Analysis

  • max time kernel
    3600s
  • max time network
    3503s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-05-2024 12:08

General

  • Target

    VisualStudioSetup.exe

  • Size

    3.8MB

  • MD5

    ac8dc6d9741dc336600a88a322cb8020

  • SHA1

    cfd69912632bcb3f027ab6a713c760042090a3c6

  • SHA256

    d2758c971053a68c0d209f9965af3420a85cbbe1969e4b5870145bb624bd1f53

  • SHA512

    d3ebe0f838ee93c0800eae9c778fadb28e8b08fba89aff06975ffba2560d910f7f17fefbaa9913efcd3f744947978410a41ec953a788adb02a7214bb8a76754a

  • SSDEEP

    98304:bEbidYUhefyW9dfuejQFKH3JR8zdJwtrJMr:LyryIH3/8zUtrqr

Score
5/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops file in Windows directory 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 21 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\VisualStudioSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\VisualStudioSetup.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:2360
    • C:\Users\Admin\AppData\Local\Temp\ea5a24781d1469dac08971\vs_bootstrapper_d15\vs_setup_bootstrapper.exe
      "C:\Users\Admin\AppData\Local\Temp\ea5a24781d1469dac08971\vs_bootstrapper_d15\vs_setup_bootstrapper.exe" --env "_SFX_CAB_EXE_PACKAGE:C:\Users\Admin\AppData\Local\Temp\VisualStudioSetup.exe _SFX_CAB_EXE_ORIGINALWORKINGDIR:C:\Users\Admin\AppData\Local\Temp"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks processor information in registry
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:436
      • C:\Windows\SysWOW64\getmac.exe
        "getmac"
        3⤵
          PID:4452
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc
      1⤵
      • Drops file in Windows directory
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      PID:448

