Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
23-08-2024 05:27
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://getsolara.dev
Resource
win10v2004-20240802-en
General
-
Target
http://getsolara.dev
Malware Config
Signatures
-
Downloads MZ/PE file
-
Checks computer location settings 2 TTPs 5 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
VisualStudioSetup.exesetup.exeVisualStudioSetup.exeVisualStudioSetup.exeVisualStudioSetup.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation VisualStudioSetup.exe Key value queried \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation setup.exe Key value queried \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation VisualStudioSetup.exe Key value queried \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation VisualStudioSetup.exe Key value queried \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation VisualStudioSetup.exe -
Executes dropped EXE 12 IoCs
Processes:
VisualStudioSetup.exeVisualStudioSetup.exeVisualStudioSetup.exeVisualStudioSetup.exevs_setup_bootstrapper.exevs_setup_bootstrapper.exevs_setup_bootstrapper.exevs_setup_bootstrapper.exesetup.exesetup.exevs_installer.windows.exesetup.exepid process 2684 VisualStudioSetup.exe 1192 VisualStudioSetup.exe 3008 VisualStudioSetup.exe 5140 VisualStudioSetup.exe 6560 vs_setup_bootstrapper.exe 6800 vs_setup_bootstrapper.exe 6792 vs_setup_bootstrapper.exe 5992 vs_setup_bootstrapper.exe 4504 setup.exe 3160 setup.exe 6132 vs_installer.windows.exe 6280 setup.exe -
Loads dropped DLL 64 IoCs
Processes:
vs_setup_bootstrapper.exevs_setup_bootstrapper.exevs_setup_bootstrapper.exevs_setup_bootstrapper.exepid process 6792 vs_setup_bootstrapper.exe 6792 vs_setup_bootstrapper.exe 6800 vs_setup_bootstrapper.exe 6800 vs_setup_bootstrapper.exe 6560 vs_setup_bootstrapper.exe 6560 vs_setup_bootstrapper.exe 6792 vs_setup_bootstrapper.exe 6792 vs_setup_bootstrapper.exe 6560 vs_setup_bootstrapper.exe 6560 vs_setup_bootstrapper.exe 6800 vs_setup_bootstrapper.exe 6800 vs_setup_bootstrapper.exe 6560 vs_setup_bootstrapper.exe 6560 vs_setup_bootstrapper.exe 6800 vs_setup_bootstrapper.exe 6800 vs_setup_bootstrapper.exe 6792 vs_setup_bootstrapper.exe 6792 vs_setup_bootstrapper.exe 6792 vs_setup_bootstrapper.exe 6792 vs_setup_bootstrapper.exe 6800 vs_setup_bootstrapper.exe 6800 vs_setup_bootstrapper.exe 6792 vs_setup_bootstrapper.exe 6792 vs_setup_bootstrapper.exe 6560 vs_setup_bootstrapper.exe 6560 vs_setup_bootstrapper.exe 6800 vs_setup_bootstrapper.exe 6800 vs_setup_bootstrapper.exe 6560 vs_setup_bootstrapper.exe 6560 vs_setup_bootstrapper.exe 6560 vs_setup_bootstrapper.exe 6560 vs_setup_bootstrapper.exe 6560 vs_setup_bootstrapper.exe 6560 vs_setup_bootstrapper.exe 6560 vs_setup_bootstrapper.exe 6560 vs_setup_bootstrapper.exe 6560 vs_setup_bootstrapper.exe 6560 vs_setup_bootstrapper.exe 6560 vs_setup_bootstrapper.exe 6560 vs_setup_bootstrapper.exe 6560 vs_setup_bootstrapper.exe 5992 vs_setup_bootstrapper.exe 5992 vs_setup_bootstrapper.exe 5992 vs_setup_bootstrapper.exe 5992 vs_setup_bootstrapper.exe 5992 vs_setup_bootstrapper.exe 5992 vs_setup_bootstrapper.exe 5992 vs_setup_bootstrapper.exe 5992 vs_setup_bootstrapper.exe 5992 vs_setup_bootstrapper.exe 5992 vs_setup_bootstrapper.exe 5992 vs_setup_bootstrapper.exe 5992 vs_setup_bootstrapper.exe 5992 vs_setup_bootstrapper.exe 5992 vs_setup_bootstrapper.exe 5992 vs_setup_bootstrapper.exe 5992 vs_setup_bootstrapper.exe 5992 vs_setup_bootstrapper.exe 5992 vs_setup_bootstrapper.exe 5992 vs_setup_bootstrapper.exe 5992 vs_setup_bootstrapper.exe 5992 vs_setup_bootstrapper.exe 6800 vs_setup_bootstrapper.exe 6800 vs_setup_bootstrapper.exe -
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
setup.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\6EA26FFDFC3C3CADAF6C = "\"C:\\Program Files (x86)\\Microsoft Visual Studio\\Installer\\setup.exe\" resume --installPath \"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\" --runOnce --installSessionId 90f3f670-e121-410e-a1f5-842c8d7b35c6" setup.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
msiexec.exedescription ioc process File opened (read-only) \??\W: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\O: msiexec.exe File opened (read-only) \??\Q: msiexec.exe File opened (read-only) \??\R: msiexec.exe File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\L: msiexec.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\V: msiexec.exe -
Drops file in System32 directory 2 IoCs
Processes:
chrome.exedescription ioc process File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF chrome.exe File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF chrome.exe -
Drops file in Program Files directory 64 IoCs
Processes:
vs_setup_bootstrapper.exesetup.exesetup.exedescription ioc process File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\pt-BR\VSIXInstaller.resources.dll vs_setup_bootstrapper.exe File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\System.Composition.AttributedModel.dll vs_setup_bootstrapper.exe File opened for modification C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\1033\BlendMui_Brand_708_10000.dll setup.exe File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\Microsoft.VisualStudio.ExtensionEngineContract.dll vs_setup_bootstrapper.exe File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\zh-Hans\Microsoft.VisualStudio.ExtensionEngine.resources.dll vs_setup_bootstrapper.exe File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\zh-Hant\Microsoft.VisualStudio.Services.WebApi.resources.dll vs_setup_bootstrapper.exe File opened for modification C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\Remote Debugger\x64\Runtime\Microsoft.VisualStudio.Debugger.Runtime.Desktop.dll setup.exe File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\Assets\Installer.70x70.contrast-black_scale-140.png vs_setup_bootstrapper.exe File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\Feedback\x86\KernelTraceControl.dll vs_setup_bootstrapper.exe File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\CommandLine.dll vs_setup_bootstrapper.exe File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\es\Microsoft.VisualStudio.Imaging.resources.dll vs_setup_bootstrapper.exe File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\es\Microsoft.VisualStudio.Services.WebApi.resources.dll vs_setup_bootstrapper.exe File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\fr\Microsoft.VisualStudio.Composition.resources.dll vs_setup_bootstrapper.exe File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\it\StreamJsonRpc.resources.dll vs_setup_bootstrapper.exe File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\pl\Microsoft.VisualStudio.Services.Common.resources.dll vs_setup_bootstrapper.exe File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\Assets\Installer.70x70.contrast-black_scale-100.png vs_setup_bootstrapper.exe File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\Feedback\Microsoft.VisualStudio.Interop.dll vs_setup_bootstrapper.exe File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\pt-BR\vs_layout.resources.dll vs_setup_bootstrapper.exe File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\de\Microsoft.VisualStudio.Composition.resources.dll vs_setup_bootstrapper.exe File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\pt-BR\Microsoft.VisualStudio.Setup.resources.dll vs_setup_bootstrapper.exe File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\zh-Hans\Microsoft.VisualStudio.Services.Common.resources.dll vs_setup_bootstrapper.exe File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\Assets\Installer.70x70.contrast-white_scale-100.png vs_setup_bootstrapper.exe File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\ko\VSIXInstaller.resources.dll vs_setup_bootstrapper.exe File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\tr\Microsoft.VisualStudio.Imaging.resources.dll vs_setup_bootstrapper.exe File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\zh-Hant\Microsoft.VisualStudio.Utilities.resources.dll vs_setup_bootstrapper.exe File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\ru\Microsoft.ServiceHub.Resources.dll vs_setup_bootstrapper.exe File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\vs_installer.version.json vs_setup_bootstrapper.exe File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\zh-Hans\vs_layout.resources.dll vs_setup_bootstrapper.exe File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\Assets\Installer.150x150.contrast-black_scale-140.png vs_setup_bootstrapper.exe File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\cs\Microsoft.VisualStudio.Utilities.resources.dll vs_setup_bootstrapper.exe File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\Microsoft.VisualStudio.Setup.NuGet.Packaging.dll.config vs_setup_bootstrapper.exe File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\pl\Microsoft.VisualStudio.Threading.resources.dll vs_setup_bootstrapper.exe File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\zh-Hans\Microsoft.VisualStudio.Utilities.resources.dll vs_setup_bootstrapper.exe File opened for modification C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Current\Bin\amd64\Microsoft.Build.Tasks.Core.dll