Malware Analysis Report

2025-08-11 06:03

Sample ID 240222-v2w9cach9v
Target https://visualstudio.microsoft.com/tr/vs/msft-android-emulator/
Tags
discovery persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://visualstudio.microsoft.com/tr/vs/msft-android-emulator/ was found to be: Likely malicious.

Malicious Activity Summary

discovery persistence

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Enumerates connected drives

Adds Run key to start application

Drops desktop.ini file(s)

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

Modifies data under HKEY_USERS

Modifies registry class

Suspicious behavior: AddClipboardFormatListener

Suspicious use of AdjustPrivilegeToken

Uses Volume Shadow Copy service COM API

Checks SCSI registry key(s)

Enumerates system info in registry

Modifies Internet Explorer settings

NTFS ADS

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-22 17:29

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-22 17:29

Reported

2024-02-22 17:43

Platform

win10v2004-20240221-en

Max time kernel

720s

Max time network

726s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://visualstudio.microsoft.com/tr/vs/msft-android-emulator/

Signatures

Downloads MZ/PE file

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8} = "\"C:\\ProgramData\\Package Cache\\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\\vs_emulatorsetup.exe\" /burn.runonce" C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A

Checks installed software on the system

discovery

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini C:\Windows\system32\msiexec.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Microsoft Emulator Manager\1.0\emulatorcmd.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Microsoft Emulator Manager\1.0\Skus\Android\Microsoft.VisualStudio.Emulator.Configuration.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio Emulator for Android\Containers\Local\Platforms\Cabs\api19.cab C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio Emulator for Android\Visual Studio Telemetry 14.0\Newtonsoft.Json.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Emulator Manager\1.0\Skus\Android\Microsoft.Deployment.Compression.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Microsoft Emulator Manager\1.0\Skus\Android\Microsoft.VisualStudio.Emulator.Interface.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio Emulator for Android\automation-api\vsemulator-api.jar C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio Emulator for Android\Visual Studio Telemetry 14.0\Microsoft.Threading.Tasks.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio Emulator for Android\Visual Studio Telemetry 14.0\Microsoft.VisualStudio.Telemetry.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio Emulator for Android\Visual Studio Telemetry 14.0\Microsoft.ApplicationInsights.UniversalTelemetryChannel.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Emulator Manager\1.0\Skus\Android\configurations.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio Emulator for Android\1.0\readme.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Microsoft Emulator Manager\1.0\Microsoft.Emulator.Manager.Contracts.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Microsoft Emulator Manager\1.0\Skus\Android\Microsoft.VisualStudio.Emulator.Manager.Plugin.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio Emulator for Android\Containers\Local\Platforms\api19.cfg C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio Emulator for Android\Visual Studio Telemetry 14.0\Microsoft.ApplicationInsights.Telemetry.Services.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio Emulator for Android\Containers\Local\Platforms\api19.cfg C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio Emulator for Android\1.0\Default\Devices\7_KitKat_(4.4)_XHDPI_Tablet.cfg C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio Emulator for Android\Visual Studio Telemetry 14.0\Microsoft.Threading.Tasks.Extensions.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio Emulator for Android\Containers\Local\Platforms\Cabs\api19.cab C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio Emulator for Android\Visual Studio Telemetry 14.0\Microsoft.ApplicationInsights.PersistenceChannel.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio Emulator for Android\1.0\License.htm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Microsoft Emulator Manager\1.0\Skus\Android\Microsoft.Deployment.Compression.Cab.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio Emulator for Android\1.0\ThirdPartyNotices.txt C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio Emulator for Android\Visual Studio Telemetry 14.0\Microsoft.VisualStudio.Telemetry.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio Emulator for Android\Containers\Local\Platforms\Cabs\AOSP.Notices.Api19.html C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio Emulator for Android\1.0\Default\Devices\5_KitKat_(4.4)_XXHDPI_Phone.cfg C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio Emulator for Android\Visual Studio Telemetry 14.0\Microsoft.Threading.Tasks.Extensions.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio Emulator for Android\Visual Studio Telemetry 14.0\Newtonsoft.Json.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Emulator Manager\1.0\emulatorcmd.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio Emulator for Android\1.0\ThirdPartyNotices.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Microsoft Emulator Manager\1.0\emulatormgr.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio Emulator for Android\1.0\Default\Devices\7_KitKat_(4.4)_XHDPI_Tablet.cfg C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio Emulator for Android\Visual Studio Telemetry 14.0\Microsoft.ApplicationInsights.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio Emulator for Android\Visual Studio Telemetry 14.0\Microsoft.Diagnostics.Tracing.EventSource.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Emulator Manager\1.0\emulatormgr.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Microsoft Emulator Manager\1.0\Skus\Android\configurations.xml C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio Emulator for Android\Visual Studio Telemetry 14.0\Microsoft.ApplicationInsights.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Emulator Manager\1.0\Skus\Android\Microsoft.VisualStudio.Emulator.Interface.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Emulator Manager\1.0\Microsoft.Emulator.Manager.Contracts.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio Emulator for Android\1.0\License.htm C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio Emulator for Android\1.0\readme.txt C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Emulator Manager\1.0\Skus\Android\Microsoft.Deployment.Compression.Cab.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Emulator Manager\1.0\Skus\Android\XdePrereqs.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Emulator Manager\1.0\Skus\Android\Microsoft.VisualStudio.Emulator.Manager.Plugin.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Microsoft Emulator Manager\1.0\Skus\Android\Microsoft.Deployment.Compression.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio Emulator for Android\Visual Studio Telemetry 14.0\Microsoft.ApplicationInsights.Telemetry.Services.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Emulator Manager\1.0\Skus\Android\Microsoft.VisualStudio.Emulator.Configuration.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio Emulator for Android\Visual Studio Telemetry 14.0\Microsoft.ApplicationInsights.UniversalTelemetryChannel.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio Emulator for Android\Visual Studio Telemetry 14.0\Microsoft.Diagnostics.Tracing.EventSource.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio Emulator for Android\Visual Studio Telemetry 14.0\Microsoft.Threading.Tasks.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Microsoft Emulator Manager\1.0\Skus\Android\XdePrereqs.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio Emulator for Android\Containers\Local\Platforms\Cabs\AOSP.Notices.Api19.html C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio Emulator for Android\Visual Studio Telemetry 14.0\Microsoft.ApplicationInsights.PersistenceChannel.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio Emulator for Android\automation-api\vsemulator-api.jar C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio Emulator for Android\1.0\Default\Devices\5_KitKat_(4.4)_XXHDPI_Phone.cfg C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Installer\SourceHash{B3004003-AE8D-4FA8-AB92-1A27BFB07778} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI60B0.tmp-\ManagedCustomActions.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI647B.tmp-\CustomAction.config C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\security.config.cch.new C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\enterprisesec.config.cch.new C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
File created C:\Windows\Installer\e5b24aa.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5b24b3.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\enterprisesec.config.cch.new C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
File created C:\Windows\Installer\SourceHash{9871444B-AC3B-4F91-82CB-F3518942C919} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3920.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e5b24b4.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI2670.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\enterprisesec.config.cch.new C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
File created C:\Windows\assembly\GACLock.dat C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIC6C6.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\security.config.cch.new C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
File created C:\Windows\Installer\e5b24a5.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{9C6D8D13-B800-4EFE-8E60-B56DA768C7A8} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5b24af.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{8D9A034D-4BBB-4BDF-AD36-F9C917483C70} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\security.config.cch.new C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
File created C:\Windows\Installer\e5b24b4.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5b24b8.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6BB0.tmp-\ManagedCustomActions.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\e5b249b.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e5b24aa.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e5b24af.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{2082C038-9610-43A1-9E50-EC9BB4844463} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI60B0.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIBE69.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e5b24b9.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI60B0.tmp-\Microsoft.Deployment.WindowsInstaller.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI6BB0.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9CD4.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\enterprisesec.config.cch.new C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
File created C:\Windows\Installer\e5b249f.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5b24a0.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5b24a4.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI46ED.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6371.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5b249b.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI2E81.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5b24ae.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{B271C250-B5E5-4DAF-8493-CD97309B93FD} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI60B0.tmp-\CustomAction.config C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI6BB0.tmp-\CustomAction.config C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSIA09E.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{CB5EECA6-AA5B-44FE-AD63-0CAE1E6E6510} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e5b24a0.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI5A95.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI647B.tmp-\ManagedCustomActions.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI6BB0.tmp-\Microsoft.Deployment.WindowsInstaller.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Logs\DISM\dism.log C:\Windows\System32\Dism.exe N/A
File opened for modification C:\Windows\Logs\DISM\dism.log C:\Users\Admin\AppData\Local\Temp\61A6F059-8144-4EF0-8745-1577687C5298\dismhost.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\security.config.cch.new C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
File created C:\Windows\Installer\e5b24a9.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5b24b9.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI29EC.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI647B.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI990A.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIAD32.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000eb7a6b2c8ffa81410000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000eb7a6b2c0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900eb7a6b2c000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1deb7a6b2c000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000eb7a6b2c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\25 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\27 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\29 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\22\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\29 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2B C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\23 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\28 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2c C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2C C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2d C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2f C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\23 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\24 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\24 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2D C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2e C:\Windows\system32\msiexec.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Vid = "{0057D0E0-3573-11CF-AE69-08002B2E1262}" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{CB5EECA6-AA5B-44FE-AD63-0CAE1E6E6510}\DisplayName = "Microsoft Visual Studio Emulator for Android" C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6ACEE5BCB5AAEF44DA36C0EAE1E65601\PackageCode = "2E93C51C1E44E884FB12300B8B5AE0B8" C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\052C172B5E5BFAD44839DC7903B939DF\SourceList C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-2#immutable1 = "Manage your Windows credentials." C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-301#immutable1 = "Configure your audio devices or change the sound scheme for your computer." C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\830C280201691A34E905CEB94B484436\Clients = 3a0000000000 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\C886DFED543D28E49AA6A68F1861E49C\3004003BD8EA8AF4BA29A172FB0B7787 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\830C280201691A34E905CEB94B484436 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\4BE80A5448D2387408E9C9D9B78F4E53\830C280201691A34E905CEB94B484436 C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\052C172B5E5BFAD44839DC7903B939DF\Version = "16843374" C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{2082C038-9610-43A1-9E50-EC9BB4844463}\Dependents\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8} C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-1#immutable1 = "Speech Recognition" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-101#immutable1 = "Customize your mouse settings, such as the button configuration, double-click speed, mouse pointers, and motion speed." C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\052C172B5E5BFAD44839DC7903B939DF\PackageCode = "F3038CC6BCA3EF94C8A570896657625B" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3004003BD8EA8AF4BA29A172FB0B7787\DeploymentFlags = "3" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-1#immutable1 = "Phone and Modem" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4313#immutable1 = "Configure your Internet display and connection settings." C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\NodeSlot = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\31D8D6C9008BEFE4E8065BD67A867C8A\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\052C172B5E5BFAD44839DC7903B939DF\Assignment = "1" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\31D8D6C9008BEFE4E8065BD67A867C8A\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{9C6D8D13-B800-4EFE-8E60-B56DA768C7A8}v1.0.60404.1\\" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{CB5EECA6-AA5B-44FE-AD63-0CAE1E6E6510}\Dependents C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{B3004003-AE8D-4FA8-AB92-1A27BFB07778}\Dependents\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8} C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\{8D9A034D-4BBB-4BDF-AD36-F9C917483C70} C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-2#immutable1 = "Customize settings for the display of languages, numbers, times, and dates." C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-45#immutable1 = "Make your computer easier to use." C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 0c0001008421de39080000000000 C:\Windows\explorer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6ACEE5BCB5AAEF44DA36C0EAE1E65601\SourceList C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-2#immutable1 = "Configure how speech recognition works on your computer." C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Rev = "0" C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B4441789B3CA19F428BC3F1598249C91 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\82E848312B7FD904D8C1A856D9F52CF3 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3004003BD8EA8AF4BA29A172FB0B7787\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "2" C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\052C172B5E5BFAD44839DC7903B939DF\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\830C280201691A34E905CEB94B484436\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\830C280201691A34E905CEB94B484436\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{2082C038-9610-43A1-9E50-EC9BB4844463}v1.0.60404.1\\packages\\guestautomation\\" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-101#immutable1 = "Recovery" C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B4441789B3CA19F428BC3F1598249C91\SourceList C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\31D8D6C9008BEFE4E8065BD67A867C8A\SourceList\Media\1 = ";" C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\052C172B5E5BFAD44839DC7903B939DF\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\EE480B7946545F44096225CAECC8BE6C C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\INSTALLER\DEPENDENCIES\{9871444B-AC3B-4F91-82CB-F3518942C919}\DEPENDENTS\{E0F4D7CD-597B-4CFD-907F-312A212FF4E8} C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B4441789B3CA19F428BC3F1598249C91\SourceList C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B4441789B3CA19F428BC3F1598249C91 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{9C6D8D13-B800-4EFE-8E60-B56DA768C7A8}\Dependents\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8} C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\830C280201691A34E905CEB94B484436\ProductName = "Microsoft Visual Studio Emulator for Android Guest Autiomation API" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\052C172B5E5BFAD44839DC7903B939DF\DeploymentFlags = "3" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\C886DFED543D28E49AA6A68F1861E49C C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3004003BD8EA8AF4BA29A172FB0B7787\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\052C172B5E5BFAD44839DC7903B939DF\InstanceType = "0" C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{CB5EECA6-AA5B-44FE-AD63-0CAE1E6E6510}\Dependents\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8} C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-4#immutable1 = "Device Manager" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-10#immutable1 = "Ease of Access Center" C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\31D8D6C9008BEFE4E8065BD67A867C8A\SourceList C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B4441789B3CA19F428BC3F1598249C91\Language = "1033" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6ACEE5BCB5AAEF44DA36C0EAE1E65601\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\31D8D6C9008BEFE4E8065BD67A867C8A\AdvertiseFlags = "388" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{9C6D8D13-B800-4EFE-8E60-B56DA768C7A8}\Dependents C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{2082C038-9610-43A1-9E50-EC9BB4844463}\DisplayName = "Microsoft Visual Studio Emulator for Android Guest Autiomation API" C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 24726.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\OptionalFeatures.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Users\Admin\Downloads\vs_emulatorsetup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1836 wrote to memory of 2668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 2668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 4300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 1308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 1308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 2028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 2028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 2028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 2028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 2028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 2028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 2028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 2028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 2028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 2028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 2028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 2028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 2028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 2028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 2028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 2028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 2028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 2028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 2028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 2028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://visualstudio.microsoft.com/tr/vs/msft-android-emulator/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa520046f8,0x7ffa52004708,0x7ffa52004718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,2213086960191886214,8301875232726952192,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,2213086960191886214,8301875232726952192,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,2213086960191886214,8301875232726952192,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2556 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,2213086960191886214,8301875232726952192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,2213086960191886214,8301875232726952192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,2213086960191886214,8301875232726952192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,2213086960191886214,8301875232726952192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,2213086960191886214,8301875232726952192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,2213086960191886214,8301875232726952192,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3296 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,2213086960191886214,8301875232726952192,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3296 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,2213086960191886214,8301875232726952192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1996,2213086960191886214,8301875232726952192,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5836 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1996,2213086960191886214,8301875232726952192,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6112 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,2213086960191886214,8301875232726952192,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,2213086960191886214,8301875232726952192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,2213086960191886214,8301875232726952192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,2213086960191886214,8301875232726952192,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6596 /prefetch:1

