a557f8d4829535121ad1a1361c84e7e5dd239a949b5b81f500a902b417bc959f

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2023 12:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Visual_Studio_Professional_2022.exe
Size

2.0MB
MD5

461256961faba6f8f7ef75a552b753e1
SHA1

7b5f02b6dc84d14af8dd0788d28603c5aa11b7a5
SHA256

a557f8d4829535121ad1a1361c84e7e5dd239a949b5b81f500a902b417bc959f
SHA512

de9ae114761ffee8601be562d623360c59f7932f044fff408a68aa76784c8068e6b21c723d84f8e6c33c9a10be0d2e461c3ab7d9e4c25b822f6b4ee7425f31de
SSDEEP

49152:Pl9HGUVwLRKI8mIAbYCUQJkwpdP4ATKMXQRVSWPVSNuqgWxUPFtaN:PjGUGLR3YCUQJk4P1XETVSUL9tE

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\Control Panel\International\Geo\Nation	Visual_Studio_Professional_2022.exe

Executes dropped EXE 1 IoCs

pid	Process
3376	vs_setup_bootstrapper.exe

Loads dropped DLL 27 IoCs

pid	Process
3376	vs_setup_bootstrapper.exe
3376	vs_setup_bootstrapper.exe
3376	vs_setup_bootstrapper.exe
3376	vs_setup_bootstrapper.exe
3376	vs_setup_bootstrapper.exe
3376	vs_setup_bootstrapper.exe
3376	vs_setup_bootstrapper.exe
3376	vs_setup_bootstrapper.exe
3376	vs_setup_bootstrapper.exe
3376	vs_setup_bootstrapper.exe
3376	vs_setup_bootstrapper.exe
3376	vs_setup_bootstrapper.exe
3376	vs_setup_bootstrapper.exe
3376	vs_setup_bootstrapper.exe
3376	vs_setup_bootstrapper.exe
3376	vs_setup_bootstrapper.exe
3376	vs_setup_bootstrapper.exe
3376	vs_setup_bootstrapper.exe
3376	vs_setup_bootstrapper.exe
3376	vs_setup_bootstrapper.exe
3376	vs_setup_bootstrapper.exe
3376	vs_setup_bootstrapper.exe
3376	vs_setup_bootstrapper.exe
3376	vs_setup_bootstrapper.exe
3376	vs_setup_bootstrapper.exe
3376	vs_setup_bootstrapper.exe
3376	vs_setup_bootstrapper.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	vs_setup_bootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	vs_setup_bootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	vs_setup_bootstrapper.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
3376	vs_setup_bootstrapper.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3376	vs_setup_bootstrapper.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2404 wrote to memory of 3376	2404	Visual_Studio_Professional_2022.exe	86
PID 2404 wrote to memory of 3376	2404	Visual_Studio_Professional_2022.exe	86
PID 2404 wrote to memory of 3376	2404	Visual_Studio_Professional_2022.exe	86
PID 3376 wrote to memory of 4588	3376	vs_setup_bootstrapper.exe	90
PID 3376 wrote to memory of 4588	3376	vs_setup_bootstrapper.exe	90
PID 3376 wrote to memory of 4588	3376	vs_setup_bootstrapper.exe	90

C:\Users\Admin\AppData\Local\Temp\Visual_Studio_Professional_2022.exe
"C:\Users\Admin\AppData\Local\Temp\Visual_Studio_Professional_2022.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:2404
- C:\Users\Admin\AppData\Local\Temp\a54fd0825f1b9d6abd0717d3828c\vs_bootstrapper_d15\vs_setup_bootstrapper.exe
  "C:\Users\Admin\AppData\Local\Temp\a54fd0825f1b9d6abd0717d3828c\vs_bootstrapper_d15\vs_setup_bootstrapper.exe" --env "_SFX_CAB_EXE_PACKAGE:C:\Users\Admin\AppData\Local\Temp\Visual_Studio_Professional_2022.exe _SFX_CAB_EXE_ORIGINALWORKINGDIR:C:\Users\Admin\AppData\Local\Temp"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:3376
- - C:\Windows\SysWOW64\getmac.exe
    "getmac"
    3⤵
    PID:4588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Microsoft Visual Studio\prpbg.dat.bak

Filesize
524B

MD5
7cdbf8abe79adbccf53bb448bf79735d

SHA1
b1104cbff1857ef5e173ccbf19dc58ff4f0a5ba3

SHA256
19b102ec13f97f184a581261faf938842533f7d76b4586aad73caba861abffc7

SHA512
e7af584aa3a3ad80e2728bc8d365a1c30a2c40bae04d509da5510c6b9c40bb1900deb1bb7156f71fd78655a737a3ed876fb1ea16baeb8f1da6c541a173062aea

Download Submit
C:\ProgramData\Microsoft\VisualStudio\Packages\_bootstrapper\vs_setup_bootstrapper_202311231241433532.json

Filesize
165B

MD5
dae30b60e540cd3509d2f3abb6d4bec6

SHA1
6ad6db8516b6cbd77b5f709e04ff964991c9ae8a

SHA256
a6e6d2fe55f6b542960b26e095c71277a05852854b2e785a6bffb55aaa59a50a

SHA512
19595061aa05f7cb8898b0b84d8967e77ffd37e8edbe2eb82bf9de12c2f5a4abf2d6616f557db95955f0f2856674193d9822e01b18fdb17a27074b78eeb0db63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\VSApplicationInsights\vstelAIF-312cbd79-9dbb-4c48-a7da-3cc2a931cb70\20231123124215_08875dcd17a7423c9f1e27da998d1105.trn

