0a8aa5c8c6f1c03c6adb0bc418cd18580ec949b7c43b2b60653544cc792f70ba

Analysis

max time kernel
131s
max time network
55s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
25-05-2023 14:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

VisualStudioSetup.exe
Size

3.5MB
MD5

f27ca402060ab26f140c8454e89a24f9
SHA1

cea986120a74ce817e4ae3443212fdc1a5f5c1bc
SHA256

0a8aa5c8c6f1c03c6adb0bc418cd18580ec949b7c43b2b60653544cc792f70ba
SHA512

bb56e1fdd3fc42ae54de2af9c106b4a2136df827d76a0d4c55d8b4b78dcbdc04868d0bbfa453c3cd2e4de80bf4564a865ac57ee0d0a59d6b629fefa6833426f6
SSDEEP

98304:QLGUyveRHb3kKP9TJIKPWoz3BhsTfv6xEftUS7g3tEa:3vKPkkp3BWfv6xeNgOa

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1008	vs_setup_bootstrapper.exe

Loads dropped DLL 24 IoCs

pid	Process
1460	VisualStudioSetup.exe
1008	vs_setup_bootstrapper.exe
1008	vs_setup_bootstrapper.exe
1008	vs_setup_bootstrapper.exe
1008	vs_setup_bootstrapper.exe
1008	vs_setup_bootstrapper.exe
1008	vs_setup_bootstrapper.exe
1008	vs_setup_bootstrapper.exe
1008	vs_setup_bootstrapper.exe
1008	vs_setup_bootstrapper.exe
1008	vs_setup_bootstrapper.exe
1008	vs_setup_bootstrapper.exe
1008	vs_setup_bootstrapper.exe
1008	vs_setup_bootstrapper.exe
1008	vs_setup_bootstrapper.exe
1008	vs_setup_bootstrapper.exe
1008	vs_setup_bootstrapper.exe
1008	vs_setup_bootstrapper.exe
1008	vs_setup_bootstrapper.exe
1008	vs_setup_bootstrapper.exe
1008	vs_setup_bootstrapper.exe
1008	vs_setup_bootstrapper.exe
1008	vs_setup_bootstrapper.exe
1008	vs_setup_bootstrapper.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	vs_setup_bootstrapper.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	vs_setup_bootstrapper.exe
Key value enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	vs_setup_bootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	vs_setup_bootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	vs_setup_bootstrapper.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1008	vs_setup_bootstrapper.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1460 wrote to memory of 1008	1460	VisualStudioSetup.exe	27
PID 1460 wrote to memory of 1008	1460	VisualStudioSetup.exe	27
PID 1460 wrote to memory of 1008	1460	VisualStudioSetup.exe	27
PID 1460 wrote to memory of 1008	1460	VisualStudioSetup.exe	27
PID 1460 wrote to memory of 1008	1460	VisualStudioSetup.exe	27
PID 1460 wrote to memory of 1008	1460	VisualStudioSetup.exe	27
PID 1460 wrote to memory of 1008	1460	VisualStudioSetup.exe	27
PID 1008 wrote to memory of 668	1008	vs_setup_bootstrapper.exe	28
PID 1008 wrote to memory of 668	1008	vs_setup_bootstrapper.exe	28
PID 1008 wrote to memory of 668	1008	vs_setup_bootstrapper.exe	28
PID 1008 wrote to memory of 668	1008	vs_setup_bootstrapper.exe	28

C:\Users\Admin\AppData\Local\Temp\VisualStudioSetup.exe
"C:\Users\Admin\AppData\Local\Temp\VisualStudioSetup.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1460
- C:\Users\Admin\AppData\Local\Temp\a1f44b32b704195712ad\vs_bootstrapper_d15\vs_setup_bootstrapper.exe
  "C:\Users\Admin\AppData\Local\Temp\a1f44b32b704195712ad\vs_bootstrapper_d15\vs_setup_bootstrapper.exe" --env "_SFX_CAB_EXE_PACKAGE:C:\Users\Admin\AppData\Local\Temp\VisualStudioSetup.exe _SFX_CAB_EXE_ORIGINALWORKINGDIR:C:\Users\Admin\AppData\Local\Temp"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1008
- - C:\Windows\SysWOW64\getmac.exe
    "getmac"
    3⤵
    PID:668

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Microsoft\VisualStudio\Packages\_bootstrapper\vs_setup_bootstrapper_202305251408033200.json

