Malware Analysis Report

2024-10-19 11:36

Sample ID 240823-f5p7wazcqj
Target http://getsolara.dev
Tags
discovery persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file http://getsolara.dev was found to be: Known bad.

Malicious Activity Summary

discovery persistence

Downloads MZ/PE file

Checks computer location settings

Loads dropped DLL

Executes dropped EXE

Enumerates connected drives

Adds Run key to start application

Checks installed software on the system

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

System Location Discovery: System Language Discovery

Browser Information Discovery

Enumerates physical storage devices

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

NTFS ADS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Uses Task Scheduler COM API

Suspicious use of WriteProcessMemory

Checks processor information in registry

Modifies data under HKEY_USERS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-23 05:27

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-23 05:27

Reported

2024-08-23 05:30

Platform

win10v2004-20240802-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://getsolara.dev

Signatures

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\VisualStudioSetup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\VisualStudioSetup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\VisualStudioSetup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\VisualStudioSetup.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\131e6214b63b3e017ac37f93\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\131e6214b63b3e017ac37f93\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3ba0baf7386941421519a26f\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3ba0baf7386941421519a26f\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\131e6214b63b3e017ac37f93\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\131e6214b63b3e017ac37f93\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3ba0baf7386941421519a26f\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3ba0baf7386941421519a26f\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3ba0baf7386941421519a26f\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3ba0baf7386941421519a26f\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\131e6214b63b3e017ac37f93\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\131e6214b63b3e017ac37f93\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\131e6214b63b3e017ac37f93\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\131e6214b63b3e017ac37f93\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\131e6214b63b3e017ac37f93\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\131e6214b63b3e017ac37f93\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3ba0baf7386941421519a26f\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3ba0baf7386941421519a26f\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3ba0baf7386941421519a26f\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3ba0baf7386941421519a26f\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3ba0baf7386941421519a26f\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3ba0baf7386941421519a26f\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3ba0baf7386941421519a26f\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3ba0baf7386941421519a26f\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3ba0baf7386941421519a26f\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3ba0baf7386941421519a26f\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3ba0baf7386941421519a26f\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3ba0baf7386941421519a26f\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3ba0baf7386941421519a26f\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3ba0baf7386941421519a26f\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3ba0baf7386941421519a26f\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d392a2f42f9247e5c2d60a86\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d392a2f42f9247e5c2d60a86\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d392a2f42f9247e5c2d60a86\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d392a2f42f9247e5c2d60a86\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d392a2f42f9247e5c2d60a86\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d392a2f42f9247e5c2d60a86\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d392a2f42f9247e5c2d60a86\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d392a2f42f9247e5c2d60a86\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d392a2f42f9247e5c2d60a86\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d392a2f42f9247e5c2d60a86\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d392a2f42f9247e5c2d60a86\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d392a2f42f9247e5c2d60a86\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d392a2f42f9247e5c2d60a86\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d392a2f42f9247e5c2d60a86\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d392a2f42f9247e5c2d60a86\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d392a2f42f9247e5c2d60a86\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d392a2f42f9247e5c2d60a86\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d392a2f42f9247e5c2d60a86\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d392a2f42f9247e5c2d60a86\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d392a2f42f9247e5c2d60a86\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d392a2f42f9247e5c2d60a86\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\6EA26FFDFC3C3CADAF6C = "\"C:\\Program Files (x86)\\Microsoft Visual Studio\\Installer\\setup.exe\" resume --installPath \"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\" --runOnce --installSessionId 90f3f670-e121-410e-a1f5-842c8d7b35c6" C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\pt-BR\VSIXInstaller.resources.dll C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\System.Composition.AttributedModel.dll C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
File opened for modification C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\1033\BlendMui_Brand_708_10000.dll C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\Microsoft.VisualStudio.ExtensionEngineContract.dll C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\zh-Hans\Microsoft.VisualStudio.ExtensionEngine.resources.dll C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\zh-Hant\Microsoft.VisualStudio.Services.WebApi.resources.dll C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
File opened for modification C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\Remote Debugger\x64\Runtime\Microsoft.VisualStudio.Debugger.Runtime.Desktop.dll C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\Assets\Installer.70x70.contrast-black_scale-140.png C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\Feedback\x86\KernelTraceControl.dll C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\CommandLine.dll C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\es\Microsoft.VisualStudio.Imaging.resources.dll C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\es\Microsoft.VisualStudio.Services.WebApi.resources.dll C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\fr\Microsoft.VisualStudio.Composition.resources.dll C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\it\StreamJsonRpc.resources.dll C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\pl\Microsoft.VisualStudio.Services.Common.resources.dll C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\Assets\Installer.70x70.contrast-black_scale-100.png C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\Feedback\Microsoft.VisualStudio.Interop.dll C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\pt-BR\vs_layout.resources.dll C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\de\Microsoft.VisualStudio.Composition.resources.dll C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\pt-BR\Microsoft.VisualStudio.Setup.resources.dll C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\zh-Hans\Microsoft.VisualStudio.Services.Common.resources.dll C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\Assets\Installer.70x70.contrast-white_scale-100.png C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\ko\VSIXInstaller.resources.dll C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\tr\Microsoft.VisualStudio.Imaging.resources.dll C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\zh-Hant\Microsoft.VisualStudio.Utilities.resources.dll C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\ru\Microsoft.ServiceHub.Resources.dll C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\vs_installer.version.json C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\zh-Hans\vs_layout.resources.dll C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\Assets\Installer.150x150.contrast-black_scale-140.png C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\cs\Microsoft.VisualStudio.Utilities.resources.dll C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\Microsoft.VisualStudio.Setup.NuGet.Packaging.dll.config C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\pl\Microsoft.VisualStudio.Threading.resources.dll C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\zh-Hans\Microsoft.VisualStudio.Utilities.resources.dll C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
File opened for modification C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Current\Bin\amd64\Microsoft.Build.Tasks.Core.dll C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\es\Microsoft.VisualStudio.ExtensionEngine.resources.dll C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\Microsoft.Internal.VisualStudio.Interop.dll C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\pt-BR\Microsoft.ServiceHub.Resources.dll C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\zh-Hans\Microsoft.VisualStudio.Imaging.resources.dll C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\ru\Microsoft.VisualStudio.Validation.resources.dll C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\System.Composition.Convention.dll C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\vs_installer.windows.exe C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
File opened for modification C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\Remote Debugger\x86\Runtime\Microsoft.VisualStudio.Debugger.Runtime.NetCoreApp.dll C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\feedback.exe C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\Feedback\amd64\vcruntime140.dll C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\Feedback\msalruntime_x86.dll C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\Feedback\pt-BR\feedback.resources.dll C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\ko\Microsoft.VisualStudio.Setup.Common.resources.dll C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\ru\Microsoft.ServiceHub.Framework.resources.dll C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\ru\VSInstallerElevationService.Contracts.resources.dll C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\tr\Microsoft.VisualStudio.Setup.InstallerResources.resources.dll C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\Assets\Installer.70x70.contrast-black_scale-80.png C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\it\vs_layout.resources.dll C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\es\Microsoft.VisualStudio.Setup.Common.resources.dll C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\it\Microsoft.VisualStudio.Setup.Common.resources.dll C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\tr\Microsoft.VisualStudio.Setup.resources.dll C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.imagemanifest C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
File opened for modification C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Current\Bin\amd64\Microsoft.Build.Tasks.Core.dll C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\CheckHyperVHost.exe C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\pt-BR\Microsoft.TeamFoundation.Common.resources.dll C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
File opened for modification C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\Tools\Microsoft.VisualStudio.DevShell.dll C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe N/A
File opened for modification C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\en\Microsoft.VisualStudio.Imaging.resources.dll C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\pt-BR\StreamJsonRpc.resources.dll C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\runtimes\win-x86\native\msalruntime_x86.dll C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\zh-Hant\VSInstallerElevationService.Contracts.resources.dll C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\e595e24.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenservicelock.dat C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenservicelock.dat C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\Installer\e595e24.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{E407C30C-C3AA-4C6E-8394-9685770C9612} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI5F8B.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\VisualStudioSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\131e6214b63b3e017ac37f93\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language C:\Users\Admin\AppData\Local\Temp\d392a2f42f9247e5c2d60a86\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\VisualStudioSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\VisualStudioSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\3ba0baf7386941421519a26f\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\getmac.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language C:\Users\Admin\AppData\Local\Temp\3ba0baf7386941421519a26f\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\d392a2f42f9247e5c2d60a86\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language C:\Users\Admin\AppData\Local\Temp\131e6214b63b3e017ac37f93\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\VisualStudioSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\d392a2f42f9247e5c2d60a86\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\d392a2f42f9247e5c2d60a86\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\131e6214b63b3e017ac37f93\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\3ba0baf7386941421519a26f\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\131e6214b63b3e017ac37f93\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Temp\131e6214b63b3e017ac37f93\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\3ba0baf7386941421519a26f\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Temp\3ba0baf7386941421519a26f\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Temp\d392a2f42f9247e5c2d60a86\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 C:\Windows\system32\msiexec.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-945322488-2060912225-3527527000-1000\{2802EEA7-06F6-4603-870F-6D7DB73EA37E} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 981804.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\131e6214b63b3e017ac37f93\vs_bootstrapper_d15\vs_setup_bootstrapper.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3436 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 4972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://getsolara.dev

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c78546f8,0x7ff9c7854708,0x7ff9c7854718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff9b653cc40,0x7ff9b653cc4c,0x7ff9b653cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2056,i,6705053526160675332,15494597969804457071,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2052 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1944,i,6705053526160675332,15494597969804457071,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2172 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2308,i,6705053526160675332,15494597969804457071,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2468 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3160,i,6705053526160675332,15494597969804457071,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3172 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3224,i,6705053526160675332,15494597969804457071,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3240 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4600,i,6705053526160675332,15494597969804457071,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3720 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6020 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5988 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6464 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4888 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:8

C:\Users\Admin\Downloads\VisualStudioSetup.exe

"C:\Users\Admin\Downloads\VisualStudioSetup.exe"

C:\Users\Admin\Downloads\VisualStudioSetup.exe

"C:\Users\Admin\Downloads\VisualStudioSetup.exe"

C:\Users\Admin\Downloads\VisualStudioSetup.exe

"C:\Users\Admin\Downloads\VisualStudioSetup.exe"

C:\Users\Admin\Downloads\VisualStudioSetup.exe

"C:\Users\Admin\Downloads\VisualStudioSetup.exe"

C:\Users\Admin\AppData\Local\Temp\3ba0baf7386941421519a26f\vs_bootstrapper_d15\vs_setup_bootstrapper.exe

"C:\Users\Admin\AppData\Local\Temp\3ba0baf7386941421519a26f\vs_bootstrapper_d15\vs_setup_bootstrapper.exe" --env "_SFX_CAB_EXE_PACKAGE:C:\Users\Admin\Downloads\VisualStudioSetup.exe _SFX_CAB_EXE_ORIGINALWORKINGDIR:C:\Users\Admin\Downloads"

