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 9916 /f /t3⤵
- Kills process with taskkill
PID:11732
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001"3⤵PID:9972
-
C:\Windows\system32\chcp.comchcp 650014⤵PID:10216
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 9972 /f /t3⤵PID:10096
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001 | "C:\Program Files\dotnet\dotnet.exe" --list-runtimes"3⤵
- System Time Discovery
PID:10180 -
C:\Windows\system32\chcp.comchcp 650014⤵PID:11348
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --list-runtimes4⤵PID:11368
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 10180 /f /t3⤵PID:1752
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Program Files\dotnet\dotnet.exe" --info"3⤵PID:10992
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --info4⤵PID:10128
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 10992 /f /t3⤵
- Kills process with taskkill
PID:7284
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001"3⤵PID:10936
-
C:\Windows\system32\chcp.comchcp 650014⤵PID:11052
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 10936 /f /t3⤵PID:7760
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001 | "C:\Program Files\dotnet\dotnet.exe" --list-sdks"3⤵PID:7640
-
C:\Windows\system32\chcp.comchcp 650014⤵PID:7332
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --list-sdks4⤵PID:5816
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 7640 /f /t3⤵PID:7248
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\dotnet\Setup\InstalledVersions\x64\sharedhost /v Path"3⤵PID:1612
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\dotnet\Setup\InstalledVersions\x64\sharedhost /v Path4⤵PID:7924
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 1612 /f /t3⤵
- Kills process with taskkill
PID:9992
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001"3⤵PID:10044
-
C:\Windows\system32\chcp.comchcp 650014⤵PID:10924
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 10044 /f /t3⤵PID:7764
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001 | "C:\Program Files\dotnet\dotnet.exe" --list-runtimes"3⤵PID:7708
-
C:\Windows\system32\chcp.comchcp 650014⤵PID:7624
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --list-runtimes4⤵PID:7404
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 7708 /f /t3⤵
- Kills process with taskkill
PID:7408
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001"3⤵PID:3052
-
C:\Windows\system32\chcp.comchcp 650014⤵PID:5688
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 3052 /f /t3⤵PID:7480
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001 | "C:\Program Files\dotnet\dotnet.exe" --list-runtimes"3⤵
- System Time Discovery
PID:7340 -
C:\Windows\system32\chcp.comchcp 650014⤵PID:7324
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --list-runtimes4⤵
- System Time Discovery
PID:9932
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 7340 /f /t3⤵
- Kills process with taskkill
PID:7252
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Program Files\dotnet\dotnet.exe" --info"3⤵PID:9980
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --info4⤵PID:5396
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 9980 /f /t3⤵PID:3440
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001"3⤵PID:5916
-
C:\Windows\system32\chcp.comchcp 650014⤵PID:5748
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 5916 /f /t3⤵PID:2420
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001 | "C:\Program Files\dotnet\dotnet.exe" --list-sdks"3⤵PID:5344
-
C:\Windows\system32\chcp.comchcp 650014⤵PID:10904
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --list-sdks4⤵PID:5284
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 5344 /f /t3⤵PID:5172
-
-
C:\Windows\system32\reg.exeC:\Windows\system32\reg.exe query "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings"3⤵PID:4828
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "echo %PATH%"3⤵PID:3268
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 3268 /f /t3⤵PID:3824
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "where where"3⤵PID:5424
-
C:\Windows\system32\where.exewhere where4⤵PID:5668
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 5424 /f /t3⤵
- Kills process with taskkill
PID:5280
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "where dotnet"3⤵PID:3776
-
C:\Windows\system32\where.exewhere dotnet4⤵PID:7348
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 3776 /f /t3⤵PID:1784
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001"3⤵PID:6360
-
C:\Windows\system32\chcp.comchcp 650014⤵PID:6872
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 6360 /f /t3⤵PID:11928
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001 | "C:\Program Files\dotnet\dotnet.exe" --list-runtimes"3⤵
- System Time Discovery
PID:6472 -
C:\Windows\system32\chcp.comchcp 650014⤵PID:12156
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --list-runtimes4⤵PID:12236
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 6472 /f /t3⤵PID:6868
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001"3⤵PID:8512
-
C:\Windows\system32\chcp.comchcp 650014⤵PID:1020
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 8512 /f /t3⤵
- Kills process with taskkill
PID:11152
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001 | "C:\Program Files\dotnet\dotnet.exe" --list-runtimes"3⤵
- System Time Discovery
PID:3916 -
C:\Windows\system32\chcp.comchcp 650014⤵PID:10748
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --list-runtimes4⤵
- System Time Discovery
PID:6184
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 3916 /f /t3⤵PID:6228
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Program Files\dotnet\dotnet.exe" --info"3⤵PID:9284
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --info4⤵PID:2128
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 9284 /f /t3⤵PID:60
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001"3⤵PID:10368
-
C:\Windows\system32\chcp.comchcp 650014⤵PID:6640
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 10368 /f /t3⤵
- Kills process with taskkill
PID:1476
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001 | "C:\Program Files\dotnet\dotnet.exe" --list-sdks"3⤵PID:2092
-
C:\Windows\system32\chcp.comchcp 650014⤵PID:756
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --list-sdks4⤵PID:10688
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 2092 /f /t3⤵
- Kills process with taskkill
PID:11040
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "echo %PATH%"3⤵PID:10540
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 10540 /f /t3⤵PID:10604
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "where where"3⤵PID:10912
-
C:\Windows\system32\where.exewhere where4⤵PID:11716
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 10912 /f /t3⤵PID:6092
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "where dotnet"3⤵PID:2632
-
C:\Windows\system32\where.exewhere dotnet4⤵PID:7024
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 2632 /f /t3⤵
- Kills process with taskkill
PID:12020
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001"3⤵PID:5548
-
C:\Windows\system32\chcp.comchcp 650014⤵PID:10728
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 5548 /f /t3⤵
- Kills process with taskkill
PID:11920
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001 | "C:\Program Files\dotnet\dotnet.exe" --list-runtimes"3⤵
- System Time Discovery
PID:11912 -
C:\Windows\system32\chcp.comchcp 650014⤵PID:7504
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --list-runtimes4⤵
- System Time Discovery
PID:7460
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 11912 /f /t3⤵
- Kills process with taskkill
PID:7532
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001"3⤵PID:1744
-
C:\Windows\system32\chcp.comchcp 650014⤵PID:12212
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 1744 /f /t3⤵PID:7544
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001 | "C:\Program Files\dotnet\dotnet.exe" --list-runtimes"3⤵PID:6048
-
C:\Windows\system32\chcp.comchcp 650014⤵PID:6832
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --list-runtimes4⤵
- System Time Discovery
PID:4528
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 6048 /f /t3⤵
- Kills process with taskkill
PID:10452
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001"3⤵PID:9300
-
C:\Windows\system32\chcp.comchcp 650014⤵PID:9236
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 9300 /f /t3⤵PID:11560
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001 | "C:\Program Files\dotnet\dotnet.exe" --list-runtimes"3⤵
- System Time Discovery
PID:8172 -
C:\Windows\system32\chcp.comchcp 650014⤵PID:8640
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --list-runtimes4⤵
- System Time Discovery
PID:5676
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 8172 /f /t3⤵PID:9368
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Program Files\dotnet\dotnet.exe" --info"3⤵PID:8228
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --info4⤵PID:11540
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 8228 /f /t3⤵PID:6252
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001"3⤵PID:9828
-
C:\Windows\system32\chcp.comchcp 650014⤵PID:6288
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 9828 /f /t3⤵PID:9196
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001 | "C:\Program Files\dotnet\dotnet.exe" --list-sdks"3⤵PID:8296
-
C:\Windows\system32\chcp.comchcp 650014⤵PID:11424
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --list-sdks4⤵PID:11440
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 8296 /f /t3⤵
- Kills process with taskkill
PID:6936
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\dotnet\Setup\InstalledVersions\x64\sharedhost /v Path"3⤵PID:4240
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\dotnet\Setup\InstalledVersions\x64\sharedhost /v Path4⤵PID:8460
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 4240 /f /t3⤵
- Kills process with taskkill
PID:8280
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001"3⤵PID:8468
-
C:\Windows\system32\chcp.comchcp 650014⤵PID:9604
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 8468 /f /t3⤵
- Kills process with taskkill
PID:8464
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001 | "C:\Program Files\dotnet\dotnet.exe" --list-runtimes"3⤵
- System Time Discovery
PID:8560 -
C:\Windows\system32\chcp.comchcp 650014⤵PID:6392
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --list-runtimes4⤵PID:188
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 8560 /f /t3⤵
- Kills process with taskkill
PID:6968
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001"3⤵PID:6584
-
C:\Windows\system32\chcp.comchcp 650014⤵PID:6672
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 6584 /f /t3⤵PID:7092
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵PID:6724
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001 | "C:\Program Files\dotnet\dotnet.exe" --list-runtimes"3⤵PID:6344
-
C:\Windows\system32\chcp.comchcp 650014⤵PID:6588
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --list-runtimes4⤵
- System Time Discovery
PID:2856
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 6344 /f /t3⤵
- Kills process with taskkill
PID:8520
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Program Files\dotnet\dotnet.exe" --info"3⤵PID:2052
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --info4⤵PID:6648
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 2052 /f /t3⤵PID:5844
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001"3⤵PID:6276
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵PID:8668
-
-
C:\Windows\system32\chcp.comchcp 650014⤵PID:6844
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 6276 /f /t3⤵
- Kills process with taskkill
PID:5720
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001 | "C:\Program Files\dotnet\dotnet.exe" --list-sdks"3⤵PID:7492
-
C:\Windows\system32\chcp.comchcp 650014⤵PID:7688
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --list-sdks4⤵PID:9020
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 7492 /f /t3⤵PID:7472
-
-
C:\Windows\system32\reg.exeC:\Windows\system32\reg.exe query "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings"3⤵PID:6340
-
-
C:\Windows\system32\cmd.execmd /C where dotnet3⤵PID:8996
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵PID:7644
-
-
C:\Windows\system32\where.exewhere dotnet4⤵PID:9608
-
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --version3⤵PID:9544
-
-
\??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\ripgrep\bin\rg.exe"c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\ripgrep\bin\rg.exe" --files --hidden --case-sensitive --no-require-git -g **/*.{csproj} -g !**/.git -g !**/.svn -g !**/.hg -g !**/CVS -g !**/.DS_Store -g !**/Thumbs.db -g !**/node_modules/** --no-ignore --follow --no-config --no-ignore-global3⤵
- Executes dropped EXE
PID:3404
-
-
\??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\ripgrep\bin\rg.exe"c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\ripgrep\bin\rg.exe" --files --hidden --case-sensitive --no-require-git -g **/*.sln -g !**/.git -g !**/.svn -g !**/.hg -g !**/CVS -g !**/.DS_Store -g !**/Thumbs.db -g !**/{node_modules,obj,bin}/** --no-ignore --follow --no-config --no-ignore-global3⤵
- Executes dropped EXE
PID:12048
-
-
C:\Program Files\dotnet\dotnet.exedotnet --info3⤵PID:8100
-
-
C:\Program Files\dotnet\dotnet.exedotnet --list-runtimes3⤵PID:7456
-
-
C:\Windows\system32\reg.exeC:\Windows\system32\reg.exe query "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings"3⤵PID:8924
-
-
\??\c:\Users\Admin\.vscode\extensions\ms-dotnettools.csharp-2.61.28-win32-x64\.roslyn\Microsoft.CodeAnalysis.LanguageServer.exec:\Users\Admin\.vscode\extensions\ms-dotnettools.csharp-2.61.28-win32-x64\.roslyn\Microsoft.CodeAnalysis.LanguageServer.exe --logLevel Information --razorSourceGenerator c:\Users\Admin\.vscode\extensions\ms-dotnettools.csharp-2.61.28-win32-x64\.razor\Microsoft.CodeAnalysis.Razor.Compiler.dll --razorDesignTimePath c:\Users\Admin\.vscode\extensions\ms-dotnettools.csharp-2.61.28-win32-x64\.razor\Targets\Microsoft.NET.Sdk.Razor.DesignTime.targets --devKitDependencyPath c:\Users\Admin\.vscode\extensions\ms-dotnettools.csharp-2.61.28-win32-x64\.roslynDevKit\Microsoft.VisualStudio.LanguageServices.DevKit.dll --sessionId 9e95c7c2-ab25-40da-89f7-aa01dbafe4dc1737053559438 --extension c:\Users\Admin\.vscode\extensions\ms-dotnettools.csharp-2.61.28-win32-x64\.xamlTools\Microsoft.VisualStudio.DesignTools.CodeAnalysis.dll --extension c:\Users\Admin\.vscode\extensions\ms-dotnettools.csharp-2.61.28-win32-x64\.xamlTools\Microsoft.VisualStudio.DesignTools.CodeAnalysis.Diagnostics.dll --telemetryLevel all --extensionLogDirectory c:\Users\Admin\AppData\Roaming\Code\logs\20250116T185204\window1\exthost\ms-dotnettools.csharp3⤵
- Checks computer location settings
- Executes dropped EXE
- Network Service Discovery
- System Location Discovery: System Language Discovery
- Checks processor information in registry
PID:9564
-
-
\??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\ripgrep\bin\rg.exe"c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\ripgrep\bin\rg.exe" --files --hidden --case-sensitive --no-require-git -g **/*.{cshtml,razor} -g !**/.git -g !**/.svn -g !**/.hg -g !**/CVS -g !**/.DS_Store -g !**/Thumbs.db --no-ignore --follow --no-config --no-ignore-global3⤵
- Executes dropped EXE
PID:10612
-
-
C:\Windows\system32\reg.exeC:\Windows\system32\reg.exe query "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings"3⤵PID:1892
-
-
C:\Windows\system32\reg.exeC:\Windows\system32\reg.exe query "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings"3⤵PID:10020
-
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe"C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" "c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\extensions\markdown-language-features\dist\serverWorkerMain" --node-ipc --clientProcessId=19163⤵
- Executes dropped EXE
PID:8800
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "powershell.exe"3⤵PID:10060
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe4⤵
- Suspicious behavior: EnumeratesProcesses
PID:11412
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 10060 /f /t3⤵
- Kills process with taskkill
PID:11028 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵PID:10936
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "powershell.exe -command $ExecutionContext.SessionState.LanguageMode"3⤵PID:11024
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command $ExecutionContext.SessionState.LanguageMode4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
PID:10984
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "powershell.exe -NoProfile -NonInteractive -NoLogo -ExecutionPolicy unrestricted -Command "& { [Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor [Net.SecurityProtocolType]::Tls12; & 'c:\Users\Admin\.vscode\extensions\ms-dotnettools.vscode-dotnet-runtime-2.2.5\dist\install scripts\dotnet-install.ps1' -InstallDir 'c:\Users\Admin\AppData\Roaming\Code\User\globalStorage\ms-dotnettools.vscode-dotnet-runtime\.dotnet\8.0.12~x64~aspnetcore' -Version 8.0.12 -Verbose -Runtime aspnetcore -Architecture x64 }""3⤵PID:560
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵PID:7924
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -NoProfile -NonInteractive -NoLogo -ExecutionPolicy unrestricted -Command "& { [Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor [Net.SecurityProtocolType]::Tls12; & 'c:\Users\Admin\.vscode\extensions\ms-dotnettools.vscode-dotnet-runtime-2.2.5\dist\install scripts\dotnet-install.ps1' -InstallDir 'c:\Users\Admin\AppData\Roaming\Code\User\globalStorage\ms-dotnettools.vscode-dotnet-runtime\.dotnet\8.0.12~x64~aspnetcore' -Version 8.0.12 -Verbose -Runtime aspnetcore -Architecture x64 }"4⤵
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
- System Time Discovery
- Suspicious behavior: EnumeratesProcesses
PID:1404
-
-
-
C:\Windows\system32\where.exewhere.exe dotnet3⤵PID:9540
-
-
\??\c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-code-launcher.win32-x64\escape-node-job.exec:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-code-launcher.win32-x64\escape-node-job c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-server.win32-x64\Microsoft.VisualStudio.Code.Server --serviceHubConfigPath c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\servicehub\servicehub.config.json --pipe \\.\pipe\2bf281ac-5446-43ed-a68d-9ce39f7deb6f --pipe-server \\.\pipe\fed0dacc-daa3-464d-bea0-afcdfb64bdb9 --log-directory c:\Users\Admin\AppData\Roaming\Code\logs\20250116T185204\window1\exthost\ms-dotnettools.csdevkit --log-verbosity Information --vscodeSessionId 9e95c7c2-ab25-40da-89f7-aa01dbafe4dc1737053559438 --vscodeTelemetryLevel all --cache-directory c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\cache --component c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\CPS\platforms\win32-x64\node_modules\@microsoft\msbuild-dependencies.win32-x64 c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\CPS\platforms\win32-x64\node_modules\@microsoft\visualstudio-projectsystem-buildhost-rpc.win32-x64 c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\CPS\platforms\win32-x64\node_modules\@microsoft\visualstudio-projectsystem-buildhost.win32-x64 c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\CPS\platforms\win32-x64\node_modules\@microsoft\visualstudio-projectsystem-server.win32-x64 c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\dotnet-project-system\node_modules\@microsoft\microsoft.visualstudio.projectsystem.managed c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\dotnet-project-system-vscode\node_modules\@microsoft\vscode.projectsystem.managed c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\dotnet-project-system-vscode\node_modules\@microsoft\vscode.templateengine c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\roslyn-visualstudio-languageservices-devkit\node_modules\@microsoft\visualstudio-languageservices-devkit c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-code-coverage\platforms\win32-x64\node_modules\@microsoft\coverage-services.win32-x64 c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\servicehub-controller-net60.win32-x64 c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-code-launcher.win32-x64 c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-code-servicehost.win32-x64 c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-reliability-monitor.win32-x64 c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-server-samples-sayhello.win32-x64 c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-server-shared.win32-x64 c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-server.win32-x64 c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\VSDebugCore\platforms\win32-x64\node_modules\@microsoft\visualstudio-debugger-devkit.win32-x64 c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\VSUnitTesting\platforms\win32-x64\node_modules\@microsoft\visualstudio-testwindow-vscode-service.win32-x64 c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\WebTools\node_modules\@microsoft\vscode.webtools3⤵
- Executes dropped EXE
PID:8608 -
\??\c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-server.win32-x64\Microsoft.VisualStudio.Code.Server.exe"c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-server.win32-x64\Microsoft.VisualStudio.Code.Server" --serviceHubConfigPath c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\servicehub\servicehub.config.json --pipe \\.\pipe\2bf281ac-5446-43ed-a68d-9ce39f7deb6f --pipe-server \\.\pipe\fed0dacc-daa3-464d-bea0-afcdfb64bdb9 --log-directory c:\Users\Admin\AppData\Roaming\Code\logs\20250116T185204\window1\exthost\ms-dotnettools.csdevkit --log-verbosity Information --vscodeSessionId 9e95c7c2-ab25-40da-89f7-aa01dbafe4dc1737053559438 --vscodeTelemetryLevel all --cache-directory c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\cache --component c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\CPS\platforms\win32-x64\node_modules\@microsoft\msbuild-dependencies.win32-x64 c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\CPS\platforms\win32-x64\node_modules\@microsoft\visualstudio-projectsystem-buildhost-rpc.win32-x64 c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\CPS\platforms\win32-x64\node_modules\@microsoft\visualstudio-projectsystem-buildhost.win32-x64 c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\CPS\platforms\win32-x64\node_modules\@microsoft\visualstudio-projectsystem-server.win32-x64 c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\dotnet-project-system\node_modules\@microsoft\microsoft.visualstudio.projectsystem.managed c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\dotnet-project-system-vscode\node_modules\@microsoft\vscode.projectsystem.managed c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\dotnet-project-system-vscode\node_modules\@microsoft\vscode.templateengine c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\roslyn-visualstudio-languageservices-devkit\node_modules\@microsoft\visualstudio-languageservices-devkit c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-code-coverage\platforms\win32-x64\node_modules\@microsoft\coverage-services.win32-x64 c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\servicehub-controller-net60.win32-x64 c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-code-launcher.win32-x64 c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-code-servicehost.win32-x64 c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-reliability-monitor.win32-x64 c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-server-samples-sayhello.win32-x64 c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-server-shared.win32-x64 c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-server.win32-x64 c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\VSDebugCore\platforms\win32-x64\node_modules\@microsoft\visualstudio-debugger-devkit.win32-x64 c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\VSUnitTesting\platforms\win32-x64\node_modules\@microsoft\visualstudio-testwindow-vscode-service.win32-x64 c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\WebTools\node_modules\@microsoft\vscode.webtools4⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Checks processor information in registry
PID:7772 -
\??\c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\servicehub-controller-net60.win32-x64\Microsoft.ServiceHub.Controller.exe"c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\servicehub-controller-net60.win32-x64/Microsoft.ServiceHub.Controller" f1d0e2dbe5ea1a180173a4f84a22fe1c533b71a2bbc0f0f92e4d51096612bfd0 /ControllerCooldownTimeout:30000 "/TelemetrySession:{\"TelemetryLevel\":\"all\",\"IsOptedIn\":false,\"HostName\":\"Default\",\"AppInsightsInstrumentationKey\":null,\"AsimovInstrumentationKey\":null,\"CollectorApiKey\":\"0c6ae279ed8443289764825290e4f9e2-1a736e7c-1324-4338-be46-fc2a58ae4d14-7255\",\"AppId\":1010,\"UserId\":\"4bcc34a8-75ff-4e4e-aad4-a4700fb1a713\",\"Id\":\"9e95c7c2-ab25-40da-89f7-aa01dbafe4dc1737053559438\",\"ProcessStartTime\":133815271790900961,\"SkuName\":null,\"VSExeVersion\":null,\"BucketFiltersToEnableWatsonForFaults\":[],\"BucketFiltersToAddDumpsToFaults\":[]}"5⤵
- Checks computer location settings
- Executes dropped EXE
PID:8716 -