Filesize
162B

MD5
ad891c3b02a02419dc60db8c273a8315

SHA1
141a08ca0e25d56bdb35fc71e1c767667079114a

SHA256
186c4b16ee009564819730b358dbdbb0792fc27e602698c5f0a16e20104647c7

SHA512
64cdaf1d6d1b4072e24f3926f91103abf946ff044cda34a9070586c2d2927bcdfc53381c955e447a38965ee426373259759025f97b715158afc429080956196f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\VSApplicationInsights\vstelAIF-312cbd79-9dbb-4c48-a7da-3cc2a931cb70\20230525140843_48b2a99c1bea4cd8ad106ce7bf76a50e.trn

Filesize
7KB

MD5
3960bef98ba05054b33bd65c8c39c8ae

SHA1
798594ff245cc23e76ff4ffc148a2a003ff4c1cb

SHA256
95ed2b9604bef7557636e3595ecb174e8e13861ac1a2f6ef039ed562a938a70b

SHA512
8efc9b219fb9ffa0b77d07414e363168bea958e6c8a7a279ee43392396914f2b674f05e116c97fc15f3a84b74e89a1f71a0b5b1342e0155ac5c741ec5a57c7c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\a1f44b32b704195712ad\vs_bootstrapper_d15\Microsoft.C2RSignatureReader.Interop.dll

Filesize
18KB

MD5
7ef638cbd3200605fc15e7be7ea9fcb5

SHA1
534f6176f10bc79b2655e535b7ac6a4df9f67855

SHA256
467df0856c41d9b37e6c55ae1b82edcca60f4c7847f93b7f24ca6543b675ad8a

SHA512
c145576d119e2053c0cbffb910f63003d42c2af320ba410f6e81da9e40cc337000d8ad733778873bd2700e366f5672c311d69b4b2391564fe19fa6e48c1cb373

Download Submit
C:\Users\Admin\AppData\Local\Temp\a1f44b32b704195712ad\vs_bootstrapper_d15\Microsoft.C2RSignatureReader.Native.dll

Filesize
113KB

MD5
ed2315668a0dda422f463d27c8110838

SHA1
ce17813ccc0cd968d9fb3d01e7b7ffbf3b05cebe

SHA256
0ce6da02115192a688359299b1a47ce9e6b2a8adf3dfcd92a2467b55d5f3c0aa

SHA512
e9a47c030fa20a8d36f0c47293e547de0e7d978813ebde64f181d76d8606cf629846075ecb5e3a0b9d262a6fba7aeb0caa8fe3006c018de3c2c2ecdbf31c1eb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\a1f44b32b704195712ad\vs_bootstrapper_d15\Microsoft.VisualStudio.RemoteControl.dll

Filesize
44KB

MD5
2338953ae2ab47de1703f27e872e84ba

SHA1
2765b2f2cd04a0e1df7556da551ce9d763bc5c4d

SHA256
bfc4890087c01f629fa09e744e5a861f9f68b504100cbcf805855fa5906d61c7

SHA512
417ce0ef8344409ebd05b8c52b58a3960489fe810b95af31e72430690ffb8258042a73e205fc27396731113ad84302ff898821b4f2db2b9d4fa2b2293ccca872

Download Submit
C:\Users\Admin\AppData\Local\Temp\a1f44b32b704195712ad\vs_bootstrapper_d15\Microsoft.VisualStudio.Setup.Common.dll

Filesize
401KB

MD5
d4fa5e438ff243a1da462726fb4ea164

SHA1
7effd06f4eaa0a5d701ea4162dce55cbfeb4c0cd

SHA256
fa9d5c116363ccc82f92767bbb36d154f8903b861a9de65a01fd7824a566b4b0

SHA512
8dbfc97abb5eb4363a1c896a4d276630a502354ed144e60dfb0ffbc1245486003d8af49443fd4baa70541114b50764467caed709cc416f60eaf33fd0f6fcee7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\a1f44b32b704195712ad\vs_bootstrapper_d15\Microsoft.VisualStudio.Setup.Download.dll

Filesize
133KB

MD5
a6076a6e981bc6c29f270d3919e722e8

SHA1
739c1b7fe6ade740cd87aeb84a4ac10720b14a2a

SHA256
460bed22e1f7148209901da0eb97fd8d83fef8f1404e3fb82219c90ae2876710

SHA512
064f5a4756b3a0b8f8017e892ab85e0340d9f60fd1c03f2250cc24bdb0d650edaae873c8dcf543af31e027ac5eaa1bfeda99099286de71332eced742c78d6720