Filesize
8KB

MD5
5c9c06a27146d1ce9782207f34bfa603

SHA1
3055b2e9c1cfcf9c71b6eee21d250118665a8619

SHA256
8c71634083762fed13c38fa101486d1f28cba4e1a221817f2e5954182cf347d3

SHA512
4d12beeac0d013f1bc3a627af64bf234982cfbfe2571aa7802e657a8b587c31fc3b62663041e8e43972cff2bb260313fd255e8e228547fbd720bb62b24cb394a

Download Submit
C:\Users\Admin\AppData\Local\Temp\a54fd0825f1b9d6abd0717d3828c\vs_bootstrapper_d15\Microsoft.C2RSignatureReader.Interop.dll

Filesize
17KB

MD5
579b12efca1e29b19750b9ff0190190a

SHA1
8bb92f33a0e6d005036d4ac67b0bdcf3f616218b

SHA256
e30cc6445618da290d5c2fa290539de7de3fa5fc6aace714ddac3f2f2f25eecc

SHA512
b745ac3e0445234929782291688f2668a3c5ce2aeef267c45e740cac9bf74bd35bf9cc60574d172b88316440f7d6349b49586d1a3efca90a271b7a1fbad8e96e

Download Submit
C:\Users\Admin\AppData\Local\Temp\a54fd0825f1b9d6abd0717d3828c\vs_bootstrapper_d15\Microsoft.C2RSignatureReader.Interop.dll

Filesize
17KB

MD5
579b12efca1e29b19750b9ff0190190a

SHA1
8bb92f33a0e6d005036d4ac67b0bdcf3f616218b

SHA256
e30cc6445618da290d5c2fa290539de7de3fa5fc6aace714ddac3f2f2f25eecc

SHA512
b745ac3e0445234929782291688f2668a3c5ce2aeef267c45e740cac9bf74bd35bf9cc60574d172b88316440f7d6349b49586d1a3efca90a271b7a1fbad8e96e

Download Submit
C:\Users\Admin\AppData\Local\Temp\a54fd0825f1b9d6abd0717d3828c\vs_bootstrapper_d15\Microsoft.C2RSignatureReader.Interop.dll

Filesize
17KB

MD5
579b12efca1e29b19750b9ff0190190a

SHA1
8bb92f33a0e6d005036d4ac67b0bdcf3f616218b

SHA256
e30cc6445618da290d5c2fa290539de7de3fa5fc6aace714ddac3f2f2f25eecc

SHA512
b745ac3e0445234929782291688f2668a3c5ce2aeef267c45e740cac9bf74bd35bf9cc60574d172b88316440f7d6349b49586d1a3efca90a271b7a1fbad8e96e

Download Submit
C:\Users\Admin\AppData\Local\Temp\a54fd0825f1b9d6abd0717d3828c\vs_bootstrapper_d15\Microsoft.C2RSignatureReader.Native.dll

Filesize
113KB

MD5
644b4e9ac5939473b4b1811debb1f8b6

SHA1
8009a2304d97ede51ec241386293ce9a91440213

SHA256
3d7c703bfc3238bc639bebb992f879ecf9700bcd1f01892bae11507945f6fcd5

SHA512
0470e6075bcaf583946acf99ee90af217c839ef5e61421034029811b8ed8dbaa39538f789f9886682d9913c6cabcf551ac462729eb324bcec5c65ec40c9c33e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\a54fd0825f1b9d6abd0717d3828c\vs_bootstrapper_d15\Microsoft.C2RSignatureReader.Native.dll

Filesize
113KB

MD5
644b4e9ac5939473b4b1811debb1f8b6

SHA1
8009a2304d97ede51ec241386293ce9a91440213

SHA256
3d7c703bfc3238bc639bebb992f879ecf9700bcd1f01892bae11507945f6fcd5

SHA512
0470e6075bcaf583946acf99ee90af217c839ef5e61421034029811b8ed8dbaa39538f789f9886682d9913c6cabcf551ac462729eb324bcec5c65ec40c9c33e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\a54fd0825f1b9d6abd0717d3828c\vs_bootstrapper_d15\Microsoft.Identity.Client.Desktop.dll

Filesize
118KB

MD5
ecf495eecf6b33c57cabb0dd32f031c7

SHA1
ea2033093b466b8d25492676c4712f350de036e6

SHA256
77345b039dd1e568d9bbf6a2efbb0f25c6e9cd4de596dea6a65fd76a8e8e9c10

SHA512
9721d7f04f4935eb10cc22f5c1891ba5a2a4a45032517c31f2abc5a52fed1d2658ab71805337b681d10b3038fa3bdf0eefc4f71bdad837979fc8d94d099c1cc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\a54fd0825f1b9d6abd0717d3828c\vs_bootstrapper_d15\Microsoft.Identity.Client.Desktop.dll

Filesize
118KB

MD5
ecf495eecf6b33c57cabb0dd32f031c7

SHA1
ea2033093b466b8d25492676c4712f350de036e6

SHA256
77345b039dd1e568d9bbf6a2efbb0f25c6e9cd4de596dea6a65fd76a8e8e9c10

SHA512
9721d7f04f4935eb10cc22f5c1891ba5a2a4a45032517c31f2abc5a52fed1d2658ab71805337b681d10b3038fa3bdf0eefc4f71bdad837979fc8d94d099c1cc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\a54fd0825f1b9d6abd0717d3828c\vs_bootstrapper_d15\Microsoft.Identity.Client.Desktop.dll