    Network

    • flag-us
      DNS
      104.219.191.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      104.219.191.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      73.31.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      73.31.126.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      az667904.vo.msecnd.net
      vs_setup_bootstrapper.exe
      Remote address:
      8.8.8.8:53
      Request
      az667904.vo.msecnd.net
      IN A
      Response
      az667904.vo.msecnd.net
      IN CNAME
      az667904-pme.azureedge.net
      az667904-pme.azureedge.net
      IN CNAME
      az667904-pme.ec.azureedge.net
      az667904-pme.ec.azureedge.net
      IN CNAME
      cs9.wpc.v0cdn.net
      cs9.wpc.v0cdn.net
      IN A
      152.199.19.161
    • flag-us
      GET
      https://az667904.vo.msecnd.net/pub/Default/v2/dyntelconfig.json
      vs_setup_bootstrapper.exe
      Remote address:
      152.199.19.161:443
      Request
      GET /pub/Default/v2/dyntelconfig.json HTTP/1.1
      Host: az667904.vo.msecnd.net
      Accept-Encoding: gzip, deflate
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Accept-Ranges: bytes
      Age: 188
      Cache-Control: public, max-age=300
      Content-MD5: D2DBeFv//YI/p+dVgBtgMw==
      Content-Type: application/octet-stream
      Date: Fri, 31 May 2024 12:29:18 GMT
      Etag: 0x8DC5E449131B661
      Last-Modified: Tue, 16 Apr 2024 18:39:36 GMT
      Server: ECAcc (ama/48D1)
      X-Cache: HIT
      x-ms-blob-type: BlockBlob
      x-ms-lease-status: unlocked
      x-ms-request-id: 33be0574-701e-0035-2155-b3477b000000
      x-ms-version: 2009-09-19
      Content-Length: 20426
    • flag-us
      DNS
      az700632.vo.msecnd.net
      vs_setup_bootstrapper.exe
      Remote address:
      8.8.8.8:53
      Request
      az700632.vo.msecnd.net
      IN A
      Response
      az700632.vo.msecnd.net
      IN CNAME
      az700632-pme.azureedge.net
      az700632-pme.azureedge.net
      IN CNAME
      az700632-pme.ec.azureedge.net
      az700632-pme.ec.azureedge.net
      IN CNAME
      cs9.wpc.v0cdn.net
      cs9.wpc.v0cdn.net
      IN A
      152.199.19.161
    • flag-us
      GET
      https://az700632.vo.msecnd.net/pub/RemoteSettings/RemoteSettings_Installer.json
      vs_setup_bootstrapper.exe
      Remote address:
      152.199.19.161:443
      Request
      GET /pub/RemoteSettings/RemoteSettings_Installer.json HTTP/1.1
      Host: az700632.vo.msecnd.net
      Accept-Encoding: gzip, deflate
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Accept-Ranges: bytes
      Age: 239
      Cache-Control: public, max-age=300
      Content-MD5: r2VEnbROzS+09ITKmFOIuA==
      Content-Type: application/octet-stream
      Date: Fri, 31 May 2024 12:29:18 GMT
      Etag: 0x8DB348D7B945BFF
      Last-Modified: Mon, 03 Apr 2023 21:50:47 GMT
      Server: ECAcc (ama/4897)
      X-Cache: HIT
      x-ms-blob-type: BlockBlob
      x-ms-lease-status: unlocked
      x-ms-request-id: ff03cb87-001e-0056-5655-b32a4a000000
      x-ms-version: 2009-09-19
      Content-Length: 1683
    • flag-us
      DNS
      161.19.199.152.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      161.19.199.152.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      56.94.73.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      56.94.73.104.in-addr.arpa
      IN PTR
      Response
      56.94.73.104.in-addr.arpa
      IN PTR
      a104-73-94-56deploystaticakamaitechnologiescom
    • flag-us
      DNS
      targetednotifications-tm.trafficmanager.net
      vs_setup_bootstrapper.exe
      Remote address:
      8.8.8.8:53
      Request
      targetednotifications-tm.trafficmanager.net
      IN A
      Response
      targetednotifications-tm.trafficmanager.net
      IN CNAME
      tn-api-prod-westus2.azurewebsites.net
      tn-api-prod-westus2.azurewebsites.net
      IN CNAME
      waws-prod-mwh-053.sip.azurewebsites.windows.net
      waws-prod-mwh-053.sip.azurewebsites.windows.net
      IN CNAME
      waws-prod-mwh-053-6a6c.westus2.cloudapp.azure.com
      waws-prod-mwh-053-6a6c.westus2.cloudapp.azure.com
      IN A
      20.42.128.98
    • flag-us
      POST
      https://targetednotifications-tm.trafficmanager.net/api/values
      vs_setup_bootstrapper.exe
      Remote address:
      20.42.128.98:443
      Request
      POST /api/values HTTP/1.1
      Content-Type: application/json
      Host: targetednotifications-tm.trafficmanager.net
      Content-Length: 500
      Expect: 100-continue
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Content-Length: 10788
      Content-Type: application/json; charset=utf-8
      Date: Fri, 31 May 2024 12:29:20 GMT
      Server: Microsoft-IIS/10.0
      Access-Control-Expose-Headers: Request-Context
      Cache-Control: no-cache
      Expires: -1
      Pragma: no-cache
      Strict-Transport-Security: max-age=31536000; includeSubDomains
      X-API-Version: 3.0.257+6d12f875b4
      X-AspNet-Version: 4.0.30319
      Request-Context: appId=cid-v1:17488bd9-4fe9-4874-910a-dc8bcb1feb58
      Arr-Disable-Session-Affinity: true
      X-Content-Type-Options: nosniff
    • flag-us
      DNS
      98.128.42.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      98.128.42.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      88.156.103.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      88.156.103.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      154.239.44.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      154.239.44.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      133.211.185.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      133.211.185.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      86.23.85.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      86.23.85.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      15.164.165.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      15.164.165.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      vortex.data.microsoft.com
      vs_setup_bootstrapper.exe
      Remote address:
      8.8.8.8:53
      Request
      vortex.data.microsoft.com
      IN A
      Response
      vortex.data.microsoft.com
      IN CNAME
      asimov.vortex.data.trafficmanager.net
      asimov.vortex.data.trafficmanager.net
      IN CNAME
      onedscolprdaus02.australiasoutheast.cloudapp.azure.com
      onedscolprdaus02.australiasoutheast.cloudapp.azure.com
      IN A
      104.46.162.226
    • flag-au
      POST
      https://vortex.data.microsoft.com/collect/v1
      vs_setup_bootstrapper.exe
      Remote address:
      104.46.162.226:443