setup.exe File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\es\Microsoft.VisualStudio.ExtensionEngine.resources.dll vs_setup_bootstrapper.exe File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\Microsoft.Internal.VisualStudio.Interop.dll vs_setup_bootstrapper.exe File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\pt-BR\Microsoft.ServiceHub.Resources.dll vs_setup_bootstrapper.exe File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\zh-Hans\Microsoft.VisualStudio.Imaging.resources.dll vs_setup_bootstrapper.exe File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\ru\Microsoft.VisualStudio.Validation.resources.dll vs_setup_bootstrapper.exe File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\System.Composition.Convention.dll vs_setup_bootstrapper.exe File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\vs_installer.windows.exe vs_setup_bootstrapper.exe File opened for modification C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\Remote Debugger\x86\Runtime\Microsoft.VisualStudio.Debugger.Runtime.NetCoreApp.dll setup.exe File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\feedback.exe vs_setup_bootstrapper.exe File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\Feedback\amd64\vcruntime140.dll vs_setup_bootstrapper.exe File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\Feedback\msalruntime_x86.dll vs_setup_bootstrapper.exe File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\Feedback\pt-BR\feedback.resources.dll vs_setup_bootstrapper.exe File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\ko\Microsoft.VisualStudio.Setup.Common.resources.dll vs_setup_bootstrapper.exe File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\ru\Microsoft.ServiceHub.Framework.resources.dll vs_setup_bootstrapper.exe File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\ru\VSInstallerElevationService.Contracts.resources.dll vs_setup_bootstrapper.exe File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\tr\Microsoft.VisualStudio.Setup.InstallerResources.resources.dll vs_setup_bootstrapper.exe File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\Assets\Installer.70x70.contrast-black_scale-80.png vs_setup_bootstrapper.exe File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\it\vs_layout.resources.dll vs_setup_bootstrapper.exe File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\es\Microsoft.VisualStudio.Setup.Common.resources.dll vs_setup_bootstrapper.exe File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\it\Microsoft.VisualStudio.Setup.Common.resources.dll vs_setup_bootstrapper.exe File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\tr\Microsoft.VisualStudio.Setup.resources.dll vs_setup_bootstrapper.exe File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.imagemanifest vs_setup_bootstrapper.exe File opened for modification C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Current\Bin\amd64\Microsoft.Build.Tasks.Core.dll setup.exe File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\CheckHyperVHost.exe vs_setup_bootstrapper.exe File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\pt-BR\Microsoft.TeamFoundation.Common.resources.dll vs_setup_bootstrapper.exe File opened for modification C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\Tools\Microsoft.VisualStudio.DevShell.dll setup.exe File opened for modification C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\en\Microsoft.VisualStudio.Imaging.resources.dll setup.exe File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\pt-BR\StreamJsonRpc.resources.dll vs_setup_bootstrapper.exe File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\runtimes\win-x86\native\msalruntime_x86.dll vs_setup_bootstrapper.exe File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\zh-Hant\VSInstallerElevationService.Contracts.resources.dll vs_setup_bootstrapper.exe -
Drops file in Windows directory 11 IoCs
Processes:
msiexec.exengen.exengen.exedescription ioc process File opened for modification C:\Windows\Installer\e595e24.msi msiexec.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log msiexec.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log ngen.exe File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenservicelock.dat ngen.exe File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenservicelock.dat ngen.exe File created C:\Windows\Installer\e595e24.msi msiexec.exe File opened for modification C:\Windows\Installer\ msiexec.exe File created C:\Windows\Installer\inprogressinstallinfo.ipi msiexec.exe File created C:\Windows\Installer\SourceHash{E407C30C-C3AA-4C6E-8394-9685770C9612} msiexec.exe File opened for modification C:\Windows\Installer\MSI5F8B.tmp msiexec.exe File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log ngen.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 15 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
VisualStudioSetup.exevs_setup_bootstrapper.exevs_setup_bootstrapper.exeVisualStudioSetup.exeVisualStudioSetup.exevs_setup_bootstrapper.exegetmac.exevs_setup_bootstrapper.exesetup.exeVisualStudioSetup.exengen.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language VisualStudioSetup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language vs_setup_bootstrapper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language vs_setup_bootstrapper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language VisualStudioSetup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language VisualStudioSetup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language vs_setup_bootstrapper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language getmac.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language vs_setup_bootstrapper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language vs_setup_bootstrapper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language vs_setup_bootstrapper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language vs_setup_bootstrapper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language VisualStudioSetup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language vs_setup_bootstrapper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ngen.exe -
Checks processor information in registry 2 TTPs 15 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
setup.exevs_setup_bootstrapper.exevs_setup_bootstrapper.exevs_setup_bootstrapper.exevs_setup_bootstrapper.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 setup.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 vs_setup_bootstrapper.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString vs_setup_bootstrapper.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz vs_setup_bootstrapper.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString vs_setup_bootstrapper.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 vs_setup_bootstrapper.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString setup.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz setup.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString vs_setup_bootstrapper.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 vs_setup_bootstrapper.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString vs_setup_bootstrapper.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz vs_setup_bootstrapper.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 vs_setup_bootstrapper.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz vs_setup_bootstrapper.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz vs_setup_bootstrapper.exe -
Enumerates system info in registry 2 TTPs 6 IoCs
Processes:
msedge.exechrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 3 IoCs
Processes:
msiexec.exedescription ioc process Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 msiexec.exe -
Modifies registry class 1 IoCs
Processes:
msedge.exedescription ioc process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-945322488-2060912225-3527527000-1000\{2802EEA7-06F6-4603-870F-6D7DB73EA37E} msedge.exe -
NTFS ADS 1 IoCs
Processes:
msedge.exedescription ioc process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 981804.crdownload:SmartScreen msedge.exe -
Suspicious behavior: EnumeratesProcesses 55 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exechrome.exemsedge.exemsedge.exevs_setup_bootstrapper.exesetup.exesetup.exemsiexec.exechrome.exepid process 3104 msedge.exe 3104 msedge.exe 3436 msedge.exe 3436 msedge.exe 1340 identity_helper.exe 1340 identity_helper.exe 3972 chrome.exe 3972 chrome.exe 6140 msedge.exe 6140 msedge.exe 6020 msedge.exe 6020 msedge.exe 6800 vs_setup_bootstrapper.exe 6800 vs_setup_bootstrapper.exe 6800 vs_setup_bootstrapper.exe 6800 vs_setup_bootstrapper.exe 6800 vs_setup_bootstrapper.exe 6800 vs_setup_bootstrapper.exe 6800 vs_setup_bootstrapper.exe 6800 vs_setup_bootstrapper.exe 6800 vs_setup_bootstrapper.exe 6800 vs_setup_bootstrapper.exe 6800 vs_setup_bootstrapper.exe 6800 vs_setup_bootstrapper.exe 6800 vs_setup_bootstrapper.exe 6800 vs_setup_bootstrapper.exe 6800 vs_setup_bootstrapper.exe 6800 vs_setup_bootstrapper.exe 6800 vs_setup_bootstrapper.exe 6800 vs_setup_bootstrapper.exe 6800 vs_setup_bootstrapper.exe 6800 vs_setup_bootstrapper.exe 6800 vs_setup_bootstrapper.exe 6800 vs_setup_bootstrapper.exe 6280 setup.exe 6280 setup.exe 4504 setup.exe 4504 setup.exe 6280 setup.exe 6280 setup.exe 6280 setup.exe 6280 setup.exe 3788 msiexec.exe 3788 msiexec.exe 6280 setup.exe 4504 setup.exe 4504 setup.exe 6280 setup.exe 6280 setup.exe 6280 setup.exe 6280 setup.exe 4184 chrome.exe 4184 chrome.exe 4184 chrome.exe 4184 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs
Processes:
msedge.exechrome.exepid process 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3972 chrome.exe 3972 chrome.exe 3972 chrome.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exevs_setup_bootstrapper.exevs_setup_bootstrapper.exedescription pid process Token: SeShutdownPrivilege 3972 chrome.exe Token: SeCreatePagefilePrivilege 3972 chrome.exe Token: SeShutdownPrivilege 3972 chrome.exe Token: SeCreatePagefilePrivilege 3972 chrome.exe Token: SeShutdownPrivilege 3972 chrome.exe Token: SeCreatePagefilePrivilege 3972 chrome.exe Token: SeShutdownPrivilege 3972 chrome.exe Token: SeCreatePagefilePrivilege 3972 chrome.exe Token: SeShutdownPrivilege 3972 chrome.exe Token: SeCreatePagefilePrivilege 3972 chrome.exe Token: SeShutdownPrivilege 3972 chrome.exe Token: SeCreatePagefilePrivilege 3972 chrome.exe Token: SeShutdownPrivilege 3972 chrome.exe Token: SeCreatePagefilePrivilege 3972 chrome.exe Token: SeShutdownPrivilege 3972 chrome.exe Token: SeCreatePagefilePrivilege 3972 chrome.exe Token: SeShutdownPrivilege 3972 chrome.exe Token: SeCreatePagefilePrivilege 3972 chrome.exe Token: SeShutdownPrivilege 3972 chrome.exe Token: SeCreatePagefilePrivilege 3972 chrome.exe Token: SeShutdownPrivilege 3972 chrome.exe Token: SeCreatePagefilePrivilege 3972 chrome.exe Token: SeShutdownPrivilege 3972 chrome.exe Token: SeCreatePagefilePrivilege 3972 chrome.exe Token: SeShutdownPrivilege 3972 chrome.exe Token: SeCreatePagefilePrivilege 3972 chrome.exe Token: SeShutdownPrivilege 3972 chrome.exe Token: SeCreatePagefilePrivilege 3972 chrome.exe Token: SeShutdownPrivilege 3972 chrome.exe Token: SeCreatePagefilePrivilege 3972 chrome.exe Token: SeShutdownPrivilege 3972 chrome.exe Token: SeCreatePagefilePrivilege 3972 chrome.exe Token: SeShutdownPrivilege 3972 chrome.exe Token: SeCreatePagefilePrivilege 3972 chrome.exe Token: SeShutdownPrivilege 3972 chrome.exe Token: SeCreatePagefilePrivilege 3972 chrome.exe Token: SeShutdownPrivilege 3972 chrome.exe Token: SeCreatePagefilePrivilege 3972 chrome.exe Token: SeShutdownPrivilege 3972 chrome.exe Token: SeCreatePagefilePrivilege 3972 chrome.exe Token: SeShutdownPrivilege 3972 chrome.exe Token: SeCreatePagefilePrivilege 3972 chrome.exe Token: SeShutdownPrivilege 3972 chrome.exe Token: SeCreatePagefilePrivilege 3972 chrome.exe Token: SeShutdownPrivilege 3972 chrome.exe Token: SeCreatePagefilePrivilege 3972 chrome.exe Token: SeShutdownPrivilege 3972 chrome.exe Token: SeCreatePagefilePrivilege 3972 chrome.exe Token: SeShutdownPrivilege 3972 chrome.exe Token: SeCreatePagefilePrivilege 3972 chrome.exe Token: SeShutdownPrivilege 3972 chrome.exe Token: SeCreatePagefilePrivilege 3972 chrome.exe Token: SeShutdownPrivilege 3972 chrome.exe Token: SeCreatePagefilePrivilege 3972 chrome.exe Token: SeShutdownPrivilege 3972 chrome.exe Token: SeCreatePagefilePrivilege 3972 chrome.exe Token: SeShutdownPrivilege 3972 chrome.exe Token: SeCreatePagefilePrivilege 3972 chrome.exe Token: SeShutdownPrivilege 3972 chrome.exe Token: SeCreatePagefilePrivilege 3972 chrome.exe Token: SeShutdownPrivilege 3972 chrome.exe Token: SeCreatePagefilePrivilege 3972 chrome.exe Token: SeDebugPrivilege 6800 vs_setup_bootstrapper.exe Token: SeDebugPrivilege 6792 vs_setup_bootstrapper.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
msedge.exechrome.exepid process 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3972 chrome.exe 3972 chrome.exe 3972 chrome.exe 3972 chrome.exe 3972 chrome.exe 3972 chrome.exe 3972 chrome.exe 3972 chrome.exe 3972 chrome.exe 3972 chrome.exe 3972 chrome.exe 3972 chrome.exe 3972 chrome.exe 3972 chrome.exe 3972 chrome.exe 3972 chrome.exe 3972 chrome.exe 3972 chrome.exe 3972 chrome.exe 3972 chrome.exe 3972 chrome.exe 3972 chrome.exe 3972 chrome.exe 3972 chrome.exe 3972 chrome.exe 3972 chrome.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe -
Suspicious use of SendNotifyMessage 56 IoCs
Processes:
msedge.exechrome.exepid process 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3972 chrome.exe 3972 chrome.exe 3972 chrome.exe 3972 chrome.exe 3972 chrome.exe 3972 chrome.exe 3972 chrome.exe 3972 chrome.exe 3972 chrome.exe 3972 chrome.exe 3972 chrome.exe 3972 chrome.exe 3972 chrome.exe 3972 chrome.exe 3972 chrome.exe 3972 chrome.exe 3972 chrome.exe 3972 chrome.exe 3972 chrome.exe 3972 chrome.exe 3972 chrome.exe 3972 chrome.exe 3972 chrome.exe 3972 chrome.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe 3436 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 3436 wrote to memory of 3676 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 3676 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 4972 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 4972 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 4972 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 4972 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 4972 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 4972 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 4972 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 4972 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 4972 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 4972 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 4972 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 4972 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 4972 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 4972 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 4972 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 4972 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 4972 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 4972 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 4972 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 4972 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 4972 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 4972 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 4972 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 4972 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 4972 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 4972 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 4972 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 4972 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 4972 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 4972 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 4972 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 4972 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 4972 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 4972 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 4972 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 4972 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 4972 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 4972 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 4972 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 4972 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 3104 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 3104 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 760 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 760 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 760 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 760 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 760 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 760 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 760 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 760 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 760 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 760 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 760 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 760 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 760 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 760 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 760 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 760 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 760 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 760 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 760 3436 msedge.exe msedge.exe PID 3436 wrote to memory of 760 3436 msedge.exe msedge.exe -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://getsolara.dev1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3436 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c78546f8,0x7ff9c7854708,0x7ff9c78547182⤵PID:3676
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:22⤵PID:4972
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3104 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:82⤵PID:760
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:3712
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:5080