C:\Users\Admin\AppData\Local\Temp\131e6214b63b3e017ac37f93\vs_bootstrapper_d15\vs_setup_bootstrapper.exe

"C:\Users\Admin\AppData\Local\Temp\131e6214b63b3e017ac37f93\vs_bootstrapper_d15\vs_setup_bootstrapper.exe" --env "_SFX_CAB_EXE_PACKAGE:C:\Users\Admin\Downloads\VisualStudioSetup.exe _SFX_CAB_EXE_ORIGINALWORKINGDIR:C:\Users\Admin\Downloads"

C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe

"C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe" --env "_SFX_CAB_EXE_PACKAGE:C:\Users\Admin\Downloads\VisualStudioSetup.exe _SFX_CAB_EXE_ORIGINALWORKINGDIR:C:\Users\Admin\Downloads"

C:\Windows\SysWOW64\getmac.exe

"getmac"

C:\Users\Admin\AppData\Local\Temp\d392a2f42f9247e5c2d60a86\vs_bootstrapper_d15\vs_setup_bootstrapper.exe

"C:\Users\Admin\AppData\Local\Temp\d392a2f42f9247e5c2d60a86\vs_bootstrapper_d15\vs_setup_bootstrapper.exe" --env "_SFX_CAB_EXE_PACKAGE:C:\Users\Admin\Downloads\VisualStudioSetup.exe _SFX_CAB_EXE_ORIGINALWORKINGDIR:C:\Users\Admin\Downloads"

C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe

"C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe" /finalizeInstall install --in "C:\ProgramData\Microsoft\VisualStudio\Packages\_bootstrapper\vs_setup_bootstrapper_202408230528283693.json" --locale en-US --activityId "7586ab26-6066-4a39-9c44-a7ca40b86e1d" --campaign "2030:6e286be14298477f89dd561dc3300c36" --pipe "9a413dcf-0ed7-43d0-a296-6c9811c15737"

C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe

"C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe" /finalizeInstall install --in "C:\ProgramData\Microsoft\VisualStudio\Packages\_bootstrapper\vs_setup_bootstrapper_202408230528313013.json" --locale en-US --activityId "f31f90d4-bb5e-4be7-968e-23f0aa390266" --campaign "2030:6e286be14298477f89dd561dc3300c36" --pipe "3a4827b5-6259-4bb5-b7d5-844375fda23b"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x428 0x3ec

C:\Program Files (x86)\Microsoft Visual Studio\Installer\vs_installer.windows.exe

"C:\Program Files (x86)\Microsoft Visual Studio\Installer\vs_installer.windows.exe" /finalizeinstall 6F320B93-EE3C-4826-85E0-ADF79F8D4C61 "Visual Studio Installer" "Microsoft Visual Studio Installer" 3.11.2177.7163 0 "C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe"

C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe

"C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe" elevate --activityId 7586ab26-6066-4a39-9c44-a7ca40b86e1d --campaign 2030:6e286be14298477f89dd561dc3300c36 --handle 589892 --locale en-US --pid 4504 --pipeName 4515ff99329c43f88313abdff9f90183 --serializedSession "{\"TelemetryLevel\":null,\"IsOptedIn\":true,\"HostName\":\"Default\",\"AppInsightsInstrumentationKey\":\"f144292e-e3b2-4011-ac90-20e5c03fbce5\",\"AsimovInstrumentationKey\":\"AIF-312cbd79-9dbb-4c48-a7da-3cc2a931cb70\",\"CollectorApiKey\":\"f3e86b4023cc43f0be495508d51f588a-f70d0e59-0fb0-4473-9f19-b4024cc340be-7296\",\"AppId\":1000,\"UserId\":\"9ba3fc80-2adf-4a94-8617-e1690406200b\",\"Id\":\"6ab1ba98-2dc1-4f42-9c22-2027c962e671\",\"ProcessStartTime\":638599877360664394,\"SkuName\":null,\"VSExeVersion\":null,\"BucketFiltersToEnableWatsonForFaults\":[{\"AdditionalProperties\":[],\"Id\":\"a02930d9-c607-41c3-8698-0fd9196735a5\",\"WatsonEventType\":\"VisualStudioNonFatalErrors2\",\"BucketParameterFilters\":[null,null,\"(?i)vs\\.setup.*\",null,null,null,null,null,null,null]},{\"AdditionalProperties\":[],\"Id\":\"64a13603-6d89-42e4-a299-13f77e5ad306\",\"WatsonEventType\":\"VisualStudioNonFatalErrors2\",\"BucketParameterFilters\":[null,null,\"(?i)vs\\.willow.*\",null,null,null,null,null,null,null]}],\"BucketFiltersToAddDumpsToFaults\":[]}"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5024,i,6705053526160675332,15494597969804457071,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1128 /prefetch:8

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe" queue pause

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe" queue pause

Network

Country Destination Domain Proto
US 8.8.8.8:53 getsolara.dev udp
US 104.21.93.27:80 getsolara.dev tcp
US 104.21.93.27:80 getsolara.dev tcp
US 8.8.8.8:53 www.cloudflare.com udp
US 104.21.93.27:443 getsolara.dev tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 27.93.21.104.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
FR 142.250.179.68:443 www.google.com tcp
FR 142.250.179.68:443 www.google.com udp
US 8.8.8.8:53 227.74.250.142.in-addr.arpa udp
US 8.8.8.8:53 138.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 68.179.250.142.in-addr.arpa udp
GB 92.123.142.106:443 www.bing.com tcp
US 8.8.8.8:53 106.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
GB 92.123.142.177:443 r.bing.com tcp
GB 92.123.142.177:443 r.bing.com tcp
GB 92.123.142.177:443 r.bing.com tcp
GB 92.123.142.177:443 r.bing.com tcp
US 8.8.8.8:53 177.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 visualstudio.microsoft.com udp
GB 23.211.97.83:443 visualstudio.microsoft.com tcp
GB 23.211.97.83:443 visualstudio.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 js.monitor.azure.com udp
GB 23.46.73.244:443 www.microsoft.com tcp
US 13.107.5.80:443 services.bingapis.com tcp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 8.8.8.8:53 83.97.211.23.in-addr.arpa udp
US 8.8.8.8:53 244.73.46.23.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 104.208.16.88:443 browser.events.data.microsoft.com tcp
GB 23.46.73.244:443 www.microsoft.com tcp
US 8.8.8.8:53 mem.gfx.ms udp
US 8.8.8.8:53 www.clarity.ms udp
US 8.8.8.8:53 h.clarity.ms udp
US 51.8.64.151:443 h.clarity.ms tcp
US 8.8.8.8:53 19.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 app.vssps.visualstudio.com udp
US 13.107.42.18:443 app.vssps.visualstudio.com tcp
US 104.208.16.88:443 browser.events.data.microsoft.com tcp
US 104.18.33.89:443 www2.bing.com tcp
US 8.8.8.8:53 acctcdn.msftauth.net udp
US 8.8.8.8:53 acctcdn.msauth.net udp
US 104.18.33.89:443 www2.bing.com tcp
US 152.199.21.175:443 acctcdn.msftauth.net tcp
US 8.8.8.8:53 acctcdnmsftuswe2.azureedge.net udp
US 8.8.8.8:53 lgincdnmsftuswe2.azureedge.net udp
US 8.8.8.8:53 acctcdnvzeuno.azureedge.net udp
US 8.8.8.8:53 lgincdnvzeuno.azureedge.net udp
US 8.8.8.8:53 logincdn.msftauth.net udp
US 8.8.8.8:53 18.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 151.64.8.51.in-addr.arpa udp
US 8.8.8.8:53 89.33.18.104.in-addr.arpa udp
US 8.8.8.8:53 175.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 img.youtube.com udp
FR 142.250.75.238:443 img.youtube.com tcp
FR 142.250.75.238:443 img.youtube.com tcp
FR 142.250.75.238:443 img.youtube.com tcp
FR 142.250.75.238:443 img.youtube.com tcp
FR 142.250.75.238:443 img.youtube.com tcp
FR 142.250.75.238:443 img.youtube.com tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 238.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 c2rsetup.officeapps.live.com udp
IE 52.111.236.68:443 c2rsetup.officeapps.live.com tcp
IE 52.111.236.68:443 c2rsetup.officeapps.live.com tcp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 68.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 az667904.vo.msecnd.net udp
US 152.199.19.161:443 az667904.vo.msecnd.net tcp
US 8.8.8.8:53 az700632.vo.msecnd.net udp
US 152.199.19.161:443 az700632.vo.msecnd.net tcp
US 8.8.8.8:53 targetednotifications-tm.trafficmanager.net udp
US 20.42.128.98:443 targetednotifications-tm.trafficmanager.net tcp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 215.169.36.23.in-addr.arpa udp
US 152.199.19.161:443 az700632.vo.msecnd.net tcp
US 152.199.19.161:443 az700632.vo.msecnd.net tcp
US 8.8.8.8:53 98.128.42.20.in-addr.arpa udp
US 152.199.19.161:443 az700632.vo.msecnd.net tcp
US 152.199.19.161:443 az700632.vo.msecnd.net tcp
US 20.42.128.98:443 targetednotifications-tm.trafficmanager.net tcp
US 20.42.128.98:443 targetednotifications-tm.trafficmanager.net tcp
US 8.8.8.8:53 aka.ms udp
GB 92.123.242.18:443 aka.ms tcp
US 152.199.19.161:443 az700632.vo.msecnd.net tcp
US 152.199.19.161:443 az700632.vo.msecnd.net tcp
US 8.8.8.8:53 download.visualstudio.microsoft.com udp
FR 68.232.34.200:443 download.visualstudio.microsoft.com tcp
US 8.8.8.8:53 targetednotifications-tm.trafficmanager.net udp
US 20.42.128.98:443 targetednotifications-tm.trafficmanager.net tcp
GB 92.123.242.18:443 aka.ms tcp
US 8.8.8.8:53 18.242.123.92.in-addr.arpa udp
US 8.8.8.8:53 200.34.232.68.in-addr.arpa udp
US 8.8.8.8:53 chrome.google.com udp
FR 172.217.20.206:443 chrome.google.com tcp
US 8.8.8.8:53 206.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
GB 92.123.242.18:443 aka.ms tcp
US 8.8.8.8:53 visualstudio-devdiv-c2s.msedge.net udp
US 152.199.19.161:443 az700632.vo.msecnd.net tcp
US 13.107.5.88:443 visualstudio-devdiv-c2s.msedge.net tcp
US 8.8.8.8:53 88.5.107.13.in-addr.arpa udp
US 152.199.19.161:443 az700632.vo.msecnd.net tcp
US 152.199.19.161:443 az700632.vo.msecnd.net tcp
US 8.8.8.8:53 sendvsfeedback2.azurewebsites.net udp
US 40.112.143.140:443 sendvsfeedback2.azurewebsites.net tcp
US 8.8.8.8:53 visualstudio-devdiv-c2s.msedge.net udp
US 13.107.5.88:443 visualstudio-devdiv-c2s.msedge.net tcp
US 8.8.8.8:53 140.143.112.40.in-addr.arpa udp
US 8.8.8.8:53 targetednotifications-tm.trafficmanager.net udp
US 20.42.128.98:443 targetednotifications-tm.trafficmanager.net tcp
US 8.8.8.8:53 aka.ms udp
GB 92.123.242.18:443 aka.ms tcp
US 8.8.8.8:53 download.visualstudio.microsoft.com udp
FR 68.232.34.200:443 download.visualstudio.microsoft.com tcp
US 8.8.8.8:53 mobile.events.data.microsoft.com udp
AU 104.46.162.227:443 mobile.events.data.microsoft.com tcp
GB 92.123.242.18:443 aka.ms tcp
FR 68.232.34.200:443 download.visualstudio.microsoft.com tcp
GB 92.123.242.18:443 aka.ms tcp
US 152.199.19.161:443 az700632.vo.msecnd.net tcp
US 13.107.5.88:443 visualstudio-devdiv-c2s.msedge.net tcp
US 8.8.8.8:53 227.162.46.104.in-addr.arpa udp
US 8.8.8.8:53 vortex.data.microsoft.com udp
US 20.42.73.24:443 vortex.data.microsoft.com tcp
US 8.8.8.8:53 24.73.42.20.in-addr.arpa udp
US 152.199.19.161:443 az700632.vo.msecnd.net tcp
US 13.107.5.88:443 visualstudio-devdiv-c2s.msedge.net tcp
US 152.199.19.161:443 az700632.vo.msecnd.net tcp
US 8.8.8.8:53 vsstartpagenewsfeed.azureedge.net udp
US 152.199.19.161:443 vsstartpagenewsfeed.azureedge.net tcp
GB 92.123.242.18:443 aka.ms tcp
GB 92.123.242.18:443 aka.ms tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
GB 92.123.242.18:443 aka.ms tcp
GB 92.123.242.18:443 aka.ms tcp
GB 92.123.242.18:443 aka.ms tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 138.201.86.20.in-addr.arpa udp
US 8.8.8.8:53 az667904.vo.msecnd.net udp
US 152.199.19.161:443 az667904.vo.msecnd.net tcp
US 152.199.19.161:443 az667904.vo.msecnd.net tcp
US 13.107.5.88:443 visualstudio-devdiv-c2s.msedge.net tcp
US 152.199.19.161:443 az667904.vo.msecnd.net tcp
US 8.8.8.8:53 targetednotifications-tm.trafficmanager.net udp
US 13.85.16.224:443 targetednotifications-tm.trafficmanager.net tcp
US 8.8.8.8:53 224.16.85.13.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
FR 172.217.18.195:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 195.18.217.172.in-addr.arpa udp
US 8.8.8.8:53 download.visualstudio.microsoft.com udp
FR 68.232.34.200:443 download.visualstudio.microsoft.com tcp
FR 68.232.34.200:443 download.visualstudio.microsoft.com tcp
FR 68.232.34.200:443 download.visualstudio.microsoft.com tcp
FR 68.232.34.200:443 download.visualstudio.microsoft.com tcp
FR 68.232.34.200:443 download.visualstudio.microsoft.com tcp
FR 68.232.34.200:443 download.visualstudio.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0446fcdd21b016db1f468971fb82a488
SHA1 726b91562bb75f80981f381e3c69d7d832c87c9d
SHA256 62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222
SHA512 1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