\??\c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-code-servicehost.win32-x64\Microsoft.VisualStudio.Code.ServiceHost.exe"c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-code-servicehost.win32-x64\Microsoft.VisualStudio.Code.ServiceHost.exe" dotnet.projectSystem$C94B8CFE-E3FD-4BAF-A941-2866DBB566FE net.pipe://8716D13DE4DDA0BAB84A189C34255ECD2DA4 "/TelemetrySession:{\"TelemetryLevel\":\"all\",\"IsOptedIn\":false,\"HostName\":\"Default\",\"AppInsightsInstrumentationKey\":null,\"AsimovInstrumentationKey\":null,\"CollectorApiKey\":\"0c6ae279ed8443289764825290e4f9e2-1a736e7c-1324-4338-be46-fc2a58ae4d14-7255\",\"AppId\":1010,\"UserId\":\"4bcc34a8-75ff-4e4e-aad4-a4700fb1a713\",\"Id\":\"9e95c7c2-ab25-40da-89f7-aa01dbafe4dc1737053559438\",\"ProcessStartTime\":133815271790900961,\"SkuName\":null,\"VSExeVersion\":null,\"BucketFiltersToEnableWatsonForFaults\":[],\"BucketFiltersToAddDumpsToFaults\":[]}"6⤵
- Checks computer location settings
PID:8296 -
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" "c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\CPS\platforms\win32-x64\node_modules\@microsoft\visualstudio-projectsystem-buildhost.win32-x64/Microsoft.VisualStudio.ProjectSystem.Server.BuildHost.dll"7⤵PID:10812
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --info7⤵PID:7140
-
-
-
\??\c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-code-servicehost.win32-x64\Microsoft.VisualStudio.Code.ServiceHost.exe"c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-code-servicehost.win32-x64/Microsoft.VisualStudio.Code.ServiceHost.exe" dotnet$C94B8CFE-E3FD-4BAF-A941-2866DBB566FE net.pipe://8716D13DE4DDA0BAB84A189C34255ECD2DA4 "/TelemetrySession:{\"TelemetryLevel\":\"all\",\"IsOptedIn\":false,\"HostName\":\"Default\",\"AppInsightsInstrumentationKey\":null,\"AsimovInstrumentationKey\":null,\"CollectorApiKey\":\"0c6ae279ed8443289764825290e4f9e2-1a736e7c-1324-4338-be46-fc2a58ae4d14-7255\",\"AppId\":1010,\"UserId\":\"4bcc34a8-75ff-4e4e-aad4-a4700fb1a713\",\"Id\":\"9e95c7c2-ab25-40da-89f7-aa01dbafe4dc1737053559438\",\"ProcessStartTime\":133815271790900961,\"SkuName\":null,\"VSExeVersion\":null,\"BucketFiltersToEnableWatsonForFaults\":[],\"BucketFiltersToAddDumpsToFaults\":[]}"6⤵
- Checks computer location settings
- System Time Discovery
PID:9456
-
-
-
-
-
\??\c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-code-launcher.win32-x64\escape-node-job.exec:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-code-launcher.win32-x64\escape-node-job c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-reliability-monitor.win32-x64\Microsoft.VisualStudio.Reliability.Monitor --vscodeSessionId 9e95c7c2-ab25-40da-89f7-aa01dbafe4dc1737053559438 --vscodeTelemetryLevel all3⤵PID:9228
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵PID:9828
-
-
\??\c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-reliability-monitor.win32-x64\Microsoft.VisualStudio.Reliability.Monitor.exe"c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-reliability-monitor.win32-x64\Microsoft.VisualStudio.Reliability.Monitor" --vscodeSessionId 9e95c7c2-ab25-40da-89f7-aa01dbafe4dc1737053559438 --vscodeTelemetryLevel all4⤵
- Checks computer location settings
PID:11444
-
-
-
C:\Program Files\dotnet\dotnet.exedotnet.exe restore C:\Users\Admin\Desktop\Fableborne-Crypto-Bot-Crypto-Game-Auto-Farm-Clicker-Cheat-Token-Hack-Api-fableborne\Fableborne-Robot.sln --interactive3⤵PID:9376
-
-
\??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\ripgrep\bin\rg.exe"c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\ripgrep\bin\rg.exe" --files --hidden --case-sensitive --no-require-git -g **/package.json -g !**/.git -g !**/.svn -g !**/.hg -g !**/CVS -g !**/.DS_Store -g !**/Thumbs.db --no-ignore --follow --no-config --no-ignore-global3⤵PID:4828
-
-
\??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\ripgrep\bin\rg.exe"c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\ripgrep\bin\rg.exe" --files --hidden --case-sensitive --no-require-git -g **/tsconfig*.json -g !**/.git -g !**/.svn -g !**/.hg -g !**/CVS -g !**/.DS_Store -g !**/Thumbs.db -g !**/{node_modules,.*}/** --no-ignore --follow --no-config --no-ignore-global3⤵PID:10452
-
-
\??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\ripgrep\bin\rg.exe"c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\ripgrep\bin\rg.exe" --files --hidden --case-sensitive --no-require-git -g **/package.json -g !**/.git -g !**/.svn -g !**/.hg -g !**/CVS -g !**/.DS_Store -g !**/Thumbs.db -g !**/{node_modules,.vscode-test}/** --no-ignore --follow --no-config --no-ignore-global3⤵PID:7532
-
-
C:\Program Files\dotnet\dotnet.exedotnet build C:\Users\Admin\Desktop\Fableborne-Crypto-Bot-Crypto-Game-Auto-Farm-Clicker-Cheat-Token-Hack-Api-fableborne\Fableborne-Robot.sln /property:GenerateFullPaths=true /consoleloggerparameters:NoSummary /p:Configuration=Debug "/p:Platform=\"Any CPU\""3⤵PID:12040
-
-
\??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\ripgrep\bin\rg.exe"c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\ripgrep\bin\rg.exe" --files --hidden --case-sensitive --no-require-git -g **/tsconfig*.json -g !**/.git -g !**/.svn -g !**/.hg -g !**/CVS -g !**/.DS_Store -g !**/Thumbs.db -g !**/{node_modules,.*}/** --no-ignore --follow --no-config --no-ignore-global3⤵PID:9200
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "wsl.exe -l -q"2⤵PID:10280
-
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe"C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --app-user-model-id=Microsoft.VisualStudioCode --app-path="C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app" --enable-sandbox --enable-blink-features=HighlightAPI --disable-blink-features=FontMatchingCTMigration,StandardizedBrowserZoom, --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4436,i,1042497478286513560,8234979831247775611,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=4452 --vscode-window-config=vscode:1b32411e-8e39-4e46-9049-ed4722a54b49 /prefetch:12⤵
- Checks computer location settings
- Executes dropped EXE
PID:8792
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "wsl.exe -l -q"2⤵PID:9196
-
C:\Windows\system32\wsl.exewsl.exe -l -q3⤵PID:8724
-
-
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe"C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --gpu-preferences=UAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=4752,i,1042497478286513560,8234979831247775611,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=4956 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:8832
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "wsl.exe -l -q"2⤵PID:11156
-
C:\Windows\system32\wsl.exewsl.exe -l -q3⤵PID:11232
-
-
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe"C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=utility --utility-sub-type=node.mojom.NodeService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --field-trial-handle=4360,i,1042497478286513560,8234979831247775611,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2832 /prefetch:82⤵PID:7676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://aka.ms/dotnet/download2⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:7592 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x12c,0x130,0x134,0x108,0x138,0x7ffb70be46f8,0x7ffb70be4708,0x7ffb70be47183⤵PID:7968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,16657411992022038372,6370228117836545291,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:23⤵PID:4812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,16657411992022038372,6370228117836545291,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:8100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,16657411992022038372,6370228117836545291,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:83⤵PID:9532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16657411992022038372,6370228117836545291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:13⤵PID:9920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16657411992022038372,6370228117836545291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:13⤵PID:9976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16657411992022038372,6370228117836545291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:13⤵PID:5228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,16657411992022038372,6370228117836545291,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5752 /prefetch:83⤵PID:7324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,16657411992022038372,6370228117836545291,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5752 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:10844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16657411992022038372,6370228117836545291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:13⤵PID:5292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16657411992022038372,6370228117836545291,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:13⤵PID:3268
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16657411992022038372,6370228117836545291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:13⤵PID:5760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16657411992022038372,6370228117836545291,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:13⤵PID:5636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2128,16657411992022038372,6370228117836545291,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5304 /prefetch:83⤵PID:8196
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2128,16657411992022038372,6370228117836545291,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5180 /prefetch:83⤵PID:1692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16657411992022038372,6370228117836545291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2792 /prefetch:13⤵PID:740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16657411992022038372,6370228117836545291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:13⤵PID:10508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2128,16657411992022038372,6370228117836545291,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6024 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:5352
-
-
C:\Users\Admin\Downloads\dotnet-sdk-9.0.102-win-x64.exe"C:\Users\Admin\Downloads\dotnet-sdk-9.0.102-win-x64.exe"3⤵
- System Location Discovery: System Language Discovery
PID:11912 -
C:\Windows\Temp\{C76C9967-95C7-4E1A-81BA-FB9CF4076616}\.cr\dotnet-sdk-9.0.102-win-x64.exe"C:\Windows\Temp\{C76C9967-95C7-4E1A-81BA-FB9CF4076616}\.cr\dotnet-sdk-9.0.102-win-x64.exe" -burn.clean.room="C:\Users\Admin\Downloads\dotnet-sdk-9.0.102-win-x64.exe" -burn.filehandle.attached=716 -burn.filehandle.self=5004⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
PID:1492 -
C:\Windows\Temp\{D00420EB-9A84-412B-A58E-CCBAFDE0F80F}\.be\dotnet-sdk-9.0.102-win-x64.exe"C:\Windows\Temp\{D00420EB-9A84-412B-A58E-CCBAFDE0F80F}\.be\dotnet-sdk-9.0.102-win-x64.exe" -q -burn.elevated BurnPipe.{2969173D-1D64-423B-AE79-E907F364A2E3} {F052F49D-FA0A-4DEB-81E6-270F93C5891D} 14925⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:7412
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,16657411992022038372,6370228117836545291,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:23⤵PID:11644
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:9680
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:11100
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:11192 -
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 72B9124EF7CED516E38B6AA94F13F75F2⤵
- System Location Discovery: System Language Discovery
PID:8328
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding D93269F856F7B277EDF69AF0DD73BCBB2⤵
- System Location Discovery: System Language Discovery
PID:684
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 7EE25D1D90E8BB9DBE528350A81B62392⤵
- System Location Discovery: System Language Discovery
PID:4592
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 12559B101258385DF9F7937439283FB22⤵
- System Location Discovery: System Language Discovery
PID:8832
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 99865285809EE1501519ED8ACA2EF05C2⤵
- System Location Discovery: System Language Discovery
PID:3020
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 8A7D82856301CDEDC17D818516117BA92⤵
- System Location Discovery: System Language Discovery
PID:6164
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 6A6300A0808A917CCB6F9AF2A95CF2742⤵
- System Location Discovery: System Language Discovery
PID:6848
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 4318803266D79A6E7661DC908F4A48B62⤵
- System Location Discovery: System Language Discovery
PID:1244
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 9651C7C2C688DA4DE79615E9D9136CDD2⤵
- System Location Discovery: System Language Discovery
PID:11432
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding BF1289525978A129474451A00B0DF9902⤵
- System Location Discovery: System Language Discovery
PID:9320
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 3F88C186AA9E62367092838E0C4B1ADA2⤵
- System Location Discovery: System Language Discovery
PID:9396
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 1F192D3C765F29729FE92688F23C5C732⤵
- System Location Discovery: System Language Discovery
PID:10136
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 83F2E4762C890AC9B45516599F4BE0F02⤵
- System Location Discovery: System Language Discovery
PID:7620
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 1F7636DB0CFC89B3B8EAC6204B64926D2⤵
- System Location Discovery: System Language Discovery
PID:9932
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding F500DECB950D162EAB6DE22B2ACC59B72⤵
- System Location Discovery: System Language Discovery
PID:5812
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 603C2EF58B4E8265F4BE7BB0F6F572042⤵
- System Location Discovery: System Language Discovery
PID:10888
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 68ED09DA42E7A458A51E3D25BF3EF9532⤵
- System Location Discovery: System Language Discovery
PID:3020
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding FB5034CE12566DB80140335F287A9A762⤵
- System Location Discovery: System Language Discovery
PID:5680
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 4193D50B7D890B95CBAC2538CAEB0FA42⤵
- System Location Discovery: System Language Discovery
PID:9232
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding C64D44727CD089F6290C8FB9C24E455B2⤵
- System Location Discovery: System Language Discovery
PID:11084
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding D7E58702746C28CF94DE5684E14E6C4C2⤵
- System Location Discovery: System Language Discovery
PID:4544
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding C31F45232F9D6C74867AC4F360FAF72B2⤵
- System Location Discovery: System Language Discovery
PID:7128
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 2F4A963C051003617399BB52A71996912⤵
- System Location Discovery: System Language Discovery
PID:6916
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding CCE3635E1D09AA20DA1BC910D5F5AE092⤵
- System Location Discovery: System Language Discovery
PID:1588
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 1E04455F88F02C596DC337DD5B733D4B2⤵
- System Location Discovery: System Language Discovery
PID:5692
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 130A251B6BC745448031A7FBF3B5D7442⤵
- System Location Discovery: System Language Discovery
PID:11688
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 38ED7F03E9185D28598A17C785FB0B032⤵
- System Location Discovery: System Language Discovery
PID:8368
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 8E94389EDB8E208EE77654862CEBA7B62⤵
- System Location Discovery: System Language Discovery
PID:11760
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding FE83FC267CF34D5D93BEBFD10680DE8D E Global\MSI00002⤵
- System Location Discovery: System Language Discovery
PID:7332 -
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\\dotnet.exe" exec "C:\Program Files\dotnet\\sdk\9.0.102\dotnet.dll" internal-reportinstallsuccess "C:\Users\Admin\Downloads\dotnet-sdk-9.0.102-win-x64.exe"3⤵
- Modifies data under HKEY_USERS
PID:12064 -
C:\Windows\system32\getmac.exe"C:\Windows\system32\getmac.exe"4⤵PID:7160
-
-
C:\Windows\system32\getmac.exe"C:\Windows\system32\getmac.exe"4⤵PID:1400
-
-
C:\Windows\system32\getmac.exe"C:\Windows\system32\getmac.exe"4⤵PID:7000
-
-
C:\Windows\system32\getmac.exe"C:\Windows\system32\getmac.exe"4⤵PID:7784
-
-
C:\Windows\system32\getmac.exe"C:\Windows\system32\getmac.exe"4⤵PID:4884
-
-
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 961923394E51AB519BE911B4B520FDF52⤵
- System Location Discovery: System Language Discovery
PID:6968
-
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe"C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" "C:\Users\Admin\Desktop\Fableborne-Crypto-Bot-Crypto-Game-Auto-Farm-Clicker-Cheat-Token-Hack-Api-fableborne"1⤵
- Checks computer location settings
- Drops file in Windows directory
- Checks processor information in registry
PID:6736 -
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe"C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\Code /prefetch:4 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\Code\Crashpad --url=appcenter://code?aid=a4e3233c-699c-46ec-b4f4-9c2a77254662&uid=ef6f41dd-eeff-4493-850f-f698dd9de73c&iid=ef6f41dd-eeff-4493-850f-f698dd9de73c&sid=ef6f41dd-eeff-4493-850f-f698dd9de73c --annotation=_companyName=Microsoft --annotation=_productName=VSCode --annotation=_version=1.96.3 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=32.2.6 --initial-client-data=0x474,0x478,0x47c,0x470,0x480,0x7ff7a38060b8,0x7ff7a38060c4,0x7ff7a38060d02⤵PID:1588
-
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe"C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --gpu-preferences=UAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1864,i,1472132166568719020,17995705908167431790,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1856 /prefetch:22⤵PID:11168
-
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe"C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --field-trial-handle=2096,i,1472132166568719020,17995705908167431790,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1984 /prefetch:32⤵PID:9304
-
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe"C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --app-user-model-id=Microsoft.VisualStudioCode --app-path="C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app" --enable-sandbox --enable-blink-features=HighlightAPI --disable-blink-features=FontMatchingCTMigration,StandardizedBrowserZoom, --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --field-trial-handle=3200,i,1472132166568719020,17995705908167431790,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3196 --vscode-window-config=vscode:3152b197-90a5-4f1d-8232-65aacd30a896 /prefetch:12⤵
- Checks computer location settings
PID:11656
-
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe"C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=utility --utility-sub-type=node.mojom.NodeService --lang=en-US --service-sandbox-type=none --dns-result-order=ipv4first --inspect-port=0 --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --field-trial-handle=3840,i,1472132166568719020,17995705908167431790,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3844 /prefetch:82⤵
- Checks computer location settings
PID:4424 -
\??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\ripgrep\bin\rg.exe"c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\ripgrep\bin\rg.exe" --files --hidden --case-sensitive --no-require-git -g **/*.fs -g **/*.fsproj -g **/*.fsx -g **/*.sln -g !**/.git -g !**/.svn -g !**/.hg -g !**/CVS -g !**/.DS_Store -g !**/Thumbs.db -g !**/node_modules -g !**/bower_components -g !**/*.code-search --no-ignore-parent --follow --quiet --no-config --no-ignore-global3⤵PID:10612
-
-
\??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\ripgrep\bin\rg.exe"c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\ripgrep\bin\rg.exe" --files --hidden --case-sensitive --no-require-git -g **/*.csproj -g !**/.git -g !**/.svn -g !**/.hg -g !**/CVS -g !**/.DS_Store -g !**/Thumbs.db -g !**/node_modules -g !**/bower_components -g !**/*.code-search --no-ignore-parent --follow --quiet --no-config --no-ignore-global3⤵PID:10868
-
-
\??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\ripgrep\bin\rg.exe"c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\ripgrep\bin\rg.exe" --files --hidden --case-sensitive --no-require-git -g **/*.{csproj,csx,cake} -g !**/.git -g !**/.svn -g !**/.hg -g !**/CVS -g !**/.DS_Store -g !**/Thumbs.db -g !**/node_modules -g !**/bower_components -g !**/*.code-search --no-ignore-parent --follow --quiet --no-config --no-ignore-global3⤵PID:11372
-
-
C:\Windows\system32\cmd.execmd /C where dotnet3⤵PID:2132
-
C:\Windows\system32\where.exewhere dotnet4⤵PID:6864
-
-
-
C:\Windows\system32\cmd.execmd /C where dotnet3⤵PID:7140
-
C:\Windows\system32\where.exewhere dotnet4⤵PID:724
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "echo %PATH%"3⤵PID:2828
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 2828 /f /t3⤵PID:2856
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "where where"3⤵PID:3028
-
C:\Windows\system32\where.exewhere where4⤵PID:6248
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 3028 /f /t3⤵
- Kills process with taskkill
PID:10708
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "where dotnet"3⤵PID:6200
-
C:\Windows\system32\where.exewhere dotnet4⤵PID:7008
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 6200 /f /t3⤵
- Kills process with taskkill
PID:6840
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001"3⤵PID:7100
-
C:\Windows\system32\chcp.comchcp 650014⤵PID:6660
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 7100 /f /t3⤵
- Kills process with taskkill
PID:11216
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001 | "C:\Program Files\dotnet\dotnet.exe" --list-runtimes"3⤵
- System Time Discovery
PID:8636 -
C:\Windows\system32\chcp.comchcp 650014⤵PID:7280
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --list-runtimes4⤵
- System Time Discovery
PID:1556
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 8636 /f /t3⤵
- Kills process with taskkill
PID:6912
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001"3⤵PID:1536
-
C:\Windows\system32\chcp.comchcp 650014⤵PID:1988
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 1536 /f /t3⤵PID:1164
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001 | "C:\Program Files\dotnet\dotnet.exe" --list-runtimes"3⤵
- System Time Discovery
PID:7972 -
C:\Windows\system32\chcp.comchcp 650014⤵PID:9152
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --list-runtimes4⤵PID:3844
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 7972 /f /t3⤵PID:4804
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Program Files\dotnet\dotnet.exe" --info"3⤵PID:396
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --info4⤵PID:7692
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 396 /f /t3⤵
- Kills process with taskkill
PID:6504
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "echo %PATH%"3⤵PID:1476
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 1476 /f /t3⤵PID:7284
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "where where"3⤵PID:10604
-
C:\Windows\system32\where.exewhere where4⤵PID:9072
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 10604 /f /t3⤵
- Kills process with taskkill
PID:10452
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "where dotnet"3⤵PID:9052
-
C:\Windows\system32\where.exewhere dotnet4⤵PID:8956
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 9052 /f /t3⤵PID:11208
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001"3⤵PID:11232
-
C:\Windows\system32\chcp.comchcp 650014⤵PID:7648
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 11232 /f /t3⤵
- Kills process with taskkill
PID:8688
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001 | "C:\Program Files\dotnet\dotnet.exe" --list-runtimes"3⤵
- System Time Discovery
PID:4352 -
C:\Windows\system32\chcp.comchcp 650014⤵PID:10732
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --list-runtimes4⤵
- System Time Discovery
PID:9024
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 4352 /f /t3⤵PID:7104
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001"3⤵PID:1616
-
C:\Windows\system32\chcp.comchcp 650014⤵PID:9584
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 1616 /f /t3⤵PID:7456
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001 | "C:\Program Files\dotnet\dotnet.exe" --list-runtimes"3⤵
- System Time Discovery
PID:9688 -
C:\Windows\system32\chcp.comchcp 650014⤵PID:6564
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --list-runtimes4⤵PID:8780
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 9688 /f /t3⤵
- Kills process with taskkill
PID:10232
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Program Files\dotnet\dotnet.exe" --info"3⤵PID:7176
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --info4⤵PID:2936
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 7176 /f /t3⤵PID:4616
-
-
C:\Windows\system32\cmd.execmd /C where dotnet3⤵PID:6292
-
C:\Windows\system32\where.exewhere dotnet4⤵PID:3176
-
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --version3⤵PID:220
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" c:\Users\Admin\.vscode\extensions\ionide.ionide-fsharp-7.22.0\bin\net9.0\fsautocomplete.dll --state-directory c:\Users\Admin\AppData\Roaming\Code\User\workspaceStorage\8db0ad62c8bee7cc17490750f532a1bc\Ionide.Ionide-fsharp3⤵
- Network Service Discovery
PID:9020 -
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --version4⤵PID:10460