      Request
      POST /collect/v1 HTTP/1.1
      Content-Type: application/x-json-stream; charset=utf-8
      Content-Encoding: gzip
      Host: vortex.data.microsoft.com
      Content-Length: 2436
      Expect: 100-continue
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Content-Length: 17
      Content-Type: application/json
      Server: Microsoft-HTTPAPI/2.0
      Strict-Transport-Security: max-age=31536000
      time-delta-millis: 44786.7382
      Access-Control-Allow-Headers: time-delta-millis
      Access-Control-Allow-Origin: *
      Access-Control-Allow-Methods: POST
      Access-Control-Allow-Credentials: true
      Date: Fri, 31 May 2024 12:30:02 GMT
    • flag-us
      DNS
      226.162.46.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      226.162.46.104.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      mobile.events.data.microsoft.com
      vs_setup_bootstrapper.exe
      Remote address:
      8.8.8.8:53
      Request
      mobile.events.data.microsoft.com
      IN A
      Response
      mobile.events.data.microsoft.com
      IN CNAME
      mobile.events.data.trafficmanager.net
      mobile.events.data.trafficmanager.net
      IN CNAME
      onedscolprdneu13.northeurope.cloudapp.azure.com
      onedscolprdneu13.northeurope.cloudapp.azure.com
      IN A
      20.50.73.4
    • flag-ie
      POST
      https://mobile.events.data.microsoft.com/OneCollector/1.0
      vs_setup_bootstrapper.exe
      Remote address:
      20.50.73.4:443
      Request
      POST /OneCollector/1.0 HTTP/1.1
      Content-Type: application/x-json-stream; charset=utf-8
      Content-Encoding: gzip
      x-apikey: f3e86b4023cc43f0be495508d51f588a-f70d0e59-0fb0-4473-9f19-b4024cc340be-7296
      sdk-version: VSTelemetryAPI
      NoResponseBody: false
      Host: mobile.events.data.microsoft.com
      Content-Length: 3587
      Expect: 100-continue
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Content-Length: 9
      Content-Type: application/json
      Server: Microsoft-HTTPAPI/2.0
      Strict-Transport-Security: max-age=31536000
      time-delta-millis: 32108
      Access-Control-Allow-Headers: time-delta-millis
      Access-Control-Allow-Methods: POST
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Origin: *
      Access-Control-Expose-Headers: time-delta-millis
      Date: Fri, 31 May 2024 12:30:02 GMT
    • flag-us
      DNS
      4.73.50.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      4.73.50.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      43.56.20.217.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      43.56.20.217.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      57.169.31.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      57.169.31.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      11.227.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      11.227.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      tse1.mm.bing.net
      Remote address:
      8.8.8.8:53
      Request
      tse1.mm.bing.net
      IN A
      Response
      tse1.mm.bing.net
      IN CNAME
      mm-mm.bing.net.trafficmanager.net
      mm-mm.bing.net.trafficmanager.net
      IN CNAME
      dual-a-0001.a-msedge.net
      dual-a-0001.a-msedge.net
      IN A
      204.79.197.200
      dual-a-0001.a-msedge.net
      IN A
      13.107.21.200
    • flag-us
      DNS
      tse1.mm.bing.net
      Remote address:
      8.8.8.8:53
      Request
      tse1.mm.bing.net
      IN A
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239339388236_1HL4SRJ7X21NUOQZ9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239339388236_1HL4SRJ7X21NUOQZ9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 478960
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: F358B25B486244A58A960CB578EA94BF Ref B: BRU30EDGE0520 Ref C: 2024-05-31T12:31:06Z
      date: Fri, 31 May 2024 12:31:05 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317301361_1A941B3C9LQ8KN2OI&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239317301361_1A941B3C9LQ8KN2OI&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 585469
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 21FA215CBD6543318D8507103EFBA714 Ref B: BRU30EDGE0520 Ref C: 2024-05-31T12:31:06Z
      date: Fri, 31 May 2024 12:31:05 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317300928_17TNF1GROQEVAAS47&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239317300928_17TNF1GROQEVAAS47&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 527319
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 146EFA211F024DF899238B8A20359065 Ref B: BRU30EDGE0520 Ref C: 2024-05-31T12:31:06Z
      date: Fri, 31 May 2024 12:31:05 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239360259211_1RHQV0P5DTUS9XFSL&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239360259211_1RHQV0P5DTUS9XFSL&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 562299
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 71299D61CF814FBF9D11436ADD64DF7A Ref B: BRU30EDGE0520 Ref C: 2024-05-31T12:31:06Z
      date: Fri, 31 May 2024 12:31:05 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239339388237_16CFOYO7VUY1K6DRH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239339388237_16CFOYO7VUY1K6DRH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 443021
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: FF76B1A6729041DABC52DB7DAAA2C9CD Ref B: BRU30EDGE0520 Ref C: 2024-05-31T12:31:06Z
      date: Fri, 31 May 2024 12:31:05 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239360259212_1BAR08KBTVWDNYB0F&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239360259212_1BAR08KBTVWDNYB0F&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 439394
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: CA9F4A31A5A148D38C4EDF31F34BA84C Ref B: BRU30EDGE0520 Ref C: 2024-05-31T12:31:09Z
      date: Fri, 31 May 2024 12:31:08 GMT
    • flag-us
      DNS
      200.197.79.204.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      200.197.79.204.in-addr.arpa
      IN PTR
      Response
      200.197.79.204.in-addr.arpa
      IN PTR
      a-0001a-msedgenet
    • flag-us
      DNS
      11.173.189.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      11.173.189.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      74.19.199.152.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      74.19.199.152.in-addr.arpa
      IN PTR
      Response
    • 152.199.19.161:443
      https://az667904.vo.msecnd.net/pub/Default/v2/dyntelconfig.json
      tls, http
      vs_setup_bootstrapper.exe
      1.5kB
      28.4kB
      23
      34