\??\pipe\LOCAL\crashpad_3436_RGTNVVNBVSBASHIY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9b008261dda31857d68792b46af6dd6d
SHA1 e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3
SHA256 9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da
SHA512 78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0088fd40add0174d1f584245f7eadbbe
SHA1 f8b21d16357df22f6512e89473b9ec24f68f3beb
SHA256 300764c12e5fc970699f08319f2160b772ee84526e67d2d55fb1306e9e7d81b6
SHA512 c0320e99cfd944f713942696410b6fe70623b1e226617ac076de250ad173bc23b1ab52413897b51775a4c3308d4a9fa0bd72595b5fb83a9414e5da972584e7c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9b1966c0abb01dec0058f343a67b49db
SHA1 d710d263b663f17e3e0f9c4b16f77f20cedb68e2
SHA256 82d7d3d586c7b483b4954fa852c20cd43b644e4dfbd5502a948a3383ab956f89
SHA512 c2f50ea2e2fae358ab8095fa5bc8e7cc3cf6df0786d4652c5d603f14689fcfff2e3fa7f825b687055aec9d0b049d52f449b1c9586cb41e026ba75b386bfe8018

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4e25a7e0d87ae95820f6ab258a8e3e12
SHA1 d9555ea5605e36971bffb18c57bbbc6c39e23a8f
SHA256 0d5fc3ebb0c608f2092f50a2b4ac68aec5f325a4763d041734bb8aa52450cd57
SHA512 b9e7770395e4f47cedae47f7e4c4a96551e03efeece8b41caf9df8bad164f75c8a5369080faa89cdb29436979d4606572973ff9768cb0df63ffda846708eb3c4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d4f39e5ea4e65c8421b8155928a6bafd
SHA1 75801ca526be5c9f363b11d66b5c962434b38236
SHA256 9c8065bd71638bf76344f0a8b534553edad599276bf27ce54d0099c9bb554545
SHA512 28ccb5f2bbf06b127c664da66f4f21f01936c02f9f4b956f933e383e3e38ebf68a9bcd4092a32feac34718fc8ae991ce9914cd04fd90fdcf2ace9264ecb5651a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5f1037ef9f53abf2be30701108565fe0
SHA1 14381cc3eadf9ede2780d85e2216f339eda4de39
SHA256 8dd9cf52134be79f6701d9fa2370794bccac5a80e1066367e2c65a8338bfb212
SHA512 a286128c1ed630f89787286aa3d898048bc8c3694f158c0083135ef082fc7c15a12ab2bc6747a5a174f145f92a92fdc56f01007bdd9837d25cc3aa031a1a70d1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6ef03423889b2a6049fdd82357867f48
SHA1 7fe192cfca298a2b31d8002d31d1fb15e9e1fe1c
SHA256 f90f0e934ab3a9067dd977fccc0e377042270a2ba173359f72431da8bb0b98e7
SHA512 21d5acd65e8dd1c42dbe033ac36572ec12e47e8d5c1e6331e92d5b59a865e66b95f37d1bcd97ab06af9413908d92dcf54b3191d2975f39553c49da69c1185be5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 bf3696de34abc2a424d953d22e5ed001
SHA1 fdf5c59209d6c465c43a1fb9911b01ca7b182a1a
SHA256 cca4305da07a597aad9459c3889f65cef336e466217518de3431f6bbe8e42dec
SHA512 9eb3ae6d1b332649df604fabfec381de213a7d5028852ddd82da0435c82bdc92667582d447214ae0eb924ea05dba6634402034e49bd1cb9d8ce60b12f8533a9e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f3b397ca0c72b9f131d3b36485c9cc1f
SHA1 e7a40085075b634edbd7e3a775aa3bec4dc00992
SHA256 ef37751822084fe29c7253db65595816d2e11d43fa081751af51adf77466f4fb
SHA512 c9accdcbe3700a4b4695dd72ccf4f2fdb62c1e5d9e4c1abefac3c70ebdf3724ac5bc92e9ce7ac52a8c69f0d555e4ae6d207042325696b326913146fe4bee5316

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a367fcfa5c08a30b161cd7d7be5e464f
SHA1 0285f456e7bb87c9ab5d09951655142fdefb3619
SHA256 9ea41586bffd9aada1d6ed8894b72f5f843ff4f95ad7084d92e709b5473c1828
SHA512 2816fbd7bf495f07c1c3fba50778b01612818e4ebfa5342a370e2a283dcdfefa01aae0d18e419731a646c81730645ca26bb3d4aa5431eef42c39108cedeaed93

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582b41.TMP

MD5 661760f65468e15dd28c1fd21fb55e6d
SHA1 207638003735c9b113b1f47bb043cdcdbf4b0b5f
SHA256 0a5f22651f8fe6179e924a10a444b7c394c56e1ed6015d3fc336198252984c0e
SHA512 6454c5f69a2d7d7f0df4f066f539561c365bb6b14c466f282a99bf1116b72d757bef0bf03a0e0c68a7538a02a993fc070c52133ca2162c8496017053194f441c

C:\Users\Admin\Downloads\Unconfirmed 981804.crdownload

MD5 0c098394cec740aa80f9a560256294f7
SHA1 44b206db160ace29fa18e18961978a684e1bb41d
SHA256 51a494185140e5be5189a428d935327e4348cee302876adab007e750547abcea
SHA512 c496d670209df32a009f199b86fb6c0ffd1413ca6108e9a0e236792df347cdbac7978ac87a3abda3818e6317c1ae88a0730d8138236dba16ca573188c80987b2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6466fccb6aad552c6084255782db8d20
SHA1 5470d101909556701848e46aa1cf188a75930fe5
SHA256 9447ffa25ab5dc8745435380436acbfb60ae5bcadb50b9e4baa8df74a69bf9b6
SHA512 6824dee9f68c25938cfb90a515eb809e7392c5c1e53eef7eb4a120f7518a11d6cefad9b65895483843f683ce1b2ed8fa59416b05c1ba9bac7635e1aa4058c9ae

C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\HelpFile\1046\help.html

MD5 c2bdeaa46b13e3cde01e3dcaa734c0f2
SHA1 f91bb4cf0c65422a7f16d362903cc8a62e6d3b8b
SHA256 5a0802d6ca8d63d8476eec79bdbd6079a17dc149d5d8c7df13059d47bbb09f3a
SHA512 158a0d568d7c9fa4255299b317ab097fecb13a0072d19e09ef6387f75b0a847580a4c38c63618f4035698d1605f86fc40e723c74666409e0a40753438b4b5a29

C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\HelpFile\1045\help.html

MD5 9147bc24eace34955b865daa39dad8ab
SHA1 965e855533c6f247a3f4fc785b805096efc43850
SHA256 322db9ffdb987d0c824a4de3b8db40722bcaf95833dcf90e7b5f250a841e592b
SHA512 2dc633abeb49b54ee4afaa21bb9dd4d43b7769a6df6ca1f3e777b7aeeabc0b8b0df2ef405e0fe4d4deffc680fb1f3b9e4c4d03d8fb8d13fbc9b11a0711670105

C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\HelpFile\1055\help.html

MD5 c7b60e697671394781260d5b2cd21810
SHA1 71219978a2e4cd53d3d6ec2084dab672e17935e6
SHA256 ccf766b55cb0cc623f2705206a2af04f2c83801580bc40a5ac20f644b814ab8f
SHA512 65f3adb35f1580bc757d37bb458eb1b2a1bbfaffb56eb514b9ca55c663ed15ab6d3f7e9557167cdfa7e4fbd8c4ee671b9fbac20440b62f1129922e4aebf9bdc2