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:82⤵PID:1192
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1340 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:12⤵PID:4628
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:12⤵PID:2216
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:12⤵PID:708
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:12⤵PID:5976
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:12⤵PID:5984
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:12⤵PID:5736
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:12⤵PID:5164
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6020 /prefetch:82⤵PID:6128
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5988 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:6140 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:12⤵PID:2720
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:12⤵PID:5232
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:12⤵PID:3640
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:12⤵PID:1528
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:12⤵PID:5556
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:12⤵PID:5156
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:12⤵PID:1480
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6464 /prefetch:82⤵PID:2532
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:12⤵PID:5952
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4888 /prefetch:82⤵PID:5708
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:6020 -
C:\Users\Admin\Downloads\VisualStudioSetup.exe"C:\Users\Admin\Downloads\VisualStudioSetup.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2684 -
C:\Users\Admin\AppData\Local\Temp\3ba0baf7386941421519a26f\vs_bootstrapper_d15\vs_setup_bootstrapper.exe"C:\Users\Admin\AppData\Local\Temp\3ba0baf7386941421519a26f\vs_bootstrapper_d15\vs_setup_bootstrapper.exe" --env "_SFX_CAB_EXE_PACKAGE:C:\Users\Admin\Downloads\VisualStudioSetup.exe _SFX_CAB_EXE_ORIGINALWORKINGDIR:C:\Users\Admin\Downloads"3⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Checks processor information in registry
PID:6560 -
C:\Windows\SysWOW64\getmac.exe"getmac"4⤵
- System Location Discovery: System Language Discovery
PID:4964 -
C:\Users\Admin\Downloads\VisualStudioSetup.exe"C:\Users\Admin\Downloads\VisualStudioSetup.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1192 -
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe"C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe" --env "_SFX_CAB_EXE_PACKAGE:C:\Users\Admin\Downloads\VisualStudioSetup.exe _SFX_CAB_EXE_ORIGINALWORKINGDIR:C:\Users\Admin\Downloads"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:6800 -
C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe"C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe" /finalizeInstall install --in "C:\ProgramData\Microsoft\VisualStudio\Packages\_bootstrapper\vs_setup_bootstrapper_202408230528283693.json" --locale en-US --activityId "7586ab26-6066-4a39-9c44-a7ca40b86e1d" --campaign "2030:6e286be14298477f89dd561dc3300c36" --pipe "9a413dcf-0ed7-43d0-a296-6c9811c15737"4⤵
- Checks computer location settings
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:4504 -
C:\Program Files (x86)\Microsoft Visual Studio\Installer\vs_installer.windows.exe"C:\Program Files (x86)\Microsoft Visual Studio\Installer\vs_installer.windows.exe" /finalizeinstall 6F320B93-EE3C-4826-85E0-ADF79F8D4C61 "Visual Studio Installer" "Microsoft Visual Studio Installer" 3.11.2177.7163 0 "C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe"5⤵
- Executes dropped EXE
PID:6132 -
C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe"C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe" elevate --activityId 7586ab26-6066-4a39-9c44-a7ca40b86e1d --campaign 2030:6e286be14298477f89dd561dc3300c36 --handle 589892 --locale en-US --pid 4504 --pipeName 4515ff99329c43f88313abdff9f90183 --serializedSession "{\"TelemetryLevel\":null,\"IsOptedIn\":true,\"HostName\":\"Default\",\"AppInsightsInstrumentationKey\":\"f144292e-e3b2-4011-ac90-20e5c03fbce5\",\"AsimovInstrumentationKey\":\"AIF-312cbd79-9dbb-4c48-a7da-3cc2a931cb70\",\"CollectorApiKey\":\"f3e86b4023cc43f0be495508d51f588a-f70d0e59-0fb0-4473-9f19-b4024cc340be-7296\",\"AppId\":1000,\"UserId\":\"9ba3fc80-2adf-4a94-8617-e1690406200b\",\"Id\":\"6ab1ba98-2dc1-4f42-9c22-2027c962e671\",\"ProcessStartTime\":638599877360664394,\"SkuName\":null,\"VSExeVersion\":null,\"BucketFiltersToEnableWatsonForFaults\":[{\"AdditionalProperties\":[],\"Id\":\"a02930d9-c607-41c3-8698-0fd9196735a5\",\"WatsonEventType\":\"VisualStudioNonFatalErrors2\",\"BucketParameterFilters\":[null,null,\"(?i)vs\\.setup.*\",null,null,null,null,null,null,null]},{\"AdditionalProperties\":[],\"Id\":\"64a13603-6d89-42e4-a299-13f77e5ad306\",\"WatsonEventType\":\"VisualStudioNonFatalErrors2\",\"BucketParameterFilters\":[null,null,\"(?i)vs\\.willow.*\",null,null,null,null,null,null,null]}],\"BucketFiltersToAddDumpsToFaults\":[]}"5⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
PID:6280 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe" queue pause6⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:6760 -
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe" queue pause6⤵
- Drops file in Windows directory
PID:3712 -
C:\Users\Admin\Downloads\VisualStudioSetup.exe"C:\Users\Admin\Downloads\VisualStudioSetup.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3008 -
C:\Users\Admin\AppData\Local\Temp\131e6214b63b3e017ac37f93\vs_bootstrapper_d15\vs_setup_bootstrapper.exe"C:\Users\Admin\AppData\Local\Temp\131e6214b63b3e017ac37f93\vs_bootstrapper_d15\vs_setup_bootstrapper.exe" --env "_SFX_CAB_EXE_PACKAGE:C:\Users\Admin\Downloads\VisualStudioSetup.exe _SFX_CAB_EXE_ORIGINALWORKINGDIR:C:\Users\Admin\Downloads"3⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:6792 -
C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe"C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe" /finalizeInstall install --in "C:\ProgramData\Microsoft\VisualStudio\Packages\_bootstrapper\vs_setup_bootstrapper_202408230528313013.json" --locale en-US --activityId "f31f90d4-bb5e-4be7-968e-23f0aa390266" --campaign "2030:6e286be14298477f89dd561dc3300c36" --pipe "3a4827b5-6259-4bb5-b7d5-844375fda23b"4⤵
- Executes dropped EXE
PID:3160 -
C:\Users\Admin\Downloads\VisualStudioSetup.exe"C:\Users\Admin\Downloads\VisualStudioSetup.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5140 -
C:\Users\Admin\AppData\Local\Temp\d392a2f42f9247e5c2d60a86\vs_bootstrapper_d15\vs_setup_bootstrapper.exe"C:\Users\Admin\AppData\Local\Temp\d392a2f42f9247e5c2d60a86\vs_bootstrapper_d15\vs_setup_bootstrapper.exe" --env "_SFX_CAB_EXE_PACKAGE:C:\Users\Admin\Downloads\VisualStudioSetup.exe _SFX_CAB_EXE_ORIGINALWORKINGDIR:C:\Users\Admin\Downloads"3⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Checks processor information in registry
PID:5992
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2584
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3284
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3972 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff9b653cc40,0x7ff9b653cc4c,0x7ff9b653cc582⤵PID:5176
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2056,i,6705053526160675332,15494597969804457071,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2052 /prefetch:22⤵PID:5356
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1944,i,6705053526160675332,15494597969804457071,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2172 /prefetch:32⤵PID:5368
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2308,i,6705053526160675332,15494597969804457071,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2468 /prefetch:82⤵PID:5408
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3160,i,6705053526160675332,15494597969804457071,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3172 /prefetch:12⤵PID:5564
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3224,i,6705053526160675332,15494597969804457071,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:5572
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4600,i,6705053526160675332,15494597969804457071,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3720 /prefetch:12⤵PID:5760
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5024,i,6705053526160675332,15494597969804457071,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1128 /prefetch:82⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
PID:4184
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:5636
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x428 0x3ec1⤵PID:2720
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
PID:3788
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:524
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
598B
MD59908d2f56dafd4cc0706d00cdd179648
SHA1e9c0e7947e10fd8b001c49c2c9775a83e1aa4448
SHA256b208046ec600145c60d3635e46e9b2d4f14ab946f4f3cfe39ae6ba25d9cffa93
SHA5128a11be69930acd3bd316cba042c04de43b5615f36c64aa052c8c0bfe0477ef9b622687e2688e72cb40a64281d631bcadef2c8474e306643c8a628debc398ffcc
-
C:\ProgramData\Microsoft\VisualStudio\Packages\Microsoft.VisualStudio.MinShell.Auto.Resources,version=17.11.35208.52,language=en-US\payload.vsix
Filesize242KB
MD5745a46443977c672beee5742beddba84