      HTTP Request

      GET https://az667904.vo.msecnd.net/pub/Default/v2/dyntelconfig.json

      HTTP Response

      200
    • 152.199.19.161:443
      https://az700632.vo.msecnd.net/pub/RemoteSettings/RemoteSettings_Installer.json
      tls, http
      vs_setup_bootstrapper.exe
      1.3kB
      9.1kB
      17
      20

      HTTP Request

      GET https://az700632.vo.msecnd.net/pub/RemoteSettings/RemoteSettings_Installer.json

      HTTP Response

      200
    • 20.42.128.98:443
      https://targetednotifications-tm.trafficmanager.net/api/values
      tls, http
      vs_setup_bootstrapper.exe
      2.1kB
      17.3kB
      21
      28

      HTTP Request

      POST https://targetednotifications-tm.trafficmanager.net/api/values

      HTTP Response

      200
    • 104.46.162.226:443
      https://vortex.data.microsoft.com/collect/v1
      tls, http
      vs_setup_bootstrapper.exe
      3.9kB
      5.8kB
      18
      21

      HTTP Request

      POST https://vortex.data.microsoft.com/collect/v1

      HTTP Response

      200
    • 20.50.73.4:443
      https://mobile.events.data.microsoft.com/OneCollector/1.0
      tls, http
      vs_setup_bootstrapper.exe
      5.2kB
      5.9kB
      19
      21

      HTTP Request

      POST https://mobile.events.data.microsoft.com/OneCollector/1.0

      HTTP Response

      200
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
      8.1kB
      15
      13
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
      8.1kB
      17
      15
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      1.1kB
      8.0kB
      14
      12
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
      8.1kB
      15
      13
    • 204.79.197.200:443
      https://tse1.mm.bing.net/th?id=OADD2.10239360259212_1BAR08KBTVWDNYB0F&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      tls, http2
      107.9kB
      3.2MB
      2315
      2311

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239339388236_1HL4SRJ7X21NUOQZ9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317301361_1A941B3C9LQ8KN2OI&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317300928_17TNF1GROQEVAAS47&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239360259211_1RHQV0P5DTUS9XFSL&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239339388237_16CFOYO7VUY1K6DRH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239360259212_1BAR08KBTVWDNYB0F&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

      HTTP Response

      200

      HTTP Response

      200
    • 8.8.8.8:53
      104.219.191.52.in-addr.arpa
      dns
      73 B
      147 B
      1
      1

      DNS Request

      104.219.191.52.in-addr.arpa

    • 8.8.8.8:53
      73.31.126.40.in-addr.arpa
      dns
      71 B
      157 B
      1
      1

      DNS Request

      73.31.126.40.in-addr.arpa

    • 8.8.8.8:53
      az667904.vo.msecnd.net
      dns
      vs_setup_bootstrapper.exe
      68 B
      179 B
      1
      1

      DNS Request

      az667904.vo.msecnd.net

      DNS Response

      152.199.19.161

    • 8.8.8.8:53
      az700632.vo.msecnd.net
      dns
      vs_setup_bootstrapper.exe
      68 B
      179 B
      1
      1

      DNS Request

      az700632.vo.msecnd.net

      DNS Response

      152.199.19.161

    • 8.8.8.8:53
      161.19.199.152.in-addr.arpa
      dns
      73 B
      144 B
      1
      1

      DNS Request

      161.19.199.152.in-addr.arpa

    • 8.8.8.8:53
      56.94.73.104.in-addr.arpa
      dns
      71 B
      135 B
      1
      1

      DNS Request

      56.94.73.104.in-addr.arpa

    • 8.8.8.8:53
      targetednotifications-tm.trafficmanager.net
      dns
      vs_setup_bootstrapper.exe
      89 B
      274 B
      1
      1

      DNS Request

      targetednotifications-tm.trafficmanager.net

      DNS Response

      20.42.128.98

    • 8.8.8.8:53
      98.128.42.20.in-addr.arpa
      dns
      71 B
      145 B
      1
      1

      DNS Request

      98.128.42.20.in-addr.arpa

    • 8.8.8.8:53
      88.156.103.20.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      88.156.103.20.in-addr.arpa

    • 8.8.8.8:53
      154.239.44.20.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      154.239.44.20.in-addr.arpa

    • 8.8.8.8:53
      133.211.185.52.in-addr.arpa
      dns
      73 B
      147 B
      1
      1

      DNS Request

      133.211.185.52.in-addr.arpa

    • 8.8.8.8:53
      86.23.85.13.in-addr.arpa
      dns
      70 B
      144 B
      1
      1

      DNS Request

      86.23.85.13.in-addr.arpa

    • 8.8.8.8:53
      15.164.165.52.in-addr.arpa
      dns
      72 B
      146 B
      1
      1

      DNS Request

      15.164.165.52.in-addr.arpa

    • 8.8.8.8:53
      vortex.data.microsoft.com
      dns
      vs_setup_bootstrapper.exe
      71 B
      203 B
      1
      1