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1996,2213086960191886214,8301875232726952192,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6516 /prefetch:8

C:\Windows\system32\OptionalFeatures.exe

"C:\Windows\system32\OptionalFeatures.exe"

C:\Users\Admin\Downloads\vs_emulatorsetup.exe

"C:\Users\Admin\Downloads\vs_emulatorsetup.exe"

C:\Users\Admin\Downloads\vs_emulatorsetup.exe

"C:\Users\Admin\Downloads\vs_emulatorsetup.exe" -burn.unelevated BurnPipe.{46AF2C96-9807-438E-A121-663578445069} {6DEF3F68-FE3B-466E-BA04-AAE3F786A968} 2600

C:\Users\Admin\Downloads\vs_emulatorsetup.exe

"C:\Users\Admin\Downloads\vs_emulatorsetup.exe"

C:\Users\Admin\Downloads\vs_emulatorsetup.exe

"C:\Users\Admin\Downloads\vs_emulatorsetup.exe" -burn.unelevated BurnPipe.{21ABA022-9DA0-4BDB-BAD3-AB6E75B3B3B5} {9E505EE0-169E-4F9B-8732-068D1A1EA0C7} 1508

C:\Users\Admin\Downloads\vs_emulatorsetup.exe

"C:\Users\Admin\Downloads\vs_emulatorsetup.exe" -burn.unelevated BurnPipe.{13A48149-FE3F-4684-B96F-5B0B16E50294} {B3DA9FD9-97F4-4E45-8306-5BEB8D020505} 5712

C:\Users\Admin\Downloads\vs_emulatorsetup.exe

"C:\Users\Admin\Downloads\vs_emulatorsetup.exe"

C:\Users\Admin\Downloads\vs_emulatorsetup.exe

"C:\Users\Admin\Downloads\vs_emulatorsetup.exe"

C:\Users\Admin\Downloads\vs_emulatorsetup.exe

"C:\Users\Admin\Downloads\vs_emulatorsetup.exe" -burn.unelevated BurnPipe.{D21AB90C-B205-4805-A50F-1DBEEDC093AB} {9C320D8D-1467-4CAE-92A5-0960E2916A22} 4648

C:\Users\Admin\Downloads\vs_emulatorsetup.exe

"C:\Users\Admin\Downloads\vs_emulatorsetup.exe"

C:\Users\Admin\Downloads\vs_emulatorsetup.exe

"C:\Users\Admin\Downloads\vs_emulatorsetup.exe" -burn.unelevated BurnPipe.{788971E3-1ABA-44F7-8F49-BA4FA39A7F95} {A5971CF5-F551-47B6-A557-D6A3F4E73BD9} 3244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,2213086960191886214,8301875232726952192,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 /prefetch:2

C:\Users\Admin\Downloads\vs_emulatorsetup.exe

"C:\Users\Admin\Downloads\vs_emulatorsetup.exe"

C:\Users\Admin\Downloads\vs_emulatorsetup.exe

"C:\Users\Admin\Downloads\vs_emulatorsetup.exe" -burn.unelevated BurnPipe.{89BEDD2A-D542-440C-9A86-4811940E3054} {D5B9720E-3400-4CBA-9AAC-6280BDA7ABF9} 2712

C:\Users\Admin\Downloads\vs_emulatorsetup.exe

"C:\Users\Admin\Downloads\vs_emulatorsetup.exe"

C:\Users\Admin\Downloads\vs_emulatorsetup.exe

"C:\Users\Admin\Downloads\vs_emulatorsetup.exe" -burn.unelevated BurnPipe.{5BF77DBC-1552-40E9-B25E-6E62116C6E65} {38A922AC-6542-4647-A613-D34C85E5EAC3} 5496

C:\Users\Admin\Downloads\vs_emulatorsetup.exe

"C:\Users\Admin\Downloads\vs_emulatorsetup.exe"

C:\Users\Admin\Downloads\vs_emulatorsetup.exe

"C:\Users\Admin\Downloads\vs_emulatorsetup.exe" -burn.unelevated BurnPipe.{C86CCD4B-1604-48C9-A9EE-84F4A2C93CCC} {BD6AEB6D-226E-442F-A3C7-641E9F2D69F7} 2812

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 5BE045F9393B9B143794F745EF0840F9

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Windows\Installer\MSI60B0.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240869734 8 ManagedCustomActions!Microsoft.Xde.CustomAction.CustomActions.Is64BitOS

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Windows\Installer\MSI647B.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240870515 12 ManagedCustomActions!Microsoft.Xde.CustomAction.CustomActions.IsHardwareVirtualizationEnabled

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 2D91A79195C9B5C620CFD15D58818DEE E Global\MSI0000

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Windows\Installer\MSI6BB0.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240872437 18 ManagedCustomActions!Microsoft.Xde.CustomAction.CustomActions.EnableHyperV

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /C C:\Windows\System32\Dism.exe /online /Enable-Feature /FeatureName:Microsoft-Hyper-V /All /NoRestart

C:\Windows\System32\Dism.exe

C:\Windows\System32\Dism.exe /online /Enable-Feature /FeatureName:Microsoft-Hyper-V /All /NoRestart

C:\Users\Admin\AppData\Local\Temp\61A6F059-8144-4EF0-8745-1577687C5298\dismhost.exe

C:\Users\Admin\AppData\Local\Temp\61A6F059-8144-4EF0-8745-1577687C5298\dismhost.exe {27DAA930-C5FA-4145-AC52-A4644273AA92}

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 visualstudio.microsoft.com udp
GB 104.123.88.60:443 visualstudio.microsoft.com tcp
US 8.8.8.8:53 js.monitor.azure.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 13.107.253.64:443 wcpstatic.microsoft.com tcp
NL 104.99.233.127:443 www.microsoft.com tcp
US 8.8.8.8:53 200.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 60.88.123.104.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 13.107.253.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 13.107.253.64:443 wcpstatic.microsoft.com tcp
US 20.189.173.14:443 browser.events.data.microsoft.com tcp
NL 104.99.233.127:443 www.microsoft.com tcp
US 8.8.8.8:53 mem.gfx.ms udp
US 8.8.8.8:53 www.clarity.ms udp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.253.64:443 www.clarity.ms tcp
US 8.8.8.8:53 64.253.107.13.in-addr.arpa udp
US 8.8.8.8:53 127.233.99.104.in-addr.arpa udp
US 8.8.8.8:53 14.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 99.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 r.clarity.ms udp
US 20.119.174.243:443 r.clarity.ms tcp
US 8.8.8.8:53 app.vssps.visualstudio.com udp
US 13.107.42.18:443 app.vssps.visualstudio.com tcp
US 20.189.173.14:443 browser.events.data.microsoft.com tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 8.8.8.8:53 243.174.119.20.in-addr.arpa udp
US 8.8.8.8:53 18.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 acctcdn.msauth.net udp
US 8.8.8.8:53 logincdn.msftauth.net udp
US 8.8.8.8:53 acctcdn.msftauth.net udp
US 192.229.221.185:443 logincdn.msftauth.net tcp
US 152.199.21.175:443 acctcdn.msftauth.net tcp
US 13.107.253.64:443 acctcdn.msauth.net tcp
US 8.8.8.8:53 acctcdnmsftuswe2.azureedge.net udp
US 8.8.8.8:53 acctcdnvzeuno.azureedge.net udp
US 8.8.8.8:53 lgincdnmsftuswe2.azureedge.net udp
US 8.8.8.8:53 lgincdnvzeuno.azureedge.net udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 22.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 185.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 175.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 download.microsoft.com udp
GB 23.44.234.47:443 download.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 114.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 47.234.44.23.in-addr.arpa udp
US 20.119.174.243:443 r.clarity.ms tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 134.71.91.104.in-addr.arpa udp
US 20.119.174.243:443 r.clarity.ms tcp
US 8.8.8.8:53 181.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 r.clarity.ms udp
US 20.119.174.243:443 r.clarity.ms tcp
US 8.8.8.8:53 189.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 20.119.174.243:443 r.clarity.ms tcp
US 8.8.8.8:53 download.microsoft.com udp
GB 23.44.234.47:443 download.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 2.17.5.133:443 www.microsoft.com tcp
GB 23.44.234.47:443 download.microsoft.com tcp
US 8.8.8.8:53 133.5.17.2.in-addr.arpa udp
GB 2.17.5.133:443 www.microsoft.com tcp
GB 23.44.234.47:443 download.microsoft.com tcp
GB 2.17.5.133:443 www.microsoft.com tcp
GB 23.44.234.47:443 download.microsoft.com tcp
GB 2.17.5.133:443 www.microsoft.com tcp
GB 23.44.234.47:443 download.microsoft.com tcp
GB 2.17.5.133:443 www.microsoft.com tcp
GB 23.44.234.47:443 download.microsoft.com tcp
GB 2.17.5.133:443 www.microsoft.com tcp
GB 23.44.234.47:443 download.microsoft.com tcp
GB 2.17.5.133:443 www.microsoft.com tcp
US 8.8.8.8:53 download.microsoft.com udp
GB 23.44.234.47:443 download.microsoft.com tcp
US 20.119.174.243:443 r.clarity.ms tcp
US 8.8.8.8:53 www.microsoft.com udp
NL 104.80.229.162:443 www.microsoft.com tcp
US 8.8.8.8:53 162.229.80.104.in-addr.arpa udp
US 8.8.8.8:53 r.clarity.ms udp
US 20.119.174.243:443 r.clarity.ms tcp
US 8.8.8.8:53 download.microsoft.com udp
GB 23.44.234.47:443 download.microsoft.com tcp
US 8.8.8.8:53 r.clarity.ms udp
US 20.119.174.243:443 r.clarity.ms tcp
US 8.8.8.8:53 r.clarity.ms udp
US 20.119.174.243:443 r.clarity.ms tcp
US 8.8.8.8:53 visualstudio.microsoft.com udp
GB 104.123.88.60:443 visualstudio.microsoft.com tcp
US 20.119.174.243:443 r.clarity.ms tcp
US 8.8.8.8:53 152.141.79.40.in-addr.arpa udp
US 8.8.8.8:53 r.clarity.ms udp
US 20.119.174.243:443 r.clarity.ms tcp
US 8.8.8.8:53 r.clarity.ms udp
US 20.119.174.243:443 r.clarity.ms tcp
US 8.8.8.8:53 r.clarity.ms udp
US 20.119.174.243:443 r.clarity.ms tcp
US 8.8.8.8:53 r.clarity.ms udp
US 20.119.174.243:443 r.clarity.ms tcp
US 20.119.174.243:443 r.clarity.ms tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aa6f46176fbc19ccf3e361dc1135ece0
SHA1 cb1f8c693b88331e9513b77efe47be9e43c43b12
SHA256 2f5ba493c7c4192e9310cea3a96cfec4fd14c6285af6e3659627ab177e560819
SHA512 5d26fdffebeb1eb5adde9f7da19fe7069e364d3f68670013cb0cc3e2b40bf1fbcb9bdebbfe999747caf141c88ccd53bd4acf2074283e4bde46b8c28fbae296f5