Download Submit
C:\Users\Admin\AppData\Local\Temp\a1f44b32b704195712ad\vs_bootstrapper_d15\Microsoft.VisualStudio.Setup.dll

Filesize
1.2MB

MD5
fc32f39277ebbe48d976c9970cdab5dd

SHA1
2d2e6eafd0d16ec8f577293f4903f2ae3453752f

SHA256
7dd27a5ca48c16725e3a3ec9b18b1e198390e4c5f62af9a5c2489b27e3f871f8

SHA512
30f99c799d2f88fc5cd66593435f851410e9cbafb10ad435c57a85a7eb86a4cf7179937b2da2597dab77da3b04d9770331ea776053d02af08ad4f6c7abbc45ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\a1f44b32b704195712ad\vs_bootstrapper_d15\Microsoft.VisualStudio.Telemetry.dll

Filesize
919KB

MD5
015ef51b3e50cc182b323524e5296172

SHA1
f5e8cb54340c3f6f0c4876348193afd04bb10323

SHA256
289200599446f28664d3a44774ec076061fab75fa7307637284bf50231d25c0b

SHA512
8c69cbaee9e9d4c526fd5f5db5a1d5030821f1ce79e7a4698bb2ef9617e81832528130a485c09bfd24b63202e5c91ba03accdbe53f0be9a3bcb11e16b12097e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\a1f44b32b704195712ad\vs_bootstrapper_d15\Microsoft.VisualStudio.Utilities.Internal.dll

Filesize
41KB

MD5
c510b1756eac53c62ba8c7279609357f

SHA1
953ee732da8c49d2ef97711f5b7220d5e2cea8d6

SHA256
188f3af3e336a5bf1dc82007fa4b96522b3ed946326a65b93dbeb0e24356f642

SHA512
61ebf783d156733cbcf654a73bb73a67e63bc544376154b86f8c418a9ffaced9dfb7a0eea1b36d2622f7990539b078064cabe5d26976124a18e6aba580be2b33

Download Submit
C:\Users\Admin\AppData\Local\Temp\a1f44b32b704195712ad\vs_bootstrapper_d15\Newtonsoft.Json.dll

Filesize
685KB

MD5
081d9558bbb7adce142da153b2d5577a

SHA1
7d0ad03fbda1c24f883116b940717e596073ae96

SHA256
b624949df8b0e3a6153fdfb730a7c6f4990b6592ee0d922e1788433d276610f3

SHA512
2fdf035661f349206f58ea1feed8805b7f9517a21f9c113e7301c69de160f184c774350a12a710046e3ff6baa37345d319b6f47fd24fbba4e042d54014bee511

Download Submit
C:\Users\Admin\AppData\Local\Temp\a1f44b32b704195712ad\vs_bootstrapper_d15\System.Runtime.CompilerServices.Unsafe.dll

Filesize
16KB

MD5
9a341540899dcc5630886f2d921be78f

SHA1
bab44612721c3dc91ac3d9dfca7c961a3a511508

SHA256
3cadcb6b8a7335141c7c357a1d77af1ff49b59b872df494f5025580191d1c0d5

SHA512
066984c83de975df03eee1c2b5150c6b9b2e852d9caf90cfd956e9f0f7bd5a956b96ea961b26f7cd14c089bc8a27f868b225167020c5eb6318f66e58113efa37

Download Submit
C:\Users\Admin\AppData\Local\Temp\a1f44b32b704195712ad\vs_bootstrapper_d15\detection.json

Filesize
8KB

MD5
782f4beae90d11351db508f38271eb26

SHA1
f1e92aea9e2cd005c2fb6d4face0258d4f1d8b6c

SHA256
c828a2e5b4045ce36ecf5b49d33d6404c9d6f865df9b3c9623787c2332df07d9

SHA512
0a02beeca5c4e64044692b665507378e6f8b38e519a17c3ceccca1e87f85e1e2e7b3598e598fc84c962d3a5c723b28b52ee0351faaec82a846f0313f3c21e0e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\a1f44b32b704195712ad\vs_bootstrapper_d15\vs_setup_bootstrapper.config