      DNS Request

      vortex.data.microsoft.com

      DNS Response

      104.46.162.226

    • 8.8.8.8:53
      226.162.46.104.in-addr.arpa
      dns
      73 B
      147 B
      1
      1

      DNS Request

      226.162.46.104.in-addr.arpa

    • 8.8.8.8:53
      mobile.events.data.microsoft.com
      dns
      vs_setup_bootstrapper.exe
      78 B
      203 B
      1
      1

      DNS Request

      mobile.events.data.microsoft.com

      DNS Response

      20.50.73.4

    • 8.8.8.8:53
      4.73.50.20.in-addr.arpa
      dns
      69 B
      155 B
      1
      1

      DNS Request

      4.73.50.20.in-addr.arpa

    • 8.8.8.8:53
      43.56.20.217.in-addr.arpa
      dns
      71 B
      131 B
      1
      1

      DNS Request

      43.56.20.217.in-addr.arpa

    • 8.8.8.8:53
      57.169.31.20.in-addr.arpa
      dns
      71 B
      157 B
      1
      1

      DNS Request

      57.169.31.20.in-addr.arpa

    • 8.8.8.8:53
      11.227.111.52.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      11.227.111.52.in-addr.arpa

    • 8.8.8.8:53
      tse1.mm.bing.net
      dns
      124 B
      173 B
      2
      1

      DNS Request

      tse1.mm.bing.net

      DNS Request

      tse1.mm.bing.net

      DNS Response

      204.79.197.200
      13.107.21.200

    • 8.8.8.8:53
      200.197.79.204.in-addr.arpa
      dns
      73 B
      106 B
      1
      1

      DNS Request

      200.197.79.204.in-addr.arpa

    • 8.8.8.8:53
      11.173.189.20.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      11.173.189.20.in-addr.arpa

    • 8.8.8.8:53
      74.19.199.152.in-addr.arpa
      dns
      72 B
      143 B
      1
      1

      DNS Request

      74.19.199.152.in-addr.arpa

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\ProgramData\Microsoft\VisualStudio\Packages\_bootstrapper\vs_setup_bootstrapper_202405311229157205.json

      Filesize

      162B

      MD5

      ad891c3b02a02419dc60db8c273a8315

      SHA1

      141a08ca0e25d56bdb35fc71e1c767667079114a

      SHA256

      186c4b16ee009564819730b358dbdbb0792fc27e602698c5f0a16e20104647c7

      SHA512

      64cdaf1d6d1b4072e24f3926f91103abf946ff044cda34a9070586c2d2927bcdfc53381c955e447a38965ee426373259759025f97b715158afc429080956196f

    • C:\Users\Admin\AppData\Local\Microsoft\VSApplicationInsights\vstelAIF-312cbd79-9dbb-4c48-a7da-3cc2a931cb70\20240531122947_2634a6b905374f72b98a959512785f32.trn

      Filesize

      3KB

      MD5

      3f019d2d891f1f2ee2acb01cea91b726

      SHA1

      f420b7976d5b7b4418362684710cba9255da4057

      SHA256

      86838d4c106675872ee0505270ac8ff128aa8045a4c065c646db7626830d5df3

      SHA512

      0c38451454c4d97402d55c9825f0db86980bd4167dd18daa477602aa1bc402511e07d156a99e735ebabda2bb1fa7d82a361d57eaeff5f50e57a11c1a176ef90f

    • C:\Users\Admin\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240531122949_0fe5365e1b354647a5b6158ddbd66407.trn

      Filesize

      4KB

      MD5

      77ae1fe497041f047fb70dbcb2f56f7e

      SHA1

      1e72a1f17cfd4684187021419c4d53e93266d6fe

      SHA256

      857176ddb6e64142ff87377460fc6e31d313d08818a798c40f47a154d7c7f555

      SHA512

      193bce57764158e78707c91776bc8a2af7bffdb3877f076cdd3f5bb04112f6666dddcf38d56efed3277f29737ddbf9baaea2c8e806bc0b4fc23fda859ea15b07

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\2IX84YPE\dyntelconfig[1].cache

      Filesize

      19KB

      MD5

      0f60c1785bfffd823fa7e755801b6033

      SHA1

      194326cf1c130dbde80213b95558b806cd524626

      SHA256

      798d80699f57507a2875688eaba71c7201db9315c359414dc509e8bfdef5c49a

      SHA512

      87751ff6772dfaeb73cc5fd26c912610f010d404eff99bbd781217ba1a7b7b088399ab30159e5c9760368ec06de99b100ac08b6d45f1949db3c90c411ec2fccd

    • C:\Users\Admin\AppData\Local\Temp\ea5a24781d1469dac08971\vs_bootstrapper_d15\Microsoft.C2RSignatureReader.Interop.dll

