hxxps://cdn[.]discordapp[.]com/attachments/1201197785601540239/1217532628719108217/smarko15[.]htm?ex=669d4c9f&is=669bfb1f&hm=38a22ff3315311a1b2cc0c39e065382e3986f887add6d00e8d2242452835be3b&

Analysis

max time kernel
299s
max time network
308s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
20/07/2024, 18:29

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1201197785601540239/1217532628719108217/smarko15.htm?ex=669d4c9f&is=669bfb1f&hm=38a22ff3315311a1b2cc0c39e065382e3986f887add6d00e8d2242452835be3b&

Score

7^/10

discovery persistence privilege_escalation

Malware Config

Signatures

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 7 IoCs

pid	Process
4000	VisualStudioSetup.exe
1016	vs_setup_bootstrapper.exe
896	setup.exe
3120	vs_installer.windows.exe
5128	setup.exe
800	VSInitializer.exe
5400	MofCompiler.exe

Loads dropped DLL 24 IoCs

pid	Process
1016	vs_setup_bootstrapper.exe
1016	vs_setup_bootstrapper.exe
1016	vs_setup_bootstrapper.exe
1016	vs_setup_bootstrapper.exe
1016	vs_setup_bootstrapper.exe
1016	vs_setup_bootstrapper.exe
1016	vs_setup_bootstrapper.exe
1016	vs_setup_bootstrapper.exe
1016	vs_setup_bootstrapper.exe
1016	vs_setup_bootstrapper.exe
1016	vs_setup_bootstrapper.exe
1016	vs_setup_bootstrapper.exe
1016	vs_setup_bootstrapper.exe
1016	vs_setup_bootstrapper.exe
1016	vs_setup_bootstrapper.exe
1016	vs_setup_bootstrapper.exe
1016	vs_setup_bootstrapper.exe
1016	vs_setup_bootstrapper.exe
1016	vs_setup_bootstrapper.exe
1016	vs_setup_bootstrapper.exe
1016	vs_setup_bootstrapper.exe
1016	vs_setup_bootstrapper.exe
1016	vs_setup_bootstrapper.exe
2524	MsiExec.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\6EA26FFDFC3C3CADAF6C = "\"C:\\Program Files (x86)\\Microsoft Visual Studio\\Installer\\setup.exe\" resume --installPath \"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\" --runOnce --installSessionId 95bdb193-2e53-4240-a027-7799c756ae55"	setup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	C:\Windows\system32\wbem\AutoRecover\4E9BED298E4A2447DA493DE14F1E57F4.mof	mofcomp.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Visual Studio\2022\Community\dotnet\net8.0\runtime\shared\Microsoft.AspNetCore.App\8.0.7\Microsoft.AspNetCore.Localization.Routing.dll	setup.exe
File opened for modification	C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\CommonExtensions\Microsoft\Identity\ServiceHub\AccountManagement\Microsoft.VisualStudio.Imaging.Interop.14.0.DesignTime.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\fr\StreamJsonRpc.resources.dll	vs_setup_bootstrapper.exe
File opened for modification	C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\CommonExtensions\Microsoft\Identity\Licensing\zh-Hans\Microsoft.VisualStudio.Shell.15.0.resources.dll	setup.exe
File opened for modification	C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\CommonExtensions\Microsoft\Editor\Microsoft.VisualStudio.Editor.Implementation.dll	setup.exe
File opened for modification	C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\CommonExtensions\Microsoft\LanguageServer\Microsoft.VisualStudio.LanguageServer.Protocol.dll	setup.exe
File opened for modification	C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\CommonExtensions\Microsoft\Extensibility\it\Microsoft.VisualStudio.Extensibility.Framework.resources.dll	setup.exe
File opened for modification	C:\Program Files\Microsoft Visual Studio\2022\Community\dotnet\net8.0\runtime\shared\Microsoft.WindowsDesktop.App\8.0.7\pt-BR\WindowsFormsIntegration.resources.dll	setup.exe
File created	C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\CommonExtensions\Microsoft\Identity\Client\ko\Microsoft.ServiceHub.Resources.dll	setup.exe
File created	C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\CommonExtensions\Microsoft\Identity\Licensing\pl\Microsoft.VisualStudio.Threading.resources.dll	setup.exe
File created	C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\CommonExtensions\Microsoft\ExtensionManager\ServiceModule\Microsoft.VisualStudio.ExtensionEngineContract.dll	setup.exe
File opened for modification	C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\Automation\vsmso.olb.manifest	setup.exe
File created	C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\CommonExtensions\Microsoft\Identity\Licensing\zh-Hans\Microsoft.VisualStudio.Shell.15.0.resources.dll	setup.exe
File created	C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\CommonExtensions\Microsoft\Identity\ServiceHub\AccountManagement\Microsoft.Developer.AccountManagement.dll	setup.exe
File created	C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\CommonExtensions\Platform\Guide\Content\Images\ProjectAndSolution\5-ClassLibraryTemplate.png	setup.exe
File created	C:\Program Files\Microsoft Visual Studio\2022\Community\dotnet\net8.0\runtime\shared\Microsoft.WindowsDesktop.App\8.0.7\zh-Hans\System.Windows.Controls.Ribbon.resources.dll	setup.exe
File opened for modification	C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\PrivateAssemblies\en\Microsoft.Internal.VisualStudio.UserNotifications.resources.dll	setup.exe
File created	C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\CommonExtensions\Platform\Shell\Microsoft.VisualStudio.Shell.UI.Internal.Ext.pkgdef	setup.exe
File created	C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\CommonExtensions\Platform\Guide\Content\Images\GitHub\ghtutorial3.png	setup.exe
File created	C:\Program Files\Microsoft Visual Studio\2022\Community\dotnet\net8.0\runtime\shared\Microsoft.WindowsDesktop.App\8.0.7\pl\System.Windows.Forms.resources.dll	setup.exe
File created	C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.Dialogs.dll	setup.exe
File opened for modification	C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\CommonExtensions\Microsoft\Identity\Licensing\ja\Microsoft.ServiceHub.Framework.resources.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\pt-BR\Microsoft.VisualStudio.Setup.Download.resources.dll	vs_setup_bootstrapper.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio\Installer\TestMsi\Microsoft.VisualStudio.Setup.TestMsi.msi	vs_setup_bootstrapper.exe
File opened for modification	C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\ServiceHub\Services\Microsoft.Developer.IdentityService\Old\System.Text.Json.dll	setup.exe
File opened for modification	C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\ReSharper (Visual Studio).vsk	setup.exe
File created	C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\CommonExtensions\Microsoft\Identity\Client\fr\Microsoft.VisualStudio.Composition.resources.dll	setup.exe
File created	C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\CommonExtensions\Microsoft\Identity\Client\ko\Microsoft.VisualStudio.Imaging.resources.dll	setup.exe
File opened for modification	C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\CommonExtensions\Microsoft\Identity\Client\ru\Microsoft.TeamFoundation.Common.resources.dll	setup.exe
File opened for modification	C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\PrivateAssemblies\Octokit.GraphQL.dll	setup.exe
File opened for modification	C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\Microsoft.VisualStudio.ImageCatalog.dll	setup.exe
File created	C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\Automation\webproperties110.tlb	setup.exe
File created	C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\ServiceHub\Hosts\ServiceHub.Host.dotnet.x64\coreClr.DataWarehouseHost.servicehub.host.json	setup.exe
File created	C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\CommonExtensions\Microsoft\Editor\pt-BR\Microsoft.VisualStudio.Diff.resources.dll	setup.exe
File created	C:\Program Files\Microsoft Visual Studio\2022\Community\dotnet\net8.0\runtime\shared\Microsoft.WindowsDesktop.App\8.0.7\tr\UIAutomationClient.resources.dll	setup.exe
File opened for modification	C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\CommonExtensions\Microsoft\IdentityGS\catalog.json	setup.exe
File opened for modification	C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\CommonExtensions\Microsoft\Identity\Licensing\it\Microsoft.VisualStudio.Services.Client.Interactive.resources.dll	setup.exe
File created	C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\CommonExtensions\Microsoft\Identity\Licensing\pl\StreamJsonRpc.resources.dll	setup.exe
File created	C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\en\Microsoft.VisualStudio.ImageCatalog.resources.dll	setup.exe
File created	C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\Automation\vslangproj100.olb	setup.exe
File opened for modification	C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\CommonExtensions\Microsoft\Identity\ServiceHub\IdentityService\Microsoft.Web.WebView2.WinForms.dll	setup.exe
File opened for modification	C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\Assets\VisualStudio.150x150.contrast-standard_scale-80.png	setup.exe
File opened for modification	C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\ServiceHub\Hosts\ServiceHub.Host.dotnet.x64\ServiceHub.IdentityHost.runtimeconfig.json	setup.exe
File opened for modification	C:\Program Files\Microsoft Visual Studio\2022\Community\dotnet\net8.0\runtime\shared\Microsoft.AspNetCore.App\8.0.7\Microsoft.Extensions.Logging.Debug.dll	setup.exe
File opened for modification	C:\Program Files\Microsoft Visual Studio\2022\Community\dotnet\net8.0\runtime\shared\Microsoft.NETCore.App\8.0.7\System.Net.Http.dll	setup.exe
File created	C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\CommonExtensions\Microsoft\Identity\Client\pt-BR\Microsoft.VisualStudio.Validation.resources.dll	setup.exe
File created	C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\CommonExtensions\Microsoft\Identity\Licensing\tr\Microsoft.VisualStudio.OnlineLicensing.resources.dll	setup.exe
File opened for modification	C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\CommonExtensions\Microsoft\Terminal\ServiceHub\ru\Microsoft.VisualStudio.Terminal.ServiceHub.resources.dll	setup.exe
File opened for modification	C:\Program Files\Microsoft Visual Studio\2022\Community\dotnet\net8.0\runtime\shared\Microsoft.NETCore.App\8.0.7\System.IO.Compression.ZipFile.dll	setup.exe
File created	C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\api-ms-win-crt-stdio-l1-1-0.dll	setup.exe
File created	C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\Automation\msenv100p.dll	setup.exe
File opened for modification	C:\Program Files\Microsoft Visual Studio\2022\Community\dotnet\net8.0\runtime\shared\Microsoft.WindowsDesktop.App\8.0.7\ru\UIAutomationClientSideProviders.resources.dll	setup.exe
File created	C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\CommonExtensions\Microsoft\Editor\fr\Microsoft.VisualStudio.Diff.resources.dll	setup.exe
File created	C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\VSHiveStub.exe	setup.exe
File opened for modification	C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\NewFileItems\jscript.js	setup.exe
File created	C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\CommonExtensions\Microsoft\Identity\Client\cs\Microsoft.VisualStudio.Shell.15.0.resources.dll	setup.exe
File created	C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\CommonExtensions\Platform\Guide\Content\Images\ProjectAndSolution\a-ToolsOptions.png	setup.exe
File created	C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\Automation\VBCodeModelExtensibility.tlb.manifest	setup.exe
File opened for modification	C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\Automation\dteproperties90a.tlb	setup.exe
File created	C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\CommonExtensions\Microsoft\Terminal\ServiceHub\winpty.dll	setup.exe
File created	C:\Program Files\Microsoft Visual Studio\2022\Community\dotnet\net8.0\runtime\shared\Microsoft.AspNetCore.App\8.0.7\Microsoft.AspNetCore.HttpOverrides.dll	setup.exe
File created	C:\Program Files\Microsoft Visual Studio\2022\Community\dotnet\net8.0\runtime\shared\Microsoft.WindowsDesktop.App\8.0.7\System.Drawing.dll	setup.exe
File opened for modification	C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\CommonExtensions\Platform\Shell\ProjectAggregator.pkgdef	setup.exe
File opened for modification	C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\CommonExtensions\Microsoft\Identity\Client\tr\StreamJsonRpc.resources.dll	setup.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\~DF4174BC590BF67EEB.TMP	msiexec.exe
File created	C:\Windows\Installer\SourceHash{6E7D95E1-DA2A-4DED-A8C6-3FBA1714DB62}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI6F91.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e5ad192.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI6966.tmp	msiexec.exe
File created	C:\Windows\SystemTemp\~DF0138774FC06BFE4C.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DF7E48C7A65AE03C0A.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\e5ad188.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DFD1E56BB3406B927C.TMP	msiexec.exe
File created	C:\Windows\Fonts\CascadiaMono.ttf	msiexec.exe
File created	C:\Windows\SystemTemp\~DF07D744E7E515BDC7.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI34B8.tmp	msiexec.exe
File created	C:\Windows\SystemTemp\~DFE68815B156B83F1C.TMP	msiexec.exe
File created	C:\Windows\Installer\SourceHash{1851460E-0E63-4117-B5BA-25A2F045801B}	msiexec.exe
File opened for modification	C:\Windows\Installer\e5ad17a.msi	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\SystemTemp\~DF3B02D51CBC5BDB33.TMP	msiexec.exe
File created	C:\Windows\Installer\e5ad182.msi	msiexec.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\Installer\e5ad183.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DFA4D9CE6322223BBA.TMP	msiexec.exe
File created	C:\Windows\Installer\SourceHash{66DCCE57-13F7-43AC-B16E-48EA5C89806D}	msiexec.exe
File created	C:\Windows\SystemTemp\~DFA6C315439493B8F7.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7251.tmp	msiexec.exe
File created	C:\Windows\SystemTemp\~DF05753AE729B23803.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\SourceHash{0AC39B1B-4AFC-4684-B22C-625848E16C92}	msiexec.exe
File created	C:\Windows\SystemTemp\~DFA30B255FCF5194D0.TMP	msiexec.exe
File created	C:\Windows\Installer\e5ad18c.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DF4A179E56E1565883.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI363F.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e5ad197.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenservicelock.dat	ngen.exe
File created	C:\Windows\Installer\e5ad17e.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DF156873A659B191D5.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DFB4D5182335A2F9AA.TMP	msiexec.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenservicelock.dat	ngen.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	ngen.exe
File created	C:\Windows\SystemTemp\~DF3CF7541FE80786FE.TMP	msiexec.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File created	C:\Windows\Fonts\CascadiaCode.ttf	msiexec.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Installer\e5ad18d.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{7239EFF3-63C4-474B-874B-5A7364E243EE}	msiexec.exe
File created	C:\Windows\Installer\e5ad191.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DF98DA299E2C1874FE.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DF9AACE8B30C1AC747.TMP	msiexec.exe
File created	C:\Windows\Installer\e5ad197.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{26768860-CBEB-408D-9F30-87E0DBE11A6E}	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log	ngen.exe
File opened for modification	C:\Windows\Installer\MSI6EB5.tmp	msiexec.exe
File created	C:\Windows\Installer\e5ad18d.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DF808B75D5CC01F7F0.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DF1811C280762F6CF7.TMP	msiexec.exe
File created	C:\Windows\Installer\e5ad192.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DF1E3AC1E1619A7AC8.TMP	msiexec.exe
File created	C:\Windows\Installer\e5ad17a.msi	msiexec.exe
File created	C:\Windows\Installer\e5ad187.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DFA8B752778672243E.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DF2ED22AE34215EC14.TMP	msiexec.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File created	C:\Windows\Installer\e5ad188.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e5ad17e.msi	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	vs_setup_bootstrapper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	setup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	setup.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Winword.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	Winword.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	vs_setup_bootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	vs_setup_bootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	setup.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Winword.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Winword.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	Winword.exe

Modifies data under HKEY_USERS 15 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\29	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\29	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2B	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2c	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\28	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133659737917120190"	chrome.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\27	msiexec.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E064158136E071145BAB522A0F5408B1\SourceList\Media	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VisualStudio.Setup.Configuration,v15\Dependents	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.vsixlangpack\Content Type = "text/xml"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.vsixlangpack\OpenWithProgids\VisualStudio.vsixlangpack.b005c1b7	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\E064158136E071145BAB522A0F5408B1\Complete	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E59D7E6A2ADDED48A6CF3AB7141BD26\SourceList	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B1B93CA0CFA448642BC22685841EC629	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B1B93CA0CFA448642BC22685841EC629\SourceList\Net\1 = "C:\\ProgramData\\Microsoft\\VisualStudio\\Packages\\Microsoft.VisualStudio.Setup.WMIProvider,version=3.9.2148.60653\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VisualStudio.pkgdef.b005c1b7	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VisualStudio.pkgdef.b005c1b7\shell\Open\ddeexec	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VisualStudio.pkgundef.b005c1b7\shell	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VisualStudio.slnf.b005c1b7\DefaultIcon	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B1B93CA0CFA448642BC22685841EC629\InstanceType = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\vsweb+githubsi	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\vsweb+githubsi\shell\open\command\ = "\"C:\\Program Files (x86)\\Microsoft Visual Studio\\Shared\\GitHubProtocolHandler\\Microsoft.VisualStudio.GitHubProtocolHandler.exe\" \"%1\""	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3FFE93274C36B47478B4A537462E34EE\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.VisualStudio.Setup.Configuration\ = "Microsoft Visual Studio Setup Configuration"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E59D7E6A2ADDED48A6CF3AB7141BD26\AdvertiseFlags = "388"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B1B93CA0CFA448642BC22685841EC629\Version = "50923620"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VisualStudio.vsixlangpack.b005c1b7	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.pkgundef	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.vsct\OpenWithProgids	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VisualStudio.git-client.b005c1b7\DefaultIcon	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VisualStudio.Setup.Configuration,v15\Dependents\VS.{AEF703B8-D2CC-4343-915C-F54A30B90937}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D84C3A54-4501-436D-B4F9-750E5F727802}\InprocServer32\ThreadingModel = "Both"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\vsweb+githubsi\ = "URL:Visual Studio Diagnostics"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\vsweb+teamstoolkit\shell\open	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\75ECCD667F31CA341BE684AEC59808D6\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Microsoft\\VisualStudio\\Packages\\Microsoft.VisualStudio.VsWebProtocolSelector.Msi,version=17.10.34803.213\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\vstfs\URL Protocol	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E59D7E6A2ADDED48A6CF3AB7141BD26\Version = "50923620"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Microsoft.VisualStudio.Setup.Management.1	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B1B93CA0CFA448642BC22685841EC629\DeploymentFlags = "3"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\75ECCD667F31CA341BE684AEC59808D6\SourceList	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VisualStudio.pkgundef.b005c1b7\shell\Open\ddeexec\Topic	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VisualStudio.slnf.b005c1b7\DefaultIcon\ = "\"C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\MSEnv\\VSFileHandler.dll\",-270"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.sln	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3666881604-935092360-1617577973-1000\{D0DA1422-F4FC-419D-A47A-0C2320504829}	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VisualStudio.git-client.b005c1b7\CLSID	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VisualStudio.Setup.WMIProvider,v16\Dependents\VS.{AEF703B8-D2CC-4343-915C-F54A30B90937}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.vsixmanifest\Content Type = "text/xml"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E064158136E071145BAB522A0F5408B1\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Microsoft\\VisualStudio\\Packages\\CoreEditorFonts,version=17.7.40001.1,productarch=neutral\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VisualStudio.vsweb.b005c1b7\ = "Web Protocol Handler"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D84C3A54-4501-436D-B4F9-750E5F727802}\InprocServer32	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3FFE93274C36B47478B4A537462E34EE\PackageCode = "951FE84C09D7AD84E8FBED1F0A4122FB"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.pkgdef\PerceivedType = "text"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VisualStudio.sln.b005c1b7\ShellEx\IconHandler\ = "{9A2B23E4-2A50-48DB-B3C3-F5EA12947CB8}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VisualStudio.vsixmanifest.b005c1b7\shell\Open\ddeexec\ = "Open(\"%1\")"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E064158136E071145BAB522A0F5408B1\Assignment = "1"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VisualStudio.Setup.Configuration,v15\Version = "3.9.2148.60653"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\vsweb+diag	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\75ECCD667F31CA341BE684AEC59808D6\AdvertiseFlags = "388"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3FFE93274C36B47478B4A537462E34EE\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VisualStudio.vsct.b005c1b7\AlwaysShowExt = "1"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\E064158136E071145BAB522A0F5408B1	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{590FBDF4-6B90-4416-8315-82EDBF9374D3}\Dependents	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\75ECCD667F31CA341BE684AEC59808D6\Language = "1033"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\3FFE93274C36B47478B4A537462E34EE	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VisualStudio.pkgundef.b005c1b7\shell\Open\ddeexec\Topic\ = "system"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VisualStudio.vsct.b005c1b7	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{177F0C4A-1CD3-4DE7-A32C-71DBBB9FA36D}\InprocServer32\ThreadingModel = "Both"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E59D7E6A2ADDED48A6CF3AB7141BD26\SourceList\Media\1 = ";"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.VisualStudio.Setup.Configuration,v15	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\vsweb+diag\shell\open\command	msiexec.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000\Software\Microsoft\SystemCertificates\CA\Certificates\8BFE3107712B3C886B1C96AAEC89984914DC9B6B	setup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000\Software\Microsoft\SystemCertificates\CA\Certificates\8BFE3107712B3C886B1C96AAEC89984914DC9B6B\Blob = 0300000001000000140000008bfe3107712b3c886b1c96aaec89984914dc9b6b140000000100000014000000e6fc5f7bbb220058e4724eb5f421742332e6efac040000000100000010000000b7a7b4605e33389f48b33d17cae730060f0000000100000020000000121af4b922a74247ea49df50de37609cc1451a1fe06b2cb7e1e079b492bd819519000000010000001000000016fc4494124fb22d1dd143d205bdc30d5c0000000100000004000000000800001800000001000000100000003c70faea25600ce3b2cc5f0b222ed6292000000001000000740600003082067030820458a003020102020a610c524c000000000003300d06092a864886f70d01010b0500308188310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e31323030060355040313294d6963726f736f667420526f6f7420436572746966696361746520417574686f726974792032303130301e170d3130303730363230343031375a170d3235303730363230353031375a307e310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e312830260603550403131f4d6963726f736f667420436f6465205369676e696e6720504341203230313030820122300d06092a864886f70d01010105000382010f003082010a0282010100e90e64507967b5c4e3fd09004c9e94acf75668ea44d8cfc5584fa9a5767c6d45bad33992b4a41ef9f96582e417d28ffd449c08e86593ce2c5584bf7d08e32e2ba8412b18b7a24b6e494c6b1507ded1d2c2891e7194cdb57f4bb4af08d8cc88d66b17943a93ce263fece6fe349857d51d5d49f6b22a2ed585bb593ff890b42b8374ca2bb33b46e3f04649c1176654c91cbd1dc455625772f867b9252034de5da6a5955eab2880cdd5b29ee503b563d3b214c8c1c88a260a597f07ecff0eed8012354c12a6be525bf5a6dae08b0b4877d68547d510b9c6e8aaee8b6a2d055c60c6b42a5b9c231c5f45e31a141e6f37cb1933806a894da36a66637893d530cf951f0203010001a38201e3308201df301006092b06010401823715010403020100301d0603551d0e04160414e6fc5f7bbb220058e4724eb5f421742332e6efac301906092b0601040182371402040c1e0a00530075006200430041300b0603551d0f040403020186300f0603551d130101ff040530030101ff301f0603551d23041830168014d5f656cb8fe8a25c6268d13d94905bd7ce9a18c430560603551d1f044f304d304ba049a0478645687474703a2f2f63726c2e6d6963726f736f66742e636f6d2f706b692f63726c2f70726f64756374732f4d6963526f6f4365724175745f323031302d30362d32332e63726c305a06082b06010505070101044e304c304a06082b06010505073002863e687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b692f63657274732f4d6963526f6f4365724175745f323031302d30362d32332e63727430819d0603551d2004819530819230818f06092b0601040182372e03308181303d06082b060105050702011631687474703a2f2f7777772e6d6963726f736f66742e636f6d2f504b492f646f63732f4350532f64656661756c742e68746d304006082b0601050507020230341e32201d004c006500670061006c005f0050006f006c006900630079005f00530074006100740065006d0065006e0074002e201d300d06092a864886f70d01010b050003820201001a74ef574f297bc4168578b850d322fc099dac8297f834ff2a2c979512e5e4bfcfbf93c8e334a9db81b8dc1e00bed2356fafe57f799577e502d4f1ebd8cd4e1e1b61a2c25a231af08ca86251456708e33f3c1e93f8308517c83940a6d70eb32129e5a5a1698c2293cc7498e7a14743f253acc00f30697ffed225206d6f61d3df07d5d972002c6986763d51dba63948c937616d07dd5319cba7d661c2bfe283ab0fe06b9b95d67d2851b0894a51a49a6cc8b71f4a1a0e69a9d7dcc17ed14970aab6adbb72476317faa6d6a2a686eca810449b63b6b2698906c746867a183fe8c51d21d57bf902232dc541cbbf1d4cc816efb19c7ffc224b498a6e15e3a67f765bd1537991859dd5d2db3d7335f33cae54b252476ac0aa1395d28e11da99675e328cfb3785d1dc75859c87c65a5785c2bfdd0d8f8c9b2debb4eecf27d3b55e69faa4160401a7246773cf4d4fb6de0556977af7e9524df477054f85c6d80bf18eed4209d10d76e3235678222636becab18c6eaa1de485da4733628fa4c991335f711e40af9865c922e84221258a1c2d60d9378941892a160fd7613c94686052efd64799a08040ee1581773e9ce053181a501d38959b1e663313273917788736ce4ec35fb2f53d4753b6e0e5db0b613d2ad7922cce375a3e404231a41f1008c2569cbf245d51029d6a79d217d3dac1948e077b257144ab066ae6d4c6df239a9675c5	setup.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\smarko15.htm:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\VisualStudioSetup.exe:Zone.Identifier	chrome.exe