\??\pipe\LOCAL\crashpad_1836_GPTPPFQBTKQINJKJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 1af9fbc1d4655baf2df9e8948103d616
SHA1 c58d5c208d0d5aab5b6979b64102b0086799b0bf
SHA256 e83daa7b2af963dbb884d82919710164e2337f0f9f5e5c56ee4b7129d160c135
SHA512 714d0ff527a8a24ec5d32a0a2b74e402ee933ea86e42d3e2fb5615c8345e6c09aa1c2ddf2dea53d71c5a666483a3b494b894326fea0cc1d8a06d3b32ec9397d3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 caef76ff4cf3dfbf09ea93e547dcc212
SHA1 fbfffa3ef6fc52e5513dddd1d4a711e38cb1ee13
SHA256 5d869933ae3fa7dd8d14ce8e4c29a39cf976ed68375353c145676372a17fd48f
SHA512 8a6b16f5867e81be789c7a632a2f3085fd099f401f103d74462a277b7410e13586707d8bf46a71181205658a43987428fe8d2e26b84414d4e4a9fdff8f78bb1e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 88b53c4ed7943ea7cd707a89d7f7478d
SHA1 0c839c290aee39074129dbe24ed377b2272f0c1f
SHA256 c182a190340e598e47f015a3473fd6ea753950fcf7ae61f1263cb489e2498053
SHA512 ed5fa38633104bb0bf1da871247d0865a712eef4cbc264d14e5b1c29679a47f794ecbdd64c2a84859af0d4f9529f93a04262f6899b0919a45bed24110d681377

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 96237c254e7efbd0b966d03ed1189bbb
SHA1 d92c41b7e6dcd872ba0f5cbec83cf7dd3d7cd3f4
SHA256 a862e5144ed3cebbaf3fc50f893d1e135f4af7e8b971b6ac2d52576be8f5789a
SHA512 ef8471345ba7db9f0b1022abf26a4272edf4c588e992767dbebf5de1242c08c9efaaa4ad2992d07e17b2939cc35dfedbe9f49a8e3c1c9d17c327c21a119412a5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\7763b064-585c-4bf1-887b-aaf5045c5612.tmp

MD5 7fa4962db60808d4040bd26740731faf
SHA1 8129d9cdac9c0115f3bd2a02fac3457bfe6d6ead
SHA256 b3c3e9ff4bc618d748ff4f0ff5b9efa9e747b7f0c7db2f0a3479b6746809f4fd
SHA512 4dace51445836720d80c497697e160c282c0d9acc3dda0d6fb34811abad76ee6f905ff4985f37f35121294d31ef8339ce1c6d7a2a7bc38b9263f432f70d292b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 da264fe52fe6f0a634be6a5d594a134f
SHA1 39216ead03e2edd9861d9981ae1fbb189dd8a988
SHA256 6509c3da5578e44324e7ac1032575cf891e9308648f130054de260db5a317799
SHA512 60fe86c6b4d582d7776b04b474f035f7b3c620a5608d945edf278fd02abbdf8a0e21870fe24db8217be2b78be604963eb3846e3d70e49112f7742780f4542180

C:\Users\Admin\Downloads\vs_emulatorsetup.exe

MD5 23ae84f1be90e91a2149fb6a7fd20ecf
SHA1 978eedbe5e97d3b355eb169bad68b90a073b2df8
SHA256 d4f83b62a3c09b7790c9fbea8ca9da9a5930e3f7b07a5620cec905d8f0131255
SHA512 50d42f94b8d6b8382bb2ccd54ff2a2a4ddd2f65bd03ea17f0645adce541371af1afb90645dd7d6e0aebb3484688bb5e506a3e2267072bcb3e14e690e9a1dafea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 4c935147f2f834b3b027bdc5337d2380
SHA1 9092dbaddae4d737ece6900d9328e1a74ed897e5
SHA256 498ed5d33420eec72f2667549c68f355a70d96c729d2a89e1fd58a3496e4d57a
SHA512 8d747f86d442370a49f3fc221e1262233d024ab2f30889e184dfc4ff406a95dae8a0e828baac22befac3dee0e49a424b5c1675d434f54ceae85b3ba76f96ba35

C:\Users\Admin\Downloads\vs_emulatorsetup.exe

MD5 815ae51ffa85fce475665eb3221aa6a2
SHA1 205df8ab8f1dab07ab4f57d270d74eef6bfc733d
SHA256 525f5cfa5a8a8bbb5e405db1eb9e6fdac4ab4794e3c5adf6537f17ad8eb0ad59
SHA512 8c91595d63650b6d24584537b7a7d4f6f51c91e90591d380f73a42c23b76aa5b802384252f443197c0984779f137691d07eccf3069d37a4a2d4a3fc21786ccec

C:\Users\Admin\Downloads\vs_emulatorsetup.exe

MD5 291e2a2ddc777efb064a2600e9e475b1
SHA1 3bc4b8a1eccbbda462dbaa3cf99dd5ab6dd6c9d9
SHA256 cb7d27ba809857e51ad5f79f7d4aa04949025a814814a810cad61cbaa676e1a7
SHA512 9890a783f20de729623624cecca55cf5a48c807962e76dda5b7707d5724c9a72d83f63eca9ad00b91394e2c0f4545adba0346d70defa53f5935a8b0d8cd25e6a

C:\Users\Admin\Downloads\vs_emulatorsetup.exe

MD5 c821483b88e1d56379647fe88cdda366
SHA1 13debf8fc7e3d62a2d0ef4f510ae4826496b5351
SHA256 ebd418222b6018b8d3e50377a75a79001d7debf516a2924bfe46f1d4ede52a48
SHA512 2c7cd01a013e6f4fb354cafd0a9e1eaeb35ca4c7060f41736ceebf1c44bc9f2be4dc220a8274875b6abf726b5134be2e0ef196b8d04e1dbaeadb174607148e43

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba1\mbahost.dll

MD5 b4222e6179984e6921671a07f5413a06
SHA1 d1a50060cf13ffe7fa7bf6e8b87ce125ba9a8d03
SHA256 85bb6b0b3d883799e4520c48d51374c1001c72694277800cc2cac7e5470c0158
SHA512 d163614fc0a07bb67cb1c9b19f97b3bbc962f3c9217b56bcf1ed617ef997235051fb7a1ad438068200fd93778eba11e8532849ad7d5e4906ce6f8b098803a4b9

memory/5292-285-0x00000000737E0000-0x0000000073D91000-memory.dmp

memory/5292-286-0x00000000737E0000-0x0000000073D91000-memory.dmp

memory/5292-287-0x0000000003AC0000-0x0000000003AD0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba1\BootstrapperCore.dll

MD5 e8438baa6ac4617827df66bf3b10bc9a
SHA1 862123c9457417b3025cc1394d42f493d3d48c0b
SHA256 9d871fadff97f152f1bebe775adc47056043141b91879dc832069c135f377edb
SHA512 9a5f7ae1a9425808d5d93b8a2c5380d695570c3cd6a790286a835a8578bbf75e8998b4be3da6633e5ff3ac9c658780d72efbe0cb0bdf25a0820e02ac4a75c525

memory/5292-288-0x0000000003AC0000-0x0000000003AD0000-memory.dmp

C:\Users\Admin\Downloads\vs_emulatorsetup.exe

MD5 fcbc7abb4d8e61ef7e06b45831822788
SHA1 7938f072952bd64f4693890e93f16cba8a84083b
SHA256 1afa8028b450d9bd6d301bc8786e38747eec08e29faafce6ed1bc50026791e46
SHA512 f63a5f4038d0f52d86a4a11c55dd9bea137d7fa51e907b145244529d0189075cc1298b278311947da4049476588c87f6792682935d48da25e8535fd913d5e450

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba1\BootstrapperCore.config

MD5 54c2e183cf3a6991b985121d77e1f3db
SHA1 7e790e3b1759000eb33502fe62beb78f2fb34ec5
SHA256 b959e20c9f817b406b84ff7de06ac881471c9b8672e7e2666e948dc01f84c5f4
SHA512 a1f7dc38a0c17acc76874c18e839ba017993dcb4fbbbaf553e97477a4f32f5aae58aae08de640de663ec7a424e034e7690b2c0125d05fd53826450bbb631798c

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba1\ManagedUx.dll

MD5 f6aa661ef3e209f70d8b89e605194fb5
SHA1 ca20ab3d4352bed80f46dbefacbfc256775b3325
SHA256 5b1ae26b772f951d46251315ce597bcd19e7aee84a1a13eb9d4df1432fa6d0ad
SHA512 991a1f3ccf5bbf7bf8110bf2eb6558998419fc6876c84741c04b1bdf1da176ab4dded7c170e6d7d65a17acb3f9480cd3db967b4fce64fcac68be947379df28d0

C:\Users\Admin\Downloads\vs_emulatorsetup.exe

MD5 cedeb86016e58c4d93f03b11dec21524
SHA1 6e4a832186ca7f35fdd735f010366e3004f36098
SHA256 3c622de79d8704d8df31265e0c60f7d230454ff2f199f2b0f5a2674aff3f7680
SHA512 53d214a60d9564e561093d30e5e45a5fa5709ed24007ee456a078db8ed7b1179f57183df095efcfea5bcb2425abbca9259ab26a38304ce5e000426722429844c

C:\Users\Admin\Downloads\vs_emulatorsetup.exe

MD5 f7ed41d32b7cfd15418e6646cfaf2708
SHA1 b77c5cbcbcfcf96d3a998f01c8bca00845d39ba3
SHA256 266842cbbe14fb6ed9cf1c3943f0f3f6c442097cb6d36c8ffcf88408cc45dfed
SHA512 aaec1849bed3081eb985e484f8f175eaf526795792b1a721b4e9fb3274686aa51aa2b6c7ceb05d9f68595854f2c4dde906cd3007f755886ccaf6cb7fe54d14c2

C:\Users\Admin\Downloads\vs_emulatorsetup.exe

MD5 850d3763765481366e0b7120faeaf6ed
SHA1 4d35dd88ccbbd80eb3e6032f339c5e2368e3098a
SHA256 99d7f2ac9259bdfc3c093c26948f5a8c0d0783c38a12ef728087232f780f1528
SHA512 70247ca4846e42fab6bf923bd578efb37daa0b2cd7a658031d7b9479f56c037368870d2b3045faf35b71b978e82b7d38d3ba59897ad2fd70e1343ba9a94da088

memory/5292-345-0x0000000003AC0000-0x0000000003AD0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba2\ManagedUx.dll

MD5 b0c751f7e9d63164892e5c2c849355c5
SHA1 2e633dd098807b7f7a7178840905690315864d00
SHA256 fdad73de75ebe0123a4b6246e3f6adc6a7fe35d8d47cd54815d5b5004ec76f8d
SHA512 0b3ed3254a5e97e5b03177198c6838bb9b666fd9b6860ce29f12ff4969f37043509222a97899bbb91ea278ad9c4b4c8756ba5ed591c21b9038bab64c3ec84625

memory/5696-477-0x00000000033F0000-0x0000000003400000-memory.dmp

memory/5696-474-0x00000000737E0000-0x0000000073D91000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba2\BootstrapperApplicationData.xml

MD5 0f3baf790478aa7a6d50f2545b42618b
SHA1 e621861e6879c7ec7639962ad32784e21e51b9b0
SHA256 d10ce8137f569a4b4ea0a0a42adc616a1a92242d2ba56b7864c401c307ca1e6c
SHA512 e52c57887f3e66c8b64ba4221509193c562824c04b8f31b70626e0e27e5cc85dfab78bcbb99252a6ca29da54a9aabd9c72a18da46f6ed0b0acb46241985555de

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba2\LocalizableStrings.xml

MD5 175cedb813c6b7c67f3242a05b2600d8
SHA1 bf882a6939e8a16d8734f1645008ed05cb34935e
SHA256 4c44e26cbf164bac13139e0ef9b62419ab6f1c757210b09dad4cfad1289e698e
SHA512 b0404e8827346dd9fd2fd3bbf8b8802acad327d5680a2392c57dfcdc0e376c6bf246ac7cac2d9912c0e2c08977067d3bd97650526d0f1bb5c643bda8f75d52d0

memory/5696-487-0x00000000033F0000-0x0000000003400000-memory.dmp

memory/5696-485-0x00000000737E0000-0x0000000073D91000-memory.dmp

memory/5696-488-0x00000000033F0000-0x0000000003400000-memory.dmp

memory/5696-493-0x00000000033F0000-0x0000000003400000-memory.dmp

memory/5680-496-0x0000000003DC0000-0x0000000003DD0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba1\Microsoft.VisualStudio.Telemetry.Net35.dll

MD5 8e333c5da1b51473f9749e70dc6333a6
SHA1 554a295db6a3f8627f227a37d36df6f7d69971e6
SHA256 8f787c3516b71809ad460b682fa551d3432c80cbb2f6504ce1442c903fb42017
SHA512 31007554f1a3978dff5553af6d2f149902e855e456cb89adb7d7aed5929b429eac70ec97fa4e258d7f77f8d448a333fb11851ef5bed8ecdd46daf4cd11f459aa

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba1\Microsoft.VisualStudio.Telemetry.Net35.dll

MD5 2e540b0ecca27c9474c87a07820262fd
SHA1 18538f95e0ae7aedefc18a1a7492803f27fb6f61
SHA256 b8aee3fee5729f722bb3398ecaf59dc9d948d2a29e1301701800646ab5daee09
SHA512 99f7f9766d57d71119d201ef115f26986ef468ddb556fa93fd1652b6480504aced05d6811614c1f9ccac72351ac9df7142ea779ceabe0685e1076f1a267631f7

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba1\Microsoft.VisualStudio.Telemetry.Net35.dll