SHA198602365f7b9c3e185835acdb9aee2f2a24017f2
SHA256c00253aec3ea2a86878dd8e91bd3be2269f4886886b7efcc93e62c5ba4ffb128
SHA5127cff04d07e89e7c0b34884cde3ea17f1c00ec1a45d492c12f15db9f3bdbf24c664491cc51f5ee29cd7e4f30a2705ef2dfa2df53f9525d4a322cd1bed1d4ab168
-
Filesize
17KB
MD5551678080c7fd5c8b118572f69297ddb
SHA1046e7291bb85e7d3ab39247caa8e599ff810e0f3
SHA2569a63fa2ebb73ecd46bff500ee206809186e481dcb02472f396af9814d63c3f75
SHA512174913a4dfef31fd0e0bfab54219a00ec6f1b7429e6127b6fcb27a2e83fa2a3301433a28ae4261b13cc2d92f105d3b1a3304560718ddbd728e57f69372fe08b0
-
Filesize
99KB
MD574efb0c3a495a269c6537cc902280e85
SHA18ce0b7513d015b4041796de7f730ce45deafd844
SHA25660f0cb1daea0d63e1eb0cd789421833d0a3c28ac3cca4d8cf1149fed33de4517
SHA51289b72f3576ca30222169ea79c5831f901b05b8b3720dbda7efc6e7005f0e6d2382603532fec03fca9fe16ec61b08030b6bf672dc796b49d9325979eb80eff2b2
-
Filesize
1KB
MD509a0e5ecfc195309c001bca1d8531a1b
SHA195205df7a32ca26eda3b4ea6551df1a6f78f7769
SHA25670e991b7cc077761708b2e2099ac839698b56716f5c0d0b9585765e62a57b6a7
SHA51276e1b31b417929a8d105d358f99ea1d310e792ea0c5d82d7f584a763dffb7443d890d3effc0781edd6d91f5c1cadee0bcb33098c87ba53fcbf4d1929eb276b7e
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
356B
MD5bf3696de34abc2a424d953d22e5ed001
SHA1fdf5c59209d6c465c43a1fb9911b01ca7b182a1a
SHA256cca4305da07a597aad9459c3889f65cef336e466217518de3431f6bbe8e42dec
SHA5129eb3ae6d1b332649df604fabfec381de213a7d5028852ddd82da0435c82bdc92667582d447214ae0eb924ea05dba6634402034e49bd1cb9d8ce60b12f8533a9e
-
Filesize
8KB
MD55f1037ef9f53abf2be30701108565fe0
SHA114381cc3eadf9ede2780d85e2216f339eda4de39
SHA2568dd9cf52134be79f6701d9fa2370794bccac5a80e1066367e2c65a8338bfb212
SHA512a286128c1ed630f89787286aa3d898048bc8c3694f158c0083135ef082fc7c15a12ab2bc6747a5a174f145f92a92fdc56f01007bdd9837d25cc3aa031a1a70d1
-
Filesize
9KB
MD50d9fbfff3d5aae061d52623f5604b67e
SHA12f157af098d1f3e0d86b695617c92ab6385e5ae3
SHA25611d9747885c494702d29d6f1809621ad72d845eda6a20ba680f53d88ef5c9fd2
SHA51235922d8adc2090ff526f6ac2d6d5bb797ee5140873c0c7d983a5e36330116527a1785a02284d05eab7cde4ffddbe81082c70903d73370108fa67579f6ab9cd9d
-
Filesize
8KB
MD56466fccb6aad552c6084255782db8d20
SHA15470d101909556701848e46aa1cf188a75930fe5
SHA2569447ffa25ab5dc8745435380436acbfb60ae5bcadb50b9e4baa8df74a69bf9b6
SHA5126824dee9f68c25938cfb90a515eb809e7392c5c1e53eef7eb4a120f7518a11d6cefad9b65895483843f683ce1b2ed8fa59416b05c1ba9bac7635e1aa4058c9ae
-
Filesize
9KB
MD59754775e5c89116218c8da54a202f3ee
SHA1b8a16115ec0c26b8add067ed415223d8466ac75d
SHA256fc1e9a7379895630a1a9c12573c4b0893ab21bbf2c2ba2aea0aecf30b29009c0
SHA51243692cd101c47a08b203cf78fdb8238721ecd77d75a6efd2bb3a594a75a1de03134475c4aa4500ae5eab5c85725824d34db7c2af915c3d7d8208a70109d91c24
-
Filesize
9KB
MD533d2a0e74147e733fe5a588337f18316
SHA188500ba94a9e5965203228c42c3099b6fe6989da
SHA256990157f69b663f4585dd67b817c30de9f685d1ea1d953922b28e512d232650f9
SHA512f20a80cd16bcbdfab88f6f2737b3983233ff3bf87dadc452e511053861f98ca9fc8a988c97d48625356b299495912c99dff257a4511d1c17aa73c67e92ad6179
-
Filesize
9KB
MD5958040cc190f3d7bebe0bc5427524791
SHA101df1cfc88d9b2633ac3bed5a4588141a94a83fc
SHA2567c1510c29b3e316c13b39f1c60dde96aba84ad38ba14d0af97236b984a354ba9
SHA512570ebb21af7f11d16b14593e751a571d39f2f5a6ee6a4e08eccf47edf668b68dfc411302f5b5e066cb2b566b753a2fa37003906a279b7303ebc1e3ca8af12f66
-
Filesize
9KB
MD5a63c321aa4c1a465018928d541084375
SHA19990533b7611577b540cd74c51692806449c09e9
SHA25690c8771ef22fd2a9672c2a928bdd42d59085f3829ff5ff4792aa54da967656e1
SHA512d770add10c987ca03c11c6e90cd4df70e99c01da6fcd76aeb35ea7ea26190978c89dd037da97b8a55799c7df2705faf8cdb3608e58c039161297072b6316b761
-
Filesize
9KB
MD52697534590fbf6e6e9871410434ea615
SHA1403269b8d70efd8e9fd9013d9dbb8173119d380e
SHA256901d39695bfc4d0135d2fbeaa8f8bfc64eeb99be6aa60c0037734625ac67925b
SHA512f178d58e3cd49b52b0474af14d0083a92609ded51dd5a3abd3b51bab6b1e201fd4d9a3ea6e2206a71cf5185a656634f2cd7c6e6e040e890b09aad6bf18c973c5
-
Filesize
9KB
MD568e3df4b4e1736f1f3669c13efcf5a55
SHA13fabda1f8ccbf3b916309b93b543c761cb40f762
SHA256aa646a139a6f40f65ebade17dc4834e065a07c00f3aa545a6b3e9720f1754064
SHA512d19e1561b5d28b1b24b1996e3f9cdf24abae60161c7e3741622a389a0752ffb9e5df66c5f27969d35f7404213cf1eb3a8c4da3e65daf1a25355dcc0c05078cea
-
Filesize
99KB
MD5d4f39e5ea4e65c8421b8155928a6bafd
SHA175801ca526be5c9f363b11d66b5c962434b38236
SHA2569c8065bd71638bf76344f0a8b534553edad599276bf27ce54d0099c9bb554545
SHA51228ccb5f2bbf06b127c664da66f4f21f01936c02f9f4b956f933e383e3e38ebf68a9bcd4092a32feac34718fc8ae991ce9914cd04fd90fdcf2ace9264ecb5651a
-
Filesize
152B
MD59b008261dda31857d68792b46af6dd6d
SHA1e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3
SHA2569ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da
SHA51278853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10
-
Filesize
152B
MD50446fcdd21b016db1f468971fb82a488
SHA1726b91562bb75f80981f381e3c69d7d832c87c9d
SHA25662c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222
SHA5121df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD544f5c2710e8ab3820a79f67fc181786d
SHA1c9852528fbf1628fbf1a65a320a3785f906fcddd
SHA2565fcf3313fab047c0f05db858efa0301f2828ef85f680b3549227da8bbea80e90
SHA512a5efae33a1e409489c8a6d1201a488eb0f0a5cbb7e4d1be165b0a10a62cf4c5a0a6e67b61652d4d9f71dce21953edcf1beb6459d4235110054b66d606f1f5cc0
-
Filesize
1KB
MD5ad1de141efb3ad47c6ad57cfb9f125c7
SHA1f52034d7921b5c2f1b286873a1a994cfba2468d1
SHA25617873c3d93161a0c9f65ba12829655b22257a9cc8cdd4c12a0b55a50ecd39000
SHA5120f294cb1f2d1387558ffc4fa359d478f686183edec7768a1931f707d62e8ac8e9c7cd49b6b58207649b751a532971f782ca237a8ec619b6c297747a6db7b154a
-
Filesize
5KB
MD50088fd40add0174d1f584245f7eadbbe
SHA1f8b21d16357df22f6512e89473b9ec24f68f3beb
SHA256300764c12e5fc970699f08319f2160b772ee84526e67d2d55fb1306e9e7d81b6
SHA512c0320e99cfd944f713942696410b6fe70623b1e226617ac076de250ad173bc23b1ab52413897b51775a4c3308d4a9fa0bd72595b5fb83a9414e5da972584e7c8
-
Filesize
8KB
MD52c8e4ba6ece76244665599f452486b29
SHA141aed0e0ceb4b29789fd8e925fd3bab104067e96
SHA2566dc36c7952fb41140215244a451f6a22dbbc23ad3a88ce204a493d71c95cbb29
SHA5128dd36a0dcb1237f4ed9d0027de12f6e632d5dcac4fb2906713107cfa84a5002d83848a19fdb13bead9c2f906a231b4283602a9f15f6d28a81d573907f71f72be
-
Filesize
7KB
MD5f3b397ca0c72b9f131d3b36485c9cc1f
SHA1e7a40085075b634edbd7e3a775aa3bec4dc00992
SHA256ef37751822084fe29c7253db65595816d2e11d43fa081751af51adf77466f4fb
SHA512c9accdcbe3700a4b4695dd72ccf4f2fdb62c1e5d9e4c1abefac3c70ebdf3724ac5bc92e9ce7ac52a8c69f0d555e4ae6d207042325696b326913146fe4bee5316
-
Filesize
6KB
MD54e25a7e0d87ae95820f6ab258a8e3e12
SHA1d9555ea5605e36971bffb18c57bbbc6c39e23a8f
SHA2560d5fc3ebb0c608f2092f50a2b4ac68aec5f325a4763d041734bb8aa52450cd57
SHA512b9e7770395e4f47cedae47f7e4c4a96551e03efeece8b41caf9df8bad164f75c8a5369080faa89cdb29436979d4606572973ff9768cb0df63ffda846708eb3c4
-
Filesize
6KB
MD56ef03423889b2a6049fdd82357867f48
SHA17fe192cfca298a2b31d8002d31d1fb15e9e1fe1c
SHA256f90f0e934ab3a9067dd977fccc0e377042270a2ba173359f72431da8bb0b98e7
SHA51221d5acd65e8dd1c42dbe033ac36572ec12e47e8d5c1e6331e92d5b59a865e66b95f37d1bcd97ab06af9413908d92dcf54b3191d2975f39553c49da69c1185be5
-
Filesize
1KB
MD5113f8829e5469dbc13caf775f3549d13
SHA16ac3d95b2274f16ec670f3ca223ff7fd4516b065
SHA2568842bc23f1f8e6ca95718b0a4b13406a802a3f9ce87be1388926b11d5c51db68
SHA5122c2b882dba3886b44c6820493118708107c813c6242e4425dbdca2083ab649789e069e5b6432b1e9895c36b3bed90dddac0b4e3cd2ea071b70e8260636561c24
-
Filesize
1KB
MD5a367fcfa5c08a30b161cd7d7be5e464f
SHA10285f456e7bb87c9ab5d09951655142fdefb3619
SHA2569ea41586bffd9aada1d6ed8894b72f5f843ff4f95ad7084d92e709b5473c1828
SHA5122816fbd7bf495f07c1c3fba50778b01612818e4ebfa5342a370e2a283dcdfefa01aae0d18e419731a646c81730645ca26bb3d4aa5431eef42c39108cedeaed93
-
Filesize
37B
MD5661760f65468e15dd28c1fd21fb55e6d
SHA1207638003735c9b113b1f47bb043cdcdbf4b0b5f
SHA2560a5f22651f8fe6179e924a10a444b7c394c56e1ed6015d3fc336198252984c0e
SHA5126454c5f69a2d7d7f0df4f066f539561c365bb6b14c466f282a99bf1116b72d757bef0bf03a0e0c68a7538a02a993fc070c52133ca2162c8496017053194f441c
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
11KB
MD59b1966c0abb01dec0058f343a67b49db
SHA1d710d263b663f17e3e0f9c4b16f77f20cedb68e2
SHA25682d7d3d586c7b483b4954fa852c20cd43b644e4dfbd5502a948a3383ab956f89
SHA512c2f50ea2e2fae358ab8095fa5bc8e7cc3cf6df0786d4652c5d603f14689fcfff2e3fa7f825b687055aec9d0b049d52f449b1c9586cb41e026ba75b386bfe8018
-
Filesize
11KB
MD5788e5d9bd679fd2ab473fd1b82539baf
SHA1dfd6e688d50848479255bab41468a7a2f0e31226
SHA256f1b2b0387ed9fcf4bdbd3563e1e4bbcb43f069eeb00bcec2d1618ef8a6129084
SHA512f88d2abc7579df462f089f7f0ddc4792bde6b71dcddd07826118c87a46e7953ca603f87c389968018a27e89d303ff059f58456ed89ba753a295b75f0538beb68
-
C:\Users\Admin\AppData\Local\Microsoft\VSApplicationInsights\vstelAIF-312cbd79-9dbb-4c48-a7da-3cc2a931cb70\20240823052858_13f8ae18b48a472aa64a1e00c2d22921.trn
Filesize3KB
MD54e7856aa87ff2e60aca4c56f54945533
SHA192c526f442788b5949d206a7c7cdd7dd8d9a4093
SHA256dc4fa0f71f2cb6dd8c4a452f903d3f86fa41d561c4e44c06226a764541dcb107
SHA512be654a79f8bc873fc96936eab91b942f68b10351f571ab9f5c3b71edb92f26c1b65e01790956a2e66771904a0044bbcb1a12bcbce5eca8ecb47875ad0d1ac8d9
-
C:\Users\Admin\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240823052857_c934af26616e425984371a4038d5db16.trn