Suspicious behavior: AddClipboardFormatListener 4 IoCs

pid	Process
3708	Winword.exe
3708	Winword.exe
5056	Winword.exe
5056	Winword.exe

Suspicious behavior: EnumeratesProcesses 49 IoCs

pid	Process
1540	chrome.exe
1540	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
1016	vs_setup_bootstrapper.exe
1016	vs_setup_bootstrapper.exe
1016	vs_setup_bootstrapper.exe
1016	vs_setup_bootstrapper.exe
1016	vs_setup_bootstrapper.exe
1016	vs_setup_bootstrapper.exe
1016	vs_setup_bootstrapper.exe
1016	vs_setup_bootstrapper.exe
1016	vs_setup_bootstrapper.exe
1016	vs_setup_bootstrapper.exe
1016	vs_setup_bootstrapper.exe
1016	vs_setup_bootstrapper.exe
1016	vs_setup_bootstrapper.exe
1016	vs_setup_bootstrapper.exe
1016	vs_setup_bootstrapper.exe
1016	vs_setup_bootstrapper.exe
1016	vs_setup_bootstrapper.exe
1016	vs_setup_bootstrapper.exe
5128	setup.exe
5128	setup.exe
896	setup.exe
896	setup.exe
5128	setup.exe
5128	setup.exe
3340	msiexec.exe
3340	msiexec.exe
5128	setup.exe
896	setup.exe
896	setup.exe
5128	setup.exe
5128	setup.exe
3340	msiexec.exe
3340	msiexec.exe
3340	msiexec.exe
3340	msiexec.exe
5400	MofCompiler.exe
5400	MofCompiler.exe
3340	msiexec.exe
3340	msiexec.exe
3340	msiexec.exe
3340	msiexec.exe
3340	msiexec.exe
3340	msiexec.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1076	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
3708	Winword.exe
3708	Winword.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
896	setup.exe
896	setup.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe

Suspicious use of SetWindowsHookEx 41 IoCs

pid	Process
1076	OpenWith.exe
1076	OpenWith.exe
1076	OpenWith.exe
1076	OpenWith.exe
1076	OpenWith.exe
1076	OpenWith.exe
1076	OpenWith.exe
1076	OpenWith.exe
1076	OpenWith.exe
1076	OpenWith.exe
1076	OpenWith.exe
1076	OpenWith.exe
1076	OpenWith.exe
1076	OpenWith.exe
1076	OpenWith.exe
1076	OpenWith.exe
1076	OpenWith.exe
3708	Winword.exe
3708	Winword.exe
3708	Winword.exe
3708	Winword.exe
3708	Winword.exe
3708	Winword.exe
3708	Winword.exe
3708	Winword.exe
3708	Winword.exe
3708	Winword.exe
2940	MiniSearchHost.exe
5056	Winword.exe
5056	Winword.exe
5056	Winword.exe
5056	Winword.exe
5056	Winword.exe
5056	Winword.exe
5056	Winword.exe
5056	Winword.exe
5056	Winword.exe
5056	Winword.exe
5056	Winword.exe
7120	SystemSettingsAdminFlows.exe
2448	SystemSettingsAdminFlows.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1540 wrote to memory of 2296	1540	chrome.exe	78
PID 1540 wrote to memory of 2296	1540	chrome.exe	78
PID 1540 wrote to memory of 4404	1540	chrome.exe	79
PID 1540 wrote to memory of 4404	1540	chrome.exe	79
PID 1540 wrote to memory of 4404	1540	chrome.exe	79
PID 1540 wrote to memory of 4404	1540	chrome.exe	79
PID 1540 wrote to memory of 4404	1540	chrome.exe	79
PID 1540 wrote to memory of 4404	1540	chrome.exe	79
PID 1540 wrote to memory of 4404	1540	chrome.exe	79
PID 1540 wrote to memory of 4404	1540	chrome.exe	79
PID 1540 wrote to memory of 4404	1540	chrome.exe	79
PID 1540 wrote to memory of 4404	1540	chrome.exe	79
PID 1540 wrote to memory of 4404	1540	chrome.exe	79
PID 1540 wrote to memory of 4404	1540	chrome.exe	79
PID 1540 wrote to memory of 4404	1540	chrome.exe	79
PID 1540 wrote to memory of 4404	1540	chrome.exe	79
PID 1540 wrote to memory of 4404	1540	chrome.exe	79
PID 1540 wrote to memory of 4404	1540	chrome.exe	79
PID 1540 wrote to memory of 4404	1540	chrome.exe	79
PID 1540 wrote to memory of 4404	1540	chrome.exe	79
PID 1540 wrote to memory of 4404	1540	chrome.exe	79
PID 1540 wrote to memory of 4404	1540	chrome.exe	79
PID 1540 wrote to memory of 4404	1540	chrome.exe	79
PID 1540 wrote to memory of 4404	1540	chrome.exe	79
PID 1540 wrote to memory of 4404	1540	chrome.exe	79
PID 1540 wrote to memory of 4404	1540	chrome.exe	79
PID 1540 wrote to memory of 4404	1540	chrome.exe	79
PID 1540 wrote to memory of 4404	1540	chrome.exe	79
PID 1540 wrote to memory of 4404	1540	chrome.exe	79
PID 1540 wrote to memory of 4404	1540	chrome.exe	79
PID 1540 wrote to memory of 4404	1540	chrome.exe	79
PID 1540 wrote to memory of 4404	1540	chrome.exe	79
PID 1540 wrote to memory of 2376	1540	chrome.exe	80
PID 1540 wrote to memory of 2376	1540	chrome.exe	80
PID 1540 wrote to memory of 3248	1540	chrome.exe	81
PID 1540 wrote to memory of 3248	1540	chrome.exe	81
PID 1540 wrote to memory of 3248	1540	chrome.exe	81
PID 1540 wrote to memory of 3248	1540	chrome.exe	81
PID 1540 wrote to memory of 3248	1540	chrome.exe	81
PID 1540 wrote to memory of 3248	1540	chrome.exe	81
PID 1540 wrote to memory of 3248	1540	chrome.exe	81
PID 1540 wrote to memory of 3248	1540	chrome.exe	81
PID 1540 wrote to memory of 3248	1540	chrome.exe	81
PID 1540 wrote to memory of 3248	1540	chrome.exe	81
PID 1540 wrote to memory of 3248	1540	chrome.exe	81
PID 1540 wrote to memory of 3248	1540	chrome.exe	81
PID 1540 wrote to memory of 3248	1540	chrome.exe	81
PID 1540 wrote to memory of 3248	1540	chrome.exe	81
PID 1540 wrote to memory of 3248	1540	chrome.exe	81
PID 1540 wrote to memory of 3248	1540	chrome.exe	81
PID 1540 wrote to memory of 3248	1540	chrome.exe	81
PID 1540 wrote to memory of 3248	1540	chrome.exe	81
PID 1540 wrote to memory of 3248	1540	chrome.exe	81
PID 1540 wrote to memory of 3248	1540	chrome.exe	81
PID 1540 wrote to memory of 3248	1540	chrome.exe	81
PID 1540 wrote to memory of 3248	1540	chrome.exe	81
PID 1540 wrote to memory of 3248	1540	chrome.exe	81
PID 1540 wrote to memory of 3248	1540	chrome.exe	81
PID 1540 wrote to memory of 3248	1540	chrome.exe	81
PID 1540 wrote to memory of 3248	1540	chrome.exe	81
PID 1540 wrote to memory of 3248	1540	chrome.exe	81
PID 1540 wrote to memory of 3248	1540	chrome.exe	81
PID 1540 wrote to memory of 3248	1540	chrome.exe	81
PID 1540 wrote to memory of 3248	1540	chrome.exe	81

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cdn.discordapp.com/attachments/1201197785601540239/1217532628719108217/smarko15.htm?ex=669d4c9f&is=669bfb1f&hm=38a22ff3315311a1b2cc0c39e065382e3986f887add6d00e8d2242452835be3b&
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe38d4cc40,0x7ffe38d4cc4c,0x7ffe38d4cc58
  2⤵
  PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1892,i,10152669447202628139,1268478849836582196,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1888 /prefetch:2
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1832,i,10152669447202628139,1268478849836582196,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1972 /prefetch:3
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,10152669447202628139,1268478849836582196,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2392 /prefetch:8
  2⤵
  PID:3248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,10152669447202628139,1268478849836582196,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3100 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3088,i,10152669447202628139,1268478849836582196,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4700,i,10152669447202628139,1268478849836582196,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4724 /prefetch:8
  2⤵
  - NTFS ADS
  PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4776,i,10152669447202628139,1268478849836582196,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4792 /prefetch:8
  2⤵
  PID:3100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4244,i,10152669447202628139,1268478849836582196,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:1624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5228,i,10152669447202628139,1268478849836582196,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5476,i,10152669447202628139,1268478849836582196,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5528 /prefetch:8
  2⤵
  PID:3568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5380,i,10152669447202628139,1268478849836582196,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3388 /prefetch:8
  2⤵
  - Modifies registry class
  PID:1628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5164,i,10152669447202628139,1268478849836582196,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5828,i,10152669447202628139,1268478849836582196,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=6004,i,10152669447202628139,1268478849836582196,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4492,i,10152669447202628139,1268478849836582196,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=740,i,10152669447202628139,1268478849836582196,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=6276 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5972,i,10152669447202628139,1268478849836582196,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=6296 /prefetch:1
  2⤵
  PID:8
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=6268,i,10152669447202628139,1268478849836582196,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=6420 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3232,i,10152669447202628139,1268478849836582196,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3212 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5320,i,10152669447202628139,1268478849836582196,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6300,i,10152669447202628139,1268478849836582196,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:3352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6360,i,10152669447202628139,1268478849836582196,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:2136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5856,i,10152669447202628139,1268478849836582196,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1012 /prefetch:8
  2⤵
  PID:3908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4520,i,10152669447202628139,1268478849836582196,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=6548 /prefetch:8
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3108,i,10152669447202628139,1268478849836582196,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5896 /prefetch:8
  2⤵
  - NTFS ADS
  PID:2284
- C:\Users\Admin\Downloads\VisualStudioSetup.exe
  "C:\Users\Admin\Downloads\VisualStudioSetup.exe"
  2⤵
  - Executes dropped EXE
  PID:4000
- - C:\Users\Admin\AppData\Local\Temp\aa29a677f3c909caeb2f29\vs_bootstrapper_d15\vs_setup_bootstrapper.exe
    "C:\Users\Admin\AppData\Local\Temp\aa29a677f3c909caeb2f29\vs_bootstrapper_d15\vs_setup_bootstrapper.exe" --env "_SFX_CAB_EXE_PACKAGE:C:\Users\Admin\Downloads\VisualStudioSetup.exe _SFX_CAB_EXE_ORIGINALWORKINGDIR:C:\Users\Admin\Downloads"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - Checks processor information in registry
    - Suspicious behavior: EnumeratesProcesses
    PID:1016
  - - C:\Windows\SysWOW64\getmac.exe
      "getmac"
      4⤵
      PID:3640
  - - C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe" /finalizeInstall install --in "C:\ProgramData\Microsoft\VisualStudio\Packages\_bootstrapper\vs_setup_bootstrapper_202407201832058649.json" --locale en-US --activityId "80a1d22a-2839-4650-8231-db609a6540b9" --campaign "2030:834b5f859093448db77122b16c371998" --pipe "07f6ce97-2be9-4fc9-8ec1-2b96ffa35c13"
      4⤵
      Executes dropped EXE
      Checks processor information in registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of FindShellTrayWindow
      PID:896
    - - C:\Program Files (x86)\Microsoft Visual Studio\Installer\vs_installer.windows.exe
        
        "C:\Program Files (x86)\Microsoft Visual Studio\Installer\vs_installer.windows.exe" /finalizeinstall 6F320B93-EE3C-4826-85E0-ADF79F8D4C61 "Visual Studio Installer" "Microsoft Visual Studio Installer" 3.10.2157.28521 0 "C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe"
        5⤵
        Executes dropped EXE
        
        PID:3120
    - - C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe
        
        "C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe" elevate --activityId 80a1d22a-2839-4650-8231-db609a6540b9 --campaign 2030:834b5f859093448db77122b16c371998 --handle 590662 --locale en-US --pid 896 --pipeName c1a74727222f4e38b37e9bebfdd2c31d --serializedSession "{\"TelemetryLevel\":null,\"IsOptedIn\":true,\"HostName\":\"Default\",\"AppInsightsInstrumentationKey\":\"f144292e-e3b2-4011-ac90-20e5c03fbce5\",\"AsimovInstrumentationKey\":\"AIF-312cbd79-9dbb-4c48-a7da-3cc2a931cb70\",\"CollectorApiKey\":\"f3e86b4023cc43f0be495508d51f588a-f70d0e59-0fb0-4473-9f19-b4024cc340be-7296\",\"AppId\":1000,\"UserId\":\"a9ed7106-dee7-4cb3-a96a-c8a6494d5e67\",\"Id\":\"a9797050-e17a-4232-8887-ad9a52919df9\",\"ProcessStartTime\":638570971464281894,\"SkuName\":null,\"VSExeVersion\":null,\"BucketFiltersToEnableWatsonForFaults\":[{\"AdditionalProperties\":[],\"Id\":\"a02930d9-c607-41c3-8698-0fd9196735a5\",\"WatsonEventType\":\"VisualStudioNonFatalErrors2\",\"BucketParameterFilters\":[null,null,\"(?i)vs\\.setup.*\",null,null,null,null,null,null,null]},{\"AdditionalProperties\":[],\"Id\":\"64a13603-6d89-42e4-a299-13f77e5ad306\",\"WatsonEventType\":\"VisualStudioNonFatalErrors2\",\"BucketParameterFilters\":[null,null,\"(?i)vs\\.willow.*\",null,null,null,null,null,null,null]}],\"BucketFiltersToAddDumpsToFaults\":[]}"
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        Drops file in Program Files directory
        Modifies registry class
        Modifies system certificate store
        Suspicious behavior: EnumeratesProcesses
        
        PID:5128
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe" queue pause
        6⤵
        Drops file in Windows directory
        
        PID:6084
      - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
        
        "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe" queue pause
        6⤵
        Drops file in Windows directory
        
        PID:6132
      - C:\ProgramData\Microsoft\VisualStudio\Packages\Microsoft.VisualStudio.Initializer,version=17.10.34803.213\VSInitializer.exe
        
        "C:\ProgramData\Microsoft\VisualStudio\Packages\Microsoft.VisualStudio.Initializer,version=17.10.34803.213\VSInitializer.exe" -Operation Install -InstallationID b005c1b7 -InstallationName VisualStudio/17.10.4+35027.167 -InstallationVersion 17.10.35027.167 -InstallationWorkloads Microsoft.VisualStudio.Workload.CoreEditor -InstallationPackages Microsoft.VisualStudio.Component.CoreEditor -InstallationPath """C:\Program Files\Microsoft Visual Studio\2022\Community""" -ComponentId Microsoft.VisualStudio.Product.Community -ChannelsPath """https://aka.ms/vs/17/release/channel""" -SetupEngineFilePath """C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe""" -Log """C:\Users\Admin\AppData\Local\Temp\dd_setup_20240720183300_016_Microsoft.VisualStudio.Initializer.log"""
        6⤵
        Executes dropped EXE
        
        PID:800

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:1664

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4896

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1572

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3424

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1076
- C:\Program Files\Microsoft Office\root\Office16\Winword.exe
  "C:\Program Files\Microsoft Office\root\Office16\Winword.exe" /n "C:\Users\Admin\Downloads\smarko15.htm"
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:3708

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004E4
1⤵
PID:540

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:2940

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:3340
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 39D3CB6222E971257D7FCC4651DD2935
  2⤵
  - Loads dropped DLL
  PID:2524
- C:\ProgramData\Microsoft\VisualStudio\SetupWMI\MofCompiler.exe
  "C:\ProgramData\Microsoft\VisualStudio\SetupWMI\MofCompiler.exe" -autorecover "C:\ProgramData\Microsoft\VisualStudio\SetupWMI\Microsoft.VisualStudio.Setup.Management.mof"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:5400
- - C:\Windows\system32\wbem\mofcomp.exe
    "C:\Windows\system32\wbem\mofcomp" -autorecover C:\ProgramData\Microsoft\VisualStudio\SetupWMI\Microsoft.VisualStudio.Setup.Management.mof
    3⤵
    - Drops file in System32 directory
    PID:4016

C:\Program Files\Microsoft Office\root\Office16\Winword.exe
"C:\Program Files\Microsoft Office\root\Office16\Winword.exe" /n "C:\Users\Admin\Downloads\smarko15.htm"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:5056

C:\Program Files\Microsoft Office\root\Office16\Winword.exe
"C:\Program Files\Microsoft Office\root\Office16\Winword.exe" /n "C:\Users\Admin\Downloads\smarko15.htm"
1⤵
PID:3784

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:3012

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
PID:6052

C:\Windows\system32\SystemSettingsAdminFlows.exe
"C:\Windows\system32\SystemSettingsAdminFlows.exe" RenamePC
1⤵
- Suspicious use of SetWindowsHookEx
PID:7120

C:\Windows\system32\SystemSettingsAdminFlows.exe
"C:\Windows\system32\SystemSettingsAdminFlows.exe" RemoteDesktopTurnOnRdp
1⤵
- Suspicious use of SetWindowsHookEx
PID:2448

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e5ad17d.rbs

Filesize
598B

MD5
496f8231dd29a4c5c155708df82c708c

SHA1
310d8072be90e27078b4053bdd77dac2f24285da

SHA256
55f9e689418e2b7ecef23e439e7a56a39197e87fdbaad69782ee979097829a12

SHA512
c3c4a14e33e830f402c2e729f161d268207fe09daf092862faf66af8effdf413e42df11a00065af8756895b79524d56ba5c5ccb3762d1024bd70f7beaa1642a9

Download Submit
C:\Config.Msi\e5ad181.rbs

Filesize
11KB

MD5
3ea2492673b7bc8e5fab769dc8e3a794

SHA1
7a9a7ea7a54b5ffc84817ac3c1a7d840164e1695

SHA256
02bcf29c7ac9f6f0e0ad4fb3286400814c20d9f04cbea02b2e7163c51bfdf637

SHA512
41605de089643dcdbbed142e7eadb348a4fdd022bf8c86d151859ced593838c958d48101fc1a92030a7cb93bf08214308a6af54a72b3f1b4688193a6e2ed529b

Download Submit
C:\Config.Msi\e5ad186.rbs

Filesize
14KB

MD5
ae5c0a41aabaef2c2934d1afa8a8b2ef

SHA1
cb8500f5448b25f81e1d1c44bd7f9c54885d5092

SHA256
53474c1efd264e25c39b0b2341fa3130c414148dc138fa7817cbbb15361c504f

SHA512
59ecded221226ef72cc4ce952de6ad3c2c2e488d74ec31d5c7018259163eb385ae92ca81bd01fbcc1eba42d9cb4b4ae637ccbe659567dcfd61bcb32563f87b2d

Download Submit
C:\Config.Msi\e5ad18b.rbs

Filesize
9KB

MD5
ba6a9a06241993b83087492b7d5257c9

SHA1
d5275831a83d845952e39b25239487bb648e361c

SHA256
58590c2fb640464972e3b6633db0996e8d6fb48cea2c3c9f82c46e1b1850643d

SHA512
30afc67d40c9ad69a90b8f19f4686f287b0b0fc157541fb7e6b33f6782bc3b19d244766de17501debe990d5232ceadbe64d2a6e604ec338ef3e3ae48a4033dec