Filesize
118KB

MD5
ecf495eecf6b33c57cabb0dd32f031c7

SHA1
ea2033093b466b8d25492676c4712f350de036e6

SHA256
77345b039dd1e568d9bbf6a2efbb0f25c6e9cd4de596dea6a65fd76a8e8e9c10

SHA512
9721d7f04f4935eb10cc22f5c1891ba5a2a4a45032517c31f2abc5a52fed1d2658ab71805337b681d10b3038fa3bdf0eefc4f71bdad837979fc8d94d099c1cc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\a54fd0825f1b9d6abd0717d3828c\vs_bootstrapper_d15\Microsoft.Identity.Client.Extensions.Msal.dll

Filesize
60KB

MD5
a86f1eadfe4fb7654eb8f055c41d79d6

SHA1
e07f0dd643bae3bbf7014a7dcc9e4a127b598884

SHA256
9528a833c216143374a39fc64c7142225e7e556992377d1356c19a9eef100604

SHA512
02c3758c735e4222362d1ae480192cc4374b5d18a2695df40a00aaf870bbc437acd9f958f56664b12b5b6696b6b803236e73a0ae5e900f0f489f8f93acdca3a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\a54fd0825f1b9d6abd0717d3828c\vs_bootstrapper_d15\Microsoft.Identity.Client.Extensions.Msal.dll

Filesize
60KB

MD5
a86f1eadfe4fb7654eb8f055c41d79d6

SHA1
e07f0dd643bae3bbf7014a7dcc9e4a127b598884

SHA256
9528a833c216143374a39fc64c7142225e7e556992377d1356c19a9eef100604

SHA512
02c3758c735e4222362d1ae480192cc4374b5d18a2695df40a00aaf870bbc437acd9f958f56664b12b5b6696b6b803236e73a0ae5e900f0f489f8f93acdca3a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\a54fd0825f1b9d6abd0717d3828c\vs_bootstrapper_d15\Microsoft.Identity.Client.Extensions.Msal.dll

Filesize
60KB

MD5
a86f1eadfe4fb7654eb8f055c41d79d6

SHA1
e07f0dd643bae3bbf7014a7dcc9e4a127b598884

SHA256
9528a833c216143374a39fc64c7142225e7e556992377d1356c19a9eef100604

SHA512
02c3758c735e4222362d1ae480192cc4374b5d18a2695df40a00aaf870bbc437acd9f958f56664b12b5b6696b6b803236e73a0ae5e900f0f489f8f93acdca3a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\a54fd0825f1b9d6abd0717d3828c\vs_bootstrapper_d15\Microsoft.Identity.Client.dll

Filesize
1.4MB

MD5
0bb3c5ff02c3a2d5060decc092f7cfa6

SHA1
20f1e9836e12294f57c8b13b00522b1f82c1d3bf

SHA256
2267c145e814ae9b95d070cd71ed2746fd6eb1bf6891afd48b4f4c508cf22840

SHA512
492ea89ac2f2f25edb02ba4a6e6758b44eb3a93ef331657d7250f112d3dbc6ca3b053085821cac4e79f4ec10fdcce0240d6c8e3c492154ccf258656f8617b2bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\a54fd0825f1b9d6abd0717d3828c\vs_bootstrapper_d15\Microsoft.Identity.Client.dll

Filesize
1.4MB

MD5
0bb3c5ff02c3a2d5060decc092f7cfa6

SHA1
20f1e9836e12294f57c8b13b00522b1f82c1d3bf

SHA256
2267c145e814ae9b95d070cd71ed2746fd6eb1bf6891afd48b4f4c508cf22840

SHA512
492ea89ac2f2f25edb02ba4a6e6758b44eb3a93ef331657d7250f112d3dbc6ca3b053085821cac4e79f4ec10fdcce0240d6c8e3c492154ccf258656f8617b2bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\a54fd0825f1b9d6abd0717d3828c\vs_bootstrapper_d15\Microsoft.Identity.Client.dll

Filesize
1.4MB

MD5
0bb3c5ff02c3a2d5060decc092f7cfa6

SHA1
20f1e9836e12294f57c8b13b00522b1f82c1d3bf

SHA256
2267c145e814ae9b95d070cd71ed2746fd6eb1bf6891afd48b4f4c508cf22840

SHA512
492ea89ac2f2f25edb02ba4a6e6758b44eb3a93ef331657d7250f112d3dbc6ca3b053085821cac4e79f4ec10fdcce0240d6c8e3c492154ccf258656f8617b2bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\a54fd0825f1b9d6abd0717d3828c\vs_bootstrapper_d15\Microsoft.VisualStudio.RemoteControl.dll

Filesize
44KB

MD5
2338953ae2ab47de1703f27e872e84ba

SHA1
2765b2f2cd04a0e1df7556da551ce9d763bc5c4d

SHA256
bfc4890087c01f629fa09e744e5a861f9f68b504100cbcf805855fa5906d61c7

SHA512
417ce0ef8344409ebd05b8c52b58a3960489fe810b95af31e72430690ffb8258042a73e205fc27396731113ad84302ff898821b4f2db2b9d4fa2b2293ccca872

Download Submit
C:\Users\Admin\AppData\Local\Temp\a54fd0825f1b9d6abd0717d3828c\vs_bootstrapper_d15\Microsoft.VisualStudio.RemoteControl.dll