C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\Microsoft.VisualStudio.Setup.Download.dll

MD5 ff4d620948eba2e756b548bf413d1695
SHA1 03963ceeef9ce06cbc1db072e8e8838a3b43a384
SHA256 ce87a7f28c3a639558744e92fe5fd14956824ef2b591923b5ba8988fd3af5b4f
SHA512 053a3b0978d94788d21a4a4cfbe2c9dcebf3613760a965c0f7f28ffeafb149cefb948314812e5e885f6cce0be2cbc05595d92a8260fad9025701c2389a4c1c3b

C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\HelpFile\1029\help.html

MD5 432e50f4764d69625e5143571f823b6a
SHA1 b0a9336cb2c54aa7f65c2cd3856ae17c47aad751
SHA256 c877fe7cd9544369a42a61b5c51264d74bfca5b4bc5d4dd1fa703428261d6abc
SHA512 5818f4da7924cb49ae6606b0a8df56b9204bf9cdf11b213b5c503e11d43c3088b8196a7350a6f461ba025cb52dabbb14429a128e88cfdbb8cc9fcb7b6398a312

C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\HelpFile\1028\help.html

MD5 eeaf8cbf54b4e891ff6be38cf44e3814
SHA1 7403ea3866651a9cf02c760721ffdddca1fca5c5
SHA256 aad5b2acf30eb9c2dd35ff3b5c6c1a76cc4f1ae0ab6f382a635f5c329439f3af
SHA512 349fcea1eb09619e12815fc467f6e7aa39cf3baf8b6557d00977438f81142f27c3210492735eaf096bbb0a5525adde6c2093072aaa05edffc8e753020914a43a

C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\HelpFile\2052\help.html

MD5 1bd86fbd65d005648103e050d9beb9f1
SHA1 13cad440b20cfe8337e425430892c946731c0ad8
SHA256 740117157b31bd5c634a232a0ba98a692b28ed2b4829ef52372200eb547d07cf
SHA512 0bdb59979f5a6eca3e77c23d0d3463c9d8887c1e65bb12de3706c1a19067f78aba63022579e8ae6299cfe7b22f84c19fc947426d22d38d4d753fbda337175f79

C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\HelpFile\1033\help.html

MD5 4f7415e811acbdded478b40c3e7b287e
SHA1 d0ed04c38662f1039c40d9ad247b47dc88c6be5e
SHA256 55846d86dbe60b1b663018d72befa0f53a61d34a4eb093563b93a41b2faa34a5
SHA512 a0c38d7591347b9a4b7cd906fe95d8f479f0270aefc39d94d2c28e76e05abe337e5557d0b24a3cafeb045f1163094ac79c01a5bd11b28e4c277d430d1668c4c3

C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\es\vs_setup_bootstrapper.resources.dll

MD5 4fc3fd8d5d65de16beaa28c5617b641b
SHA1 48a4235a8f04da93b16f2a34035b8567e8ca122b
SHA256 5a0c6fadf77292c5e552dbc1ead59ebc1d653a381670259b738822924dc38675
SHA512 e02ad4c96637a52f3102505c20c83f02da916ac6c218fe42a6ea6eba3b4b61a240291099492495d20e3f3fa492405a2fce63420bdaac560e58554028ad6bb24a

C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\cs\vs_setup_bootstrapper.resources.dll

MD5 a9fc7f4de9955294d5e5f72546825a45
SHA1 ba122e5e0c31bbb08a1422307caa956f40796250
SHA256 db67f1bac2c71a3aba4b5aa21eb427d3c439015bf4cd019ce6c8444f98887a2e
SHA512 21f7fc7fed7f8aca68860711fc11103ea34452a89d7beee0e7bea5ffd3a2e3237cef72da582f0dadffee9199c75be154a61186e8a1df7297bfcd7f4326e2a671

C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.json

MD5 ad891c3b02a02419dc60db8c273a8315
SHA1 141a08ca0e25d56bdb35fc71e1c767667079114a
SHA256 186c4b16ee009564819730b358dbdbb0792fc27e602698c5f0a16e20104647c7
SHA512 64cdaf1d6d1b4072e24f3926f91103abf946ff044cda34a9070586c2d2927bcdfc53381c955e447a38965ee426373259759025f97b715158afc429080956196f

C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\detection.json

MD5 782f4beae90d11351db508f38271eb26
SHA1 f1e92aea9e2cd005c2fb6d4face0258d4f1d8b6c
SHA256 c828a2e5b4045ce36ecf5b49d33d6404c9d6f865df9b3c9623787c2332df07d9
SHA512 0a02beeca5c4e64044692b665507378e6f8b38e519a17c3ceccca1e87f85e1e2e7b3598e598fc84c962d3a5c723b28b52ee0351faaec82a846f0313f3c21e0e4

C:\Users\Admin\AppData\Local\Temp\3ba0baf7386941421519a26f\vs_bootstrapper_d15\vs_setup_bootstrapper.exe.config

MD5 72f9933c6e247a13353d9725cd22c2da
SHA1 5b76599644e7c70cd5f08e5a80cec225c891a9da
SHA256 1f423b67ee6ca6a714507ab08fbd383b6d442bd98d321f0a640d533d5a516650
SHA512 afc7b5959506d197246fb482b0a2ca8f1ebfb5957234e547151d1e7a40047a2974768ccdf5c321a984685d99d4f7a1b0fbfb7fe81c40387a229808e45814a6de

C:\Users\Admin\AppData\Local\Temp\131e6214b63b3e017ac37f93\vs_bootstrapper_d15\vs_setup_bootstrapper.exe

MD5 6bbcfe7ef974f24eca796d587456162b
SHA1 b5d5bc64550245a5e794d7e0b4d4e5a7b20cb8b1
SHA256 fc9d044385526fa086c6ef4203a5eec913f1e2f826301b5a4256d52073437afc
SHA512 d5ddf95e0449f025f60fed1e0b1a69e9182d83e461354f19916e87ffc03e5f5c55ab3654c2f67731e192747dd701540bcfd1287296c9c8d968cd3c03ab55716f

C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\Microsoft.VisualStudio.Setup.dll

MD5 d5d28455b19ad62d79bd8d599d4fee08
SHA1 2349898c05657113cf96212a17b19904310e9684
SHA256 ab86f841443e1825d918122bd1300ce56384fd8117cee1f96c05d3725308c68b
SHA512 9ec54ad3d5619fde9b2d85c38f212650d7d5abbc5f94203680499af9f753509b6624638e1b59be97588c9b52b83816b319e6715214fbd7a13dfa211fbe3f7987

C:\Users\Admin\AppData\Local\Temp\131e6214b63b3e017ac37f93\vs_bootstrapper_d15\Microsoft.VisualStudio.Setup.Common.dll

MD5 4bade82b2e754e515b43d0d8c6204f3c
SHA1 9c3cd921503aec08de934eb988888efefae27327
SHA256 3d224ed38c0c33e2815d1d441a3325a070a250c9883df0bfcb015011077686f1
SHA512 6f195adc09b13db9c0d57e0922444a476d57b019f94a1d2595d1924c1e3627d255eb5fac35c167e765c4a84c911bc8e76e965de9a799de631cdf4ce626051d05

memory/6792-903-0x0000000005A70000-0x0000000005AC0000-memory.dmp

memory/6792-902-0x0000000005750000-0x0000000005758000-memory.dmp

memory/6560-901-0x0000000005060000-0x0000000005152000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\Microsoft.VisualStudio.Telemetry.dll

MD5 903f254110813906331bef23e680bb9d
SHA1 6e4adfae4281d0b5bd0d8efd8f8eb919e974bd7d
SHA256 148081b9aaaee96125f7d2f09acffb95d7ce1c50d4e7b4b3ca8f3e372e2b8425
SHA512 150f5b438199faf8922390bc2cf93684de4a134e9c82f0e608954f02c47f630c8be22afe0349bd049bb1bc57dcd0951f9cf119713087940a769e076bae00c662

memory/6560-965-0x0000000004B30000-0x0000000004B38000-memory.dmp

memory/6560-964-0x0000000005450000-0x0000000005476000-memory.dmp

memory/6560-966-0x00000000058F0000-0x0000000005900000-memory.dmp

memory/6560-970-0x00000000059D0000-0x00000000059F2000-memory.dmp

memory/6560-971-0x0000000005B40000-0x0000000005E94000-memory.dmp

memory/6560-963-0x0000000005040000-0x0000000005052000-memory.dmp

memory/6560-962-0x00000000054E0000-0x0000000005592000-memory.dmp

memory/6560-896-0x0000000004EC0000-0x0000000004F54000-memory.dmp

memory/6560-972-0x0000000006BF0000-0x0000000006C56000-memory.dmp

memory/6560-1019-0x0000000006EA0000-0x0000000006F5A000-memory.dmp

memory/6792-884-0x0000000005770000-0x00000000058D8000-memory.dmp

memory/6800-878-0x0000000000370000-0x00000000003D8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.config

MD5 02a1ec74f1e2d09cd782083fbf92f2eb
SHA1 f993b64ad4cbe5fd20cf48849ae25836f82e0194
SHA256 79df1a0474df200a5c4098bfad7a979f7a70dbfdebecf0f0efa5fe701dbedb4f
SHA512 687e0de3ca40b55174597a0876d5415e4538c637702f52fa8656f01456554bee539af10b5e4b0158724f34cfb6f4296423b3ee5551b8294cb98c63dac463ec66

C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\pl\vs_setup_bootstrapper.resources.dll

MD5 bdbdf55ac5acadda75e93ebbcdcefcd7
SHA1 e1150ceb541cf54a0d0f5267e0dada2dee902348
SHA256 83c6d89bc3f772acd074ace0b52b13b19c9dd0b449c9a19a4fa14d7c2c60926f
SHA512 168cd2478bf0a3cbb71ca36cec109cc6e950431bbe96b562412b2ab994549f9883bed612cc0a74deb45cf82299424bf70bd9e4f4e5b473e34dda6c0c1eaa9f2f

C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\ko\vs_setup_bootstrapper.resources.dll

MD5 1f4952dad29e29101a5b493b4fcb11e1
SHA1 5f28fcc8a7410b08a3522c40004b59aa5eadedb2
SHA256 dac9f9570685279b74e517b88b9ca90aa3d3b99fb26029fccc0b9992d4265560
SHA512 d662001961182996252a92eb7a05a8133a77e9d1818ef184778c7590c6f2f45e986e73cdcfb86b6cb0dbd7275bc1ce4519b83b5ee912b1bdb4550ba81ec6ebbc

C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\ru\vs_setup_bootstrapper.resources.dll

MD5 20de8d19ae8224bf3aeee2611cf1e5c7
SHA1 7fea35f9d9e5f3cd156931155a8f0da5505f2fcd
SHA256 793d53914b75e17bff3055566c7e0939215cf1ac0864a859992dc2c4887e2632
SHA512 063c46194e6e6a5299df263279c49ff7075f1fc0fafe979bdfcf38d45eadc7a942bb16c1c0a1214ea806ceb9003599096a2e52cabfd6474919d3a537f7c73a37