MD5 bcb25a9567fedbf95ffe34d4ffe86af9
SHA1 d068522a011c509f05304ef632c77ead1a2fa097
SHA256 a0b7795eb85ddc2caee84697331b30b654fdf577c918207d8ca9f23769ab2b88
SHA512 2eb85a3ef00d9d3d40d50b54595a0288d2dfbcba6124908a5cf8518eafb632780e8dd66ae1f9447d1f33bd43abc96b138297c6e8cd046b16a8ecc965dd79c1b0

memory/5680-513-0x00000000737E0000-0x0000000073D91000-memory.dmp

memory/5680-518-0x0000000003DC0000-0x0000000003DD0000-memory.dmp

memory/5680-527-0x0000000003DC0000-0x0000000003DD0000-memory.dmp

memory/5696-528-0x00000000033F0000-0x0000000003400000-memory.dmp

memory/5680-529-0x00000000737E0000-0x0000000073D91000-memory.dmp

memory/5680-533-0x0000000003DC0000-0x0000000003DD0000-memory.dmp

memory/5680-531-0x0000000003DC0000-0x0000000003DD0000-memory.dmp

C:\Users\Admin\Downloads\vs_emulatorsetup.exe

MD5 ea1282a4ad688a5f64c405b21d600661
SHA1 5c5bcf6b5e61bc04471fa74de9a8ec09c967a795
SHA256 9e05700bfe69bdf373dd8af91001a8855620d28ab70988c0ed1544c097058fb0
SHA512 383dc2a11998f237a07dd915b507af463a63a2433f8e25c930567ea02c3ad1e475c598ea6a01325b13cf0529eb0e3b30ac7665b5ea410ea518f62357e4ec7720

memory/5696-545-0x00000000033F0000-0x0000000003400000-memory.dmp

C:\Users\Admin\Downloads\vs_emulatorsetup.exe

MD5 83c93f912ea7dfce5c3a5bcf4247d781
SHA1 a33e134730a9b7d78b01a9ed60e75a5948e13c5f
SHA256 ccfc2e7d8e2de19394d709bc3712b661268c3ddf879429cd8e3efc1e3415b602
SHA512 f5a2eb5fb28e1c9df6ff28c174855de0d27fe980088c94607323fe0702ed5da1269641f6186dec55c4a35fa47406511736721d8c12062649806bf92f121d0371

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba4\BootstrapperCore.config

MD5 da13b878a13102d71462c0b910935e47
SHA1 d1117740f7964aad49068e5c41ffe08303bc3ca5
SHA256 8988312a0316edfb5b5dff7c86f66c1e9141a768727d0b7eb651e20aa851bb2f
SHA512 ab359c23d28e5c75d724a0f14a821dcdbd6c5e94710b5d04d1077762db6c4b13e12c38ad4afdcd1d621848bdb3df784737f1eb4d7f44e98c8bf9a0ab26fd6437

memory/5292-629-0x00000000737E0000-0x0000000073D91000-memory.dmp

memory/5680-630-0x0000000003DC0000-0x0000000003DD0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\1036\mbapreq.wxl

MD5 c3b54df5ec1503888abf1d4153c0a789
SHA1 10ff40e981f898401db1828d9c6879d9f0d1e793
SHA256 c5f1d0966ef658437b9c47056c01b479a988339593c7416a4e5a35417d44e7ab
SHA512 0fa136bc0c42a657192dd3ddc0c406d6457028f3b44fd2e6f2cfb554e5fc71e391a387de85fad78595f0ae8e04d4c3655222a3c016b19de95f94b8979dd728a8

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\1032\mbapreq.wxl

MD5 9c21e76357218d33613174538eea4120
SHA1 a117893b9732905cb8de90648ce91dad20c6be40
SHA256 166801eff4a826bf1b50cd24c0be4b51717cc2b00f793fbc8cd8ab4b9ad6730b
SHA512 ac115d3323cbdd51dfe0fa0e65cecef30a0777b8a287a27a7d57ae3234e9940c7bafc1a86b6034775fe58988060f7888f7d34bc1b0d794d308739047b1792e12

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\1051\mbapreq.wxl

MD5 d4146ac0ae133acab276bf9f9b70915f
SHA1 558a01a85aa292fe47a48c56137cb65c1eab95b1
SHA256 f944fe7d8473ed6a0b0560a52204199a364b0542d25a2a5dcf85dda66763620a
SHA512 95e717a39e25e6f48f61064ef52c3494a2cb7e565d438d7ba4e7a1afeee53682e260939be02c8e23ea52b843d346290d8a063beeb899a30726d6b01ba6635e2b

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\ko\Microsoft.VS.PlatformInstaller.DynamicFeed.resources.dll

MD5 ddf4776e8cb674ee54db2ed4133cb6ab
SHA1 31a95d57c55b65d894894c67b57ab0dc5972f89f
SHA256 a7ba02ba2b823865d0f843f2caacc2eec9ad063411120c141aa4acce922754e2
SHA512 b7ff467a18dc52c01174799c77194b8b654ae6ce64730ca9d3d34a0f6b1b643ece49ea2ed0eaded72a783e92b90e4ad58ca0255af4486f5f94de19339da0fd25

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\1042\LocalizableStrings.xml

MD5 0ee10a7918949d1375c45f98f04ec348
SHA1 c8c42064fc88b6cb409b8dece8b2c4efd2f7cf17
SHA256 440b3abb9537d808ec88ec0a7a283c09eff35564bafaa18ae0bcb16d1e4caf52
SHA512 f5a3eefac9266dad396cb4de29ad8a5bb18fe670ac427bd9f9d615f4e5de7431a735a6b2636b61496eecf4e3f135a367670edc931e31cc928624bd78d9a44900

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\mbapreq.thm

MD5 a20778ec90a094a62a6c3a6ab2a6dc7d
SHA1 74c131b5fd80446ffdf2afad723762dd36621309
SHA256 f8c3a03f47f0b9b3c20f0522a2481da28c77fecdbb302f8dd8fbed87758cbaea
SHA512 47f34a9f416d223dcbf071e7292a05554af3d27cde67fc8c161c1bed564c6e7fc448c2f482e05f33149c782e09c681bd65730ca00cf9ec68b284128214b75529

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\ja\Microsoft.VS.PlatformInstaller.DynamicFeed.resources.dll

MD5 7fd75cb2c5e0f048c951867562ba8692
SHA1 adc918df96272bae51e0a75f2586c213c16269be
SHA256 46fff1ccd12036048b2aa6961c6b1c79050e528a37e980859750fc92a68f2ce7
SHA512 fe0e97ccfafd5e1172d99827b3a515f5f6e1ebfaa1e195a863ad47c33208bb259078452edf3ccae12d80d16f9f90005c23d853360bc1dccd4350ac96d50089de

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\1041\LocalizableStrings.xml

MD5 96fc3772473a105b3d934765fe37c438
SHA1 09297d229b60726afefc031a0b9eb9c4d9155e3f
SHA256 31e11cd3d32ee438f2a6d52dac62bbdca69a76ff3571295af0348846e142d685
SHA512 4c5a8ae3cc31c1366d2dec6986a41ebbcbd66a9bac5ba06a3a9b87c5c886ad870f9e9d322356bd630eb4bc240190ffdbb6a70205cc1ed928c1da8744f8bc5fe3

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\it\Microsoft.VS.PlatformInstaller.DynamicFeed.resources.dll

MD5 d411a0b90698ac255e9dc64a45e00aa7
SHA1 5253067c4d2c34813e4c054faf0f59e274fc2552
SHA256 68dedce1a5d2d8539489ebf2e568232dbcf3f7bdca68c87e85fc5c051d84c52f
SHA512 8880b54595ee3090bfe66cee526c09666bc07ec410a2417637e65655f1b86be56e0c8005b54a70230d2a8aa98a9fa4cf3307fe8aa6976d7a327b4b4b4a8a7245

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\1040\LocalizableStrings.xml

MD5 1e090fa63d879c9a9736b25c8b074428
SHA1 07533254f645b9f600227877f680c73e17a9402e
SHA256 094dfe0ab68a628c0ea6244c39cfa2e7dd3f80f10366c5a22052c72f7431fdbe
SHA512 2553fb6e5dd9d6e37eb3295adab8bc619096b5186b6df251dc32d7970939a256abbeb8568189ab03cd50570c2199acfc7b94e28915e3580c49bdb113c6d03067

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\fr\Microsoft.VS.PlatformInstaller.DynamicFeed.resources.dll

MD5 029d274117c176d2bddd0ada83d491d5
SHA1 97f66499f225e973d7e1c36d9d66d4f12248108b
SHA256 6198aff992d3e64246e54157fd532488e1bc95493beb9f12e7f8b5e71c2aa190
SHA512 3afde2077aa4d73b914e0c14f9e1d9c07cd21fe784428794de893f78e65a03b6ca96a9cd2651b96cf9bbd07381c0df686bbf1988578428e331b8f5f9b8b7a5f5

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\1036\LocalizableStrings.xml

MD5 60a9aaabfc5558b7c02735ae09370387
SHA1 67529fb91dc2e9ca9891313f25772baf04543823
SHA256 f743aa8073b7006a54a334bb1426ebc9338b6d32c029c3edb649f5e7eb963193
SHA512 60d6c7bc3e99707a4e4640f07a0754a3160e4dba8e1d5aed2ba362bf7fc02aea822ffbadd671cac8bbf6cd17a881f45b65052b466ff7ac2c8a307ca3896aca04

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\es\Microsoft.VS.PlatformInstaller.DynamicFeed.resources.dll

MD5 693858c8746bff9a57444424597fac37
SHA1 4f959bf2eb1c3b7731a70a6b7b10923e17e291a6
SHA256 124cbe17c7116d844cf8c54032d6dc4f9ae17f78dcfa82d08df16826dc8f54a0
SHA512 9e4defb4cb5ffe7e21eff8044d90e55657672dc2aed24141e2ee48859fe5abc9d07c146cb0ca1c1141e997b0869365b2d9ddd3a8006bf5487a1cd3769efd8936

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\3082\LocalizableStrings.xml

MD5 71ed168b108a29574898c26da3bff16d
SHA1 d6e6880fd2e37c2dc30cbdf996e5de219ebc17a5
SHA256 3e864b647b9aaad21495afe6e55e5cf983a547d1f137c2fccc481689bf7e904f
SHA512 bc33994247b95608c4836dc4c7a40ff6fba9f3c4f72a35d860d4c30391eca2a6d3031b78b8e928be9d76b282a734ff15f5c87f6d03e2a7351abfdac638d5dc40

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\de\Microsoft.VS.PlatformInstaller.DynamicFeed.resources.dll

MD5 dbbabeeb91acfdf2b166b05023249e2c
SHA1 70ee04f4183a28263f018f20edaf40201d971809
SHA256 d3de9c1c8bd6730cca449606e3f6e8b168b17c75e3debf8a6040454b20d87679
SHA512 41a484f8951268f6378ee44d0fb5807d86a1ca1c7d5c93d2e353f6d217fbb096d16402ee5b166e7bdce31be772cd3eb6f74e07ee93b475ef32587ee20e10632b

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\1031\LocalizableStrings.xml

MD5 eeec541c9f781f91d9963c7678138b74
SHA1 4d15fc91731a6ff78c207a66937bd1dc8cddb0aa
SHA256 dc2ea0c6c833c145e0ffdd7ab4843e2b6da940eebd6df04ce845fb8e75e7fce6
SHA512 e18b98a1e121c6f455ba84edff89ecbb1e5c247256c5ba1dfd009aed9b7b09fe0cabac59b7fa631fdc19c73a649a704d97a81c1fd29bb07406561dd7cf4e1a5e

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\cs\Microsoft.VS.PlatformInstaller.DynamicFeed.resources.dll

MD5 cddc7fae31c708ae76831d364531cff1
SHA1 9b21aa040b233f0d2d6a66d434c2ffdf169ffd15
SHA256 0ec8fa76f7e705a160236e4a369030e2f55654d3928ee93c00e50f03c6d89b9c
SHA512 138b172c88240f9b7bd4b9e45a11c486436fb3ee5a56fae47af3c3e9aeb66dea17e961c53bbf3c9175dd7c1da9dd5f7f1cf7c073711b19b7da7ec55ae08b1c9e

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\1029\LocalizableStrings.xml

MD5 6c6bfd00f88ddaaf385bc76986d4f9ab
SHA1 dd2a06de5f635af420552f307d443b02867bf234
SHA256 b997878963869b8f066ebde8559e98c0782342513e9d228f85615f80d7c21f63
SHA512 4cd13048e1f039733ce0fb580a9a21751306f7c2b67ee8cae0ae8a9557f64a3993b0e016e590e2de0d0fb1ca5c7e978717b3d93a8dba280323565fb63cf9db85

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\zh-CHT\Microsoft.VS.PlatformInstaller.DynamicFeed.resources.dll

MD5 7f542be3e988495525ddf56ce91472f6
SHA1 8d8432be79e40a9cc0baf30297e04894a76702f3
SHA256 27ff2cea0b687c8ce15177a788c8a9518a2aa872b4d9412cd7b6a40c9fe599c2
SHA512 6636372c8cf20edead5abc70272d4bd90a01d90f6d3c35f3a248a6b90f758b2315a5f83b80cdf8c0de38d8bf22a82c6a9cd8f1a9b2453fbd559991a808daf666

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\1028\LocalizableStrings.xml

MD5 3114c5ede44db2abc6bdfc92a96f85a1
SHA1 aeea761782b883fb7d35dfa4d64002b3a61d90dc
SHA256 cad7fb1daa02d4a7ca6ea69494f5cca5e944d5a0e9630531aeb75a2f8fccfcdd
SHA512 bc9762a95c75e60290b0ce50e9907d38bddb307aed60928859162c07390fe1201649744e83ed697350aff0de7c424ad97e64052c3029c78edda9c0c51c4440fe

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\zh-CHS\Microsoft.VS.PlatformInstaller.DynamicFeed.resources.dll