Filesize6KB
MD5fd2734899c6775db4db99ebe3b33629f
SHA1ca0cd5521d82efd24708ac0107db0ccd7d76fc26
SHA2564cde2ae2baec17d99405affb6217b28f58b8ddb34f79195e42f6b5d6d8640db9
SHA5121c1c313604590de7c81036006dde09889398d779294ae2f23cd1796980af21d3bb3f74f3aa0a9f0e85fd203949d4b8266be1bcd0b5fd1a53fb607b1754354f32
-
Filesize
26B
MD5e3c9f3c009c49e91b372ce3be05da610
SHA1df98879fb7402b9b08bdc18fc2f3d4d5ccec12cc
SHA256f4d08ea820b816e2822bdd3351613ed185e4e36503ccc348f4a8a7957fadfd6f
SHA512444aa325d744a7fbcdc5a48cd7b51814e3cca5caf58b0e16316e015f898773a5d3476059399a704a9b4dc6350d06430ba42a78058f2cd8c03669147b346f22ca
-
Filesize
66KB
MD592cff2ed765026e74cf6749269fe946b
SHA19a44a54d6bdd1f1978951cc53e57df051c12d0a5
SHA256bc4c79576ee184f93ec0cea3e18a9b0111f078e3be37accdfb6b347ea546935b
SHA512ea7f4058eaa71b64c6398aee7cfd72d22789317e0ab85c0d91845703d68133577c3c6673c6417a1ac5a552d3b5c940ba9649563e63d28681db5f35d5e0b39246
-
C:\Users\Admin\AppData\Local\Microsoft\VisualStudio\Packages\_Channels\13adb548\channelManifest.json
Filesize100KB
MD57b9135b566d33c574a50f6cfa56ea8af
SHA1a8a13de1d2c771c3e4bd27b33146707ea3f84230
SHA256f6d7735df5039096f95fade1e647cf6cfe44ab7738dcffa72af4aec6f5e166e6
SHA5126930530764ca0490ff5e8a5aa7a829bd01478af26a0fc24d4f908c262f7f4254d0c56617bb8b75052e3003ef69c69e374bc8ea0a9b15071c04e0582a49cbbb54
-
Filesize
69B
MD5f9c08b8d61000a54cf3e98986d1233d3
SHA19c9f52d8f53a89ac3b91cb7325faca64765b76f2
SHA2567099467e63e63dc986c43e930436079d2d1896a4c767aac7093c5d98185ebc5c
SHA512a61e3cbb63463e1b4af79ee679bb654d7c4045d32463c51db0973d6082cf6f2bb7a2de9f1814736b57c35f4978bb0e1700c863910c5b09375edd16d4d91586a8
-
Filesize
20KB
MD56d0fca79faea45342ac7d8c5ca14a3a8
SHA1c0644691358a5fecb088d953b39492083e046daf
SHA25632353d84410361ebf591781f5d5e0ba180a0fc3d1dbcf7e2f0000720248d3e43
SHA512fec2d4af958badd190c6f36e3dc44a22fa8be4f65bbdf01adfabbcc645c0b19ea9f8158386cafaeab8f651baff5515582bbe1b20f1b635442960f80cab8b33af
-
C:\Users\Admin\AppData\Local\Temp\131e6214b63b3e017ac37f93\vs_bootstrapper_d15\Microsoft.VisualStudio.Setup.Common.dll
Filesize580KB
MD54bade82b2e754e515b43d0d8c6204f3c
SHA19c3cd921503aec08de934eb988888efefae27327
SHA2563d224ed38c0c33e2815d1d441a3325a070a250c9883df0bfcb015011077686f1
SHA5126f195adc09b13db9c0d57e0922444a476d57b019f94a1d2595d1924c1e3627d255eb5fac35c167e765c4a84c911bc8e76e965de9a799de631cdf4ce626051d05
-
C:\Users\Admin\AppData\Local\Temp\131e6214b63b3e017ac37f93\vs_bootstrapper_d15\vs_setup_bootstrapper.exe
Filesize403KB
MD56bbcfe7ef974f24eca796d587456162b
SHA1b5d5bc64550245a5e794d7e0b4d4e5a7b20cb8b1
SHA256fc9d044385526fa086c6ef4203a5eec913f1e2f826301b5a4256d52073437afc
SHA512d5ddf95e0449f025f60fed1e0b1a69e9182d83e461354f19916e87ffc03e5f5c55ab3654c2f67731e192747dd701540bcfd1287296c9c8d968cd3c03ab55716f
-
C:\Users\Admin\AppData\Local\Temp\3ba0baf7386941421519a26f\vs_bootstrapper_d15\vs_setup_bootstrapper.exe.config
Filesize3KB
MD572f9933c6e247a13353d9725cd22c2da
SHA15b76599644e7c70cd5f08e5a80cec225c891a9da
SHA2561f423b67ee6ca6a714507ab08fbd383b6d442bd98d321f0a640d533d5a516650
SHA512afc7b5959506d197246fb482b0a2ca8f1ebfb5957234e547151d1e7a40047a2974768ccdf5c321a984685d99d4f7a1b0fbfb7fe81c40387a229808e45814a6de
-
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\HelpFile\1028\help.html
Filesize22KB
MD5eeaf8cbf54b4e891ff6be38cf44e3814
SHA17403ea3866651a9cf02c760721ffdddca1fca5c5
SHA256aad5b2acf30eb9c2dd35ff3b5c6c1a76cc4f1ae0ab6f382a635f5c329439f3af
SHA512349fcea1eb09619e12815fc467f6e7aa39cf3baf8b6557d00977438f81142f27c3210492735eaf096bbb0a5525adde6c2093072aaa05edffc8e753020914a43a
-
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\HelpFile\1029\help.html
Filesize23KB
MD5432e50f4764d69625e5143571f823b6a
SHA1b0a9336cb2c54aa7f65c2cd3856ae17c47aad751
SHA256c877fe7cd9544369a42a61b5c51264d74bfca5b4bc5d4dd1fa703428261d6abc
SHA5125818f4da7924cb49ae6606b0a8df56b9204bf9cdf11b213b5c503e11d43c3088b8196a7350a6f461ba025cb52dabbb14429a128e88cfdbb8cc9fcb7b6398a312
-
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\HelpFile\1031\help.html
Filesize25KB
MD56f489a55562732d253ad828581176a9a
SHA16177fb738adc650c574d5b29965f3c88ae3518d5
SHA2569502ac0910bcee0eb3123f7b68a605d71c8df72fe7b33f4173afb4a01390581a
SHA5120a3c3a51e09ca5f22a92c9c8cc0bdbba2fefe2370479026044f7703c0528c409a2816318fed921c4d3025d27ec535a6ce1bdbf61a7d009ae9d40ba2177e5eb9d
-
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\HelpFile\1033\help.html
Filesize23KB
MD54f7415e811acbdded478b40c3e7b287e
SHA1d0ed04c38662f1039c40d9ad247b47dc88c6be5e
SHA25655846d86dbe60b1b663018d72befa0f53a61d34a4eb093563b93a41b2faa34a5
SHA512a0c38d7591347b9a4b7cd906fe95d8f479f0270aefc39d94d2c28e76e05abe337e5557d0b24a3cafeb045f1163094ac79c01a5bd11b28e4c277d430d1668c4c3
-
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\HelpFile\1036\help.html
Filesize25KB
MD5f3f48126539e0ba3a98dd002fd224c3a
SHA1bf8079c93203a9778e44785a449a46729ba3c016
SHA2567a13a7da236e87310b88e620520c8dab78f47210c57e1fabbd1ac3162215baeb
SHA51225a9a2ef201dd5bded852f6085f424d82eb1f0a10e675300c29113bb190970ceb0d28b4561ebfc5702ac56b16f9e176173b600e3e61f03566ebcae4e9d5ccc6c
-
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\HelpFile\1040\help.html
Filesize24KB
MD588289fd0d816a06c1a7b303397d0c122
SHA1df516cbcde29787ec24a8afc744d20f0156d52ca
SHA256df46ca96704cbef3b79e0aa7a8b8239e7acf12899b6c02a063f138c1f0f9fd34
SHA512135d6bbdd528048a1c5f000a14cf014dfa43ca0bc9e5b4957c1d83ca236390090f42861ad86731f500783f4af2fd693d6141d5d166908c9ff77ac0ec33ec0cb2
-
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\HelpFile\1041\help.html
Filesize27KB
MD592e54a7db253a0a47c03b44d9651df3c
SHA1fe708e0ac308b7b72cf1bd7f93e2965a67b36ca7
SHA25636c917f205a9c9d5f37788ca45ecd57d0f8eeb498f8320849bbedf49e012e9f9
SHA5128df1acb2db601f410d765a59941ee5efad1d881defc9b2a7a02cbc77cfe901ea087cb9134e8c68f4c76d6a410c35e9040d6e55747dea3cad6c6e21da5622045a
-
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\HelpFile\1042\help.html
Filesize24KB
MD58125e76142c8438863f35ce5b8e63e57
SHA188c104928f0889b2f0565e3d07721e3209995eb9
SHA256929a97c8a9a4ea4f72e2f17dbb20e76e604b7f1255f20874aa1c44aec0f456c1
SHA512a6a3b8ad6500ade7d256a774b8d12d07b8596b4bb92aaa849f51864550b16248183b85fb44f7cbc819679265ce04f0614ae2dcf88d496009d1fbdec75b3c4447
-
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\HelpFile\1045\help.html
Filesize24KB
MD59147bc24eace34955b865daa39dad8ab
SHA1965e855533c6f247a3f4fc785b805096efc43850
SHA256322db9ffdb987d0c824a4de3b8db40722bcaf95833dcf90e7b5f250a841e592b
SHA5122dc633abeb49b54ee4afaa21bb9dd4d43b7769a6df6ca1f3e777b7aeeabc0b8b0df2ef405e0fe4d4deffc680fb1f3b9e4c4d03d8fb8d13fbc9b11a0711670105
-
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\HelpFile\1046\help.html
Filesize23KB
MD5c2bdeaa46b13e3cde01e3dcaa734c0f2
SHA1f91bb4cf0c65422a7f16d362903cc8a62e6d3b8b
SHA2565a0802d6ca8d63d8476eec79bdbd6079a17dc149d5d8c7df13059d47bbb09f3a
SHA512158a0d568d7c9fa4255299b317ab097fecb13a0072d19e09ef6387f75b0a847580a4c38c63618f4035698d1605f86fc40e723c74666409e0a40753438b4b5a29
-
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\HelpFile\1049\help.html
Filesize31KB
MD566d963430209555cdcb8a5c0219bc60c
SHA1b20a6cfcb7a8991d5d347382408e2a4f47d97df0
SHA256d9ab0a8db5a8409c5849aa4e1512576225e5b320ea79b0cdc83c2b4848401611
SHA51262658581367de57df6be2521b876b6347658f81fc962bb3274b5c9c576ad94561aaa5352b3440d05f85e79c9b334381cb637e03796662ef2010f8cffabf9fd2a
-
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\HelpFile\1055\help.html
Filesize23KB
MD5c7b60e697671394781260d5b2cd21810
SHA171219978a2e4cd53d3d6ec2084dab672e17935e6
SHA256ccf766b55cb0cc623f2705206a2af04f2c83801580bc40a5ac20f644b814ab8f
SHA51265f3adb35f1580bc757d37bb458eb1b2a1bbfaffb56eb514b9ca55c663ed15ab6d3f7e9557167cdfa7e4fbd8c4ee671b9fbac20440b62f1129922e4aebf9bdc2
-
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\HelpFile\2052\help.html
Filesize22KB
MD51bd86fbd65d005648103e050d9beb9f1
SHA113cad440b20cfe8337e425430892c946731c0ad8
SHA256740117157b31bd5c634a232a0ba98a692b28ed2b4829ef52372200eb547d07cf
SHA5120bdb59979f5a6eca3e77c23d0d3463c9d8887c1e65bb12de3706c1a19067f78aba63022579e8ae6299cfe7b22f84c19fc947426d22d38d4d753fbda337175f79
-
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\HelpFile\3082\help.html
Filesize25KB
MD50474106ac825b4f7727ff94576fc15c2
SHA1ba346d0ab401dd35d6a7305414c4237177031a68
SHA256a597aa82f35641455e12bd78662a05142f64bc221ff91d4ec4f2a8fa2983297f
SHA512253b9892b92ffdf22fe2444065739368749d6075149d4c647fa89a21ea0324fa4aef8af32338dc6ae2eb365ecd0ed1f87cfcaafba9da29009925f92b3fd7fd23
-
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\Microsoft.C2RSignatureReader.Interop.dll
Filesize18KB
MD5e237f055c57e4320755647d6e752fcf1
SHA1789861d0ab7fd408872f9d4b374615366c8dfbe3
SHA2568e393ca9cbc9456ce0747d5003c70c2e13792dc32fc3c00927afaf312d25877e
SHA512850bbc16d516a58314856199d8da63c8a7f4ffd9268b09c041c8f8172ebd535ccccd8eb10b6ce04855eeb45893971c7c125344dcd17c69676ce722a05e96abe7
-
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\Microsoft.C2RSignatureReader.Native.dll
Filesize114KB
MD53c936c43ec8504458ffb250f51001e4e
SHA12fb2e612f53dad4b090d744fafb899d9c15dbf14
SHA256aade20e7cb8fe8b6e148369dc4aafe59d696a1f03a7fe5ed724bb6e61c7b4757
SHA512ff72165d3840080227aea368cac76de33ba88ada73c8b0267c18c09b62677bb0d5bdfde8a287a3986b9e5ff732f7e9647b16898753860bcd19e45d153b912840