Filesize
44KB

MD5
2338953ae2ab47de1703f27e872e84ba

SHA1
2765b2f2cd04a0e1df7556da551ce9d763bc5c4d

SHA256
bfc4890087c01f629fa09e744e5a861f9f68b504100cbcf805855fa5906d61c7

SHA512
417ce0ef8344409ebd05b8c52b58a3960489fe810b95af31e72430690ffb8258042a73e205fc27396731113ad84302ff898821b4f2db2b9d4fa2b2293ccca872

Download Submit
C:\Users\Admin\AppData\Local\Temp\a54fd0825f1b9d6abd0717d3828c\vs_bootstrapper_d15\Microsoft.VisualStudio.RemoteControl.dll

Filesize
44KB

MD5
2338953ae2ab47de1703f27e872e84ba

SHA1
2765b2f2cd04a0e1df7556da551ce9d763bc5c4d

SHA256
bfc4890087c01f629fa09e744e5a861f9f68b504100cbcf805855fa5906d61c7

SHA512
417ce0ef8344409ebd05b8c52b58a3960489fe810b95af31e72430690ffb8258042a73e205fc27396731113ad84302ff898821b4f2db2b9d4fa2b2293ccca872

Download Submit
C:\Users\Admin\AppData\Local\Temp\a54fd0825f1b9d6abd0717d3828c\vs_bootstrapper_d15\Microsoft.VisualStudio.Setup.Common.dll

Filesize
397KB

MD5
7575499a7452af3dd895d04c85dd9cd5

SHA1
726839986cdf10283e12323d832021bb22230ba0

SHA256
d21d3c45e1724d86ccc6d766741dcb69f428a0c539753f3e8ab9767fe19497e7

SHA512
868b9176e0ca16426d552829fa1ad73b0cfface0b1232a5868994c1b3cbbf02c9698452a81f31d0eeda50a84356a43825975d38eb51ce4bc11d2e5db5ac505f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\a54fd0825f1b9d6abd0717d3828c\vs_bootstrapper_d15\Microsoft.VisualStudio.Setup.Common.dll

Filesize
397KB

MD5
7575499a7452af3dd895d04c85dd9cd5

SHA1
726839986cdf10283e12323d832021bb22230ba0

SHA256
d21d3c45e1724d86ccc6d766741dcb69f428a0c539753f3e8ab9767fe19497e7

SHA512
868b9176e0ca16426d552829fa1ad73b0cfface0b1232a5868994c1b3cbbf02c9698452a81f31d0eeda50a84356a43825975d38eb51ce4bc11d2e5db5ac505f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\a54fd0825f1b9d6abd0717d3828c\vs_bootstrapper_d15\Microsoft.VisualStudio.Setup.Common.dll

Filesize
397KB

MD5
7575499a7452af3dd895d04c85dd9cd5

SHA1
726839986cdf10283e12323d832021bb22230ba0

SHA256
d21d3c45e1724d86ccc6d766741dcb69f428a0c539753f3e8ab9767fe19497e7

SHA512
868b9176e0ca16426d552829fa1ad73b0cfface0b1232a5868994c1b3cbbf02c9698452a81f31d0eeda50a84356a43825975d38eb51ce4bc11d2e5db5ac505f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\a54fd0825f1b9d6abd0717d3828c\vs_bootstrapper_d15\Microsoft.VisualStudio.Setup.Download.dll

Filesize
125KB

MD5
b961b81df14e716328f3de6a2e372d28

SHA1
d138401c82daf89c76e550268ab2532efe93fc7c

SHA256
2b001a4337292c46fafc8113c89ac495aaa776ae01de8884d7853665e9065c08

SHA512
cb54092b12461baa21e321c7bf12e831a0b9aff426890e818e24a88d9a9b0bbc3834b38c5e932448c5440a105b594a52beaf7d6ea8dc7f1f67049729c6a9880d

Download Submit
C:\Users\Admin\AppData\Local\Temp\a54fd0825f1b9d6abd0717d3828c\vs_bootstrapper_d15\Microsoft.VisualStudio.Setup.Download.dll

Filesize
125KB

MD5
b961b81df14e716328f3de6a2e372d28

SHA1
d138401c82daf89c76e550268ab2532efe93fc7c

SHA256
2b001a4337292c46fafc8113c89ac495aaa776ae01de8884d7853665e9065c08

SHA512
cb54092b12461baa21e321c7bf12e831a0b9aff426890e818e24a88d9a9b0bbc3834b38c5e932448c5440a105b594a52beaf7d6ea8dc7f1f67049729c6a9880d

Download Submit
C:\Users\Admin\AppData\Local\Temp\a54fd0825f1b9d6abd0717d3828c\vs_bootstrapper_d15\Microsoft.VisualStudio.Setup.Download.dll

Filesize
125KB

MD5
b961b81df14e716328f3de6a2e372d28

SHA1
d138401c82daf89c76e550268ab2532efe93fc7c

SHA256
2b001a4337292c46fafc8113c89ac495aaa776ae01de8884d7853665e9065c08

SHA512
cb54092b12461baa21e321c7bf12e831a0b9aff426890e818e24a88d9a9b0bbc3834b38c5e932448c5440a105b594a52beaf7d6ea8dc7f1f67049729c6a9880d

Download Submit
C:\Users\Admin\AppData\Local\Temp\a54fd0825f1b9d6abd0717d3828c\vs_bootstrapper_d15\Microsoft.VisualStudio.Setup.dll