MD5 ed25e90ad08031d8df5ddc02897e2828
SHA1 82b1ac05b11f068d3b1bbd1df8f97fb8d315fe91
SHA256 647245d812e7f063be578a764ac284ea7ec15e827fdb6f935c3273119924dc0c
SHA512 20f5c29877bc72003ea8fa06527ab07483b05f503ecd21259cb41ba0ad2c892773d11a460ad041c1459a5c87627d895ac418b8bc49fa80cf6acfa45ce674566a

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\2052\LocalizableStrings.xml

MD5 57941e6eff00f7c51d2b8c588dfc7025
SHA1 d7f3f9c8bca8ef5355152b0fd975b29db031b5d3
SHA256 88c79a003130877436772d6e6a51f8230a035310975ee933ac339597c140587a
SHA512 28018f5e29711ad74912e986284f9a2e4657a2672d88c59e5c0fb3e8d0d0d501e9e2de57bce558dd8401a193b07d627f951403c050cf5c2fc4fa0e51a6340286

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\Microsoft.Diagnostics.Tracing.EventSource.dll

MD5 a45fddd1104786ad49a1165f19a340c6
SHA1 f42c62bf35549eb9e68f4fcb2cfe259a792762cc
SHA256 b443d6f13beed82c92b907ef2c2b8baeda342825bb132ecc1a3948c05aa1888b
SHA512 1a544b7a079fd1e9d446fba2897268e3eefe2a9d608a26ffe8275a8588097e2dd8bad08950990dbb31794f45afd52765357c396de990881a640b0acbc405ecae

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\Microsoft.ApplicationInsights.PersistenceChannel.dll

MD5 24c27a7f7881f0f7bfb5e6fe69d71c5a
SHA1 3c42d4f2b49a48575df24f4fa599a992657cbad5
SHA256 6e5f1e6ef755bdc6d85c9884e3afc2122a178fb0d83d9de408ffa658f1e25c65
SHA512 d3c32572a26ed465226f99a072ab7b512612394f00fb3be46a3aa46cd08e15a4bb3fdc7b48a1d25abd467d58b6cd2a1835b058a3b68704b2f3f1ec8a4f440c85

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\Microsoft.ApplicationInsights.dll

MD5 c49aec6e047ee59a2be61d40adb5c01b
SHA1 039bdcf8b282a5bdff17cf6de8ff5e3dc6d49f4d
SHA256 391cba0e22350ef634f260cf3103dd5e1b7170fe21a210c8a5decf506a4c4e30
SHA512 7cc60bd84eccedbbebb585119e9921db0e3890869378c3c03a9e34cf6504020afc5635b49253e6558aa5ad91cbc580528761c4288777d12ba6472e9c2018b8de

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\Newtonsoft.Json.dll

MD5 647c9f0c019378356681192257ad8016
SHA1 067e526529a4796fc8e4ec1be538d99a771f9b6b
SHA256 8cab8a4c8998d9c57bf146a38976af1247ca8c2056a5410d18e57ed234de397e
SHA512 189618f9ef051adba77e23e36c7334b8e7de8cce4fc8fffa9fbbbb4bf4f0542bf2876d39b46d95dac066ccf5c944d5e99f09a28ea93568b15c2d08d4ed1eef38

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\System.Threading.dll

MD5 f5ee17938d7c545bf62ad955803661c7
SHA1 dd0647d250539f1ec580737de102e2515558f422
SHA256 8a791af9e3861e231662b657098a823b21a084cbb6a4901d6ccf363405849a78
SHA512 669a89ad811cda4f3ff4aa318aa03e26e4cb41ea22bc321bad02a671273d867cbd223a64bb30da592a5484a9f1cec77c96f5bf63b1fe586b6d3688b8c9da530c

memory/5292-670-0x0000000003AC0000-0x0000000003AD0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\Microsoft.VisualStudio.RemoteControl.Net35.dll

MD5 f87e1c9e6365c0212f5fa8e0e0fedb02
SHA1 48aa9a00e4319c518da5c7e60f7b371ed177df79
SHA256 b00040cddf3e63b221ea5b775664853efcd1e754e03229a5c35ec2d112cfc1ae
SHA512 ba51609dfb3caafd33bbad2cbc6a71032dc8b5e4c50164e4c92df939e3fcb31177e5157a3a3c7009539818c5a564cfc573d0bc884272986c5ea81a36d860be32

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\sqmapi.dll

MD5 6404765deb80c2d8986f60dce505915b
SHA1 e40e18837c7d3e5f379c4faef19733d81367e98f
SHA256 b236253e9ecb1e377643ae5f91c0a429b91c9b30cca1751a7bc4403ea6d94120
SHA512 a5ff302f38020b31525111206d2f5db2d6a9828c70ef0b485f660f122a30ce7028b5a160dd5f5fbcccb5b59698c8df7f2e15fdf19619c82f4dec8d901b7548ba

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\HighContrastThemes.xaml

MD5 f1c936f4a46f1d9b8a3917b4ea377feb
SHA1 0de0d1e48c60410a009d5dcdc7d495c51aa57d22
SHA256 9224832eb6f03fd6002683534716a5684e632516347dbb228404d086e37d3ef7
SHA512 24a8e9c74ee7a0919c23bdf28f58be0eab6f8e732dc4f850410ed03ba00232288c4a0a953e7ea7f7f1ca623a8722dc76549935ccd3e7f988f0e831c168a4c26b

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\Microsoft.VS.PlatformInstaller.DynamicFeed.dll

MD5 4e02bb00b6c1f306a006351312ef7358
SHA1 8c65c25ad8a31a8ed049d86aa610427625d24310
SHA256 2f9ccaeff04db4d133ea08387ed3918c25b8328661b0bf5277d19d0e0dace55c
SHA512 ee7fc8d89e8f93618e208564c2c04dfa3c895fd35983bafb7ef47ff72f0e0c714de35d91c0ca93010e3fb5dbffec61e105dbda42086f17138c7ca3272d60418e

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\3082\mbapreq.wxl

MD5 6fcbb73c04bebbe421824e18b9665609
SHA1 7cd9123644bb2b47513ada752b1c4559f25935ab
SHA256 bdf44a835be92644bbcf1e7e3302ab7284ce5508fe614d4b7218b4608efca220
SHA512 f82eb7a1c4aa6c2c5cb714e108d640adf914b232e66ca37374dbaf4e0ba371377759c44d46a1fa88d2305a653fa231b2bbb61056b4766caa0161733f5ac0964f

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\2070\mbapreq.wxl

MD5 a71ae7998b25da159a1423e7b302c2df
SHA1 8f319f7d1df37f2cedb3d090a808ecdd5a9e07d2
SHA256 be8e22b102a9a21ae392d5e381eeab13910a2d70f8f0b1fcc3683629b336439c
SHA512 d50634f96e1295a8b0a4e26bf86bce71c28f35fbc1a7f35463cc17d2467f4c2c61be21af595bc88dafc741c4f355fa4444a20392ed87cd3d13215a112e5980e0

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\2052\mbapreq.wxl

MD5 1aa634ddfb2b46c72b9fa7f59ca2f533
SHA1 9fa8179f80b8dff0489f23d85bff25e18c8b330d
SHA256 ff8b6c6ba9a5c1806b4540158c01a87a5cd1830359020141af4e174c55f20b81
SHA512 63743dcf0f1355786c66e5dbe5eef4b70e80bf1edb82ab28bf0eb748ecb1c049906b64273f6095f3eae396ae2da84cf6c2e4a017a894c6b9af8b12c07196024b

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\1060\mbapreq.wxl

MD5 fb797985dbd06b555a8ab8e43a0dd8e9
SHA1 09c2b01128be23ce247798618e04057f83537d3a
SHA256 8e069b1722a4fc499c545a6cc0827d83b017ef6adfc59b8d06da501eb0a3bffe
SHA512 f84741b77b16e1c27236759c680970b130e7d77462cc087abfbf5fe4250d40e549e382aac5cbff2c37d925360e2fafd8463650cf5456d06038dac8fb935a934d

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\1049\mbapreq.wxl

MD5 de00c27af7c2a65a128e52bb0c86d996
SHA1 6cc1d073ecb292190f3e00f5063aaea43f9e32cb
SHA256 d47a140dcd36d438d5c72b5ff1725dbfabe09bd4214f553ed52df9a4d2bd6c37
SHA512 2118b362d0fb720af1c6a7715f3e5f064502a7d00b7a0767d573cdda12374eec0e40b15f643f9ee26ce4300c756fd5739bf909b4d2790657f9361baa866b6eec

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\1053\mbapreq.wxl

MD5 ccd806e21aad31e3083e8e611d60f672
SHA1 7aeafcb5de18d0dc568f3b60033d5008e43e956c
SHA256 a17d2de5cc82a44c8d69013cedffe05a20b24af1d5e46d30bf54fd5306d7c972
SHA512 a551f4bb48527513218b76ae31da76be81f1d1523a8524847833fd56b35080b95a9e613071e07ee91ac08a426765159b9849e98eda6bc95209ae3c5cb33bf4df

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\1040\mbapreq.wxl

MD5 f7aba1307da91170e6e130e4f4b7e78c
SHA1 481eb0bd170bc778f97ec6a96e45722711f3500e
SHA256 ad4cf22947472ffd62f5e854bc3c0f6cf3439cc2c321c2bd3a1a2a6e167a53f6
SHA512 9d3740c9996309f4a703329d7c992035309e8562e6bc687eeac738b12a57d13d05f6aa4ba456f99068b5c7ae88dc5fb2b9d2b946bb389dfb8a3896f37b8ca47e

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\1045\LocalizableStrings.xml

MD5 49ef6c2c7526d8ac5daccaa9f4782177
SHA1 e96925841a0b6ceb7771a22172194a75950e6f2b
SHA256 38b26acdb121264e1537d4c4160b58d8f3f144a16fa6628638f90e4f92993281
SHA512 82ee45bd9139d74a7ab93b879a866b6efda560023677ca395da9a20d849e45287b161ca23b9eb77414acbf4f00474752305a0f8ed0b2fa137fa8392e2a131533

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\1046\mbapreq.wxl

MD5 f96b3463b3d35f1f169238c737a62897
SHA1 ee8784b08de3e4353d3dcd7ce7e87089169d017d
SHA256 ebc2bf04a4f378aea26e5cb9f4ad334f3713dc36a4a98056e8384c87a33cda4d
SHA512 d3e1184d85b5fe423c1c92bdcab64dd896ae465fbfe10c03a1aa929c0d219cd9a2af128e2767c135be9bf99f1736a46f705fefe3b6c3bdf0075cb1b7eb3dd463

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\1031\mbapreq.wxl

MD5 2a45abdb37643f7a9f1f3bd1fc54e219
SHA1 152c32ac92df40a3617b7f4066046659a02e730f
SHA256 9ff48acb76f4ebe9274de0499c4043c7e81c08edb9124dcadb1785f1705c8558
SHA512 765db0b7258b8379a7ea42c3e5fc1119d408d039c9cc79441c27f48224da4bc08a914ab45be05c9121e0708e1a1a90df3689f6ed2e6518ef247b42d3cd3dfc9d

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\1029\mbapreq.wxl

MD5 919854d3a8415386d0da32df164bd5fc
SHA1 68ee641e22bdb46b7f311c90a65190a15ab466f4
SHA256 ae9f8e1a8856b18bacf51a7d9b949af6ae7bef4631479709b8aaac17dd0410b1
SHA512 80f0dec696c460f7f93918963dce733650ee1224653cc54b45abe5dace3cce77c9c10365c45936ac7cad36e3a9a85e3249e4b5dd7f6fe432b18b4fec97956c62

memory/5324-714-0x00000000737E0000-0x0000000073D91000-memory.dmp

memory/5324-716-0x0000000003410000-0x0000000003420000-memory.dmp

memory/5324-719-0x0000000003410000-0x0000000003420000-memory.dmp

memory/5324-720-0x0000000003410000-0x0000000003420000-memory.dmp

memory/5324-718-0x00000000737E0000-0x0000000073D91000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\mbapreq.png

MD5 a356956fd269567b8f4612a33802637b
SHA1 75ae41181581fd6376ca9ca88147011e48bf9a30
SHA256 a401a225addaf89110b4b0f6e8cf94779e7c0640bcdd2d670ffcf05aab0dad03
SHA512 a0f7836aefa1747f481c116f6b085f503b5c09b3a1dd97cd2189f7ce4e6e7ea98f1f66503cba2e6a83e873248cc7507328710dfa670aa5763df8aedcc560285e

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\HighContrastSkuResources.xaml

MD5 0e25bd5863b57a4f15200da48b7abda2
SHA1 eb4740a731e03e1c35626a86326191643250ae5c
SHA256 a8f2e3b24e5563b0cf6b08a4639d39e91e80f627d84c25fec48aba1defb0ec14
SHA512 3151bc22f0fccf20be915635c4f49f64337a8977b6785ac8f6cfab269bb50283080fa5d465d969e1468d4c1ca95281df2c18b2e5ecc3b62b5177fabefb5f9681

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\SkuResources.xaml

MD5 a35ffdc62a607a4ea0b58c21af594d00
SHA1 098a2ec2170e833470fde4dcf3aea44ae3ad3ca2
SHA256 b1de715b3ed3ce17c47268a6661f3dc8c9ed729ca503dc673170e6aa6e032719
SHA512 4ffe05ceedda2742531cd56e45bd0946e3048e0c0b7b27e50fb462ea48f5b98fbbfd449b42f07fa049856f6265e748f5976823a90e8d90a2db3a95a8edf3411f