      Filesize

      18KB

      MD5

      c5e7c4a539ea834661fe20f994330f7e

      SHA1

      e2ff1096f557212dde051887bfd4a450b23e9277

      SHA256

      bc53c6fb22f4bce970c87122579caf785f75cbc91d49f49e54229ba32ac7d447

      SHA512

      7f3f32146637e7393f3f906ece45780c1082ac661fc8f6d88f469e0ca951e9a6bcbac4be8959359559e097ebeec8eb048407cb3276f0a7007c50298ee1294a07

    • C:\Users\Admin\AppData\Local\Temp\ea5a24781d1469dac08971\vs_bootstrapper_d15\Microsoft.C2RSignatureReader.Native.dll

      Filesize

      115KB

      MD5

      aabfd8a438ae79b4f236ec3b45544dd2

      SHA1

      32b026ab6dd4ce60c16fa48690f32632f7f4ac17

      SHA256

      95cb344b58ed754e25f60c44f32303de9e65da603db06a9321d137580b3657ca

      SHA512

      6eb438b1fa9bc62c1356d8f21b0706799d94024cf0c013fb435caaba82e0c6bbe3570edc91c71d36e906be0a28e1da854a47a377fa487aefcd5662eea85a1993

    • C:\Users\Admin\AppData\Local\Temp\ea5a24781d1469dac08971\vs_bootstrapper_d15\Microsoft.VisualStudio.RemoteControl.dll

      Filesize

      46KB

      MD5

      355c1a112bc0f859b374a4b1c811c1e7

      SHA1

      b9a58bb26f334d517ab777b6226fef86a67eb4dd

      SHA256

      cc52e19735d6152702672feb5911c8ba77f60fdc73df5ed0d601b37415f3a7ed

      SHA512

      f1e858f97dabeb8e9648d1eb753d6fcd9e2bab378259c02b3e031652e87c29fbabfc48d209983f7074dfc256afd42fa1d8184805534037771a71db517fe16c8b

    • C:\Users\Admin\AppData\Local\Temp\ea5a24781d1469dac08971\vs_bootstrapper_d15\Microsoft.VisualStudio.Setup.Common.dll

      Filesize

      579KB

      MD5

      08645c50cb281af1371e8f0ded10ab67

      SHA1

      ae06060913c4be03af0e1736650d64e8cda7ad55

      SHA256

      7bfa4386a603b98af49099d67f5c5d1e7a50b15107f9780e7f7f50f39234bed9

      SHA512

      bfb8a02db556bd1e7808fcaed00bcb938758eefd21f04bd47c6c5a04293b781189ec88a31210efd6972be364334fd5e25ba6a83c972c5ec4cf0b8726cb4a77f5

    • C:\Users\Admin\AppData\Local\Temp\ea5a24781d1469dac08971\vs_bootstrapper_d15\Microsoft.VisualStudio.Setup.Download.dll

      Filesize

      306KB

      MD5

      8a9cbbe63d730d60ef5159bed516bc78

      SHA1

      130c25908dd4201db8e6a2f2319eafc86114b7c3

      SHA256

      4e94690f548ef43a279a1f55807713eb970fa7a0fc9e64602779595778766064

      SHA512

      102ed30752a61712b024c5460e895e161ba22f4583f1148f6c0704edaebf703eeb7b65bd393ffd056df837d5b57220b7b87bc635884b5aa1d6516afb36370c46

    • C:\Users\Admin\AppData\Local\Temp\ea5a24781d1469dac08971\vs_bootstrapper_d15\Microsoft.VisualStudio.Setup.dll

      Filesize

      1.4MB

      MD5

      da8106a5723b5d66cd6b1713ece8b91b

      SHA1

      73bfd5942bdacc4c87b003c6c5555fea4ba6251f

      SHA256

      7c481dc4e4c2ed5df782a794f571808aec82a71c4fdb1054939a42c4b9f368aa

      SHA512

      eec20eb53e88e6a96ecaa8496256235176ce586563d8c29d1c3537b5e34213209bd225235ae253b60a7266aaac56e655af229ba6b89b87ad24f4ce4349f0cbb2

    • C:\Users\Admin\AppData\Local\Temp\ea5a24781d1469dac08971\vs_bootstrapper_d15\Microsoft.VisualStudio.Telemetry.dll

      Filesize

      995KB

      MD5

      bbcc8244db84ad2031ac010633abf798

      SHA1

      de0cb65ee877663da272b4162a55a64ab8669f74

      SHA256

      8fe17ff9da7932dc01a39ed27559d5cdfa9b97ba14cbaa9f719087a241c8b82d

      SHA512

      d5682ea1aa9d50e9a491f8dc25c82907cde24ead2842ea392242e8cdedf49f68f3035042442738e147b5aa29d6328ced68007732298f62466c78fd10b276b06f

    • C:\Users\Admin\AppData\Local\Temp\ea5a24781d1469dac08971\vs_bootstrapper_d15\Microsoft.VisualStudio.Utilities.Internal.dll