-
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\Microsoft.Identity.Client.Broker.dll
Filesize65KB
MD50616c47711cd8e496de1cdf7a37dced9
SHA10540a98ff83cefeadc6017b2b9619646d8a3d1c6
SHA2562f8f83d478736eddf80d531b5772af61d4f70fbfada671c9ec3d16e1cebd7ef3
SHA512115c05a679f7cdbc8b9f7f55f28058a04c4d877502bcc960fd4fbcd471e4428e40e854530e12bf3ea5ae55bed081da4e41d84dd2ab3ee84627bcdfb87a3a45c8
-
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\Microsoft.Identity.Client.Extensions.Msal.dll
Filesize64KB
MD5352ee196cd65c98b729065aaf6f5c9e3
SHA15da4c568740c6c91e02ef0e9e1dac38c52ae33c1
SHA2566ceaa8b598e7985d5637ab1659566dff9c1fda37edf0f044759b56444f739018
SHA512db12aec8d7e230994e240c7b7fedc5420d3415ff199cc6279b8ae684e81681e139d562d9de39e4eaee1879fbe7a83eef5204e7e17ad475257853519292e107b4
-
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\Microsoft.Identity.Client.NativeInterop.dll
Filesize88KB
MD5dd37abdb7a4b5eefafc7f153fa0e07de
SHA12d71fee552d4fad97d93fdcabd08704c5d2b082d
SHA25600eb9713fb3d0215106f948fa3051246f4e16e2527b3c055206f3333205e5fe8
SHA512609194ba7c4ac726cb83af23a70add8924c83017f2d0a3644fc29c2f26ad2ab691e727995a8fa4985e67ebc80b95a6f93aebbd616cda6f740f6da90f18e76e3f
-
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\Microsoft.Identity.Client.dll
Filesize1.6MB
MD55b4952b8d74c11bbd787e480595012d4
SHA17fd1411f4ba65e0ffdc706ffcbfa7a99ca689422
SHA256bcaa10ede80bd7fc552f6c685dd5528a99beac2e2a60c5906d979fa6200127c5
SHA512221956e8c9137dff1001a5756dad32f4ca672b6c9ac3140088d1f67d54b39184863717c53b512fe675a70d0919a36f1e38be434c336e589b771f3f5051e3e08c
-
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\Microsoft.IdentityModel.Abstractions.dll
Filesize18KB
MD5a11bd4da1799d6983a662073ce40281f
SHA16e85aca84bb83fd356a5f3018351a3152c696cc1
SHA256d3265f1cab1188ebac29c78e0f114ff3a0b2701c8a2f5442bd4080afe92519b0
SHA512424bdb2db612da935c570fed005de6cc2b0bb718c0e9c9c6942b0658169a41ac0ea1ea24a4542f7181c4ab102d3ca9190de695026304c834987e32417ef82825
-
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\Microsoft.VisualStudio.RemoteControl.dll
Filesize46KB
MD5355c1a112bc0f859b374a4b1c811c1e7
SHA1b9a58bb26f334d517ab777b6226fef86a67eb4dd
SHA256cc52e19735d6152702672feb5911c8ba77f60fdc73df5ed0d601b37415f3a7ed
SHA512f1e858f97dabeb8e9648d1eb753d6fcd9e2bab378259c02b3e031652e87c29fbabfc48d209983f7074dfc256afd42fa1d8184805534037771a71db517fe16c8b
-
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\Microsoft.VisualStudio.Setup.Download.dll
Filesize307KB
MD5ff4d620948eba2e756b548bf413d1695
SHA103963ceeef9ce06cbc1db072e8e8838a3b43a384
SHA256ce87a7f28c3a639558744e92fe5fd14956824ef2b591923b5ba8988fd3af5b4f
SHA512053a3b0978d94788d21a4a4cfbe2c9dcebf3613760a965c0f7f28ffeafb149cefb948314812e5e885f6cce0be2cbc05595d92a8260fad9025701c2389a4c1c3b
-
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\Microsoft.VisualStudio.Setup.dll
Filesize1.4MB
MD5d5d28455b19ad62d79bd8d599d4fee08
SHA12349898c05657113cf96212a17b19904310e9684
SHA256ab86f841443e1825d918122bd1300ce56384fd8117cee1f96c05d3725308c68b
SHA5129ec54ad3d5619fde9b2d85c38f212650d7d5abbc5f94203680499af9f753509b6624638e1b59be97588c9b52b83816b319e6715214fbd7a13dfa211fbe3f7987
-
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\Microsoft.VisualStudio.Telemetry.dll
Filesize950KB
MD5903f254110813906331bef23e680bb9d
SHA16e4adfae4281d0b5bd0d8efd8f8eb919e974bd7d
SHA256148081b9aaaee96125f7d2f09acffb95d7ce1c50d4e7b4b3ca8f3e372e2b8425
SHA512150f5b438199faf8922390bc2cf93684de4a134e9c82f0e608954f02c47f630c8be22afe0349bd049bb1bc57dcd0951f9cf119713087940a769e076bae00c662
-
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\Microsoft.VisualStudio.Utilities.Internal.dll
Filesize62KB
MD52dc1dc66b267a3470add7fab88b78069
SHA1dbe80047475b503791038ed7e47389c062c15c72
SHA256b044863f98af8d28f4f2f5e2dccb945c57439e1575afb37110e1eec306a6c89c
SHA51244ef73aab50dcc13ccd94c0353c366818afb27ce73772d722755b04add0c4f294c7814c84da6069d9aa6136f2a48683c25062dcddd1664e8d32fed1b38ceca21
-
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\Newtonsoft.Json.dll
Filesize695KB
MD5195ffb7167db3219b217c4fd439eedd6
SHA11e76e6099570ede620b76ed47cf8d03a936d49f8
SHA256e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d
SHA51256eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac
-
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\System.Memory.dll
Filesize138KB
MD5f09441a1ee47fb3e6571a3a448e05baf
SHA13c5c5df5f8f8db3f0a35c5ed8d357313a54e3cde
SHA256bf3fb84664f4097f1a8a9bc71a51dcf8cf1a905d4080a4d290da1730866e856f
SHA5120199ae0633bccfeaefbb5aed20832a4379c7ad73461d41a9da3d6dc044093cc319670e67c4efbf830308cbd9a48fb40d4a6c7e472dcc42eb745c6ba813e8e7c6
-
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\System.Runtime.CompilerServices.Unsafe.dll
Filesize17KB
MD5c610e828b54001574d86dd2ed730e392
SHA1180a7baafbc820a838bbaca434032d9d33cceebe
SHA25637768488e8ef45729bc7d9a2677633c6450042975bb96516e186da6cb9cd0dcf
SHA512441610d2b9f841d25494d7c82222d07e1d443b0da07f0cf735c25ec82f6cce99a3f3236872aec38cc4df779e615d22469666066ccefed7fe75982eefada46396
-
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\VSInstallerElevationService.Contracts.dll
Filesize23KB
MD5da2cdc564df4ee0fed7e1527c553c801
SHA181eb6a43beede788a279779cb2be5660b9346d44
SHA25658a0c79bd537c9673b73062a0e014601ce60baa4c5a9ea314837c2ac42241ae7
SHA5126c42cb1d1c70409895c47f3beecc9514ccbce8fdf4596d8032183207dbb54c0291bbe240fb2dda3490d4507e51648d5df38b8ef8c5df3dcd256317317784d4c5
-
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\cs\vs_setup_bootstrapper.resources.dll
Filesize60KB
MD5a9fc7f4de9955294d5e5f72546825a45
SHA1ba122e5e0c31bbb08a1422307caa956f40796250
SHA256db67f1bac2c71a3aba4b5aa21eb427d3c439015bf4cd019ce6c8444f98887a2e
SHA51221f7fc7fed7f8aca68860711fc11103ea34452a89d7beee0e7bea5ffd3a2e3237cef72da582f0dadffee9199c75be154a61186e8a1df7297bfcd7f4326e2a671
-
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\de\vs_setup_bootstrapper.resources.dll
Filesize60KB
MD5af6b7872d9b6b3edb7dde2ced75e7f28
SHA17a6188da89c380fff520b2d9d21d54c619ac7c05
SHA25637569429e1551e6c4fc5414c2a5c737c9894d4f43075b40eeb58e8aa76d6804f
SHA512cffffc22cda1a0d9d150dd9b87d4c412232f283e0a263cc96d94dfaeb329ea1d0b111aebbe808b5020af7390710e2bd5f4ddb542830d4b258aaa498a5c54d3b5
-
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\detection.json
Filesize8KB
MD5782f4beae90d11351db508f38271eb26
SHA1f1e92aea9e2cd005c2fb6d4face0258d4f1d8b6c
SHA256c828a2e5b4045ce36ecf5b49d33d6404c9d6f865df9b3c9623787c2332df07d9
SHA5120a02beeca5c4e64044692b665507378e6f8b38e519a17c3ceccca1e87f85e1e2e7b3598e598fc84c962d3a5c723b28b52ee0351faaec82a846f0313f3c21e0e4
-
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\es\vs_setup_bootstrapper.resources.dll
Filesize60KB
MD54fc3fd8d5d65de16beaa28c5617b641b
SHA148a4235a8f04da93b16f2a34035b8567e8ca122b
SHA2565a0c6fadf77292c5e552dbc1ead59ebc1d653a381670259b738822924dc38675
SHA512e02ad4c96637a52f3102505c20c83f02da916ac6c218fe42a6ea6eba3b4b61a240291099492495d20e3f3fa492405a2fce63420bdaac560e58554028ad6bb24a
-
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\fr\vs_setup_bootstrapper.resources.dll
Filesize60KB
MD52f9099f68f30e8cc203b2cd371610ebb
SHA1d67128c246c6ce1f93af1802e8220ad8755bb510
SHA256389902ab84511eb0f527da87ab52bdf9be9a6f44d21dec8e4fb1011e998b0099
SHA512f7b25a7d475f227e0ed745b0a5fe9779bf447ba7697da7ce99e7ac12a322dbf266a9ca2e5052069b0c99c665dd107dc95547083d888536735d32f127bfa488f5
-
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\it\vs_setup_bootstrapper.resources.dll
Filesize60KB
MD5523439a1f41f8c6c524ce3cbbc6ed7c5
SHA1e154ffe4c62fc576f3a0a8c0496cb8d7474e6cbe
SHA256182ba7e12c77411107721396abf49e595dd9b1604229a49900236b8a814ee80b
SHA512cf76d6fde575b813125b5695eb14b3fd84ea60c227ebce90d09cb8bdd5d5cf47a7df2ab0f150ccfe1b5685e87ef7da445205241a09c45916982187f57b9f4514
-
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\ja\vs_setup_bootstrapper.resources.dll
Filesize62KB
MD56a616a1e7532d40553a5dfd7181303b4
SHA1bfa82ffa9dceb0eca03ea63652e26affa13622a0
SHA2563ef3876e3b5c9e5c4c60033f611a212eb689ec28b7fd42bfa4ac27d08b6ebb12
SHA5127650a6dea181bfb87947b35d99be1274ee3625aa8e12b0324dd5859eeabb95f5a605a7c4513baed6d9b01f8f9c69b9b57298274bca459ebe040ddd4a376a2b93
-
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\ko\vs_setup_bootstrapper.resources.dll
Filesize60KB
MD51f4952dad29e29101a5b493b4fcb11e1
SHA15f28fcc8a7410b08a3522c40004b59aa5eadedb2
SHA256dac9f9570685279b74e517b88b9ca90aa3d3b99fb26029fccc0b9992d4265560
SHA512d662001961182996252a92eb7a05a8133a77e9d1818ef184778c7590c6f2f45e986e73cdcfb86b6cb0dbd7275bc1ce4519b83b5ee912b1bdb4550ba81ec6ebbc
-
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\pl\vs_setup_bootstrapper.resources.dll
Filesize61KB
MD5bdbdf55ac5acadda75e93ebbcdcefcd7
SHA1e1150ceb541cf54a0d0f5267e0dada2dee902348
SHA25683c6d89bc3f772acd074ace0b52b13b19c9dd0b449c9a19a4fa14d7c2c60926f
SHA512168cd2478bf0a3cbb71ca36cec109cc6e950431bbe96b562412b2ab994549f9883bed612cc0a74deb45cf82299424bf70bd9e4f4e5b473e34dda6c0c1eaa9f2f
-
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\pt-BR\vs_setup_bootstrapper.resources.dll
Filesize60KB
MD5fb510464649d2f7b5121e2214a626515
SHA1bbb5ac77a8ed7a1c044b9942b9f93a10df782998