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\Themes.xaml

MD5 633f4b3988578aa51625a54933080b00
SHA1 bf0d938d2aaa62c93793ef155c6c7c776fa823fe
SHA256 b39bc57ff669216ed23edfbcd57f6055fcd232e7e015b4eff27cf61361c93aef
SHA512 3d8237d8a513a2303386f8a644480f75026b1a356939302187e159f3d42303632be83830755423d446458be9d5efa3921b376c6cf35cc786a63ebb687190941c

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\tr\Microsoft.VS.PlatformInstaller.DynamicFeed.resources.dll

MD5 1e6c4801ee65a7af3691165624b7cc98
SHA1 bc6327f3060cf791f0aa606cda89191600fed6a2
SHA256 a39cf53377bb407c5d23ad5e368dac4ab8b393fb07e0b1419ca5c85a21b47a54
SHA512 dc12842d0534949a9c9700100b1e60e0ea0d7afb86fd71c6576732d84264418a046bb8c8dcf91b197dd4c4863e11d6250c816eb3ed5b23e7051ffdb3e9f275e6

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\1055\LocalizableStrings.xml

MD5 cd2ed01d3a1ef2e118e759299da34ebe
SHA1 9161d1dcc937b434d63d621586ebfdd9b3c9b502
SHA256 95f89211658fcf2572570c92cfc17102040540ce05cd8f6514eec64451d30183
SHA512 7283c546d8e85aaff4beee83151eaf4ed1f2e4886ea019250cd917655f217f77386826c4b7c8e5f1d2bd47169efade2afb2be656e0ea336b14e29b245059f507

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\ru\Microsoft.VS.PlatformInstaller.DynamicFeed.resources.dll

MD5 fe90bb7b7e858efb07d3a4f78e80d922
SHA1 8ce3c0b91411163440857ff18cf98beb94718ccc
SHA256 05df7eae944f19497e1470738215b096882bda9dd67941186071ffa5fcfea5fd
SHA512 ba6285791279e3a5dd7e330cbacdfd615473a8d9e80ccf3e0f28d81435885f4320f222e3f9e5c10645d7b1c56c5fc11b1fc6ebec1b2de072b81842e8ab3c02df

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\1049\LocalizableStrings.xml

MD5 e78a865b52f85b7d88ddc6a2788dcfc4
SHA1 98b81b07897b2b9d629635acb03e47f4d08fcffe
SHA256 94048baf9c46d4b2d23bc46226569ceb00f08590d447c305ded3003e0160d83b
SHA512 242599b99492af74508d793acd52a9a2595188466301da10f124d37131e41e7125267fde166fd689613f5992f84fb252974f3ac0ae9d61b2ae2ea2345c80daa3

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\pt-BR\Microsoft.VS.PlatformInstaller.DynamicFeed.resources.dll

MD5 34a7017ef8523e85a53e2eaa11c2a107
SHA1 9a816b6a6dafee2743d8285a49d07b41203990ca
SHA256 b50bcc88c672d88e0940d8c1c174ceddc0430db8cb427c4251d470699028fc70
SHA512 116d042d7a1c6edf6e3afa9110912246a2c24f60d54db3fc712cbdcfb734e38ea6ab9ce60411ca6fbe2786076d5acaba9a130cfb93a25737db89a5e1ce603b80

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\1046\LocalizableStrings.xml

MD5 346d6231562b3215550f43a3eb84796d
SHA1 1cb5cf4913e6383f93a87537a272492417b56c49
SHA256 1d356954b7b1c427ae1069e2a6c3d2eb6c9f683afc7a61e90e6a34cea659a289
SHA512 8cd9c5185d0780bea9e7071d0310a7c7fc358a9947c1c9861c8a3d8c59516c80762a785c0a70c77dde98c9927f40ce215f387e22830b73060890cad1db3e381c

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\pl\Microsoft.VS.PlatformInstaller.DynamicFeed.resources.dll

MD5 b83c848565d3b380bc29fb6a8173a3c9
SHA1 32494856fc0bbc89e9ee29fa55817f5174428029
SHA256 4afa53be845c7647e790e62b03c80521ebd1bb3a6fd9986eea70a72af3195911
SHA512 6540520fdcb2572c29ae996883ad7388a2350eca47f702504bed12b9d41a9e839ba1d7a92ad30cfa04a4252d31ba1d706da8b2460ac3aa4c71c528bdf0a7a0e6

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\1055\mbapreq.wxl

MD5 b0d8de284b2c7a37a72c2acc08a85a18
SHA1 1c79ff29cceacaf518992756b6c332b19064616d
SHA256 705ae382f2adbc7cf43ae22330d49ba0ab86bbf5e8a11ba466e37a851dee7661
SHA512 b633eb45ce24cfcd3f1444628c4e9becae8edfe54b53df6ef1b1dda3b7571c24c62edc13df09f3289816a69f45aadd5795ca10807780da81c6a91ae719cbf3c6

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\1038\mbapreq.wxl

MD5 f40a084c4b41d752a5c518d62abd12e2
SHA1 ead4d83879715b2eb9a00e2196406e0f3459b7d7
SHA256 43e00163c060a09c66ae65bdabd5a9943c55bbe8d11f8ddf95ba20008a605075
SHA512 d2e8c7d488ad5a7dd51a12c3abfbc90693b1488eaf72b9b9581d05cbf2e307d114a058a1f66ac4a33c66b22e329f6134f9d3e3b9da9bc2edc892a9fa3a47f19b

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\1030\mbapreq.wxl

MD5 aa3e13a2daa064e8da8cf2f4acc25900
SHA1 a3557d6f5610be69bea916264dc669cb7c6a72b2
SHA256 90680e9500a2014137d92ea0988b92ec34648d6826f18c9646a318e26bd1a511
SHA512 8dbf2931dd5fb5c4a41a019ba36ff38964acbbfb14495e61085840b170aed2b5814ed905637990003fb0758249fa89898bc0a054b77374f7d36ab587e3b9b3f2

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\1028\mbapreq.wxl

MD5 62a014e7a1a170edfde6eb539588ca88
SHA1 874667a898a911b3200d2d8e1dc539897d326d7c
SHA256 106555dd49231ffb9fab7e74043d3874448894782dc216c3fdd341abdd050146
SHA512 c7a572006592cc98545dec1a520c355aa2aa15a2ad042798054c13463986a6fee3e63a0fb79faad9f119553232761a008c72a94c6cd23af23a4912b1b12e5b73

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\mbapreq.wxl

MD5 5819f598bbf5ae49430bee060ba8ed0b
SHA1 5c58065d8fb9d58ea320d5774addc2af390c8e46
SHA256 ca7cd1bf6d433ae857dbd0e7733890a21a9c5ef282ca0e004ce57bb2e46487e2
SHA512 8ba7c1d49f1285190a313ed590582c6b9c47216d941c7b608dc8caa816f2e6ac9ba2fb79568ece5b0e2f6e1c33f253c63558c8ebb4863a9a0397f38d36c70861

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\1045\mbapreq.wxl

MD5 d62430f31ca6b21562591a6cc6ec134f
SHA1 c8fbf00d1acadb52b75e6e49a2aa76e8b85c6470
SHA256 a64afbd95664554ccf6eae2b5a45161cd1b0da7cdfd0874df0bd547968e5bc89
SHA512 2a5fb202716f20dfdfe750ae2b775f32e44a0bf16f12f3dbee6d0999b34877ddafcde696efa8e234a7a4900876fdd36336bf95f80d7a9549539a7d4e121cd0ad

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\1044\mbapreq.wxl

MD5 de3ace5cd8e4ce57b6d3379ae9e66540
SHA1 3f2ccb5ea047edaadfa5289abd70a85d9aa6dc9f
SHA256 ae7aa89299f00e43364d2627b46b78dc04f80279d8a0d905a8517c322115d21f
SHA512 29161dcd18be49ffc3552520fbcc9fdd2d3c7b98a4f05f0e89806c1db639c0fe16dd22911f05c54d61ffa9997b91b068ba98fd51902dd2d8b949dc15bdbf341a

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\1043\mbapreq.wxl

MD5 d82150bee4cc7cebffa96cdf3762e320
SHA1 f93d2d669ccbbc36a8ecee484282393aea0b7587
SHA256 41d9d9363935702730a09fa9fedf730cebc51db962e05fa4b05841840895c92c
SHA512 238bdf14a9f6a6a1177d69d8b3be2c9630a854668e22f89a880cae7cd3e481ad58744833e08592bbbc38133c4f9970b4595629cd2d9ec226032cd7d74a28ebc2

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\1042\mbapreq.wxl

MD5 4d530fbcd8a7cf63a60d2d2e79c7880e
SHA1 6309b0db699139c7ad04aca96a353d84747a3b0a
SHA256 00a5f823904e2d6849bb82f2170e798eb33898317fec7c39e2aac2452b900667
SHA512 820e15e4afddc921b9657a6e9d4bb3453af788cfa74288c0e2d5669860294f6e35233fc66ae71d23c4566f435a6b5f6ea5ce25b648f40564a133bf900fb36e26

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\1041\mbapreq.wxl

MD5 14a1279359281b86936e9bd3921829df
SHA1 dd1d1dc599900fbe3ab70b8f5938a285c050ae18
SHA256 13635769db1f48f0e5226721268b0ff2ba3f8b391da13d877c9caae08d4c58c1
SHA512 ea47f6cc219110bf7ac47c4d72c5ad5a91bcac87c1cfe628e7c750ff8afdd267d5c14af2a8806b50213c48ccafd06a8b154ca837a95db5199482e0177e26120f

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\1035\mbapreq.wxl

MD5 d16da30005059d92e295c50d145aa066
SHA1 d0d2c1cf61918ce7fdf180167507a39a0341ecaf
SHA256 3dbd6bc3779f577af30ee5005581f5c0b1c503f859502be076ce49a15f73de55
SHA512 b26468fe2c5cf7e08cd3721b512fc34cabe63d23eec46ea261fe48093f61fa28d8de88d219f62c2ba112b4ec94d1ffa004e61329bf63d47f81958060e024a7e9

memory/5292-644-0x00000000737E0000-0x0000000073D91000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\.ba5\mbapreq.dll

MD5 f7f61854e65bc49951283c9a1e52c945
SHA1 775948f5a0326f31877883a1030543c86ffb47b8
SHA256 856c96f31c63bd3a00ff7feefc3a5ccb5af7b2fa229e687519a9c5d13cd6d4cc
SHA512 6a54b2568341223db2a5747ebd8cc8a6b1cfe7601b6d894e1f641c2daceaf56784d42c00d7a8857b1d442b7744155c7848d5a63fdd0403aa4a0260603b7ad356

memory/5324-727-0x0000000003410000-0x0000000003420000-memory.dmp

memory/2964-738-0x0000000003D40000-0x0000000003D50000-memory.dmp

memory/2964-737-0x00000000737E0000-0x0000000073D91000-memory.dmp

memory/2964-741-0x00000000737E0000-0x0000000073D91000-memory.dmp

memory/2964-742-0x0000000003D40000-0x0000000003D50000-memory.dmp

memory/2964-743-0x0000000003D40000-0x0000000003D50000-memory.dmp

memory/2964-744-0x0000000003D40000-0x0000000003D50000-memory.dmp

memory/5292-759-0x0000000003AC0000-0x0000000003AD0000-memory.dmp

memory/5696-760-0x00000000033F0000-0x0000000003400000-memory.dmp

memory/5696-761-0x00000000033F0000-0x0000000003400000-memory.dmp

memory/5680-762-0x0000000003DC0000-0x0000000003DD0000-memory.dmp

memory/5680-763-0x0000000003DC0000-0x0000000003DD0000-memory.dmp

memory/5696-842-0x00000000737E0000-0x0000000073D91000-memory.dmp

memory/5696-843-0x00000000033F0000-0x0000000003400000-memory.dmp

memory/5696-844-0x00000000033F0000-0x0000000003400000-memory.dmp

memory/5680-845-0x00000000737E0000-0x0000000073D91000-memory.dmp

memory/5680-846-0x0000000003DC0000-0x0000000003DD0000-memory.dmp

memory/5696-850-0x00000000033F0000-0x0000000003400000-memory.dmp

memory/5680-853-0x00000000737E0000-0x0000000073D91000-memory.dmp

memory/5680-858-0x0000000003DC0000-0x0000000003DD0000-memory.dmp

memory/5680-859-0x0000000003DC0000-0x0000000003DD0000-memory.dmp

memory/3912-861-0x00000000737E0000-0x0000000073D91000-memory.dmp

memory/3912-863-0x00000000737E0000-0x0000000073D91000-memory.dmp

memory/5292-864-0x0000000003AC0000-0x0000000003AD0000-memory.dmp

memory/5696-869-0x00000000033F0000-0x0000000003400000-memory.dmp

memory/5680-878-0x0000000003DC0000-0x0000000003DD0000-memory.dmp

memory/5324-879-0x00000000737E0000-0x0000000073D91000-memory.dmp

memory/5324-880-0x0000000003410000-0x0000000003420000-memory.dmp

memory/5324-881-0x0000000003410000-0x0000000003420000-memory.dmp

memory/5324-882-0x0000000003410000-0x0000000003420000-memory.dmp

memory/5324-964-0x0000000003410000-0x0000000003420000-memory.dmp

memory/5840-965-0x00000000737E0000-0x0000000073D91000-memory.dmp

memory/5840-967-0x00000000737E0000-0x0000000073D91000-memory.dmp

memory/5840-969-0x00000000047E0000-0x00000000047F0000-memory.dmp

memory/5840-970-0x00000000047E0000-0x00000000047F0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\{e0f4d7cd-597b-4cfd-907f-312a212ff4e8}\telemetry.msi