Filesize
1.2MB

MD5
b1fcd5fe1c64764d3f47081f712140ac

SHA1
f6ea2360ed56634e1792bd5580a4aaad79324f48

SHA256
7c55c5684224c98a24f447ed67125a5222d0320d2b15ede2e54db2d1361e99b2

SHA512
583081b44d34e2737c72f2add7b64636c015526735663bec9b0a989f18f7109b99c48c623c56994a7af8b35e8df7e1258d1bb89ceaff39ada34d319168097a4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\a54fd0825f1b9d6abd0717d3828c\vs_bootstrapper_d15\Microsoft.VisualStudio.Setup.dll

Filesize
1.2MB

MD5
b1fcd5fe1c64764d3f47081f712140ac

SHA1
f6ea2360ed56634e1792bd5580a4aaad79324f48

SHA256
7c55c5684224c98a24f447ed67125a5222d0320d2b15ede2e54db2d1361e99b2

SHA512
583081b44d34e2737c72f2add7b64636c015526735663bec9b0a989f18f7109b99c48c623c56994a7af8b35e8df7e1258d1bb89ceaff39ada34d319168097a4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\a54fd0825f1b9d6abd0717d3828c\vs_bootstrapper_d15\Microsoft.VisualStudio.Setup.dll

Filesize
1.2MB

MD5
b1fcd5fe1c64764d3f47081f712140ac

SHA1
f6ea2360ed56634e1792bd5580a4aaad79324f48

SHA256
7c55c5684224c98a24f447ed67125a5222d0320d2b15ede2e54db2d1361e99b2

SHA512
583081b44d34e2737c72f2add7b64636c015526735663bec9b0a989f18f7109b99c48c623c56994a7af8b35e8df7e1258d1bb89ceaff39ada34d319168097a4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\a54fd0825f1b9d6abd0717d3828c\vs_bootstrapper_d15\Microsoft.VisualStudio.Telemetry.dll

Filesize
889KB

MD5
787255f0f463b3790e3d091b2da6f1de

SHA1
3465e98980508880d61f46b71957bfbe2942d2d3

SHA256
1fba21daaf49d54f5a915ac636828b08e6a3cf36799ab791810f32943676c325

SHA512
918f0cb02d2e3fa9da3a69a6cb41c71602c343ac88d4cbb33d4b2c7d07ec007c92866eb2b289dfd335b8e2c013b8ce3c41144abbd42a3464ba2ea911e4c43aca

Download Submit
C:\Users\Admin\AppData\Local\Temp\a54fd0825f1b9d6abd0717d3828c\vs_bootstrapper_d15\Microsoft.VisualStudio.Telemetry.dll

Filesize
889KB

MD5
787255f0f463b3790e3d091b2da6f1de

SHA1
3465e98980508880d61f46b71957bfbe2942d2d3

SHA256
1fba21daaf49d54f5a915ac636828b08e6a3cf36799ab791810f32943676c325

SHA512
918f0cb02d2e3fa9da3a69a6cb41c71602c343ac88d4cbb33d4b2c7d07ec007c92866eb2b289dfd335b8e2c013b8ce3c41144abbd42a3464ba2ea911e4c43aca

Download Submit
C:\Users\Admin\AppData\Local\Temp\a54fd0825f1b9d6abd0717d3828c\vs_bootstrapper_d15\Microsoft.VisualStudio.Telemetry.dll

Filesize
889KB

MD5
787255f0f463b3790e3d091b2da6f1de

SHA1
3465e98980508880d61f46b71957bfbe2942d2d3

SHA256
1fba21daaf49d54f5a915ac636828b08e6a3cf36799ab791810f32943676c325

SHA512
918f0cb02d2e3fa9da3a69a6cb41c71602c343ac88d4cbb33d4b2c7d07ec007c92866eb2b289dfd335b8e2c013b8ce3c41144abbd42a3464ba2ea911e4c43aca

Download Submit
C:\Users\Admin\AppData\Local\Temp\a54fd0825f1b9d6abd0717d3828c\vs_bootstrapper_d15\Microsoft.VisualStudio.Utilities.Internal.dll

Filesize
40KB

MD5
631ae3224b2d54238a3d63772550b6fa

SHA1
0e15692d2993c0e9100fa3f0794cabc1368eb106

SHA256
e003d6e7e00b59586ff2899f303a1a15db579a67c42a70761b94474af9c82024

SHA512
966219949bd5e152ffc1c7530bfb3206e952957afed023e53d12e6bc6da4fd54f8e0fbb94708783bb2afad842b7d13790c20e3963117367ec3f3aef5e6cadbfa

Download Submit
C:\Users\Admin\AppData\Local\Temp\a54fd0825f1b9d6abd0717d3828c\vs_bootstrapper_d15\Microsoft.VisualStudio.Utilities.Internal.dll

Filesize
40KB

MD5
631ae3224b2d54238a3d63772550b6fa

SHA1
0e15692d2993c0e9100fa3f0794cabc1368eb106

SHA256
e003d6e7e00b59586ff2899f303a1a15db579a67c42a70761b94474af9c82024

SHA512
966219949bd5e152ffc1c7530bfb3206e952957afed023e53d12e6bc6da4fd54f8e0fbb94708783bb2afad842b7d13790c20e3963117367ec3f3aef5e6cadbfa

Download Submit
C:\Users\Admin\AppData\Local\Temp\a54fd0825f1b9d6abd0717d3828c\vs_bootstrapper_d15\Microsoft.VisualStudio.Utilities.Internal.dll