Filesize
620B

MD5
01648ff77b4547a4b9e83659df60ed4e

SHA1
a4489e6fe83064e69c24e3f920979d050ed4177e

SHA256
3a0430ee2b8e69d747d7668adfa174e1a6dc69de15f7310dc469851b9f8c0691

SHA512
bc1a1002864569e0c8a512d340a4d5632ba9ddc081a9350a0b74ba473f8ed0c23dfd597a2c7fb87c43c7071849f55d72016fb71b3a181ec9f6c52df850b33f52

Download Submit
C:\Users\Admin\AppData\Local\Temp\a1f44b32b704195712ad\vs_bootstrapper_d15\vs_setup_bootstrapper.exe

Filesize
398KB

MD5
d6baac92ade6ade86ac8b33179c13db8

SHA1
c2dfc428a02ffc2c3cc293423d38037ea75cfade

SHA256
eafadec2a23db1e659ecec552971b847eaa78b5e665db8984e456e159715ec10

SHA512
7577167f2954402ffa642e1705acacc49e577268c102f00685cf5968c669d16e2925db39650882054b6e812433c98c916f737f7bacdb94ce8c37277a7585ec45

Download Submit
C:\Users\Admin\AppData\Local\Temp\a1f44b32b704195712ad\vs_bootstrapper_d15\vs_setup_bootstrapper.exe

Filesize
398KB

MD5
d6baac92ade6ade86ac8b33179c13db8

SHA1
c2dfc428a02ffc2c3cc293423d38037ea75cfade

SHA256
eafadec2a23db1e659ecec552971b847eaa78b5e665db8984e456e159715ec10

SHA512
7577167f2954402ffa642e1705acacc49e577268c102f00685cf5968c669d16e2925db39650882054b6e812433c98c916f737f7bacdb94ce8c37277a7585ec45

Download Submit
C:\Users\Admin\AppData\Local\Temp\a1f44b32b704195712ad\vs_bootstrapper_d15\vs_setup_bootstrapper.exe

Filesize
398KB

MD5
d6baac92ade6ade86ac8b33179c13db8

SHA1
c2dfc428a02ffc2c3cc293423d38037ea75cfade

SHA256
eafadec2a23db1e659ecec552971b847eaa78b5e665db8984e456e159715ec10

SHA512
7577167f2954402ffa642e1705acacc49e577268c102f00685cf5968c669d16e2925db39650882054b6e812433c98c916f737f7bacdb94ce8c37277a7585ec45

Download Submit
C:\Users\Admin\AppData\Local\Temp\a1f44b32b704195712ad\vs_bootstrapper_d15\vs_setup_bootstrapper.exe.config

Filesize
2KB

MD5
010d94408fd5432563d51e416ba346b3

SHA1
0041f1989b67b666ec0f0581f9e6ce0e94b55c55

SHA256
0472025ac139903fead459c4c173364f128f68f015d0299fb0ddd835f7437d5d

SHA512
d3252d2f2e07ca2e29c26894400690a0698a8cfcaefc3dd7f7c5020193725e331833fe997b8889807900e08d5c9b09ce69e803d64452b297385713f0e3a325f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\a1f44b32b704195712ad\vs_bootstrapper_d15\vs_setup_bootstrapper.json

Filesize
162B

MD5
ad891c3b02a02419dc60db8c273a8315

SHA1
141a08ca0e25d56bdb35fc71e1c767667079114a

SHA256
186c4b16ee009564819730b358dbdbb0792fc27e602698c5f0a16e20104647c7

SHA512
64cdaf1d6d1b4072e24f3926f91103abf946ff044cda34a9070586c2d2927bcdfc53381c955e447a38965ee426373259759025f97b715158afc429080956196f

Download Submit
\Users\Admin\AppData\Local\Temp\a1f44b32b704195712ad\vs_bootstrapper_d15\Microsoft.C2RSignatureReader.Interop.dll

Filesize
18KB

MD5
7ef638cbd3200605fc15e7be7ea9fcb5

SHA1
534f6176f10bc79b2655e535b7ac6a4df9f67855

SHA256
467df0856c41d9b37e6c55ae1b82edcca60f4c7847f93b7f24ca6543b675ad8a

SHA512
c145576d119e2053c0cbffb910f63003d42c2af320ba410f6e81da9e40cc337000d8ad733778873bd2700e366f5672c311d69b4b2391564fe19fa6e48c1cb373

Download Submit
\Users\Admin\AppData\Local\Temp\a1f44b32b704195712ad\vs_bootstrapper_d15\Microsoft.C2RSignatureReader.Interop.dll