      Filesize

      62KB

      MD5

      2dc1dc66b267a3470add7fab88b78069

      SHA1

      dbe80047475b503791038ed7e47389c062c15c72

      SHA256

      b044863f98af8d28f4f2f5e2dccb945c57439e1575afb37110e1eec306a6c89c

      SHA512

      44ef73aab50dcc13ccd94c0353c366818afb27ce73772d722755b04add0c4f294c7814c84da6069d9aa6136f2a48683c25062dcddd1664e8d32fed1b38ceca21

    • C:\Users\Admin\AppData\Local\Temp\ea5a24781d1469dac08971\vs_bootstrapper_d15\Newtonsoft.Json.dll

      Filesize

      695KB

      MD5

      195ffb7167db3219b217c4fd439eedd6

      SHA1

      1e76e6099570ede620b76ed47cf8d03a936d49f8

      SHA256

      e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

      SHA512

      56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

    • C:\Users\Admin\AppData\Local\Temp\ea5a24781d1469dac08971\vs_bootstrapper_d15\System.Memory.dll

      Filesize

      138KB

      MD5

      f09441a1ee47fb3e6571a3a448e05baf

      SHA1

      3c5c5df5f8f8db3f0a35c5ed8d357313a54e3cde

      SHA256

      bf3fb84664f4097f1a8a9bc71a51dcf8cf1a905d4080a4d290da1730866e856f

      SHA512

      0199ae0633bccfeaefbb5aed20832a4379c7ad73461d41a9da3d6dc044093cc319670e67c4efbf830308cbd9a48fb40d4a6c7e472dcc42eb745c6ba813e8e7c6

    • C:\Users\Admin\AppData\Local\Temp\ea5a24781d1469dac08971\vs_bootstrapper_d15\System.Runtime.CompilerServices.Unsafe.dll

      Filesize

      17KB

      MD5

      c610e828b54001574d86dd2ed730e392

      SHA1

      180a7baafbc820a838bbaca434032d9d33cceebe

      SHA256

      37768488e8ef45729bc7d9a2677633c6450042975bb96516e186da6cb9cd0dcf

      SHA512

      441610d2b9f841d25494d7c82222d07e1d443b0da07f0cf735c25ec82f6cce99a3f3236872aec38cc4df779e615d22469666066ccefed7fe75982eefada46396

    • C:\Users\Admin\AppData\Local\Temp\ea5a24781d1469dac08971\vs_bootstrapper_d15\detection.json

      Filesize

      8KB

      MD5

      782f4beae90d11351db508f38271eb26

      SHA1

      f1e92aea9e2cd005c2fb6d4face0258d4f1d8b6c

      SHA256

      c828a2e5b4045ce36ecf5b49d33d6404c9d6f865df9b3c9623787c2332df07d9

      SHA512

      0a02beeca5c4e64044692b665507378e6f8b38e519a17c3ceccca1e87f85e1e2e7b3598e598fc84c962d3a5c723b28b52ee0351faaec82a846f0313f3c21e0e4

    • C:\Users\Admin\AppData\Local\Temp\ea5a24781d1469dac08971\vs_bootstrapper_d15\vs_setup_bootstrapper.config

      Filesize

      622B

      MD5

      411da3ce9864f91f54ac6dd151a3bfe5

      SHA1

      8a6c8fed947dbbbb0b59ed0ee36d0614d5327fdf

      SHA256

      3b82429a018c53af697b57369e78595c16d157b95a4cc7755b781232f0a0d1dc

      SHA512

      ab9250dd2b6fef3f74512d97f3ce4954ebd475696f528f54d8afcaac728c2221ef7185595dade917256031c2e369849246d46c0fee0ff2d891fc0a38aa7aba81

    • C:\Users\Admin\AppData\Local\Temp\ea5a24781d1469dac08971\vs_bootstrapper_d15\vs_setup_bootstrapper.exe

      Filesize

      404KB

      MD5

      4108506d8cdc3a03bb7e4496025ee902

      SHA1

      a02d206f205a1a45b5223a73bfe84e25b359d251

      SHA256

      f9bf0a30395e521d65fb1e39a6a76e19c061a8d3806653fc7f5b28b9fb327903

      SHA512

      b4a7aa0c65e3a3279d0845a02e896a85d5f5074a79ee3ab52a8aa422fab759d4fab177961c03f280ca7499e10678d29e951946283b26d2ca107d5be76c76e8e8

    • C:\Users\Admin\AppData\Local\Temp\ea5a24781d1469dac08971\vs_bootstrapper_d15\vs_setup_bootstrapper.exe.config