Filesize
40KB

MD5
631ae3224b2d54238a3d63772550b6fa

SHA1
0e15692d2993c0e9100fa3f0794cabc1368eb106

SHA256
e003d6e7e00b59586ff2899f303a1a15db579a67c42a70761b94474af9c82024

SHA512
966219949bd5e152ffc1c7530bfb3206e952957afed023e53d12e6bc6da4fd54f8e0fbb94708783bb2afad842b7d13790c20e3963117367ec3f3aef5e6cadbfa

Download Submit
C:\Users\Admin\AppData\Local\Temp\a54fd0825f1b9d6abd0717d3828c\vs_bootstrapper_d15\Newtonsoft.Json.dll

Filesize
685KB

MD5
081d9558bbb7adce142da153b2d5577a

SHA1
7d0ad03fbda1c24f883116b940717e596073ae96

SHA256
b624949df8b0e3a6153fdfb730a7c6f4990b6592ee0d922e1788433d276610f3

SHA512
2fdf035661f349206f58ea1feed8805b7f9517a21f9c113e7301c69de160f184c774350a12a710046e3ff6baa37345d319b6f47fd24fbba4e042d54014bee511

Download Submit
C:\Users\Admin\AppData\Local\Temp\a54fd0825f1b9d6abd0717d3828c\vs_bootstrapper_d15\Newtonsoft.Json.dll

Filesize
685KB

MD5
081d9558bbb7adce142da153b2d5577a

SHA1
7d0ad03fbda1c24f883116b940717e596073ae96

SHA256
b624949df8b0e3a6153fdfb730a7c6f4990b6592ee0d922e1788433d276610f3

SHA512
2fdf035661f349206f58ea1feed8805b7f9517a21f9c113e7301c69de160f184c774350a12a710046e3ff6baa37345d319b6f47fd24fbba4e042d54014bee511

Download Submit
C:\Users\Admin\AppData\Local\Temp\a54fd0825f1b9d6abd0717d3828c\vs_bootstrapper_d15\Newtonsoft.Json.dll

Filesize
685KB

MD5
081d9558bbb7adce142da153b2d5577a

SHA1
7d0ad03fbda1c24f883116b940717e596073ae96

SHA256
b624949df8b0e3a6153fdfb730a7c6f4990b6592ee0d922e1788433d276610f3

SHA512
2fdf035661f349206f58ea1feed8805b7f9517a21f9c113e7301c69de160f184c774350a12a710046e3ff6baa37345d319b6f47fd24fbba4e042d54014bee511

Download Submit
C:\Users\Admin\AppData\Local\Temp\a54fd0825f1b9d6abd0717d3828c\vs_bootstrapper_d15\System.Memory.dll

Filesize
134KB

MD5
6e6b7b9faa684d668aef8589f41f368c

SHA1
74373d82e6b9f3236df0e8aa555ecf510b9a6f2b

SHA256
06ea95f8388a6b031acb2449fd5663d9d26d720ae13df80c800805f896734430

SHA512
1c656a7dd4a4cff92e671771e43d907a279eb9092735e3812480dad7067a2f94bf0c3346a5d6ff0f2131c21ce9f989b386b9a72ec267e8ab36d3f1909ec1a33e

Download Submit
C:\Users\Admin\AppData\Local\Temp\a54fd0825f1b9d6abd0717d3828c\vs_bootstrapper_d15\System.Memory.dll

Filesize
134KB

MD5
6e6b7b9faa684d668aef8589f41f368c

SHA1
74373d82e6b9f3236df0e8aa555ecf510b9a6f2b

SHA256
06ea95f8388a6b031acb2449fd5663d9d26d720ae13df80c800805f896734430

SHA512
1c656a7dd4a4cff92e671771e43d907a279eb9092735e3812480dad7067a2f94bf0c3346a5d6ff0f2131c21ce9f989b386b9a72ec267e8ab36d3f1909ec1a33e

Download Submit
C:\Users\Admin\AppData\Local\Temp\a54fd0825f1b9d6abd0717d3828c\vs_bootstrapper_d15\System.Memory.dll

Filesize
134KB

MD5
6e6b7b9faa684d668aef8589f41f368c

SHA1
74373d82e6b9f3236df0e8aa555ecf510b9a6f2b

SHA256
06ea95f8388a6b031acb2449fd5663d9d26d720ae13df80c800805f896734430

SHA512
1c656a7dd4a4cff92e671771e43d907a279eb9092735e3812480dad7067a2f94bf0c3346a5d6ff0f2131c21ce9f989b386b9a72ec267e8ab36d3f1909ec1a33e

Download Submit
C:\Users\Admin\AppData\Local\Temp\a54fd0825f1b9d6abd0717d3828c\vs_bootstrapper_d15\System.Runtime.CompilerServices.Unsafe.dll

Filesize
16KB

MD5
9a341540899dcc5630886f2d921be78f

SHA1
bab44612721c3dc91ac3d9dfca7c961a3a511508

SHA256
3cadcb6b8a7335141c7c357a1d77af1ff49b59b872df494f5025580191d1c0d5

SHA512
066984c83de975df03eee1c2b5150c6b9b2e852d9caf90cfd956e9f0f7bd5a956b96ea961b26f7cd14c089bc8a27f868b225167020c5eb6318f66e58113efa37

Download Submit
C:\Users\Admin\AppData\Local\Temp\a54fd0825f1b9d6abd0717d3828c\vs_bootstrapper_d15\System.Runtime.CompilerServices.Unsafe.dll