Filesize
18KB

MD5
7ef638cbd3200605fc15e7be7ea9fcb5

SHA1
534f6176f10bc79b2655e535b7ac6a4df9f67855

SHA256
467df0856c41d9b37e6c55ae1b82edcca60f4c7847f93b7f24ca6543b675ad8a

SHA512
c145576d119e2053c0cbffb910f63003d42c2af320ba410f6e81da9e40cc337000d8ad733778873bd2700e366f5672c311d69b4b2391564fe19fa6e48c1cb373

Download Submit
\Users\Admin\AppData\Local\Temp\a1f44b32b704195712ad\vs_bootstrapper_d15\Microsoft.C2RSignatureReader.Native.dll

Filesize
113KB

MD5
ed2315668a0dda422f463d27c8110838

SHA1
ce17813ccc0cd968d9fb3d01e7b7ffbf3b05cebe

SHA256
0ce6da02115192a688359299b1a47ce9e6b2a8adf3dfcd92a2467b55d5f3c0aa

SHA512
e9a47c030fa20a8d36f0c47293e547de0e7d978813ebde64f181d76d8606cf629846075ecb5e3a0b9d262a6fba7aeb0caa8fe3006c018de3c2c2ecdbf31c1eb7

Download Submit
\Users\Admin\AppData\Local\Temp\a1f44b32b704195712ad\vs_bootstrapper_d15\Microsoft.VisualStudio.RemoteControl.dll

Filesize
44KB

MD5
2338953ae2ab47de1703f27e872e84ba

SHA1
2765b2f2cd04a0e1df7556da551ce9d763bc5c4d

SHA256
bfc4890087c01f629fa09e744e5a861f9f68b504100cbcf805855fa5906d61c7

SHA512
417ce0ef8344409ebd05b8c52b58a3960489fe810b95af31e72430690ffb8258042a73e205fc27396731113ad84302ff898821b4f2db2b9d4fa2b2293ccca872

Download Submit
\Users\Admin\AppData\Local\Temp\a1f44b32b704195712ad\vs_bootstrapper_d15\Microsoft.VisualStudio.RemoteControl.dll

Filesize
44KB

MD5
2338953ae2ab47de1703f27e872e84ba

SHA1
2765b2f2cd04a0e1df7556da551ce9d763bc5c4d

SHA256
bfc4890087c01f629fa09e744e5a861f9f68b504100cbcf805855fa5906d61c7

SHA512
417ce0ef8344409ebd05b8c52b58a3960489fe810b95af31e72430690ffb8258042a73e205fc27396731113ad84302ff898821b4f2db2b9d4fa2b2293ccca872

Download Submit
\Users\Admin\AppData\Local\Temp\a1f44b32b704195712ad\vs_bootstrapper_d15\Microsoft.VisualStudio.Setup.Common.dll

Filesize
401KB

MD5
d4fa5e438ff243a1da462726fb4ea164

SHA1
7effd06f4eaa0a5d701ea4162dce55cbfeb4c0cd

SHA256
fa9d5c116363ccc82f92767bbb36d154f8903b861a9de65a01fd7824a566b4b0

SHA512
8dbfc97abb5eb4363a1c896a4d276630a502354ed144e60dfb0ffbc1245486003d8af49443fd4baa70541114b50764467caed709cc416f60eaf33fd0f6fcee7b

Download Submit
\Users\Admin\AppData\Local\Temp\a1f44b32b704195712ad\vs_bootstrapper_d15\Microsoft.VisualStudio.Setup.Common.dll

Filesize
401KB

MD5
d4fa5e438ff243a1da462726fb4ea164

SHA1
7effd06f4eaa0a5d701ea4162dce55cbfeb4c0cd

SHA256
fa9d5c116363ccc82f92767bbb36d154f8903b861a9de65a01fd7824a566b4b0

SHA512
8dbfc97abb5eb4363a1c896a4d276630a502354ed144e60dfb0ffbc1245486003d8af49443fd4baa70541114b50764467caed709cc416f60eaf33fd0f6fcee7b

Download Submit
\Users\Admin\AppData\Local\Temp\a1f44b32b704195712ad\vs_bootstrapper_d15\Microsoft.VisualStudio.Setup.Download.dll