MD5 6dd64872511c15efa2a500100dded966
SHA1 3ee56f2e04fc650a6a162f1bd6f1e6ded5942e2f
SHA256 a2fb21b37b980a07adc9f262cf6b7905ce7a9a703ea1957df39440a082bc77cb
SHA512 7d0f2ce803ffa3de20d31f3d309ace4324d5b92ce1d730ae5b1baaa3ebd4ee2a60a68fc0d69f4677b9562ede680bbf29df3817c4527880b2e2c3d2ee87217491

C:\Config.Msi\e5b249e.rbs

MD5 22db33eaf94c1beb2e6489bee670f2bc
SHA1 6fe1e9bac26299d0fe316bcc7a10c9a6d8e87fdc
SHA256 7aa843be417ae5e568ade93cf0d26a5ec7ca5d9e9226a8777f4a0231a6bddfed
SHA512 624d5ff8c93a92bb5f064f19396955a4310afe5b8d85fee4187e9f38b1ec77e4f65b158d8cf1ee568298ba98463692e34dd81e68cb1581ac0ab775bee4386fde

C:\Config.Msi\e5b24a3.rbs

MD5 7898345f4de5c01e7fc9763003958a8c
SHA1 09dd362344438b446fe2e30146c005029f7073b1
SHA256 9eabb6dde01b1af6262e5e69ae80718a53ff60ea31f0a5c0c5e83157bf90a46c
SHA512 976046c81ae9db0b0ecbac56ee57303ce4106c97812143e4183efec4eeed7cc50066cafbec3bceed633271ec5c5f6350c72cfe2320bcf06d6b2509398c805aa5

C:\Config.Msi\e5b24a8.rbs

MD5 66262d34df3b2dc1fe71fe412712d57d
SHA1 30a1f278eecb43e52e42a175ae8582a250175cdf
SHA256 ecb184becfda86e8b9e26b0e67567256ed2e41192669c2c73751ff2d31548cb6
SHA512 81bef8117ad6f2d1bea4071e08590d108442b2cf8f3b9c088a4b142557f574ff02a6b446904469c7423c8546280a4737c0579205e62bccb44106e765dc6fa40b

C:\Windows\Installer\e5b24ae.msi

MD5 fcc86cce441b5ecf892c4cf48740751d
SHA1 299f1420228f43c66afea6b23d4afa8e76131032
SHA256 c77de4301ae2ea3d18906e1226a16085759e2ead8275c5e7cf2aa243c9903062
SHA512 a7e84cc266b780222ce3039868a64db6a12ffe6fcdbd06da99e42ed3dfb01e3833f9a17a8f94050367fe51010b3b903b1dd1e59d2b9ddd07c21b0d7811060f7a

C:\Config.Msi\e5b24ad.rbs

MD5 f7028b58de0bf05f98c1ff5ceb5a411a
SHA1 60d872cc51658b90e1c94d69c42602ce6e63c16b
SHA256 e88220e6273e3e0d60229cbf0a33cc77641c40a93d93efdac448395b4d5bd799
SHA512 687f214d3a956a2095c1470b76caf166bfa51ce15f04752a71ead86c396fe03c6d5808257dfee509c318f03148ebf8bcd891b5c8332b3698f71a8edd0cc01e0d

C:\Config.Msi\e5b24b2.rbs

MD5 43c5c4830c3716da398b8eb87ecf34e8
SHA1 db3a62312e0f3415ff5a93de854837d178d99a36
SHA256 febf44985ac96501f6b4a9b239f2e5bb71da4dfe9dc9d3db83563a6228baad32
SHA512 a4bb28f979043f67cd807f9d2a6ce52e9b8f32c626fe91db3f99a668ef6988b15bfb871fc814951c77f36dabc20d5d0b878d2d6309e0a194e6776236ac9f6173

C:\Config.Msi\e5b24b7.rbs

MD5 51c90aa439669b8b477ab9c28659c749
SHA1 464575366b4e510e9e0065e65bc29fcad57603f6
SHA256 fc14f3cc69160d65b611adbef4ee043b8e7c492a6a5567109e47fecf7eeb0146
SHA512 59e395b40de7f84ee85975d443e8ecbc9cb54f3ed545b829c20619c5204631e8f5f2309135140fdfc77f78395ff656d940afa38ec8441c7d8441d5f82b947fe6

C:\Windows\Installer\MSI647B.tmp-\CustomAction.config

MD5 e1cdaa76ff312fc2bbe5ba00bf962d3d
SHA1 ceaa689246f56cde2539b38e58bc9c8327261c90
SHA256 25c34915dae931917d9cf8a9b7b96b2983b44898b5037dca05dd4c9c65fe497f
SHA512 98062f0354742b7a6f723c088f9f3471f710a88af77c22c8648b56ff1144417d6b35122db3cbe9a5c903dfd6361cdebf9773cf7c5418aa15ef4c636a2e7e00dc

C:\Windows\Installer\MSI647B.tmp-\Microsoft.Deployment.WindowsInstaller.dll

MD5 e40b6cf47c201a0c9258a47e3c428afb
SHA1 78924687bbb18b4d9ef12db7fd902fc446b5f3e6
SHA256 ae57179d09ec54a51208443ca0583bda3a229198c409e17544bbf8dc09efa60a
SHA512 3207c8e78f901d8ba45a7cf32e2e18b5c6e731e1bd5ea511d97893427d66a5d9cfe442f0c40db434b2b7f78ed83bf7ec816491aea0919cd44ad568e8c862c274

C:\Windows\Installer\MSI647B.tmp-\ManagedCustomActions.dll

MD5 9a91b9aac2e0793c742c0e72bcf9f869
SHA1 dd90c49ec5a1010fcaa98889c969c3f30df14399
SHA256 f4b3f64979803b28aff1269d16ce1e8668227c718d313d19a389389c0c593eef
SHA512 dd7695be34ec0ff3232ad7523070290fb6e41ec1bbf1c9d80b0964e366e2423411e0ef9b1fb1306359bec83822189b10447896c77eb61ee5df94bc716924cd43

C:\Windows\Installer\MSI6BB0.tmp

MD5 2d9a85567f0fd8ead66fce5e3e0454de
SHA1 d541e1fdce7cfcd45f3e37dc9ef402b9c297527f
SHA256 7094cb352b89973d8814aa59fcd02b108224114ad72f97edf890d2032039defa
SHA512 a5688ef48a0254b0c94f20a39affff3b9e4e7578f4f3783119081a98edaeadba98b44c1f62fc67fde1abb0d77453d083e70c730afb4fcfe469a885c577f108a1

C:\Windows\Logs\DISM\dism.log

MD5 2e61bada791b4c19e718e83a3e4bde45
SHA1 e66d944e70b1ba8a309cc175f7700cba36ca28ab
SHA256 ceee7a6b37b1ecc659df4fc4523025bfbd592d54ebf6f822d18e283dd4d9b3a0
SHA512 3eafcf5f0093debc11477e873ca6f34bb8598a3dbf30f9833113056c4c4a86ec2340757b31815219c5d58fb6612e5ba4a7b7f081e84ca69bd5c10e7d29acd8f6

C:\Config.Msi\e5b24c0.rbf

MD5 1faf5ff74c288a25c4e3f95b7c1eaef1
SHA1 86f9d2b4c6d7858d3621d89d6348b9040333ad18
SHA256 8a4ead3c51ebc502a0d0dccff97909e99d62eb1b0658dbeec671fa5c61440274
SHA512 9673cd72ed4c53669d0d6d80a12d155881ffa2bfb051ad81f966d7179e8730f708d6f062dbd7589ad6a7d49ca23d11fd22d2fa686792d6e82e71e8b8c1a1adec

C:\Config.Msi\e5b24c1.rbf

MD5 6adbb4634a2cff0e3072df02e07684a6
SHA1 694cc54dd04810f02bd63c4e89f82854ab0c8db4
SHA256 961662287335ff1930632f56be615437a4d83562b23fa236d35b73676d99ff0e
SHA512 353ae970c00d24e5757c6889ac62b9dc438868d2a230705f54b757200aa470dea50281cc0a63dc08193dcf4f8b28ca63b0064587ee849cfd7a06846375890d32

C:\Config.Msi\e5b24c2.rbf

MD5 0f0b34d98d3db8053a8e85580c8ad435
SHA1 2436700afafa703009c4c48d524bf94cedf8d6cd
SHA256 1a8fb5af8660d2c39ebbd76a0b5d7f48bb168cc92e42f598af94c8ef7d45704c
SHA512 5b9d7d94a6873fed28eeb6e3060601d91813f04b4b316897c172c736552c7a9d8d6a67afeb70eca76a8464b7bdbfa9ab879ec18646bd50aeda7d1b722a8e5082

C:\Config.Msi\e5b24c5.rbf

MD5 d01819bfe03222dfa9e35a36555b6b6c
SHA1 25f8069590b14724f28e6a04b8a42e4ef4a8562d
SHA256 5f29e16edff5379e93d5be9bee4cddf98132b84326027688511ac0f3157aaf94
SHA512 e63901f39315972e446768f2c14b4279cf1dd382f97ac90c444c4d858c2a486736a259c47245026b11e5c0846310e7da020bf2466ea91aa0a15d22cb67b37477

C:\Config.Msi\e5b24c4.rbf

MD5 43f5392fbb44982e5d043943176b1e99
SHA1 11ef82961b91f85689f6a5da94d0d5c32f329835
SHA256 3e62c3d03ff7d8dc731276d09be8cb2f0d817d34431c259c8fabadb2783bbd1c
SHA512 70e31bfbd69539722afd25db6f9e6104e899cdee39d3bc06754493b80e69537558bb79b73e2ee89de2e5c7bd848ca62e671eacadf39ac964cca1ee3664f6efdb

C:\Config.Msi\e5b24c3.rbf

MD5 43dc9a5a7e3b37c46d4c539ccd42beb8
SHA1 5e2fec8c01e1605b1e27c166637dcfd9f185e06c
SHA256 470f1791b6a5f21907cf6ef02d52008113aba9358b37a52a9a8f38b4842eeed4
SHA512 ef8a74deb992794f7926f0d699579af06ef9c1e8c8e884e398dec5112bd2d7a534649f843f3f029ea6a01cd3c9f2a2461ae31cc0a326fbd4351a472b18090a10

C:\Config.Msi\e5b24c6.rbf

MD5 6aa2393ff1fde1a61d0cf51730428f74
SHA1 3c847a95a6547aa49919789d7a0cb6ed76122849
SHA256 92f1d0d6ccfb0d030789f3c5c636fcdd08f6d0541a5a54f185e8ecd85592e3f9
SHA512 1af984ec56885cdea9a0e379d659b65196713571377e2db267259dbc1f8748f1a610b0183a8fea3730f0049c3468f632240475730563c6413cbc88cc76032d91

C:\Config.Msi\e5b24c7.rbf

MD5 7ffc52e4fa90298b49068bf7d1b9c0df
SHA1 a2a83da7c0b63cc5cda1d1f05605fdc6572b4bbd
SHA256 e23069e79edc47039c3c3ec5f1d633aa7ce7d9dbbe8b7aff10faf48c66afc706
SHA512 fcadcd6c02235a6c92d4ffac92db0be4d9a5f88919bcbdd61ce10b71dba1f1f313b0f84346ea07302d89601887eaa51e4078faa127a8c5f2d2599ef26be8c34c

C:\Config.Msi\e5b24c8.rbf

MD5 cbd6029abaa8e977d3b7435c6f70dd0e
SHA1 ebb89d4d7659ef77b658a86ad00dba0ead869f4c
SHA256 0edfac6be11732ddd99db66821ee47408c2dc1e9bed68e5ef9a8e130c565b79b
SHA512 96754c8a846311ca59f8ec38185c2a204017bc8bc73bae1fdee63b66f3cc459017ed34ca164b53d625abfae683683b278e1aaa66346023018411ae70fe9e8059

C:\Config.Msi\e5b24bf.rbs

MD5 b10c75af173c26c9341fe58275e4882e
SHA1 27e420bc478cf3fe36701b031a89f42222f9af28
SHA256 07b950558c73050cd8539c7285e907d9a5724bb6feaff04dc11a1c444a5a477f
SHA512 99e1acf72b59de82f11dc045fe570b91073e053940a1920898f9c3480c78720a4504eeb8607def0a107019e73bed471683ece044d264fefaf73f8c0f38b16501

C:\Config.Msi\e5b24cc.rbf

MD5 3a0a1680dc2876823aa80a68b68335c8
SHA1 8ce38107919f2d543df8cb02eb2454490f7622df
SHA256 88541ea18f520e7017d70fde07847536e198dea0bdb26ba18465094a70b185d0
SHA512 bf53b3d6a23bbd9633744d75ad3b7b86c6b9b8fa503a76279a131c3ab56e91d57f0cd4e946e7384a074b416f74e7ba01ab5110cc4046a9c08112ab09e4dd027a

C:\Config.Msi\e5b24cb.rbs

MD5 924499afa5cf7fef714f3b25557f99f3
SHA1 1fa3370303fec38c7c4e2a702186817007a6d724
SHA256 bc761c7ebd7bcdf59f0505ee26cfcdda05d8403cc342853bab5b7689c421df37
SHA512 946bc2b165db531380f9b041b58b6b2badb7f5b51834102c6655c3d1ca43ed1b01d46a460526612b0db4bd03a702b658f7b337e5286b76a738082d670c1f8040