Filesize
16KB

MD5
9a341540899dcc5630886f2d921be78f

SHA1
bab44612721c3dc91ac3d9dfca7c961a3a511508

SHA256
3cadcb6b8a7335141c7c357a1d77af1ff49b59b872df494f5025580191d1c0d5

SHA512
066984c83de975df03eee1c2b5150c6b9b2e852d9caf90cfd956e9f0f7bd5a956b96ea961b26f7cd14c089bc8a27f868b225167020c5eb6318f66e58113efa37

Download Submit
C:\Users\Admin\AppData\Local\Temp\a54fd0825f1b9d6abd0717d3828c\vs_bootstrapper_d15\System.Runtime.CompilerServices.Unsafe.dll

Filesize
16KB

MD5
9a341540899dcc5630886f2d921be78f

SHA1
bab44612721c3dc91ac3d9dfca7c961a3a511508

SHA256
3cadcb6b8a7335141c7c357a1d77af1ff49b59b872df494f5025580191d1c0d5

SHA512
066984c83de975df03eee1c2b5150c6b9b2e852d9caf90cfd956e9f0f7bd5a956b96ea961b26f7cd14c089bc8a27f868b225167020c5eb6318f66e58113efa37

Download Submit
C:\Users\Admin\AppData\Local\Temp\a54fd0825f1b9d6abd0717d3828c\vs_bootstrapper_d15\detection.json

Filesize
8KB

MD5
782f4beae90d11351db508f38271eb26

SHA1
f1e92aea9e2cd005c2fb6d4face0258d4f1d8b6c

SHA256
c828a2e5b4045ce36ecf5b49d33d6404c9d6f865df9b3c9623787c2332df07d9

SHA512
0a02beeca5c4e64044692b665507378e6f8b38e519a17c3ceccca1e87f85e1e2e7b3598e598fc84c962d3a5c723b28b52ee0351faaec82a846f0313f3c21e0e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\a54fd0825f1b9d6abd0717d3828c\vs_bootstrapper_d15\vs_setup_bootstrapper.config

Filesize
616B

MD5
9d6b2aeb1de2379f1df16d7bf8a26b17

SHA1
402da61b177c9b42556b98803662a9d1c10dbc02

SHA256
4285c9d027fbef2b8386f89458794ffa0a8fc46c775dde7ede52dd7a126ee132

SHA512
81a983d1710d309770d6e1506041c2974578cea3c1ba5e1a27e21ff1e6589f104fd75f9d722994fce2e2993f0a5052fb20c220e22c5557fb2acfc6621c128d39

Download Submit
C:\Users\Admin\AppData\Local\Temp\a54fd0825f1b9d6abd0717d3828c\vs_bootstrapper_d15\vs_setup_bootstrapper.exe

Filesize
398KB

MD5
ea83242e79d47d78e259dd9b1860385a

SHA1
99d2d9b7d5e8d97a66109b6930e79b29942dd4c5

SHA256
85696deb2df7b3bf0a4a3c7a9127aa8c9d059223fac67b76128a06ac59329f18

SHA512
bdfe0ce39d58943f0da75f48b707b0e472a726d996da2297dcde9a1d01b169d1df2fd6431a7d22c2175cee7923bd4e5fcbf67239c2b8169e9bb0165ef08715ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\a54fd0825f1b9d6abd0717d3828c\vs_bootstrapper_d15\vs_setup_bootstrapper.exe

Filesize
398KB

MD5
ea83242e79d47d78e259dd9b1860385a

SHA1
99d2d9b7d5e8d97a66109b6930e79b29942dd4c5

SHA256
85696deb2df7b3bf0a4a3c7a9127aa8c9d059223fac67b76128a06ac59329f18

SHA512
bdfe0ce39d58943f0da75f48b707b0e472a726d996da2297dcde9a1d01b169d1df2fd6431a7d22c2175cee7923bd4e5fcbf67239c2b8169e9bb0165ef08715ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\a54fd0825f1b9d6abd0717d3828c\vs_bootstrapper_d15\vs_setup_bootstrapper.exe

Filesize
398KB

MD5
ea83242e79d47d78e259dd9b1860385a

SHA1
99d2d9b7d5e8d97a66109b6930e79b29942dd4c5

SHA256
85696deb2df7b3bf0a4a3c7a9127aa8c9d059223fac67b76128a06ac59329f18

SHA512
bdfe0ce39d58943f0da75f48b707b0e472a726d996da2297dcde9a1d01b169d1df2fd6431a7d22c2175cee7923bd4e5fcbf67239c2b8169e9bb0165ef08715ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\a54fd0825f1b9d6abd0717d3828c\vs_bootstrapper_d15\vs_setup_bootstrapper.exe.config

Filesize
2KB

MD5
60b7b497183070b66c62503891a21a22

SHA1
677a9ccb681b1aae4544755601fa0ac113a10af9

SHA256
437a53ebd7704573871e47ac3fc5069f2ec3921a6b2f4cb47983e80937cfd0eb

SHA512
40098918cdf92d7709104de3d5d04854c688abea55b9c8d1f6446ef3de9d9f0f44a6dbc3baeab46607ba9a64f74690df8ce5b1eb476b0e30d6e15a53077a77b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\a54fd0825f1b9d6abd0717d3828c\vs_bootstrapper_d15\vs_setup_bootstrapper.json

Filesize
165B

MD5
dae30b60e540cd3509d2f3abb6d4bec6

SHA1
6ad6db8516b6cbd77b5f709e04ff964991c9ae8a

SHA256
a6e6d2fe55f6b542960b26e095c71277a05852854b2e785a6bffb55aaa59a50a

SHA512
19595061aa05f7cb8898b0b84d8967e77ffd37e8edbe2eb82bf9de12c2f5a4abf2d6616f557db95955f0f2856674193d9822e01b18fdb17a27074b78eeb0db63