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --list-sdks4⤵PID:5284
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --version4⤵PID:5044
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --list-sdks4⤵PID:8348
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --version4⤵PID:7824
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --list-sdks4⤵PID:848
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --version4⤵PID:8020
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --list-sdks4⤵PID:8116
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --version4⤵PID:9488
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --list-sdks4⤵PID:10496
-
-
-
\??\c:\Users\Admin\.vscode\extensions\ms-dotnettools.csharp-2.61.28-win32-x64\.roslyn\Microsoft.CodeAnalysis.LanguageServer.exec:\Users\Admin\.vscode\extensions\ms-dotnettools.csharp-2.61.28-win32-x64\.roslyn\Microsoft.CodeAnalysis.LanguageServer.exe --logLevel Information --razorSourceGenerator c:\Users\Admin\.vscode\extensions\ms-dotnettools.csharp-2.61.28-win32-x64\.razor\Microsoft.CodeAnalysis.Razor.Compiler.dll --razorDesignTimePath c:\Users\Admin\.vscode\extensions\ms-dotnettools.csharp-2.61.28-win32-x64\.razor\Targets\Microsoft.NET.Sdk.Razor.DesignTime.targets --devKitDependencyPath c:\Users\Admin\.vscode\extensions\ms-dotnettools.csharp-2.61.28-win32-x64\.roslynDevKit\Microsoft.VisualStudio.LanguageServices.DevKit.dll --sessionId 4be5313b-637a-4f04-a4bd-9153435a30a41737053817515 --extension c:\Users\Admin\.vscode\extensions\ms-dotnettools.csharp-2.61.28-win32-x64\.xamlTools\Microsoft.VisualStudio.DesignTools.CodeAnalysis.dll --extension c:\Users\Admin\.vscode\extensions\ms-dotnettools.csharp-2.61.28-win32-x64\.xamlTools\Microsoft.VisualStudio.DesignTools.CodeAnalysis.Diagnostics.dll --telemetryLevel all --extensionLogDirectory c:\Users\Admin\AppData\Roaming\Code\logs\20250116T185657\window1\exthost\ms-dotnettools.csharp3⤵
- Checks computer location settings
- Network Service Discovery
- System Location Discovery: System Language Discovery
- Checks processor information in registry
PID:9324
-
-
C:\Program Files\dotnet\dotnet.exedotnet --info3⤵PID:12276
-
-
\??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\ripgrep\bin\rg.exe"c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\ripgrep\bin\rg.exe" --files --hidden --case-sensitive --no-require-git -g **/*.{cshtml,razor} -g !**/.git -g !**/.svn -g !**/.hg -g !**/CVS -g !**/.DS_Store -g !**/Thumbs.db --no-ignore --follow --no-config --no-ignore-global3⤵PID:11960
-
-
C:\Program Files\dotnet\dotnet.exedotnet --list-runtimes3⤵
- System Time Discovery
PID:1712
-
-
C:\Windows\system32\reg.exeC:\Windows\system32\reg.exe query "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings"3⤵PID:1048
-
-
C:\Windows\system32\where.exewhere.exe dotnet3⤵PID:9512
-
-
C:\Program Files\dotnet\dotnet.exedotnet --version3⤵PID:9624
-
-
\??\c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-code-launcher.win32-x64\escape-node-job.exec:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-code-launcher.win32-x64\escape-node-job c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-server.win32-x64\Microsoft.VisualStudio.Code.Server --serviceHubConfigPath c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\servicehub\servicehub.config.json --pipe \\.\pipe\4e944285-1d7d-433d-868b-2be64032305d --pipe-server \\.\pipe\9c5f8f76-c8d6-4eb6-93ab-be356dd3b200 --log-directory c:\Users\Admin\AppData\Roaming\Code\logs\20250116T185657\window1\exthost\ms-dotnettools.csdevkit --log-verbosity Information --vscodeSessionId 4be5313b-637a-4f04-a4bd-9153435a30a41737053817515 --vscodeTelemetryLevel all --cache-directory c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\cache --component c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\CPS\platforms\win32-x64\node_modules\@microsoft\msbuild-dependencies.win32-x64 c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\CPS\platforms\win32-x64\node_modules\@microsoft\visualstudio-projectsystem-buildhost-rpc.win32-x64 c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\CPS\platforms\win32-x64\node_modules\@microsoft\visualstudio-projectsystem-buildhost.win32-x64 c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\CPS\platforms\win32-x64\node_modules\@microsoft\visualstudio-projectsystem-server.win32-x64 c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\dotnet-project-system\node_modules\@microsoft\microsoft.visualstudio.projectsystem.managed c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\dotnet-project-system-vscode\node_modules\@microsoft\vscode.projectsystem.managed c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\dotnet-project-system-vscode\node_modules\@microsoft\vscode.templateengine c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\roslyn-visualstudio-languageservices-devkit\node_modules\@microsoft\visualstudio-languageservices-devkit c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-code-coverage\platforms\win32-x64\node_modules\@microsoft\coverage-services.win32-x64 c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\servicehub-controller-net60.win32-x64 c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-code-launcher.win32-x64 c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-code-servicehost.win32-x64 c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-reliability-monitor.win32-x64 c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-server-samples-sayhello.win32-x64 c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-server-shared.win32-x64 c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-server.win32-x64 c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\VSDebugCore\platforms\win32-x64\node_modules\@microsoft\visualstudio-debugger-devkit.win32-x64 c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\VSUnitTesting\platforms\win32-x64\node_modules\@microsoft\visualstudio-testwindow-vscode-service.win32-x64 c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\WebTools\node_modules\@microsoft\vscode.webtools3⤵PID:10044
-
\??\c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-server.win32-x64\Microsoft.VisualStudio.Code.Server.exe"c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-server.win32-x64\Microsoft.VisualStudio.Code.Server" --serviceHubConfigPath c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\servicehub\servicehub.config.json --pipe \\.\pipe\4e944285-1d7d-433d-868b-2be64032305d --pipe-server \\.\pipe\9c5f8f76-c8d6-4eb6-93ab-be356dd3b200 --log-directory c:\Users\Admin\AppData\Roaming\Code\logs\20250116T185657\window1\exthost\ms-dotnettools.csdevkit --log-verbosity Information --vscodeSessionId 4be5313b-637a-4f04-a4bd-9153435a30a41737053817515 --vscodeTelemetryLevel all --cache-directory c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\cache --component c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\CPS\platforms\win32-x64\node_modules\@microsoft\msbuild-dependencies.win32-x64 c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\CPS\platforms\win32-x64\node_modules\@microsoft\visualstudio-projectsystem-buildhost-rpc.win32-x64 c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\CPS\platforms\win32-x64\node_modules\@microsoft\visualstudio-projectsystem-buildhost.win32-x64 c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\CPS\platforms\win32-x64\node_modules\@microsoft\visualstudio-projectsystem-server.win32-x64 c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\dotnet-project-system\node_modules\@microsoft\microsoft.visualstudio.projectsystem.managed c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\dotnet-project-system-vscode\node_modules\@microsoft\vscode.projectsystem.managed c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\dotnet-project-system-vscode\node_modules\@microsoft\vscode.templateengine c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\roslyn-visualstudio-languageservices-devkit\node_modules\@microsoft\visualstudio-languageservices-devkit c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-code-coverage\platforms\win32-x64\node_modules\@microsoft\coverage-services.win32-x64 c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\servicehub-controller-net60.win32-x64 c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-code-launcher.win32-x64 c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-code-servicehost.win32-x64 c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-reliability-monitor.win32-x64 c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-server-samples-sayhello.win32-x64 c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-server-shared.win32-x64 c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-server.win32-x64 c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\VSDebugCore\platforms\win32-x64\node_modules\@microsoft\visualstudio-debugger-devkit.win32-x64 c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\VSUnitTesting\platforms\win32-x64\node_modules\@microsoft\visualstudio-testwindow-vscode-service.win32-x64 c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\WebTools\node_modules\@microsoft\vscode.webtools4⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Checks processor information in registry
PID:12156 -
\??\c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\servicehub-controller-net60.win32-x64\Microsoft.ServiceHub.Controller.exe"c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\servicehub-controller-net60.win32-x64/Microsoft.ServiceHub.Controller" e3bcfd8c8500394baa9c5cd50ae10c1ba6c4d693f051152b806e622f689309e4 /ControllerCooldownTimeout:30000 "/TelemetrySession:{\"TelemetryLevel\":\"all\",\"IsOptedIn\":false,\"HostName\":\"Default\",\"AppInsightsInstrumentationKey\":null,\"AsimovInstrumentationKey\":null,\"CollectorApiKey\":\"0c6ae279ed8443289764825290e4f9e2-1a736e7c-1324-4338-be46-fc2a58ae4d14-7255\",\"AppId\":1010,\"UserId\":\"4bcc34a8-75ff-4e4e-aad4-a4700fb1a713\",\"Id\":\"4be5313b-637a-4f04-a4bd-9153435a30a41737053817515\",\"ProcessStartTime\":133815274254652010,\"SkuName\":null,\"VSExeVersion\":null,\"BucketFiltersToEnableWatsonForFaults\":[],\"BucketFiltersToAddDumpsToFaults\":[]}"5⤵
- Checks computer location settings
PID:2924 -
\??\c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-code-servicehost.win32-x64\Microsoft.VisualStudio.Code.ServiceHost.exe"c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-code-servicehost.win32-x64/Microsoft.VisualStudio.Code.ServiceHost.exe" dotnet$C94B8CFE-E3FD-4BAF-A941-2866DBB566FE net.pipe://2924DEC2C82EA48F3F6FEA3DDA779E2C71A2 "/TelemetrySession:{\"TelemetryLevel\":\"all\",\"IsOptedIn\":false,\"HostName\":\"Default\",\"AppInsightsInstrumentationKey\":null,\"AsimovInstrumentationKey\":null,\"CollectorApiKey\":\"0c6ae279ed8443289764825290e4f9e2-1a736e7c-1324-4338-be46-fc2a58ae4d14-7255\",\"AppId\":1010,\"UserId\":\"4bcc34a8-75ff-4e4e-aad4-a4700fb1a713\",\"Id\":\"4be5313b-637a-4f04-a4bd-9153435a30a41737053817515\",\"ProcessStartTime\":133815274254652010,\"SkuName\":null,\"VSExeVersion\":null,\"BucketFiltersToEnableWatsonForFaults\":[],\"BucketFiltersToAddDumpsToFaults\":[]}"6⤵
- Checks computer location settings
PID:6824
-
-
\??\c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-code-servicehost.win32-x64\Microsoft.VisualStudio.Code.ServiceHost.exe"c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-code-servicehost.win32-x64\Microsoft.VisualStudio.Code.ServiceHost.exe" dotnet.projectSystem$C94B8CFE-E3FD-4BAF-A941-2866DBB566FE net.pipe://2924DEC2C82EA48F3F6FEA3DDA779E2C71A2 "/TelemetrySession:{\"TelemetryLevel\":\"all\",\"IsOptedIn\":false,\"HostName\":\"Default\",\"AppInsightsInstrumentationKey\":null,\"AsimovInstrumentationKey\":null,\"CollectorApiKey\":\"0c6ae279ed8443289764825290e4f9e2-1a736e7c-1324-4338-be46-fc2a58ae4d14-7255\",\"AppId\":1010,\"UserId\":\"4bcc34a8-75ff-4e4e-aad4-a4700fb1a713\",\"Id\":\"4be5313b-637a-4f04-a4bd-9153435a30a41737053817515\",\"ProcessStartTime\":133815274254652010,\"SkuName\":null,\"VSExeVersion\":null,\"BucketFiltersToEnableWatsonForFaults\":[],\"BucketFiltersToAddDumpsToFaults\":[]}"6⤵
- Checks computer location settings
- System Time Discovery
PID:6324 -
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" "c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\CPS\platforms\win32-x64\node_modules\@microsoft\visualstudio-projectsystem-buildhost.win32-x64/Microsoft.VisualStudio.ProjectSystem.Server.BuildHost.dll"7⤵PID:4416
-
-
-
-
-
-
\??\c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-code-launcher.win32-x64\escape-node-job.exec:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-code-launcher.win32-x64\escape-node-job c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-reliability-monitor.win32-x64\Microsoft.VisualStudio.Reliability.Monitor --vscodeSessionId 4be5313b-637a-4f04-a4bd-9153435a30a41737053817515 --vscodeTelemetryLevel all3⤵PID:8512
-
\??\c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-reliability-monitor.win32-x64\Microsoft.VisualStudio.Reliability.Monitor.exe"c:\Users\Admin\.vscode\extensions\ms-dotnettools.csdevkit-1.15.34-win32-x64\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-reliability-monitor.win32-x64\Microsoft.VisualStudio.Reliability.Monitor" --vscodeSessionId 4be5313b-637a-4f04-a4bd-9153435a30a41737053817515 --vscodeTelemetryLevel all4⤵
- Checks computer location settings
PID:1020
-
-
-
C:\Program Files\dotnet\dotnet.exedotnet.exe restore C:\Users\Admin\Desktop\Fableborne-Crypto-Bot-Crypto-Game-Auto-Farm-Clicker-Cheat-Token-Hack-Api-fableborne\Fableborne-Robot.sln --interactive3⤵
- Checks computer location settings
PID:12120
-
-
C:\Windows\system32\cmd.execmd /C where dotnet3⤵PID:3852
-
C:\Windows\system32\where.exewhere dotnet4⤵PID:7468
-
-
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe"C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" "c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\extensions\json-language-features\server\dist\node\jsonServerMain" --node-ipc --clientProcessId=44243⤵PID:6984
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "wsl.exe -l -q"2⤵PID:12188
-
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe"C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=utility --utility-sub-type=node.mojom.NodeService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --field-trial-handle=3852,i,1472132166568719020,17995705908167431790,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3880 /prefetch:82⤵
- Checks computer location settings
PID:12176 -
\??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\bin\code-tunnel.exe"c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\bin\code-tunnel.exe" tunnel status3⤵PID:10516
-
-
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe"C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=utility --utility-sub-type=node.mojom.NodeService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --field-trial-handle=3952,i,1472132166568719020,17995705908167431790,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3872 /prefetch:82⤵PID:12172
-
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe"C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=utility --utility-sub-type=node.mojom.NodeService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --field-trial-handle=4040,i,1472132166568719020,17995705908167431790,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=4036 /prefetch:82⤵PID:6756
-
C:\Windows\system32\conhost.exe\\?\C:\Windows\system32\conhost.exe --headless --width 89 --height 11 --signal 0x3c8 --server 0x3c03⤵PID:10372
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -noexit -command "try { . \"c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\workbench\contrib\terminal\common\scripts\shellIntegration.ps1\" } catch {}"3⤵
- Command and Scripting Interpreter: PowerShell
PID:9316
-
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe"C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" "c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\node-pty\lib\conpty_console_list_agent" 93163⤵PID:9228
-
-
C:\Windows\system32\conhost.exe\\?\C:\Windows\system32\conhost.exe --headless --width 98 --height 11 --signal 0x454 --server 0x4503⤵PID:2632
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -noexit -command "try { . \"c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\workbench\contrib\terminal\common\scripts\shellIntegration.ps1\" } catch {}"3⤵
- Command and Scripting Interpreter: PowerShell
PID:10376
-
-
C:\Windows\system32\conhost.exe\\?\C:\Windows\system32\conhost.exe --headless --inheritcursor --width 80 --height 11 --signal 0x380 --server 0x47c3⤵PID:12084
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -Command & 'C:\Program Files\dotnet\dotnet.exe' build Fableborne-Robot.sln3⤵
- Command and Scripting Interpreter: PowerShell
PID:1724 -
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" build Fableborne-Robot.sln4⤵
- Checks computer location settings
PID:1488
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "wsl.exe -l -q"2⤵PID:4840
-
C:\Windows\system32\wsl.exewsl.exe -l -q3⤵PID:5456
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "wsl.exe -l -q"2⤵PID:6688
-
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe"C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=utility --utility-sub-type=node.mojom.NodeService --lang=en-US --service-sandbox-type=none --dns-result-order=ipv4first --inspect-port=0 --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --field-trial-handle=4436,i,1472132166568719020,17995705908167431790,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=4432 /prefetch:82⤵
- Checks computer location settings
PID:7196 -
\??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\ripgrep\bin\rg.exe"c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\ripgrep\bin\rg.exe" --files --hidden --case-sensitive --no-require-git -g **/*.fs -g **/*.fsproj -g **/*.fsx -g **/*.sln -g !**/.git -g !**/.svn -g !**/.hg -g !**/CVS -g !**/.DS_Store -g !**/Thumbs.db -g !**/node_modules -g !**/bower_components -g !**/*.code-search --no-ignore-parent --follow --quiet --no-config --no-ignore-global3⤵PID:9984
-
-
\??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\ripgrep\bin\rg.exe"c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\ripgrep\bin\rg.exe" --files --hidden --case-sensitive --no-require-git -g **/*.csproj -g !**/.git -g !**/.svn -g !**/.hg -g !**/CVS -g !**/.DS_Store -g !**/Thumbs.db -g !**/node_modules -g !**/bower_components -g !**/*.code-search --no-ignore-parent --follow --quiet --no-config --no-ignore-global3⤵PID:9436
-
-
\??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\ripgrep\bin\rg.exe"c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\ripgrep\bin\rg.exe" --files --hidden --case-sensitive --no-require-git -g **/*.{csproj,csx,cake} -g !**/.git -g !**/.svn -g !**/.hg -g !**/CVS -g !**/.DS_Store -g !**/Thumbs.db -g !**/node_modules -g !**/bower_components -g !**/*.code-search --no-ignore-parent --follow --quiet --no-config --no-ignore-global3⤵PID:10620
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "echo %PATH%"3⤵PID:6188
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 6188 /f /t3⤵PID:4320
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "where where"3⤵PID:10408
-
C:\Windows\system32\where.exewhere where4⤵PID:8524
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 10408 /f /t3⤵PID:8392
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "where dotnet"3⤵PID:6648
-
C:\Windows\system32\where.exewhere dotnet4⤵PID:924
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 6648 /f /t3⤵PID:10324
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001"3⤵PID:7116
-
C:\Windows\system32\chcp.comchcp 650014⤵PID:5256
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 7116 /f /t3⤵
- Kills process with taskkill
PID:8664
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001 | "C:\Program Files\dotnet\dotnet.exe" --list-runtimes"3⤵
- System Time Discovery
PID:11180 -
C:\Windows\system32\chcp.comchcp 650014⤵PID:7020
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --list-runtimes4⤵
- System Time Discovery
PID:6660
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 11180 /f /t3⤵
- Kills process with taskkill
PID:11340
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001"3⤵PID:1556
-
C:\Windows\system32\chcp.comchcp 650014⤵PID:8592
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 1556 /f /t3⤵
- Kills process with taskkill
PID:8328
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001 | "C:\Program Files\dotnet\dotnet.exe" --list-runtimes"3⤵PID:1988
-
C:\Windows\system32\chcp.comchcp 650014⤵PID:7972
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --list-runtimes4⤵
- System Time Discovery
PID:9612
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 1988 /f /t3⤵PID:9312
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Program Files\dotnet\dotnet.exe" --info"3⤵PID:8332
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --info4⤵PID:9220
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 8332 /f /t3⤵
- Kills process with taskkill
PID:7484
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "echo %PATH%"3⤵PID:6868
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 6868 /f /t3⤵PID:1476
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "where where"3⤵PID:6600
-
C:\Windows\system32\where.exewhere where4⤵PID:7252
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 6600 /f /t3⤵PID:9028
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "where dotnet"3⤵PID:9144
-
C:\Windows\system32\where.exewhere dotnet4⤵PID:6808
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 9144 /f /t3⤵PID:6092
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001"3⤵PID:8908
-
C:\Windows\system32\chcp.comchcp 650014⤵PID:11156
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 8908 /f /t3⤵PID:6304
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001 | "C:\Program Files\dotnet\dotnet.exe" --list-runtimes"3⤵PID:1708
-
C:\Windows\system32\chcp.comchcp 650014⤵PID:12072
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --list-runtimes4⤵
- System Time Discovery
PID:9024
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 1708 /f /t3⤵PID:4748
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001"3⤵PID:9476
-
C:\Windows\system32\chcp.comchcp 650014⤵PID:5664
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 9476 /f /t3⤵PID:10564
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp 65001 | "C:\Program Files\dotnet\dotnet.exe" --list-runtimes"3⤵
- System Time Discovery
PID:7872 -
C:\Windows\system32\chcp.comchcp 650014⤵PID:6260
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --list-runtimes4⤵
- System Time Discovery
PID:8780
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 7872 /f /t3⤵
- Kills process with taskkill
PID:10148
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Program Files\dotnet\dotnet.exe" --info"3⤵PID:5992
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --info4⤵PID:11008
-
-
-
C:\Windows\system32\taskkill.exetaskkill /pid 5992 /f /t3⤵PID:2936
-
-
C:\Windows\system32\cmd.execmd /C where dotnet3⤵PID:724
-
C:\Windows\system32\where.exewhere dotnet4⤵PID:1164
-
-
-
\??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\ripgrep\bin\rg.exe"c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\ripgrep\bin\rg.exe" --files --hidden --case-sensitive --no-require-git -g **/*.{cshtml,razor} -g !**/.git -g !**/.svn -g !**/.hg -g !**/CVS -g !**/.DS_Store -g !**/Thumbs.db --no-ignore --follow --no-config --no-ignore-global3⤵PID:7620
-
-
\??\c:\Users\Admin\.vscode\extensions\ms-dotnettools.csharp-2.61.28-win32-x64\.roslyn\Microsoft.CodeAnalysis.LanguageServer.exec:\Users\Admin\.vscode\extensions\ms-dotnettools.csharp-2.61.28-win32-x64\.roslyn\Microsoft.CodeAnalysis.LanguageServer.exe --logLevel Information --razorSourceGenerator c:\Users\Admin\.vscode\extensions\ms-dotnettools.csharp-2.61.28-win32-x64\.razor\Microsoft.CodeAnalysis.Razor.Compiler.dll --razorDesignTimePath c:\Users\Admin\.vscode\extensions\ms-dotnettools.csharp-2.61.28-win32-x64\.razor\Targets\Microsoft.NET.Sdk.Razor.DesignTime.targets --telemetryLevel all --extensionLogDirectory c:\Users\Admin\AppData\Roaming\Code\logs\20250116T185657\window1\exthost\ms-dotnettools.csharp3⤵
- Checks computer location settings
- System Time Discovery
PID:8188 -
C:\Program Files\dotnet\dotnet.exe"dotnet.exe" --roll-forward LatestMajor c:\Users\Admin\.vscode\extensions\ms-dotnettools.csharp-2.61.28-win32-x64\.roslyn\BuildHost-netcore\Microsoft.CodeAnalysis.Workspaces.MSBuild.BuildHost.dll --pipe 5657e72d-95df-4dee-8cf5-d451fd0c08dd --property RazorDesignTimeTargets=c:\Users\Admin\.vscode\extensions\ms-dotnettools.csharp-2.61.28-win32-x64\.razor\Targets\Microsoft.NET.Sdk.Razor.DesignTime.targets --locale en-US4⤵
- System Time Discovery
PID:5680
-
-
C:\Program Files\dotnet\dotnet.exe"dotnet.exe" --roll-forward LatestMajor c:\Users\Admin\.vscode\extensions\ms-dotnettools.csharp-2.61.28-win32-x64\.roslyn\BuildHost-netcore\Microsoft.CodeAnalysis.Workspaces.MSBuild.BuildHost.dll --pipe fc454f10-90c0-46e3-8cec-4b3bd1c1e0ba --property RazorDesignTimeTargets=c:\Users\Admin\.vscode\extensions\ms-dotnettools.csharp-2.61.28-win32-x64\.razor\Targets\Microsoft.NET.Sdk.Razor.DesignTime.targets --locale en-US4⤵
- System Time Discovery
PID:5328
-
-