      Filesize

      2KB

      MD5

      c301859aef3bf4c0914914e5807f6a5b

      SHA1

      908827ce12d093d2aa3d1e8baa8caf8bfe204fbd

      SHA256

      781ec48ae412ba18c2cea1b67f5bc4a33245fd5f96dbb0e58b218c98ee03785d

      SHA512

      0b9eeb0288b01ddfde11404b15378694145978bdd664b68befe5f776f65f950d35f54b7f29662a64ff91feb4dc0e9bd537864e46a1f3f252e8113ddf95f32f0b

    • memory/436-165-0x0000000006850000-0x0000000006872000-memory.dmp

      Filesize

      136KB

    • memory/436-175-0x00000000733D0000-0x0000000073B80000-memory.dmp

      Filesize

      7.7MB

    • memory/436-153-0x0000000005EB0000-0x0000000005EB8000-memory.dmp

      Filesize

      32KB

    • memory/436-149-0x00000000062D0000-0x00000000062F6000-memory.dmp

      Filesize

      152KB

    • memory/436-140-0x0000000006340000-0x00000000063F2000-memory.dmp

      Filesize

      712KB

    • memory/436-157-0x0000000006770000-0x0000000006780000-memory.dmp

      Filesize

      64KB

    • memory/436-141-0x00000000733D0000-0x0000000073B80000-memory.dmp

      Filesize

      7.7MB

    • memory/436-132-0x0000000005CA0000-0x0000000005CA8000-memory.dmp

      Filesize

      32KB

    • memory/436-136-0x0000000005DC0000-0x0000000005E10000-memory.dmp

      Filesize

      320KB

    • memory/436-128-0x0000000005EC0000-0x0000000005FBC000-memory.dmp

      Filesize

      1008KB

    • memory/436-166-0x00000000069A0000-0x0000000006CF4000-memory.dmp

      Filesize

      3.3MB

    • memory/436-167-0x0000000007980000-0x00000000079E6000-memory.dmp

      Filesize

      408KB

    • memory/436-168-0x0000000007CE0000-0x0000000007D72000-memory.dmp

      Filesize

      584KB

    • memory/436-169-0x0000000008330000-0x00000000088D4000-memory.dmp

      Filesize

      5.6MB

    • memory/436-170-0x0000000007E40000-0x0000000007EFA000-memory.dmp

      Filesize

      744KB

    • memory/436-124-0x0000000005D20000-0x0000000005DB4000-memory.dmp

      Filesize

      592KB

    • memory/436-172-0x00000000733D0000-0x0000000073B80000-memory.dmp

      Filesize

      7.7MB

    • memory/436-173-0x00000000082B0000-0x00000000082B8000-memory.dmp

      Filesize

      32KB

    • memory/436-174-0x00000000082D0000-0x00000000082D8000-memory.dmp

      Filesize

      32KB

    • memory/436-145-0x0000000006280000-0x0000000006292000-memory.dmp

      Filesize

      72KB

    • memory/436-177-0x000000000A9B0000-0x000000000A9BE000-memory.dmp

      Filesize

      56KB

    • memory/436-176-0x000000000BDD0000-0x000000000BE08000-memory.dmp

      Filesize

      224KB

    • memory/436-178-0x00000000733D0000-0x0000000073B80000-memory.dmp

      Filesize

      7.7MB

    • memory/436-179-0x00000000733D0000-0x0000000073B80000-memory.dmp

      Filesize

      7.7MB

    • memory/436-180-0x00000000733D0000-0x0000000073B80000-memory.dmp

      Filesize

      7.7MB

    • memory/436-181-0x00000000733D0000-0x0000000073B80000-memory.dmp

      Filesize

      7.7MB

    • memory/436-182-0x00000000733D0000-0x0000000073B80000-memory.dmp

      Filesize

      7.7MB

    • memory/436-187-0x00000000733DE000-0x00000000733DF000-memory.dmp

      Filesize

      4KB

    • memory/436-188-0x00000000733D0000-0x0000000073B80000-memory.dmp

      Filesize

      7.7MB

    • memory/436-189-0x00000000733D0000-0x0000000073B80000-memory.dmp

      Filesize

      7.7MB

    • memory/436-190-0x00000000733D0000-0x0000000073B80000-memory.dmp

      Filesize

      7.7MB

    • memory/436-191-0x00000000733D0000-0x0000000073B80000-memory.dmp

      Filesize

      7.7MB

    • memory/436-192-0x00000000733D0000-0x0000000073B80000-memory.dmp

      Filesize

      7.7MB

    • memory/436-193-0x00000000733D0000-0x0000000073B80000-memory.dmp

      Filesize

      7.7MB

    • memory/436-120-0x0000000005890000-0x00000000059F6000-memory.dmp

      Filesize

      1.4MB

    • memory/436-116-0x0000000000DF0000-0x0000000000E58000-memory.dmp

      Filesize

      416KB

    • memory/436-114-0x00000000733DE000-0x00000000733DF000-memory.dmp

      Filesize

      4KB

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.