Filesize
133KB

MD5
a6076a6e981bc6c29f270d3919e722e8

SHA1
739c1b7fe6ade740cd87aeb84a4ac10720b14a2a

SHA256
460bed22e1f7148209901da0eb97fd8d83fef8f1404e3fb82219c90ae2876710

SHA512
064f5a4756b3a0b8f8017e892ab85e0340d9f60fd1c03f2250cc24bdb0d650edaae873c8dcf543af31e027ac5eaa1bfeda99099286de71332eced742c78d6720

Download Submit
\Users\Admin\AppData\Local\Temp\a1f44b32b704195712ad\vs_bootstrapper_d15\Microsoft.VisualStudio.Setup.Download.dll

Filesize
133KB

MD5
a6076a6e981bc6c29f270d3919e722e8

SHA1
739c1b7fe6ade740cd87aeb84a4ac10720b14a2a

SHA256
460bed22e1f7148209901da0eb97fd8d83fef8f1404e3fb82219c90ae2876710

SHA512
064f5a4756b3a0b8f8017e892ab85e0340d9f60fd1c03f2250cc24bdb0d650edaae873c8dcf543af31e027ac5eaa1bfeda99099286de71332eced742c78d6720

Download Submit
\Users\Admin\AppData\Local\Temp\a1f44b32b704195712ad\vs_bootstrapper_d15\Microsoft.VisualStudio.Setup.dll

Filesize
1.2MB

MD5
fc32f39277ebbe48d976c9970cdab5dd

SHA1
2d2e6eafd0d16ec8f577293f4903f2ae3453752f

SHA256
7dd27a5ca48c16725e3a3ec9b18b1e198390e4c5f62af9a5c2489b27e3f871f8

SHA512
30f99c799d2f88fc5cd66593435f851410e9cbafb10ad435c57a85a7eb86a4cf7179937b2da2597dab77da3b04d9770331ea776053d02af08ad4f6c7abbc45ea

Download Submit
\Users\Admin\AppData\Local\Temp\a1f44b32b704195712ad\vs_bootstrapper_d15\Microsoft.VisualStudio.Setup.dll

Filesize
1.2MB

MD5
fc32f39277ebbe48d976c9970cdab5dd

SHA1
2d2e6eafd0d16ec8f577293f4903f2ae3453752f

SHA256
7dd27a5ca48c16725e3a3ec9b18b1e198390e4c5f62af9a5c2489b27e3f871f8

SHA512
30f99c799d2f88fc5cd66593435f851410e9cbafb10ad435c57a85a7eb86a4cf7179937b2da2597dab77da3b04d9770331ea776053d02af08ad4f6c7abbc45ea

Download Submit
\Users\Admin\AppData\Local\Temp\a1f44b32b704195712ad\vs_bootstrapper_d15\Microsoft.VisualStudio.Telemetry.dll

Filesize
919KB

MD5
015ef51b3e50cc182b323524e5296172

SHA1
f5e8cb54340c3f6f0c4876348193afd04bb10323

SHA256
289200599446f28664d3a44774ec076061fab75fa7307637284bf50231d25c0b

SHA512
8c69cbaee9e9d4c526fd5f5db5a1d5030821f1ce79e7a4698bb2ef9617e81832528130a485c09bfd24b63202e5c91ba03accdbe53f0be9a3bcb11e16b12097e5

Download Submit
\Users\Admin\AppData\Local\Temp\a1f44b32b704195712ad\vs_bootstrapper_d15\Microsoft.VisualStudio.Telemetry.dll

Filesize
919KB

MD5
015ef51b3e50cc182b323524e5296172

SHA1
f5e8cb54340c3f6f0c4876348193afd04bb10323

SHA256
289200599446f28664d3a44774ec076061fab75fa7307637284bf50231d25c0b

SHA512
8c69cbaee9e9d4c526fd5f5db5a1d5030821f1ce79e7a4698bb2ef9617e81832528130a485c09bfd24b63202e5c91ba03accdbe53f0be9a3bcb11e16b12097e5

Download Submit
\Users\Admin\AppData\Local\Temp\a1f44b32b704195712ad\vs_bootstrapper_d15\Microsoft.VisualStudio.Telemetry.dll

Filesize
919KB

MD5
015ef51b3e50cc182b323524e5296172

SHA1
f5e8cb54340c3f6f0c4876348193afd04bb10323

SHA256
289200599446f28664d3a44774ec076061fab75fa7307637284bf50231d25c0b

SHA512
8c69cbaee9e9d4c526fd5f5db5a1d5030821f1ce79e7a4698bb2ef9617e81832528130a485c09bfd24b63202e5c91ba03accdbe53f0be9a3bcb11e16b12097e5