C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\ja\vs_setup_bootstrapper.resources.dll

MD5 6a616a1e7532d40553a5dfd7181303b4
SHA1 bfa82ffa9dceb0eca03ea63652e26affa13622a0
SHA256 3ef3876e3b5c9e5c4c60033f611a212eb689ec28b7fd42bfa4ac27d08b6ebb12
SHA512 7650a6dea181bfb87947b35d99be1274ee3625aa8e12b0324dd5859eeabb95f5a605a7c4513baed6d9b01f8f9c69b9b57298274bca459ebe040ddd4a376a2b93

C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\it\vs_setup_bootstrapper.resources.dll

MD5 523439a1f41f8c6c524ce3cbbc6ed7c5
SHA1 e154ffe4c62fc576f3a0a8c0496cb8d7474e6cbe
SHA256 182ba7e12c77411107721396abf49e595dd9b1604229a49900236b8a814ee80b
SHA512 cf76d6fde575b813125b5695eb14b3fd84ea60c227ebce90d09cb8bdd5d5cf47a7df2ab0f150ccfe1b5685e87ef7da445205241a09c45916982187f57b9f4514

C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\pt-BR\vs_setup_bootstrapper.resources.dll

MD5 fb510464649d2f7b5121e2214a626515
SHA1 bbb5ac77a8ed7a1c044b9942b9f93a10df782998
SHA256 9f8a2bad392fe88a9a97d9484c5a03c3c3dd70a4b4c79ecec52e48ddf273f006
SHA512 3a4343ce03b754ad1020d2778d1bc781502c51c1204b05d09eb1339922351dffabcad2141ca39e211597ec29cdf7dd0670337be633645a3a5ff6d07122cc3c63

C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\zh-Hant\vs_setup_bootstrapper.resources.dll

MD5 73a69907f71eb330ebffea26d5153d9e
SHA1 86086610bebac11685f8f646d2579eda90900778
SHA256 6bfe6354a5a57d15ac1d97eeb3ae784a2c92095f45d2f5a7f4bf480c809cfc0e
SHA512 6e162b7f027ef72204ace2068f1017053ad45f87fb21b440d2d4bf41cc7ccb7b2de2b55e63050e310f5029ce40c78097308c7a59ca2ebbe781a07b09d1ae5967

C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\de\vs_setup_bootstrapper.resources.dll

MD5 af6b7872d9b6b3edb7dde2ced75e7f28
SHA1 7a6188da89c380fff520b2d9d21d54c619ac7c05
SHA256 37569429e1551e6c4fc5414c2a5c737c9894d4f43075b40eeb58e8aa76d6804f
SHA512 cffffc22cda1a0d9d150dd9b87d4c412232f283e0a263cc96d94dfaeb329ea1d0b111aebbe808b5020af7390710e2bd5f4ddb542830d4b258aaa498a5c54d3b5

C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\fr\vs_setup_bootstrapper.resources.dll

MD5 2f9099f68f30e8cc203b2cd371610ebb
SHA1 d67128c246c6ce1f93af1802e8220ad8755bb510
SHA256 389902ab84511eb0f527da87ab52bdf9be9a6f44d21dec8e4fb1011e998b0099
SHA512 f7b25a7d475f227e0ed745b0a5fe9779bf447ba7697da7ce99e7ac12a322dbf266a9ca2e5052069b0c99c665dd107dc95547083d888536735d32f127bfa488f5

C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\zh-Hans\vs_setup_bootstrapper.resources.dll

MD5 e997c076661026181c9527921d480c41
SHA1 1386ad5d62e0ba065e43d0e1ff72d57d6d45e70c
SHA256 9caf736134f72ce916367d66a1d5c4e80c43850203dbc841166756213702639e
SHA512 dc429fe580a913ad7d3370488dcec6de83b9fda82e6e2444b1dab1934ea0cf81a4fdf347d0292468072937c6db7f92f64cead7f9704b6c63a78fa81623d9a732

C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\tr\vs_setup_bootstrapper.resources.dll

MD5 43be7c3cccdec3a5475e613a47f61578
SHA1 971c6d7cf60638d31d924efd267bd4c9724586c8
SHA256 3bf97c53ef37ddb0d1f6d02e1ac9a7d8f42c31eb4083801e0545ead28e09ca76
SHA512 2d041d03e2988a5ec818a76d072c232ba413d6cc8430ef90a8b5a2b951a2484a458c117b51a740568c7916c7e2652ef2fd390ffc4dfa8d0bb4d96aa53f6035ad

C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\VSInstallerElevationService.Contracts.dll

MD5 da2cdc564df4ee0fed7e1527c553c801
SHA1 81eb6a43beede788a279779cb2be5660b9346d44
SHA256 58a0c79bd537c9673b73062a0e014601ce60baa4c5a9ea314837c2ac42241ae7
SHA512 6c42cb1d1c70409895c47f3beecc9514ccbce8fdf4596d8032183207dbb54c0291bbe240fb2dda3490d4507e51648d5df38b8ef8c5df3dcd256317317784d4c5

C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\System.Runtime.CompilerServices.Unsafe.dll

MD5 c610e828b54001574d86dd2ed730e392
SHA1 180a7baafbc820a838bbaca434032d9d33cceebe
SHA256 37768488e8ef45729bc7d9a2677633c6450042975bb96516e186da6cb9cd0dcf
SHA512 441610d2b9f841d25494d7c82222d07e1d443b0da07f0cf735c25ec82f6cce99a3f3236872aec38cc4df779e615d22469666066ccefed7fe75982eefada46396

C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\System.Memory.dll

MD5 f09441a1ee47fb3e6571a3a448e05baf
SHA1 3c5c5df5f8f8db3f0a35c5ed8d357313a54e3cde
SHA256 bf3fb84664f4097f1a8a9bc71a51dcf8cf1a905d4080a4d290da1730866e856f
SHA512 0199ae0633bccfeaefbb5aed20832a4379c7ad73461d41a9da3d6dc044093cc319670e67c4efbf830308cbd9a48fb40d4a6c7e472dcc42eb745c6ba813e8e7c6

C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\Newtonsoft.Json.dll

MD5 195ffb7167db3219b217c4fd439eedd6
SHA1 1e76e6099570ede620b76ed47cf8d03a936d49f8
SHA256 e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d
SHA512 56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\runtimes\win-x86\native\msalruntime_x86.dll

MD5 24178f8a52b4ca98d9b928e2bca7b43e
SHA1 c731ebbda1a3b8ef4274c8ece233e6fbe9a91b80
SHA256 23f826bfe027ba35aef0610f9a55fefeab868e831bed65ab284e9d7a83c5e7fd
SHA512 a8f0d7069de8c20daffe4bf66746a594466f3a26034ca7127d5bb202693f507bf38e99b5924d4f932504dfd503bd904fdabd061779690c0f758fa2795e1ca307

C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\runtimes\win-arm64\native\msalruntime_arm64.dll

MD5 96221a9536911bb7b04b78f0026b9439
SHA1 208d52ab83b1ee7e368c4ee4ad8c257b96a228ae
SHA256 a7adf1c32576e2350a692bbe575c6e47dbbc252bc7d3fa220d76635e08017966
SHA512 68b9f2b13ba79974c4b363104ee443fea7c5ca1cf3eaf8094149ada7488651edad9c8a9dad7c2ab70d41b9d58cb80b4410b80630115ff0d35a4378854788972f

C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\runtimes\win-x64\native\msalruntime.dll

MD5 c4b719fcbf6e1a0929a0e0fb63238f04
SHA1 a80c8f75053217c9ed6372ade34a9dad08bfae93
SHA256 e27d3fe39da1d019c3b419229c70798cab2ef739c2ff57d0f0197e203b7dd0c1
SHA512 ab13a2f1fd234d0e0443cd73c9e4ae67b4bd5b1d5a670b6ecf5a572a76a2c02db006412b7798fbdfe72ffa9c1cc76eb151735a00f7a06ce3b9c6f19c8b041c57

C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\Microsoft.VisualStudio.Utilities.Internal.dll

MD5 2dc1dc66b267a3470add7fab88b78069
SHA1 dbe80047475b503791038ed7e47389c062c15c72
SHA256 b044863f98af8d28f4f2f5e2dccb945c57439e1575afb37110e1eec306a6c89c
SHA512 44ef73aab50dcc13ccd94c0353c366818afb27ce73772d722755b04add0c4f294c7814c84da6069d9aa6136f2a48683c25062dcddd1664e8d32fed1b38ceca21

C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\Microsoft.VisualStudio.RemoteControl.dll

MD5 355c1a112bc0f859b374a4b1c811c1e7
SHA1 b9a58bb26f334d517ab777b6226fef86a67eb4dd
SHA256 cc52e19735d6152702672feb5911c8ba77f60fdc73df5ed0d601b37415f3a7ed
SHA512 f1e858f97dabeb8e9648d1eb753d6fcd9e2bab378259c02b3e031652e87c29fbabfc48d209983f7074dfc256afd42fa1d8184805534037771a71db517fe16c8b

C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\Microsoft.IdentityModel.Abstractions.dll

MD5 a11bd4da1799d6983a662073ce40281f
SHA1 6e85aca84bb83fd356a5f3018351a3152c696cc1
SHA256 d3265f1cab1188ebac29c78e0f114ff3a0b2701c8a2f5442bd4080afe92519b0
SHA512 424bdb2db612da935c570fed005de6cc2b0bb718c0e9c9c6942b0658169a41ac0ea1ea24a4542f7181c4ab102d3ca9190de695026304c834987e32417ef82825

C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\Microsoft.Identity.Client.NativeInterop.dll

MD5 dd37abdb7a4b5eefafc7f153fa0e07de
SHA1 2d71fee552d4fad97d93fdcabd08704c5d2b082d
SHA256 00eb9713fb3d0215106f948fa3051246f4e16e2527b3c055206f3333205e5fe8
SHA512 609194ba7c4ac726cb83af23a70add8924c83017f2d0a3644fc29c2f26ad2ab691e727995a8fa4985e67ebc80b95a6f93aebbd616cda6f740f6da90f18e76e3f

C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\Microsoft.Identity.Client.Extensions.Msal.dll

MD5 352ee196cd65c98b729065aaf6f5c9e3
SHA1 5da4c568740c6c91e02ef0e9e1dac38c52ae33c1
SHA256 6ceaa8b598e7985d5637ab1659566dff9c1fda37edf0f044759b56444f739018
SHA512 db12aec8d7e230994e240c7b7fedc5420d3415ff199cc6279b8ae684e81681e139d562d9de39e4eaee1879fbe7a83eef5204e7e17ad475257853519292e107b4

C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\Microsoft.Identity.Client.dll