Download Submit
C:\Config.Msi\e5ad190.rbs

Filesize
9KB

MD5
1803ed0fc031f2e761593c9964ccdda2

SHA1
86fec89175c2ccde80105a0e4e1832da6eb39aab

SHA256
a77127169156395d952fcbafe81221155af5fce0ecb00de0a01b01e7ce29d9c6

SHA512
bb020d0b14dd574c7ec1438ac9e5319d6d10547dd5b61f23495f8ec7d681e844529454d4f9c189d9ed51bded758a0cf51571fcefe69ad7920f2d76fd939eb7c8

Download Submit
C:\Config.Msi\e5ad195.rbs

Filesize
7KB

MD5
f52e6f068698bfc489a0eaf730830033

SHA1
7cba8c882279783e9af2901fa0e4472de2d31f06

SHA256
a49df104b61a8d08b23af248acf0f4ffb74bbd5202d791d7b47f7c9a4ed83258

SHA512
6a3ea12e50e66451f90e544c64deb0b10ff2371fd1398ebb9fab745e74788542cfcc09551fdfa6a791e73c2a56480680ea047418b02dab273147acf18d1c41f3

Download Submit
C:\Config.Msi\e5ad19a.rbs

Filesize
9KB

MD5
e94f74edd4d3d21b79e706da44891697

SHA1
378b2d56f6a079792685f432cd43dd165e732fab

SHA256
ecf5339ba1f77f9b263e0b190a9a1f1ac13c45f6a9074fc662b054218daf8bc5

SHA512
d4f647740a338757e86dc9dae83ac09a685c0fb8a88186058666088ba5c890dc5e7a91fc19f094afa97fc168837bd64652e14a7d8708214011c9510078094226

Download Submit
C:\Config.Msi\e5ad19f.rbs

Filesize
10KB

MD5
92eff1aff95b90efa52bbcc504944b64

SHA1
d1a99f103bfce04671f2ab62162c169ff0976ff8

SHA256
3b899d6e35659b904ee8a7eb9fa81fdbff1abac72e090f667af1ab8c79080baf

SHA512
981a529d7de6fa97e5c7f9ccd2a4c2a9838a8d1cde125562b3f6b145c6a1171f8814165fd8bea0e87acc5ecc7823d8c1cc1d02f4969b8c23e7df87a232227c2f

Download Submit
C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\runtimes\win-x86\native\msalruntime_x86.dll

Filesize
1.9MB

MD5
94ab867ef06d046b6f65adbcb0994638

SHA1
30768967ad3b95aaeb8ec671f96e176a6d5dd1fa

SHA256
e9501bd3899c05167ab3d6cde455e7c81bc4bd138314207f3cdfe910b21358ae

SHA512
81e20e97829bd2102e552bf78f1da4a6986ceca475c6514c7de9a40adeafdd7b15c15dd10af293df5b4c21e4b1c431c92591d19559c9c71ba5916d14d750c090

Download Submit
C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\CommonExtensions\Microsoft\IdentityGS\CertificateInformation.dat

Filesize
1KB

MD5
28c3b82727a5ea653224ea32dc895587

SHA1
22472322931c5aa6c42eb9ef3b058e4c4c156a2c

SHA256
60586cb008247dd45e7cee57eb9515beb54c68308386cd1410f1834350ea0621

SHA512
9c95bd0b766f3764b102d44cc1a7bfda0cf9ada39560038f132e3fbfd45054a0b4ed9df0ff3f55c0a4fed80fe15bbf2b5a477f87e0d8affa8053ce8f20dec2a1

Download Submit
C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\CommonExtensions\Microsoft\Identity\Client\runtimes\win-x64\native\msalruntime.dll

Filesize
2.5MB

MD5
6bf1d412f82b6282142899a9e4bbbcd5

SHA1
21583e22b3c7650b57d50261f636083960cd9bba

SHA256
060fb56757da195e86eb7363c0e9d38291dfd1876bf847c71ef4d0bc49cc1d2e

SHA512
e7ceccc890536f8d6294175cc437ac681f0824bcebf98e86e086792d825201b7ee60292ecf94c025d912b850f6d0338a356434ec62dea2918eab94384cad2ee2

Download Submit
C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\CommonExtensions\Microsoft\Identity\Licensing\runtimes\win-arm64\native\msalruntime_arm64.dll

Filesize
2.6MB

MD5
77e00bc4babd16defec4ae7ba25fbe00

SHA1
f4e2aaa62e5d681fd6860579f23af4b1e05536b4

SHA256
9187b23577ed4789d1cb6383e837f577687cfb1a9c7d34c2fa3ef6b6636b70ae

SHA512
ada8e5b7a5d1d381e30796aa2bfba50716c54f1a30d124e71aef2dd35e9cd0436e29f941baad5c937f9e55e474482e15152cca585514ca95c3f09ed946ae0269

Download Submit
C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\CommonExtensions\Microsoft\Identity\Licensing\runtimes\win-x86\native\msalruntime_x86.dll

Filesize
2.2MB

MD5
d228627a3f7a95b9a57db553a686284d

SHA1
b9d520cf69fd41037756982e1f14ba4beb53e5e4

SHA256
d68ba651eda3e9d7e1465ce507ab88c9547a6429039b01324ddd78fdb66fd922

SHA512
45b5fa5c5d29f581b81920aff7861be3b847978b68732641df4d0880fd9cd0f7c369cb7fa0a8fe0ba135e1eff310b161893de5692ea2c0f306e61996bba6df36

Download Submit
C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\CommonExtensions\Microsoft\NavigateTo\System.Text.Encodings.Web.dll

Filesize
77KB

MD5
fa9d0d182c63c49a4c567f7c1652b6e6

SHA1
55ddfbe80762c02f9a9c65809f9ec3ef8f7f2ccc

SHA256
e9c4f5eed186cb129c527c4b8d67d163ea2f2396e9d8b96e30b5e7c12203ce84

SHA512
58f468c982ab66930ff37efb5a941db116e8c1aed66ebc23720a7b18f71bebe1e929bea76680294edb25f430c23d520b8a87e3a22064c5993d0396819a21cbe7

Download Submit
C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\CommonExtensions\Microsoft\NavigateTo\System.Text.Json.dll

Filesize
627KB

MD5
63f1d0b53ce47b0ac3216281c8bcaf24

SHA1
090cb7392ed07a94d237b5aa2175689faaf49b7b

SHA256
de069c408673e62b098d6e37e64fc2308f02f3f16cb45e051c08b52fe2d104fb

SHA512
386294e2602642204ec02ff514d3064ddb7ccc6f56e955176b09b23bece87fbf29c12a532e13b77a918842b05b171fde6b4d48c7f6567928d9337a3883fef521

Download Submit
C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\CommonExtensions\Microsoft\Terminal\Microsoft.IO.Redist.dll

Filesize
126KB

MD5
dea7ab4b024cff3e29c08da915324586

SHA1
30f4ed0eb4e1a2e4900e4f133ed7c09958d91498

SHA256
6c94ee150cacf59561c1c38bf20e0d9799de5da6ce80d964c83c3879d84100e9

SHA512
47673e2b02ba6496899a3125a3992d37ef70fececcb00d1ab475732bfcc014ae803dc0e7c857fe0a3fa40c4f04b6cd2bea2d20885aef8f2a1888728bde50812a

Download Submit
C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\CommonExtensions\Platform\Guide\Content\Images\Editor\congrats_tutorial.png

Filesize
14KB

MD5
8efdaffbf407c5ae11914ecc954f6e8c

SHA1
e28e6746b22cb56526d207c4c314d2762dda506a

SHA256
c6033d0f8a531e212ff65b4558b652f25afa309b39eec8d5ad99b0e5fee63507

SHA512
f1da670c1149043873c0bfc0098c33f974ff1131e4ca502b360f6908863fd4717ebc944b9ddcb87f719858c90b4b59226c924526b47e628bfc4ced6560166cea

Download Submit
C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\CommonExtensions\Platform\Guide\Content\Images\Welcome.Python\Welcome.Python.Run.StopDebugging.png

Filesize
608B

MD5
99d44b5a0fd8c60bb3c4ea826042034b

SHA1
762eef5c36b386004f520236e09a76b0f2042583

SHA256
d0e80bce5156459548b965dcc651515d247e5ff3ef6590c3e2ece7853947b5d8

SHA512
08cd7bac9e35a783582d8e46963809357aa6f32deccbc53cec5b4a930be036881f6cd2e631c9ef75c8580c76b073069b1216ae3aacfc38112a6d5c394a0edf31

Download Submit
C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\CommonExtensions\Platform\Guide\Content\Images\Welcome.Python\Welcome.Python.Run.png

Filesize
23KB

MD5
527539837e09fd6e8f3461b5a5356aae

SHA1
4e795a202c5196093f6ebe8ff57ce266faad3f03

SHA256
822ca512a32744427d3d0d307a0eff7fa3b1e27c8f84b9af5c4a00865ee53a51

SHA512
e3a2363fb0c80bf66f65c7aa9c37009f0fe8218bece77d9736bd62d72af87d67aff53d8d4b7c39d228839082a3eeb74b34195d4b6f98aeb43cf7bc8fe709ac0e

Download Submit
C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\PrivateAssemblies\Microsoft.Identity.Client.Extensions.Msal.dll

Filesize
64KB

MD5
352ee196cd65c98b729065aaf6f5c9e3

SHA1
5da4c568740c6c91e02ef0e9e1dac38c52ae33c1

SHA256
6ceaa8b598e7985d5637ab1659566dff9c1fda37edf0f044759b56444f739018

SHA512
db12aec8d7e230994e240c7b7fedc5420d3415ff199cc6279b8ae684e81681e139d562d9de39e4eaee1879fbe7a83eef5204e7e17ad475257853519292e107b4

Download Submit
C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.ExtensionEngineContract.dll

Filesize
278KB

MD5
d994ea43477516cd1cf4e9322ea4f0bd

SHA1
edd4642380c82a8bd28ca1ad2a035c4e56d04386

SHA256
0b002276d0308970efe2efd81859bfed9872902a1b47e05dbbc379e206ff7bdd

SHA512
09762734ce289a03bfca53c62272f8bb413abdb3b505484fa0418e53c24fb46ba895d098912f2c8ec43de8ec80569986f33a1d70a246c3ad270b5f0f6fbdaef7

Download Submit
C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\PrivateAssemblies\NuGet.Packaging.Extraction.dll

Filesize
817KB

MD5
f3b8b469ed25f0655c8e2fd074a6cf83

SHA1
1e36331e383c2fecb896649aa867fe93301ee6a1

SHA256
1751c9875931e6b9092c75da7e2daf15c9f8f96b1bdab9b8292b57702797aedb

SHA512
9b29f8b1c3b9edeefb39552a9699270de76167aa5b5d38c2e116bf624e1f9fa12c0767cd44f20a083d91e172084c4dcc1e1d818b475e4b475207acd26b881223

Download Submit
C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\PrivateAssemblies\microsoft.visualstudio.setup.nuget.config

Filesize
702B

MD5
0e10866130c2714c060fddd932362b24

SHA1
0907cc203e315969d5173681623915ec80a5e4a2

SHA256
699f9b31b81270d2432f04eaaf72e1e3c2b68b8dd55fb463391f177925ca958b

SHA512
9c62e9a5714afb139a07e916a0b967b281e71b91662b66edecf0f287f9f7ae71157077305c5048332651f920c4eb63863794c6a9f656baa60c3f44c4ddfeb8a9

Download Submit
C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\Profiles\Web.vssettings

Filesize
278KB

MD5
b0a32cbf8b8d873800d7da79961687b3

SHA1
f38d37181326710d9d1178b26320c6096bb57b37

SHA256
79646148fd355b507a86e9754a45a60a7a982e6d69a968e535e3e3aa3f2e6d3f

SHA512
04c5bfe30c03f94676239719b2a39b1bc299d1679d88e1bf6126bfff26c2cdd2fb769acb890369731aaf0310dd1691c98a90c87d21d79cb873a1b47af7a70f8a

Download Submit
C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\ServiceHub\Hosts\ServiceHub.Host.dotnet.x64\ServiceHub.LiveUnitTesting.RemoteSyncManager.runtimeconfig.json

Filesize
655B

MD5
47329322d261d17635756dbd1d3e02a8

SHA1
dd2ec4b8b24e96cab1982d086ebd10ad9c60b139

SHA256
cd4b73111d22896893e6e79272118b53f635f8634c8b6076019b5a1c16d4f331

SHA512
98d6b48e4d3b28a9adeac9b63952d5183594dcab5ac507136179500bf9bbdfd291e5ce3111908c34e6792cac0d9985a58c173193b64e82a7b73a10f073beac11

Download Submit
C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\ServiceHub\Hosts\ServiceHub.Host.dotnet.x64\ServiceHub.RoslynCodeAnalysisServiceS.runtimeconfig.json

Filesize
712B

MD5
a97f4472863cc9c780e71f1970fcd576

SHA1
15b87e9093e996da710b96bf662f1d36f71801c6

SHA256
8c339aa59287616c804e03db32e946e19c2068fbc2af420b2f30d10b2c67d91b

SHA512
4016da49cf41f64e6555cde370da0733b3d34338c89513925ffefd54c4ef5409e9e17d8c9942ebf65bd7d3e727add43c3d45b7a8609a3320e544cf62b6106652

Download Submit
C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\ServiceHub\Hosts\ServiceHub.Host.dotnet.x64\dotnet.x64.DataWarehouseHost.servicehub.host.json

Filesize
225B

MD5
2257a9c6c927cfc9c7e2a45415fed6f1

SHA1
d928fde93a93772981df2f1f4b1d90e9196ec28a

SHA256
8bcff37d88ae726caa0ee0f981e5a6a1846a5e90b1330d1fd0e5776018252d82

SHA512
c71ccacc4fd1b0d8c29859f9d4dd5ac88df79160c1f1d3336f0772886fd95eef3762ba6cdc511b8fceaa65503a639f2453909dc0a54e4fa9fad7226b19bb75d1

Download Submit
C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\ServiceHub\Hosts\ServiceHub.Host.dotnet.x64\dotnet.x64.IdentityHost.servicehub.host.json

Filesize
260B

MD5
29fae385c57c8b8adb10c820eb092b96

SHA1
26cc5579045969ba24b559584f1ddfa9d9c647ab

SHA256
04458aa0aacc1226264335aadaec9c3dabc0a3892762fa265901b668b69e7241

SHA512
269f0ff0151adc6b176020c2d126462db6edd47dd5168152d0a6f48f68347022e063811312b844f86437b97f0a17b8c984085e699665e8293b69522fca1542a3

Download Submit
C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\ServiceHub\Hosts\ServiceHub.Host.dotnet.x64\dotnet.x64.IndexingService.servicehub.host.json

Filesize
251B

MD5
b9efb384e400a26e1d83584fcb2331cc

SHA1
7dc046fb374efc0418cc36108b843d28161f95d1

SHA256
a37224422447c10a65823596385904bb23e0a6c7f7f4e302c749cf4bff16b98f

SHA512
9d5491e375be256515016a571faedcdfe168d2050907d37fb988e62771d1c678545ed6483de86d81ea09bc4190de19ca3f48b64e8950870e64a76a3c34c7fb7a

Download Submit
C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\ServiceHub\Hosts\ServiceHub.Host.dotnet.x64\dotnet.x64.LiveUnitTesting.RemoteSyncManager.servicehub.host.json

Filesize
241B

MD5
156e048be9c5b83de2b1739b298e2bd5

SHA1
fbf3a85fac51de6aa4bf6d47081fc393991c8aa4

SHA256
ec7c98517b92f0f8506280b1977f60c928e3b3e6049cdeccb25080e714214320

SHA512
c953927a31c08b46cf63cd856c5a17a7938cbd3138a94edc53a540f784fc06967273011858dfa3621f805c00739c6b4b0175b7e37a5c569abdd4fd5d33de2a90

Download Submit
C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\ServiceHub\Hosts\ServiceHub.Host.dotnet.x64\dotnet.x64.RoslynCodeAnalysisService.servicehub.host.json

Filesize
273B

MD5
6adacf94917eaa2411265d3365494607

SHA1
256d5622b10c78bbbecf4b52c3fa295e1d407eff

SHA256
5207382bb7521800ee6fc4ee654b78e57628f43ada57fe5475d016422ff9432b

SHA512
be1b835cc9a8594f437d248ac1f0796ec4654d996dab54cf81943dd6cfa9d80ca53fe0fdff7bd022795feedeb3c7d98799fae49329a2309331c72e555f8912b7

Download Submit
C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\ServiceHub\Hosts\ServiceHub.Host.dotnet.x64\dotnet.x64.RoslynCodeAnalysisServiceS.servicehub.host.json

Filesize
274B

MD5
9632653443fb47c70ed7c731b2e93059

SHA1
94870bcf07ebb8777242eb7cb2501474e95901a1

SHA256
aa568397d5afc848ec42b6413ef1fe706c3f322631ce732ac0a2ef0a7b93ee5d

SHA512
4b898e01c412583a1e13f72b52f0a379f86e7e986566c8b4ab31567e7ed922cea881c40c0587747a734e9c0919c8c0b26ac5ede264f23012c26c9f1e2df30062

Download Submit
C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\ServiceHub\Hosts\ServiceHub.Host.dotnet.x64\dotnet.x64.ThreadedWaitDialog.servicehub.host.json

Filesize
226B

MD5
06674920bf64a600888a1417eec48900

SHA1
e0aaf0bbfac83e3560256634532100d9ac7b0680

SHA256
90bf3e509e3cb334471215efebe65bf65b584b7fcee3ef60449f240e6196cec7

SHA512
7fc5ddf354c85033d52896f44aeeb6bd5348554fea933fcd2773532f078713ca43040de8f04ff950ae03b549458a13569938c386a517c7236e98204a304d5aaa

Download Submit
C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\ServiceHub\Hosts\ServiceHub.Host.dotnet.x64\dotnet.x64.VSDetouredHost.servicehub.host.json

Filesize
262B

MD5
fb7e24f8da51c1a56050d6987468f0c4

SHA1
8b69c04f6f0646bc2a287b0df936709d8b73d3dc

SHA256
5a32b493fa3a1e96b0b2b428724bc3906559d37341c7c9c3527ecded8c06deab

SHA512
af03a15a12d5239530002753d043adcc98abc9cfcbeff7ed3b8f0ee4fc5232e34247e3663df2b778c3a6187791d3174279eea7ae5bc64ca193181f106e15a34d

Download Submit
C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\ServiceHub\Hosts\ServiceHub.Host.dotnet.x64\dotnet.x64.servicehub.host.json

Filesize
223B

MD5
a03119e7a8cbb09ad134e36b850b7626

SHA1
77002d088bff1a5031fdd3e69c0a88102875a640

SHA256
2985a91ca358ba814a159ca7d3e551ae2acfd7fe15d81df8f9f58ae63e4377b4

SHA512
2343b4259ba793e6bb24e11cdeebeeeb3e240878c51e00adcb78d2120cde0b2a591ade2168a7c71f0ba4f8716fa3d98eb370eda944354415e3a3d6358e6d9461

Download Submit
C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\ServiceHub\Services\Microsoft.Developer.IdentityService\Old\Microsoft.VisualStudio.Threading.dll

Filesize
758KB

MD5
972d81a9ecddc12f552b0fd6587a66b2

SHA1
6e5e90d1773bb9864113c37ece1285d5cb8d3d7b

SHA256
b9a18f8297719b8bf17d540dc08d51fc882fa226ca902954dc3b0957140b5925

SHA512
9a8791aa96a6cf47c692081ac4d8d444e40eeefaaa824c9c9e0e933e1716005c6c5d19caaa97aea1bca975c76328b2c13f4a9b99c327185dd4fada87bb346787

Download Submit
C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\ServiceHub\Services\Microsoft.Developer.IdentityService\Old\Microsoft.VisualStudio.Validation.dll

Filesize
37KB

MD5
55ce53f1e140d12cabbf2b227d14b666

SHA1
097dfd15d81ad308b02d272c41aca9388625ddad

SHA256
3882be8f796d77c645d62d7a4dd3b29fe497ce1e0a1da41a9ea26ddf9ee69da2

SHA512
514eb1d48601e1cfb77814ff10966de184694f2cbfd4eacdb18f947b38d9a196b49a4d485cf3aed6770a86e57690966365edeca244b3b8b8783c808477c6199e

Download Submit
C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\ServiceHub\Services\Microsoft.Developer.IdentityService\Old\Microsoft.Win32.Registry.dll

Filesize
25KB

MD5
59c48aacb1c413c108161afe13fdbed9

SHA1
31ace4b26d8a069c84aad6001e06c2a5483806f3

SHA256
e9a9d281c1a708aaae366f82fd6a1742f65da2918cc4fa5eaaaada0be24277d9

SHA512
8252abe64c67863d9e4c70e820f0c69c517b8678a4b4c13a436118bc276e5f21e84522b93566c0bc009effcb251ed67bdbc60e4907abea2f33b6be3764e28d1d

Download Submit
C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\ServiceHub\Services\Microsoft.Developer.IdentityService\Old\System.Buffers.dll

Filesize
20KB

MD5
ecdfe8ede869d2ccc6bf99981ea96400

SHA1
2f410a0396bc148ed533ad49b6415fb58dd4d641

SHA256
accccfbe45d9f08ffeed9916e37b33e98c65be012cfff6e7fa7b67210ce1fefb

SHA512
5fc7fee5c25cb2eee19737068968e00a00961c257271b420f594e5a0da0559502d04ee6ba2d8d2aad77f3769622f6743a5ee8dae23f8f993f33fb09ed8db2741

Download Submit
C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\ServiceHub\Services\Microsoft.Developer.IdentityService\Old\System.Collections.Immutable.dll

Filesize
246KB

MD5
af7880a90c02c0115cd169c7182ab378

SHA1
6e3ccf50bb1d30805dce58ab6bdd63e0196669e6

SHA256
d5ec0837bb176abf13dcd52c658c4e84c5264f67065b9c19679b6643f7d21564

SHA512
5377f83cfb8b9892727ed22ba0b9b1a75b2d4750caa6da04f4eeb0f6f9c0f75949226b2ca00876ad1f4c9de02f8ffb1cbcdb3048fbe6d26a6119148282e818a1