Download Submit
\Users\Admin\AppData\Local\Temp\a1f44b32b704195712ad\vs_bootstrapper_d15\Microsoft.VisualStudio.Telemetry.dll

Filesize
919KB

MD5
015ef51b3e50cc182b323524e5296172

SHA1
f5e8cb54340c3f6f0c4876348193afd04bb10323

SHA256
289200599446f28664d3a44774ec076061fab75fa7307637284bf50231d25c0b

SHA512
8c69cbaee9e9d4c526fd5f5db5a1d5030821f1ce79e7a4698bb2ef9617e81832528130a485c09bfd24b63202e5c91ba03accdbe53f0be9a3bcb11e16b12097e5

Download Submit
\Users\Admin\AppData\Local\Temp\a1f44b32b704195712ad\vs_bootstrapper_d15\Microsoft.VisualStudio.Utilities.Internal.dll

Filesize
41KB

MD5
c510b1756eac53c62ba8c7279609357f

SHA1
953ee732da8c49d2ef97711f5b7220d5e2cea8d6

SHA256
188f3af3e336a5bf1dc82007fa4b96522b3ed946326a65b93dbeb0e24356f642

SHA512
61ebf783d156733cbcf654a73bb73a67e63bc544376154b86f8c418a9ffaced9dfb7a0eea1b36d2622f7990539b078064cabe5d26976124a18e6aba580be2b33

Download Submit
\Users\Admin\AppData\Local\Temp\a1f44b32b704195712ad\vs_bootstrapper_d15\Microsoft.VisualStudio.Utilities.Internal.dll

Filesize
41KB

MD5
c510b1756eac53c62ba8c7279609357f

SHA1
953ee732da8c49d2ef97711f5b7220d5e2cea8d6

SHA256
188f3af3e336a5bf1dc82007fa4b96522b3ed946326a65b93dbeb0e24356f642

SHA512
61ebf783d156733cbcf654a73bb73a67e63bc544376154b86f8c418a9ffaced9dfb7a0eea1b36d2622f7990539b078064cabe5d26976124a18e6aba580be2b33

Download Submit
\Users\Admin\AppData\Local\Temp\a1f44b32b704195712ad\vs_bootstrapper_d15\Newtonsoft.Json.dll

Filesize
685KB

MD5
081d9558bbb7adce142da153b2d5577a

SHA1
7d0ad03fbda1c24f883116b940717e596073ae96

SHA256
b624949df8b0e3a6153fdfb730a7c6f4990b6592ee0d922e1788433d276610f3

SHA512
2fdf035661f349206f58ea1feed8805b7f9517a21f9c113e7301c69de160f184c774350a12a710046e3ff6baa37345d319b6f47fd24fbba4e042d54014bee511

Download Submit
\Users\Admin\AppData\Local\Temp\a1f44b32b704195712ad\vs_bootstrapper_d15\Newtonsoft.Json.dll

Filesize
685KB

MD5
081d9558bbb7adce142da153b2d5577a

SHA1
7d0ad03fbda1c24f883116b940717e596073ae96

SHA256
b624949df8b0e3a6153fdfb730a7c6f4990b6592ee0d922e1788433d276610f3

SHA512
2fdf035661f349206f58ea1feed8805b7f9517a21f9c113e7301c69de160f184c774350a12a710046e3ff6baa37345d319b6f47fd24fbba4e042d54014bee511

Download Submit
\Users\Admin\AppData\Local\Temp\a1f44b32b704195712ad\vs_bootstrapper_d15\Newtonsoft.Json.dll

Filesize
685KB

MD5
081d9558bbb7adce142da153b2d5577a

SHA1
7d0ad03fbda1c24f883116b940717e596073ae96

SHA256
b624949df8b0e3a6153fdfb730a7c6f4990b6592ee0d922e1788433d276610f3

SHA512
2fdf035661f349206f58ea1feed8805b7f9517a21f9c113e7301c69de160f184c774350a12a710046e3ff6baa37345d319b6f47fd24fbba4e042d54014bee511

Download Submit
\Users\Admin\AppData\Local\Temp\a1f44b32b704195712ad\vs_bootstrapper_d15\Newtonsoft.Json.dll