\??\c:\Users\Admin\.vscode\extensions\ms-dotnettools.csharp-2.61.28-win32-x64\.roslyn\BuildHost-net472\Microsoft.CodeAnalysis.Workspaces.MSBuild.BuildHost.exe"c:\Users\Admin\.vscode\extensions\ms-dotnettools.csharp-2.61.28-win32-x64\.roslyn\BuildHost-net472\Microsoft.CodeAnalysis.Workspaces.MSBuild.BuildHost.exe" --pipe 032ba277-ed02-4554-8933-b419940fe69f --property RazorDesignTimeTargets=c:\Users\Admin\.vscode\extensions\ms-dotnettools.csharp-2.61.28-win32-x64\.razor\Targets\Microsoft.NET.Sdk.Razor.DesignTime.targets --locale en-US4⤵
- System Time Discovery
PID:10820
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" restore c:\Users\Admin\Desktop\Fableborne-Crypto-Bot-Crypto-Game-Auto-Farm-Clicker-Cheat-Token-Hack-Api-fableborne\Fableborne-AutoPlay\Form11\Form1.csproj4⤵
- Checks computer location settings
PID:5380
-
-
C:\Program Files\dotnet\dotnet.exe"dotnet.exe" --roll-forward LatestMajor c:\Users\Admin\.vscode\extensions\ms-dotnettools.csharp-2.61.28-win32-x64\.roslyn\BuildHost-netcore\Microsoft.CodeAnalysis.Workspaces.MSBuild.BuildHost.dll --pipe 902fa847-3897-4231-ae51-7454ab351b6f --property RazorDesignTimeTargets=c:\Users\Admin\.vscode\extensions\ms-dotnettools.csharp-2.61.28-win32-x64\.razor\Targets\Microsoft.NET.Sdk.Razor.DesignTime.targets --locale en-US4⤵
- Network Service Discovery
PID:9980
-
-
-
C:\Windows\system32\cmd.execmd /C where dotnet3⤵PID:5080
-
C:\Windows\system32\where.exewhere dotnet4⤵PID:5836
-
-
-
C:\Windows\system32\cmd.execmd /C where dotnet3⤵PID:8084
-
C:\Windows\system32\where.exewhere dotnet4⤵PID:5804
-
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --version3⤵PID:11524
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" c:\Users\Admin\.vscode\extensions\ionide.ionide-fsharp-7.22.0\bin\net9.0\fsautocomplete.dll --state-directory c:\Users\Admin\AppData\Roaming\Code\User\workspaceStorage\8db0ad62c8bee7cc17490750f532a1bc\Ionide.Ionide-fsharp3⤵
- Network Service Discovery
PID:4936 -
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --version4⤵PID:10416
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --list-sdks4⤵PID:1712
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --version4⤵PID:5292
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --list-sdks4⤵PID:3184
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --version4⤵PID:7920
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --list-sdks4⤵PID:6848
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --version4⤵PID:10344
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --list-sdks4⤵PID:3412
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --version4⤵PID:7704
-
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\dotnet.exe" --list-sdks4⤵PID:10492
-
-
-
\??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\ripgrep\bin\rg.exe"c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\ripgrep\bin\rg.exe" --files --hidden --case-sensitive --no-require-git -g **/*.sln -g !**/.git -g !**/.svn -g !**/.hg -g !**/CVS -g !**/.DS_Store -g !**/Thumbs.db -g !**/node_modules/** --no-ignore --follow --no-config --no-ignore-global3⤵PID:3376
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "dotnet --info"3⤵PID:7272
-
C:\Program Files\dotnet\dotnet.exedotnet --info4⤵PID:6540
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "dotnet --list-runtimes"3⤵
- System Time Discovery
PID:7516 -
C:\Program Files\dotnet\dotnet.exedotnet --list-runtimes4⤵
- System Time Discovery
PID:11012
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "%windir%\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid"3⤵PID:8500
-
C:\Windows\System32\reg.exeC:\Windows\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid4⤵PID:9852
-
-
-
C:\Windows\system32\cmd.execmd /C where dotnet3⤵PID:4892
-
C:\Windows\system32\where.exewhere dotnet4⤵PID:5020
-
-
-
C:\Windows\system32\cmd.execmd /C where dotnet3⤵PID:10164
-
C:\Windows\system32\where.exewhere dotnet4⤵PID:5716
-
-
-
\??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\ripgrep\bin\rg.exe"c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\ripgrep\bin\rg.exe" --files --hidden --case-sensitive --no-require-git -g **/package.json -g !**/.git -g !**/.svn -g !**/.hg -g !**/CVS -g !**/.DS_Store -g !**/Thumbs.db --no-ignore --follow --no-config --no-ignore-global3⤵PID:5400
-
-
C:\Windows\system32\cmd.execmd /C where dotnet3⤵PID:7936
-
C:\Windows\system32\where.exewhere dotnet4⤵PID:2728
-
-
-
\??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\ripgrep\bin\rg.exe"c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\ripgrep\bin\rg.exe" --files --hidden --case-sensitive --no-require-git -g **/tsconfig*.json -g !**/.git -g !**/.svn -g !**/.hg -g !**/CVS -g !**/.DS_Store -g !**/Thumbs.db -g !**/{node_modules,.*}/** --no-ignore --follow --no-config --no-ignore-global3⤵PID:10520
-
-
\??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\ripgrep\bin\rg.exe"c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\ripgrep\bin\rg.exe" --files --hidden --case-sensitive --no-require-git -g **/package.json -g !**/.git -g !**/.svn -g !**/.hg -g !**/CVS -g !**/.DS_Store -g !**/Thumbs.db -g !**/{node_modules,.vscode-test}/** --no-ignore --follow --no-config --no-ignore-global3⤵PID:8516
-
-
C:\Windows\system32\cmd.execmd /C where dotnet3⤵PID:7336
-
C:\Windows\system32\where.exewhere dotnet4⤵PID:4796
-
-
-
\??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\ripgrep\bin\rg.exe"c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\ripgrep\bin\rg.exe" --files --hidden --case-sensitive --no-require-git -g **/tsconfig*.json -g !**/.git -g !**/.svn -g !**/.hg -g !**/CVS -g !**/.DS_Store -g !**/Thumbs.db -g !**/{node_modules,.*}/** --no-ignore --follow --no-config --no-ignore-global3⤵PID:6800
-
-
C:\Windows\system32\cmd.execmd /C where dotnet3⤵PID:5276
-
C:\Windows\system32\where.exewhere dotnet4⤵PID:9116
-
-
-
\??\c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\ripgrep\bin\rg.exe"c:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\ripgrep\bin\rg.exe" --files --hidden --case-sensitive --no-require-git -g **/tsconfig*.json -g !**/.git -g !**/.svn -g !**/.hg -g !**/CVS -g !**/.DS_Store -g !**/Thumbs.db -g !**/{node_modules,.*}/** --no-ignore --follow --no-config --no-ignore-global3⤵PID:10948
-
-
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe"C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=utility --utility-sub-type=node.mojom.NodeService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --field-trial-handle=4600,i,1472132166568719020,17995705908167431790,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=4588 /prefetch:82⤵PID:6580
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "wsl.exe -l -q"2⤵PID:9236
-
C:\Windows\system32\wsl.exewsl.exe -l -q3⤵PID:11000
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "wsl.exe -l -q"2⤵PID:10508
-
C:\Windows\system32\wsl.exewsl.exe -l -q3⤵PID:10332
-
-
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe"C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --gpu-preferences=UAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=3992,i,1472132166568719020,17995705908167431790,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2656 /prefetch:82⤵PID:11608
-
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe"C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --app-user-model-id=Microsoft.VisualStudioCode --app-path="C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app" --enable-sandbox --enable-blink-features=HighlightAPI --disable-blink-features=FontMatchingCTMigration,StandardizedBrowserZoom, --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3740,i,1472132166568719020,17995705908167431790,262144 --disable-features=CalculateNativeWinOcclusion,PlzDedicatedWorker,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3744 --vscode-window-config=vscode:3152b197-90a5-4f1d-8232-65aacd30a896 /prefetch:12⤵
- Checks computer location settings
PID:11728
-
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
File and Directory Permissions Modification
1Modify Registry
2Subvert Trust Controls
2Install Root Certificate
1SIP and Trust Provider Hijacking
1Discovery
Browser Information Discovery
1Network Service Discovery
1Network Share Discovery
1Peripheral Device Discovery
1Query Registry
6System Information Discovery
5System Location Discovery
1System Language Discovery
1System Time Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
48KB
MD51dda76cd2b7bb634b3fda3dcf2a01574
SHA17cb43ffd7a58676a35258f297f962e348733f6ad
SHA2567b450745e344de3d5d99953b821000a299a33e671311e31c026892ae64f7a5f2
SHA51237ffea7c932229755f18dbfc6a98cd193c4732d6d4416b16be56b26bfee3b491aefd470f257a76ded7913e6b2569d91ae8745105a5b7164d84f0c6f19a0ebd61
-
Filesize
9KB
MD552e3c5f43e27938f3b1f4d3150c7fd89
SHA13c047bde7c6c7aa818fb6a01ffb58d37176065c5
SHA2562a9294c104f1b1d0c119004fe83493559f9df748b6ed1bf30303c0d21cdc56be
SHA51223f643a23a29ea2125c41c926c851331d24613e7cb1fcd76f3522584e1d6d3134b06c972d190f391b4489e0f4fdd36c5cc005f95e9f48d1bf81e740b31c94ac1
-
Filesize
10KB
MD59caaddecbcbd820207673cbced08add5
SHA1a563271c77df8ec55e3ce66389a52e8dca3d1367
SHA2564c467c617780573ae8932f31362728672acf3f3191070b4258a7679855be5632
SHA512a6c33728205c9fed092e9a41156b159910b4d9addadbcb35c6a6aa72f3e70575c53371d5696949787f71c1deeb7512f20c6e847be71e507e2eb2a649d937d06d
-
Filesize
93KB
MD5b962078abb62637d845a6d30830d5ed9
SHA195ee0ff97c9438927310ad750e4add6c5f95c119
SHA2565035775cd8c19c084f00c9c2b9a1af6589ff35201b270e99e977daa32490df4b
SHA512849f517a2d5c131ed4b8fe8c5f97e82e2aa25f5380be982ecb8c3f03fd3ecf682cde2a9bf54da57f20e216e92b103230ce34c67644bd8ef39d2abd94cc13b960
-
Filesize
11KB
MD557ca6e6d83a46641b952bff5238f4db3
SHA12327c0a3a17214f7d6b5d0d9f9e61372e5540c66
SHA25670d5e9717f24bfd82b4158b12a0e3e7938f116297511559f043ea905168cb09a
SHA5124584ade1154f5d1def2ea2c642b98b765015aba3ad34bdfeb833758e8fc67e32c8b742f4b4504e2439e843fd9e2a775ee3c62fa71b66c19562501a1ba8c6aa05
-
Filesize
11KB
MD5da0b50507ece16864f95a71029e784fc
SHA18a51be36c319cccaaf11d4fb322f9fe4f2b01fd1
SHA256d333f5c10dd59575403b1d9f5b507918bc212e6ca9c7ab2091a9f46452402ecd
SHA512662228cd8d0b279401e6657d2a175886faab5ffa983408bfdb9f5c145f42f07acf899161a8b306168798ecd2b1e86b07661cc2c899b06b6ca096b6d76669ab06
-
Filesize
11KB
MD5b8b44341a87f13f58280d37db8a0328b
SHA13f55593453d7ad2fd1275bcfa027404a8e8621f9
SHA2566834230803c070f12cbac1ef3d92f5a41c586b16b30d139fe63f90cdd8e3695a
SHA512ab8b8c29eb9d6e30d33425e965f3e371e9b3c9641bffe11a63bda633584a9287e13c6a1ed7541c1680cd45c7f383b29e5d710231c25204065371a3af39da43c8
-
Filesize
35KB
MD5deb481cfb012aeb30b663b037373c1ea
SHA19f7f03773945bf34dfd558cdeb2ef6fc4f2c3ff7
SHA256be34894a891b9ced2ea1e8967b2b39f41fd46b8b464f78b45cf34e26ab089717
SHA512573d2b999783561c4fa948e7b0f4707211b227f2dd9aae065114c08b6ba394be02cd23c4f1b02fa6693a54aeb2845e3bdfc6a4137154706ec5b6f4a67703e553
-
Filesize
88KB
MD5ae04dcb4976504996d11eae61ccab132
SHA173ff2c32e6fb18548b402cef9ab23ca518e5874b
SHA25696cfc2d5ff7667dff093f791a54c4f15714521d093a29bfa524147811e10d66b
SHA512ca2f9ee4517de3d7de8c34101a2b5f2d541bb9f767ab6c236e589fc171f9665c821ef0fcf25400ccd1cd788925b7a41b686f397bfb25da606937c65457898ec7
-
Filesize
58KB
MD578fbea172b37d1e883e2ef5edef600e6
SHA1c3d68ae3596691e735d31ae55902ec1e44ba2839
SHA256f7fa2838fe1e2f71662b6e9c6734846de902a915f4556bad43c8ef148844ecc4
SHA5123d2c6d02c7813cec3e61df831d909a8b9db0ef3052bd40600c0605330324da6f45ebb83b385353fa4f363e7bd33a70d9d01b244c7e5cf5a6099b1e7ccffc464e
-
Filesize
92KB
MD54df25136ac6226c6b80a68c6af9fd906
SHA1ddf6a5b8702697e2f8e89bd00b537e66cee47d99
SHA256d5bdeac5117bd0c09b7449babfda8b9af07497490ffee8fec26285eb502b8cda
SHA5129f0eeace1162c2e8bd97973b00aaf8429f30568a2e53d21b5f3cd4ba92c7c330b084fbf94cf7489a43f227a062cddfc5774e9fb136f41cdf1218f87351637fbe
-
Filesize
9KB
MD5cd5c59963b82c48d9987b27df6924dc2
SHA1e64287c67d812b18583080f5f794aec552e238b4
SHA256267f4e002eb6a2ba7a7dda2b655c558ef5c2aef1f69a7196570706263fdfa559
SHA512a94b11aa17e747a9c245053ef85df328f0d91b7d71a3109ec381ccb7dc4dad85781408a337fc158a950d9e895d9e8f0eb32541c77a6f9f62699814427108cbbb
-
Filesize
9KB
MD5012c1563454cfff23b22fece6b0a6885
SHA10d12947966592dfe65cf7d86fab12789c9010da1
SHA256011574aa49387755880f3739b77a936691c8b33b8de08679985ed59153be46ff
SHA512a41625a7257b803c5d11566009b42c65fd465815b3840d546894892372684d11a3417100ff397c8da0e762077105b3d2bf37403e54998f5e9704717ef0d861b6
-
Filesize
9KB
MD5093d19ad3bbba17937e1a8281dce3e2d
SHA1eaf76f9b554cf175f0f6e9771487fd4a7d60f921
SHA2561c72b13e4dea91d79ec59fc2ed9d4120833605f760af5f62f83fd64c7e2f91fa
SHA51275f60be73f40f163d52b747a914b3563a2bf84406aa778bcef751cf3777e58ee886671ec453f44138de25fad1966f7d9b8eb3b3ee9dd8f1ffb16d5d0ecfc9195
-
Filesize
10KB
MD58ccc31c30aad82756843211d22591c47
SHA1975a31c8c98c00b64e6e819d411a540e50b9a3fc
SHA25634187d48a32ee793f16eb692a8b8b8264818d1205d94679fca85134e9814fb84
SHA5128c3d159365c9366d4f008915321cf8bca5114cbeee702e2b7d36d2beea97882474d6cd1169a1afabd90d8b96f5baa00ef6ee5c6c07d203b1b5ab84884ec690cf
-
Filesize
9KB
MD59ab6545fc1a71cf7cf0d442b0fed946e
SHA13d117f8766c79dbe81edba3a6ffd451be30249ca
SHA256a55de5786a81baededec6ef2399a641ba9e1c5df37bf7ca91b425c04dad7690f
SHA5121943ed9099e4d02dfcc616247c21c1e5a7c6f5a947b911ccde3706a8897f1cebf9e2121abc1c9ab25f78f567b32f23398b3a2031a10e36a5c82252e34b02eabf
-
Filesize
9KB
MD56056f157852be4bc1854ec4ce61bbb51
SHA1b5f7e8e71abd6f1a0f9197bc04b0d2be41ca8beb
SHA256bc8eb243e83dc95a85e4be71435b4adc40e72c607f6ab509a06540399c23fb4b
SHA5127a45e51e2e1082d865c252000c62f2ad9ea3ab2c6e7bdc337b7da2537f9ad6042ee6576b69326d0fef3163b1c405a139878db6765ae43abb75553a3f28f3c069
-
Filesize
9KB
MD5bddbdcc636fbbf03e22f206410386235
SHA1e85a59676e65102d6427985fd178676941e2f9ce
SHA256be69697af183d40942041dff918ba7459c09d59235809651bb9a2c6ee9988243
SHA5125e17d5d3fff3443f995b702f217d302117ea816c97eee5bfa63ea388544d3de2fbdbf23ee4be648525ab82bcfb79490e5ea96a55fef692c0a98640ee0ff3cc86
-
Filesize
15KB
MD5b5189b2bdc538bb8999c7c2142cc2d0e
SHA1259cde394744426d908845f779c6885fa6334956
SHA256bdecfb02b9d4adb0e1a8ad2e54cef9ae8cec376bbc7b06fce989694743128259
SHA512d627d45699f93a991f0535513a8524ecdb34935db88a2498c960c045c8e8ab5c86fa49810e9f17c7fdfa7e43627c929962a12b1b9946df9cd765347be4ceab90
-
Filesize
10KB
MD5b347a71d760368e305390be6b2892600
SHA139e6c7f76491f0d37aeffe770d3947f73843764b
SHA256ff3939c36322e0eaa7db9975e0b4cedf649ccfccad5a15d0564f975f24f104fc
SHA5122a599a95c874ff0b23fa8a2906bc799280763d17a9615acd62805ed24d8013c124c4032ab6378e9aafbf9d116de17371f2c9426451f42c61e80f7786b07f7fe6
-
Filesize
10KB
MD52051a6bba6604db62d6443efb2f96cee
SHA133f13d4a3fbb0721962643ff9179abf725c49760
SHA2568d07af6109852c763c1b27e946cb3648d8b77a9cee4878f2bcf3409b1150bece
SHA51273e5527fc08715e3b49f1186b7dbdf8024be21ede2417f9400a598135a68e79deaf9b3752b0a5378051097baa265cb41620ea1696aed3a1a943bd01544a16d96
-
Filesize
10KB
MD597cd058f4bbdbeb5503d398520dca5c6
SHA12b4c5045f7822c9d8843414b9ece7a992961cc9b
SHA256f33693586a698a00451ea9f510d32d954237c8ae8958f3ee182a836aee4b1de4
SHA512ed2cc9bb738a74296f95f7e0fd1045bee874291f80efe2de142b3a33f780492495730b0417c9eea801cc9038862dd3078e73d6059846f7c56c39c0925ac40eef
-
Filesize
10KB
MD596ed3fbd8df083186eb77357f0ca4b43
SHA1112635a2c908ccaa4f3102741b0826cb3c5be210
SHA256e3ad65ce04a77017b00502b2eebcccbaba927e5ed1c728a7292962b60b63c5f1
SHA51275ca43e19240b6a45c858385ebda6bdc238ced151c612e5cf90cdfd57ec5ff88f6301b0c7f53aee374fb250b10d65a2553539898606fc1af52cf5f684a9fe30d
-
Filesize
13KB
MD52710ccdfddf47780879c10b8d8c58382
SHA1e096632bdf55d9c4249b841333a09a34927147cd
SHA2569d2b7d15b1d5a297d55792bdff1318886e7d66ab5a56886c0a42d81d8afbc073
SHA512ea93a3506d42b824d8717cfcd1cba892fdbcd710e531afb35f37d8ba4291e0ba65fe9ab68f715938ec1ccde143cea63012e26dade3437131372261a621bd1a4b
-
Filesize
13KB
MD515349b3f857c890dcf590f906e266a01
SHA18f96f61b2c30f02868d6664fe9d18c639b968438
SHA2562d09492f14ae52dc03e375b95532a108f91aeef7b53bd314762093301f75908a
SHA51214018e2e6f6d7dda931b99229583d2fc8cf8e63e306cf108ff36ef734312e558f62389b3c76e5ad5783644f68c639518648a6537c860c326a5358f95633b049e
-
Filesize
13KB
MD5e1db202c07ddfdb21100ee9870d80021
SHA1957553513ef52d5f2cd634fcc2ef8bb50f447d97
SHA25646cfb9739406685b1fdb5cbb53286bd73ea1f3bd66bfbd0ca89ed64bb6223199
SHA512c26b48f10f140b86197707f5cf63312657dfa1ad88ed7123782949a1e4d9f08a59ea5d9f6fab8195620ca9e5150ca01e1b1ff6ee55cb30e3a566a64469b0ca93
-
Filesize
9KB
MD5e09ce2b798fb4508d3546049558cf24c
SHA14d40ad9241ede199b03805ce092a6c5ab76dcde2
SHA256ac8317a3cbebb2270adb631a80eb267a08630adff198a5adfda668df25eda7dc
SHA51242a990c4a4df727f8001da89e51ea17f746e3439a393299f1e86eacf9f361216833c52c6435820fbeb214356075c53cd2ee6e338a2519806e91d7bd070a4b2b3
-
Filesize
1.0MB
MD5c343775880de28999ad963ac66edf573
SHA1881333854fe2a4a6ff08899ad72ae34770fe3324
SHA2566102def9ba0d4364e0648e156b2e5cf71c1bfc9c9ec73e7e342d0e050cedac4a
SHA512cfd9dc5bca639a0af6238a9778f4acc5ad749d8386b41aac024156dc6c1165504635a0a2cc3096022677d59b8bd654b374bf7c61205f18b6a5fe4d2248427359
-
Filesize
41KB
MD52d1bb748d6408a9c0b25a6ea1fafd11b
SHA160b2a36ca46d94c2501d82f1bdde5db5dddf8f2b
SHA256b091c2dcac124a478e55366c4955d814937569a24f74fa3e145a5d41bb5401c4
SHA512c114478222dffe89eabf9e7e2dd03613008770acc493e57acdf421d8c2ba9e727f45708782fb116a8e373e396e518a238adfff987a32535922f807fe43a4760b
-
Filesize
77KB
MD5406d07d20e58568365df0557629fadc6
SHA19ab5ba1ef3866afa75b8cf3c392b7dd3d7f52026
SHA256e8ddd95ac905467e4e519b446ca023fa00c31732bebd9b66e65101c712092ee7
SHA512c6025a947faa5dc2b41a14d75e228ca2bd0df094e8cef914c58a6d2f5854424972a647b2c8ca8173345e40ba7557843d03efa85c5098c6e0e6726377efc8a38f
-
Filesize
149KB
MD5ca35d1b221f4291bfb6d37dec40f4d59
SHA18951554ee7955cf3c60e12f3c57964c967c21faa
SHA256fa93e33e15f64eecf56fd46a9e97c61310459ade8399192cc50092ef50875ae1
SHA5128871e7ad316009763b316bb79a8b52c5511c6690e7964dbe64ea1cce68297cb86054cef6411335864b1119af66df2565d0eb4e968ef7ace69d96b06bb8bc0105
-
C:\Program Files\dotnet\sdk\9.0.102\DotnetTools\dotnet-dev-certs\9.0.1-rtm.24610.9\tools\net9.0\any\dotnet-dev-certs.runtimeconfig.json
Filesize340B
MD5f9b459d728682798910410bea158fb7c
SHA128393afea443def9ffd525ae5a2e3dbfb45792a7
SHA2562ebbb0c7ec9c489e220faa2d67ed08f0fc8e69441351f30da13574b2cdb8cad1
SHA5123d0f3a5220f47ec4c34348610412d2e06ab4b7b7a97058fe2934e5cafe5dcb8d6c072702e41ad7a9c172ed463e45d0e72b9d9030fc3141569e10a3450de9c888
-
Filesize
20KB
MD5ecdfe8ede869d2ccc6bf99981ea96400
SHA12f410a0396bc148ed533ad49b6415fb58dd4d641
SHA256accccfbe45d9f08ffeed9916e37b33e98c65be012cfff6e7fa7b67210ce1fefb
SHA5125fc7fee5c25cb2eee19737068968e00a00961c257271b420f594e5a0da0559502d04ee6ba2d8d2aad77f3769622f6743a5ee8dae23f8f993f33fb09ed8db2741
-
C:\Program Files\dotnet\sdk\9.0.102\DotnetTools\dotnet-format\BuildHost-net472\System.Numerics.Vectors.dll
Filesize113KB
MD5aaa2cbf14e06e9d3586d8a4ed455db33
SHA13d216458740ad5cb05bc5f7c3491cde44a1e5df0
SHA2561d3ef8698281e7cf7371d1554afef5872b39f96c26da772210a33da041ba1183
SHA5120b14a039ca67982794a2bb69974ef04a7fbee3686d7364f8f4db70ea6259d29640cbb83d5b544d92fa1d3676c7619cd580ff45671a2bb4753ed8b383597c6da8
-
Filesize
347KB
MD5292e27aa06f891645c2c04eebaf386e8
SHA1dad0bf4a89580ec150411010a5e171872b9f35ba
SHA256d6853075547d7e303efd60354d911a2ff18edba582cda2fa59d91a2e5dcf9e98
SHA512f2888080e4520f8f0e16d5fec0d9e90de6ffc9738983404b9a48c806b74bb7263445da0de0306b9ed6f40315c0a63853b2f9080bb287c1175b8bd89f6cd0ac93
-
Filesize
42KB
MD5b615ef83d67377354b4472748c803578
SHA1d250f6610bf14a863ab303f28a17616b69dca26d
SHA2560adbe65d87bafc46e9ae7fbd4dc40ada05315c5dde6709eef578233fb3f4f62a
SHA5127c8ed41e8549ff339965b00fe82dee7f86f112f27bcc0560bc8dac65d2239a7930238d08a458d46f289efe5de40b2921a704a5de9962b7f755bcc9865cfecb1f
-
C:\Program Files\dotnet\sdk\9.0.102\DotnetTools\dotnet-watch\9.0.102-servicing.24611.3\tools\net9.0\any\BuildHost-net472\System.Collections.Immutable.dll
Filesize246KB
MD5af7880a90c02c0115cd169c7182ab378
SHA16e3ccf50bb1d30805dce58ab6bdd63e0196669e6
SHA256d5ec0837bb176abf13dcd52c658c4e84c5264f67065b9c19679b6643f7d21564
SHA5125377f83cfb8b9892727ed22ba0b9b1a75b2d4750caa6da04f4eeb0f6f9c0f75949226b2ca00876ad1f4c9de02f8ffb1cbcdb3048fbe6d26a6119148282e818a1
-
C:\Program Files\dotnet\sdk\9.0.102\DotnetTools\dotnet-watch\9.0.102-servicing.24611.3\tools\net9.0\any\BuildHost-net472\System.ValueTuple.dll
Filesize24KB
MD523ee4302e85013a1eb4324c414d561d5
SHA1d1664731719e85aad7a2273685d77feb0204ec98
SHA256e905d102585b22c6df04f219af5cbdbfa7bc165979e9788b62df6dcc165e10f4
SHA5126b223ce7f580a40a8864a762e3d5cccf1d34a554847787551e8a5d4d05d7f7a5f116f2de8a1c793f327a64d23570228c6e3648a541dd52f93d58f8f243591e32
-
C:\Program Files\dotnet\sdk\9.0.102\DotnetTools\dotnet-watch\9.0.102-servicing.24611.3\tools\net9.0\any\BuildHost-netcore\System.Collections.Immutable.dll
Filesize241KB
MD52fb8931e4930227170775ea0018c5ec7
SHA1ba9a13cd7a7dcb0c626ba37f8a1ef8ba3b96fbbf
SHA2564f11ed40c44360b53ae94b93df3165277a3654af0c6a6733a85303484671279c
SHA5120fcc8b4123a94eb28fc77cde72422ca4f00ef8d914547774cd656628f4b53d5b7571604fcbaff5283dc6636b781bd45a47ba3726d9351aa6fceacc72edabfb4e
-
C:\Program Files\dotnet\sdk\9.0.102\Sdks\Microsoft.NET.Sdk.StaticWebAssets\tasks\net472\System.Memory.dll
Filesize138KB
MD5f09441a1ee47fb3e6571a3a448e05baf
SHA13c5c5df5f8f8db3f0a35c5ed8d357313a54e3cde
SHA256bf3fb84664f4097f1a8a9bc71a51dcf8cf1a905d4080a4d290da1730866e856f
SHA5120199ae0633bccfeaefbb5aed20832a4379c7ad73461d41a9da3d6dc044093cc319670e67c4efbf830308cbd9a48fb40d4a6c7e472dcc42eb745c6ba813e8e7c6
-
C:\Program Files\dotnet\sdk\9.0.102\Sdks\Microsoft.NET.Sdk.WindowsDesktop\tools\net472\System.Runtime.CompilerServices.Unsafe.dll
Filesize17KB
MD5c610e828b54001574d86dd2ed730e392
SHA1180a7baafbc820a838bbaca434032d9d33cceebe
SHA25637768488e8ef45729bc7d9a2677633c6450042975bb96516e186da6cb9cd0dcf
SHA512441610d2b9f841d25494d7c82222d07e1d443b0da07f0cf735c25ec82f6cce99a3f3236872aec38cc4df779e615d22469666066ccefed7fe75982eefada46396
-
C:\Program Files\dotnet\sdk\9.0.102\Sdks\Microsoft.NET.Sdk\tools\net472\System.Threading.Tasks.Extensions.dll
Filesize25KB
MD5e1e9d7d46e5cd9525c5927dc98d9ecc7
SHA12242627282f9e07e37b274ea36fac2d3cd9c9110
SHA2564f81ffd0dc7204db75afc35ea4291769b07c440592f28894260eea76626a23c6
SHA512da7ab8c0100e7d074f0e680b28d241940733860dfbdc5b8c78428b76e807f27e44d1c5ec95ee80c0b5098e8c5d5da4d48bce86800164f9734a05035220c3ff11
-
Filesize
1KB
MD58ae806bcd6ac97fb7f2b0e270b4a1edf
SHA1af4e5d969c44e3d442c20fdf0b471b363ceb7c83
SHA256a89886665765362eb77e0f8e26602c924520041d1711b2eedc136434fe4d01ab
SHA512704fa4fc813c32ed1c12eaf99ac7dcb7139a518519409ec7ff43bff46041a54500d2da2d4592031ca8787f65013a968c85d5e80e44eff7ca18e229a34438027f
-
C:\Program Files\dotnet\sdk\9.0.102\Sdks\Microsoft.SourceLink.Bitbucket.Git\buildMultiTargeting\Microsoft.SourceLink.Bitbucket.Git.targets
Filesize297B
MD55725a6d47308db618d015c3e55dd499c
SHA19b3e1ac8d62d522505f57fee89a249ac33325edd
SHA25661af182d230365161e831fc573eaa7a2c9ea413e01ca2c446e3aa623e3ee37a1
SHA512ab4ff2bd624295eb15d22377bf1c1bdee135f24e534cc40e86cb569d7af846c990552bd4947b32c2bc74bd92e6ec42bc775e4954fd2142af89c2dcc75fe5f798
-
C:\Program Files\dotnet\sdk\9.0.102\Sdks\Microsoft.SourceLink.Common\buildMultiTargeting\Microsoft.SourceLink.Common.props
Filesize295B
MD5a5dcc9e5bf323d748b26652e11956905
SHA17f8c7a2523d1f4600e0f8bf347d10564cef36780
SHA2562ddb662297ebfb51e70bc61ca7695dc62124a1edd342c82e87e6302cc03f016c
SHA51279d324b12b375ccf888828fd64c303a669ab00657dbf6fe76bba522c7683b7aff8b0c216905fed00284ddf8841fabcf8e2bb64b6849956572d11bbbc8e1540ae
-
C:\Program Files\dotnet\sdk\9.0.102\Sdks\Microsoft.SourceLink.GitHub\tools\netframework\Microsoft.SourceLink.GitHub.dll.config
Filesize1KB
MD5668bb17a1d859d1e1bcd741cdd1356c5
SHA14d881285786553adec91e68d1317ec9dec25c914
SHA2567b3e29717e50e5be3cf4daff048ff5c26977a1273525f9a210f5f4e580fa2e98
SHA51238e126f78e472284790cfa6fc4cc5e4d2b4a25c844038b5f24e8f5a38854466d225340dbc5df180c8bee690a56c220ea230d6e04d38ae843d8c4e4a73cb5d77d
-
Filesize
4KB
MD5a22cdd3374234d3a50c2ace2dc33a63f
SHA1d71bb2417cb805c3da21ebcc0e1ae5a102823c9b
SHA256b60b80763571c22739c4a688a46ee12c65bb66d1e9ac7d0933c2e4222e618874
SHA51271d27f36a5b03c6b470f720196d3d67706f47f3b1d4f88f55960676b3a5024c9ceb1228e7dd6173d24270af556c0d3898fb5395e3823801691deac8ea6026d61
-
Filesize
2.1MB
MD5e4dc9335fb0065d4b3066fcb8a878a9a
SHA10d66f04b77a0726f1bc2077675d485700848d9af
SHA256315a61c47c41b8d4c815f4274bb6584c1d24b4640c7eedc354ed5b03a9a1361e
SHA512929eb77e8b843e484ee74b408edfefffa15d0ee75d70d3b47a808fe380eeaaa9dc40bb29ef549e47e89dbeab159f806b4f823e8d3dc85e657f7bb32485a1c947
-
Filesize
1KB
MD5d144f3b75eec7213ae40479e7542f106
SHA17506cd020c9b0ab3341a58947cef9b703901ba29
SHA256ace9c58cecc9ddef836e2b2ae3d400262c790865544b1a94ee2b2e374beac70a
SHA51217a61976dbfcb21eda286bd63897da8403af87586dbc59a4ca30ea3dfb34825b488a3eb7600c3988fd5749024debec225fc853ca93035f63606717db633051b3
-
Filesize
1KB
MD5ec513979385fb623d8478a5f07c85f43
SHA1346f471090723406e304c9727581ee36d07d5737
SHA256ca4bceab1a62adda2382bd0cc5360243f922a612af1f62f09f2d5519ea303a11
SHA51225ea1fa5c47856ea450d7b095dd42f6d444c91207d9a97bbfc6d75f47eca68cf2424a6f25cb775c1574dedbd4adc95481a7bb9f0235e51fc76218114a10cb347
-
Filesize
1KB
MD552e2da778beea77a3de8f1e0aae322bf
SHA1afaba13ea671e395826452d06a7cf2b37a609c7c
SHA256e2dee90ae6454b86e3ed333790d8defa46ded228e927b4557256d30d2f4c143d
SHA512abe4af9606d8796d66d8d5982449ead55a1144d6bba2bc338d1a970311a97e36d7c9f7177132f9b124fe636be3a37f509ea51d86a10101b5e1baf886e1783b9a
-
Filesize
1KB
MD59dc37ca10a1717823c867285a2718a54
SHA15c06ee82d1e32ba87fa115c7acf4e865d34f5305
SHA25621fc7d7e7b5eef6ec4006613de0cfa61d3c89bc6ebd8bbfcc15678f93f8888ce
SHA512ce74b46da5b265a8d4c597ad869b73950e6ac60166ad17c946f3ecc626f593de6385347fe75c323f49aaa4983883ae1e5f54ae667e783412d6f854148a7e4648
-
Filesize
1KB
MD50eaf35cd868dff18daaeab141c44c4ba
SHA14368a1405feff57397a439d771f99ff7af6f9eca
SHA256acc4cc62cfe4e68643e2fffd28f8cd09481abf3f302d443d0ce10d931d3287b1
SHA51203ad22402e1ba0bcaf73f50fd8a6b0eabd34f950eb61c30b546c02c764df44fd6f9d02079c00a6846fe1ea9499930b71dbd4c7555249bb67f209ecbc1d783e8d