Download Submit
C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\ServiceHub\Services\Microsoft.Developer.IdentityService\Old\System.Net.Http.Formatting.dll

Filesize
174KB

MD5
b676d5e9828d6010339743f236f54ec4

SHA1
0dff461be2e04ebf6da5f4f2d3eb639cc2e0a8b5

SHA256
7b58adc6e23b24cd6615b35e848a002bda053a26d48f9ddafacfc8098e97c49c

SHA512
cca0ed47b391b12f44716db1921314e7dcbf2a9f6b0916c78642b4aa814825c570569b103a7f5e298e9c02dbae22e7cb905f08f80f94ad6dcb69fe09085cd8a8

Download Submit
C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\ServiceHub\Services\Microsoft.Developer.IdentityService\Old\System.Security.Principal.Windows.dll

Filesize
17KB

MD5
be2962225b441cc23575456f32a9cf6a

SHA1
9a5be1fcf410fe5934d720329d36a2377e83747e

SHA256
b4d8e15adc235d0e858e39b5133e5d00a4baa8c94f4f39e3b5e791b0f9c0c806

SHA512
3f7692e94419bffe3465d54c0e25c207330cd1368fcdfad71dbeed1ee842474b5abcb03dba5bc124bd10033263f22dc9f462f12c20f866aebc5c91eb151af2e6

Download Submit
C:\Program Files\Microsoft Visual Studio\2022\Community\dotnet\net8.0\runtime\shared\Microsoft.NETCore.App\8.0.7\mscordaccore_amd64_amd64_8.0.724.31311.dll

Filesize
1.3MB

MD5
55e26b8425298445dc90243c9856ea83

SHA1
c41e324a5a196a212670faaa7ae446d0159d0bac

SHA256
f2be0d8160a3967d5b9c6934289999d666069c2265c2ce28889497cd75ee8c7d

SHA512
a9a0abf1fbc32574a8504aae8f7ec792c7519e52dc0ceba4ef320b0632f3074178474054fcc5b0c987a83dc926e99ede0ea41c155f71b9c71348367d780f22ca

Download Submit
C:\ProgramData\Microsoft\VisualStudio\Packages\Microsoft.VisualStudio.Setup.Configuration.Interop,version=17.10.34804.30\payload.vsix

Filesize
20KB

MD5
2c7ef91bfa9a306cfbdd3b54889da189

SHA1
e7c31d0711990da77f76db5802b149251f49b33e

SHA256
03d06939c0fbd7ae6bde9e8d4a640b8fcf6c99c1fad5d6348c6b7e372689ecd2

SHA512
81b58fbdf8736df950b26fd6b088b9142db8a42f69268473d24b93f1858b5799b522268ca2ddbcf7954ad87e1cd25562b344b75bcd13a2fefa6bd116af3fb541

Download Submit
C:\ProgramData\Microsoft\VisualStudio\Packages\_Instances\b005c1b7\state.json

Filesize
8KB

MD5
f927b66bdc1e32e65f36da2bce591e2d

SHA1
eff426c0e6d52082e61f2b61d410d7f01b5a53f1

SHA256
14b29db882df7a71da57e37b14c4b2bd0f74e053076055b056b5bc3f06167b3a

SHA512
0bc87988413b71c6b6d6b82e0e947214b7d3dc5298d2f720f6078c16eabc04bd716a799cee5e5e2ca7c68dd4ed74a5e14637afd7e65db931477a763be0d2e7f2

Download Submit
C:\ProgramData\Microsoft\VisualStudio\Packages\_Instances\b005c1b7\state.packages.json.temp

Filesize
4KB

MD5
dcea1c95ac4f031e028f1160bed617c0

SHA1
19315b677fbc9d2d973d720899d8c41349ba4807

SHA256
1017d7f05563989679a272280aeb99472ae529241cd6f9609d358f74372e7335

SHA512
07e01304f1d2e11bfd7b63c1db31821496738a33a1c1c9013e4298c034168219101926a448835b72c9c6e3a2c2ed767e400ceae4ad3a10ebf516d1b4cac5350a

Download Submit
C:\ProgramData\Microsoft\VisualStudio\Packages\_bootstrapper\vs_setup_bootstrapper_202407201832058649.json

Filesize
162B

MD5
ad891c3b02a02419dc60db8c273a8315

SHA1
141a08ca0e25d56bdb35fc71e1c767667079114a

SHA256
186c4b16ee009564819730b358dbdbb0792fc27e602698c5f0a16e20104647c7

SHA512
64cdaf1d6d1b4072e24f3926f91103abf946ff044cda34a9070586c2d2927bcdfc53381c955e447a38965ee426373259759025f97b715158afc429080956196f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
9003e6ebf34827391f1f19a135a3ed6a

SHA1
a9a198b969066f3d97c9b824d18abf52bcfa8ec1

SHA256
31e93b6b9acc374df17acda33254df04a266125a72033edcb73fa25f4f5a3fc4

SHA512
6e02582bff258d42b00cba6ee02f18248b3e0dd09aeea0e54e59c3488427a61d6918de76f92828f27116d4f181469cbc29239a09adb7ab3f95ead6eff6c12a9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7e2a37b1689969f2_0

Filesize
365KB

MD5
b6948e253c24c969dcc319c70a689b42

SHA1
09184dec88305c058b70b64e3f4e598ccdc9f487

SHA256
4d3670c9f79ea26d9b9e1b4b97c9a366ab0d2411d67e25290e54561f54a52096

SHA512
0a88bb03be0a51bedb109174269e86ab4ffdf0618d3945999949da6b90dd7132a479667b33af81dd63a37db755f4fda68de8b29adc820110420060071d9bf84e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ec5ea768045d5c65_0

Filesize
289B

MD5
a22a601c4712fa95ff3e821e711161cb

SHA1
f9281956447699f0026bd0ec850cd42da7478b57

SHA256
99a3a04f1cd52fc0b2108270f952ee1e6f27abf2403183501864830a0b08e94d

SHA512
d94733a9bda667f8d8db6b304068e65815399de350e42142c5e6b3b4eb0539a2cecc858953b49af6a4d0c458458d5701a78d26e799cabba5ae9352c4b3115e34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
e74701f06ba007e3aeb0afd1da89247a

SHA1
ec254e98efda3303fd2e9fc77793e56413c3843e

SHA256
ea858b5b7905693985973f4d54677082763988d6c0362b452e559a71ca884edd

SHA512
124f53a5ffb5c83cb25976a8de6f29475f98f4186c9635c587f7892fd8040b570ea5e8959408daf546b47afb0f5767fe3d82c014f15085b6805b590564b19834

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a372b2f6f843964b3491990697defbb7

SHA1
dfd12f7d39e9c88142c3298a899b5243c0f78e09

SHA256
440c958092ceffa78e170b66a61680dddf3bc3c8348cafa2437bc43105dbb85e

SHA512
0f32c0a15cf2b192c940bef3185bf657dc734e745b76fc18a919d34e04d2bdef9a7c520cd54b65feb3ba5f87e827015fd2f4b54a190055ec2af7be58b46ee283

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
07bd6b29321d2bb407324e17641b9efd

SHA1
f1de9d06c93b15d3c318e32917a04b5c4a764cf6

SHA256
2ce09f9f23de426fc79f2ad96684395c37631fcf561368cb00ef665048efa27d

SHA512
9807b408de92e2651fed7b768c83c74939a267245dfe9b5ecd6295b4c7c7917520e57bddcfb87fe8a20f4b9686c5b1686d3a31fa8a97594581ab10f85b3efc49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
cb8dd43b4d7a93d9d6d5c96fea3b523f

SHA1
523bd06c946309dac69d673b8f1f84cf0cb2d5b1

SHA256
c490954c4a103c42deb28d063e1b678cfbe42d880ad7c35572400d674eb80772

SHA512
f1893fa203e7cf67c1481bf06ca34f5c66d992d2b113f6bb20032793ae99ef62f11376d23703b35eaabaf8e7c405cc1834592f7eba34937f3eef08d22f689def

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e5af89ca3350551a51529078d73207c0

SHA1
d55e430afe90784cfde76dfdb5b59dd3be4a6f07

SHA256
4ccd3a5108a771ebc741dc8e02a3a1e2a33a9b2b58ca77998b38d1be58e9872c

SHA512
249b69107c9c0d939a2d2fc1e9d33914f9ec49cbec3145a5d2367a0faea7a83d2c8b2b83e51b227307e2a7e6af62762d8d0f2318a2912f25aef39ff995209c31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
f80e618788e5c48e49699c58aad4df80

SHA1
9affac8b567ddfe4fbe91c814f9d90ab8e6e64ea

SHA256
7a4c63aab6b013752c6409ec044e054b8de93bd24c83fa2a810644cb3e71ddd1

SHA512
820208ccbe4ed10bbf79c3c30c970a7ca6b89d849b63d6d8c27596c412f64875c94a88300ebfcdc33fa70655d5493cc6c07a6de9b31025c363fa74514cc2a219

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
32dd95d2d3d8c0c84f22b2417e9484d4

SHA1
179e5d6ac8f262493ba426b2a60819ff633c8232

SHA256
6dab07d24cb367ec2bc0586ec8837467a6f8fbb74d0429bc6255149de18b3d44

SHA512
c80a07745ab550ca8583c133f6d8ba17984b6257190f4cf5c2f3a14bc646b715a48c6b7d7c5c2e6c8f382f58f2700d34d1b96c05dff6df262391fff0dfb538cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
50020915ef4229abd8972f605a80eca4

SHA1
53674bfe7fd322d14faf220204e93511fe15f4fd

SHA256
67b95487b0db898cbaf84d03d9ed8ec4d885985a88084c55371da0f887cfcd1e

SHA512
bb93116edfb931e10e31061a89ff4691a1ced8e924ed2ad1a39fd56b4dc35b0dd6b33bf22adb5f626429f838cf3af80497bf2b1fa4eb752adbbf3b6a546fb37e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
0c744d24c19bdf1160fe2e34e823a0c6

SHA1
960aa8f87e95d3163a7c17fdebd138424b1ca715

SHA256
a67578f458e9f628e8bb7607337a6cfafedf093b0575eb7a61560151621cdebc

SHA512
abb66115cf444198a7f6850d360a5bb51b7ada807351638ffc2243bf779832f48ab6d2b2bdfc1fa9bbfd074030870ce9a5ae8787b82674461424217b2b935185

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
0f24590ab8dd014a16c15ac582ed9176

SHA1
2b721fd951d10d878f98be62887a0a527e19714d

SHA256
974741db2aad0e5b78d26f0198006bae13cc0c7326ea750fab2da4730a5ad095

SHA512
6d3568496e9d29357a2c6689611e57695e4bb1b75b07d0d2314ce5b94dd7d759e67da06246b9e7857d286e661db3640c43941acce1d2005dcdc5b2289f730468

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6fde45e4d2d6c4b0209290abe3b8b168

SHA1
4ee622b6d83b78ba88ce9a0707a981c7336a0e94

SHA256
70d085a4afdba72e3ec983d2b09ca3a7d25c139caba27f40e6b0f2db4bf25f7c

SHA512
3dcc2caa44a0761c408acc54575712acdff9f53aa36a8ed0e450368a17eab43da0af01dd0e230632d749c3ec76bab6e57ef050e8f917fd17ce164eabd7f25118

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
042b1684bbaf4cdfb856d1047bb2dd0b

SHA1
88c9eaa035eb9d234cdd9bc2456f2ce20f0a57e9

SHA256
c92c9ff5a8f02d70561fb4bad7fa04fcdc5f133e6b6858f43bd65c98fdc9e0d0

SHA512
5c931d823bbc30a277b6db6cea3a9cbc62606a3a0483ee2a339c99b37d9c2459631962bf8ba68753cc6a0b72cf5dce3c85f9e0c2b4f8f95dbdebda909be9326f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
62e031a9eaf02011640adc737f5d40b5

SHA1
456d4b766afcbdded22643f5f37425261f2e6edc

SHA256
1a1ed60127182882fea8e414f82727785e7ac5914ad17d8f0a4db9bc7bcdd184

SHA512
85678ef5e01ca814d6ff64a1427cd1cab116086ccedc3a1752b8f049f818ac10134483f53d2da387dfc82731703e70be578f0b4e0f9fccf7a3bc832ecea23317

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9015b9b52ee86fb1d1c52c135397717e

SHA1
cd3e02f3732666c26e36be749eeac4009d12f7f7

SHA256
4447f4e15dba8d2e9fab975e4cbe01a201375608ec98e0d499662cc284931dad

SHA512
b00cffbe51a6fc6073da71f9cb7f354fe5898a1dd509e6dd935b266321fb34eda94d33a5f2948ea5650f7864bb54619b7e87706b4f1a521228533dbe99955219

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
111508287ad33c3dc91214e8161f6e97

SHA1
0c9e815bca6b3b3fe6c216b66c40827b9af3adb8

SHA256
e420a9936df4c7e63e59d37b112f0112dca9434650ddb4236753273d7cac5fca

SHA512
6ad5975ab373c535dcacb1987c389af2ecd785735fc24bf27a3f65f519ef306973fb20d42ee09d37c3eed4d5a7e578eed6678f726127727c23725589928a2fdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dc92436def16cdbdaadb55dd28ab0e80

SHA1
f514bd4a44c6e66767726a3218386b94a959c5a4

SHA256
7bc43c82a524498a22fab5a86d6fb3d45dd1c124c108088fb4ca78d7ce766984

SHA512
a83afd447d31ddeaec56e47457a450c8c0e3427c32e7fedddb02715c05d781af79498d08e0fce7153ec11a8f4c56dbce3040ab35b4a6a213c763ee882bf7b5f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fe001d3f3d132108188d85ea968703a4

SHA1
f596307d66adab312bc19a54e99ef63c0e2ad4b2

SHA256
19097fc619def66c2afbc4bf569e92d957669c5531a5933836ac9b156c6cd852

SHA512
2ab3b26d84ae62ee0838ffc3caa1d8675a2005dc70577e2843d3985d830455b6dfc6d74001118871c470261c8bec00306257edd6f56c43b8af29b858d58ec187

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0da7198e2707886c12e9026b6b44d6f4

SHA1
26322adc329a547bc4c0d7e594de49f1190ef3bb

SHA256
23e4eb35c04c5cb59f475510b103ad0eb985dd67ef21cac2961cee8d4a4ef306

SHA512
1b1aa214a9b08728b09a053a059f345c231ede231abf760d0e81e392486bba92084adeae1064d5fe4f59697742a7b022bedca8e62b0a0cdeee9780c21281af5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3d284c6341b3638a6bc5035cf41ddc0f

SHA1
6cdb817a5c667bda25012dbdaf0226651151aec9

SHA256
a8f90a1d9215e82f35652ae32a4ca7fa85634c8e228beba5236cb49ee4201bdc

SHA512
5204e13c59f9aa02e7efd8e78aac7e9f5a674a703ccaf3c1cc989e329b4cf27dfb1805d0ba781902ac67cf27d303d2451d6b9c5d39109cb06665c0d9fbf5e679

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
26af513fef66e6e594f321e6c6651b5c

SHA1
035bb3810aa6b38e683a1c13b5a6f3f4a5a9b6ab

SHA256
76637ceb767567123ce3611ed06dfc888123735454f2b06823353463c01ea100

SHA512
657534e4076047f86c780f42419023fd34551e32fd7474c44f123057dde04e28e922fa7581b8d0e01168b961f8dbf621bff4a8e19030c448414bf5531e10d5e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
af76b7743da675f2ad02278853e88887

SHA1
3614336256662bd26f4c1331ddbe3c78c700ce84

SHA256
e6a9ff20d03defd5ea6c72c7ef9ace7c33b43d625a28bd7cc5ad05fe3ea21dfe

SHA512
0c0b607c29207c2f549fb95e89050f7cfcf969f4b8acd7353765093c9aef1831b1f406fc8632ba67edd66a23bb273f865aeaf75e21ed97cbf6e7ee739ee003b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7f6c8e53f02b7bf8098d6ec0e9bd69fc

SHA1
60bfad75013423eb57cc8ce62804e049850fd962

SHA256
56e3ef07d2a6c057baf2b2334c125bb7ff1426ebad97b842c8553d2e1fb13a9a

SHA512
51ffe961dc332ff660c482d2a4138a7905931d1e3a4b05b8a7c9e53fcc22643485dbd57eac8a127516cb54944996dfa70c1e8d781c093182fd71c9bc2e2e05a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9f9335b0e86a88f99d91b0a2294b17a3

SHA1
0797056e26a223768a9cd49751c3f3c33d387ded

SHA256
1cf3d55537297b19bfa7cedcf2b0abb25e538442c2432cc1582ff065645e46d8

SHA512
d270c053ba05b622530a4e631ae8220f5d6538a485ec56d5d7c42a961c3a79234f5c7a7efb61e6dc22a9fd1f737a3da7b0d4774e239b94798c220548e9189993

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9bbadba0b7cd4f7271a9cc7b4068fc5e

SHA1
e68bd51b2cb8af212282d965fed26e2de4f608cd

SHA256
2f1e0d03db592bd1269f54296af0873407d87830f06a206971b5b5ea53e261d6

SHA512
6d47f29b7acb4141549fbe9a7ac330fd29f349db8cf9f48ca62ec8218665b08ca0a1e3b93c7235b70ceb59bef336074a972960372c18b24380399920f5c1cd5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dca50198ca3bd244eeb6e1e56cbeab6f

SHA1
994748f70aed0898fceed81078d7fb15002964e6

SHA256
3101a051f18ffaad4019ae80326d29239128ee2e9c751a5e5b13dc15b33a4df2

SHA512
bdadaa1af1320eaf84941c242e3bbcfbcf930e9d1e745ea47db695c92e9202d99020823b8cfb394788adc3b3fda94d1e93ed6746960f8e232abfbaf73e9d8316

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
efa895a8a3bc7628f2503520b9aeaecf

SHA1
4ea0b7cc6cc21c0104075a326f713542c7b7bad0

SHA256
140ab72f6ccfd5396be6bf1d652d199d81c76e3ead639f655f0ed252c93b82b0

SHA512
7a9ac2e7f57216b78f036e2692034a6316f97fe4c40a74c45928b7c25cb6f16b679e6a169ec55c2a2b2a54e7f088196b75272b69bfec8e1f7e9e7fc88223fb1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b823b2db88d4a8da39675f67ceebce24

SHA1
4434ec094b1e564c0460f7e9376a8e16b9b62477

SHA256
4c00c7508b82cdd5022426d69e41763c837c2dabd81fc6ceaabd8bfa6ba2a379

SHA512
859bcf9f838b98ee353e7afb725bf9610231f52352efe614f3ae92cb56667431ec15bc9a483ace4e6ad33e7ab36266c3c882341b60823fe7e3351123dbf37e7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ce8f9aab39176e9ea0b5824de3c0534d

SHA1
d81fd3b63ec47a2994c78b29521902ceec4b39b5

SHA256
38c6814c7ec61790e71ee296e1ac7a1c11539214fad72331570e8c04a416285f

SHA512
dff5b662e0ebaeca5064168f8b932cc23300b4ce774ae6abd132d01b740bc0f6cb8f21232838d90dbe331d7e42d490cc034d5ddfe5dff0faeb6a6aef0b0a776a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ba1c94e15c27d5b2d3f4d9b59713f00a

SHA1
6a271a29c214dcc2c6067f45bb3fd2c9a71632ff

SHA256
d97ad0b66c9d06d20610d27ce41a778c52c7430cea0a5f24f6afc41df312f021

SHA512
75e5afa82e48390bd9291b4d9873275ff677af8a8e495b23f4ee644a371a2bd64bbfcc3d556459c225dfaf356f725d506c45cc805d52b50e187a3dfe1984ec6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f144afe070c5facad2b9ce41bab76ac6

SHA1
16e3e74d3db8449f4c1da3f894c581c221b89c73

SHA256
1540205d4b8bf14d926fb0ef6360928b7829d14cc95400cf280b1529f35ad37e

SHA512
26c941113564fddd5ef561eab64839223c1524491fd4887b9758f89ff12eba0c2d68681b4588311fd83ad9303c84b4316e27784dbc24b98bcf20e5deb79ce942

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b54c132cd2e59e4a8e0728ae207439e3

SHA1
d29b50c43c1f7cd7cf0bb4bf8e28c2862a6e26d6

SHA256
0c626b37e2da965a919d5ba42907eb34790b90dd98ffd98627debde62a203ff1

SHA512
881fc8974ec0d17a3e25842c3b101151ebb869f110c1a898985620b6898abedf7b474cf1c3d783a22b810576de7d7862ea4a5396f2e9611a15bd5bed916d78d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9a29a415632880f35e108b999d824668

SHA1
160a0fb2f9a0f12ea1abd305c6815d25863a038b

SHA256
1595fa273947353da4050ae7a2d9408d5305eab02317aa562ce14837333ca390

SHA512
5d5810b0b0f64b49891c0f69988378d257da96107608c490f2695d9a4fb0d3c6463e53edf35695b4eef26d8a71259d10ca6e614481a0c929dd370a3ebeddd010

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5f50bd861416b2859f4617e8141470fc

SHA1
64d01db3e79dfdeb5da19a8ca81c95246ff546e0

SHA256
ccd90074033a10b1b9490febeda3e6aa6137bda24c550eadce4b29f1ac17d411

SHA512
e38d9e54872e4619ffad7737da53d56ce2abf26ef2c2912e4f9f8fde317a83ae6cd666914ac2e447db2c1e28d0a1568474cf6953e9a0e50f21e39194e0b1c3d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f32812ea577a44170ac6ddc0c0cbdd3d

SHA1
e012baf330d7e278ee3c7e6e812d802cc953746f

SHA256
d27e6ec539a6642c4e8692a7889811b6a76d4f009223578543462f1db389c380

SHA512
f04109a2ec0d89de1bcddad8a984045d6a0efa848a4e9a31ca63e3c44c8cec8d7415477b04ca471f2cad8e2360315dcb1da0e6e2a2b7d4197739ba8081ada26d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5e3daf0c5c1e0026bcb354e0eba9ef82

SHA1
840e1ab80b419ed47bfc4334f9ae289fc2cccb25

SHA256
49437e44481ce7fe00bf9c312c51b1fedd10ac44fc6cf3307191ec7e63815e68

SHA512
ae97e849a07d9071288f4170db460de19b77ff0d13c4e91c3645f1c588b4c7d6061ebd98ed15f777e6171c838d02911998b7e63e43356f9d0de64845e47df607