SHA2569f8a2bad392fe88a9a97d9484c5a03c3c3dd70a4b4c79ecec52e48ddf273f006
SHA5123a4343ce03b754ad1020d2778d1bc781502c51c1204b05d09eb1339922351dffabcad2141ca39e211597ec29cdf7dd0670337be633645a3a5ff6d07122cc3c63
-
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\ru\vs_setup_bootstrapper.resources.dll
Filesize63KB
MD520de8d19ae8224bf3aeee2611cf1e5c7
SHA17fea35f9d9e5f3cd156931155a8f0da5505f2fcd
SHA256793d53914b75e17bff3055566c7e0939215cf1ac0864a859992dc2c4887e2632
SHA512063c46194e6e6a5299df263279c49ff7075f1fc0fafe979bdfcf38d45eadc7a942bb16c1c0a1214ea806ceb9003599096a2e52cabfd6474919d3a537f7c73a37
-
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\runtimes\win-arm64\native\msalruntime_arm64.dll
Filesize3.0MB
MD596221a9536911bb7b04b78f0026b9439
SHA1208d52ab83b1ee7e368c4ee4ad8c257b96a228ae
SHA256a7adf1c32576e2350a692bbe575c6e47dbbc252bc7d3fa220d76635e08017966
SHA51268b9f2b13ba79974c4b363104ee443fea7c5ca1cf3eaf8094149ada7488651edad9c8a9dad7c2ab70d41b9d58cb80b4410b80630115ff0d35a4378854788972f
-
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\runtimes\win-x64\native\msalruntime.dll
Filesize2.8MB
MD5c4b719fcbf6e1a0929a0e0fb63238f04
SHA1a80c8f75053217c9ed6372ade34a9dad08bfae93
SHA256e27d3fe39da1d019c3b419229c70798cab2ef739c2ff57d0f0197e203b7dd0c1
SHA512ab13a2f1fd234d0e0443cd73c9e4ae67b4bd5b1d5a670b6ecf5a572a76a2c02db006412b7798fbdfe72ffa9c1cc76eb151735a00f7a06ce3b9c6f19c8b041c57
-
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\runtimes\win-x86\native\msalruntime_x86.dll
Filesize2.4MB
MD524178f8a52b4ca98d9b928e2bca7b43e
SHA1c731ebbda1a3b8ef4274c8ece233e6fbe9a91b80
SHA25623f826bfe027ba35aef0610f9a55fefeab868e831bed65ab284e9d7a83c5e7fd
SHA512a8f0d7069de8c20daffe4bf66746a594466f3a26034ca7127d5bb202693f507bf38e99b5924d4f932504dfd503bd904fdabd061779690c0f758fa2795e1ca307
-
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\tr\vs_setup_bootstrapper.resources.dll
Filesize60KB
MD543be7c3cccdec3a5475e613a47f61578
SHA1971c6d7cf60638d31d924efd267bd4c9724586c8
SHA2563bf97c53ef37ddb0d1f6d02e1ac9a7d8f42c31eb4083801e0545ead28e09ca76
SHA5122d041d03e2988a5ec818a76d072c232ba413d6cc8430ef90a8b5a2b951a2484a458c117b51a740568c7916c7e2652ef2fd390ffc4dfa8d0bb4d96aa53f6035ad
-
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.config
Filesize622B
MD502a1ec74f1e2d09cd782083fbf92f2eb
SHA1f993b64ad4cbe5fd20cf48849ae25836f82e0194
SHA25679df1a0474df200a5c4098bfad7a979f7a70dbfdebecf0f0efa5fe701dbedb4f
SHA512687e0de3ca40b55174597a0876d5415e4538c637702f52fa8656f01456554bee539af10b5e4b0158724f34cfb6f4296423b3ee5551b8294cb98c63dac463ec66
-
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.json
Filesize162B
MD5ad891c3b02a02419dc60db8c273a8315
SHA1141a08ca0e25d56bdb35fc71e1c767667079114a
SHA256186c4b16ee009564819730b358dbdbb0792fc27e602698c5f0a16e20104647c7
SHA51264cdaf1d6d1b4072e24f3926f91103abf946ff044cda34a9070586c2d2927bcdfc53381c955e447a38965ee426373259759025f97b715158afc429080956196f
-
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\zh-Hans\vs_setup_bootstrapper.resources.dll
Filesize58KB
MD5e997c076661026181c9527921d480c41
SHA11386ad5d62e0ba065e43d0e1ff72d57d6d45e70c
SHA2569caf736134f72ce916367d66a1d5c4e80c43850203dbc841166756213702639e
SHA512dc429fe580a913ad7d3370488dcec6de83b9fda82e6e2444b1dab1934ea0cf81a4fdf347d0292468072937c6db7f92f64cead7f9704b6c63a78fa81623d9a732
-
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\zh-Hant\vs_setup_bootstrapper.resources.dll
Filesize59KB
MD573a69907f71eb330ebffea26d5153d9e
SHA186086610bebac11685f8f646d2579eda90900778
SHA2566bfe6354a5a57d15ac1d97eeb3ae784a2c92095f45d2f5a7f4bf480c809cfc0e
SHA5126e162b7f027ef72204ace2068f1017053ad45f87fb21b440d2d4bf41cc7ccb7b2de2b55e63050e310f5029ce40c78097308c7a59ca2ebbe781a07b09d1ae5967
-
Filesize
22KB
MD560b79e17d692c0e208824e71255869c9
SHA17da721dc9965d5661ba7d60751d05723dea4e3f1
SHA25682da867a24c47e9aa24736abd8debb40a73d801d91bba4f773288ead7820d966
SHA512d7178f165c6be534f92a5c6f66877d4a291279c0655787de4a469e81e5491dc0a680b4aac646ad3dc8b7e0cfd6e58b84cfc9f96b61cd88e76e70a4f72626f000
-
Filesize
44KB
MD5fc30061d3eb4ef5cc1abdde06a76d6f8
SHA1c2e66013c101e7e4cc82c06213e63c5c4bb334e2
SHA256d1b50fd4dd343112dd4efd867b682de7742d5cac20743218133ced7462635065
SHA5126f327af1ed4522b66467c675fae879b96de44de0640f2a4a9906ceda6459c27a7c0f272dd554fb7a4ebe1b5f3ad8200f637a3e74592e31499592b8f844444bc0
-
C:\Users\Admin\AppData\Local\Temp\jgokzb0z\Microsoft.VisualStudio.Branding.Community.C1F1038951DCDCF800E1\payload.vsix
Filesize3.0MB
MD5e2f1bcb1753571fc3f079d324f21bd63
SHA1948151dc3bc1cba13e939512c004fc00f20cbf6a
SHA256bed2bb07d582449cbe6793fb4d9b9e1a8c52294bfd819cdf2eed3ee70b8430d1
SHA5128b13b6f924696d74a0d4ab19da54d53220eba5f931d1b08aa23ff064716d389f73148e4d8345e2463186eca6877861edc9ed072cffdb8e7654e580e3a4aecb33
-
C:\Users\Admin\AppData\Local\Temp\jgokzb0z\Microsoft.VisualStudio.CoreDotNet.C373FAE4CE04BE9DE0BC\Microsoft.VisualStudio.CoreDotNet.vsix
Filesize3.2MB
MD5e103a5a02d8b54a1a4752923a60570bc
SHA100bd934e144355bb2a89e6e8e7650d83dcb74a95
SHA2568ced30cd75f27b7842d7a9892ab6e762b663bf251bd84ed1273640695123f89d
SHA512766b0125d5c180360e68738090f328f7b25cb7d508a04be4442d2271274a2ebfe2c714219098d1ee0b1e0875111f9083a1f594bd5fbdd6b9783f943c50ff7550
-
C:\Users\Admin\AppData\Local\Temp\jgokzb0z\Microsoft.VisualStudio.Devenv.Config.8D5233B850B22161F07C\payload.vsix
Filesize9KB
MD5610124ae4dcba3afde6c5c15708cc9ff
SHA17eada08aaa60be0ffcfdd52733f721ab442547f4
SHA25676b9c94bd6dadaa58304323f87b9d7760ccb56275411df74bf8ee910eabf81ee
SHA51213998a963001a10b6695525e3d75b52735c6adb1c6c643ed384839ab34475653cca5993f3f825763e3548cbd173dd0defa131231194807dc38bf526de8038245
-
C:\Users\Admin\AppData\Local\Temp\jgokzb0z\Microsoft.VisualStudio.ExtensionManager.Auto.031A045E57606EF777E9\Microsoft.VisualStudio.ExtensionManager.Auto.vsix
Filesize1.1MB
MD5e56f2eafc4f161cea6eae0340ca73d8a
SHA180344d2073e25204ee756399972ca41ade5b5964
SHA256d7d844d8da97c77247a44748796c4a62098ae555de4ab46addd51012628dce4e
SHA5120309c5fe8f23be8be6afe794a149a891e08023290e7a54f0c328495b10ed3b7b9d72a84b611e27cb333903951fd3f48a6d2e6310f89506b8f3d2ae6cee39111a
-
C:\Users\Admin\AppData\Local\Temp\jgokzb0z\Microsoft.VisualStudio.ExtensionManager.x64.3428329F9BDF75798AF7\Microsoft.VisualStudio.ExtensionManager.x64.vsix
Filesize1.5MB
MD5ab955c074d211b2529dc05dd2825ec91
SHA16ebd22a588d35b914ad395541745251ff8abf3f3
SHA256cd60c1f1e9828c3be01381b9d58987e96008072937becb1826f5532bedc1b59f
SHA512e88b62ebb10df398d2e9d4a4b5d3ca73d276dc4ae7a17a92e3349ea9495e6f6485c6bfb9010ec899784b2b8df4d2182e390fae00f4241d9deb30930dfed5d3c0
-
C:\Users\Admin\AppData\Local\Temp\jgokzb0z\Microsoft.VisualStudio.MinShell.Resources.x64.13834BE7B1D04E65354C\payload.vsix
Filesize1.1MB
MD572c34d80ed3e7f67a4a623bf71736775
SHA1a29ea414bc7745d18ac83ecfbd268bd7b015b902
SHA256bc1ac75caee2417fd6d3db8e06749b3436f422b20d3855035828d9e4909d81c7
SHA51286f65555c92e3963f4e638a0102f9e0e925be2a57dbb3ca2b75d29ac3c4b6d13d76d86c6c299862f2d7dfb5c7dc9df81283b592ce4130d771d8ecb8a6417b8b3
-
C:\Users\Admin\AppData\Local\Temp\jgokzb0z\Microsoft.VisualStudio.NativeImageSupport.D38C44C53B57A0FCCAB4\payload.vsix
Filesize31KB
MD5b31e3ca30830633f6abaca1e9bccaedf
SHA1942748833aa4ba1f0c81da5f9037623d0c929e21
SHA256e9302b2dd81d6e08f3a1e1a757b21c2f2ac3196ba6e00d4d70d8c252afa0366b
SHA512d2b030101a88f91de19005b86adfb639421a9229a28a4f13d352ca3e60cdca746d2356b78af0679e30ca319422c575ced83c832e5da9d3a323b6d06dd1dad95b
-
C:\Users\Admin\AppData\Local\Temp\jgokzb0z\Microsoft.VisualStudio.UIInternal.Guide.2B1E3182496E0BAD4173\Microsoft.VisualStudio.UIInternal.Guide.vsix
Filesize2.3MB
MD5a610792fddcbc0a66565c38b9d2c26ed
SHA11f33117912b3828d097c7ce616256f18b3b7edda
SHA25622b1da379ad3142c71d7eb74c3d9c834bec259639b94a905e898c0803fc88e9a
SHA5127e771a28c154145834672dd3650f3646b1d5698ff9f5577a5012e3c0d6c0e8d817dcc278e5e5a5f881ecb5d6deabfb280950942fd725faaa7928319330c86a80
-
C:\Users\Admin\AppData\Local\Temp\jgokzb0z\Microsoft.VisualStudio.UIInternal.Resources.46C807004130CA1E885B\Microsoft.VisualStudio.UIInternal.vsix
Filesize1.8MB
MD512b8e5d846b56c7d4a314604980e67b9
SHA1b75692be26a555628c83524cf2376c28b59f289e
SHA256cb29f4e0ded2dae7543e5afe5f17c49a3ad882c668359f48bd590ab6992e1e8b
SHA512b5da66d7eeaa63a3d65c670d32e9f0a35aa2189b96baca9b64dfa7d67437810c69b02c5f9b3065100da610d9658fc05b8b09d2374dfd0d8b609bd73da5f00c7c
-
Filesize
100KB
MD565ba5aeacb43ced17cd76efdec9c0622
SHA1407d7953d6ba3a9f48f55e304b0299a75db4ae6c
SHA256cee8e10e758c07c8b7aed3c0c1ae356dfc01370865e1692e3e290d27a64be29e
SHA512bd0152ce6cdaf6b9e78b2f4a44474e76ca03b6aede51d6811fa12b3a56cf6d4730ef3c504fc7c297c49fd595ed92fceaf6e082fe686a863dd5a438064113787f
-
Filesize
15.3MB
MD54a008080bbd2cf26a9adfe7483ea9387
SHA123d39850ea55c471da3dcfe4baface62aed53d22
SHA256e5085ecda7f5fc5b5011e8c64144c7d6eba1c1d8fe1ef6244637cb11a05f6ed1
SHA5122fcf36f84a0fafad169cfdbf712978fdd71e292ee8e40d7760ca00cb8770725135da319a99c089b4fe1ec5a44e13575e9ec3d81d3918afd149f658a9ba4030a6
-
Filesize
4.2MB
MD50c098394cec740aa80f9a560256294f7
SHA144b206db160ace29fa18e18961978a684e1bb41d
SHA25651a494185140e5be5189a428d935327e4348cee302876adab007e750547abcea
SHA512c496d670209df32a009f199b86fb6c0ffd1413ca6108e9a0e236792df347cdbac7978ac87a3abda3818e6317c1ae88a0730d8138236dba16ca573188c80987b2
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e