-
Filesize
1KB
MD5a2aaba4e92004a52b1c8d1024c4014be
SHA1435655cb437e3427a68d52984cdae1087d3b562a
SHA256f2ca2c2f143a31ba18e0e41a03cfc932838b34dd15b4cc35c35c289f77b80092
SHA51292ec0ecc141a42e29e5db99eb3042d73b91a8bc9d0d3bb7c9a12e9af60dc6d04e89206f714458a09dacbefa7197811b1892cf19ab1067462676c9af01eb75a6a
-
Filesize
1KB
MD5f21231846953a514fc6e90a161e816b8
SHA1522d8579c19b31b5513fc9a9c6c1336cf1fc2085
SHA25630b300050caa61f2212a38824e759346c9efcd77690603cc13ac36b6d814e350
SHA5123f795e32673dcbd6bdc92b1dd32817fcc6aa1bbe51529a71acaeb14b7e47421925511e6f90e174278416806750494609c5f6d8e09b5b28f213e39234c0c3c9a9
-
Filesize
798B
MD53a5c16d2c7175eb5f8f138e5723e35f7
SHA1e0c155d9fdc46c096646c2636c735e2b988a3e0b
SHA256415f5ae65263f6fcf026ebb1137e0176c9cf6e5c8c00087dccbabce4f66a4c84
SHA5123879cfc121c889d1546cc07184c97137981122d875b3d64d206f8bed346dbd24e8f55f37d06a1a7154b5500eda72a96c8741fbd439ddedd0e2ba76acfa5c7df1
-
C:\Users\Admin\.vscode\extensions\.28b0879a-1de2-4044-8d2b-5053ec3c3d09\dist\node_modules\node-gyp-build\optional.js
Filesize143B
MD545f60a072ff4139cd00b0460e3b277a9
SHA15899cfd1b83f050ff6fab2fab26c7f0012393abf
SHA256e0b3a3a04166e6ecf1020cb31c0c4a54432c16d6d88714bd4de2214cf67dec81
SHA5123a56c99b00a1cd0cab8fc5b4ea47346252be6dbc8075374fc352cdc963136deb9081b43b65106b7fe6e8f826c1deec7a9bbc2d34d726a7a8bb1993192e7ebb64
-
Filesize
80KB
MD5ccf01cc61a43c7b4f8fe5bcc2701a6d7
SHA179dfd1aadee6f64dcfaf5cfe8092a6e6fe056eeb
SHA256011eeb297fd340ac63256ff4d56b43810a1bf38c14287ac02f4f540de06084ef
SHA5127a15ec503b161663d57b7fc02d82981ef1db08ddfcfb0acb82f8676414bdba58f207a116fbb787a6f6c2164902a5b4872d87dd124ac9a09f6ee9bd853b177101
-
Filesize
5KB
MD5fe140417cc596ac6e93f972be2d72c3c
SHA1f26ab6c107f0bd21d36987644480dff16265e15c
SHA2566e28ae983d2cca5979a78130a4332d760c011491f8f347834753be258af04bef
SHA5124f7e98852e703e0be8913e4d7e2fd68f66b83b030642029228d87cbd0c6d30e7921fb9bea875d04a0ca124a2b1c6d5e3fcd6f98556d8e0c9bf5db2af08ab2814
-
Filesize
56KB
MD57b7d08a3a76b548d16b74b352bb0905e
SHA16c9c58fe9ea50b3b9ce036a847e5d4e8e37b6eb6
SHA2561a5fce9425b4ad6426ed9c62ab6458742bac5af88d3b4ec8433dadf7630841db
SHA51254e481c74ec40b14ed59608c59168afe80fae9163df90891e7857122b065d93d23632b36c83d6e67734685df9f63dfbaadfedc6fdc3d09a30705b8ac1b7f0e4d
-
Filesize
183KB
MD512636b09d298716aa06002c28f4b8478
SHA14ab133f5fb1c464619d712d5a9705fa8f81e5a5e
SHA256197e175f2985e47b8953b4085fab5bfe6704368d53cc42ec72d347cda6deba26
SHA512507bd682e4f778cad8504f5d7977a671250687708c4cc461dffe4248c2ddf90fd0e5ca69cb2ce8858d5610f01fd9920f997fd3c343045495697ee0e32373d096
-
Filesize
4KB
MD5e3a28a029e7aa8a2b707cee970ce7375
SHA112da2d9dfed5ef3342b8a77ccaea34376ef7178a
SHA2566859a4f95bb0818ab0ad2feb82c541433991c2d0c68cc7be0b0af2f9937b01ce
SHA51298e6b8be68ad92dedba6424a56f83d2e964ca642eef08b5bda0d6c929e72d122fade107e1eca44bfa563a4ecf2331e816a3d8cbaa92bf2da1a5c73b0eff51e4e
-
Filesize
7KB
MD5268f606947c81650ea8f9df7a43a28ee
SHA1a5673a4fb8b79ea57fe8ae18b38d6e87fbe98434
SHA2564267afafcf2680a762c958ba406d4f0eaee0d6e8486211339925ec9125d5b62d
SHA512e5d262cbcfabda1a7d74a890e679ee31329816a97e508e5171dc613cb62e0ddb93562514b1fefa95444fd3fe6e572cc08bf06ca93c051e2f1566810349562350
-
C:\Users\Admin\.vscode\extensions\.90bf9795-c565-4f3d-af9b-3f17a5628d1b\components\VSDebugCore\platforms\win32-x64\node_modules\@microsoft\visualstudio-debugger-devkit.win32-x64\System.Diagnostics.EventLog.Messages.dll
Filesize782KB
MD57a44c33341844dbe9c6fa526af88e80a
SHA10acabd100f61a2f8b3c5e68a270599ad54eb8a39
SHA25668f73ab17fb7f4aff3d35ef6db0e9d5b0fa0151111cb3d03992e23bc29d6c40a
SHA512b81d63b345c193c6def17372311447d305ae167b2c4d1c2fdb0344d1e1ef5ff4f9d52599ffd862b2480825b308178737df7e5e48c31e712339f009e92b6eaf57
-
C:\Users\Admin\.vscode\extensions\.90bf9795-c565-4f3d-af9b-3f17a5628d1b\components\roslyn-visualstudio-languageservices-devkit\node_modules\@microsoft\visualstudio-languageservices-devkit\Microsoft.VisualStudio.RemoteControl.dll
Filesize45KB
MD56cb13f8583d2e8233ae62f6eecf1119d
SHA1af6e4b394f071f522e588f9992937cdac251d2ce
SHA256eb198ce1d61f753bf77ea2b746310677b9a5eba026df0d89cca9ea1734206ac7
SHA5126203d203d8dbac28d39715031f32e4e020aabf703053f7ea653f66ac62279c5a482992d32bc2718aee96b2c1c7ba9dbe7d760b17d1e991623679b0ba20b53e8c
-
C:\Users\Admin\.vscode\extensions\.90bf9795-c565-4f3d-af9b-3f17a5628d1b\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\servicehub-controller-net60.win32-x64\Microsoft.VisualStudio.Telemetry.dll
Filesize1013KB
MD5dcac1cf9b0010019f4076de7b9ec7931
SHA17f31e8b862edfbc8ff7e86b6e9bb234dc38297ca
SHA25655821ac675b388f0031c3f05a4f8bdfeb35a8a97067c9cca56fb13aa554df65d
SHA5125bfa1754677e94b6fda119953840846686557951383e29192287fb7b78c7ca558ea7495ce40a8490ec603af17825791f88abe94f15cc30ac0ace5a247df52e6c
-
C:\Users\Admin\.vscode\extensions\.90bf9795-c565-4f3d-af9b-3f17a5628d1b\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\servicehub-controller-net60.win32-x64\Microsoft.VisualStudio.Validation.dll
Filesize35KB
MD50b1d5949c6944383b1ee896c5e13d08b
SHA19b218dc4e6e1b5194c1ce05deb1abf434c6147c8
SHA256cc08390e5e26ddf7284e673bc744bac25a3bbb755a238c7c0abea7184ac527e4
SHA5128be3532e574019d507691ae6bc306e217db8acf71b4ae118800d4e327ed98ce78a182300d8d83c0c160ec842fc21199aa3163f956e6f172df041dd3f59280fd4
-
C:\Users\Admin\.vscode\extensions\.90bf9795-c565-4f3d-af9b-3f17a5628d1b\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-server-shared.win32-x64\cs\Microsoft.VisualStudio.Validation.resources.dll
Filesize14KB
MD56d64eb21e28d7da0951ccb11d5a111db
SHA131871e11da20d0fd27067bfe316e39e83b48df6a
SHA2569e19f8cd05575acf7d590f24485ac44f68d69efad170723c17ec5f4e10b92cce
SHA512e10677003bfbe68155bbabd663010644be46449c05a609cf0cdfcb14afbe58b9b5125b2b1f62e5697b4d36cbb40fe75ed016911d5fabc804db4cc9dedb8e505d
-
C:\Users\Admin\.vscode\extensions\.90bf9795-c565-4f3d-af9b-3f17a5628d1b\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-server-shared.win32-x64\de\Microsoft.VisualStudio.Validation.resources.dll
Filesize14KB
MD56bdbeb8494c6df5ee482065a9d7f0b1e
SHA176f901c49a397a018d81d32a5fc0d1debbf61be1
SHA256163cdc3ecd1f65b462394b4dfbdf8ff17d834a949bcc4593c99e49f04f5eb584
SHA5124ab793f5c07fcdd5718658187efd66aa46e0cbbf2ef92bf75c17aef0dcdc7f809c43311db4d3e06500d3a01749fbb62849a90c38ba8210b71659bce3ac2592cd
-
C:\Users\Admin\.vscode\extensions\.90bf9795-c565-4f3d-af9b-3f17a5628d1b\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-server-shared.win32-x64\es\Microsoft.VisualStudio.Validation.resources.dll
Filesize14KB
MD50f92dd2019cf7222118e8b5d9409a328
SHA1d01114e9522b45b6893e8b73c8e620d55b960581
SHA256d5f1bff4e7b51b2e4d2eb115b50f9a4c719787d75c396cae559b66c22f2acabf
SHA51291d8b987d70c75fc75da3188af600b5786d94af66f1f051cd76f93d18090b91448dbded1953449f277833af0140276694fd1620725f373d190c708b45ad0574a
-
C:\Users\Admin\.vscode\extensions\.90bf9795-c565-4f3d-af9b-3f17a5628d1b\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-server-shared.win32-x64\fr\Microsoft.VisualStudio.Validation.resources.dll
Filesize14KB
MD51299df7f85b8abcc8205e7f968e64de5
SHA1b9d72bdfda7a07477a7b243d8de246b751a9d6fb
SHA25635a8fe6aebd5c08b5804fb76569daee301defa4d7c94fd944b44b33b1d19cfee
SHA512008c131bc1b143a5d6dcf138fa553ad5e7a8a19fa517f1268e65c5c9d8a1b022a0e4ca24c304faf9e6fe486a1e5e1179b70c449d8749bdf17ff91693d183bb2c
-
C:\Users\Admin\.vscode\extensions\.90bf9795-c565-4f3d-af9b-3f17a5628d1b\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-server-shared.win32-x64\it\Microsoft.VisualStudio.Validation.resources.dll
Filesize14KB
MD5e96afcac956de57a60cf403431a06b9f
SHA12f9fd5621e9d50259a02cb81b192b26f40364a3a
SHA2566c57467ecb7c8c8829808fef07ae46d5257656b7980e40689f953c5d73ce0bae
SHA512a484ccb5b4339af6a06c623cc8ff93a331ead98c415f7dde2cf376f036cd3ec6de4fa0a6ba142febefa7969de2ddcedab9fe2407a01c2372d33007d2651192a9
-
C:\Users\Admin\.vscode\extensions\.90bf9795-c565-4f3d-af9b-3f17a5628d1b\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-server-shared.win32-x64\ja\Microsoft.VisualStudio.Validation.resources.dll
Filesize14KB
MD537c3387a524c942bc21029a532e0fa88
SHA1221d9cbbb4f564c58c783a357743f157463a5ec9
SHA256943b1b0b5b416b087a587346bb5490b517cd16df557cb32dfb43ee7549e42367
SHA51261a63591bd41674c138f3860f6cce94c009a97344432d235f11552820462487907835d200408c947af948fa576f09ba073611017d14d9006aed8597132e92765
-
C:\Users\Admin\.vscode\extensions\.90bf9795-c565-4f3d-af9b-3f17a5628d1b\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-server-shared.win32-x64\ko\Microsoft.VisualStudio.Validation.resources.dll
Filesize14KB
MD5f7519010d92c7e3bf6dd25032575fd3d
SHA1880ddbd3252eb830bac8541f8254743df8d2a050
SHA256839f5cb03cf6dd364ee40a8e5ba80a15b7c3b070947a9d5e43217563f19f4a49
SHA5123b5250666254f87c35fa3e730e0d308613b01fe35bfe42a31f00c5113fa84efac47a226de3a6b4b8428ec9f264fd7202c426f509de6e10b6ff6d5b95e3ce4efc
-
C:\Users\Admin\.vscode\extensions\.90bf9795-c565-4f3d-af9b-3f17a5628d1b\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-server-shared.win32-x64\pl\Microsoft.VisualStudio.Validation.resources.dll
Filesize14KB
MD5157fea4ff784a1a3c450aaeafc808171
SHA18eac216d168deddf2057d3dc032a2f12559574c1
SHA2561e018a4bfa279657bfaef3e2960bc375614013aee4fa5324d29f8f14ef72f0d8
SHA5123c65075e46df5fa1a2a1ffc956f8846d313e33e7cdbc1f6e1d71c325d88eb0649b5b36f3e61f2ef53ba6ecf75778ce4c766a53820b0cd2e85fd4833545e77192
-
C:\Users\Admin\.vscode\extensions\.90bf9795-c565-4f3d-af9b-3f17a5628d1b\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-server-shared.win32-x64\pt-BR\Microsoft.VisualStudio.Validation.resources.dll
Filesize14KB
MD5f1d96fd5909173972c661a1d8fe629db
SHA163bb82d04ad575feb0bf508eabb3e23165a33183
SHA2560e6fb3b7734bb8e34610156af5bff71bca3825f050479abd0b4494ca45b3fb59
SHA5127538ad0e2f418e0d671e5157b9ee72d3e35c7d67b8bf2db3aabe3a7fa7420131f0e3da5d38a4bbf48523b37e06d05a1a565bf1a3ff6d066482235772ae893a57
-
C:\Users\Admin\.vscode\extensions\.90bf9795-c565-4f3d-af9b-3f17a5628d1b\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-server-shared.win32-x64\ru\Microsoft.VisualStudio.Validation.resources.dll
Filesize14KB
MD5da5d932621691d0a43f9c41589bea612
SHA1af1c2d722c25702fd21dd94b1835febae694537a
SHA256dd274a178c9a7648dfc64b2e58a9e0fa4cf62bfa24d5d54059f1689c29e5d4fc
SHA51246621a0243430ae4e02964fa406f716d654c5a2b2fc9a1a27fea13a8fb17b06c6b7aec8445e8434e7880d68f30f91b8a403069fe1f918900901ad4cdda8dba71
-
C:\Users\Admin\.vscode\extensions\.90bf9795-c565-4f3d-af9b-3f17a5628d1b\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-server-shared.win32-x64\tr\Microsoft.VisualStudio.Validation.resources.dll
Filesize13KB
MD57c15ca39fca7df71d62c46e6f03389ef
SHA15a9fb6c41989821e3ff4a56e3c0a875911ca947f
SHA25643884a1eede7a9e75fe194c64f72c4ab19c88a23af8de029ed6ea4b5be913333
SHA51258c855d7391e8769d9451834c5c1ce49d238ce5aeb560ef5473fd09aba4668ebb9920910d0bda632574033619e80fcc4f1d76fa91b096c9435a8e742bc250d93
-
C:\Users\Admin\.vscode\extensions\.90bf9795-c565-4f3d-af9b-3f17a5628d1b\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-server-shared.win32-x64\zh-Hans\Microsoft.VisualStudio.Validation.resources.dll
Filesize13KB
MD5eb7953d05ef1ce51e790708d42ee5d18
SHA16159595dc609dcf3b08f76b80bef7145c2a02319
SHA25658273441dd72458f4d40f80569321e498dff19dd02b6ded98ee70fbfa25b6e89
SHA5121f38629a5c0ebfd143734b50ace90d0e9a8a215a5d887af3185fc4a175736f3266ae6ad756bac0da012e4b526e49391fb732c820e0a315ae5c394d87fea270ea
-
C:\Users\Admin\.vscode\extensions\.90bf9795-c565-4f3d-af9b-3f17a5628d1b\components\vs-green-server\platforms\win32-x64\node_modules\@microsoft\visualstudio-server-shared.win32-x64\zh-Hant\Microsoft.VisualStudio.Validation.resources.dll
Filesize13KB
MD58ef011a0285333d0eefe22d5aa7a1702
SHA1b677d16e7f8496fd2dc22fdca249330ef440a788
SHA2562b05088124da6ef40b805f395ef901156841e1480e50aeaba6da2e2526973c32
SHA51247f5f374b63cfca33c8c61c3ddd8925861be1675013fc1aae1538e53b45fde5f984354e54d4a939575a8a30f52baa784b3b578db6944153a8d715c5e3a9c661a
-
Filesize
39KB
MD5224dce0128c7e3ebe8ed65c884434bbd
SHA12cce46536d31bdaf39a355f86c448a77673201cf
SHA25659fb580aa11d6992dc4fee86a4894cde6cd3f4c582a506c7e8a882206e55142a
SHA512bb1ce6b8483b0ace74b01d9e9e263a65cb3a8ef9c6bd9e6630d98707ea4b8a82734f46eeca49febb1c20e4ac1d82eb77a9b0378baa50e7f26f802006aeb87bde
-
C:\Users\Admin\.vscode\extensions\.90bf9795-c565-4f3d-af9b-3f17a5628d1b\platformignore\.vscodeignore.linux-x64
Filesize53B
MD50ab3390277bd05ed0c6c26baadd7ed9e
SHA15dd05406d261e9d4501cbfe3220e4ca14c615e1a
SHA256f674bcf876d592b83a9ea7b732fef810817887b482819fa2b8f6979e960f82cd
SHA512001bc2c20ddc679a9bbf9378e2d0b3a0716b110881203c07b0156714da286476dd6139097d9c23e662f1afd6ebb58681408da98a837b5879a118657d9f15822e
-
Filesize
5KB
MD5fca229c4d76e97421558dc04802ccd77
SHA18c00464189697a1a6677b245b535c9da9b9e6f69
SHA256ce9f1e0973e96847881e86b2372393a29f45c7f3fcfd916a5772983a4212ccaa
SHA512d857f61e7981a2d414bfc46663c4ba0dba82ee87cc03aeb9630af84dd77a0e29fd3380c8d3c84ee8cfaae76be7a14bbcfd066bdda791fe035dd07b254eb50145
-
Filesize
772B
MD5f4948f6a5fa08e0af2f38a21fa140f62
SHA1f7c70246ecb51c6727d7381fa1a8f175cb71dfc4
SHA2563afbe58a03a2f0567ada954d8af8fbb237570ac7cd10bef62dbb1ede7508068b
SHA5120b7b6c289d5f80e8bc527ebb884658c86acd4319b1d4ba41d656e9c4d23d24c6b7062f773667c8370ada380880ee89ea9a2bfce9f334ff85fb7cd1fb1fdbcb48
-
Filesize
195B
MD551bd7d9fd02c29f1e7eba52ab3b47658
SHA184c4a0db1d4c28bd2f4d89209bbc96e3832a1dc4
SHA256881340fc65a557cf93dc53e1ae041ecc9c4d2b4b0fc27c57419a7e2fcd232feb
SHA512fda9a2c23971182a17ad0fd33ee5e05303798a4217632c743dcf64368537cf37b9f629214e2c47d48f0e6507f5c0b9ba046e1d99953aa24e5f6ed1a15a1297d1
-
Filesize
1KB
MD5b7244261ee19497082edf33bcce64717
SHA1a5cb71cf8a1c93f26fb88fd3b97d6989399b01b1
SHA256149773411caf2c59cb1a6bfb2c6f070d1d054f1f018e7a80be319a8c384eeaf5
SHA512c473ca9974f9d94e09f9be81242023fffd40eb7388c3dd75ea14741a78080730b25d978d6cff8f9f356878d80e493d7565eead0875bc7837fb6e52bff35f8dc9
-
Filesize
642B
MD51cd32f29832d11bfe58b0d9e9348748f
SHA11550f6f0d343a8d93ede4af18ea7e7fc3410575f
SHA2561754aa9ea594f953c47fc329baacb5ad23680a1685d3c9b272966cbf29180003
SHA512d70f1d429e8a3a46cd15d89dd892277b0ae139c2535b1b7a3e0e1271d9ddcb49f666bf469e4c596c444ab06fc1ebea7aeaa2f2a1194fa58331fadb2190360f84
-
Filesize
856B
MD56e31dbfdf3338e335a261e98dee59939
SHA1843c5f3f1210348bda3a63331e293c29d4675d4b
SHA25621cbe0e80aeac39b624c64eb4facfcb6b8e18ad276b3b2ba5b44a49d0c4cd222
SHA512a26e9e995a8b590bb49d27ca6d233f79b58877896347c92256d49a40a7aa2d63951a38a3973798d51a363dd7c6114b29c0da56eecff89f6b9770ed77db89adeb
-
Filesize
73KB
MD509e7220d3f55e4f4f8e5da85d595c64a
SHA1b2c89775749ee89db2965095a7336be2f5c52876
SHA256378915a76120c25b97872ad24b0881c95b112d25d70beb625da034fb7a5d5521
SHA512621cb691823a81cc3fb86f1a3670abd2b53a5c08eecb83b7ddb09f099d680a4700cdc0e7d58748cdf50ce91d0fa9a9abc0140bdcf1ae236eb0e5f43f235b5cbe
-
Filesize
48KB
MD5c753621289252c68eeca551abab55fe2
SHA101de8a07da3cbc1329b73d2c8ed69dbf3b47ff81
SHA256e025931d75bd6ec3c9a370c96cc177a366e4c4f2621ea76805e7bb914b19c3c7
SHA51260752677ad0c597a03c49aa6ba52b0ef8ce496c1f0a02cb5286384808aac1bca12beba8f04182fe21e372e905a19df4539406e7765a8a5efe07a062817cd8388
-
Filesize
2KB
MD51cc66d68a1a94f2c2dec17bcd0945314
SHA137afc94289408ef527c486c17fefc18bd1addb9d
SHA25616709f28b99ff966ca187d6825e3ab24dfde7d66dbc6d7ebdacfed27be329f04
SHA512eb8bb63d83f32392b36055b4c7c57c635cd065590e980bb0696cafe0a6f1caa712132e4687492b4c7da403cede9c8e9a67465f8d039c007932456efd8738f18b
-
Filesize
36KB
MD533222f0e105ba1d35eb16d98be89b8c3
SHA101ddb50ce8d26341a3f6eadc4594ff0aa46d6b77
SHA256e38da0573c402cfe2089c037746348dbe01534e8233c59eef57de72a7e9cb5f1
SHA512ee89fc1d337b04d208ab610029a32d5716ee0b073454777ba5bd3dcd6d76c5bd621ffe535d9cf1decc6ad9d022e889bfd548040bbdd7a3b579813151f14a7b3b
-
Filesize
175B
MD5f5e409850212ec41f4dacfacd580ec9d
SHA1cb9fee7c8f96b88c347c3ca5fe4983874ffb088e
SHA256bb2c5ff3d96f73e3b57eb2b5c11b20ff27642e1f05a8ce84d44d8fc4ef217887
SHA512e9c98a405af14a796ec0565ddc0a12c4d68a199ff036263f6c92dc485350a1447244a7dfe9d7c9ffc11100c2150e5cf1c2f2c8ad1d5d9524db834b45c224f054
-
C:\Users\Admin\.vscode\extensions\.e0c0ea99-7ba6-400b-aa39-3a6b3c145cdd\node_modules\rxjs\dist\esm\internal\types.js
Filesize44B
MD5099809e5f2145f0123c3f8e4d76cc2c2
SHA1c35aa924b4949fe130aec09514894087d9b9f246
SHA25601ae2a5b120382f9a648ced7ee8507493a134f216d100fc61600c6c9738235d2
SHA5124ac6c4048369e25574a3915fad7588ad17ae81c18ac07af75a62c09d417ad00b5cae5bfe0cbbeddb97fc70492f3e0d52c24ba8129fafa6458948d29c3edbc551
-
C:\Users\Admin\.vscode\extensions\.e0c0ea99-7ba6-400b-aa39-3a6b3c145cdd\node_modules\uuid\dist\esm-browser\index.js
Filesize412B
MD52475ac6b0616310517c94ba01c70c781
SHA1974a8a76d782c517c8b77a04c3e69232a00af96e
SHA2563efb8df8c64379c5acbaf0b70ce1a1906375f4b53901b7e90a26863ead50fc30
SHA5129f8be07d86c8ad6965556474b3f06939a7116d6f52e00d92f4d5a3d9d234b8f035d6ba43d4c6abc9b949d03c809d722b0967b9899d92369a3dd57acd2fdc034e
-
C:\Users\Admin\.vscode\extensions\.e0c0ea99-7ba6-400b-aa39-3a6b3c145cdd\node_modules\uuid\dist\esm-browser\nil.js
Filesize54B
MD54e11e9db5e5e611dc4aecf872d5c02a3
SHA11640cf64e259efa87dd2c035b06e99acd54602d6
SHA25640036d4ffe78154827eedb9c1b3f59f660722907389725842bbc178ba28d2241
SHA512a3c721712d9725eee31c2694372b1453617fb3427e2a96e83d505c67a0bc304aac01d96a087093c493c8b94f63b244fd6cffa96bf0bfb985399e7f2b9b7c048e
-
C:\Users\Admin\.vscode\extensions\.e0c0ea99-7ba6-400b-aa39-3a6b3c145cdd\node_modules\uuid\dist\esm-browser\regex.js
Filesize133B
MD54b8725aff0f569592b9f518ba1e4a266
SHA1d215f4840055023d90cc60655de47399d2283733
SHA2569a546763c108d7eeb7283ce26c7a6845a44bd67132005eb32fd1feeca49d1b3f
SHA512f6accc5bcc6e67711ccffaf6ce766521c164164d25454bcdaea5d065d91190e09ae9c4e59e484913c142a3822d0d8acdd75ef791ae79ee26acbc6eda6ce601c6
-
C:\Users\Admin\.vscode\extensions\.e0c0ea99-7ba6-400b-aa39-3a6b3c145cdd\node_modules\uuid\dist\esm-browser\validate.js
Filesize141B
MD534b4549359ef4b339dc876e1a7ce633c
SHA10885effd274ec2947af6e81c8ea77e81d3012348
SHA2564a782f41298704c0029c245203430b3e4511365bf05a3addacdbae59d9c664fa
SHA512f2602a20d90002c1769176493d24fe5636a9a294c14b34311d05eaf35fc8536964f8c197128aea3bfe968f19ae70a5ff11ba9ba81ca8dc0678707f3c75be213e
-
C:\Users\Admin\.vscode\extensions\.e0c0ea99-7ba6-400b-aa39-3a6b3c145cdd\node_modules\uuid\dist\esm-node\parse.js
Filesize1KB
MD508869a724acb259405c9768e02bc2c4c
SHA149bffff3e202173b2ad17ddf7e8cec8581b88177
SHA2562743e5b696fb15df389cf3b1a242e56780f7941bbefc23465529d30e851b80f5
SHA51247789f24cd224ede4845d9bacad29d393b191746e5bf105c5661a974279c89780d1593285cc6608ef56e12ae777f7a735e174dab8f032d085ae817d7b33c0b6d
-
C:\Users\Admin\.vscode\extensions\.e0c0ea99-7ba6-400b-aa39-3a6b3c145cdd\node_modules\uuid\dist\esm-node\v3.js
Filesize107B
MD5c1992e63a9499078506f261711d65084
SHA1b5cff633ab724a1cd47a867b27d5664eeb0906d2
SHA25665b963f24922d433fdc592aa4e2764d10fad59351015bbe5fce0830fe389794a
SHA512af21a802d67741d59db839d551cfba8a3edbe29f4333fefe730bbc59f4297744c599af033f6bef4c5d2a5fbaa91c8b5024b4d8364e50c164d586b81e6ce37680
-
C:\Users\Admin\.vscode\extensions\.e0c0ea99-7ba6-400b-aa39-3a6b3c145cdd\node_modules\uuid\dist\esm-node\v5.js
Filesize110B
MD5d8e175911cee9eba95683c585e88c153
SHA142ac3161baf99d925c7d0b078a6fce1367708892
SHA256e9e8d82440c23fc3de56f8acd5a15b1ca2daad6bf6d2e7c4a4b39d04384206d3
SHA512613173afd1097c8156e46d6f4c5d3b2beb52b5294ecd77b1739e3378dc384ae157b64cfb53ed55522eccb8121c6048c90bfbd6902376bfabe54ed30a59b83a28
-
C:\Users\Admin\.vscode\extensions\.e0c0ea99-7ba6-400b-aa39-3a6b3c145cdd\node_modules\uuid\dist\md5-browser.js
Filesize6KB
MD529005f15e1fc52671c2ce0589723164a
SHA1d570731c6f802a5491fc8e868bdb6c12534de718
SHA25621a4e167b7ae498e8f3778bac8d7330929099006afca6adfe76b626e0e41d795
SHA512a62b78c557c26f1289b9a4748c80f516e5384a97d56b7bc3ae7f22cc504b475c056e3a83c03b57abca7bb01e55b8f9bd620560c70a5c5dbbded6b2a8d66d01fb
-
C:\Users\Admin\.vscode\extensions\.e0c0ea99-7ba6-400b-aa39-3a6b3c145cdd\node_modules\uuid\dist\nil.js
Filesize188B
MD55d7f0b265fc2600803256f57a4b61dc0
SHA15b24eb8c365ac9d39752151725f61d57ef5b782b
SHA2567395bd919bd1309bcbced245a59dfc6b077f97992a482af2537343e558795b1f
SHA5121e0a8a5c6a70d5d20e5d623d8e079eb895cbff9c9abf93fd0fcb02ca61d697f93e9a678d13104b8f6611df387ec26883ad71e31f2c44f1d42aaefd7fe98daa8e
-
C:\Users\Admin\.vscode\extensions\.e0c0ea99-7ba6-400b-aa39-3a6b3c145cdd\node_modules\uuid\dist\parse.js
Filesize1KB
MD5946313e5d82f852714963af9b3ec2ff0
SHA18e3381acb69847bca169b0a103f0541b69f3b50f
SHA2561a87ed6a6bb0a3edbe266ca55aaf1c5af8e963ee9486f74b59cfd615280b21b4
SHA5120af496edfea5062fe9ae9423e942a45700ea22143dd84c38a3bd00c8d8d189d885c512f4fd5f92a1b9226d597ca27dbc890f265b298d13edc80ec4374bee0431
-
C:\Users\Admin\.vscode\extensions\.e0c0ea99-7ba6-400b-aa39-3a6b3c145cdd\node_modules\uuid\dist\sha1-browser.js
Filesize2KB
MD581626210eeaa0130bc86a4d648e5ba81
SHA1dffe8dd91e7a4b67e76f3b5b281fe6e8e26435a3
SHA25632982388b377b06298f59db97c98077f06e6b4f29fe284d427195a358a72f19e
SHA51262983ceac0cc4dc27c5543bff3f7c17a43fc5843583f2d320be3a3e6e8807911733b2c97e5476f3d0c9090a4d082723cc84f5bead3b9d58b65b5fa13fc51e1b2
-
C:\Users\Admin\.vscode\extensions\.e0c0ea99-7ba6-400b-aa39-3a6b3c145cdd\node_modules\uuid\dist\v3.js
Filesize414B
MD59210b2b909606bd64a2f1e3c63a3212c
SHA1fe62d67000014a15ec772b1c4cbb68a82b66a72a
SHA25695e0c6fa204355c6ef7dbac5720a3ef5239454ed6820674dfcc143a55ea6c459
SHA512dd850635738d159e43e10c6b6b2d63bea2f12ede46a90870d7052d208874b7a597e12766b4a150da842e4107f0f8a1c8bf98fe2ec08c9e76874f6ba6754691f1
-
C:\Users\Admin\.vscode\extensions\.e0c0ea99-7ba6-400b-aa39-3a6b3c145cdd\node_modules\uuid\dist\v5.js
Filesize417B
MD568ff0be9de9e8fe45d83255ec075a7e4
SHA15a33d4e2463f7a8312cbbe06801fba984012a700
SHA256d15c31975f31b9abf6a195e70a3dca0843a9257cb51b49214cf7a9f4ed30fc5a
SHA512097655814dec389468c15c6be02f5e33ffa25fdafe9f5c000ef3766b0a3976e86bdd07700e0950fae864dcab7fc5ba9d31f39a88af2a0b15277b709b31e2ac40
-
Filesize
24KB
MD5289f812ddb30a32560b0bbb4174125e6
SHA1542a3002de1fff03a02c902208a7d2abe6441162
SHA256b1d8aac749dea0b5d2fab7ed0e703042ea16e4982cd6c36d4efb455247801cab
SHA5129fb579c212d112b26f1fe1734bd0ef06fd42c1195850a69f8436e08ed115cea83ad243227182304e2bd8b7624987df87c88685a42cc4ee6198ea835abe8d10bf
-
Filesize
2KB
MD50d575483100c332b2dbaefef915bb3c4
SHA1293d66263d63c67ace21031aaf4d75fcd8f197e1
SHA256830e94b83c3b6f45ceee5609de6249b2125927f95532e68427f09c99eed5e663
SHA512b7288e04132f5ad41cf6c290a0ffd0d5a24a2a6f1d5e232b416c61cfebd07734ad4ad727ee4a0ffef5076f9a8169e2e439fde852cfb9e9c360cfd5b5718f5a35
-
Filesize
7KB
MD566acfedb399168290ea9d3dac19e2035
SHA195aa424a8278477e916448bdbcd2cccbcb6d93a0
SHA256830158c21feeb67b9ad39b65420e97b189ce09966e373cd7d5b3d2587c05fec9
SHA51256272be7e10720390be211504b0a9e455d6f79be960e32ae2e2373a377dc4849bf65aa20469e84a5454c64dae8ef7312d5ab617edc77659180e8e905f9f0f442
-
Filesize
2KB
MD52d33a71bed73d6daee78e2d473ece975
SHA192aa82a95733964591f06befa1138f0afbb9be8d
SHA256430987b8c5f30c366ecd501bc344c8b29b6280e8a10174376a769f7443a187cd
SHA512b9ba74a911a2e0630bddb1cb9b9a75a24cf6af2b7378b4216e3a9fdd92f9d12a247b98593295e20f3f9ea3d6453e6d487bff9d993258b482909af771444d2ac7
-
Filesize
3KB
MD5102998261720b4e5735509da619d3b72
SHA19c7f4ee1c2cb0bcaf1ecbd23e4dc28c1c0d438c1
SHA25639d5ee51d104cb025339c2cf5cd10e4820f0a43a8a5824baf42e0c4ba69785c8
SHA512b639e4552b018d748bc7c864f16386e8fc95574f8b6c1c6389455de3a0ad582bc3290f9d9be32a48b339178dfb9a525118b9aee92791ba6fd09baa78a0a790b1
-
Filesize
155B
MD58fc39a8b4eb9d2384ffdab1e1d692176
SHA18eaa0c3f3dfd09202535a412d670486c190817f4
SHA256cc1098a01f94255244c838a61f7c218d5efa4f6000ea83b91951bb3e8b3191cd
SHA512b14369922b20727f91a8a579b9ef569448005a6f3b24ee607909de381dd12ef2eb2bfa006604e095c35d3c8bebfdb44392e36a37e83187b4b15b9a76d6134398
-
Filesize
61B
MD5e861def98dcfa94a9d13e2ec9122f6f2
SHA19a1a1f1d16a9281354e08165c31097a7326c1d1a
SHA2561a521ec71b0339966a7b8cc39877dd4d9216f6eb6a6c4aa1423706fd85f28b44
SHA5124aaedbf887fc9070325654155b199580c4f2485d2aec59db0a2ba64c5902631fbde4285235291579b16f24251e4bcb2391cf9a25ac5e63f262f9d9a925a166c0
-
Filesize
833B
MD58c8396fc48a385723499a7b87ea54003
SHA1e314578335bd1021d9de5c049582231f18af20d3
SHA256f1cca7755dc88806807448a6d40d89e93e6a69c1d212d6eea05f3d80b30a712f
SHA5129001a3e8742bd5423b4e9491d647ca78ac25b6ce60e56cf595633897eabcbedd5622b53ea336fb0ac8e0d6757f3086de200195018b6dcdb6491ab1dd9ee5031a
-
Filesize
1KB
MD5a51981ca4998f08437737da916a92424
SHA1d1efd0bb1bce690a45a56cbb32779f48981610c9
SHA25640d0bd4a6ebb06d53d06ad97b01c791fa11df64ec4324d58cb93ef39d8b8fe69
SHA51275a0af92b684c706ccfd708a96be3a15fd33bd08d63f8f45371e83beede25c425111d6b88e160b299b2067a6e7fff488454f6882715611bce76f61ac59664863
-
Filesize
1KB
MD55b3acc901ec65b23c5044e2992f1ab5a
SHA124895f29481bdd45fa9c2e9bc5644985f341b68f
SHA25609853dc91a3e26a506873b1e13a57bb78a0f9b93bb49af6468621a1f4655e24e
SHA512a98201a32723585a10603414bee9cd2638052da2f50f85776ae0b6c0650c63dd968cf4b76a4c1bef01abc283c8197182f5aa56c1f02e81b43a7fd245e147f72d
-
Filesize
3KB
MD599f95bdae096cb28d49893e0e5f030d4
SHA10236b254b588114ac32fe7efaea01b40d027365f
SHA256321049ec152b88422faad3f464ca9111844d231ba20dc3a8a68e41f3a53f634f
SHA51238b8413e78bdb4544d595f1212256946c6fdd3ef6cdacdb0b4db528a3f4eba7e65635f03817a97dc320ad4a92bc2a5a0cb3fa9e5f8aca397c126dbd437c08720
-
Filesize
4KB
MD59499cd3e7078b472d7c3dd30c89ea347
SHA17fd16a1e944ce0b74af566a1d7a978c85e3855c8
SHA256873d0719d09e002ed42d6333e44656737f908772ae8c97b58b06b38d817e0bff
SHA512e808609967e2f41bc9ebf873efa4d880aef1af91b5c540b104c181dfc792a5b930bb4f073b7a56712950dd064066478f12046c79db652f8bec32b33595eaaf37
-
Filesize
4KB
MD507da8a20082a9f12fec8c0a593e5777d
SHA1d02a2070307f82e62271a4e504e2e6b1a165d902
SHA256aaee1dbc61f4ba3c0a220d6b19c37d4be1c7c13c65b6a231e7f60a45d02c29f0
SHA51237ce5532954b5c1721a3e75e0c87ae483925266faf9025c9a2226de674b1cdc8eadd431d10ceebf089786b49b7ccd3e7f941ccaeb06b20aa38c965b57ce7cd14