MD5 5b4952b8d74c11bbd787e480595012d4
SHA1 7fd1411f4ba65e0ffdc706ffcbfa7a99ca689422
SHA256 bcaa10ede80bd7fc552f6c685dd5528a99beac2e2a60c5906d979fa6200127c5
SHA512 221956e8c9137dff1001a5756dad32f4ca672b6c9ac3140088d1f67d54b39184863717c53b512fe675a70d0919a36f1e38be434c336e589b771f3f5051e3e08c

C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\Microsoft.Identity.Client.Broker.dll

MD5 0616c47711cd8e496de1cdf7a37dced9
SHA1 0540a98ff83cefeadc6017b2b9619646d8a3d1c6
SHA256 2f8f83d478736eddf80d531b5772af61d4f70fbfada671c9ec3d16e1cebd7ef3
SHA512 115c05a679f7cdbc8b9f7f55f28058a04c4d877502bcc960fd4fbcd471e4428e40e854530e12bf3ea5ae55bed081da4e41d84dd2ab3ee84627bcdfb87a3a45c8

C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\Microsoft.C2RSignatureReader.Native.dll

MD5 3c936c43ec8504458ffb250f51001e4e
SHA1 2fb2e612f53dad4b090d744fafb899d9c15dbf14
SHA256 aade20e7cb8fe8b6e148369dc4aafe59d696a1f03a7fe5ed724bb6e61c7b4757
SHA512 ff72165d3840080227aea368cac76de33ba88ada73c8b0267c18c09b62677bb0d5bdfde8a287a3986b9e5ff732f7e9647b16898753860bcd19e45d153b912840

C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\Microsoft.C2RSignatureReader.Interop.dll

MD5 e237f055c57e4320755647d6e752fcf1
SHA1 789861d0ab7fd408872f9d4b374615366c8dfbe3
SHA256 8e393ca9cbc9456ce0747d5003c70c2e13792dc32fc3c00927afaf312d25877e
SHA512 850bbc16d516a58314856199d8da63c8a7f4ffd9268b09c041c8f8172ebd535ccccd8eb10b6ce04855eeb45893971c7c125344dcd17c69676ce722a05e96abe7

C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\HelpFile\1049\help.html

MD5 66d963430209555cdcb8a5c0219bc60c
SHA1 b20a6cfcb7a8991d5d347382408e2a4f47d97df0
SHA256 d9ab0a8db5a8409c5849aa4e1512576225e5b320ea79b0cdc83c2b4848401611
SHA512 62658581367de57df6be2521b876b6347658f81fc962bb3274b5c9c576ad94561aaa5352b3440d05f85e79c9b334381cb637e03796662ef2010f8cffabf9fd2a

C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\HelpFile\1041\help.html

MD5 92e54a7db253a0a47c03b44d9651df3c
SHA1 fe708e0ac308b7b72cf1bd7f93e2965a67b36ca7
SHA256 36c917f205a9c9d5f37788ca45ecd57d0f8eeb498f8320849bbedf49e012e9f9
SHA512 8df1acb2db601f410d765a59941ee5efad1d881defc9b2a7a02cbc77cfe901ea087cb9134e8c68f4c76d6a410c35e9040d6e55747dea3cad6c6e21da5622045a

C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\HelpFile\1036\help.html

MD5 f3f48126539e0ba3a98dd002fd224c3a
SHA1 bf8079c93203a9778e44785a449a46729ba3c016
SHA256 7a13a7da236e87310b88e620520c8dab78f47210c57e1fabbd1ac3162215baeb
SHA512 25a9a2ef201dd5bded852f6085f424d82eb1f0a10e675300c29113bb190970ceb0d28b4561ebfc5702ac56b16f9e176173b600e3e61f03566ebcae4e9d5ccc6c

C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\HelpFile\1031\help.html

MD5 6f489a55562732d253ad828581176a9a
SHA1 6177fb738adc650c574d5b29965f3c88ae3518d5
SHA256 9502ac0910bcee0eb3123f7b68a605d71c8df72fe7b33f4173afb4a01390581a
SHA512 0a3c3a51e09ca5f22a92c9c8cc0bdbba2fefe2370479026044f7703c0528c409a2816318fed921c4d3025d27ec535a6ce1bdbf61a7d009ae9d40ba2177e5eb9d

C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\HelpFile\3082\help.html

MD5 0474106ac825b4f7727ff94576fc15c2
SHA1 ba346d0ab401dd35d6a7305414c4237177031a68
SHA256 a597aa82f35641455e12bd78662a05142f64bc221ff91d4ec4f2a8fa2983297f
SHA512 253b9892b92ffdf22fe2444065739368749d6075149d4c647fa89a21ea0324fa4aef8af32338dc6ae2eb365ecd0ed1f87cfcaafba9da29009925f92b3fd7fd23

C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\HelpFile\1040\help.html

MD5 88289fd0d816a06c1a7b303397d0c122
SHA1 df516cbcde29787ec24a8afc744d20f0156d52ca
SHA256 df46ca96704cbef3b79e0aa7a8b8239e7acf12899b6c02a063f138c1f0f9fd34
SHA512 135d6bbdd528048a1c5f000a14cf014dfa43ca0bc9e5b4957c1d83ca236390090f42861ad86731f500783f4af2fd693d6141d5d166908c9ff77ac0ec33ec0cb2

C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\HelpFile\1042\help.html

MD5 8125e76142c8438863f35ce5b8e63e57
SHA1 88c104928f0889b2f0565e3d07721e3209995eb9
SHA256 929a97c8a9a4ea4f72e2f17dbb20e76e604b7f1255f20874aa1c44aec0f456c1
SHA512 a6a3b8ad6500ade7d256a774b8d12d07b8596b4bb92aaa849f51864550b16248183b85fb44f7cbc819679265ce04f0614ae2dcf88d496009d1fbdec75b3c4447

memory/6560-1030-0x0000000007000000-0x0000000007092000-memory.dmp

memory/6560-1031-0x0000000007650000-0x0000000007BF4000-memory.dmp

memory/6560-1032-0x0000000007630000-0x0000000007638000-memory.dmp

memory/6560-1033-0x0000000007640000-0x0000000007648000-memory.dmp

memory/6560-1034-0x000000000A600000-0x000000000A608000-memory.dmp

memory/6560-1036-0x000000000A3E0000-0x000000000A3EE000-memory.dmp

memory/6560-1035-0x000000000AB60000-0x000000000AB98000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 113f8829e5469dbc13caf775f3549d13
SHA1 6ac3d95b2274f16ec670f3ca223ff7fd4516b065
SHA256 8842bc23f1f8e6ca95718b0a4b13406a802a3f9ce87be1388926b11d5c51db68
SHA512 2c2b882dba3886b44c6820493118708107c813c6242e4425dbdca2083ab649789e069e5b6432b1e9895c36b3bed90dddac0b4e3cd2ea071b70e8260636561c24

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 788e5d9bd679fd2ab473fd1b82539baf
SHA1 dfd6e688d50848479255bab41468a7a2f0e31226
SHA256 f1b2b0387ed9fcf4bdbd3563e1e4bbcb43f069eeb00bcec2d1618ef8a6129084
SHA512 f88d2abc7579df462f089f7f0ddc4792bde6b71dcddd07826118c87a46e7953ca603f87c389968018a27e89d303ff059f58456ed89ba753a295b75f0538beb68

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2c8e4ba6ece76244665599f452486b29
SHA1 41aed0e0ceb4b29789fd8e925fd3bab104067e96
SHA256 6dc36c7952fb41140215244a451f6a22dbbc23ad3a88ce204a493d71c95cbb29
SHA512 8dd36a0dcb1237f4ed9d0027de12f6e632d5dcac4fb2906713107cfa84a5002d83848a19fdb13bead9c2f906a231b4283602a9f15f6d28a81d573907f71f72be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 44f5c2710e8ab3820a79f67fc181786d
SHA1 c9852528fbf1628fbf1a65a320a3785f906fcddd
SHA256 5fcf3313fab047c0f05db858efa0301f2828ef85f680b3549227da8bbea80e90
SHA512 a5efae33a1e409489c8a6d1201a488eb0f0a5cbb7e4d1be165b0a10a62cf4c5a0a6e67b61652d4d9f71dce21953edcf1beb6459d4235110054b66d606f1f5cc0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ad1de141efb3ad47c6ad57cfb9f125c7
SHA1 f52034d7921b5c2f1b286873a1a994cfba2468d1
SHA256 17873c3d93161a0c9f65ba12829655b22257a9cc8cdd4c12a0b55a50ecd39000
SHA512 0f294cb1f2d1387558ffc4fa359d478f686183edec7768a1931f707d62e8ac8e9c7cd49b6b58207649b751a532971f782ca237a8ec619b6c297747a6db7b154a

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\68XY2BI1\dyntelconfig[2].cache

MD5 6d0fca79faea45342ac7d8c5ca14a3a8
SHA1 c0644691358a5fecb088d953b39492083e046daf
SHA256 32353d84410361ebf591781f5d5e0ba180a0fc3d1dbcf7e2f0000720248d3e43
SHA512 fec2d4af958badd190c6f36e3dc44a22fa8be4f65bbdf01adfabbcc645c0b19ea9f8158386cafaeab8f651baff5515582bbe1b20f1b635442960f80cab8b33af

memory/6800-1186-0x000000000BAE0000-0x000000000BB30000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\eunl3jxg.json

MD5 60b79e17d692c0e208824e71255869c9
SHA1 7da721dc9965d5661ba7d60751d05723dea4e3f1
SHA256 82da867a24c47e9aa24736abd8debb40a73d801d91bba4f773288ead7820d966
SHA512 d7178f165c6be534f92a5c6f66877d4a291279c0655787de4a469e81e5491dc0a680b4aac646ad3dc8b7e0cfd6e58b84cfc9f96b61cd88e76e70a4f72626f000

memory/6800-1187-0x000000000BA90000-0x000000000BAA2000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 958040cc190f3d7bebe0bc5427524791
SHA1 01df1cfc88d9b2633ac3bed5a4588141a94a83fc
SHA256 7c1510c29b3e316c13b39f1c60dde96aba84ad38ba14d0af97236b984a354ba9
SHA512 570ebb21af7f11d16b14593e751a571d39f2f5a6ee6a4e08eccf47edf668b68dfc411302f5b5e066cb2b566b753a2fa37003906a279b7303ebc1e3ca8af12f66

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\5c3b3d6f-7170-4881-9914-163040958347.tmp