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
bba9f523e4977877e967cb37a3e36c4d

SHA1
c503557e1aebf628474540d0a61464e28e8c952e

SHA256
c15cf4d0a25f86f3bffc842c0e8b71aca99230837ecd3fd68ffe45eaba93ffd4

SHA512
3372b73d9a96f1d9d7cda10fddf27ec51b3b2cd0f4e34563027c4144dd50519b7582511432dfb69c354b2b588b7699ff8876db98d7caaa8a450f793b5654be92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
f3d81dfda14b7d50aa12404425647d13

SHA1
473b9e63b87157db88d2615f68e4951eb76ebd95

SHA256
eb505702276108cea2163b2adeefe0055f35d0c73b0ef15ad6276da313163d42

SHA512
820dc34f9d64d1d111e2456e472c9335efccb9c035f9d77ff741de93793431c6f5ccfde4785c77c3c7694b32f8aee221a50db47da71c23685beb0c5a0c738d74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
20558a45dea38d173fc02d032a96f369

SHA1
92e2e47e3b64ce80c71238a34dbbfbc9189f3fb5

SHA256
63499cd9588a3a452a1415d2888d021fab1e137f9f352d7f05aff0edd3725f4a

SHA512
ce08c2f862d9fd585552d5a58e841b3079afd1c193af7519d4f5c6de5f5de065c0014190d0cd08c937edfd332645b39863404dd4f7268265b2e6d7fdd66eca70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
12e01b345100bf06c78a9dcd76a1ba70

SHA1
4b7c6a6cb251736acca29c246cfe0a91b1163843

SHA256
bf27ef97e335bfd9c3bf9b3a1742c3bf9da28580ed82be993780335846781d20

SHA512
40ccd1a705d5b326dd936cb7d86650e42b5fbf7f1bf106419216efdbe4b0fd9c12dbb15888cd4b6aa317ec204a24f51996adf96fc724beb0a81efaed5711c1af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\VSApplicationInsights\vstelAIF-312cbd79-9dbb-4c48-a7da-3cc2a931cb70\20240720183301_cf16782df0144295aba9342c4413b123.trn

Filesize
4KB

MD5
3810823e5eb24098e4c4f5fbcc475088

SHA1
0cc6c99fab644c576ec885e1f75cfa3cc44a42cb

SHA256
12b43656116fc54f62727e5c77cecf83fbd0a90f6b27ae767eb559be1dbe890c

SHA512
7c9e01ac5c6b351ef5cdece816ec11a651c538240a285b6fad951055e95ac8541883c8ec9717184baf1fb833ed8afd9abf6e7f3c16f5b19c7d9bf237ef432291

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240720183237_150e000a301142638490aa6c74b3bac6.trn

Filesize
9KB

MD5
95f7ef9f12aa53a24dde048371895b3f

SHA1
780494379518b01d6146c5c3fd22abc1c5f6398b

SHA256
fcfd568269d927297e9ccbdbc6675ef754e5f37100ff5041f6292a8696cba555

SHA512
e5962a7afc5607529e4737f0d5226899d6cec21e074f98e0839092339762eab82f8ba1928ee13b2cc03d82227bafc907da1e5d45f4d31953d15504ead309d58f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240720183242_384f3b00cf724f859cb821f8f20f73dc.trn

Filesize
3KB

MD5
919e5c297f82912578ac92d87a230392

SHA1
0e29a5a540765e5920ff0962c440ee2961959158

SHA256
51e2823cb107e2cde1348f347c1cba502fd01c41a8e820445eb6e18c801b8bb5

SHA512
3d9eabfa91840331b108bff234620e1cc55f7b425a924a47f30825e11a26de860370d2f847070ddca867b0835df6836173ce6ee430ffc25227f1d731413ecbc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240720183303_6d9d1dc8d09249c7bcc6f15e416b055d.trn

Filesize
15KB

MD5
6aae8c0f0e40babe641bc8e68daf5cbb

SHA1
72ad2401a6f45bccde4d6d7a0281ebe657c14492

SHA256
17b1a54ebeb1b27db89c1e7df03f6586f30d75f3d8370ed0a8558a904c1d5c33

SHA512
cad21d75f0cd5b2e5f38b4033069e374bca1ebe1b51568837274d0af129e9bbcea76cac32fde6922e74fac9f5b6d2e786eee81783e2948503382539a520198aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\VisualStudio\Packages\_ChannelFeeds\F4D08EA8\.updateUri

Filesize
26B

MD5
e3c9f3c009c49e91b372ce3be05da610

SHA1
df98879fb7402b9b08bdc18fc2f3d4d5ccec12cc

SHA256
f4d08ea820b816e2822bdd3351613ed185e4e36503ccc348f4a8a7957fadfd6f

SHA512
444aa325d744a7fbcdc5a48cd7b51814e3cca5caf58b0e16316e015f898773a5d3476059399a704a9b4dc6350d06430ba42a78058f2cd8c03669147b346f22ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\VisualStudio\Packages\_ChannelFeeds\F4D08EA8\channels.json

Filesize
65KB

MD5
7f857ab8c11d0f7a59fd7fc89a035aed

SHA1
b14a116aef970a86b388a551c47a669b77b62690

SHA256
5a4d261e737ac118e507eeeb82ed6a63aacce07818b2ca78ae409b45f1e37216

SHA512
95d4db00dc1b6874db8b0dd03e62d9b1c01190dffbb5b956d1c5bbedbd7ea380deb9f9064356682dedd349586ffee85791432a04a981c31b1391d72aef734174

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\VisualStudio\Packages\_Channels\bc2f8b91\channelManifest.json

Filesize
89KB

MD5
2fd0d2e1a6d97a5e1ae2cd6d84361c07

SHA1
d1c235d5a485919ac7333433df74f55c926234d5

SHA256
03e3391c33eaf84df82a14cd73177c40e48765975d2473bbcbd1693209e5979c

SHA512
b02139e434dd9713ca2a2eb0900c29bce3468aa5a7afbc23c9fbb281e738481807387c93031e799040d5a370a4ff274c4d1e151d3185fa9569ff2c36145ec508

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\VisualStudio\Packages\_Instances\b005c1b7\state.json

Filesize
69B

MD5
1a6a648c1736f383370f6cde6d57ff22

SHA1
072a956676f3dfec908361c40fbf760492e3fe13

SHA256
6195b964cba05b2d155b25963d92a0c1c59ef3b32c753e981067ae5dd9093093

SHA512
1d333cbe38f9865c98669226655d7fdda291748fde02698e8d78ed5f26c0f8410d635106fb3d85d1bbdab16259b24d28903f42bad8382e7db138a0858e48e613

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\4D3CD6F3.jpg

Filesize
44KB

MD5
154ef08aa320e6ef551e8dfd64d24a13

SHA1
fe14bbe6ffedb7c1e2e2e74dd7f6312f01e4f454

SHA256
9a232c3bfff03e9302377ca43a541f565392ad5310f75fe6186c846599b21cfc

SHA512
15b7ee43aa9f59847bbba29ef422881b927d166f80a672f694a41e117cbe0c57d0e04dfb9e79475c6c9bf50347ba162f1090fdb9e3c1d37c47c9e91181b15ee7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\9AECBBDD.wmf

Filesize
1KB

MD5
370bee21da8c79fbd81af2492fa2dcac

SHA1
c6361f302ae3186ea3fc1fcf14596532a7fc8e4d

SHA256
c3bb494f01217a5bd582f7d78bde0fd8e133b8d3f6942382e573943508c240d9

SHA512
1527d3d6888d3871a4e22102e55033c81b73a2fcb8c38846a2edc312ab1ccbe477a6be54b4bbaaa66cccc1e5d3e49f86c6c197b1426f03c1b991de9c445da40a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\I2G7KTMH\dyntelconfig[1].cache

Filesize
20KB

MD5
6d0fca79faea45342ac7d8c5ca14a3a8

SHA1
c0644691358a5fecb088d953b39492083e046daf

SHA256
32353d84410361ebf591781f5d5e0ba180a0fc3d1dbcf7e2f0000720248d3e43

SHA512
fec2d4af958badd190c6f36e3dc44a22fa8be4f65bbdf01adfabbcc645c0b19ea9f8158386cafaeab8f651baff5515582bbe1b20f1b635442960f80cab8b33af

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
1015d2fd919a3b62e193194c7bfafbef

SHA1
f7f3314dd817edcee90f87491f74825b197f476b

SHA256
990002e556b74d16e89d7f6c8be6ac5870e9be8b904ec52e87d92631fa09467b

SHA512
ffc7702179fb30851f4646f26a53e87c0215e320e117901c726a6294bf428540134e1fd14fce37a0b430e8379b4c56d6f57b582efff5654e2ed4624453762bea

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\CoreEditorFonts.310177BC7B20B281443E\cab1.cab

Filesize
161KB

MD5
0205522e4a80ed920bec57dd81b930d8

SHA1
4ef79b10f276b117b84b306bbddc47ca0a642e4b

SHA256
2f062ee1e7b90ef9a8e560d81da73ec979de56ae27433f94a86e4acdbbbed58f

SHA512
26604af10fa121a9850a8f75b45125b101494ad0364eb6426483763cef52bf315546fc1155502d40c7ed74e384ce9c5154c041e04a259ea188397c2e115b48d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.Build.7A6690EADA6671048E65\Microsoft.Build.vsix

Filesize
13.1MB

MD5
fb8a714c0b93365bdb64b3e4503bd767

SHA1
d9eb13c31079da0dac86cda1c2d4d0522b276672

SHA256
b254298e48fc334ec72600bab1d8734bfa083b72ccf36d066ef33137534df0c3

SHA512
c72659e6e8d4f776a518f5a128862bc32c3fa3260e5fe31ccc6b677df42fc464b033e4db6dcbf291ae1d54ac29752436843082e5cabf2ff88c71e8769d14dba9

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.Build.Dependencies.EDBF30B044118826B4A6\payload.vsix

Filesize
2.6MB

MD5
17e2f956238d8ed50f8ddc8636d6404b

SHA1
80fc8a6b5f5d2ab17934044fa16123490a7fdb99

SHA256
59ade7182f10221028e718c91faf122c164c335a1a69d78073aa0ae94a9cdefb

SHA512
090c8cf0d9c46bd8c40d0f3c2aee66a35c626e3d0283ae1d1d7599662dbe0fde7b7aa94cbdf0d0abd5b6d0ecf8f2b05df9347552de1fdf8e18fcf435163b5a01

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.Build.FileTracker.Msi.D9C1DD803F2B42900705\cab1.cab

Filesize
406KB

MD5
3093e3624fe1e6c748e1232ca38cd758

SHA1
7804c9765021dfe93c9358b6e9dc2cff9054ff5f

SHA256
e4a1e03ba6d3b909838e967701b5567adfb92945bf71c4db7d93906007b545f4

SHA512
2485f75d063bd22c13df573fe74995117d1ca8f3c568f9c52a342909fc8c17dd60097ce970f126164086b3930357d3e8fd9baaec04cf9e0269616cd4ba15f5ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.Build.UnGAC.DA04D174AD161A9E763C\Microsoft.Build.UnGAC.exe

Filesize
17KB

MD5
671e15c28e3286a23add0d2abea36ca9

SHA1
85cfdd760cf8e194b72dc12318c289ae4ddc5a1b

SHA256
c93f193b1616d8d3ebcd8ffaf8770d7f401a986c9e1a20cdf0d8775074bad933

SHA512
62bdce0c4955f4776081690965d59e5c721b7d4330cf35c882700ed10131fff930d87a81cbe5a4d8965b257043d5f3efadb1186614f512d7bbc60262f485c996

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.DataAI.NuGetRecommender.0CF7656F7D5DD9A2501B\Microsoft.DataAI.NuGetRecommender.vsix

Filesize
1.6MB

MD5
247c52c1906ec9227469764b5466942a

SHA1
b988c0f3c694d96a2743b5b8c7f43eaff6bf1ddd

SHA256
edb9faa4169259775e72872e19eab855b379731f3427a3ff0de1175a10fee2fe

SHA512
2876948d5052692ecc30a51ff439e004d3bce30bca7b87d0dae9f1b2133d6d16e100b9ad3655c7f7ee4a2575f988e8dacb3b0d4d506b8d73baddffc3b3589f6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.Developer.IdentityServiceGS.F75B268C823F3A4F79CE\Microsoft.Developer.IdentityServiceGS.vsix

Filesize
29KB

MD5
381d7ba9aeeb6e8d6f07fc287263dd64

SHA1
7ea98858b4ca8ec37639ffcc7573000c69531eba

SHA256
cf467d84ce84442ee52caab7ad116e37a03e1d0b355c5b4a851f12279abcc02d

SHA512
c178f4ad58b41b5bde3e684f8e4ab6732dd45ae778966ca91f72cc441b03b2db17c0bdf188057f907e85d1d138756dd9f416ab04c7ae2409bf5b7e2548e971d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.DiaSymReader.F152882D2E87F8981C03\payload.vsix

Filesize
45KB

MD5
e9da6ae83871495cec51f77c714cf392

SHA1
4791a34b467d98daf88ef9f832b4b62f26567474

SHA256
7574bc4ae2f95c2512ad8f255ae517387e038a0aaba9c5bdf830152552081513

SHA512
9a11f6386376fb7b036ea98f67c0c8e428a214d5661590ba2a369002552b85ceb9d2a698cda37ca2e6c6d56719d125db539aa5248f866a680ba82bc41d4a93f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.Net.8.0.Runtime.AE499B557A2AA4D47B69\aspnetcore-runtime-x64.zip

Filesize
43.3MB

MD5
8b3643cb81abf0b33ded10eb60e2639c

SHA1
9436241b6bdf09135a66c41bfbe0210057f1f3e2

SHA256
a99a40e426c8b036b788b666b08f77b5631d9c0658abe9cd01fe8e35a94e6465

SHA512
e745cd0eb11ff4f5dbfcea2966542dbfec57cb0d6025e1fd0a8f0d500c1246d9636f780b72586a55a3c8bac657a07443e4073eb9503b9f4eefa7aab336b6000c

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.Net.8.0.WindowsDesktop.Runtime.8DE8DC668479421E15D8\windowsdesktop-runtime-x64.zip

Filesize
35.1MB

MD5
1c5169c819b5dd1f37bd2f9fc3e30168

SHA1
820344fe94051a2cbe052a17a17bae4258cd2b2e

SHA256
df9a23bad0e3d86355cdc1f1e7f0bf27f8d7ae46b9511bfde5cf7ae79a9b948c

SHA512
d26210d317cd108ec08d075fd646d0b6412aa666d53674fe76f988bfe669e1a7cfd6e3332948aa5d0dbd1edfce643713ddfc841bbdc76b3fed72e8393960cfce

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.ServiceHub.Controller.amd64.7EA33B7634E6F071FB08\Microsoft.ServiceHub.Controller.amd64.vsix

Filesize
39KB

MD5
2160c0b4d2b1e4a43ddaa6394983a8aa

SHA1
07cc6ffd028863e412dca7419b45101bf433b535

SHA256
0bfbe519d42de773a0f7082eca4cf0fceddf824d72e77dc29111dcfdce00c901

SHA512
b9a1d8f6bbe0d159ba9c439af657e977e5025087d1e469faea44cbe8a2b8aa6be7617f7cb0845b5067f56b0dcb3f009f01bf9bf2a775671e7c0e4a8c469f738a

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.ServiceHub.ExtensibilityHost.amd64.40BDE0D3834A69431AEC\Microsoft.ServiceHub.ExtensibilityHost.amd64.vsix

Filesize
3.0MB

MD5
ef563a35c7e19b4514e1232f66b7c2d1

SHA1
3830588cd615feedb81ed26aa79830b645f6925a

SHA256
b89174a8dcfdb05c3384f895b05d5372d3b90786effebb1f8cdf3817fc52b0a9

SHA512
96d7cf5fd0eaf28602d322736882b2961615637b245f4fe542544abb2ce6fedc65f7b71c54bb2ff3d8ec20ecb3d0f4b8f6656205ba751fc89ea66e8318708027

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.ServiceHub.Managed.5AD5B460C07D16E5D967\Microsoft.ServiceHub.Managed.vsix

Filesize
1.3MB

MD5
ea369017be71c1a056369e1e0abf4efc

SHA1
9fb8385e15d66bf7675918b9824b6966d5858c37

SHA256
437eac9da7425c6a62d935c84c03cfcbe4b390a3889a3ca8c6bcb2e19e2364c1

SHA512
0c8fd0ea002ee072e20d88a6fb184f27529a85e1d34dd339df605b112e53780533b50299551feda31ed29cb0972d77c208186a186e43e56ca7ca6fcd5935373d

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.ServiceHub.Node.06D1FC5DCFCEE7E49FC6\Microsoft.ServiceHub.Node.vsix

Filesize
21.8MB

MD5
840211949da94f52cb42806bdea98de6

SHA1
47db72df30f209a89eb5da395e5eb702655e0eb4

SHA256
f576cfc9d8e82076f17b48b4c04ee582df265484fae509b5ecf4203abad8a7d9

SHA512
fa8f8f574d5d6a5018650eb5c3bfffa153bfa9f68899d3f725910847a3061b11b34c3f081db0bed9ec162032845c07bcba73b3cd1eb9e1c23bcefa1e94b70b4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.ServiceHub.amd64.702C735B5AFFF4F55970\Microsoft.ServiceHub.amd64.vsix

Filesize
18.8MB

MD5
1e8cbc6d6cb13333be2ca14de91d4fae

SHA1
16a8fe4389da061f531cf3e4027931fa31be176a

SHA256
e93621aecd6646704d98da9dda4f8ce9f889f55c56759c3ce3ee8d54c5084a0e

SHA512
341b41d7e360ac7c68d5b3b1388d2a583e48484f8563dc00633e0e241e6a1aab417d8bc59745bb2b4d3792bd9d9d3f618f13d4828f2aa0d71c45f23bfe03fa9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualCpp.Tools.Common.Utils.A68556B73D1A2BF54DD2\Microsoft.VisualCpp.Tools.Common.Utils.vsix

Filesize
75KB

MD5
f6536536a51dcb33ecc33bd94b622d12

SHA1
aa7a49b8ba82e4b60476e698c13f34c105b77841

SHA256
bdde470d5d713086644ab6b3466109a5f06ac5263a1d5e003587d297030e4cae

SHA512
5f44d468b702049cac5abbddf54d424f81e89b0936ec8559c0c19b093537b42e81117d2b4f993b61a1605ff22c9773383d02484b369c2e6b5c3879c02da11451

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualCpp.Tools.Common.Utils.Resources.7D77678AE41E49F6B273\Microsoft.VisualCpp.Tools.Common.Utils.Resources.enu.vsix

Filesize
29KB

MD5
ebd2d93460ebab7ce3634c58bbca9bd0

SHA1
12cf595628c93e7540f5fd12153b8fa42bd07da1

SHA256
da7fde566fefbea26a548ee8d9a084c1dff1647000a57414072e4c41e1e87df6

SHA512
c1c684903d8b170fad9b62c72df207c7f57315f7ab4f24775521e95cebb199125d034394dfa9f2089e8fbd09cdca4115e5ce785d38615cb6c70c30292eb41cc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualCpp.Tools.Common.UtilsPrereq.5E1E70D70011E93C6437\payload.vsix

Filesize
3.2MB

MD5
be8c3be48e3048f83e7208aade9da557

SHA1
3b88e91d1131416ab23c8a6f8cf48771b31b7dee

SHA256
3692432a0075351da66ffe3de3a83a64cc6a79b37fe132ed3b1b95539071d38d

SHA512
85c4c434f25fc0c341dd8bff5567a5636b3d41f29f17337f9e14789fff42452a806d2085afd22819d7b5f6efd731e2f750d7d49f1d9217182ed0748ad934aaa6

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.AzureSDK.DDAD30A76B327DFBB761\payload.vsix

Filesize
1.0MB

MD5
1e80da18ed1a6c327bfe5d4614a57708

SHA1
10a962587159f5bf21ca3057095354bc167f3f0a

SHA256
5f19530b66e1a43769b1dec0c8448a3f656304c559d9ea8741a5772f8a4ab678

SHA512
1bb1531f23f1759e969997605de9089191061562f742660b66ddd9c9051619b3c8b3a24756da3c544f8ae887cfaf201c996030955948a3342241e320cd12e789

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.Branding.Community.D336466DA46A5B8E5355\payload.vsix

Filesize
3.0MB

MD5
2e809466a8b4c643c20f42d81175959d

SHA1
8f4681d52e3016e398f2be55b61f97ceac5f58c6

SHA256
275bf3c26a2dc3d4b3ca3aaba5171b6504f16947cdedbcba6ffb29dedaf1a26e

SHA512
74e4ca65d818ca284df7bada47da7a012cf36f58fcda4a1b012d7167020723a56f52e665bf0ef050c0f6bf22133709a4fde646f5c558513f9980c214409c118f

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.Connected.80E1F152E73126D86139\payload.vsix

Filesize
11.6MB

MD5
4754e35dfd14cb707d2e547663042c13

SHA1
b7cd4c0ced913fbbdc725a3dd4973a9306072291

SHA256
3595d7218a0c451008b5042167b4538ddd475ca96df90f75ac914eaa96108d2a

SHA512
b50356bbfa17c616fd7ef50224971d71e17cb1f4df24370d8c5b791a282f8e3cc6ef9a97ad6154f5efea1d9f97aa9b2522196bba82024eb443c754a34bf36f46

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.Connected.Auto.6C001A108DED4D9F73CA\Microsoft.VisualStudio.Connected.Auto.vsix

Filesize
1.1MB

MD5
db8b2cbc2cd148eef6fbcd3b4637e546

SHA1
96da5d4929cd5ea84d927773b612538f49fff9c0

SHA256
e12d49625b89f56589b8640341449a78825f6c52faf46bcd002d46e343b3e145

SHA512
88011e1d2c5811cf0f5635efe295916a4e51a1bb5c05ccf4c2ba5564affd9b614c2be72a07819322dad68213bd9ca0c3f2bb9a6d2961f4be73ac1aca3c2df5e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.Connected.Auto.Resources.FF49FFFE60E27C4AA2BE\Microsoft.VisualStudio.Connected.Auto.vsix