Filesize
685KB

MD5
081d9558bbb7adce142da153b2d5577a

SHA1
7d0ad03fbda1c24f883116b940717e596073ae96

SHA256
b624949df8b0e3a6153fdfb730a7c6f4990b6592ee0d922e1788433d276610f3

SHA512
2fdf035661f349206f58ea1feed8805b7f9517a21f9c113e7301c69de160f184c774350a12a710046e3ff6baa37345d319b6f47fd24fbba4e042d54014bee511

Download Submit
\Users\Admin\AppData\Local\Temp\a1f44b32b704195712ad\vs_bootstrapper_d15\System.Runtime.CompilerServices.Unsafe.dll

Filesize
16KB

MD5
9a341540899dcc5630886f2d921be78f

SHA1
bab44612721c3dc91ac3d9dfca7c961a3a511508

SHA256
3cadcb6b8a7335141c7c357a1d77af1ff49b59b872df494f5025580191d1c0d5

SHA512
066984c83de975df03eee1c2b5150c6b9b2e852d9caf90cfd956e9f0f7bd5a956b96ea961b26f7cd14c089bc8a27f868b225167020c5eb6318f66e58113efa37

Download Submit
\Users\Admin\AppData\Local\Temp\a1f44b32b704195712ad\vs_bootstrapper_d15\System.Runtime.CompilerServices.Unsafe.dll

Filesize
16KB

MD5
9a341540899dcc5630886f2d921be78f

SHA1
bab44612721c3dc91ac3d9dfca7c961a3a511508

SHA256
3cadcb6b8a7335141c7c357a1d77af1ff49b59b872df494f5025580191d1c0d5

SHA512
066984c83de975df03eee1c2b5150c6b9b2e852d9caf90cfd956e9f0f7bd5a956b96ea961b26f7cd14c089bc8a27f868b225167020c5eb6318f66e58113efa37

Download Submit
\Users\Admin\AppData\Local\Temp\a1f44b32b704195712ad\vs_bootstrapper_d15\vs_setup_bootstrapper.exe

Filesize
398KB

MD5
d6baac92ade6ade86ac8b33179c13db8

SHA1
c2dfc428a02ffc2c3cc293423d38037ea75cfade

SHA256
eafadec2a23db1e659ecec552971b847eaa78b5e665db8984e456e159715ec10

SHA512
7577167f2954402ffa642e1705acacc49e577268c102f00685cf5968c669d16e2925db39650882054b6e812433c98c916f737f7bacdb94ce8c37277a7585ec45

Download Submit
memory/1008-185-0x0000000000330000-0x0000000000356000-memory.dmp

Filesize
152KB

Download
memory/1008-169-0x0000000004800000-0x0000000004942000-memory.dmp

Filesize
1.3MB

Download
memory/1008-200-0x0000000000870000-0x0000000000878000-memory.dmp

Filesize
32KB

Download
memory/1008-206-0x0000000000900000-0x000000000090E000-memory.dmp

Filesize
56KB

Download
memory/1008-181-0x00000000002E0000-0x00000000002E8000-memory.dmp

Filesize
32KB

Download
memory/1008-177-0x0000000004E30000-0x0000000004F1A000-memory.dmp

Filesize
936KB

Download
memory/1008-190-0x00000000056F0000-0x00000000057A0000-memory.dmp

Filesize
704KB

Download
memory/1008-196-0x00000000005B0000-0x00000000005BE000-memory.dmp

Filesize
56KB

Download
memory/1008-173-0x0000000004950000-0x00000000049B8000-memory.dmp

Filesize
416KB

Download
memory/1008-186-0x00000000052A0000-0x00000000052E0000-memory.dmp

Filesize
256KB

Download
memory/1008-215-0x00000000052A0000-0x00000000052E0000-memory.dmp

Filesize
256KB

Download
memory/1008-216-0x00000000049D0000-0x00000000049DA000-memory.dmp

Filesize
40KB

Download
memory/1008-217-0x00000000052A0000-0x00000000052E0000-memory.dmp

Filesize
256KB

Download
memory/1008-230-0x00000000052A0000-0x00000000052E0000-memory.dmp

Filesize
256KB

Download
memory/1008-231-0x00000000052A0000-0x00000000052E0000-memory.dmp

Filesize
256KB

Download
memory/1008-232-0x00000000052A0000-0x00000000052E0000-memory.dmp

Filesize
256KB

Download
memory/1008-233-0x00000000049D0000-0x00000000049DA000-memory.dmp

Filesize
40KB

Download
memory/1008-165-0x0000000000800000-0x0000000000866000-memory.dmp

Filesize
408KB

Download