Download Submit
memory/3376-104-0x0000000000970000-0x00000000009D6000-memory.dmp

Filesize
408KB

Download
memory/3376-220-0x0000000005910000-0x0000000005920000-memory.dmp

Filesize
64KB

Download
memory/3376-144-0x0000000005D80000-0x0000000005D88000-memory.dmp

Filesize
32KB

Download
memory/3376-103-0x0000000073070000-0x0000000073820000-memory.dmp

Filesize
7.7MB

Download
memory/3376-157-0x0000000006AF0000-0x0000000006E44000-memory.dmp

Filesize
3.3MB

Download
memory/3376-160-0x0000000007330000-0x0000000007396000-memory.dmp

Filesize
408KB

Download
memory/3376-163-0x00000000075C0000-0x0000000007652000-memory.dmp

Filesize
584KB

Download
memory/3376-112-0x0000000005850000-0x00000000058B6000-memory.dmp

Filesize
408KB

Download
memory/3376-170-0x0000000005910000-0x0000000005920000-memory.dmp

Filesize
64KB

Download
memory/3376-171-0x0000000007E10000-0x00000000083B4000-memory.dmp

Filesize
5.6MB

Download
memory/3376-172-0x0000000007920000-0x0000000007996000-memory.dmp

Filesize
472KB

Download
memory/3376-173-0x0000000007B10000-0x0000000007B18000-memory.dmp

Filesize
32KB

Download
memory/3376-174-0x0000000007B20000-0x0000000007B28000-memory.dmp

Filesize
32KB

Download
memory/3376-175-0x00000000083C0000-0x000000000847A000-memory.dmp

Filesize
744KB

Download
memory/3376-142-0x0000000005D50000-0x0000000005D76000-memory.dmp

Filesize
152KB

Download
memory/3376-108-0x0000000005460000-0x000000000559E000-memory.dmp

Filesize
1.2MB

Download
memory/3376-179-0x00000000085F0000-0x0000000008758000-memory.dmp

Filesize
1.4MB

Download
memory/3376-130-0x0000000005D90000-0x0000000005E40000-memory.dmp

Filesize
704KB

Download
memory/3376-138-0x0000000005900000-0x0000000005908000-memory.dmp

Filesize
32KB

Download
memory/3376-186-0x0000000007CE0000-0x0000000007D02000-memory.dmp

Filesize
136KB

Download
memory/3376-134-0x0000000005CF0000-0x0000000005CFE000-memory.dmp

Filesize
56KB

Download
memory/3376-116-0x00000000059B0000-0x0000000005A92000-memory.dmp

Filesize
904KB

Download
memory/3376-156-0x0000000006970000-0x0000000006992000-memory.dmp

Filesize
136KB

Download
memory/3376-148-0x0000000005F80000-0x0000000005F8E000-memory.dmp

Filesize
56KB

Download
memory/3376-143-0x0000000005D30000-0x0000000005D3A000-memory.dmp

Filesize
40KB

Download
memory/3376-120-0x00000000057E0000-0x00000000057E8000-memory.dmp

Filesize
32KB

Download
memory/3376-192-0x0000000008C60000-0x0000000008CB0000-memory.dmp

Filesize
320KB

Download
memory/3376-125-0x0000000005910000-0x0000000005920000-memory.dmp

Filesize
64KB

Download
memory/3376-202-0x000000000AD40000-0x000000000AD48000-memory.dmp

Filesize
32KB

Download
memory/3376-203-0x000000000AD50000-0x000000000AD58000-memory.dmp

Filesize
32KB

Download
memory/3376-204-0x0000000005910000-0x0000000005920000-memory.dmp

Filesize
64KB

Download
memory/3376-205-0x000000000AD80000-0x000000000AD88000-memory.dmp

Filesize
32KB

Download
memory/3376-206-0x0000000005910000-0x0000000005920000-memory.dmp

Filesize
64KB

Download
memory/3376-207-0x0000000005910000-0x0000000005920000-memory.dmp

Filesize
64KB

Download
memory/3376-208-0x000000000BD70000-0x000000000BDA8000-memory.dmp

Filesize
224KB

Download
memory/3376-209-0x000000000BD50000-0x000000000BD5E000-memory.dmp

Filesize
56KB

Download
memory/3376-213-0x0000000073070000-0x0000000073820000-memory.dmp

Filesize
7.7MB

Download
memory/3376-214-0x0000000005910000-0x0000000005920000-memory.dmp

Filesize
64KB

Download
memory/3376-215-0x0000000005910000-0x0000000005920000-memory.dmp

Filesize
64KB

Download
memory/3376-216-0x0000000005910000-0x0000000005920000-memory.dmp

Filesize
64KB

Download
memory/3376-217-0x0000000005910000-0x0000000005920000-memory.dmp

Filesize
64KB

Download
memory/3376-218-0x0000000005910000-0x0000000005920000-memory.dmp

Filesize
64KB

Download
memory/3376-219-0x0000000005910000-0x0000000005920000-memory.dmp

Filesize
64KB

Download
memory/3376-190-0x0000000008580000-0x0000000008594000-memory.dmp

Filesize
80KB

Download
memory/3376-124-0x0000000005820000-0x0000000005844000-memory.dmp

Filesize
144KB

Download