Filesize
143KB

MD5
a5319603ca520433f830d14551c497cd

SHA1
4d085b78b3ac1dde846e1edaed1bcedd3a7ac3cf

SHA256
9096f5509632995838474ece1ccb3f71cd3a2ab6c61f8d6b8910124b34b2c809

SHA512
92323f52a2c8f2f9c4139ee32787ac4703ffd4c170da6f697e7d52d44942cee846902a00e3fc95f75eb5ed457c1fab5e0c84c5e5b03fdbfedecf50b553f824c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.Connected.Resources.EB441B5A53F203489633\payload.vsix

Filesize
19KB

MD5
6bfd6eead06b10e4b5ef0790b6ab9e9a

SHA1
2eb9680961278715a218cdfb619b0d7b6623522b

SHA256
8c6091d9f97bfb192bfbc2b16582a3318d7dcb8efe4375aabf15d209ec36e676

SHA512
42e70736c2598b87bb691079975a79522b2b6de61acfd72907a81c07b0f0928f261bb0fd5a831d33cc0b59534f0fea1658001f4010955bb8dc98030ab747b84e

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.CoreDotNet.C4249CCD1904C15E7D05\Microsoft.VisualStudio.CoreDotNet.vsix

Filesize
3.3MB

MD5
d009a89058d316eb5e7ba9f631102465

SHA1
6586cbc29650209fd0433aee565abd76ef9ef749

SHA256
500587317bec477a8e38eeaf72ec59b96c9f4d7a9c5abeccf92fe3296de733da

SHA512
8fea409937c5fdd22e6d3cdc1ab56dcbb9003d5ef4d979bf549003ca0a122d4abfa7f5a43d89270a583afc66aa2491f9c4a0ae416b00a7f1ef2b72f2d77bcdfa

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.CoreEditor.4E93409BE088C3F1CF73\payload.vsix

Filesize
2.0MB

MD5
71ca348232f05ee57b08b00ba3886acd

SHA1
dd9e6da045099c560c6c29fc138b19b8a2b64c79

SHA256
282deb2168fec5b50c58f1e3662d6a0c81132a1883cf086ea24a9e342d9a2f9e

SHA512
907f15711055395e59875e200047a4ee8b7e9a1d3fab231337cc38ba502fb1b3806b90f63c86152d5773b8063a77cca213354167b8baaf28ce528b7cc4b3d87d

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.Devenv.9199EDC87E70E358AC4C\payload.vsix

Filesize
543KB

MD5
0007f214605a8145ed517583431285c9

SHA1
1e1e61b70856d0894ad2ddecd958c69f44487ac6

SHA256
0fc5ad4f7fb54afefb8c5c2a8b39278e9db332c08ba611eb649df7f67ade16f1

SHA512
9916ed1ca6862d75d84c857b6fc75b1385b0cbee4e39a90aa1083ab5ae3104f1a171cecc1066832238b6d500e20bf7cda8ddc4233dcb5716c527b6f2dec5fdcd

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.Devenv.Config.604DC2242D035A98315C\payload.vsix

Filesize
9KB

MD5
52d6a1e55d0deee47f3e641f748f47d0

SHA1
0da94988bb8dbe524f6d736ce5406fa4b39b57a3

SHA256
9bb6a62509e5958e357bd61484a815f610e93abe54a35c9988f3a28322f94174

SHA512
3e049a3c18a72b9bffc4de553dd38b5749f66b40ee8cb73d1f3055ce729884adbf1bd5179a428ec754a3ffc89c7eb21ab0e997146a65ce24cf4fd4801508b08e

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.Devenv.Resources.C76963B94C62D319D1D6\payload.vsix

Filesize
87KB

MD5
69c593c5f221f467634d5968a29b3fb0

SHA1
73ae0df89138b1bde9b524ff1a20d598ce6c0030

SHA256
7b82c51311ece0792d0f2b292547e777032f1015b182b5855178c907eb4eb846

SHA512
7547ee4103a18bfe5d5bc242266102a175d9cc00475a31fcc573185a0e939bf1bc5ed06a45b2267c03b58edfd84feea44b1367b11a0086e2b11096a50cb77cf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.Extensibility.Container.F0447824BD6950FDB9B8\Microsoft.VisualStudio.Extensibility.Container.vsix

Filesize
733KB

MD5
ab280d64654d096abb929b79ba28fcf7

SHA1
86bd2f651bf9f877ee17d0e6342106346a201d8b

SHA256
aa075d9f3059823e76433eb45e35c5429865b9b9eb9d70512e0a1782a04de236

SHA512
19d00cd3f104d1a7b561f1725697f6e7c4d5fc40737b4eaca4809996eb33aa5f90bad03956629d3bd5064da65fd3e11df9990bc0ed71afa8627f06aae07fc981

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.ExtensionManager.4060CD5D4AA49FA294E5\Microsoft.VisualStudio.ExtensionManager.vsix

Filesize
3.4MB

MD5
857609ef567a83f35be22ea68faa00bc

SHA1
de2991cffea4113a5d618bf351a2399550f75623

SHA256
4c27257c5ef2afeb578293508d96a3bbfbc2a7f6fd634a1ca51e73f7209b5423

SHA512
46665dbcdb37c20c9e178a69e3b981ee798373f9c2aa199dc5e42884d8e71854cf6c601583e583137c1114fed90b1e1f2599c2e77bc0cef78cafc15ac2817845

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.ExtensionManager.Auto.4AC1D0F5381FD965B476\Microsoft.VisualStudio.ExtensionManager.Auto.vsix

Filesize
1.1MB

MD5
01a7c4e4f1bf25011dd1dde8f70d0c41

SHA1
ef552aeb72db8a55462c0ece8e8ef59470e9c8a1

SHA256
ecde5329645016ffb3a77290d70178563d25784127795bf73961fdbad7e4d6a7

SHA512
89ae57792bec0c5220b84b80c8527799a0377a9a483d9bcf1636e6828973e54e5b12fa83756edd93fd11531737c3a736777fc176dd216cda4e122c73e9f57e1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.ExtensionManager.x64.3DEEB8C44B39254FC754\Microsoft.VisualStudio.ExtensionManager.x64.vsix

Filesize
2.0MB

MD5
bdde4a6505fa645d61203e8f4a2340a1

SHA1
85fda5868c0221fd344be3a59dea59e26c0c43ae

SHA256
b342c13b5d63d152b5c860f07a4d2be0207261e0d4768dfe7c56bff405831652

SHA512
504e6e5efce3adb701f559b62137290e6e2000369eef48eed4738b88ab00a7be5f2f730b39a30f7b1a6859a6bd4caa217e25f10d64d3c13fc8774ee1f42d627c

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.FileHandler.Msi.706888729D2B09A429DA\cab1.cab

Filesize
1.2MB

MD5
169768acc62dcaeed7cb6d46ec9a0e01

SHA1
6ace737305569c28260b076f04b064216ab44f68

SHA256
381fd53d0b8c6d9009fe4cc8b3100d238d17eba19d9ef4f510474f1c6f846c10

SHA512
47a77ab94996dfccd548560ffbf7f68e718817e5192f939f10baf2bb7595b628796f54e054a7a3e3ab090667c57e6f4c7439f39baa4be50c8e4854fa6938fa9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.FileHandler.Msi.DB077E4D458F0EFD5CC4\cab1.cab

Filesize
2.3MB

MD5
937a4d6472cccf08c36e9c21d3e95faf

SHA1
3c6b2b69c235f5c46e8858daea70fd0238ee62cf

SHA256
ee96b56403cfb70c62cac04836aa0812e1b90356a3489b615ee0faff33f17c8e

SHA512
91d7edfb21f75b75e7e60affd3e6aeb82aae3dd4fcc1f629e51f5e8b8019ba571bcc8048d85f529ea997b0e8fd09ca0f26b2f826c014bb9b60c9494a9e553169

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.Finalizer.38E7A758772B956A69AD\Microsoft.VisualStudio.Finalizer.vsix

Filesize
764KB

MD5
fdeb2ea9aaa64a39f3f91fce27b7e608

SHA1
8d9b1b4ed0d73c15ef7608b4a74f0e3994c7edc1

SHA256
a6bf40614edee75069a23da8a2145e6b85463f21a3d4bb76ad2a4c047e5da7c7

SHA512
0d09454ed642bacd631c6418a0f6b97ef014ca0fd3d61151f86e76ed993cf2020a94e3866388d8c02376482b4d3e811217faaa06cd2f4014b7ab7f45f5c2bd5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.GitHubProtocolHandler.Msi.C5FAA8935F46F72E87D6\cab1.cab

Filesize
23KB

MD5
ff6c4ec978ccc8241dddbfbc722d5164

SHA1
4f2fa1a331be4ecd6e8d19671e3cda04121960a3

SHA256
5f34a239a4eeb18101dc0ca970d4ce2c726257aaad094825a9c4a9ae6bbb39b5

SHA512
e856f1795c2bd5331871434cbe5e71eb1f1bd12840fe66e8041ab3668dd27a66db09f2328c62eb8253f1a9f7d6d3a8bcfe78a35b083b0f073186f9a2ead80b1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.GraphModel.A8A180A63F0B80A4D503\payload.vsix

Filesize
272KB

MD5
dd4a8374068eb7b4a8bfe26b3ea1b7b8

SHA1
d59af81c12085e8243aa59e880c6d08f22df408e

SHA256
7cdde1255433c87a68591271f3837ce2679859c09b26e16cf6b9612b5dcb188d

SHA512
4cd94fce1c754c3fea31b2ca20b220a89b2fbb84e459faea67e01c0a3894d5aebb6989f6cafc569c5b9f2a3daa7cebf00969973ea2ff62307bdf6c0dc1ea9aac

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.GraphProvider.C8DBBE2926CE81EFB0FD\payload.vsix

Filesize
915KB

MD5
89ec56d3d11a3926827b9845ebf9c2a4

SHA1
44161708dee307812bbc87b5a5540d7396381012

SHA256
1857f711da42c8f5d7fe9081b3f4cd84584fd17560a344f0ee7eb005da1e565b

SHA512
c058554e768371694d26cbe34aa81e82da21e5c143e1c672993eb865f3fddd1b25c7eac0eef6176c3afd8324dee8f41c52a893a5139db1ec51ac27d21d6bf1a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.Identity.EF5ED96739631143ECF5\Microsoft.VisualStudio.Identity.vsix

Filesize
45.7MB

MD5
512d0b54a501695c0608f1b6a1ac6931

SHA1
f3bada990fbfb6ba3f939377e99f1326ca7e3305

SHA256
3b5aa3cb68e83c1248b99b3f21c17f56b9f3ce03e422d812d458b044f73ef15b

SHA512
f8e77bb4d9e0e0a50758f36f58ad31bde644df026eb84c8b9e99f802ab15e2d84f54f9f00eab8b8b07b14507dca90c56fc86ddc58e8cc07edafa80df3f1812d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.IdentityDependencies.A8254722EE075060DB01\payload.vsix

Filesize
3.6MB

MD5
f266b9b7dbfd1f055ad0a240293b53d8

SHA1
1ee8bf5fe994d5181ad1960bb9445b65d8f9dedd

SHA256
a26d9bd13c951e2e4247b77a045a0fd4366047cf496e8947a717139101c57404

SHA512
8079c065a6771906bdb6c51c3b5d7418f262d596142de7e5b14f776796493b74961ecd11e824811a65f40e398b1022a6f6f1f307f8e991404dc1b580c7df5528

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.Initializer.D28041DB2C41DD138762\VSInitializer.exe

Filesize
82KB

MD5
4225c7698b3b7a4d489fdbb871e2e4a9

SHA1
cf5f6173f646ee56c95d4c736223d024cb8aaa47

SHA256
f8048e9f416c5af50e46d20b1ca9d7543afdd1cb29b7afde6c30a7c90ca81619

SHA512
9a9eef6496ed0903368cfdfc8b7433ccc8883faf01cd49c2597c8b6036128c320d59e7536cd487fd95045b6d5d325e066f6276263fdbcd3fecfc5feac2afa565

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.LanguageServer.5137309B5A5CB8729825\Microsoft.VisualStudio.LanguageServer.vsix

Filesize
662KB

MD5
61e89bf73ea305a9cbc6c1fc9464e9ac

SHA1
78b7bd4ee322522a1b02d3407f8b6480efd30b66

SHA256
b89fc48ef56eb8e049701a8ff8d03f714562773a133bd8f74dd807ba8c7bf86a

SHA512
9f6986ee44c7308a7288198060b7b9085c9829ae433883746190ebab19c73d4d8d444e6fd61efeabd2b4f97194ae2660423078f0d61d5a85846f961134233730

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.Licensing.413C57B543B1AD6A9758\payload.vsix

Filesize
748KB

MD5
d2c096cae661c10eabe546c93d53b1ef

SHA1
7732357fa4c64bbd6b090ccd9c9e4e5c3c77e226

SHA256
0a4ed984fbb633736a15350ae25992e0783ef9ee86910aa803fc37be86967d84

SHA512
e00ee7856a52e9638d1cd4abc97a0236e92c7290ab592030c356d3a4363dde0dd0f9e4e5898f27ae381b8dfef089f52ba7466e9cf3c938183dc4607ecbcc773a

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.LiveShare.VSCore.ADBBC91FE37F52804E16\Microsoft.VisualStudio.LiveShare.VSCore.vsix

Filesize
859KB

MD5
0c9bc4057d4838f0b8059ff16cdac5cb

SHA1
75dfb000f6db678fbfe08f690d30833767e35db3

SHA256
899f0f869b33acde2981af0a49649c488fab74650b9209f8f7284dd153d12210

SHA512
1d4a30cef3708d9007f67079e5192b1607e5a204e6f91e2f9a990328ab5794675f4c7f658685ba5d1a5e5cc54c55fcdf481e7e258ba24cf9ba2af447f4ec4b20

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.LiveShareApi.2A5DF6739986859936BA\payload.vsix

Filesize
29KB

MD5
4b84cbb077c09320031f983b9ba386d3

SHA1
4de423f7cfc4d2a5f776232f851e6fd6521de3f1

SHA256
6ee567539296a1363e081441e52db38762f3b7ff84d9884704080aa577f5a651

SHA512
ef19e8d56f5a11b9789da676013de0e6b0f5590fa1aa9139396441e0bd42cba97753b19312a07e125d0d49bf1803dd67c8d6629d723bfde35a228e36ed34fd82

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.Log.1953C474321E1040D45A\payload.vsix

Filesize
2.2MB

MD5
4516205dd8d2c8109e24e65b2554603f

SHA1
b3814f474b1183e9864caf5123d7baf9a462c33d

SHA256
8bb84f7fb230bac8e8737a6aa2194f0aade970ffefc6334b64094503fd96726b

SHA512
60b1b2303353e47fc8ba1427ef8782e22dcad4b4c5978618f3f8e893154fe4e7591d27b7740c3c7f42d34fac73f1cb04a396e8390c49fc8f4ceffcadabadc538

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.Log.Resources.93234FE64F2FF5BA5C08\payload.vsix

Filesize
33KB

MD5
96a9b69b0845137b99aaccbe17ebe8e1

SHA1
e1bcaa76be38ece95b0701171b9fdf47f566e19d

SHA256
2880f688806719f2be83b8e5c2d4f1071a7b946f1bb96c44f1cea85a111e05f4

SHA512
25891c813162234417a7d1960c81d694b6113722570fe033bf83507740fc441393105a8f63b4bdb320da7560fcccdc916fd3c81a6d08f6efab40c24f07f3552b

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.Log.Targeted.9E78910036068B4881DF\payload.vsix

Filesize
45KB

MD5
c3760633e579e091849796ff219c618f

SHA1
c4a14b8871321151aafe2b456187eaa835ab5d4e

SHA256
8927ad8d20544e2f730dffffb4fef3db4d4fbdd13481406728440a0d5a5278a9

SHA512
64ad5070888d84d22118032cd355059e8fa5ece60f0146459bd896edc27dd85ce22e15f6e9655a14c051d42eb4d5969eaab279cf0070d77109e89e1cd5fa18eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.MefHosting.1317344E20BC4992B769\Microsoft.VisualStudio.MefHosting.vsix

Filesize
179KB

MD5
a9f21f196afa1b3a469fd4550e965162

SHA1
6c4144dbc29080c30ea478ff9fe138cd94ad16f9

SHA256
96dbe29845506eb2033b6177da5f1ac9ee3071ec178e66a01ab39d335b37012e

SHA512
d7abd2864ff8847abd749eb0ec2de741ffabb9d9497345f728925f8d6fdf920407c3097dfb96f23c75492925c8fa751df52ac8fb5b055da92fc577539639f141

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.MinShell.387FC4FAD99E76BC630F\payload.vsix

Filesize
9.2MB

MD5
37e4d92c82e6880ef82497177d039b70

SHA1
3fa8a4f3b275ab46a1cb107bdb61a9f956fa5f88

SHA256
323a55de143e2975b0f70f28996b3058c77e4bd3bcb2b704b8516fbc7d84e503

SHA512
e59967c82365108c25aa6b8e04311a1bd0e391ca7e155e6b1499f12bdb6189e5751e8fc804c3484f84e54ea7684d2202c7e569d7eece5a658cef062f2188730a

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.MinShell.Auto.D9DFF759B79E25A2AE27\Microsoft.VisualStudio.MinShell.Auto.vsix

Filesize
5.0MB

MD5
d6679901f799ca9db67ad87545b0d487

SHA1
356f2526466e72120c8d91006f80d55d457990ac

SHA256
79b4ef1d4873436703b0d3acce189d4efb111b50c230acfd9ec85536e226a697

SHA512
afe690ea3f9c48386afbbc68503973d60f556d75f8ded12a97270be882d3091ce02bbe7294baf830b68c9585672df1213b68c70c33633babbf2ba89046865dad

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.MinShell.Auto.Resources.07C90718C77E980E0505\Microsoft.VisualStudio.MinShell.Auto.vsix

Filesize
242KB

MD5
3b74556648ae09b38b590209e2af4792

SHA1
2670975eeb32eb10705bb02fa598fd701862507d

SHA256
a0c6791a070857fd1ae21897612578ef51e3b2dc3884908f32616d3c1a41f08c

SHA512
beeeea943f9cbfd8102d4833b3e498d5532049c6a41732da6fa937b0cf63464fc93e5eee193648b7c9f420742d62d3c217db87906f8cbaebe499bd773bf7d57c

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.MinShell.Interop.9596154DCF406BFD876B\payload.vsix

Filesize
1.4MB

MD5
8d32b33d7532472e949d0c7f14677e4d

SHA1
280b0a55c598bc3eccc8126fffdb7bae83fd3581

SHA256
719cc4b340f3ee0b628a5677aace37d2f81914819b1d08c3c48c3052837ea0cd

SHA512
c553cc787e994909499bf5f92ff7b1e972cb983dae0170904b0165975acd88edbd7e240a6ff8a7b71c61714a1d372f70a6b63e90bd9db87c300f6a17e4ccae66

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.MinShell.Msi.0FFF32925E019267AE70\cab1.cab

Filesize
21KB

MD5
abf9aeb06bb1c651d038e229c0741d2e

SHA1
571031f337e9e0f6e2c60104cd85d08c369be841

SHA256
7719d5f28e7de10d014fbb8cab61deb41ae67210343c34f6f8bf3374e59a8329

SHA512
3255297b5103dee9e4bc6a217fb37c81ea49fed3fd3caffc23dba2dda30d201aa4896caf1e76fa52b3d84110f0c308b5b4c03ace64fdbd551d74f0f3a5dcea42

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.MinShell.Msi.Resources.67E206DD247E34686674\cab1.cab

Filesize
46KB

MD5
4b218568790b771ff5622e5fe533d9b3

SHA1
db0b6f626ee1683b048dda8237dad09dbfb212ff

SHA256
2180eff2ecfbed70f5292ce05747f7f48f2ff6e31aa639c093f7a168010e2d05

SHA512
12b37992f45a47b9dcf56d6c9527c8a0c54dfc56418d4ec4da766a3deb9a50625ae11e18ad112d01bbaa4e613f73b7a6af9fe0825124c06012690c2be65c2c90

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.MinShell.Resources.x64.D31B472C8B1153A0CBED\payload.vsix

Filesize
1.1MB

MD5
f41c9e7e81f25998120675491bf87a48

SHA1
43ff5961806c391006738ec39b577f941d3f79cf

SHA256
89ead3bcee163c5aa7762ff2cc5aecfdceccf2e7ba4b0efb89aa3bff9ceb35aa

SHA512
a6990065832b756a5c1a2dbd99aa71cd9b0eb35d63c21204d77e1a53c9c311db58e3869f950d6e67e6f09e54df030f11da7b99ea229faf07336eb7f252be157b

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.MinShell.Shared.Msi.505AF3402AA676E37183\cab1.cab

Filesize
120KB

MD5
e9c452c8a2002f33788930cb13be26d5

SHA1
98ab25ca836a9ae521af75c6086114631139713e

SHA256
d247ee8a57fe5c746e44f8b40453916b8a0722179f092c4f5fc61696aca0868c

SHA512
ba19cb0ff4fa006d17c20eaae4925901deb1ebb82dd66a8b42ac9d857500600aec2cd577b9bed0310b0130226636025677ce5bc128996e2d3026c746e492894c

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.MinShell.Targeted.ADA4D8D8F7C5D841D9F2\Microsoft.VisualStudio.MinShell.x64.vsix

Filesize
15.8MB

MD5
14daf114245eb973550bec76014a2f39

SHA1
1adf494a2d348bbb1503a5de36bea40c7fc570bd

SHA256
3e849a2a19a67fe225fe082890919c589198074697b1d67a1c99f0f69209c427

SHA512
1226ff0020d214675210a461cbf5570fadb9b5f694d9c8b2b6b6ae1ad75de839485a3f9ffb891121848f3ac576e6b1577b2d41bc02a531519a44ce91129d9c08

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.NativeImageSupport.DB52DDDF5B88336619B6\payload.vsix

Filesize
31KB

MD5
6b39f0c044cc31bc1ef121f890842eb9

SHA1
548b573a9f61a61d6a5085ab14ae964eb3027836

SHA256
eec9548752cc4b7f4bcec2927905be89949c2b6de4850fa434c4ba7af2b9fd20

SHA512
7a3652257418062e0c0d3aeb14af4494ec442a0a7249b5b62978c0cf43ba2a694adb8a20879bcc20e247c79ef164cccaddab747d3c2c736a89fa56b3ae087ae3

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.NuGet.Core.927D2B92A6B4A9B134B9\NuGet.Tools.vsix