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
4KB
MD5cbd0043515c2967bb1459fd0536811b9
SHA1072eec59951512b256681e4758dd50c8f5b4a410
SHA25612f798a46ebbe837f3c58a9ca2eb7818ffc2bc5586366df40c560078a39b29ae
SHA5127120896c1df5d4922d282581d100ce90011ef8cb2ff2cb24abe05fbe9619f2cb69db8e4350f0caec9f4e5daedbb6e96dbf1aa1048919b9343af0fa395d1c2680
-
Filesize
3KB
MD5a28ad4c66106c8cc258621594eae50c9
SHA162deeeca8ec46559a46c55336c8dd036c126e45f
SHA25600dabc1e8c5e32e3b20afeed0ac8b778731de7cd6436b0b553bcb5bca7132a76
SHA512ffc4e93a5b7e82b6553b71d2fd01fd79ccf6958562aa167b2f7d632f53e0982c491f055c86c491d52b3b3bef162ffd1009285812d209bfcfd34b66b60d2b63d9
-
Filesize
2KB
MD537b96a518888df2c28030b5177c57c0d
SHA15ac86aef901c7cb41676ac4f24f6901ea6a942a1
SHA256afec1f737d729354307e5c6676431b07c583e126d58afb24700f11355f261e7b
SHA512cd875af76be23872abdda06627ff5a8fc824c7712f4969fb34a39ddf22c6d8f89368cffe2e0d7c1cfdba57bb51c08faa29ffa85abc84b3554e455316e9277594
-
Filesize
4KB
MD54048eaf1c60113db858809360aff60bd
SHA16eac79a01c82545d7879b2b9d4e163a24e28b91e
SHA25651f4426c4c411d28ef5e2c4273c77385c04c6b17cf634095a3213cdabda0a3c0
SHA512227d7558ae90c7cfb8f8125252133051841cfccc2a6fb876b2500590b1e709748fb348c66ee026a184502e05d2489c09d09b93ad6aca955457cd782e8a587814
-
Filesize
12KB
MD5eb4665ccc5710970ca5bdf33882f36ae
SHA1a67b8e5dee50b54cebf11ee56cb0e710bdcfffcd
SHA2563ab1d6549806878512bdd0a6bbe30e5f2625b0ccf4e8d50a93446f5051ef2b10
SHA512921346c03a99713640dbe12a7b01db5decd0238eabc5dc858f768371e4ae5fadddb05aaa7cd88ca83f0524b71eb30548a6da0a94958a5401101fac7fdc78c038
-
Filesize
57KB
MD51987526fd99665f9d66189673ae9c3ec
SHA1e8cf966b14449da37b91c6f7f2f9912012d99666
SHA2564810b6abd98159301eb8f63d4289b4256d86a29a9c699dd6f5e4ea6764e23e06
SHA5128353e98b2b07bb87f52b9d6da0e95682ea8493469e5aac03e8f09c13af33bc676108933007619c5beb5ae660fe49d889f8be8a1e13d510220439928b29e53caa
-
C:\Users\Admin\.vscode\extensions\ms-dotnettools.dotnet-interactive-vscode-1.0.5568010\package.nls.json
Filesize3KB
MD5dfb685a5b68f6b9bab7ea7b73c4241fe
SHA1dcac9fbd4a0b890e0a50d3d9c3f7fbcbdac51b08
SHA256c985402fe612d78d4d0a3af062ea27cdc0bba51f817566701cdad367a47f72d8
SHA51207c77d5b0251410743b7cad1e0f708ec2e38fbd3dc854632a198f9324aee08817d9d4427b8a85a8aa8b69c3b165f3807964ec78a7bb529d9d61e4c23bf5702e6
-
Filesize
25KB
MD5db9135d93a58df42588ce4a604df0868
SHA12270bc508483c4c616413e3c73c65944eb975ac6
SHA25626a77de369dda372f0ec1cb2b20dd484a314ba442f509d8682f9f39a2642e577
SHA512f4e61893b2065b06fe49f379aa4e9172aae56fe19748be8206d766e20bde14ec82dc6c6b5f5f455a606cbee992aece9baf43b35397b70458352f449f00944337
-
Filesize
152B
MD55408de1548eb3231accfb9f086f2b9db
SHA1f2d8c7e9f3e26cd49ee0a7a4fecd70b2bf2b7e8a
SHA2563052d0885e0ef0d71562958b851db519cfed36fd8e667b57a65374ee1a13a670
SHA512783254d067de3ac40df618665be7f76a6a8acb7e63b875bffc3c0c73b68d138c8a98c437e6267a1eb33f04be976a14b081a528598b1e517cdd9ad2293501acc8
-
Filesize
152B
MD5254fc2a9d1a15f391d493bff79f66f08
SHA16165d5a9de512bb33a82d99d141a2562aa1aabfb
SHA2562bf9282b87bdef746d298cff0734b9a82cd9c24656cb167b24a84c30fb6a1fd0
SHA512484a1c99ee3c3d1ebf0af5ec9e73c9a2ca3cf8918f0ba2a4b543b75fa587ec6b432866b74bcd6b5cdd9372532c882da438d44653bd5bccdbc94ebc27852ff9e2
-
Filesize
152B
MD55c6e737e2bdd88e612b154988c766840
SHA18f958e9b305298bb9885906729268badd6fc6e7b
SHA256436526d1765c814e2e83859bab221115960840c3d4148397b50f33b1303312e2
SHA512cb2c27b62726cf0b51ce1fd2449ae5160ae533d61af1014e4e829b24fd7e04c578f5c7c14535bfcd2d6302c120c2eb3ab1f5a4547fc31c86256a39bd8b4135b0
-
Filesize
152B
MD543b287195b4456eaf51897bfae20ae19
SHA15fbe19169a7725ce41b80766c671ba211146664b
SHA25669b1fa994f87bca89049c712658a8394a8d262157a24253c978be7204c0bc2d3
SHA512fdf81da100aec0dd7b89815ea95f7417bb3d29bc949fcce2616805f156c7816c4c75d87763c9bb86e65919d8e9c39ba542c395315c42baa4bf48a85ba7fd23d9
-
Filesize
152B
MD56ca25a08226552d5a643fbbbacef8fb2
SHA1bef646c039bedb8c7d78913b00ea9ed60af90189
SHA2569ab88c543bf3119a1e62250c9836c446e5ccdd3c24c4d0c6fd3dc0d2cf7d1677
SHA5122309f53101cb6c5e76a7bf886ab77082bbf0990361ac1a34f4e218472ef3d0b9b27f118a1e75b90803c524e9eb5f8e14271fb425616296883ce4d440c88b7b2a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9baaccc9-eccd-4e21-8ab1-9c443af309c5.tmp
Filesize1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
98KB
MD5c0fc67fbc5c5eceb437b516b4365aa86
SHA16b5a02dc604f8b87eb9d456969b12b45dda79baa
SHA2560b8baebdd76118229f6b486ab07c66d05b104fcc8a80df53261769f80ea093ea
SHA512e73b48bd36052a2f31aabf40b32ada01fb8c92345a20e22126bed271bcab08ba0a677fd9fd29cca23e98379b6c1e0601bdae9f90c38d9369ba32f292450886d5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD59f3b4a91c90c7237452d1c6da7349487
SHA12e1e1671086566c89bd464121f77340373ae20d8
SHA256fa5573e87631b9ceb54b9a45c1b7e6e1ee4e829a47c9a2d230179fd93f28913b
SHA5120361cc7f836941b370511ff432e82d7db8c9b827652c7191e6d57b58405966a4343cfc88035d8e2d61415837370c7160ee517b642622fab9ac8c4734d4d6f307
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD5bc0ea8a1bc497d0f90315d51e375cba4
SHA1bd0d449913ff1ec786e6aa47c2eb265e4b03acdc
SHA2563d2376af6d55c54a1e329047ad24a15684a05a2fa62cce7c3d301158101f5de3
SHA512a6e358dfbfca1de25e0efb021cb265979f757abc77ba0c4435b3f5c66b5e1876cd4978913e39eb889614b3e4b26a8f69cbbdd5af14595488daa9101886be365b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD5365ece1fb9cf9f4037ddcc641d535073
SHA1f26e9c9bee19b5f9c4b0a1bcd941e52850a68ff3
SHA2565ffbd6d3e3987d88e0bbce00f29b5dc18c6202c26cc178def06421948ef9e52b
SHA512a1ccd9044caa0d194fe101543c0da218900374b44f240b00fa5f3412dfeed2d9cc9e98d02a6bdc5237aad7c9149cf1862b5df2bba8450fcf8f2760d18ea5199d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5af137.TMP
Filesize48B
MD552c43b49edca3467d572225d88cc3a18
SHA1950c415af360c47c1129a14fef6840a772668bbc
SHA2565786f6666f7a7a2441863adf58ca0b7aadb8005f39a8185976e3dc4c3cd45c2d
SHA512268b9a8666ac907ff3fd2ecfcf2f73b9610e1014d744b4c158e1f09be2b7c971b16e5fcbadcfe88b0ea4751af8970891ec9ce1cc131843a4c73ce4c37ec1c937
-
Filesize
70KB
MD5e5e3377341056643b0494b6842c0b544
SHA1d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA51283f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef
-
Filesize
8KB
MD5cf89d16bb9107c631daabf0c0ee58efb
SHA13ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA5128cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0
-
Filesize
264KB
MD5d0d388f3865d0523e451d6ba0be34cc4
SHA18571c6a52aacc2747c048e3419e5657b74612995
SHA256902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17
-
Filesize
8KB
MD50962291d6d367570bee5454721c17e11
SHA159d10a893ef321a706a9255176761366115bedcb
SHA256ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed
-
Filesize
8KB
MD541876349cb12d6db992f1309f22df3f0
SHA15cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
428B
MD5adc180eb4a98a855821a43b9722da138
SHA1a5b8d67a28bbace690b44bf4575dc2434092bbfb
SHA2569a12969aa13ee8ca85d8ae914d1df94795d012dd7361a1b10d81f48ecc9fc277
SHA512cfc169a4b683bd925294e0c78e16ac6aec17af67ee4215e15d02a7f42b12c646623554fecf525d7f869ba4c03205cb8f0ee0ebacf805123ee9344ee344d851fb
-
Filesize
1KB
MD5bd629bdf244248a866558be1986a3bd7
SHA147ea3afa448d876cec0ebb8d0dbe64a3394fbbb9
SHA2560b1d95fe80389c894c767fc8b96eaa34b72e8ae507a952394e38b1173b766b06
SHA512b2368fa9226849994556371ca9bd6ff46b68fad680d573ead86c7dc2768b565937774f3d324d9e8003312ceb14f7dd757c153dd8313d71bc9d3b910933be18cb
-
Filesize
1KB
MD51ea58acf5400f30f22923fc974230713
SHA14b6383af4310fa7b65524e4e4cd68787c0e2b402
SHA25648da593926c0db9ee2ed25d6f637edd4707b730e5a7411cee5b9b9686e84dcca
SHA5121ca42a8523a943cbbb3f42efaa28006e45d4ef9d7ef99ef4684da3036ddad56c8453da5362178efdcd53e91ff2d7a9f3ec6cd054deddafaafac6fb2dc0fac215
-
Filesize
5KB
MD53c90410e998b284825e6d42767ca40d3
SHA1233b1371e409c9c4afd912e6256c661d4859ac02
SHA25664280543df8f1bb672bfce3a87ffa4d9b76f4b277bde2283aa74e1bec6f877df
SHA5128bfbc85927c0fda33b80ee2ce76e2a4a7d33cbe34d1d7ea7602d922c4ad70695a28d8a0432595ba5e9a1daf8022b8e4dc9bff3c090294d3cef7b941088b41df4
-
Filesize
6KB
MD5c517046cbdeb9d13c352ed3865afce6f
SHA107d0711a7edffd2a2c36a310abee6ce31171526a
SHA256e7e26934bd782f9809b5dd81342e44798d680015bc6d3fb1d78047b28461dfb1
SHA5124e00d5cf4bd4c31941b110422f0cdb50d4bfb823c148bc302026f87735a972e1fb79592775fcb52185fd25339e6d970ea2b49926d41786adc8d283d576901cc0
-
Filesize
6KB
MD528482193271db84e142f6f529cda8bd4
SHA18f9339842a824f7933be815cb1f8cd5dec32f980
SHA256227d952cfe5a319266ea5a6bad7881e9cc7e843352878d14bc56ed1b576607fa
SHA512f03a73ddd593a9014ed4d41c172bc4d1efd922de1f9ca603d2aa428e8538609f2271494401b0e2a1d86925f07c569b4df85a69ad8ee27a7015587ac11d42074f
-
Filesize
7KB
MD50bdbdb62650b0e7cf06ab3b0de96a190
SHA1411db1a76360078ab8cfb3bac54073c3b445b8a5
SHA2561224af1a0ec729c5eab566c3897463af4959491e954104b3b4cc3c4d7414135f
SHA512870ed7f090383fb4a57f34b9e428fc0d90f61cee42544ba8f8aa38a01d9d9d7d82f64f9f106b3a18d4390c1b8a8209afcd8b91a0c6545c98e07760ae26c60af6
-
Filesize
7KB
MD5f680804c716eb63dc9b2b908edf3d471
SHA1c8c770e9aff1d6f122ecb4690d6a4e25b2642f2b
SHA256d45f718114657abc6b5bd5cbbb43f23dd1da1c3eb9584c4ab04412cf179a629a
SHA512ebb162ebd7119831051305d3f9b158d5d8fb3ebf12ebfd1c1ae89b4853c8dc6b9155145a146b25b7f9c94cc5164866ef90ce8107a77572afbf97353fa59ed6ea
-
Filesize
7KB
MD58cd8ade38c9e39924a6213c20eee6a91
SHA17462c2a523865da84fbe25c55b8af5256ab7da79
SHA25639b6b9d50cdb8326044cd21c8b7169a1d3477428862a4bd6971fcff24ace435d
SHA5122d5be7c10cd89d5d49ca9020134c7c6678ad7c9d92ddd09dd2a9ffa16d62a78502deacf174f7c62b761904840be98eb02aad640c8df42ec987a14687c14f150f
-
Filesize
7KB
MD57c64bc19b22ecc230cc316127330cc4c
SHA1527434fe0266db7c790405771ccf32562b1d0c69
SHA2565196aaa687b554c274c0f6fe8cae8493cfd761e7063ec4142f36e4c6bb3cf57c
SHA5125ad9ace46e1feb537a6a8d13ae141e7ea753bb23c2bdb424dd43a96e0b55322901c34d8e1bb89fc917e98e72bd2f41322268d7c9525dbda09f1246ae3ad9402b
-
Filesize
6KB
MD5ea30d056d1d105f7714d2177489f1893
SHA16affaa05094d8c9c11b4c3672278a1396a6021f8
SHA256cdfc456eb964d109f7e3d978f3ac420d724c36b5589fe56cfb01bb9c3fec7fd6
SHA5128c71928bc72645d18efbc94a63d9aeaaec1be470533ee610b0d8b80dfbdf19e37321cbbd5f6b6e385b9a884c83dff62654bcec19ba1eb032cc510a7ed417230d
-
Filesize
7KB
MD54e8760347ff871bee26114ebb47471b7
SHA1cca5222cd4a5a7ef55e22f2451973d4769c5ed0c
SHA256f62157611915a5c3893ac1e447a1b49afcdd75a39cbd17498b2ac7beb194f3dd
SHA512990a7051e939d8aef09704f468e363c6f40a22acb8421a6966fe082c62310c59ec2f5282058eb989e4222190defb025cc2317413226af79be8825a42c361004e
-
Filesize
24KB
MD548febe0b0625901956573dfb2378e7ed
SHA1c324173a8f8fd7a6a7398f6bb24dd2ee11d3cf24
SHA256f0fae7ad33efdd05845d0d631ce8341ea4b6dfd4c45be844f0c117738df9c0d0
SHA512fc38a0c64e67e3b5d43f787fe86f700e6f753d8e90bcebc446d4a8c631b9e4362a74fa862a5b2ffc74f3f5236d3ecf006b341042b5469d1cc24f2c325a607a91
-
Filesize
24KB
MD5c7372f6f9d0923743d6d08f6c8bc97a0
SHA1fd0a415ddcf1bd2654e13ced6c05ecca2bf1fd7b
SHA256d83590f58933f76e77c19f2b22cb9a251df97acdac420fb0d58dbf3e4dd3690b
SHA512eb02d57f466d111e4f4b362b8cce2f0768ba9b3ed4f727092d4ac4c96204d3470b91e1b46ae297fe2be83b0485cd25b76ab7c2e1b20ccc141899ba41aa27ea2e
-
Filesize
538B
MD5f65515069e4785aef7de1db7fb4927e0
SHA1e7996ad18ac990c01ba0c80f32ee4c395733f538
SHA25611d9d51b4a7b212c1ea6e2d43b15485bed267325253ae16c2c583b58cb5f3c4a
SHA512cb816b28a75228e332f234987228fbd7663778ce053f860a685b30272bea71b8debc18d48037730e3b84f653c5e60ca918c405d91306b50c51c404fe99e591e3
-
Filesize
1KB
MD5d50c7bb1c0383ba767f22f3e16b5e991
SHA1c56525dc4c8bf04682fae5a490c1927a34fc4bd9
SHA2568f89957a753213e1c70619df93e5a05a40dc3a0e67a9eb03cbc6c2bebab0475e
SHA51298d67b2198a88183a1b07cb23badb2f9c77569f76d6e5fbe2d8bd258d3ca648b9d5a9abee97c480c0e354be0493c7b0dae137cb5df620dc8fba60a294234b7bb
-
Filesize
1KB
MD549a70bc5a19cb3a55821582764903d09
SHA156f2b85b1382bfa73e5b0beca55684bf3464f847
SHA25671054fe09221e1f11457cd5498d6e20b0f7d5a222694770474ace037ea39af0c
SHA51283c1438b3f540df7b56e3a0f71be295053e1693990247d7aa3ece1b60c59ac9595dbcc4d08c6f327ea600c67c84c0aa1437f96f85814aa26d2fc812ce3f16af4
-
Filesize
1KB
MD58fbaf1241095cc56d1f9f33dc3d79f45
SHA11efafc20dadca911c52b0cbd214b1719c589d756
SHA25665f62d602ba3f18f40b859f0f43adfce09696021ab38c0f757782205b76e962c
SHA512922e2d09a9a3406236ca19343456ee7b2eec511cf9fce41f543e1027808e9b5070ede09a7ebd0b7826f95d3934d96d5d6616107e514511f27a6d2fa924844c0c
-
Filesize
1KB
MD5a0ab7ce42d0feb3908240e06a51f3e86
SHA11151e947f28d2bb95aa7352047f7ba781cfc2356
SHA2565877085a42b36261d3def5138c0691080e54f245c91794ec6589ff5dd2607bc5
SHA5123b2f3dcd9e816310cd01f79824281038f3f3c8e9fc0dc57d98f7c847f4e52d10dd5fe0ca345ee742466a1bf1568060c1c3d4883fa72af7dcbf2fed6bd52990ac
-
Filesize
1KB
MD50fe0e1f92c2858fe1e88e4c4ac4feacd
SHA16043a612d1578d25281b020e44deb83eaf552ef5
SHA256cd8a3c1acc2dd77729f21dc973294acf8701e67b8067d9381a4c26c1c59d0eb2
SHA512815ee4ef332a734dce7d5ce2ac77c9e8700c1ab5baf123acdf85ebdcc488e78cd94ac0e90755d8b06324a1ea49e8d56bca6fcc8207b9e014693281e266d4edf9
-
Filesize
1KB
MD5892c75616fb1407b3bec9088b8052d66
SHA1ae2bf66f300b5f918c4242acb10b3d2694ec1467
SHA25676a2160df60300240644cce7db0c337dc51517be741f65dab99c4ed378e785b2
SHA512e9ac5c4b4fde284e90d288367975068e72db63a6483e07f88b17e063ad27baae9f5257c2d8584326ad34ac2c7f9dea474890b0b613ed3a75310d180de8e40e33
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001
Filesize41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
8KB
MD5903d6b5cbcd158f988c2a5acf9ae83a0
SHA15335b2b31b56c3f952e076010f529eb4478e39bf
SHA2560b24cc41696c1db16e1c69f9bf5307286787f21e9f20558223b1da06810160ab
SHA512cb200c8b4be234cc90eedab4a433522edd30ee8449548f0dfc23fac2f68901d92251c268eccc61d018f70735e3dee3efb59379e7d592f89c400357652c684647
-
Filesize
10KB
MD558fbc7f086dff9d9be3894bab23b2cc8
SHA1b6c3628e2537be4daa5b4b537dd47a31887475b0
SHA2569a5495134d53bcd97a8bafddfacd0a3cfedb225c5bdddedc886909cd62a12558
SHA512143b0763d325c4ed04ac9f603ea8012ccadef147070e6eb5b3408c563df9cdb0957984f95021c419fdad7c5abb6f0ec6e0f645ca47fdde3e40a2930c5b196656
-
Filesize
11KB
MD59211f600b44983c510efebe5d8ae346d
SHA1607bfefae8fdf0d94ded0a34170201a555c1892f
SHA25667681c2dccb00222487f29f6a09c3b0cfd5aea1b49fadd0946d2117665eb5305
SHA512b7e2bddc6656d19e4ac76d8cd9d9ab175a660993ac0398c36ee717499742d24633faddf7eb8244becb7581cfb9840ec34411c881ac69f659c914273c726f9463
-
Filesize
11KB
MD53ac808639f0c0fa1fc646e3ba9fc1f2a
SHA1c42b20b92dd4e33e7cd0edcd9bd7cc09e8e2c1d9
SHA256e4f106cc188152e5c90e357d990765c753869d0776731deccc7a73ff751f44e2
SHA51276dd3993d94d29f3e59ba7973e9beba26eebf8ac71742ffc30f8d0b990db81dacd7c8a2394a43115008facd258a8967f1834843035883a3c59a4549f15f0755d
-
Filesize
11KB
MD5bfb3ecdc20b45d6c4128e8c6117b6863
SHA12c07d2d9f2d32b59c4d9d5a18ef07df9a70d5955
SHA256ea01587813b8b38260007fede344f0a02ceb38baffe7c72f96df37657345f4c2
SHA5124647617190cff462fa61d2aaf6194acb6dddf0d45b250edcb7e2985c8af797478ef68531055f56a67b42fac0c7f8863e3107fa8f2d256df5da894380c35e543c
-
Filesize
11KB
MD5aa704179560f3aeccb431abfdfa3c3af
SHA10e6454f134c18a3d71d594e18055050ef3ecebb0
SHA2568e67dad75acfd2088b7108e2946135a3d19572b506fc4a41a4e2f3e64cd9ccf6
SHA51206146497e52f1f3015a7f1932f031363f3b7452b2f487df58df721b6a8197284a296e790e4ca8ddb61f0d5c57f2a83b65f1a4af13d746b9888af33cd382eda31
-
C:\Users\Admin\AppData\Local\Microsoft\VSApplicationInsights\vstela5c5f160d92eb9eb2338fed4d0533db5c1256108484c02a85b5c60f7e0875f6b\20250116185330_c97bb05f39ee42088c2e2cf905f4b90f.jtrn
Filesize7KB
MD5ef8a72479c8206d6f161aeb2bbf3a0b6
SHA185714bdcca170327767c2fdcfbe87e9a318aa85a
SHA256b85031c29a5bedda1d134f3ad9691c8cec6b0bf41ef0c11ed67a49b8394d7cc2
SHA512eb2fd77f6361a7db45da7ac49794cb2695f9d0bb7ac5fb25b9f84caf9a2b6b48a3f1ac7f4fa75ee701dc68bbdcd87f6a71015a6338013f574d27b6340c90d4e5
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\activity-stream.discovery_stream.json.tmp
Filesize22KB
MD57d8701da391b8684707f85faf1b116d7
SHA12c475add0d34701c79a3386ec9b371ea2ff2bbad
SHA2560d64e15a1da8ea2391c74af0e5fe86be0821d4862338181df06068df06ea17db
SHA51201f0241aa183810afb2ca2637d853a7b41e3370df59a60b461d1e618038a5a9f8fa72c66c571e499bd333e83b864686ab5094047c1385284bd389e64a9699d7a
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\cache2\entries\45D2BCA059128F0CC470D173E39D9CE4BDA59A95
Filesize69KB
MD5d6c6873fc9e56cd3db2b2b4a95b12cca
SHA1388174edcb9281b48b61b5c66402438dde569db3
SHA25636fdea36aa82458c27fd78c9d8e597f49640b5460fd2a209a44c108db5ce8785
SHA512be0999655eb2213b3655fcbf1d940b3088a31dbeb7e3271be3face5837b6991258a44fb6fbce0ab56bde68aaf890984d70a58eac4a46f2c780d4cdbffbee9562
-
Filesize
147KB
MD53c72d78266a90ed10dc0b0da7fdc6790
SHA16690eb15b179c8790e13956527ebbf3d274eef9b
SHA25614a6a393c60f62df9bc1036e98346cd557e0ae73e8c7552d163fa64da77804d7
SHA512b1babf1c37b566a5f0e5f84156f7ab59872690ba0bdd51850525f86769bfebc245f83988a3508945cf7617d73cd25e8469228974dd2c38415388b6a378552420
-
Filesize
222KB
MD53969308aae1dc1c2105bbd25901bcd01
SHA1a32f3c8341944da75e3eed5ef30602a98ec75b48
SHA25620c93f2cfd69f3249cdfd46f317b37a9432ecc0de73323d24ecf65ce0f3c1bb6
SHA512f81ed1890b46f7d9f6096b9ef5daab5b21788952efb5c4dcd6b8fd43e4673a91607c748f31434c84a180d943928d83928037058493e7e9b48c3de1fc8025df7f
-
Filesize
4.7MB
MD57299ea58f8ac8cb02c47ab511bbef604
SHA12bee1fda611a2b83398c1856a1401a928a8bbef7
SHA2565faf3c853921b6b69852e13b01702262b3ccd790b12fb9a172f96bcd7c2ede30
SHA512a83d97bf503cc390178f3863abeea39377d3f3d2cd97b8aa90a501bffbca23f6ac72aeaf43b0bd4f8caf0cb715028dffe5d5e4af8212eda21c5f7065f2d068b4
-
Filesize
2.7MB
MD55cefa688ea6456aaf8dda117b70beab1
SHA1cde8488a34eb3a14142ebb1fdaeb25ac5e17fdac
SHA256513f77ce9c9956dc422c612004973270ada33bdb36f7e1f240ac26a2e9cb7170
SHA51235cc6106b0cb6a3c595449fed65faff478a4bc337178abd0708998a51d2af94bf3ca2677a3c29c4ec5391b9c8473e4fd1cb6bb59be05cf0ddc41ae90fde3cea7
-
Filesize
10.0MB
MD5ffd67c1e24cb35dc109a24024b1ba7ec
SHA199f545bc396878c7a53e98a79017d9531af7c1f5
SHA2569ae98c06cbb0ea43c5cd6b5725310c008c65e46072421a1118cb88e1de9a8b92
SHA512e1a865e685d2d3bacd0916d4238a79462519d887feb273a251120bb6af2b4481d025f3b21ce9a1a95a49371a0aa3ecf072175ba756974e831dbfde1f0feaeb79
-
Filesize
493KB
MD56406eb2b91b8ee5d80544325ba415de4
SHA116fa3c9947d411f2f9fe40a018b15b094d96c793
SHA256415fe9ef6c946559621e53e13b13454aa6e602015697d7a1f07947ac069d5bc0
SHA512e7fda2bb81d334fa005156dad203d4f6291e11eb99a7403be1a9a00bff8e8775d7c773fa185eed809d9840681eebdf39ff9c77191efe063575fa957424c272d0
-
Filesize
8.0MB
MD5a179ca4f497d0cfa823bd2bade7cfbac
SHA12b53bcffdc3df83038e67cef237ac65c5dd8e993
SHA256a681e394c3a6875e2f46925be3cbec3f35d44fb1b4fed90215523e79cde13e0a
SHA512de9e88ccf2f852369a180a0fd6815245b7b82f164ebad84b6135a4920ae0f36826038e850e7a53362d254ad0998f53122c30b90dec576440516148d89e236c4f
-
Filesize
460KB
MD5be79f74edbe7c2a7b50c44c104a33266
SHA19f39efd4cfd49ee4d7bce6e6c601aeaec600535f
SHA2569faeb0cc66c1dfcbcfab26062db9ecc48d07a88cb519cc1e18ca795ddbbacf5c
SHA512d1927fcb10d239d1c1fe0c9ea2f789da51df256dc4e9824022660b6865aa57ddad3e22d040e0edebf68183986cab1c4759e22491bfe6ab59b251797d69835247
-
Filesize
5.2MB
MD540ae74810ef26162d444d89109923e16
SHA1caaac2371116c0031cd54aa2ac7d0ebc880e9742
SHA2564970d5f2090f02bc788e5247ebaadd32698e035fe2a2ea7ebfe0c4841a0a9306
SHA512280e5e12a6a783969dcdc360505dc6f302e232d960eeac0eeb6333695d83fc2e6794fb337d5b531f78414f6a3e6728d0dd27603ca4305b2f1579ebcd38b74634
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\extensions\json-language-features\server\is-5P1Q6.tmp
Filesize39B
MD513fd4bf74cf2be8e582df89172fd5c43
SHA1d14bb4302c9f89913859d245ad2f16feb5c9431a
SHA256d9b82212418bc1f48866ef2ecfe4217d54745af57694ba5df0b01e6ad3e98933
SHA512fe6f8972a161ff1eaa4eb748f1de523f47f6c7f5bafef607152bb7301c3bec435ec79dd81875e29c99f092368dae58cbf559bd08a8c8517634f8e7334f173c02
-
Filesize
179KB
MD5575506a8774d119bc036fc34a0a3b08a
SHA187864ccab15ab97a8698c1bdaa7db88d7a8dbcdf
SHA256a8e9fd8d817925e0457587f9252dfd977bf17a4155a7ea67bf230d3283036a79
SHA51239f515f5f7da39fd6e026cc3f7bbb269a60c635a51338073cf752352635936834280a68c1deb46fdfb263293716bafdc31ef569663175b0bea6385acbc36e24c
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@microsoft\applicationinsights-core-js\is-9RMPQ.tmp
Filesize854B
MD55d483bc2a4edb9b663c253e975b0c404
SHA118c5a5d1fe7e1190f527e8a0cab5a6bbeea92b5d
SHA256667450844c99658ea65acb29a73f60504a599cfa40138471e943ed3e5e5bdf41
SHA51261d86762e9dca8e330e9a05bfef364a013d45878a353247a0fe656b132e74ee86cd1d562a541e5a7859418a48009565d12b8245a8cb336c01317005c23cc511a
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@microsoft\applicationinsights-core-js\is-J59LV.tmp
Filesize631B
MD5d6bd36f686fd435d25f2fc093c70d2ba
SHA19cd1dfde85276609358cf9b08865b801647d1bc5
SHA25688c7bfe272ff8a305c79644131fceb45e09faa1b9cdabd196b4f50b477f0dd20
SHA512eb758b22aaab89c125074251f1320a4a6a0404d45f8ad64d68aed354a03ca7c073b04b4d45c23fa8d01d90d627d422e74ad60c106f03f0e4a510fb7b60c2377a
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@microsoft\dynamicproto-js\is-7F64A.tmp
Filesize2KB
MD5558a3afce83d0e53014d19717f654349
SHA10e8972dc842e81d5f3cf73a5d7c7bfda53fa5ab5
SHA256dd0376320839eaab4124f03d94447b20e324d9eb19a7ec400dfbd01bc24bab47
SHA5127a34a2edcf3a44525a304611ac0230b0b2ce0bfa19dd85d47c74a46e879f2ef21bcab647285c656164292f161454eed9d8239cb63fb16ca2348f11db5d3034ac
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@microsoft\dynamicproto-js\is-G7DIR.tmp
Filesize1KB
MD57f571235285d97bbfd3df146c554c260
SHA1aede5ad1228cf790788df06dd052f91e0d1b8391
SHA256904dc4d8749877f1dba1cda48200d2462dccbeb7c134d5e4ef6fa75e0198c8fe
SHA512f32e03ca8847c2f16226377644cfd561bed53fe608484a755dd39909265834918c25f8b600b735617fd15caeab41781176c5b17d0fedfa906a3df5b15eb3a922
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\deviceid\dist\devdeviceid.js
Filesize2KB
MD5d4b29f1e7b02bd2913365c8237db2d4c
SHA1006427a2710656f5abb7b5a5b845e999a0e3f895
SHA2566776fc43b9371e5e94013e861b1754405b2875e3266db342299ae36d8df845b5
SHA512c3a1cc28034f09450e08aad42d870a9e46c96cd9fd076238f4668b52cabc24307f88af48478f0e0e9d4c19f0ea17a110ec0606b39cea2ec608d171d56d66fff6
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\deviceid\dist\index.js
Filesize1KB
MD5f38b830dab23937239079e9a750f44cf
SHA1ad59b2a60222e8877e7370070627a0cdf5ad540c
SHA256b8586f5e004718d62222cabbdbdc05844a175bde91b6ea7f2ef1c9ab1eacdb01
SHA512e1de7886a2e1b63e171657fb99b1df19acc09541d7d5e3eaeedeab538bfa748ca5d103d13e073d10a3588e2c08b122e75fd3817d2b6be8837929da42132ce130
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\deviceid\package.json
Filesize858B
MD5676b8942f190eec186152b6ed5e29ca4
SHA10c138ddb946a84f8ed31d29baf2377a90510eace
SHA2560c27ddd6b98766796fe09224379e71752c634ccb293a91099db07ad2c207c843
SHA512d917470ad853fd0d55ffc3f5ecff4f0c8d50258268f23ea2dceec6be3389f2fb3f097e02f81699990317a2aa5c70257444762e630c9efe2b0c25f92aec80f278
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\iconv-lite-umd\is-573K1.tmp
Filesize1KB
MD5d4a904ca135bb7bc912156fee12726f0
SHA1689ec0681815ecc32bee639c68e7740add7bd301
SHA256c2cfccb812fe482101a8f04597dfc5a9991a6b2748266c47ac91b6a5aae15383
SHA5121d0688424f69c0e7322aeb720e4e28d9af3b5a7a2dc18b8b198156e377a61a6e05bc824528fca0f8e61ac39b137a028029ff82e5229ad400a3cc22e2bdb687ad
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\node-addon-api\is-SRAC4.tmp
Filesize3KB
MD5a4dcdbe197a6a3be69d7599c59e64458
SHA1965ecc349b636e97697222acde08052b52e7f169
SHA2564fdc94bad2981f680269f302e7ec6dcb76e33fede92e97a908faf205bacc6271
SHA5120af3e0e1f70d0247ed654c79720d41f69e3a567f2c6880b649eca8aec57e9cec56d5467966f4baf6ab879a730a013feaf0ba64ae204de4b1f1615db4deddf5ee
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\policy-watcher\build\Release\vscode-policy-watcher.node
Filesize165KB
MD54bd0e0e2e753357d6aa773c37a91fe60
SHA11a7fa819b605db4d98f30082604f16d379de501d
SHA256fccc9e93926035942c97146e3acd669692ff1c888942a69dce337de885f25aa9
SHA51251f91e0d14ca0f465e5186ede8ab9abf65f9b40a84b0bf4c7ba4d371f35e3d3bccc0ce33a0a06b9de0311acb65f5c4e6ad65798b00c15810c163fce8a136261e
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\policy-watcher\index.js
Filesize625B
MD56a188b79cf5f61ed97466184df7f0590
SHA1216241d1be7f21c168db7cb0d8c61f3401f350b0
SHA2567f83d801ed592f833e64bd45d88d637cd117be5b7c4ac5fde59438d75bed74c1
SHA5129f49e5d4380508bb1a7584a56385e447a011128f7e6d7a7629305581de66dba8f3cd70b4a0a7d6abb7a835bcf96b5d166d60a0d4d84db099e70e9d7b6ba3c57e
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\policy-watcher\package.json
Filesize430B
MD51ec4ea9352ae3de0316272c18fc8e360
SHA197cc4f32fa1c4ffecc49d2e1f790d32a8cab964c
SHA25615016dfee153412954f60ac1011f241451a9b7fbb68ba986b9cd5d885cdcbd38
SHA5123d35ea59565de3d2b0c021a106e18a44c9637d4ae69a86d513c1c186769da73d2d69b14a7a4f80794c1c50bd3573d62b77b7a3fadf3647cf188ca2b308b23215
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\ripgrep\bin\rg.exe
Filesize4.5MB
MD55e566b4d792ffdb3828ea452fda610e3
SHA1087ab13ba44a7f170d0da9d066cde9ceb15508d9
SHA2569bdb4acd4329fa00a9be0d47f7a738d95e0764c60eb534ee521be8a60e55c61a
SHA512ee0d064d82f28ca68daab3b4c6dd1bbc9f04c985bcf6f286d68b06e5272174973b4374293d1d835c4196999c09be246b88e756b0849b3573bb461aeafd7ab377
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\spdlog\build\Release\spdlog.node
Filesize571KB
MD51e3d2255cbafc87209187fa8063ce99f
SHA15456f14d3d57421502fd91e9dcc709cd51a4f9af
SHA256a9f728756a92e050428a8d8c2f44c3e1884c9840827ee575a56ef3a185f98caa
SHA512043c31cce84e7afe2ce60c76bb7869f9f4bc52de50058e51959e372a340332359304b9008f58bad3352b8a7c5592754d2cfc6f627a5bbb9b6de8b64a1cdff76f
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\spdlog\index.js
Filesize902B
MD561ffa396096a48dfb7ae8ca932de8221
SHA1fbe4430d26d2e7adf01d6fa93e29a2c370eb062e
SHA256908932bebadaddf2aa2bf958c9c0b729ee99d40377f5ec67791f15ad942cde5a
SHA5123dc76cf333e5c24c0a95fadd7d282aa1bc22de87d9cf391b6e33448b3d03e9dacf478b31321a43b4a5826ff117fecd617286416f09cffe650051b01afd08df9c
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\spdlog\package.json
Filesize815B