C:\Config.Msi\e5b24d0.rbf

MD5 8d665489f70f78d24cad772d63ee1512
SHA1 513884e6ac025b36b0ca0671915ca8339ae11b77
SHA256 a67f127ae488810aa1fc5050ed86424531f9dd64b82ac8229569fe220fc65cca
SHA512 48a676504e3433c94ad860fb59def7dae8f2a718fa570b26992c528b35e412636ea6ee8fbe9c3baf2d0a99cfbbdbe3b0d9586e49f67f019ba05d007f625901b7

C:\Config.Msi\e5b24d4.rbf

MD5 12a443d4bf5bd1b642e4f967b7a452d4
SHA1 6a99783bed43f19b42aeafef623d13f00c08c094
SHA256 863fcf7b0625457778d49c1cb4c34e28118cb0ff298e3ed56f3d37152e1adae2
SHA512 b68c20f9905ef648c5fc146bb8a3c8d47f2ae050691692b8ff4c8194b32bbb20c9b2633864596058145d8a448f16726eccc15b25869b5843dfa9064ea330a6c6

C:\Config.Msi\e5b24d3.rbf

MD5 5b62fbc903096881e6e19a2bc537b062
SHA1 a5932296fb9417bff122836003245fcc529a0cd6
SHA256 b3ea1bff568fff518217a89ad2d577606346ba70089ebabcfb5d6e105053bb04
SHA512 c5aff181e7b0ad3b11138ffa7e5d0ddc77cb5f80839d77347439b659dd07a3038d6b32a4a4e8359b17fa6690c85adc72198d71f642dcd9180c75c41811ac22c4

C:\Config.Msi\e5b24d2.rbf

MD5 0326949d3079617583b3ee56e74f4623
SHA1 2e8b6e4d0f3b4650c9354f3a3ce56f1c609dde23
SHA256 3a3dc9eb60333d80060be3048a0e9ee4b7c19f6cc2221b2777a532d66106ecb2
SHA512 8f2403c512a27db64f4e927e4fae5e433340825c832ed745f0584d80c916b2532278d622d7b5d0d02f16419b89782d4f8d5147f8a075c2e54c623b9db51abea6

C:\Config.Msi\e5b24d1.rbf

MD5 7019d436b84cdbbc298dbddbc45c01ed
SHA1 0cb998abef6a9915ea117d0d4f104cb29fbf5774
SHA256 1a8090a0a598b8bfd09ca05154554dd80fec04397c606c25b06e0b69e1222ada
SHA512 d0a21ac59553d7def637ca7ca68562207766a8d3849e6cc23777dd1dd04be750897363e4fe7a3524134d418787e3329708933060378b9146fbd8a2b679d8bde9

C:\Config.Msi\e5b24cf.rbs

MD5 b7615462ea8ba036a2baddfb828f51be
SHA1 9d518388c9a98c65cac45d64fa6da3dee18882da
SHA256 1faf46a711ee4ed2c07624b74f09b19acf292aa4aefd9d649682a50e56461be8
SHA512 18f9679f01846ac9fd65a08a69c5219bcf33a862cd683a0ce487cfce441d2df41f6d64e3d5ef4168398ecb22b206c561a8f78575cd5f75de40694de983be0fd6

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Emulator for Android.lnk

MD5 24db7cc2133c3f86f5749eb49b6e50f5
SHA1 8c187f5f0b68be9af9af77c2b01cf85773caaa6d
SHA256 64d98b08c4bbccc17c259b6f6d6ab7614dcde31619dc0b9f72b6664ca11ff988
SHA512 a1135012dbdfba0b79a8a8476fde73c1dffe3a51bed6daa0acf5bc10c770754de11a8451b6a1ac1643034bac5665726e5622b656acf72bebd02fe4ebf19fbbc4

C:\Config.Msi\e5b24da.rbf

MD5 308110161844a22cfa77760a122c21c1
SHA1 5c4b963255a7bca284b428c96be91f0b21cc7970
SHA256 1d6e6d5b0830dd0de008ed2b5d27bbb25bd6df5bd240e873a1ed7808003c473b
SHA512 6183615186cb98d4b40e243e3bea094d2de6fd8c9b88ceb17322885cc4233de69bec59b7b3e40877d30a2cc9e9be38025c96b41327a61ee4aa693740ca49c07a

C:\Config.Msi\e5b24d9.rbf

MD5 90f87dd37458b414cfab6f677bfb9221
SHA1 9b49b81cc91f4e20fa6895a14d8f7dfa2a43149d
SHA256 37d0aa0e1e61c21cd7442536c63e7ddd131de9c60f864e72d88a99ae76d9b88a
SHA512 1297594d5c55a577a73ad921f4e6d0b0fe792f5d761e59fb0bf6a108c664afcca57865b570db6ce53878774e6802333e419e3399ccbb44c061cd078530ebf1b3

C:\Config.Msi\e5b24db.rbf

MD5 ff3d617a457a682c37c14579386688c2
SHA1 80b33f5d52131b5f4f979db8d4c0f8f2bb2b0739
SHA256 3a2d27f27345ea629928e2cf281422ca84b60188729ec34465332db4d5d86f2f
SHA512 8fd9198589a973d727b7b873b3fd598aaf99023b140260bdeaf5f1284f2af8311554dbbb0283676b6957a979b6c178112a7a7503388c972e7bb41b4b0b8301da

C:\Config.Msi\e5b24dc.rbf

MD5 a0193d653a950efe196e9fbeaebcdec0
SHA1 8b2a7813db5b3c939e45541e527310611742a17a
SHA256 1911d5f3beaeeb37a6fea97601ad0a7b0f79638dd517ebb1fa1268ac9b17862a
SHA512 595c5714142309ca6756586734550e8ac25a8c21199ad84624761e1fcc6bd975af3031582e498a831ebcfb4fb8d28ae25a8efd1baaa0ed35d8cb6c0aa6acdef6

C:\Config.Msi\e5b24dd.rbf

MD5 e329306bf91a282781ad265910a17140
SHA1 aecfb4914469c84d640e34016ef9110ae64b07c8
SHA256 1e2914322a00ff34ca815fff4de5e746722600cf2a5b2503df8a8b09f6ca36ee
SHA512 b407e3c0f3c09671a3383a24a93b64f58ec1b1c66f45d9e6a5decdf3225a8a87d1f459c28f5f966521b18601f51c4b6cbb92c366fd4b8b676458d8e006de68b7

C:\Config.Msi\e5b24de.rbf

MD5 7d46e7e05cc00fdf5f94bf97b6dbf5c8
SHA1 9f8dc5803309be469cb31911043898921e631109
SHA256 61674f330f48d8aa91526441d7f3478fc5a1d57c1c03e8bf6ee6cc732df20576
SHA512 03ad69e99e31f2c6bc66f36ebcbf5fd767aa80fa538b84decc79fd7cec20088998ea380014244d590e6e3195cec81632ceee87098520ff996a32b32a49c3425a

C:\Config.Msi\e5b24df.rbf

MD5 5003432c9345ece56e9278ee275ce420
SHA1 c94faa54afe114573768cf5762bbc5839fe2caf8
SHA256 73ffc10f74ed5c68e92e39d19ee6321101eea276db6cc04cb2330d03f6f7cb6d
SHA512 83411ea3da13c64b2935285596060921ac5fbdc3f85ed74d8214d71fa7e2502fbbfb1ce398d35dc5123a61f7267f793f4a54e7aafe4db34049692cd9aa6e49b4

C:\Config.Msi\e5b24d7.rbs

MD5 c106b8e64c1f3f8829ba8c22505dd029
SHA1 1dfeb446b6339a11e849f0ca3ffcd00ff2afe6ea
SHA256 feaabe3fe38c107250b537b716d589f853885b2f9a0354c123b10436829e8c51
SHA512 266f31c3ae8e9c2b4510c6534ea246e26834be9fea030facf832fff721db1e601a1cdc66aa19f9381351deef1ede45b17a3b7be531b4fe842daa7f319757f376

C:\Config.Msi\e5b24e3.rbf

MD5 841e15583240a7c513802f5038d55e69
SHA1 6e33d89b010d11d890a010c2417fe1fd1e98ebf8
SHA256 2d861b7cfa6a1cf7b45257bde49476438da6d17ced55ca71fc77168b8158e351
SHA512 0fa2a528469330cbbe9bb8dd0c483b7771136f9628022e6d6ce51be9e3780e0c631880b40a82673b9330ac4ca05b6e39f86157f7c5330d6e66b243304c6a1083

C:\Config.Msi\e5b24e4.rbf

MD5 40744ba156bced275d2a13afe9347d01
SHA1 4564835545de5263180a2c4c2aeef7f377e6d9c5
SHA256 055b00bfbe501db8bcaed7851a1d617044f0eee63cd60ec656625b708444cc95
SHA512 109176856bdf38f8573b351fd7807ff747c85fc6cab08e6ac6719a5bde0c0f80329ef9e5626a7b24f5e3f9bcd24a1cdf444d921ddb835bd2a4e7c1fa2ca46c6d

C:\Config.Msi\e5b24e5.rbf

MD5 fa0b6757d919d24a0e5b6b3847e37752
SHA1 4348498ae5d2deee10bfe63e2a36e9c8008c06c9
SHA256 8cca0fc0bc33aff711e77cc7c96a61b8e29de217db7c59ec52bc88d98140effa
SHA512 cde011095c84e6dd6eb5304f023c6ce421600c236939eb7cd65672efb0584fcb957a27b47edf6f3a5704f3eddc2a7d90380bc071bbbcbdbcb5cd6fdcf5d30ed2

C:\Config.Msi\e5b24e2.rbs

MD5 fce70b75249e6e61f5c381d320cf6105
SHA1 8c8081a043ec85ad7032729182090df1ecb9b8f5
SHA256 3759ec82d650254d335d5ee6c787723be90fd1857203ab4955f9bacfe0c81b65
SHA512 16b55e3f1b0028040d96557bec24cdda661c0274228b815e8c3fd26baacef592d4a68266eb2ee1c2ed3bab5c1f1a349dd30301bca5c44b6cc2e46233facd7133

C:\Config.Msi\e5b24e9.rbf

MD5 5571b643aba34575177522233285b5a6
SHA1 f303876df0cb2b2050e91c13380225ec6eab2a7c
SHA256 6270ff094d6d905a57dca6caec56b0f0b4a9375bb2b90c4ee59cc396641bfbe9
SHA512 16eb86373f75433a5845c702d7e0f3b8effdbe141c587ffb76244959b9e522c981a329896a7906422543e9b909c65efbbbeb632e3ac6cbfb966aa54865d719cb

C:\Config.Msi\e5b24ea.rbf

MD5 1d6618b6a528db6c969f51e6019e59c3
SHA1 92c6e148504ffc8086a0892e47ead83aaa25023b
SHA256 a81e6b6a8397f6151a49f01861d769e319840a958a27446fdbb105d913969537
SHA512 fe2f4afbdd88f2be3102c03eaf82c8bec144be45894e59928b44fe6a3e1723501cf375c524696a2e660057d09a381bd499bf5ae1ffb8f9b8d4390594152bbdc2

C:\Config.Msi\e5b24eb.rbf

MD5 2ff2ff8865f576573caee418fc158dd9
SHA1 84286520f8cba1a8e66cb164d824138f0d7737d3
SHA256 7957bb4d809c8619c65af420039050f41b7936645575b4f1fbf25b6dd5d3733b
SHA512 62059435ff2b8c5f92d4afddb3e4f13d356533d8341c9cf49459f139ae0b1d2cbb6ce26d7a1a46db059a0e67d5b0ac8553e8129d5e6b93b1b99dcd3491556e5c

C:\Config.Msi\e5b24e8.rbs

MD5 08740b8ab4feb4a7d51f81f4d26f5065
SHA1 02eeeaedba254d830a761ad688c54d0166bbf761
SHA256 f139f0b48e5b6f44ba3d72192f8e865f86fffa7a1520fdc291e5a7941715ace3
SHA512 17f6ed180060d398517bbf518e9c0b87fdc87f24cb65aa495ee477dc98346d060c123e899b63763e32e06406fd1b3a95dedbcee4e66d3e4c1e903797fe05f3a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 13a3d35f6b69773d23356e6f61c2b71c
SHA1 505df295c34e94df95ce8f2f05d1b6d0acf347ae
SHA256 8b38308146e0205270f2ea7114a4315a26b6ac93931f7b4cb9ddce9faea41ade
SHA512 1b4643a69977a1e42d4d19bf2aac67a758bc50a0c434d6fabbcef375501a985003cecd5724eb429d0b8a3fec6d1ac8797d8e159911504d06be5e11956bb25ccc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8943fde5b047aef11028706f22daa399
SHA1 e3286378bcd6e07cccced81065bf8338926d8fe1
SHA256 04b1adc266173dcf7eb4c327cad4e1671bbd0462b3e375e7e26446c66f6a7f48
SHA512 04f83b92f2003f8780e9a46d6af104fc6f05c9b2d795113c23f6a0e172c852a36893d09de96981a95ab1b3c9c9c0f38bcabe5a8254698bcb82e2c111ab112b13

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5c3417.TMP

MD5 e5812e36b0cf933e45b890249611009b
SHA1 d3741f16a5b81f95b9ae3b17c72025d0e9436921
SHA256 728c103ade681106f30cc78bbc15bb0dc72f13ba14990d2f47b031094aeb43c3
SHA512 830d50c4fea3801fcb43cc936f4557504111cd7772d20ab51e247eb1813d91ab8a2586e255d42254242c776f65a9765248dc96117eb69d564c74b43123709239