MD5 74efb0c3a495a269c6537cc902280e85
SHA1 8ce0b7513d015b4041796de7f730ce45deafd844
SHA256 60f0cb1daea0d63e1eb0cd789421833d0a3c28ac3cca4d8cf1149fed33de4517
SHA512 89b72f3576ca30222169ea79c5831f901b05b8b3720dbda7efc6e7005f0e6d2382603532fec03fca9fe16ec61b08030b6bf672dc796b49d9325979eb80eff2b2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a63c321aa4c1a465018928d541084375
SHA1 9990533b7611577b540cd74c51692806449c09e9
SHA256 90c8771ef22fd2a9672c2a928bdd42d59085f3829ff5ff4792aa54da967656e1
SHA512 d770add10c987ca03c11c6e90cd4df70e99c01da6fcd76aeb35ea7ea26190978c89dd037da97b8a55799c7df2705faf8cdb3608e58c039161297072b6316b761

memory/6800-1230-0x000000000AAF0000-0x000000000AAFA000-memory.dmp

memory/6800-1231-0x000000000AB60000-0x000000000AB82000-memory.dmp

memory/4504-1712-0x00000248F0F80000-0x00000248F1276000-memory.dmp

memory/4504-1713-0x00000248F3890000-0x00000248F39F8000-memory.dmp

memory/4504-1714-0x00000248F37C0000-0x00000248F3854000-memory.dmp

memory/4504-1715-0x00000248F3A00000-0x00000248F3A9E000-memory.dmp

memory/4504-1716-0x00000248F3B60000-0x00000248F3C12000-memory.dmp

memory/4504-1718-0x00000248F3AE0000-0x00000248F3B0A000-memory.dmp

memory/4504-1719-0x00000248F3860000-0x00000248F3882000-memory.dmp

memory/4504-1717-0x00000248F3AA0000-0x00000248F3ADC000-memory.dmp

memory/4504-1721-0x00000248F3770000-0x00000248F377E000-memory.dmp

memory/4504-1722-0x00000248F37A0000-0x00000248F37BA000-memory.dmp

memory/4504-1723-0x00000248F3D40000-0x00000248F3E32000-memory.dmp

memory/4504-1724-0x00000248F3B10000-0x00000248F3B22000-memory.dmp

memory/4504-1725-0x00000248F3C70000-0x00000248F3C96000-memory.dmp

memory/4504-1726-0x00000248F3B40000-0x00000248F3B48000-memory.dmp

memory/4504-1727-0x00000248F3790000-0x00000248F379A000-memory.dmp

memory/4504-1728-0x00000248F3C40000-0x00000248F3C50000-memory.dmp

memory/4504-1729-0x00000248F3C20000-0x00000248F3C28000-memory.dmp

memory/4504-1730-0x00000248F3CE0000-0x00000248F3CEE000-memory.dmp

memory/4504-1734-0x00000248F4320000-0x00000248F43AA000-memory.dmp

memory/4504-1735-0x00000248F44F0000-0x00000248F462C000-memory.dmp

memory/4504-1736-0x00000248F43B0000-0x00000248F43F2000-memory.dmp

memory/4504-1737-0x00000248F4310000-0x00000248F431C000-memory.dmp

memory/4504-1738-0x00000248F4630000-0x00000248F46EA000-memory.dmp

memory/4504-1739-0x00000248F4400000-0x00000248F4408000-memory.dmp

memory/4504-1741-0x00000248F4430000-0x00000248F443E000-memory.dmp

memory/4504-1740-0x00000248F4480000-0x00000248F44B8000-memory.dmp

memory/4504-1749-0x00000248F4840000-0x00000248F4890000-memory.dmp

memory/4504-1750-0x00000248F6E80000-0x00000248F6F2A000-memory.dmp

memory/4504-1752-0x00000248F4890000-0x00000248F48B2000-memory.dmp

memory/4504-1753-0x00000248F6E20000-0x00000248F6E70000-memory.dmp

memory/4504-1754-0x00000248F4820000-0x00000248F483E000-memory.dmp

memory/4504-1751-0x00000248F6F30000-0x00000248F6F8E000-memory.dmp

memory/4504-1755-0x00000248F6DD0000-0x00000248F6DEC000-memory.dmp

memory/4504-1756-0x00000248F7090000-0x00000248F718C000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0d9fbfff3d5aae061d52623f5604b67e
SHA1 2f157af098d1f3e0d86b695617c92ab6385e5ae3
SHA256 11d9747885c494702d29d6f1809621ad72d845eda6a20ba680f53d88ef5c9fd2
SHA512 35922d8adc2090ff526f6ac2d6d5bb797ee5140873c0c7d983a5e36330116527a1785a02284d05eab7cde4ffddbe81082c70903d73370108fa67579f6ab9cd9d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 09a0e5ecfc195309c001bca1d8531a1b
SHA1 95205df7a32ca26eda3b4ea6551df1a6f78f7769
SHA256 70e991b7cc077761708b2e2099ac839698b56716f5c0d0b9585765e62a57b6a7
SHA512 76e1b31b417929a8d105d358f99ea1d310e792ea0c5d82d7f584a763dffb7443d890d3effc0781edd6d91f5c1cadee0bcb33098c87ba53fcbf4d1929eb276b7e

memory/4504-1774-0x00000248F6DF0000-0x00000248F6E02000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240823052857_c934af26616e425984371a4038d5db16.trn

MD5 fd2734899c6775db4db99ebe3b33629f
SHA1 ca0cd5521d82efd24708ac0107db0ccd7d76fc26
SHA256 4cde2ae2baec17d99405affb6217b28f58b8ddb34f79195e42f6b5d6d8640db9
SHA512 1c1c313604590de7c81036006dde09889398d779294ae2f23cd1796980af21d3bb3f74f3aa0a9f0e85fd203949d4b8266be1bcd0b5fd1a53fb607b1754354f32

C:\Users\Admin\AppData\Local\Microsoft\VSApplicationInsights\vstelAIF-312cbd79-9dbb-4c48-a7da-3cc2a931cb70\20240823052858_13f8ae18b48a472aa64a1e00c2d22921.trn

MD5 4e7856aa87ff2e60aca4c56f54945533
SHA1 92c526f442788b5949d206a7c7cdd7dd8d9a4093
SHA256 dc4fa0f71f2cb6dd8c4a452f903d3f86fa41d561c4e44c06226a764541dcb107
SHA512 be654a79f8bc873fc96936eab91b942f68b10351f571ab9f5c3b71edb92f26c1b65e01790956a2e66771904a0044bbcb1a12bcbce5eca8ecb47875ad0d1ac8d9

memory/4504-1793-0x00000248F6E10000-0x00000248F6E18000-memory.dmp

memory/4504-1792-0x00000248F4810000-0x00000248F4818000-memory.dmp

memory/4504-1798-0x00000248F7BD0000-0x00000248F7CA4000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\x2wcqed2.gj4\cvq2xdx3.json

MD5 4a008080bbd2cf26a9adfe7483ea9387
SHA1 23d39850ea55c471da3dcfe4baface62aed53d22
SHA256 e5085ecda7f5fc5b5011e8c64144c7d6eba1c1d8fe1ef6244637cb11a05f6ed1
SHA512 2fcf36f84a0fafad169cfdbf712978fdd71e292ee8e40d7760ca00cb8770725135da319a99c089b4fe1ec5a44e13575e9ec3d81d3918afd149f658a9ba4030a6

C:\Users\Admin\AppData\Local\Microsoft\VisualStudio\Packages\_Channels\13adb548\channelManifest.json

MD5 7b9135b566d33c574a50f6cfa56ea8af
SHA1 a8a13de1d2c771c3e4bd27b33146707ea3f84230
SHA256 f6d7735df5039096f95fade1e647cf6cfe44ab7738dcffa72af4aec6f5e166e6
SHA512 6930530764ca0490ff5e8a5aa7a829bd01478af26a0fc24d4f908c262f7f4254d0c56617bb8b75052e3003ef69c69e374bc8ea0a9b15071c04e0582a49cbbb54

memory/6132-1972-0x000001C080E20000-0x000001C080E2C000-memory.dmp

memory/4504-1988-0x00000248F85A0000-0x00000248F86D2000-memory.dmp

memory/4504-1995-0x00000248F7B70000-0x00000248F7B78000-memory.dmp

memory/4504-1997-0x00000248F3090000-0x00000248F30A8000-memory.dmp

memory/4504-1998-0x00000248F3080000-0x00000248F308E000-memory.dmp

memory/4504-1999-0x00000248F30D0000-0x00000248F30E2000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\VisualStudio\Packages\_ChannelFeeds\F4D08EA8\channels.json

MD5 92cff2ed765026e74cf6749269fe946b
SHA1 9a44a54d6bdd1f1978951cc53e57df051c12d0a5
SHA256 bc4c79576ee184f93ec0cea3e18a9b0111f078e3be37accdfb6b347ea546935b
SHA512 ea7f4058eaa71b64c6398aee7cfd72d22789317e0ab85c0d91845703d68133577c3c6673c6417a1ac5a552d3b5c940ba9649563e63d28681db5f35d5e0b39246

C:\Users\Admin\AppData\Local\Temp\vo1ykc3b.mia\0wxxldzz.json

MD5 65ba5aeacb43ced17cd76efdec9c0622
SHA1 407d7953d6ba3a9f48f55e304b0299a75db4ae6c
SHA256 cee8e10e758c07c8b7aed3c0c1ae356dfc01370865e1692e3e290d27a64be29e
SHA512 bd0152ce6cdaf6b9e78b2f4a44474e76ca03b6aede51d6811fa12b3a56cf6d4730ef3c504fc7c297c49fd595ed92fceaf6e082fe686a863dd5a438064113787f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9754775e5c89116218c8da54a202f3ee
SHA1 b8a16115ec0c26b8add067ed415223d8466ac75d
SHA256 fc1e9a7379895630a1a9c12573c4b0893ab21bbf2c2ba2aea0aecf30b29009c0
SHA512 43692cd101c47a08b203cf78fdb8238721ecd77d75a6efd2bb3a594a75a1de03134475c4aa4500ae5eab5c85725824d34db7c2af915c3d7d8208a70109d91c24

memory/4504-2080-0x00000248F8760000-0x00000248F876A000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\VisualStudio\Packages\_ChannelFeeds\F4D08EA8\.updateUri

MD5 e3c9f3c009c49e91b372ce3be05da610
SHA1 df98879fb7402b9b08bdc18fc2f3d4d5ccec12cc
SHA256 f4d08ea820b816e2822bdd3351613ed185e4e36503ccc348f4a8a7957fadfd6f
SHA512 444aa325d744a7fbcdc5a48cd7b51814e3cca5caf58b0e16316e015f898773a5d3476059399a704a9b4dc6350d06430ba42a78058f2cd8c03669147b346f22ca

memory/4504-2084-0x00000248F87A0000-0x00000248F87C8000-memory.dmp

memory/6280-2085-0x000001DB65170000-0x000001DB651AC000-memory.dmp

memory/4504-2087-0x00000248F8980000-0x00000248F898A000-memory.dmp

memory/4504-2086-0x00000248F88C0000-0x00000248F88C8000-memory.dmp

memory/4504-2088-0x00000248FAE40000-0x00000248FAE7C000-memory.dmp

memory/4504-2090-0x00000248FAE90000-0x00000248FAE9A000-memory.dmp

memory/4504-2089-0x00000248FAE20000-0x00000248FAE38000-memory.dmp

memory/4504-2091-0x00000248FB390000-0x00000248FB422000-memory.dmp

memory/6280-2093-0x000001DB654D0000-0x000001DB654D8000-memory.dmp

memory/6280-2092-0x000001DB654C0000-0x000001DB654C8000-memory.dmp

memory/6280-2095-0x000001DB65A20000-0x000001DB65A4A000-memory.dmp

memory/6280-2099-0x000001DB65830000-0x000001DB6583A000-memory.dmp

memory/6280-2100-0x000001DB65840000-0x000001DB65848000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\h0kov1no.ztv