MD560c5ab062b6264b28cde51baecca1192
SHA196831d8ca6363b54422b275d3503e0c92c1494d0
SHA256f9c75b3b5807b0448aa039d1fe852832f81e5d2285f98d57b424ed26c1c99f85
SHA5129bfd16de910075825a5b1c95ca2c008731c4b80a117c2bfaa94b8b9fc4e1004785a07eebfb89d7b443cd308867f61fcc76d666514f6cec2d7d9b0d88e706f6c7
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\windows-registry\build\Release\winregistry.node
Filesize124KB
MD5f9c543e97facd742306fa7e7f1d0e467
SHA16119cac8af67a3dd456831e5820a920a18ccc462
SHA25655013c34803291c8294f611151609df858327f8fcc4124add17a5f5b07ac39b6
SHA5121856ced9064aaef01ae50b20b3cbbb577b91772e2e4dbf2c5adaf02de9c1a5b879844ecfa37dc8034264ed9ef3f84780c328779e4098f697587d5a3f1aa2d3c8
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\windows-registry\dist\index.js
Filesize997B
MD5a106f61e9579fe50738dbace2b3290cb
SHA1cc181adf771fa65ab6448bbd60d55e2b8ae68667
SHA256adfe421d702a1b308e52663716c6f90bcc3f0a79caf2c8a1e1938253c44873d4
SHA512d7dbb736c7f2dc7c631e346dd463c33f7b9225b9ede9f9f08ea4b2778d91db3dc9dfffd6043db9cdc0671fe101db2d871998b327d75f2bf74bbc22adf693d9ae
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\@vscode\windows-registry\package.json
Filesize839B
MD5d9a75c8516b6325d268bdd2785f827d0
SHA15d67251107fdf603c5058e30758f269c84193fa2
SHA2561f4ba78ebec251a5f627718d1f683c0b715be285ab048eddd32426f8ec5eb220
SHA512c4fb3547b6cf7674b11f14eb727279cc661e5e48bc8600dc5a6f37ce377705e68a8ef32c2e7324bf5a1fb4d51a5c80760f9bbb94caaedc46dcafa65795bdb944
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\bindings\bindings.js
Filesize5KB
MD513c05ea1a2f638b707aa56eea958810c
SHA1c93878e75a9f0545f73aa8d6fba3a761c4ceda36
SHA2568e32a0d37f20bd6f7d5bdbf99d041aa27be47cbbe5172ac13ebf7380a10b3bf6
SHA512f356619fa479c72086138eed34fbdcf501bb6f263249e5cf3b1069b2d6c120afc32d9b2ee89d9a41b2f516251c8bbf5d9913e78105961a989e136ac03146657f
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\bindings\package.json
Filesize660B
MD517005447df8440e0e386849b8fa2b682
SHA114bbbadeb1307b1f711ee10093d5b46a7889677c
SHA256a87721fe406e1f1798fef44d697b46ea1efe346fda118010334713346ee4207c
SHA512a61aa9260b34479feb762f81f23ec26104d311fee81bb299efa00fc7091d3ae7f10047f6d91bd3bcfec7152b754c9fc6fe97ac280b3c00abc945a25ef387105d
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\file-uri-to-path\index.js
Filesize1KB
MD5d98f7c699c54e0e90f408a44feb3188b
SHA10ffd660201ce0749053d108c53e5606b9da158d6
SHA256e62293e871bdd5a7449ff3c7956c9536ec1d2ea7369461de77322b5256bb93e7
SHA5127389081fbf3b16f0ad99f556337679be895e04930e36bfc8f99720e013f28b68bdd4579f11eb41dd4cc7a64a36ec26a6e6539d42d5888696f71e7d2d9c8784dc
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\file-uri-to-path\package.json
Filesize717B
MD565f30030f0e7b2eff552eaabd8bb1fe1
SHA15dee8a540c467ffbf9025481180c77a06a9f46f2
SHA25671eb1e24bb9694f89c613fa0aa307f977dd43f41d11794c7b48fabf6c55f66b0
SHA512763c372773f093de60fdbe0bdd5d0b6362882e22eaebed51f70ea50fa3087417b5c517ea9ea057b56d40f019cea042a6e8c387356da1b9b9d39c2a5f16e7b5d4
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\font-ligatures\node_modules\yallist\is-EMG4M.tmp
Filesize765B
MD582703a69f6d7411dde679954c2fd9dca
SHA1bb408e929caeb1731945b2ba54bc337edb87cc66
SHA2564ec3d4c66cd87f5c8d8ad911b10f99bf27cb00cdfcff82621956e379186b016b
SHA5123fa748e59fb3af0c5293530844faa9606d9271836489d2c8013417779d10cc180187f5e670477f9ec77d341e0ef64eab7dcfb876c6390f027bc6f869a12d0f46
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\get-system-fonts\is-1MA2P.tmp
Filesize608B
MD5ca2429de1d04b8f8ec219352b058d58e
SHA1312f5876880afe956e8e5427d205253519ca8d0f
SHA2565a926f15d47257e382ac5e82aedc2f41a009ce6a74735b8cb8b554fab45435bc
SHA5128135d90e36bd1fd6e734c7abc84611154bb2ea1c5c4a177aeac63adb65b7ecbcf6c29973b37a009c1f99e5c7c60906911903c4486024c320532eb489461adcbc
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\get-system-fonts\is-B9G96.tmp
Filesize1KB
MD548f746785d13ed477ca30d5c51a4c4e6
SHA1d13f2bfcfa7a060b06a04ee994d169e881029bca
SHA2565c15db361b74f2f3fcbc4bbf0c6c62f781d491493a8be312f3147edfb0bb4fdc
SHA512602f8d4bda9fe8d1663246015754db4797709ef836caf61f1ae388312232f3795c2354b8481d57876053b59797f09e147fe20a274e439b72c82761096cdcd804
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\get-system-fonts\is-PDGJP.tmp
Filesize312B
MD54eeffb9111b31ec10b006aa5476bdc02
SHA1b5d1a9cc9e48f086593bbc8c60cf317f18dedd7b
SHA256e232c0453d8aa680d2963d574596cc8d1d4f6df26241f75bea184fcf44b0d639
SHA5129bfc9a1df5d465de6a9cc5eef83ad64a878bde421644fcb0dbf4a8b8c0f6b7724f6051cb2065b17c832c55f2931467b1509c55fac841b4c5bb8390a15e8a4c3b
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\is-docker\is-05A9D.tmp
Filesize1KB
MD5d5f2a6dd0192dcc7c833e50bb9017337
SHA180674912e3033be358331910ba27d5812369c2fc
SHA2565c932d88256b4ab958f64a856fa48e8bd1f55bc1d96b8149c65689e0c61789d3
SHA512d1f336ff272bc6b96dc9a04a7d0ef8f02936dd594f514060340478ee575fe01d55fc7a174df5814a4faf72c8462b012998eca7bb898e3f9a3e87205fb9135af2
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\is-number\is-T34HO.tmp
Filesize1KB
MD50f64900f8f30e53054962c9f1fc3205b
SHA16210a5e4e9224b4fc8ef250fe227311daa2bc5ac
SHA25635bdd8a44339719441900fb50fbefc5e2dca1ca662cbaed7a687de842c8b70f2
SHA51272392bccd8964c88ec8aa3d815746a2b6a4466d9c7ca8f428d7d0f3e2bb11674ef494ca335c8b255eee5825c087a77bb45a5d60025f318b78a64e19beccd23c7
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\minizlib\node_modules\yallist\is-7RIHO.tmp
Filesize652B
MD5b15d27bf2cf04083fef9389ce68aa620
SHA1d6a16b480cbd582f969b3d0ed89a157316268d10
SHA256c56b604bce814520105739e9559142ea9d4417454ebb933fd5687ca1d8d89bd5
SHA512bc85712c39269457748b985b9956a6a4c0742976e8e57da32e12f9e3b05c1fc3a916f56d83194376cecaa2b41e0e27cad3725a68e0793e891a0022710f51ced4
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\minizlib\node_modules\yallist\is-BBL9M.tmp
Filesize8KB
MD5f0730c76a34cefcb8ac8b20fdd3d1044
SHA12b9d967d60fadfc9f15b946dfea21e05b41eb6d3
SHA25669a10f726d26f8d804a3deaeac89f0106ddfa03d576d13971002fffc8f0e8a56
SHA512314e2e5eea8678119100acdab251fdb723040d562b34ff373debfdbdad7107399d33c61545d03190207e5c32e5bd85897d526c7582fb2ce4363ec49abf71bb36
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\minizlib\node_modules\yallist\is-SUFUB.tmp
Filesize207B
MD5815f2c408219f81bfc71cf9e216480e0
SHA1357867d11a5f3f9a52d44300e107ef4b8ceb9830
SHA256d02451fa396de7f9ec93cc6fb3b07aaa7be637acb3409a9ddebd1c2de9279c1a
SHA51281d1017d8a57daaf0be2d1d9c28295dfd1a1436aa79a96f0beef8afbccbc7e9ee554685d5cfa5a710b651a7d97a3f928a06a884d12d8ebd780db6c2ee8d7835b
-
Filesize
1KB
MD57f2aa6dc8822ba39d291cb2e24fb9e3b
SHA14b5cc1f1765acab5c676983000bdaec282643dc7
SHA256fd78d08648851e2db1b19e1271a90ad55b640d0b6ae2b20ad11c94aeec847b33
SHA512c7d5927564d6268a156d6066779c1f48425898378e8fc5109b0557a066a333c4f2ad54b093caebb9ceee4a42469c807fffe6a0e609b27e1dcf5e9a49347396d7
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\mkdirp\lib\find-made.js
Filesize763B
MD5b23628e3d83391f3631e04e049a158c6
SHA198d0595fb390e763db9d6887244b0772d0b4e7a6
SHA256743b7fd8fd5ec11dd6a71800650a65079f5bd3f08cbabb5c8dfadf06d138d755
SHA5128d59d6f84a5c7b9db3796a68cf21e73fdd7bacc4cbbf3ee975fa690a3a5711c6d7de7ede2f04e2bfa9b116d8e631b3d8479d56fb4aa2ecd9321b8b7631564f4a
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\mkdirp\lib\mkdirp-manual.js
Filesize1KB
MD5b6a5de09b9a14ad21157947b72567bbd
SHA184d7358cb99c1ce8365d194119604a28c4c0c2dc
SHA256492bedcd991014695803a3788f6c520df9c9b46fc315c9237debfdb713d75aaf
SHA51202b9767be047b31b896646d3ebf78c814dde5f4faa6e18eb19b666437fd62b6f7f8b328b7a2657c3dedb0d0023bf7ca5c294ef0f849c106f6bb3c0513e3a030f
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\mkdirp\lib\mkdirp-native.js
Filesize969B
MD5416245d596fd10f00704362918482d47
SHA1c471c379855ed0eac2e47537d647b1f9c4d7a70d
SHA256bb01894bca455d7cc47c4957687293ef0fa740fc50e9af1351517e7ad667d00a
SHA51252a36033d83e9e26d845560afaa06536a83a01f21d8ffa39e06a76908c6c8c99b19affab46dc4474fd7be9ecdfd1b0e70426581e3647bc35a9764cab499dcda7
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\mkdirp\lib\opts-arg.js
Filesize784B
MD502186675d27f125f4cf0a25f62f66f95
SHA19a156cb053789ae9afc98edb0ec511cdcacdf0e8
SHA256a9a3e4f1700201c1ecb1d5ebb33d6da69ecf3db23546c4d077c730ae42a0a6a9
SHA5123078a6ff5997b321b00033fea93676ea025fa700d136f8169f84576048e484485047829c53955016487924c7c84be428ae28184552f331b06e5e85ba67c47e00
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\mkdirp\lib\path-arg.js
Filesize730B
MD5bb4e73574c5039ac56a7233a8cdf652c
SHA156ea8c6fb15056fc0f5ae64b236638611e9ab0fb
SHA25693abafb7a89f0fe00c662cd8f4100f4aeef7d5b0a068b8a9af81b38f03d21325
SHA5124a6c0e3004a9eb81f9cdde60e8cef7db1e0b1df273eb75548c3c36ed217606138921194b91117d7a030a0f1055262e56d43689804d66a04a23ddb3655ebff18e
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\mkdirp\lib\use-native.js
Filesize448B
MD543d7b801e229d75bd6af53f9e0dd8b2c
SHA1dff74435e5b488880d7a887a5b9b3bebf45a70f3
SHA256fed1e14f4d3a650493666697889e77ebb3be6ccb6054e9f55197566d1cf0eea8
SHA5124b65a15d113095395dd6e4139e7af7334e63ca4f139b702bce6c3cf30ab027d71b5f38ccb27d6a106cf27fa78a30ff94b1bb1708e6fe5b6a410bcdf070063436
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\mkdirp\package.json
Filesize804B
MD56a1f8790c34f10f8e970819eef841cd4
SHA146da394a85c88f3288e19ccd89c03174e1360c52
SHA256a7357d86be1fd6cd9ac7bc78c4d49155ce08c6087a2378fae5b15ce2eb34b9a2
SHA512b4d082f4508c619ac216bc1a33a5596a1400ddd3dd3af2bb5c0f4d81f1efa79719c758dc333427be6ab491e0dad9512a2c6204081cb1863430e6b87991546f6b
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\socks-proxy-agent\is-BK6OM.tmp
Filesize1KB
MD5e0788eaca177f42808ee36bc32bb522f
SHA106000e5076e6e4b51294a87d836817a74c8af65c
SHA2568d8c55319c7729d57be811c747452636688d54f19701ee0752b6b15ad3771d9a
SHA512dc037410a930a54ee25a8fdaaa9bcd3c310b9abd81ffd2dc8a75205da44dbe7a1ad1d058d85271e73b7ec5ccf07ccd7109fc6ebbbfc2e2499695515f34392dea
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\tas-client-umd\is-3VFAO.tmp
Filesize1KB
MD5b98fddd052bb2f5ddbcdbd417ffb26a8
SHA103e1fe6fd0bc6d73c3cd3370d5f0a73c4fcb60d6
SHA25627ebda9d51f0a56b7e281ccd8230a27236dcb51c05f64b07869ecf6e965d68b0
SHA5127d79aae4c9beb85811a3e122a2b12aad231f519dd12a461ac49d52864a735a6b05a263d433c11ede1406d2e49b6dc62dd38487eb7bd8c079d7198a20cf85fc4d
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\uuid\dist\index.js
Filesize1KB
MD5b2673a937956dd553fea88979a8cc42f
SHA1762e669b688265f20c00a33be8fe47fa8241b346
SHA25621f90a4f2f933cdbe9e3afe9274b299a4ceb09fe1d47d513d1a3b7a93d76b1d0
SHA512f24c4c99ae9e3d75849981c669c50f480c279104ce7b55dc9b34ad28280bd2fa25d7896a47078cbf9fed8788acf54bb2ca09bbb138a2fbafb82b5dfb0e9af381
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\uuid\dist\regex.js
Filesize267B
MD5e2ef7a09d9279e21db8013d24bb5e0c9
SHA1a37859848f46b537c22ffab0dff30bc9c0f1c371
SHA256acc4c54d987f100093097f4f156ff245394c39d1332eb2114d7e40db00bd6ddd
SHA51227ef1d3e07342757e2e9af4a4526d4993ac159022501d951ce21c4719635202c9d5e9eb8930a0e3aae6bf69d1b57669679ddd264dcb57965999e688b61beefc8
-
Filesize
549B
MD50d87d8996d8e22a78cb4fa3b0bb94c00
SHA14067220e5549645739fed3207b7db98d839153f7
SHA256fdde4350fc69c07bfed4178eedf6121a56264744207d9f5c8f3e5b1b913dbb06
SHA51247095249f6818493b7bc9e611ba1f0c23e1ff0a586fbd51f67ddfe670600c8dd28e162d0e976febfc229c00e5ad97500a9a44409f5f1f4a9bea3fda66458662e
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\uuid\dist\stringify.js
Filesize1KB
MD5a77c066f9db44296a9c15a146e5891b3
SHA16629c261592c7582436654a2a84337e7c27177ff
SHA2566be33f7aa42be82a7e9d3c58a4cbbd345ee2876aade92b8ec65889732db2e6a2
SHA512149ebd3ab3314665b7bf46cdf53d531f4d477c5c0ef125ce51524dee0587fdf3bcebe60d447c994d0d216f7c50bb0153265bcd4e64883c9548f4935804b4016d
-
Filesize
3KB
MD5b83ac2e2eb2353f0999c4508b8b11ec6
SHA12f51889c14d7ea4221e62af4250e183ded438c20
SHA25686f6dc1a1556a9eddad07231c2a4f13e0ad4b6ff964a04d06866f07e36067002
SHA5120d3681ba6fd1d96b8751b2f5799591bac2910243e8e30c3f619e348335251e9f0472b3a3b028bb256b170f437fe5675ffe7891a5dc04ea8a8682aed120b13e39
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\uuid\dist\validate.js
Filesize410B
MD56d20465f8c9e099ce9747623390f274d
SHA1883c03c3238e2ded18752037cb19d0df5e99076b
SHA2565497d9adffd73474cf379d3e1b76b28698e408124a0726d54e88282500378502
SHA5127422cc71ba0e4d0b3cf70a3af0cad22c7d6fd6b8e65617c6952b1b7d66db1899bbc8964733ca3f37a10d8d95b6f682b4f260c6a4b95a9778a72ab70bc7f35ff0
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\uuid\package.json
Filesize4KB
MD50eccb05f3109374aabcbacbebc0b3411
SHA15c851ca334769ae39ce97442910e3441437dc0b1
SHA256b7cdc05041c5e9bfe240b225e9af79d7f7fad536368d9e582e33f7afedec9abd
SHA5126b1591401d1f8e456bed48250e9537f890b4c339119c756e2ace0989ad92ddae644dc3ebd138171575cdf30bccdcf33b15fd665a11d172f162e526d0ff5c5991
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\vscode-oniguruma\is-ELN50.tmp
Filesize2KB
MD55061208d6c3443a6e0d7d587a04b4fc3
SHA1e1e38d82e592ca62732bc6d6fbdbea3e9cf25d28
SHA25681ed58e26769508df9a2f761dad55b52c6c9de62fff06195b2702fcb7a97e883
SHA512a27a1bd86fbbcf0d2baba12ff8857abfe08a73563a36493845f45c83d5ab3997a2d28ff61cc6f1a2a289cec90884e4cbbaf9e8405d060971531441acb7d77740
-
C:\Users\Admin\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules\yazl\is-ONEME.tmp
Filesize1KB
MD5e62df7ee79458f947161db54ea09ad4d
SHA105f44660099e9e996cc01c6b1c276dd4e9a10f5f
SHA256b303783d5eb7ca50b853ffa5f145e4e7998fab339831d848f507ca6cd970577a
SHA5128fe80ba23a121b3374d93e164bb80ed47759b39d5a863aa6df32ee294aa95d3d22a4a365636c7603375919e449ef8a1587e354a9d2c2fbf33dd01a33a6ae53bf
-
Filesize
834KB
MD5aaaeb92db560a6642e52be6580f776b1
SHA160926cb4a0b352dba4c1b88d4f00e816c1bcc694
SHA256ed4da70976e719d9dcf8d7100cf46ac6973059c4c8a78ce4b6d8ce95bfbeba49
SHA51216df7e32529cd9826509ae63bcb6f1e397f9af6265389bdb3cfdf44fad1cace6a990da2006856223d3cc0387bcf741653f57d7daec1fdac9466651f71751dcb9
-
Filesize
650KB
MD5550a40c81b92b417ba8c1fa2fb000127
SHA1f7ef302b6c3b63ca80a8cd938757619488e9818d
SHA25646e103fc18d7ad06b5d3cda4bb56210ab92ef3b16856c5be2dc09176e257eda5
SHA512e2995be7f49afe60342b1423cfe205fdcc395be1e0ab34285e8642d46a48eee5238309b36f078e1a6ecc12761ad721bb14e97e0b9c03c34412a27b05832a988b
-
Filesize
9KB
MD540992eefcb75340eba173ac7dce48e69
SHA1e121ffc4ef3d8a23fab03336c906d6e2efcddbf2
SHA2563e07d5418b9219a71631a7b1494cfebac1544fad9fd6e28b5fcdc49a5fe23e07
SHA512b2e30c0ff5394d8facf5cf4f3966b59f1dd0060607b2d0421e706a0a5555303bde1ccfd0cab1132032a8466c4761c6cbc01e9215b3e194fc8dee15667ab81053
-
Filesize
55KB
MD5e8fd1bba5ff4240a7f88d27dfef85849
SHA103ea68da262f4708166391f5861b6342f40c5dcb
SHA2561621634c9d4b29360ef753ab1a416aebacf8d12abcf67041071a4978a7f9d715
SHA512aedfc91b0061a0a6b331f89e03bee2eaa275c610a391faa26c31d6b1aaa3083e96db13d9584171c7306d9a2a05aace1b9ee70fb8ee09bb2c0da2fdb1407477d4
-
Filesize
650KB
MD508f9074440e9244de237e2c8f133899a
SHA1b4e8d26add8083b3ed2cdc0fd78fa2ec5a2bcf07
SHA256b86e95e4c75168329bb0957967cf7714365339cae5d5e63aff89331f340461fc
SHA5124a0a2a06b75f69f4c988ad38a04eb9decce6b79f171491ed81744a594a8bc38bb367433baf8357017299ef9a22d4295cb2dacb30cf90f2c5363cc4e5880ca4e5
-
Filesize
5.2MB
MD59b7165a32dbdcb56400303476b064464
SHA1c94dbf589af139ca831fc6a499da5ffdb84b137c
SHA2564b4534880cada8a8639a4ac6905cd204c18e6fe429fa9fd299cd9b9ea3466d01
SHA5126e1f5e17035bd57a8dfc37f97060178f597288d4f5bfd0ac0417bc9590ae7cf91e2b88f53f400af1c2bd75171985c940667fa31e85b809137a54515a15a568c7
-
Filesize
2KB
MD5ce57b4effdb5524dbe0bce9563db5d5b
SHA1da14a17b6e3d5f5f3b53982e230eacb0c822aacf
SHA256b4709482077ca691bed293cf140b2ce19d44787c9ec1beb2dece206abad17472
SHA512aa4a283c0ef37a6f31cf2091549c93ab4244d819339b912e5a05b2455e5a7528e56086e1d4ea25a8709a9c945fda05e016d708ae61faf7c9bbc859fc356821bb
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
2.5MB
MD53b105aad402a9919f70ce8978c3226fd
SHA1a4581e1faf315081cad99970ddd7cf5147cf2753
SHA25611fa6ccff417526812024a06c8ed593ced8b3dc31a1800770f871489396a76ed
SHA5122a405a906d722076085fb8b3e6804bc7313f4ede1892dcbc751d4d57fe6e732b413151e1c3944f84e3e72eeaee9bbf9e78a432643f47ee844558b2689e29430a
-
Filesize
479KB
MD509372174e83dbbf696ee732fd2e875bb
SHA1ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1
-
Filesize
13.8MB
MD50a8747a2ac9ac08ae9508f36c6d75692
SHA1b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA25632d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA51259521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d
-
Filesize
31KB
MD5b65c2492d2209266298f49bc256a9c30
SHA105fe4a6456025d2286104963dea858fa43342759
SHA256735dc7f98a58e2c1bb71d49e48a7428d14dcca154f36b92e4ae695527fa0abcc
SHA51299062049bba04886fdd76431bc3e4dae10afa183f0b3529eaa7a6a7794de7eb60b52329afbbdb641ebc04571798db5b8d1051c590d25bc257a0c9bff6124fa64
-
Filesize
44KB
MD5faf759efd780c5f06bdedc38aa902b04
SHA1a77b1078ef3837fd5620288f1c7ed9457ecc4939
SHA2565e0039e303461709f5b50501cb40591e7d6ac977f34abb967b653141de90ddfe
SHA51252d1011f1c24f258cd3f55ef31fd3ec15e2129057cc29c7295e65857831283ddfaaa62d6b11741a516f5f1bfcf9bd4bd94d8a51e9d55fd01918016208a7a9360
-
Filesize
71KB
MD52e742898ef92fd06ed758796cd318021
SHA1fdc50ec0cb0d6d606ee378822464b1600806d811
SHA256fd9e383b9a629131033d6680eea943ea8c0f4e3c36e32016f43108223952bad6
SHA5128a0fc36653ca6b16b1ae41870a151e8b8dbdb42f335207f3fec565670eb33617ba1bc20bef21d3a46473867c2ef85b78c2b0a0f9b283dbd4bb5e736475ec05b9
-
Filesize
40KB
MD5ecda204b7a736ec7c9b2e7c94d1f27d6
SHA192dca4ee6732a1bc90a75b250bb3eec3a1d2cc7b
SHA256ac43730ff3f87852b49b97b4eed2775616ea8d0a70785f5e5cb8c4e357abb20e
SHA5123f0987f3d9608af15655573986e572105041b7e84b1072611fa967b7933d8334d90d1dedc36041739174d7c7d7a6bfbcd2e20e9266797f4036b2fd6e91a4aea1
-
C:\Users\Admin\AppData\Roaming\Code\CachedConfigurations\defaults\configurationDefaultsOverrides\configuration.json
Filesize477B
MD576dc28495d527b629ba905d61d60fba9
SHA1118d350b24b8f2aa29e91a310a7c0ca565fefae7
SHA256e08b6c1001894663976f47e193391def672bdb03015a394ea2631bc2eda03e67
SHA512ecf0745898f9efeb150fa9e9cf772e914c204bdcdfe34a2473051c31e7973508d7c8ea0a211ec290e7cbd6b868bfd4b1bc816794375343935d22b4ddad3e9f9d
-
C:\Users\Admin\AppData\Roaming\Code\CachedData\91fbdddc47bc9c09064bf7acf133d22631cbf083\chrome\js\0469ccd2b2a1118a_0
Filesize290B
MD5f18fe912dbf877f705f973077b22654a
SHA1d76ed3c9eac045dc15351f0694a77e4c9cb5ccdf
SHA256dfd7fffc6930c3fb3a94e7c988898f98ae6cea825932edcc084763f3fb8f0f83
SHA512757a8cf03dbf3f044de12a9c2081e67be9dc32c9a869556926d280c5253151e6f9ea1e05bcd410c68232a085b48bbb90a7fbfbe28e9438b9884d7e23971f53bd
-
C:\Users\Admin\AppData\Roaming\Code\CachedData\91fbdddc47bc9c09064bf7acf133d22631cbf083\chrome\js\c0f1ab47673ee020_0
Filesize291B
MD50f3844e8dba9d48ca016990ba118e076
SHA10bcf18430fb11db27bb39f659d8894c5850a073e
SHA2566586480506ae0a55bae83edf2ed37a7cfdde138c41b696b5ae3d926fa5c4d60b
SHA5122a1e6aff659ea2abfcc67522f77f2b1f9b6856810cb9b442908fd6c597adeb550bba3f5db0ba94d8fa7218f7ceec86d085aec59e285c0735956a6015be70f30f
-
C:\Users\Admin\AppData\Roaming\Code\CachedData\91fbdddc47bc9c09064bf7acf133d22631cbf083\chrome\js\index-dir\the-real-index
Filesize528B
MD5701a8876a6a0edc3588658bdd3143ed6
SHA123dee1bc9bbdd6461e0f2fad50bf6c34c3f8e25b
SHA256f00ebde42e166902db489a6b6629e3c79a92324284d22b790637ee468a73caa2
SHA512a14d308f38621b3f5385f01cb8f45b1c3d049ee76cfb949f3bf93c06bd75b99e0d6bfe43d0310c1d82d2a48f1c7c0bdbb33dee509b41899de184a44b1491093f
-
C:\Users\Admin\AppData\Roaming\Code\CachedData\91fbdddc47bc9c09064bf7acf133d22631cbf083\chrome\js\index-dir\the-real-index
Filesize48B
MD52211e3593cece7ca3399d2503d995a2e
SHA176fc4b9b3d59418b9f7e4a63bbe3b01a17833d90
SHA2564e52bc14b1a85c7dd01ee24f37f24338a4eea45f4cb5bb20fc918fefa21be87e
SHA5128eeb666ec854e4a1bab8e0e3c095f4aefece24e9d8135157a30567c0d5f8e2c6a757cf9242de5df2b6a30279c579dea5de19d822ca24b4831362ab81d1b6d97b
-
C:\Users\Admin\AppData\Roaming\Code\CachedData\91fbdddc47bc9c09064bf7acf133d22631cbf083\chrome\js\index-dir\the-real-index
Filesize144B
MD54977c8d61afc17415093443c5caf2608
SHA13f21cb5fddc4fb8d1a0c3e22c6f69d92af6f1340
SHA256b88b907147eb73bf175716188487264fc709a60ce2b6aeab9ae33ce3978c826f
SHA5122a09df29ed66fc37386e463c27a99eac397059626f8dbf5a2b4c2f2e71a93d9c08d042376a10ff16a276cdfd7e1605432f78644e29cc6be4203a14d53e957b5b
-
C:\Users\Admin\AppData\Roaming\Code\CachedData\91fbdddc47bc9c09064bf7acf133d22631cbf083\chrome\js\index-dir\the-real-index
Filesize384B
MD59911147cccfa0104d68cd9737c140b58
SHA1da3d1a4534fbd32fa9ee675e18f2638fdbc6d7fa
SHA256330a2e7a5c928d595a249041ef0026d1942aad8a2a2ddf26b9c9d47a49777837
SHA5120f233aa415f04c746292babbeec8b2304a4235c54697111e4e4f5e96e2900056832fb01c3babc8f25c311d35b57ee1e0760ab8ec7ed7915a0c29985f918d5040
-
C:\Users\Admin\AppData\Roaming\Code\CachedData\91fbdddc47bc9c09064bf7acf133d22631cbf083\chrome\js\index-dir\the-real-index
Filesize504B
MD5ff41573f6108ec6b5926e17560a8e936
SHA1607180a332d1453b27609014ffbf1a8764cacdf7
SHA25663a571cc49e7e8c2968787ee0f1f9dbdd07ff4996ed392290689d2c2ff90b2e3
SHA512a6620ba48430dd8a22c4279d28cec85e68834c4f6a125aae8349d2077e265bf2a4e2a6de475b6ef36d310ae3fd2b70e50c27792e39f8dd73cd7c2fd332181311
-
C:\Users\Admin\AppData\Roaming\Code\CachedData\91fbdddc47bc9c09064bf7acf133d22631cbf083\chrome\js\index-dir\the-real-index
Filesize192B
MD5cac333ed29177a55b7504995d6d66f27
SHA16ed1884291fe45043647e569ef1e0d7302c73bf0
SHA256fa24c7e6305c90b1b87f7f60cd2fb14aee42de64f3402e820d76650825c62719
SHA512848cd721fe621142ac72fd1552390cf6a36eab59b6ef4757fa7d6b062183a4ee76fd5023c9ad3c526f192290e380e28c36b84b93796761ade4b52b2204536b41
-
C:\Users\Admin\AppData\Roaming\Code\CachedData\91fbdddc47bc9c09064bf7acf133d22631cbf083\chrome\js\index-dir\the-real-index
Filesize240B
MD560dcc11558b2f481d8ef68784141abb5
SHA1ecc7f3c97a41c36da4e9b60ff9a5dfe20305ccf9
SHA25644a530d27576198c01f146e8289f2bd18375bc88def29df980f7af479614407d
SHA51211100e11ad51a62e305e57f8085d74c905384a5680f76185e9f0848cfec909fcb48f6369d4c8edf056d09ba86dd42095588a5686afb0746c6fa4df06180827d0
-
C:\Users\Admin\AppData\Roaming\Code\CachedData\91fbdddc47bc9c09064bf7acf133d22631cbf083\chrome\js\index-dir\the-real-index
Filesize288B
MD52cfb9637267301af406a0b683d5a7575
SHA1ac9d0cfe8f531a53b3d541fd3c5c0467fac1522c
SHA256bb27098b6829477b60f497de33d3fb77644ea1c31aec14fcfb434fe9d1a12728
SHA512f9fe6f111caa15e2ab063f278a63a2d1534a19cc530a1313970dff85a9f86a79b552b9e45743703b9db89a03f3d5eb1043dd04abe7ca514f4bd4775b54e1d456
-
C:\Users\Admin\AppData\Roaming\Code\CachedProfilesData\__default__profile__\extensions.builtin.cache
Filesize785KB
MD575af4cec7c2c90c03455793a15630715
SHA11b305605b769e2040da7aff0d02384958ae7e5e6
SHA256ef78c5d4d48b5de5fd97b046617344570da434897ff49c9f942e23c3240fd241
SHA512c39323b4b7c0a20985cbf493f9080e3eab26f506bb385e6fa5bb73ae6a6786850bbabaf222e23766dde6f864279681cfc992ae47229cd0146fb05c8dd899358c
-
C:\Users\Admin\AppData\Roaming\Code\CachedProfilesData\__default__profile__\extensions.builtin.cache
Filesize785KB
MD5b210046c5a558e01be0ddf6ce8e84e39
SHA1d9cd5322b2b7c3541b40f6491e564a94b7903c9d
SHA2565c5dc983f2919b9e686e4e60efd41d53fd9032744f69bc66a9c1126b2883888a
SHA51261f7bf3fdb637946835562583d07afadd9b08ac174c9870e3448f5c895c9d3a3d7e3e841c1c8dc2b59ed6149d12a48a277aace0bcb61ac5cf30e12c7d6ba1e42
-
C:\Users\Admin\AppData\Roaming\Code\CachedProfilesData\__default__profile__\extensions.builtin.cache
Filesize785KB
MD5af9c14e14ee7e8963e90cdaaff6a4110
SHA16e77129d977dc076236a7a0c4195cf0b89271e03
SHA256162fe6970828265c38f1e01d29bf6a5598689eac0eaf57866e9ab05e3e5819cf
SHA512fcfa68fb5d33e4c6d89e33d0efabe3da00761318655550f238ac2973405680a6b528b15f991247ee6da43c6fd826e95188a62da57f8ca7ba9da018e63b0a1e7d
-
Filesize
277KB
MD5424a4f37f39f1956caeea5757b9a9a07
SHA1b66b9e78d34a18b30eec93b29023fb47d0031639
SHA256ddc122efd9329b8b5bd1ce3daed37a5617fa65fbf6daa4aa88bc8bcbe7a0a2a1
SHA512d9c42427a3294144162b536154aa8f1ea880cc0ca46c4f93e5c375d12ed527f9d260cfb01c0b71906efbf9bfabab59b0dd3e5d398c73ba7613b78756ea3a551a
-
Filesize
61B
MD54df4574bfbb7e0b0bc56c2c9b12b6c47
SHA181efcbd3e3da8221444a21f45305af6fa4b71907
SHA256e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377
SHA51278b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a
-
Filesize
713B
MD5e0311f09db1a8c01327c56bbb17ec2e5
SHA1aee29f9850942c8a34a93317452b26d62ce4de5b
SHA256bbae021807030f038eb04ecfd733daaae2855237ef2b2c94c3c4db9a5c5a0b14
SHA512414300957a0edcdb4dc44327627f81734aa163aaea7462a47d79d9c471ffccf34ec830c07a6f36fabcc0a3ebf8361230f4f8c47009c560a49792ad80eb2dd5e4
-
Filesize
785B
MD57d6b49ad7d8ca867864f93b7224ef617
SHA1a251e40f821a315c159f8399a72ba061aef000d5
SHA2568d8b82794c9058e9c20350fe7c51989caa9600174fd79ade51808cc390fc0027
SHA51292d63df420c732cd8cedad6c982cee9023f570bf95dd85a30f45e34b527e503e4c72b2bd64dfd029c0e1ac2b7d58c53f2f9dac3bb5c766a5e712f78a8d38ac38
-
Filesize
867B
MD5122f68daf2b036aa9ec8de95a78be303
SHA19a45bef641a711ca3b87e652935fc453564c26bb
SHA256b6bb683ab4581a80c4614a59071bf4e6a32dee2f9c5de09a1462d15e2a7a1cfc
SHA51201ce333ce47663030ebfd315220e30c44cf773f0d58bb032cd4a93c935f0968615f1afefecc664897f0c446f50b3df1fae338ce9074ea746ced4a43358b9783d
-
Filesize
867B
MD5bb779c981aab48d7f276232bc81621a4
SHA1e3875d59cc181d19b59b25f6dd2366c77d070efe
SHA256dbadabbf797ec2ca9f2872c0a471e4ff96de2f1245ec1ada6bac363fdb3ebf44
SHA512dd9f683ce312d157754ebdf2967882afd0980d58181fa908804fe4929107340bb3d62fe304b4101375b7dc58c32b55b06c776d47cf9e847df019d9ad292b3676
-
Filesize
59B
MD52800881c775077e1c4b6e06bf4676de4
SHA12873631068c8b3b9495638c865915be822442c8b
SHA256226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b
-
Filesize
858B
MD511fee7dc1b5693ba51e2179047e26894
SHA171128e961ecbf33bfe7d53760f0dc7f30db65d30
SHA256dc13cdba6e4f504a8d58ac61fe7f13e0801a7b19d25dc0b4ffcd73808923e769
SHA5128c086aa45eda015125c1956fa2b9b1067152c1f0aeab953f9ae5137e5b2af09e45b1dd91d541d25ac5788f4b763f2b251839fa5d708fbc298c14761b0c7cb42e
-
Filesize
858B
MD5daccb929bebd103e28e61434f641890f