Filesize
9.1MB

MD5
c3776ca4d2f982537ac22169f5f6f4ab

SHA1
79adce95e84b913c34dfdc1699372ce6f43ef97c

SHA256
f09e246966396bca87cc28642581600f33c216bff64626a109fd9a09e448bfe9

SHA512
d9b1728f76bfe23b929924fe821dd6bac289d72700a1fa2c8f190fd6c6e5123b358bf055a35d0756bcd5bafe6ed41da2121d1d3ba2545ae87c5cb8dc25160ea2

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.OpenFolder.VSIX.70731B735431125C98EB\Microsoft.VisualStudio.OpenFolder.vsix

Filesize
4.3MB

MD5
6baae34ec14f949b2d82c1482cec8199

SHA1
eb549753b6c1767fa697dbf661f504b04f429a94

SHA256
0937671f6c76a48a6f35fe1ab7ac60075d4422ca5611a50cf09e3d4a3c6d5772

SHA512
d10139db2d674ca0fa2ea87ca95bcdf220f7dbbbc106b113e9c058505388fd4466b66deb4ba4175593f5105a18127ed3ea99c6c0c3275da1d039d6ddf3aa8525

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.PerfLib.390F7C6191348812007A\payload.vsix

Filesize
2.8MB

MD5
2512250e1b079971820bb681bbf033e3

SHA1
c0abc7825a48f89614f9acd1156407cdfd7a8f5f

SHA256
ee3e0bc89ae539bdb43cfc266d34a408e0dae6836af2f5f12d3721c663d9f9f1

SHA512
2c0cba1ac56aa0c81f03a1cad2a8778649aa5615df7c97fe94bc228ef7900a5babe8a87807004549afa140385ad51094c908c861a1e144a03584fbda763e17b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.PerformanceProvider.C9FFFBAD99FCE909A149\payload.vsix

Filesize
47KB

MD5
91f3341d184e9da3eb559021e7b9ec3f

SHA1
ef387e8787511eabad7f06098c4cc6de2a4de857

SHA256
441117d913411a845a97dade269327b2d409c95fc42aebd9ea19633268100551

SHA512
73388d0448497fc496882eb0aff7da0f2b1eda3348f5600f68e4019e2f4c5645b03fe7371b8ca0aff763e0b9f7264fa0f1c1ce07cecfe79aa52a52c307d57364

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.Platform.Editor.A973AD2378EBC92ED82F\Microsoft.VisualStudio.Platform.Editor.vsix

Filesize
6.6MB

MD5
04c348cf52c9dac9a4145a0ec08cb5d9

SHA1
5eddd38e50fb43eb04dd1191c49de6603d9e6075

SHA256
1c4b8f29319cd19919c08911ee0d2a50e6b0b2c8e7a4df78cbae0106e0ee97da

SHA512
18210ae0e27e18c6b0e0e9dbda270105715bd4d4b8258e2e49fd04bb2f74f9b2f859e0a70ce79181420c44f7e31a2f51d56d83e756d62ba8752ced4a34b088c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.Platform.Markdown.20E39A206ACF9DBA7C2B\Microsoft.VisualStudio.Platform.Markdown.vsix

Filesize
739KB

MD5
61e0c4a87657e602b565f403351d21b6

SHA1
aff8630ed7e719a4000469d355a6e9d1eb17fd9a

SHA256
b8c44f1b1f7931cdde924ba6727b37690942202b7d47227b4a510caade5e8301

SHA512
33ba51b72af0096c671b70f27f248fcc6f6a67fbe387c243552142cb463dcffb3535a7a1b2ef07f77a7b9e8f87f1092775de3a7484358f6853485015f21b8b0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.Platform.NavigateTo.58F52E0270ADBE542F7E\Microsoft.VisualStudio.Platform.NavigateTo.vsix

Filesize
711KB

MD5
e758dedc6b579a6d954bdb42c7524845

SHA1
9aca57ef982d32da21a2813de6b8b39d0a44607f

SHA256
e80d62fbf12e9a1f6495ae693cb0f84f367fbe1e005ba50b789d40742216bde0

SHA512
ffb6e818bdb0ab6462e98fdafb65c7a719f90d5043917406367c512898f53a7ae4e62f4489034ccf1415809f7e2fe2adfbdd740de681c3f452b240281b1100ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.Platform.Terminal.52C9FB3EE9604CB3FB0D\Microsoft.VisualStudio.Platform.Terminal.x64.vsix

Filesize
6.9MB

MD5
ae9d4b985dbace45d5a711bb3ccf57aa

SHA1
4024f1a1b823446189ca1005bd52710cf0f1d614

SHA256
1a4591ee0827866b94dd4abef38ef7f6a2b035a88322bc63d67ad9bfda650aaf

SHA512
25fcc5c59cbe0b50daea892a5d30bb90aeafc637585e6f61567ea08463eae2621ec4e845c7e3d0c32423cd16f3a6ac75a1238a1e64eaf522486eacd01cf46375

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.ProjectServices.BF64CA389F669FF5F7E2\Microsoft.VisualStudio.ProjectServices.vsix

Filesize
420KB

MD5
c2de59fc3460da7caaa07221d94dc1eb

SHA1
dde1a0fe9dfc0664782bb11f596aafc36b49981a

SHA256
9d81346d8877f3f0706443164737e4d8eb780e6498cfdfa00fffdacc8c8f68ea

SHA512
4bc05009316347a1d8f0739ebf21fa4321036fe48ecd331b1e96e7a2e102cc6c6ecd4e17d62327225a733b3c8b6f884ee0cbf4bd93ab3ec15fde10626d37423f

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.ScriptedHost.1927B549147C50B9FABF\Microsoft.VisualStudio.ScriptedHost.vsix

Filesize
1.8MB

MD5
84c4f4a0f7e1746886076a51be7cc445

SHA1
f49b3aacf2ba1ed7b990dd34a0eac2332f650494

SHA256
4f506372894db1589eefdffe28124168921ac377e9f346dea217a2ca932b6049

SHA512
3b6a1739b26ed63e76ea3ec17b293caa0dbe80632d7b08ac9cbfac978f106635a42dd042a07185f286d738c3f57f4995349c4231353b66df49f77a8cde468db4

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.ScriptedHost.Targeted.040EBC79FAD0DD3AEF68\Microsoft.VisualStudio.ScriptedHost.x64.vsix

Filesize
225KB

MD5
b10274364fd5894496a9c7fad8fcdee0

SHA1
4132d77073791c9f5d5d56753fd095991f964f8a

SHA256
f63a6149d1a4e0331f0cdbdba90d4debbea3399de59cdf1d8f3cacaad014fb0f

SHA512
52475a7e27c8095a4954711975e34ec2aaf8e930ad75e438c7995d2fe5a0abeed9a87002a111b2d400aed04b3a8ab179fb111010c695ee0677c68646b6ae8341

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.TextMateGrammars.8ECEB65B4C3C713E2AC0\Microsoft.VisualStudio.TextMateGrammars.vsix

Filesize
2.1MB

MD5
db42ec270667714bb5bbec4ef7623759

SHA1
ae3b5a7c6a224d25b8087ccc8190dd27e4e72dac

SHA256
501eb306a22ac6c3b6da6f9f05c716571e62c836db81e68aeffff26e1d46f640

SHA512
30499e4722222e40715f9901f921a8756af78dbf875e39c9c149de44b0dc46a46faccc3bcb3b617508e4fa742b3dddeca8490814f87e60d9c0744fed72ac6f91

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.UIInternal.0F87D49CDD2CAFC46F1F\Microsoft.VisualStudio.UIInternal.vsix

Filesize
28.7MB

MD5
7566e193720b88762cf87d3586aaff2b

SHA1
3f08a03cd41584307d701a6126d05728f4f47d13

SHA256
359719e7befe0e266a1c418f3abdd55a1b5d06f5cfdcd25717247e1ea8344b57

SHA512
d8fc4afa794cc459e5fad621db83c00873f7ff2c5fa693f5aaa94ad0e92fd0f16354d280841c86ff78d41f7d9f68edb9f9e7279286f41cc55d3d6b943e363aaa

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.UIInternal.Guide.9F486DDAAC924E7508B3\Microsoft.VisualStudio.UIInternal.Guide.vsix

Filesize
8.5MB

MD5
3497294227754a5634cb053389852cd9

SHA1
56240d4c5a4f2c5b57e0d1681893be1d1b105fbf

SHA256
06e2f1221b86a11c8282dfd0c83feb49f6f99c4bf23ad4c50cf53af66a9ab692

SHA512
cd281771571c1c911f7dc9b0155e3ebae91e23107186db69a4450a6e287d538ebcf789f98b22bda7856941189e2e5752c10c59c3084bd415033bd0973f1ff30c

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.UIInternal.Resources.3DD2435EDF7FD356D313\Microsoft.VisualStudio.UIInternal.vsix

Filesize
1.7MB

MD5
fd66fc483cbf70c698a9323de4b1457e

SHA1
d61e2c259f14a534dfc0c049b94e2c1230e5b8a3

SHA256
846f426b68044c3b9db69a297a31f086d51fcaba5bccb34efed3d285b7d12bda

SHA512
3db52f921bc8713d992b2d7c00839d5352f86b81440df2c9d0df50bdec1e90ef0668be001864490082b85c4bebf59602f04a07951feb70b6f83a40abac782216

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.VC.DevCmd.581A22C82C9FCBD20CB9\payload.vsix

Filesize
733KB

MD5
ecb89268aec849ccddcc28ba16f7b585

SHA1
3dde7d48a3902e425e8306b580e3b1b9dae65eae

SHA256
54143c02b7ad95a3a4e35bddeabb921578c57b9792672918fbf46abab8f3c9b3

SHA512
a4deb4d7ed186ebadde47304cea75cf9a7a2b4f25814492f4164f36ba873675c89e2d263479293ac8f4d7b71501584b6f71aa56658a2b145ef2580bcb3032a33

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.VC.DevCmd.Resources.F6BE59975C685ECD28C6\payload.vsix

Filesize
19KB

MD5
af334240814739b4ad78ceca2d0cd17e

SHA1
d31bc6611287727cf65af37a1ed07083b50e495c

SHA256
06977c8734f66d9c1dd6bead91c7ba7294ab9ec28ee4b548e502391a4c789591

SHA512
300a103a733f2c9ba58af8f7b159c215883b598f531dce700e71b0dccd52360d6f452adae4a05ad15e784e3166989b889b38d3c8e4ed0163729c304a715342b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.VirtualTree.83C148BC5D113D00138F\payload.vsix

Filesize
146KB

MD5
1a027683f5d17bf8e5d73b7f72652145

SHA1
cd9fa98445e8dd3615093be968024e36f5a360eb

SHA256
c450c20f5d2d67761f3abeb3c58268cc9f5c2af8b19ab75319a7b78fa979dfa8

SHA512
155462e7ace1f57f63e8ab68a5f70d7681a9fa99992a9887396e427caf438161a48adbf46023d94f51e3573f26b66e88a6bdc9e6b050a327f37c51d04ffe1b3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.VsDevCmd.Core.DotNet.3E122207DE271D2BA508\payload.vsix

Filesize
10KB

MD5
80420814cc5870329134a825e357736c

SHA1
e248130ed71316ca097aaae27ae2e03e63377fc7

SHA256
f2bb0a5537b5533bd646d72bcfecd41c02a882bfdc7eb405373625e32824515d

SHA512
f3802e203ccf9db0125a54939b1d1cfb57b6919a5951d9501675014f52b14bc725d3663bc1a689380f4fd0584b1c352bb62b303bc39d3b85ed9b75886cac69cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.VsDevCmd.Core.WinSdk.880ED5C40A987E46E713\payload.vsix

Filesize
13KB

MD5
80399f5131d0cb4d9f494b8ac6e9e1b3

SHA1
fbe99c09ba8f88966fd5a8d16bbe6b93decd7794

SHA256
5c63d8b9dd5d59ac8369f054a2a6cdd907f8d19c65ae2aa8ef1a791c29013efa

SHA512
9c3b5bc3d73072ce0e3bbfdb3f09567a4df881006da54c3069d0047cdb8fb66f28099eab71f5ba815545d18cbe8386ca4cf5f93cba07c5410ae54a457bb37dd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.VsDevCmd.Ext.NetFxSdk.021BD68DAFB6DEABDBFB\payload.vsix

Filesize
10KB

MD5
8b28fe557344be3c1d750877bcf08c0d

SHA1
6b8206b51d1e994f4d1aa32a2a2db9522efb429d

SHA256
fea624f20ab29e143ce59ca3767f1bc1a1757044afb63e93cedeade34630dbe9

SHA512
148ce7bca2be850f97f7d1abc9cff4e14c2ebf387be39e48f9eba48cbd5c3d000f03bc3444747ceba677b28f1ca67c18c933cc3e69b2853abc6824a08c5cfd68

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\Microsoft.VisualStudio.VsWebProtocolSelector.Msi.29638BF0100773D5DDBE\cab1.cab

Filesize
384KB

MD5
0144b765538b57b2e54e7e9bc71ba867

SHA1
ec102d2a7e07cc546a0f1d46ac64e7ed12951714

SHA256
08b2ae9867b069dc9d9e502c8b14c479702cdabbc7088baf195fdb87d38608b9

SHA512
3e2761b44b5103033d1ae315a0b0835d7b59fdb37cef45da27f978544f44ff4772fe5c3fab82f32f80b7ae35cc87f75d942cfae9043c8cb9af49ca802b44d6d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\SQLitePCLRaw.0708305919F74D6B74D5\payload.vsix

Filesize
126KB

MD5
ea90d422907ed2c5d09ae377aa5abb7c

SHA1
3a9e9271482f4da94ecab51f1390e34d3fd4321a

SHA256
2617fdb709f65fa5cbd83e4fa43d8d99d8155be02c5619fa774bb79a146317bc

SHA512
1b44e7e6f0fbf44ecef5e57ed7556f3ed99b26ef3dc29ccf278bc674e06aee22d28f15a8c3d2ec0720c9bc0a3601a583f86990b41251af844a896bb26ea56062

Download Submit
C:\Users\Admin\AppData\Local\Temp\02qt33s1\SQLitePCLRaw.Targeted.E4FF9B9F064832143308\SQLitePCLRaw.x64.vsix

Filesize
878KB

MD5
28f0c14c11c646d09e2c1c0c91703de3

SHA1
a6a74ea6356f3a3f802015cedf2156852f5d0ea1

SHA256
e7be12c375ed9139a372c83a5b97283e6aa959196914e58d24d8ac2498fa9135

SHA512
9eba11ec048fd2024a68a50e5c0bb2c2c5ceb67e94e81c33e3bfa93a529c11114249b71cac2aaef0ab01719019f84aadd1816a2aff2e03adc10e75467c25f7ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\aa29a677f3c909caeb2f29\vs_bootstrapper_d15\Microsoft.C2RSignatureReader.Interop.dll

Filesize
19KB

MD5
c3aa65379798016352caa4694fff630b

SHA1
0a79477dc01ba8cd000f314c8b788a92ea2cc702

SHA256
46476d4ee964f2e2b7c686774db5bf7c24b3b0b9879e43a946f40048de3a5758

SHA512
b8439f9b9c154fd8f8975e4be568efb8a964f2ff5c28ad508bd77ec5f845346433ad6ee2c37b74c9d4726ee2240f31d7a8a17cf8ddee784724bf7cf32ce9aac3

Download Submit
C:\Users\Admin\AppData\Local\Temp\aa29a677f3c909caeb2f29\vs_bootstrapper_d15\Microsoft.C2RSignatureReader.Native.dll

Filesize
115KB

MD5
ea3b357b6eff9d689243d02088a5c964

SHA1
daae152d12c60fee727c83d75bca3f97ba21460c

SHA256
d7eb59207a18d48f3064f2a727d252ffd201edcdaa89eab76ef43625783be1c3

SHA512
e9ce2c1af0719a0d549423b041a56e4f48affb7b91e63a4385ed09294479ac97c34e2f90a34849bc2c9a228e1015194d708a961c0dbab251ef27486d6f14e175

Download Submit
C:\Users\Admin\AppData\Local\Temp\aa29a677f3c909caeb2f29\vs_bootstrapper_d15\Microsoft.IdentityModel.Abstractions.dll

Filesize
18KB

MD5
dc6d5f059a711616234b383d8a3cd5f2

SHA1
b53df8e875bedf924a32eebea2abb2018f06e5e1

SHA256
d461864929e446edbc6513421f4db8c6465899d9067ea3c33e2131227799b525

SHA512
54cafa9ce950c0b4a2cfe6f115717cf113b45f6ef21c701207e37151fb8b01e0d370c56d950ab2c0bdd0d813d65462ed19eab4c9de320f8434cfb0b30589deca

Download Submit
C:\Users\Admin\AppData\Local\Temp\aa29a677f3c909caeb2f29\vs_bootstrapper_d15\Microsoft.VisualStudio.RemoteControl.dll

Filesize
46KB

MD5
355c1a112bc0f859b374a4b1c811c1e7

SHA1
b9a58bb26f334d517ab777b6226fef86a67eb4dd

SHA256
cc52e19735d6152702672feb5911c8ba77f60fdc73df5ed0d601b37415f3a7ed

SHA512
f1e858f97dabeb8e9648d1eb753d6fcd9e2bab378259c02b3e031652e87c29fbabfc48d209983f7074dfc256afd42fa1d8184805534037771a71db517fe16c8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\aa29a677f3c909caeb2f29\vs_bootstrapper_d15\Microsoft.VisualStudio.Setup.Common.dll

Filesize
581KB

MD5
28894d59f2ae8d7ea988af83aaca262e

SHA1
bce81c5ce800fa724a512865af0cac5012e2b551

SHA256
c2a64fe382d045d9585f24b1a74a6a20099fe578dd2cdacbdf90c1fdcf5547a0

SHA512
3442dff3971891dee722db3908c6ea9b697c0bd1e11706c2cb63aab11863f73ab722b9eaa7f2d4ab201532ee6b9b92fffbf825aa4f86573223c22768f4d6a5a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\aa29a677f3c909caeb2f29\vs_bootstrapper_d15\Microsoft.VisualStudio.Setup.Download.dll

Filesize
306KB

MD5
8f18880359e6341ce72fc91a6c4b7762

SHA1
49300bf16cd67b5fd1d7382d6f4171e6acc338c5

SHA256
965f76628e26b81e74cb15abffd01515eeace8caeae71cbd1927d263ffc8866b

SHA512
f76ab6e05c62cd051cf6b5ce573bff23abd6f2a6727dc91357bfe3729b141c54d31c937eda0e43b3acc819c082487403e5ea15583156ebc71ae40b1dd246a406

Download Submit
C:\Users\Admin\AppData\Local\Temp\aa29a677f3c909caeb2f29\vs_bootstrapper_d15\Microsoft.VisualStudio.Setup.dll

Filesize
1.4MB

MD5
4bf660df669ffd605cfa0c2fc0d2cfd3

SHA1
0b89648313563d53b81ae1f209b3c305185b0d9c

SHA256
e5759760d0ae313afa811bf24959bc75d1ac9d39378e1d4e6ea71dc9d4d74cbf

SHA512
9b8f1ad98223122a74de0776cc22439f42b0edd5a96cf4b7022a225496df1a2131beb75745ecfd2ec1bfd5067fe3a7e5df439da91eafe952e2212cedb5c37c3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\aa29a677f3c909caeb2f29\vs_bootstrapper_d15\Microsoft.VisualStudio.Telemetry.dll

Filesize
995KB

MD5
bbcc8244db84ad2031ac010633abf798

SHA1
de0cb65ee877663da272b4162a55a64ab8669f74

SHA256
8fe17ff9da7932dc01a39ed27559d5cdfa9b97ba14cbaa9f719087a241c8b82d

SHA512
d5682ea1aa9d50e9a491f8dc25c82907cde24ead2842ea392242e8cdedf49f68f3035042442738e147b5aa29d6328ced68007732298f62466c78fd10b276b06f

Download Submit
C:\Users\Admin\AppData\Local\Temp\aa29a677f3c909caeb2f29\vs_bootstrapper_d15\Microsoft.VisualStudio.Utilities.Internal.dll

Filesize
62KB

MD5
2dc1dc66b267a3470add7fab88b78069

SHA1
dbe80047475b503791038ed7e47389c062c15c72

SHA256
b044863f98af8d28f4f2f5e2dccb945c57439e1575afb37110e1eec306a6c89c

SHA512
44ef73aab50dcc13ccd94c0353c366818afb27ce73772d722755b04add0c4f294c7814c84da6069d9aa6136f2a48683c25062dcddd1664e8d32fed1b38ceca21

Download Submit
C:\Users\Admin\AppData\Local\Temp\aa29a677f3c909caeb2f29\vs_bootstrapper_d15\Newtonsoft.Json.dll

Filesize
695KB

MD5
195ffb7167db3219b217c4fd439eedd6

SHA1
1e76e6099570ede620b76ed47cf8d03a936d49f8

SHA256
e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

SHA512
56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\aa29a677f3c909caeb2f29\vs_bootstrapper_d15\System.Memory.dll

Filesize
138KB

MD5
f09441a1ee47fb3e6571a3a448e05baf

SHA1
3c5c5df5f8f8db3f0a35c5ed8d357313a54e3cde

SHA256
bf3fb84664f4097f1a8a9bc71a51dcf8cf1a905d4080a4d290da1730866e856f

SHA512
0199ae0633bccfeaefbb5aed20832a4379c7ad73461d41a9da3d6dc044093cc319670e67c4efbf830308cbd9a48fb40d4a6c7e472dcc42eb745c6ba813e8e7c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\aa29a677f3c909caeb2f29\vs_bootstrapper_d15\System.Runtime.CompilerServices.Unsafe.dll

Filesize
17KB

MD5
c610e828b54001574d86dd2ed730e392

SHA1
180a7baafbc820a838bbaca434032d9d33cceebe

SHA256
37768488e8ef45729bc7d9a2677633c6450042975bb96516e186da6cb9cd0dcf

SHA512
441610d2b9f841d25494d7c82222d07e1d443b0da07f0cf735c25ec82f6cce99a3f3236872aec38cc4df779e615d22469666066ccefed7fe75982eefada46396

Download Submit
C:\Users\Admin\AppData\Local\Temp\aa29a677f3c909caeb2f29\vs_bootstrapper_d15\runtimes\win-arm64\native\msalruntime_arm64.dll