MD5 fc30061d3eb4ef5cc1abdde06a76d6f8
SHA1 c2e66013c101e7e4cc82c06213e63c5c4bb334e2
SHA256 d1b50fd4dd343112dd4efd867b682de7742d5cac20743218133ced7462635065
SHA512 6f327af1ed4522b66467c675fae879b96de44de0640f2a4a9906ceda6459c27a7c0f272dd554fb7a4ebe1b5f3ad8200f637a3e74592e31499592b8f844444bc0

C:\Config.Msi\e595e27.rbs

MD5 9908d2f56dafd4cc0706d00cdd179648
SHA1 e9c0e7947e10fd8b001c49c2c9775a83e1aa4448
SHA256 b208046ec600145c60d3635e46e9b2d4f14ab946f4f3cfe39ae6ba25d9cffa93
SHA512 8a11be69930acd3bd316cba042c04de43b5615f36c64aa052c8c0bfe0477ef9b622687e2688e72cb40a64281d631bcadef2c8474e306643c8a628debc398ffcc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 68e3df4b4e1736f1f3669c13efcf5a55
SHA1 3fabda1f8ccbf3b916309b93b543c761cb40f762
SHA256 aa646a139a6f40f65ebade17dc4834e065a07c00f3aa545a6b3e9720f1754064
SHA512 d19e1561b5d28b1b24b1996e3f9cdf24abae60161c7e3741622a389a0752ffb9e5df66c5f27969d35f7404213cf1eb3a8c4da3e65daf1a25355dcc0c05078cea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2697534590fbf6e6e9871410434ea615
SHA1 403269b8d70efd8e9fd9013d9dbb8173119d380e
SHA256 901d39695bfc4d0135d2fbeaa8f8bfc64eeb99be6aa60c0037734625ac67925b
SHA512 f178d58e3cd49b52b0474af14d0083a92609ded51dd5a3abd3b51bab6b1e201fd4d9a3ea6e2206a71cf5185a656634f2cd7c6e6e040e890b09aad6bf18c973c5

C:\Users\Admin\AppData\Local\Temp\jgokzb0z\Microsoft.VisualStudio.UIInternal.Resources.46C807004130CA1E885B\Microsoft.VisualStudio.UIInternal.vsix

MD5 12b8e5d846b56c7d4a314604980e67b9
SHA1 b75692be26a555628c83524cf2376c28b59f289e
SHA256 cb29f4e0ded2dae7543e5afe5f17c49a3ad882c668359f48bd590ab6992e1e8b
SHA512 b5da66d7eeaa63a3d65c670d32e9f0a35aa2189b96baca9b64dfa7d67437810c69b02c5f9b3065100da610d9658fc05b8b09d2374dfd0d8b609bd73da5f00c7c

C:\ProgramData\Microsoft\VisualStudio\Packages\Microsoft.VisualStudio.MinShell.Auto.Resources,version=17.11.35208.52,language=en-US\payload.vsix

MD5 745a46443977c672beee5742beddba84
SHA1 98602365f7b9c3e185835acdb9aee2f2a24017f2
SHA256 c00253aec3ea2a86878dd8e91bd3be2269f4886886b7efcc93e62c5ba4ffb128
SHA512 7cff04d07e89e7c0b34884cde3ea17f1c00ec1a45d492c12f15db9f3bdbf24c664491cc51f5ee29cd7e4f30a2705ef2dfa2df53f9525d4a322cd1bed1d4ab168

C:\Users\Admin\AppData\Local\Temp\jgokzb0z\Microsoft.VisualStudio.MinShell.Resources.x64.13834BE7B1D04E65354C\payload.vsix

MD5 72c34d80ed3e7f67a4a623bf71736775
SHA1 a29ea414bc7745d18ac83ecfbd268bd7b015b902
SHA256 bc1ac75caee2417fd6d3db8e06749b3436f422b20d3855035828d9e4909d81c7
SHA512 86f65555c92e3963f4e638a0102f9e0e925be2a57dbb3ca2b75d29ac3c4b6d13d76d86c6c299862f2d7dfb5c7dc9df81283b592ce4130d771d8ecb8a6417b8b3

C:\Users\Admin\AppData\Local\Temp\jgokzb0z\Microsoft.VisualStudio.Devenv.Config.8D5233B850B22161F07C\payload.vsix

MD5 610124ae4dcba3afde6c5c15708cc9ff
SHA1 7eada08aaa60be0ffcfdd52733f721ab442547f4
SHA256 76b9c94bd6dadaa58304323f87b9d7760ccb56275411df74bf8ee910eabf81ee
SHA512 13998a963001a10b6695525e3d75b52735c6adb1c6c643ed384839ab34475653cca5993f3f825763e3548cbd173dd0defa131231194807dc38bf526de8038245

C:\Users\Admin\AppData\Local\Temp\jgokzb0z\Microsoft.VisualStudio.NativeImageSupport.D38C44C53B57A0FCCAB4\payload.vsix

MD5 b31e3ca30830633f6abaca1e9bccaedf
SHA1 942748833aa4ba1f0c81da5f9037623d0c929e21
SHA256 e9302b2dd81d6e08f3a1e1a757b21c2f2ac3196ba6e00d4d70d8c252afa0366b
SHA512 d2b030101a88f91de19005b86adfb639421a9229a28a4f13d352ca3e60cdca746d2356b78af0679e30ca319422c575ced83c832e5da9d3a323b6d06dd1dad95b

C:\Users\Admin\AppData\Local\Temp\jgokzb0z\Microsoft.VisualStudio.Branding.Community.C1F1038951DCDCF800E1\payload.vsix

MD5 e2f1bcb1753571fc3f079d324f21bd63
SHA1 948151dc3bc1cba13e939512c004fc00f20cbf6a
SHA256 bed2bb07d582449cbe6793fb4d9b9e1a8c52294bfd819cdf2eed3ee70b8430d1
SHA512 8b13b6f924696d74a0d4ab19da54d53220eba5f931d1b08aa23ff064716d389f73148e4d8345e2463186eca6877861edc9ed072cffdb8e7654e580e3a4aecb33

C:\ProgramData\Microsoft\VisualStudio\Packages\_Instances\9b837ea7\state.json

MD5 551678080c7fd5c8b118572f69297ddb
SHA1 046e7291bb85e7d3ab39247caa8e599ff810e0f3
SHA256 9a63fa2ebb73ecd46bff500ee206809186e481dcb02472f396af9814d63c3f75
SHA512 174913a4dfef31fd0e0bfab54219a00ec6f1b7429e6127b6fcb27a2e83fa2a3301433a28ae4261b13cc2d92f105d3b1a3304560718ddbd728e57f69372fe08b0

C:\Users\Admin\AppData\Local\Microsoft\VisualStudio\Packages\_Instances\9b837ea7\state.json

MD5 f9c08b8d61000a54cf3e98986d1233d3
SHA1 9c9f52d8f53a89ac3b91cb7325faca64765b76f2
SHA256 7099467e63e63dc986c43e930436079d2d1896a4c767aac7093c5d98185ebc5c
SHA512 a61e3cbb63463e1b4af79ee679bb654d7c4045d32463c51db0973d6082cf6f2bb7a2de9f1814736b57c35f4978bb0e1700c863910c5b09375edd16d4d91586a8

C:\Users\Admin\AppData\Local\Temp\jgokzb0z\Microsoft.VisualStudio.ExtensionManager.Auto.031A045E57606EF777E9\Microsoft.VisualStudio.ExtensionManager.Auto.vsix

MD5 e56f2eafc4f161cea6eae0340ca73d8a
SHA1 80344d2073e25204ee756399972ca41ade5b5964
SHA256 d7d844d8da97c77247a44748796c4a62098ae555de4ab46addd51012628dce4e
SHA512 0309c5fe8f23be8be6afe794a149a891e08023290e7a54f0c328495b10ed3b7b9d72a84b611e27cb333903951fd3f48a6d2e6310f89506b8f3d2ae6cee39111a

C:\Users\Admin\AppData\Local\Temp\jgokzb0z\Microsoft.VisualStudio.ExtensionManager.x64.3428329F9BDF75798AF7\Microsoft.VisualStudio.ExtensionManager.x64.vsix

MD5 ab955c074d211b2529dc05dd2825ec91
SHA1 6ebd22a588d35b914ad395541745251ff8abf3f3
SHA256 cd60c1f1e9828c3be01381b9d58987e96008072937becb1826f5532bedc1b59f
SHA512 e88b62ebb10df398d2e9d4a4b5d3ca73d276dc4ae7a17a92e3349ea9495e6f6485c6bfb9010ec899784b2b8df4d2182e390fae00f4241d9deb30930dfed5d3c0

C:\Users\Admin\AppData\Local\Temp\jgokzb0z\Microsoft.VisualStudio.CoreDotNet.C373FAE4CE04BE9DE0BC\Microsoft.VisualStudio.CoreDotNet.vsix

MD5 e103a5a02d8b54a1a4752923a60570bc
SHA1 00bd934e144355bb2a89e6e8e7650d83dcb74a95
SHA256 8ced30cd75f27b7842d7a9892ab6e762b663bf251bd84ed1273640695123f89d
SHA512 766b0125d5c180360e68738090f328f7b25cb7d508a04be4442d2271274a2ebfe2c714219098d1ee0b1e0875111f9083a1f594bd5fbdd6b9783f943c50ff7550

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 33d2a0e74147e733fe5a588337f18316
SHA1 88500ba94a9e5965203228c42c3099b6fe6989da
SHA256 990157f69b663f4585dd67b817c30de9f685d1ea1d953922b28e512d232650f9
SHA512 f20a80cd16bcbdfab88f6f2737b3983233ff3bf87dadc452e511053861f98ca9fc8a988c97d48625356b299495912c99dff257a4511d1c17aa73c67e92ad6179

C:\Users\Admin\AppData\Local\Temp\jgokzb0z\Microsoft.VisualStudio.UIInternal.Guide.2B1E3182496E0BAD4173\Microsoft.VisualStudio.UIInternal.Guide.vsix

MD5 a610792fddcbc0a66565c38b9d2c26ed
SHA1 1f33117912b3828d097c7ce616256f18b3b7edda
SHA256 22b1da379ad3142c71d7eb74c3d9c834bec259639b94a905e898c0803fc88e9a
SHA512 7e771a28c154145834672dd3650f3646b1d5698ff9f5577a5012e3c0d6c0e8d817dcc278e5e5a5f881ecb5d6deabfb280950942fd725faaa7928319330c86a80