SHA18ee2b45e72430a64d8b792479fc637630dd2030a
SHA256e2002fd1947b682301dabd6c8b699dcae7e3c94a93f1757fe5b6ba0ba88e12e7
SHA512faa8530129e2a4c011ebbea7955196e2957f86408ed84d97faedf51467851b5ca68cf561402d450f3125b39d8d825948eed914e51c1de38de1f6aaedabe89cf3
-
Filesize
356B
MD527e4bba1cabec44ed4d219a5649bb85e
SHA1c16023896e955bbe5159b847eb11c2a68152eaf2
SHA2560863befc9219499563f052462552806438e6a031f0d34fb6faf4dd718532fd22
SHA51262bd83ea05c0f52b2351673cf31e47d4d75e088e797f075c282d176e5d625b0d0bd72904cc2e363a15c6347bfe8c6729f032a908f478424a0952eeaf51aba2aa
-
Filesize
524B
MD5717a4be108a0a0f2b1b739fd9a88ee06
SHA1b80f20462ad0997bcc6d20eacd0648d7e2fffd24
SHA25630e4711d44046e36c6b10578450479e47ed1e484202064d98b3ea83b070f2c13
SHA5121a62e5b24870a2d1628f0c15678fbd00013354da9c678bf0d7de5a9b410334789bb9e10db0d6f27a26c35d7fc91d4f06a3776f2120fc1362266fcd00e34ccab1
-
Filesize
691B
MD5a19d12947afc141e5d465640eb21a80c
SHA1f774b9d7889113a8f8639345bbe12173284af81a
SHA256884651c03a60035bc4ca9fb8c37c7393afd7f2f1824746de3120d30e3e78ef18
SHA512ba0db20c99ae816a6e55523aaf44e462a38a33987c93787044c6184a868c49dc2d0b8eab5e1c488a88f7935a8b2ca5787086d5adb9cd4d5f1b261ce6cf294d16
-
Filesize
691B
MD50781617157bd3227fc8cfa20fa084d06
SHA1afed693956e7609542384d08aec0d1ad4a4ce3c4
SHA2568ddcbfb55909d866aa1211a06d531df8ba48f8dd00e23133cafdf598064d9647
SHA512e74c974b69f865a4603cef6d85a515b5a9c4ddd41ffb717ea83f78222df6485fab8382047c63ab921a01eb4ec10b758f220ca6b863c9a51a548e4c72380748c1
-
Filesize
691B
MD516f55964ed211bae0dedf7bb4a53d890
SHA1d575c0343bc8b4ee0da758dcce0176483f0227e1
SHA25695de24b4c04e81989f31c924acdb38ef0e38f300b4ac8fe4357964f03bc7f3ac
SHA512b2a02c7ccada09465e21bd6ccedac804381f0ad958babbe1f9b2aa248db3ad1a7384b099ba7e0bcfdbcc8b48e8dc1e48ad6952a08ab582375f46b0086920353c
-
Filesize
858B
MD5dcc2083b8b03e02510edd951038e4187
SHA1c30041440246e4215f059160b9329d7e595f7d59
SHA2564b4b84877a474246d840f9614941033e87b37d93030ef4f518534d0787783c29
SHA5122062bff2e13303e2a84c358dedc3629f649d44342ad8b8b023204134be5b621fe761d80b77c61208046b74cb91a2354b44bf5228ab54a7c729cbe11802836782
-
Filesize
858B
MD5b8e9bcbcefe08790b54918748e068f15
SHA15bcbefc10e7c70a6973f3569897dd2731548934e
SHA256706c9702a589cde7e7beee8535f8d4c7dd5a33e19f2e702b5386b737aa063c36
SHA5128973390af65c19af81050b4c27df7323bd84744e06c7dfaa14e0bc3408e57712404a5588f5834338f05117e79dbcd323a7e79ed6df5116de855e0c0c91f71ec9
-
Filesize
356B
MD5ec7cd080b8c1101eebd2e08bc28f0a63
SHA14dfd78b5619a3eb2d2ca9ff5de36804d106e005f
SHA256e82c2953d7211818119131883e85aebd84232d8d1ab53f12fed0aa361c407eed
SHA512b792e241066e4c4253985eec60a9e0fb7a3037d1d46a5599c9ae8a7f85bf82a1586bf393cece11a187e2d5506a4fbbdb821ce413f401d14b8419484603f6a727
-
Filesize
72B
MD58a7a9e6236e79c27fd563b8f8a4576f6
SHA1c0a94af186e229ffd0c8457fedb06842375544cc
SHA2561d88d91fe0f7dadae8b7930f6368795265c043aefb44350e2e8ff3677b233aa5
SHA512205d468520c5cd9a6f899442ce72e3b77d3fca199774917c3c3e6d57b395f7f05f59c9c08827d2980b30ad3e2522b9ef75d15c65179203edbf598ed251092c02
-
C:\Users\Admin\AppData\Roaming\Code\Service Worker\ScriptCache\index-dir\the-real-index~RFe65020f.TMP
Filesize72B
MD5f8cba1f8d3bc05a9f780a1347231155e
SHA18bbf02f22f392dc95e9258bf075f3e8a9d666a89
SHA2562615aa6287210ca01e58333fc15ed02d0cd5d514ac260ac569352029bea22569
SHA51259964821175701929723525c42202d45c0618d6e66f23913802491ac7be18b93b75fd3bd5aed95ff07c30836e5b5d6f36eb71c9044d0b727ce4ac1a7c45b25b9
-
Filesize
24B
MD554cb446f628b2ea4a5bce5769910512e
SHA1c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA5128f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0
-
C:\Users\Admin\AppData\Roaming\Code\User\globalStorage\ms-dotnettools.vscode-dotnet-runtime\.dotnet\8.0.12~x64~aspnetcore\shared\Microsoft.NETCore.App\8.0.12\mscordaccore.dll
Filesize1.3MB
MD58665f4577c8f0bf52a00123d3fed3ace
SHA147c0e172a0717c1bd428bb025e5cb1b88212f61f
SHA25677df34bbb09d862fd6bd1a1058933abab87f29d4e4965b895f82bbfb92688b7f
SHA5127e29634d48521fbf31861e25a5ae550552eec8659f2b2b61dde5dc5aaed6e11a2f220a3079b27e9d9920fbcb8d7cbd5f282881c1718b5c3e94e7a23ce6d857ff
-
C:\Users\Admin\AppData\Roaming\Code\User\globalStorage\ms-dotnettools.vscode-dotnet-runtime\.dotnet\8.0.12~x64~aspnetcore\shared\Microsoft.NETCore.App\8.0.12\msquic.dll
Filesize525KB
MD5027854570a4412624becee78a10395c1
SHA16b0e6bc0cd97f2cac1b962be868fc7cb621d77f8
SHA2562d67e87859ecaeb15c4dd621b0983f1a9ad3e2aa9b11624c018a43e6d6b06bec
SHA5128593d309434c7954aa42e5bd63f76a5bae783c8f2130798ea285032c71f890c4c1783614597ee2ba3da3294a68ce636ea2a9dcb21a858a840c8d8f6316928d65
-
Filesize
2KB
MD577f81ffb4353837a8ec49cd5b761872f
SHA15d3f1cddd14193c884c903e635de05e465843795
SHA256b62a8e603636846b3d5554c5d27474ee6c842148c88bfd52e5c7de0c03a733e3
SHA512bbcbd27cf4dba5ef012b32f22610f6faa391fb9cf8bd7d5ddf2399820314ba4f59bcb48c8682104a66983b8887fa254c1f62190c34f78f9ac3a6dd3e98a77cab
-
Filesize
606B
MD56c6567eeaa2e125d69f8cb74873eaf72
SHA1b74377596256f1a3a9bee7fd6024a05fea7f2985
SHA256676a5d8c59f910fb859ccf41a7f556d706be1d307459688e2d3c19b5f014171f
SHA5123d2ae9d70f115fa3c3a5529089cb3c75f6a39263cda81f89308ffd3c1a74afca7871bfaf66d392c969d7018a3855c762be9c5e5f3de6c7391be6bd4b92e1a72b
-
Filesize
1KB
MD5bd197ab9e56e291a02b0f49bae13cce3
SHA1498ed8b71732630d92bc52eeb7128b4efb84f6c3
SHA256d3c337d6294dfefead0c8957005de4cbaf277d79a08c8df305edc63b72a46247
SHA512dd72ec09e6e943fbd15501b7e09d86a6cbbf30ad6aa97c057b78a5bdb9d308a7489077dc98ec7b38ccf2de86edbd735e587d88d105a9aad1fb8e84e9923361c0
-
Filesize
2KB
MD5cf95d79fa2027a4c68ed8dc3938cf594
SHA1aa07e99cc0f983712a396a830493bafe12920f50
SHA25644275c389fb44dba5115cf97e18aad66049cc2d3b73862ec58fb095f301b1e15
SHA5128ab3afa122c6e6007025e6649d1fa1a03a78b2175f97d47ba0ae4e1a37f7a8f90e99a3052884c9e24a64a3b6265bae2c1fa4ebdab79439d6b7990dd856a6a71e
-
Filesize
1KB
MD511a3b8d20afa9dbdece6b2efbe36b409
SHA179c8b77d7cb24569413224ab916116db4b0f8e5f
SHA2565dc2747b179238fe638e0687dbfed54e57ba911950dc8a358b189cab2071789e
SHA512849194e4ced881a4235349a5084d80915891f2ddc95b3370c85b4b3f8eaa2eb9c831ff812500a131775f68c749d5df87f476317aa0130a4eeb00a26898c8a6a9
-
Filesize
1KB
MD5f0f1851dc525a27b5072fbbfa56158da
SHA153bd907a26e05c0d5e8ced1401878d711225da8b
SHA25651d69c8e2c71837734cbba2c86dd2a70b510be22d5c6854bf3c0be4e042d8072
SHA5124cdd64651cd614576d42179ff638638317f1131ce08460e7d6d7ed60c3f7027ad2a2794dc3b0a30ee1c8d7223d37d5bc1d3be8bd5da24eea3c4caa5bd44c51df
-
Filesize
1KB
MD5cae4c0637f787bc5248b1473202bdcda
SHA197c7481361660c4967c098471d6cdf541b6b0989
SHA25693cf46ac6d30d065e34202116e92784d8ee86c035a6f3f5ddaadcd885e415694
SHA5127a570369069a51839c2b713ca34a24ac7630a8ab1a59bebfc810cfd7846e85297480da900d4fcf66258b2e20e9910836f3e5ba0b602b6717266bc320e871521a
-
Filesize
2KB
MD5a5245ecc15dcb48ce31e8a177357c2ac
SHA18954b6bdec0d88692d62c8a16d3e7406f7d80def
SHA256f7225eae112df675db2775ed7d7d4207ca2d9d504d0d74e3b93e8f652348eef1
SHA512d81cce4fe2ff20c475cc70c8f4b0bb42233565d82c6cf0e6f24d6a4051c7da7ba9e73f766d3a4f5af9aadade5685e9645db11625494067c3979342139da76de4
-
Filesize
1KB
MD5a44ccf4e3c65e7ac093a8c7696fdd0cf
SHA1406dc7253294bffc83800e6bb0028b6a200ce284
SHA256de142a31d32d328abb3ef8d7e38efc800c6e52d38849e1cf2701613e1e68c58a
SHA512ab3beefba352984316e1ab8f5228e8100e0d5a40a23e7af5cd3d53ea71be9dcc3b66f0beee1efee62524a7f105b67811364eccbf4f876d08aa0b65d1e9cdc313
-
Filesize
1KB
MD52f0ae98d8241a7932b7c98e9fe5196c6
SHA120a7921e205a03ddacf393ac3ea5b8b1eb3bc3d2
SHA2564267c6bba63b844c0e73a29f577597e48d0784a0838f0fa0b5c7fe84072554b3
SHA5129829ff4e83d0b78f37ddbf6114ef226b0b48ec35327fca1a766b87430d47e348da0e2484004bccaf61812a1aafa6ec7bf2f4bfaabcdee66859f275d07e857a15
-
Filesize
1KB
MD5f8a6c9d37a43ef0ecdde3c43a1d9677d
SHA1c476c1ae9c10d9d749294f26c43584fc30ad4226
SHA256916f224bd0c5e6f5218e2cda50fc8eafd11cd216f3327c0210ad936d8fcee13e
SHA512dc48863711d9a9f3e39ade0bb619074d42bb144550823bb1aa232ff9f7ce6b69d95772c1e23593807357b564b5b58b2d7bf5ab883c34d2fa2fbd425566b5f4b6
-
Filesize
1KB
MD53bba324ce718fe964bce4339db2e8926
SHA17fb4ad30adaca3cf3ecb8239170f88c84f877649
SHA256e6b59cebab495bf7e5fb145c5a5148a00265cad865ec9f98945ea141c3572407
SHA512a0d3c442eead5a5e9dc808cad2e3143f537e80757dffeb278673d2914ecd5151b74e6cbdc4b4a81e87085ccdd7996f9180e32dae0651f3cff3a853f8648d8411
-
Filesize
2KB
MD59974bcf59e035670d9ea7e43942b3f3b
SHA1c7dd2f8283c12574a3b8b432a2d104917b4706e0
SHA256cced374b82e1350f703b570ad788ec28ac1ad8e4b006e8d6e78885072b9b30b6
SHA512013c4d12d128d64189b0924a63288169e8162bd22004caa769a77eea436c97e7f4d933f25cb3c1d8f22f77e7a46217bec978cb8033ba548b54895d52e5bbed88
-
Filesize
1KB
MD589f6de86b99bd85808aeee472d6dfcdd
SHA180449f594053a0eab76bacc10248329c80bf2c9f
SHA256683bd8868be8da62a5c08ff87068635ec76ae057b49cd3c28d55c2826b48861d
SHA512df2a9d70e64bcef7475ff70206fde89baf2827cbe2682c0975e136ccc320b3936fde0b0756e815f6b5967d45b3acc0b41636bb90514d5ce1357008139cca8441
-
Filesize
1KB
MD57f9569cfe82f0de0c763022edb4f669c
SHA1c485fae3c380d4ac1fb38ee8e7aca2c71bbfeb05
SHA2561db0f5bf2c08133933963eb9194af7364dce21f60156615412bcef21ce00a0ad
SHA5123fa7c6c01339a60d80a60b737e1d9feebeda1fcd25a941a9aed5681355a879294f6bf6d0fde9988341f8abf4765f4d18487f01b7d4451e243b327cace5003e10
-
Filesize
59B
MD585fe1f19293eb96cf4f7007f65d6036c
SHA13809a13fef66c08226315cdf4a8958866e7a49cc
SHA256a5d6beaa8d1459c345a024ac3fa042b60d7d4bfb082cee43bdbbab65417eb8c5
SHA51289d12bb0a39ed3b9c1405dda8578f8d8535f541eeebb4173ce835baf1bd76c663207f90b4e42a5748923db99ec40ee1ef4760bf98ab8263ac11e963bf18791fb
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
57B
MD558127c59cb9e1da127904c341d15372b
SHA162445484661d8036ce9788baeaba31d204e9a5fc
SHA256be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de
SHA5128d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a
-
C:\Users\Admin\AppData\Roaming\Code\logs\20250116T184821\window1\exthost\ms-dotnettools.vscode-dotnet-runtime\DotNetAcquisition-ms-dotnettools.vscode-dotnet-runtime-1737053331284.txt
Filesize169KB
MD50e03881b937aafaa5813e4b6cd021fa4
SHA11e4798e6d04135007ed3212b939fd0ef1d844b62
SHA25656c39a2d3fd24371d069a1e09ec57824dfc848edd1c2ed308534024aad801d39
SHA512310da1f35f7186fc56bd90faa6e0b7c70ca136a5c8174a7611732212a06a64e5c62c75e33168c68b7412b5014d0ef44b88bf2fbf2297f637616ff7ea57e521bd
-
C:\Users\Admin\AppData\Roaming\Code\logs\20250116T185204\window1\exthost\ms-dotnettools.vscode-dotnet-runtime\DotNetAcquisition-ms-dotnettools.vscode-dotnet-runtime-1737053561622.txt
Filesize132KB
MD5bca8f67479e0f383067cd378ea5cab88
SHA19f25b3dd90f7c74e702be15af1309829f6c151fd
SHA25656ea1c9164fd1b452b8fdc7e338bc9c743c93b43cc876ebe4bedd2ded63e6427
SHA51227bf6fc68fa588272136a5af75beab06ab1299c1bc7cb0d5b6aa98886c9eb8a77aa94279037b04e3a2ce57345bb875f73574081205501ba394af5b0658c979db
-
C:\Users\Admin\AppData\Roaming\Code\logs\20250116T185657\window1\exthost\ms-dotnettools.vscode-dotnet-runtime\DotNetAcquisition-ms-dotnettools.vscode-dotnet-runtime-1737053820827.txt
Filesize51KB
MD5a89c392f38a9673b83a06975c8131a5b
SHA19ac2ad69ed2c3da5c2cbc7f0f428f183e6ca254d
SHA2561171647823a91bf2a1601af43bb18061a5c8e5bcecba1e4e014e994fd5ba82ae
SHA5123a34f1e8d41e4506d9afa6255d210604b34fc58128d83a72af39845a13547700b5f8a4137fdfad02f74ab29c52db29e034ce6e0955ed5779854ac04fc31e35c2
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1ced32d74a95c7bc.customDestinations-ms
Filesize1KB
MD5a1c7b78e0df0719db55fb672803ec4a0
SHA141d6a02026835b1d8df2ab70d5d2ca06d34d6cfb
SHA256ade459fe6b0206be8210fc867e8cc779142cb909ce3081bbfac73d8e868234fc
SHA5120682c48dbc98f74ba6cfe3a8ff4565b2431837e6cac01fa43ce6380662a93afbb25695d6c33cc414c4c43fe0d66cd9f013e851a3a22f7614b0989506ce65286e
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1ced32d74a95c7bc.customDestinations-ms
Filesize3KB
MD59b354aa4ed187a8a6ece0296a3cba263
SHA11f68ea6890fab043c1da636031bc7d76b8914297
SHA25633ecb185bfdfc3e241d79ffd03bcaff1a55e49ac8a4012b49accc38c9db17ee5
SHA512fc0165715cafa234803c75b3df32fb2a5f881a199defba22fe22e3ee969b2f8cf9b7b5f0ee74bb7c3573ebf73d9e71a78cdc1fcd19d4d568ffec5f5ba53b465d
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1ced32d74a95c7bc.customDestinations-ms
Filesize1KB
MD58e20efbfe4a8e793701647ea66420681
SHA15c7c2ecc0201d938a937788a72f0e7bb612aa6e2
SHA256192f0d5bb1d9a6de3cf6afa5404e19aa88990f6f461f3a5e7c818a512cdd85ef
SHA51280da50fa91851d5ea58d2b1a7db25b9bdd13e865247ffd03d968d6a3690ed9e5ca3d51dda00bd75f6988f9a53e56385c7c7f45f96af140eb934e26ab4a4a7494
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1ced32d74a95c7bc.customDestinations-ms
Filesize3KB
MD5b46726b6bc8e7deb156336380d627dc8
SHA1444b715bfe10c69d6f40b59ab65c1a8a712772a9
SHA25634e76db564e040f15954926f61f1eceb3096498b0a2819daf0bb062a1baf71a8
SHA51292b7e2519883f337ae86509be4d9ab894ea3c01d3b854344c7f04aca2ffbb03050ff022723e91f0dc427db053a59f79b4214225dbb10f747f48541c80bb4fbad
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1ced32d74a95c7bc.customDestinations-ms
Filesize1KB
MD5133f06cd2d450e27b5894c9048c98285
SHA1f504dc4c96a4f143092f6f8d99eb858dcfaafb30
SHA256d775964e402f14f86f3770e908ad4e3b96737f937dd35733fa46e0116bdb85ee
SHA5129cde5327379d95cb47e42d176545642c9ab90db7f3ad33d3512c6811f25cbd0215e10894d36cba4e60eb010ddfc37e9843d56071e695dd37dc9381484b92ad86
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize16KB
MD5760c0898fc6efb9f7455d83e27631585
SHA196923daded775f009affd098702e5b69b0aa09a7
SHA2561e71d367865871bb93cb6139422370316a87749b3301372b935e9f46592eaa88
SHA5129cac00425f547004143030faa5fedbf3ad443f09a256ab7016df0e64706c1d30d552fcc883992930ff1707f5bc72beed0b5995cdd16f40d190c256a8d03392f7
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize15KB
MD584eb01ba1733b22136286a15f3d25cfb
SHA130afff416530f9ba80b5da8e9e4ba6a95f6595c7
SHA256cd0670d6226ce4eb779ac024bb261148108f4294bc9e52b5c919491564a22f7c
SHA512e0f6e58b32f5cd8ef55d3386a678cf03d9a77798c38eea4f7122cca442ba419e9c15ab63f99f0aca9a8eabfaaaec62e51c5def01597606bc9315ccfa2c5c7cb9
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize16KB
MD5bedf4c42e1a577d7d411c77583e42717
SHA1717fe21e5aa1b4732d4b31c6dd014b31230ac5e8
SHA25662ef9c49744ce0831dcbacc2e64abe033fc23068425b72e03a3077b83237e822
SHA512324a77288e8fbee8394f09af7f497cf849f85388eb2cea264741193cd21e1ea7efb07d7b9fe11849847f96179c14b38ea04a3abdac7adfee51dff3685dd10f53
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\AlternateServices.bin
Filesize12KB
MD508006ec69268359e20bab520ef2af0de
SHA1c8bae92a082a1ee6ba9305a897846032713de90c
SHA2563c37d03cb767bda85be8866ead63304bbbb838119c6803378af267025006ef85
SHA51231f3bf420df6ce597207d8fcf6cfdc863a12ba8c1e968975fc5ccb966c34d8d45c95e470dc3e3a19cc8cc5ef40247d5c7584d959988454d9e1be93abf496d37e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\AlternateServices.bin
Filesize7KB
MD5bdb3f414d5c5227b7d92f760bff80e52
SHA1dcc6416ba06d3714fdc9925b836d46933560c92e
SHA2563ed197dddfc7441099709a6271b26086a08c32a507a35d4ec8b526d3afa0743e
SHA512216641cd09872c2230da9ff4a3f918634ab737c646f68219a307dfa51f2738192541b086b022f268761dce9fc0ec694b7824f6e55f06060d43628b80d8fb09fa
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\datareporting\glean\db\data.safe.tmp
Filesize5KB
MD5948ccbf889bd6db3d4938e70129f1b29
SHA1ae11082eee282a433f5d6fe1f25dda731f8acd70
SHA256d92543c076e16062cf410d7a8b6d85eb44d5442d43a9c9d4937b273c1d8851fd
SHA51247b9fe1badba4a1e25f54ebbd2a55ccd2d50ee6b73bf8b9ab715ebf5e3b4c3fa77513adaf9858e1e16a438ef8f749f808f46bf012662ed45bcc1ef2089b489f6
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\datareporting\glean\db\data.safe.tmp
Filesize64KB
MD503f16ee47d12f443056cc53d78a4a994
SHA12a76681781657c84c282fb74660e3374caa5815c
SHA2566e51216325901c0550250b70b22671c6a673fcca501356d4875fa8731c93267e
SHA512f733a75e434ff40b64acc4c26f2bca9343449131a3e1433a8cf7b07a35e89d9662057ee6a55c28b32f83e17edb55401fd9b0cdbdec3214264958342f9d3862ed
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\datareporting\glean\db\data.safe.tmp
Filesize63KB
MD55c11f0d37b80835d77376e19a58d8c22
SHA116a0aa53ae43fea1dbc29f579a6c06afa52f1eef
SHA2568a49e4b17555db915cd050eba3e3ec31269006df347cabd74dcf7c02261073ea
SHA51239d119760a3d47b73e7b8489ba4d32b9a9c975d03cb0476a76775ef6c60dd68af01c5ea6b4e48d961a184d20ea79e857f53538b9da193d251de7b47805f96296
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\datareporting\glean\db\data.safe.tmp
Filesize7KB
MD59ee33e9b1472c78b4123a80895a54bc7
SHA16a9599af9e174a10032c314841829ec660290158
SHA25683bbb20bdbcda90f8954b472dbd23e1d3e5c1445970c8a284c9aa1988c9c499f
SHA5121739705d03bb514ee4b23531b0ebc7ebfaeeb2c694188196314baa69311b2b62f71a22cf993fd93a2e251d264ad7dfaa83537a5b1ddff305377a77ffb59fba12
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\datareporting\glean\pending_pings\66971856-2c6d-4d2b-a005-702484c590d1
Filesize982B
MD5d14122a9545ba9700deece004a5ae27f
SHA1632a278514142062f9eaafb838e340d36603da98
SHA256078b02fd2e1bb91e7637e78287cd9f13b4f5546ab1a8bddc34d900495661144d
SHA512dc22ba390641d91be8b9992d1592086ab2b746166ede97bc085b02fae7fab5f2f6e3c18f0f05fbbeb4b789606a7862da56b70946bb909481f709a6539aeb96a0
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\datareporting\glean\pending_pings\9976e8a8-8525-4202-a8aa-c7d62920168c
Filesize24KB
MD5b1abad4e8cfede0b35b74e58b5a17a5c
SHA15111071e4663f529999e64bfe5a9b60ed93bacda
SHA256f02a9dd4a6af2c749f6f28890d92244c211d7992adf3688ec10e2e864f42e45f
SHA512df7755d99132465e65c55080a54db7a9dc27c1476b6f0eb9bdf12f2113ab14febd0122d037086c6e4c3aa679b29f9d8b6af36a81c3cb53309be8128ec9dced29
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\datareporting\glean\pending_pings\b4e3a698-6464-427f-8115-da5be67d8b91
Filesize671B
MD582a4801959e5b3007202cc4010e2bedf
SHA193dc4e89b1a4e80753e2f4740f59f5959ce76a33
SHA2560c0c40f7b10cd4b2d31e4f1773718ec5129a2501001e6ed94fea9e5e52a470da
SHA512f57ecf24c74f8580bb6c3b23142e9637cf0885ceb21ac521478a485a4de38443d6114b0e527143bebb7fbe8c876a132f9f37b64ff04ac284ad5482fa9cee81b3
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
Filesize1.1MB
MD5842039753bf41fa5e11b3a1383061a87
SHA13e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
Filesize116B
MD52a461e9eb87fd1955cea740a3444ee7a
SHA1b10755914c713f5a4677494dbe8a686ed458c3c5
SHA2564107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA51234f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
Filesize372B
MD5bf957ad58b55f64219ab3f793e374316
SHA1a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA51279c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
Filesize17.8MB
MD5daf7ef3acccab478aaa7d6dc1c60f865
SHA1f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA5125840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75
-
Filesize
11KB
MD53b947976d1efa5c57cedc601f27571bb
SHA1f100a1e665d9d248dff869e4b93f90ece0212f8e
SHA25610af580a994b37235b95e4dfb45b0d41363d124485039544af49a7ff3d8fe8df
SHA512a0b812aab0235289647203681d56b331d56d277bd9ff25fba979022b4cdf572dd589e14bf4971b29ab070971d54f3c17e4f71d6fd32d78decc7b9d20abe83ede
-
Filesize
9KB
MD5171117e36466d2c6aad0f5ab17aecb9b
SHA1dc470740c14cf6166254c73b6b41cc9184d08756
SHA2569d1210d4ba129c80226633db69db8ae90c68dbe0ab30af47851a8e875875fb81
SHA512afb268f37ecc8b6000c5f3ad36151274f06ce8a3b56eb2efc3819e8817feb44a96e5f7fd27904a116c4df4f60feb7a4c6da05f7e0d6721c3f71ca5f6462a1012
-
Filesize
10KB
MD5d804bc0634d2c271c7f602be7e22163b
SHA1d575f4c21da5b2906f7431dc45c289c76d6ce86b
SHA256f8ecb3ecaf58161d6da522482892901795e692c1dc634f78d2c81dc6f5d55ac6
SHA512d3ca00863173b364851c07263ed913d8f905b74b139fa2293071678815e474fb8cb508d9602cbfc31474f30424a8de0c60a6c8d9d57eeeff9f0e38177193b598
-
Filesize
9KB
MD5fd2521b83f8fb8ca85b8f0194ba6b4da
SHA11a05d4c3769e79469f21b0a73ba1714355dc99bd
SHA2566c3bd988f34d5b19b5a59630f94eca709d046d4db29a36e05c080d22c95f6ca2
SHA512d741c5ccfebdfe0bfd56dd274d2cb25b5d1b3dcab1d6c84766660dadfe2041f777d4b65b0ee8e401ae3734c97686c4e425dc233c4852404eb666098342edb439
-
Filesize
10KB
MD58d050f5abde47fa230a8858040898471
SHA1067bc9bf2e9c170d12804934af96fb4547e4d070
SHA256dd73c3d8ae1bf1172a7d0946e9c320237acc5cf2621bfc1270da79756ae90740
SHA51245583587dc5f63ad5248c61faede06585b5e6370a99a4e6005bed65fb1d49b13461fec8e1e6cf1fa380fa622345866634a562a48136b77c4594afdf0d187084c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\sessionstore-backups\recovery.baklz4
Filesize1KB
MD5af67d5ad472804796401885670ddbd3d
SHA19cb134c1d4dec1cd91cc2004927c4f24f39d28e3
SHA256deb2181c1ec836a35e9611861d2843d5831a83d1828b550d03a0413e492a8e59
SHA512da2074621aeebb69d2f15247d80191a0494f4b682dfb242246acf1c6b790ca984cc627b5be5a77cf12a1caf2b8f01ce72f835542d01f8e163da7bcb8924211a9
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\sessionstore-backups\recovery.baklz4
Filesize17KB
MD57039d3cd6aa9ff8aa4a1b8a1475ee8f6
SHA1b0ae6ec820bf8036fbdc10c9bd32000277822eed
SHA256da51ef0877737523184711288de3bed7b81bd63e4f36dc0b8fefa6155318e945
SHA51223aa82ff48f6949168bd20e3edbd5177324c8bcc031dd2026a7995aa5ed091b85bb9a1018c52242d790c2ca7651546d543deb80578b93e4bd068aed154586fc6
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\sessionstore-backups\recovery.baklz4
Filesize59KB
MD555c596eeb3200fbd8523d19324d2d71e
SHA10d6696df6e506434be9d93a08e00b010553dfdee
SHA2566bda224b5d1c00ca5924c81986ad2894e33b9f9889aab1d8fd8bb21324c9d624
SHA512e1a8c5e709f7bb7f9bd7674fd4b4dae5892d9d2ee6f0716ff5cc69912da92b533483ce0d211802d2ab3443cc148b6cfc771c9ae844d7a2cef8b42d04ab13fa51
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\sessionstore-backups\recovery.baklz4
Filesize15KB
MD555fb65b74bb8fe78dbd88eedbde4c77f
SHA141a6540f61506d50c61e071218cd52c3aa7b3db5
SHA25679f9ddb090fd2d7bfc7538fc0362a8de772819c7e8baa41b46428b0251bf018c
SHA5127779bde82760fee775576d600bc359e7586621fefcd549a225170ee45bba4587d638fd61c7a2eaffb4d96a4f95d63436ffe980a1eb8aa5ad08ead7138ef4cdb9
-
Filesize
210B
MD52ba93ae557bda7bcd8398d0560eb7d97
SHA1288f2a2574f2b763349c3bafcda08d73473554a1
SHA2563bdb050540ecdd6fe717cbb9028c0ff9e2af5e1544afa71b6bade80140c7a236
SHA5126d9adcc96913c4edc8ae2b1f8f6c662a5494fd2533231f5973757ff3875843e94d3ab218f485efbe63299b9c0bd179c0d8479cef4154bde0634158a6f1c21439
-
C:\Users\Admin\Desktop\Fableborne-Crypto-Bot-Crypto-Game-Auto-Farm-Clicker-Cheat-Token-Hack-Api-fableborne\.vscode\settings.json
Filesize46B
MD5e103784b53d540d62f3a4380bc83f17d
SHA13ba66274c158f953d960219c00332c9a4369efeb
SHA2566fde5335f219f6c5dafe5240722e74d1ef55897551f3c9d06fdf962ac085ee56
SHA512154dcda831f81d9a6df8478cd96f5573e3459a75d271fd584f6d0b391db3a6d38005991c5886e2915fd398b04ac34135ec39b8e296410bdb283af0d0234ae17a
-
Filesize
1.9MB
MD5eb7b41959301672d15c388957baf55c9
SHA1039cb3f555ad22643bae57abc85c353a70322e85
SHA256d81c54105b83c2559ca6058eff023f8a3745c1f4a9c46792c6c388fbf693182b
SHA51220518bb05b22f5460594c1cbfbb7567d552e0620054072285d5eb9cc5ff849a82441170f759ea8dc16874ee1284fdbe614195385b7ad40883d7de0cc4d552db6
-
Filesize
219KB
MD5928f4b0fc68501395f93ad524a36148c
SHA1084590b18957ca45b4a0d4576d1cc72966c3ea10
SHA2562bf33a9b9980e44d21d48f04cc6ac4eed4c68f207bd5990b7d3254a310b944ae
SHA5127f2163f651693f9b73a67e90b5c820af060a23502667a5c32c3beb2d6b043f5459f22d61072a744089d622c05502d80f7485e0f86eb6d565ff711d5680512372
-
Filesize
244KB
MD5c0777f5c9995b8c0b08ed33cee7e1008
SHA112f08bb8febedb3f16b22bf94bc47c5c3910a477
SHA256cf531f10cb410f4825bab4fd4b15df8e02cb9a18505a3a3b05c4c2f4ccaf90d3
SHA512a3478bc42730169abcb7635f1f73bc8b1a639fe2094c7e3866d8321b6efdf0740f8867dccdd5fb1b12f73b8e89a51758280ab9c3d184d36a7b86f3f91ac9dc0a
-
Filesize
27.5MB
MD50354c0a0d35b81f593b863104b8a68a5
SHA14d1dc9a7ba68460f213c9876bd3840e092acf219
SHA2569150ef6f15df4cf1a52c20ec5889131104a3eaa8bd34b339b0ac6ff518dac86f
SHA512ec7eaf6f4463c6643df1434c87bacfaf5cf3f36131590ae986567d1327e9bcaf9ae9c550fbf73a7a198c9eeb24f10218b76acf3e8cf2e09089df2225cffac5d5
-
Filesize
4.7MB
MD57116845e756106d9018635d536943d4d
SHA1b4e3a19ddec3c981073ec75f42ecaf4c1e83af49
SHA256f78fec0f611e49c6aadf20ae49311de8638698421e832e1117b4d9ef91d8ed1f
SHA512523059d1f2ef3677fd449b9625a5d36f1c5d5698895f56701f0d102706ee59e59ae0420c20f230b6f27b080ef23a5a1633c090817a79752068ecc3d63678593c
-
Filesize
30.0MB
MD5da69483953f73f01af02be3638f2d3ac
SHA1d5ffb5edf4fff109ef2bde2a1f8ccc38b3e68f88
SHA256bebd92c3d900c3ef264ff48ddadc63d9ee99b008bff9254c347bda893b5d14d7
SHA5124fac7e9ddb1b1c3e7426213606fec1f62756003bfcd2d5976cfa827f4353f8c99a059c22611b24505787a0d22b2b638da4e13f0a48474d38d34d59481221f2c7
-
Filesize
5.1MB
MD52270fe5d265cc8b57aa45a5f1de8a112
SHA19690c1d8bf2fd95b3e7dbd062173fa22d755287e
SHA256246de9993e3430c38dc2b9f308669e4a4807baf08f559d830cf693cdaccd494e
SHA51265139f2653b02f8c59e63760a9264ed6b4a91a066bb95689d968a7f5f80518c79a199a60eaf4e47e601839dccf211b5d65b3a17def57b9993c7f43d143d8ee6f
-
Filesize
9.9MB
MD54d0b32af77ecb15198165355a658eda5
SHA1d26be288f37d926263a9e3c2624176ceb0b1f0a3
SHA2568f0331b33b830813df8aa9072955e53099b5bfe09d13c76b3f6736ad5858ec8c
SHA512ce947807881f6290d95833e2376bf76b72351e75ad41124f2a1ef73ee74ac319ae1f11d1e112fe912c56e07d1e53de4ef588d4f5e73fcbc0746c5038cbc46ed7
-
Filesize
4KB
MD59eb0320dfbf2bd541e6a55c01ddc9f20
SHA1eb282a66d29594346531b1ff886d455e1dcd6d99
SHA2569095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79
SHA5129ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d
-
Filesize
612KB
MD5bb468f4827119005e86eb903e85b87b7
SHA1046419797df32a13138c0f7f39d358cad737526f
SHA2569ceae38da6b11878b655982897bdd1380653758371c36a1d2876508485840d0d
SHA51270918569c1661dc4f7d7ecdd46ce526a5ba00d9591e2e34798db12fed1ad30b5b8846c25191fb7642f429e9403f0d8d0430b9b13d9fc4c89450e29d22f5ca885
-
C:\Windows\Temp\{D00420EB-9A84-412B-A58E-CCBAFDE0F80F}\aspnetcore_targeting_pack_9.0.1_rtm.24610.9_win_x64.msi
Filesize3.1MB
MD500e11318c367ec49dcf68c6235fa074f
SHA190628995eafe5e390511d1c50b2c7ade6d179b64
SHA2569d7055f810e643c54167a366d6b8e7e771be4e2f0a52ef7040f24efd455ea0fa
SHA512d275a1ef74ebbbfdd25b10131cb6dba7386ac370c9e5a2a72712d9d17a923797a57448948239e6da8758986a57b828de5e71b7cb6c791d0a36a7914cb4643d95