Filesize
2.2MB

MD5
a2f41908d5dc93b30daa584ea84d2092

SHA1
858e185e27c19177d3bd8682cea53bcdc27a598e

SHA256
88a6f127eee41da978181df5de12d65d2337d4427ef66b6be1df51bc29e93f8b

SHA512
ee5934249b2540b2eb8f9ea3f344f00d6e512a8f2f86df4ea674dd9e35a91154cd77c62053882e187cf1a629c369ad3be9667f59607676bdc780280de5dfbeed

Download Submit
C:\Users\Admin\AppData\Local\Temp\aa29a677f3c909caeb2f29\vs_bootstrapper_d15\runtimes\win-x64\native\msalruntime.dll

Filesize
2.2MB

MD5
6d226a7b33583555fe71310e610e7fc6

SHA1
92bb8ce4cb4e215348c6e22ffc3bf57ec031883a

SHA256
613be496ad434ceef6ed29dbba64f27a2612795078977a8b07b229ebba9e9953

SHA512
5697f07f95c723de50f65b23d5ce4853e716425abccae187d00ed3ab1812fb0e04af47b5ed241370773522fa3c463c351c9dfc58b10c7962bd2e8c83710a3d46

Download Submit
C:\Users\Admin\AppData\Local\Temp\aa29a677f3c909caeb2f29\vs_bootstrapper_d15\vs_setup_bootstrapper.exe

Filesize
404KB

MD5
c9bcdd344d7619bd194f559d33ff9dce

SHA1
a97c28648109c440c9e7f8289189b12b110199b2

SHA256
a3100e29573504e179461b12ac0b3122e12fe244d97f25eb8ed71e78179280de

SHA512
baa6b4bcf7333d8b1589bf4dc528cf5764fe69ffdefd7ea65b3367a020c53a6158648adccc08eb84445e4aca5caad5e03429081448c43ed5b8c3e56f7d74f575

Download Submit
C:\Users\Admin\AppData\Local\Temp\aa29a677f3c909caeb2f29\vs_bootstrapper_d15\vs_setup_bootstrapper.exe.config

Filesize
2KB

MD5
c301859aef3bf4c0914914e5807f6a5b

SHA1
908827ce12d093d2aa3d1e8baa8caf8bfe204fbd

SHA256
781ec48ae412ba18c2cea1b67f5bc4a33245fd5f96dbb0e58b218c98ee03785d

SHA512
0b9eeb0288b01ddfde11404b15378694145978bdd664b68befe5f776f65f950d35f54b7f29662a64ff91feb4dc0e9bd537864e46a1f3f252e8113ddf95f32f0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ed0yx03s.1pq

Filesize
40KB

MD5
3f3deef82238d3c4859c57b7ace478ac

SHA1
0f73a97815afa34461f947957ca6c093235277ac

SHA256
aa952b6633a05014fc5bffb2f1745467301e502f65b8464e14c070b56c7480ba

SHA512
1cc0d1b5b771d81b2db94787ec75a3c5b3ae084e162d493ab1bdbb0cdad0785bfdde37482ca70e0f514faf08f63300b32a0aaaa7a70426a011631a899c086862

Download Submit
C:\Users\Admin\AppData\Local\Temp\ftzhyl1a.vgb\ib2bdcri.json

Filesize
14.6MB

MD5
ae82aa1235d386bf2a3ebaf5d8f7e8de

SHA1
b6e820793cd5e77a966e6a78ac81af1349ae42f6

SHA256
9c8a20d12ab0e9374b02fb8867e55c8e15178667e814968d2073af23285473ce

SHA512
c85e323e8ff59e67a358d0c0f4d0cfa14fe688e31607d015ae14bfd1533a9bea6e7cdc63ef8640eadee0f402c4b877ea1e94e6b92657379dcf325a81f4f9ee34

Download Submit
C:\Users\Admin\AppData\Local\Temp\mso7F8D.tmp

Filesize
663B

MD5
ed3c1c40b68ba4f40db15529d5443dec

SHA1
831af99bb64a04617e0a42ea898756f9e0e0bcca

SHA256
039fe79b74e6d3d561e32d4af570e6ca70db6bb3718395be2bf278b9e601279a

SHA512
c7b765b9afbb9810b6674dbc5c5064ed96a2682e78d5dffab384d81edbc77d01e0004f230d4207f2b7d89cee9008d79d5fbadc5cb486da4bc43293b7aa878041

Download Submit
C:\Users\Admin\AppData\Local\Temp\suuabevv.json

Filesize
22KB

MD5
21136455f3b664a5e5ba40177866e49a

SHA1
649a4256ec8b3f0a9696d9b7170feefe18a09456

SHA256
71668fe53be0281975a7c9e914338d45ac2a433ed9425b776544b78df3f2c220

SHA512
e45d7d503a444d54f35ad30aac18ef344ef9da40103d866829418398d538b326c55c17d90f1d01093285fa3a052a6bf247af673ebb65529ca57c97bd92212f6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\vepsjomg.l0d\accpipfo.json

Filesize
89KB

MD5
fe40ecabf54358f70a380a7fe99c413d

SHA1
5eba06b6c0130390a39595c6345fea3290ff022b

SHA256
336beac5728d982b47c6ffd4a7c6d17166c29109547bb6b60b5bc975370aac04

SHA512
a640fe24788ca21474054fded80a44f14417e5270f2f610ccde1a2e6ce5cffe3477d3b9bedb4d39f6ae37083e205d9102f6996d1504fdabc606983fc5deb45bd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
427B

MD5
3ec9efdf9629b82021690f127a140a9b

SHA1
728c6d69fd1788d91de53e057af19a559a527739

SHA256
8d6868830c34048306a248dd2c05a31f065fa730b06085985f51bd3e4f4e6b8d

SHA512
02699e5e8b665af678b1f2927c37bcab9fef3339cde6c05cd4ec01c99221bf693ef21c8736e782538489544eeff4fad10272381d01769c355173e0867965b6cf

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
3KB

MD5
7d3d2ab39400e84fbe820f9b7ac6499d

SHA1
7b77d21d58f9625ac1d25b142eca40e54ac68b66

SHA256
0cfec1188d78188c50b8c41b422f4d67603dda4c78411c2e063e925577a5b135

SHA512
718c28d535950d88683a219b34468487fdc9d0840d8dce5f9147cb66d66c03830fed9823a888e770fc804f2a6de62838d47ab30c7fe8f549756b8009134069c3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
3KB

MD5
6319b7c8a297985600eef9414c0210c3

SHA1
2220f81d1c16994f0523bb0548a335bf25cd2d79

SHA256
11ca89cb65fbfa1f8a5cfb3d4cdfa1b291813f1347eb16e22ca1877c5ebdb969

SHA512
1a195dfdac5542ce11e0a38471ce8bee11a582507d677837d19ed9806ce4f3023e791b85ff1536f5f41270253825dec2ef7c41e3e5f5e86a606203f53b447324

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
2KB

MD5
9257d13f90e12dae92a7f3c13e48d5b6

SHA1
4a7510e0ab6404401105156c899d9097f5fe8166

SHA256
9e750e15ce5df523f424a2bbaba4db6d423936634a00871f3111796648624b9d

SHA512
61f81f764225ff6fef268002e40d071ad50f410cc091a5b1e81e3c82cfe24eb5025165acc7a23bcd6e0661cbcaf2eb4e1b408bc66ffce6461d8f2051b8a37a5d

Download Submit
C:\Users\Admin\Downloads\VisualStudioSetup.exe

Filesize
3.8MB

MD5
4a6a4c85fc31dc601250d39226b38e50

SHA1
e80f8a80187af79cf4bb296c9348b6c2034dc00f

SHA256
e8f26904f8deced20dcc63fac1f52872473e5752125601d15ca9e46749a4c7d1

SHA512
26a39d5c02bab7608cdb54a7311a53aeb2883aec62cc03a72b5e35f81239883c7d8f793783c53f310b8a3a124a88f07f92fd8c7e065907518ce1e991beadbb07

Download Submit
C:\Users\Admin\Downloads\VisualStudioSetup.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\smarko15.htm

Filesize
60KB

MD5
9486dd1ec74ab4be07e949d75aee44f8

SHA1
516bff17144c815f9dd10f26d4bdc11e102c5f8f

SHA256
26cd3ef656f1718ca6c2cdf729b755e9886b09a9d38c5a7e71dab18340450ae7

SHA512
c7b2c21d9daf56b5a47283519cab76675f2af892cbac9bd6f21d2ee44189914fd89a998cbef1cfc340439c538fc89a4c29db0ab9ec0a966da7ec7eab886c2b7b

Download Submit
C:\Users\Admin\Downloads\smarko15.htm:Zone.Identifier

Filesize
220B

MD5
f6e27a93922edf3034b5c93ed9c50523

SHA1
0eb2c1869265e8240f7b3200a98d0520789d3941

SHA256
bcd483d514741c40ab3d210c6078d5cf20e020439c6301d9bad209e137618f66

SHA512
7d629be556e54edba01dc2a926dfd5b66e81b6d15b54d9b513c8a8659b32365182ccb905e4c4e2181acc26cc7361e26db4d652a6c4fdcafa5b6107dcadc30068

Download Submit
memory/800-3879-0x000001C04DEB0000-0x000001C04DEC8000-memory.dmp

Filesize
96KB

Download
memory/896-1410-0x000002AAC8D20000-0x000002AAC8D28000-memory.dmp

Filesize
32KB

Download
memory/896-1392-0x000002AAAB6C0000-0x000002AAAB6CC000-memory.dmp

Filesize
48KB

Download
memory/896-1424-0x000002AAC8DE0000-0x000002AAC8E02000-memory.dmp

Filesize
136KB

Download
memory/896-1425-0x000002AAC8E30000-0x000002AAC8E80000-memory.dmp

Filesize
320KB

Download
memory/896-1423-0x000002AAC8F90000-0x000002AAC8FEE000-memory.dmp

Filesize
376KB

Download
memory/896-1422-0x000002AAC8EE0000-0x000002AAC8F8A000-memory.dmp

Filesize
680KB

Download
memory/896-1411-0x000002AAC8D90000-0x000002AAC8DE0000-memory.dmp

Filesize
320KB

Download
memory/896-1427-0x000002AAC8E80000-0x000002AAC8E9C000-memory.dmp

Filesize
112KB

Download
memory/896-1408-0x000002AAC64C0000-0x000002AAC64F8000-memory.dmp

Filesize
224KB

Download
memory/896-1409-0x000002AAC5E40000-0x000002AAC5E4E000-memory.dmp

Filesize
56KB

Download
memory/896-1407-0x000002AAC6770000-0x000002AAC67B2000-memory.dmp

Filesize
264KB

Download
memory/896-1406-0x000002AAC5E70000-0x000002AAC5E7C000-memory.dmp

Filesize
48KB

Download
memory/896-1404-0x000002AAC6640000-0x000002AAC66FA000-memory.dmp

Filesize
744KB

Download
memory/896-1403-0x000002AAC6500000-0x000002AAC6634000-memory.dmp

Filesize
1.2MB

Download
memory/896-1402-0x000002AAC6330000-0x000002AAC63BA000-memory.dmp

Filesize
552KB

Download
memory/896-1401-0x000002AAC59D0000-0x000002AAC59DE000-memory.dmp

Filesize
56KB

Download
memory/896-1400-0x000002AAAD030000-0x000002AAAD038000-memory.dmp

Filesize
32KB

Download
memory/896-1426-0x000002AAC8D60000-0x000002AAC8D7E000-memory.dmp

Filesize
120KB

Download
memory/896-1399-0x000002AAAD040000-0x000002AAAD050000-memory.dmp

Filesize
64KB

Download
memory/896-1398-0x000002AAC5980000-0x000002AAC5988000-memory.dmp

Filesize
32KB

Download
memory/896-1397-0x000002AAC5950000-0x000002AAC5976000-memory.dmp

Filesize
152KB

Download
memory/896-1396-0x000002AAAD000000-0x000002AAAD012000-memory.dmp

Filesize
72KB

Download
memory/896-1395-0x000002AAAB6D0000-0x000002AAAB6DA000-memory.dmp

Filesize
40KB

Download
memory/896-1394-0x000002AAC5EE0000-0x000002AAC5FDC000-memory.dmp

Filesize
1008KB

Download
memory/896-1393-0x000002AAAB720000-0x000002AAAB73A000-memory.dmp

Filesize
104KB

Download
memory/896-1473-0x000002AAC5130000-0x000002AAC5200000-memory.dmp

Filesize
832KB

Download
memory/896-1391-0x000002AAC5D20000-0x000002AAC5DD6000-memory.dmp

Filesize
728KB

Download
memory/896-1389-0x000002AAC5920000-0x000002AAC5942000-memory.dmp

Filesize
136KB

Download
memory/896-1388-0x000002AAAB6F0000-0x000002AAAB71A000-memory.dmp

Filesize
168KB

Download
memory/896-1387-0x000002AAC5820000-0x000002AAC585C000-memory.dmp

Filesize
240KB

Download
memory/896-1660-0x000002AACE0B0000-0x000002AACE142000-memory.dmp

Filesize
584KB

Download
memory/896-1658-0x000002AACA7F0000-0x000002AACA808000-memory.dmp

Filesize
96KB

Download
memory/896-1659-0x000002AACDA20000-0x000002AACDA2A000-memory.dmp

Filesize
40KB

Download
memory/896-1653-0x000002AACA680000-0x000002AACA6A8000-memory.dmp

Filesize
160KB

Download
memory/896-1649-0x000002AACA630000-0x000002AACA63A000-memory.dmp

Filesize
40KB

Download
memory/896-1648-0x000002AACDA90000-0x000002AACDB64000-memory.dmp

Filesize
848KB

Download
memory/896-1505-0x000002AAC5200000-0x000002AAC5212000-memory.dmp

Filesize
72KB

Download
memory/896-1499-0x000002AAC50E0000-0x000002AAC50F8000-memory.dmp

Filesize
96KB

Download
memory/896-1657-0x000002AACA810000-0x000002AACA84C000-memory.dmp

Filesize
240KB

Download
memory/896-1655-0x000002AACA670000-0x000002AACA678000-memory.dmp

Filesize
32KB

Download
memory/896-1500-0x000002AAC50C0000-0x000002AAC50CE000-memory.dmp

Filesize
56KB

Download
memory/896-1386-0x000002AAC5B60000-0x000002AAC5C12000-memory.dmp

Filesize
712KB

Download
memory/896-1430-0x000002AAC8EA0000-0x000002AAC8EB2000-memory.dmp

Filesize
72KB

Download
memory/896-1385-0x000002AAC5880000-0x000002AAC5914000-memory.dmp

Filesize
592KB

Download
memory/896-1384-0x000002AAC59F0000-0x000002AAC5B56000-memory.dmp

Filesize
1.4MB

Download
memory/896-1383-0x000002AAAAF00000-0x000002AAAB1F4000-memory.dmp

Filesize
3.0MB

Download
memory/896-1656-0x000002AACA7C0000-0x000002AACA7CA000-memory.dmp

Filesize
40KB

Download
memory/896-1497-0x000002AAC50A0000-0x000002AAC50A8000-memory.dmp

Filesize
32KB

Download
memory/896-1479-0x000002AAC5260000-0x000002AAC5268000-memory.dmp

Filesize
32KB

Download
memory/896-1478-0x000002AAC5080000-0x000002AAC5088000-memory.dmp

Filesize
32KB

Download
memory/896-1428-0x000002AAC90F0000-0x000002AAC91EC000-memory.dmp

Filesize
1008KB

Download
memory/1016-872-0x000000000B0F0000-0x000000000B140000-memory.dmp

Filesize
320KB

Download
memory/1016-823-0x0000000005630000-0x000000000572C000-memory.dmp

Filesize
1008KB

Download
memory/1016-868-0x000000000A970000-0x000000000A9A8000-memory.dmp

Filesize
224KB

Download
memory/1016-867-0x0000000007B50000-0x0000000007B58000-memory.dmp

Filesize
32KB

Download
memory/1016-866-0x0000000007B30000-0x0000000007B38000-memory.dmp

Filesize
32KB

Download
memory/1016-870-0x000000000B2C0000-0x000000000B2C8000-memory.dmp

Filesize
32KB

Download
memory/1016-865-0x0000000007D50000-0x00000000082F6000-memory.dmp

Filesize
5.6MB

Download
memory/1016-864-0x00000000076E0000-0x000000000779A000-memory.dmp

Filesize
744KB

Download
memory/1016-863-0x0000000007580000-0x0000000007612000-memory.dmp

Filesize
584KB

Download
memory/1016-860-0x0000000006ED0000-0x0000000006F36000-memory.dmp

Filesize
408KB

Download
memory/1016-859-0x0000000006040000-0x0000000006397000-memory.dmp

Filesize
3.3MB

Download
memory/1016-858-0x0000000005EF0000-0x0000000005F12000-memory.dmp

Filesize
136KB

Download
memory/1016-852-0x0000000005E10000-0x0000000005E20000-memory.dmp

Filesize
64KB

Download
memory/1016-873-0x0000000007AC0000-0x0000000007AD2000-memory.dmp

Filesize
72KB

Download
memory/1016-848-0x0000000005950000-0x0000000005958000-memory.dmp

Filesize
32KB

Download
memory/1016-805-0x00000000003B0000-0x0000000000418000-memory.dmp

Filesize
416KB

Download
memory/1016-908-0x000000000B140000-0x000000000B14A000-memory.dmp

Filesize
40KB

Download
memory/1016-909-0x000000000B280000-0x000000000B2A2000-memory.dmp

Filesize
136KB

Download
memory/1016-844-0x0000000005980000-0x00000000059A6000-memory.dmp

Filesize
152KB

Download
memory/1016-840-0x0000000005930000-0x0000000005942000-memory.dmp

Filesize
72KB

Download
memory/1016-836-0x00000000059D0000-0x0000000005A82000-memory.dmp

Filesize
712KB

Download
memory/1016-809-0x0000000005080000-0x00000000051E6000-memory.dmp

Filesize
1.4MB

Download
memory/1016-828-0x0000000004EE0000-0x0000000004EE8000-memory.dmp

Filesize
32KB

Download
memory/1016-832-0x00000000053F0000-0x0000000005440000-memory.dmp

Filesize
320KB

Download
memory/1016-813-0x0000000005490000-0x0000000005524000-memory.dmp

Filesize
592KB

Download
memory/1016-869-0x000000000A930000-0x000000000A93E000-memory.dmp

Filesize
56KB

Download
memory/3120-1458-0x0000023C740A0000-0x0000023C740AC000-memory.dmp

Filesize
48KB

Download
memory/3708-185-0x00007FFE055A0000-0x00007FFE055B0000-memory.dmp

Filesize
64KB

Download
memory/3708-180-0x00007FFE078F0000-0x00007FFE07900000-memory.dmp

Filesize
64KB

Download
memory/3708-182-0x00007FFE078F0000-0x00007FFE07900000-memory.dmp

Filesize
64KB

Download
memory/3708-184-0x00007FFE078F0000-0x00007FFE07900000-memory.dmp

Filesize
64KB

Download
memory/3708-181-0x00007FFE078F0000-0x00007FFE07900000-memory.dmp

Filesize
64KB

Download
memory/3708-183-0x00007FFE078F0000-0x00007FFE07900000-memory.dmp

Filesize
64KB

Download
memory/3708-288-0x00007FFE078F0000-0x00007FFE07900000-memory.dmp

Filesize
64KB

Download
memory/3708-289-0x00007FFE078F0000-0x00007FFE07900000-memory.dmp

Filesize
64KB

Download
memory/3708-286-0x00007FFE078F0000-0x00007FFE07900000-memory.dmp

Filesize
64KB

Download
memory/3708-186-0x00007FFE055A0000-0x00007FFE055B0000-memory.dmp

Filesize
64KB

Download
memory/3708-287-0x00007FFE078F0000-0x00007FFE07900000-memory.dmp

Filesize
64KB

Download
memory/3784-4346-0x00007FFE078F0000-0x00007FFE07900000-memory.dmp

Filesize
64KB

Download
memory/3784-4347-0x00007FFE078F0000-0x00007FFE07900000-memory.dmp

Filesize
64KB

Download
memory/3784-4345-0x00007FFE078F0000-0x00007FFE07900000-memory.dmp

Filesize
64KB

Download
memory/3784-4348-0x00007FFE078F0000-0x00007FFE07900000-memory.dmp

Filesize
64KB

Download
memory/5056-4321-0x00007FFE078F0000-0x00007FFE07900000-memory.dmp

Filesize
64KB

Download
memory/5056-4322-0x00007FFE078F0000-0x00007FFE07900000-memory.dmp

Filesize
64KB

Download
memory/5056-4319-0x00007FFE078F0000-0x00007FFE07900000-memory.dmp

Filesize
64KB

Download
memory/5056-4320-0x00007FFE078F0000-0x00007FFE07900000-memory.dmp

Filesize
64KB

Download
memory/5056-4334-0x00007FFE055A0000-0x00007FFE055B0000-memory.dmp

Filesize
64KB

Download
memory/5056-4335-0x00007FFE055A0000-0x00007FFE055B0000-memory.dmp

Filesize
64KB

Download
memory/5056-4323-0x00007FFE078F0000-0x00007FFE07900000-memory.dmp

Filesize
64KB

Download
memory/5128-1661-0x0000019A3A3B0000-0x0000019A3A3B8000-memory.dmp

Filesize
32KB

Download
memory/5128-4590-0x0000019A3AA40000-0x0000019A3AA52000-memory.dmp

Filesize
72KB

Download
memory/5128-1679-0x0000019A3A3C0000-0x0000019A3A3C8000-memory.dmp

Filesize
32KB

Download
memory/5128-1678-0x0000019A3A080000-0x0000019A3A08A000-memory.dmp

Filesize
40KB

Download
memory/5128-1664-0x0000019A3A4B0000-0x0000019A3A4DA000-memory.dmp

Filesize
168KB

Download
memory/5128-1662-0x0000019A3A3E0000-0x0000019A3A3E8000-memory.dmp

Filesize
32KB

Download
memory/5128-1654-0x0000019A39F90000-0x0000019A39FCC000-memory.dmp

Filesize
240KB

Download
memory/5400-4283-0x00000268D8640000-0x00000268D86D4000-memory.dmp

Filesize
592KB

Download
memory/5400-4273-0x00000268D87B0000-0x00000268D8912000-memory.dmp

Filesize
1.4MB

Download
memory/5400-4272-0x00000268BE120000-0x00000268BE12A000-memory.dmp

Filesize
40KB

Download