Analysis Overview
Threat Level: Known bad
The file http://getsolara.dev was found to be: Known bad.
Malicious Activity Summary
Downloads MZ/PE file
Checks computer location settings
Loads dropped DLL
Executes dropped EXE
Enumerates connected drives
Adds Run key to start application
Checks installed software on the system
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
System Location Discovery: System Language Discovery
Browser Information Discovery
Enumerates physical storage devices
Enumerates system info in registry
Suspicious use of AdjustPrivilegeToken
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
NTFS ADS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Uses Task Scheduler COM API
Suspicious use of WriteProcessMemory
Checks processor information in registry
Modifies data under HKEY_USERS
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-23 05:27
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-23 05:27
Reported
2024-08-23 05:30
Platform
win10v2004-20240802-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\VisualStudioSetup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\VisualStudioSetup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\VisualStudioSetup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\VisualStudioSetup.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\6EA26FFDFC3C3CADAF6C = "\"C:\\Program Files (x86)\\Microsoft Visual Studio\\Installer\\setup.exe\" resume --installPath \"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\" --runOnce --installSessionId 90f3f670-e121-410e-a1f5-842c8d7b35c6" | C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe | N/A |
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\pt-BR\VSIXInstaller.resources.dll | C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\System.Composition.AttributedModel.dll | C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\1033\BlendMui_Brand_708_10000.dll | C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\Microsoft.VisualStudio.ExtensionEngineContract.dll | C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\zh-Hans\Microsoft.VisualStudio.ExtensionEngine.resources.dll | C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\zh-Hant\Microsoft.VisualStudio.Services.WebApi.resources.dll | C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\Remote Debugger\x64\Runtime\Microsoft.VisualStudio.Debugger.Runtime.Desktop.dll | C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio\Installer\Assets\Installer.70x70.contrast-black_scale-140.png | C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio\Installer\Feedback\x86\KernelTraceControl.dll | C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\CommandLine.dll | C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\es\Microsoft.VisualStudio.Imaging.resources.dll | C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\es\Microsoft.VisualStudio.Services.WebApi.resources.dll | C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\fr\Microsoft.VisualStudio.Composition.resources.dll | C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\it\StreamJsonRpc.resources.dll | C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\pl\Microsoft.VisualStudio.Services.Common.resources.dll | C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio\Installer\Assets\Installer.70x70.contrast-black_scale-100.png | C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio\Installer\Feedback\Microsoft.VisualStudio.Interop.dll | C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio\Installer\pt-BR\vs_layout.resources.dll | C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\de\Microsoft.VisualStudio.Composition.resources.dll | C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\pt-BR\Microsoft.VisualStudio.Setup.resources.dll | C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\zh-Hans\Microsoft.VisualStudio.Services.Common.resources.dll | C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio\Installer\Assets\Installer.70x70.contrast-white_scale-100.png | C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\ko\VSIXInstaller.resources.dll | C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\tr\Microsoft.VisualStudio.Imaging.resources.dll | C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\zh-Hant\Microsoft.VisualStudio.Utilities.resources.dll | C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\ru\Microsoft.ServiceHub.Resources.dll | C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio\Installer\vs_installer.version.json | C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio\Installer\zh-Hans\vs_layout.resources.dll | C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio\Installer\Assets\Installer.150x150.contrast-black_scale-140.png | C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\cs\Microsoft.VisualStudio.Utilities.resources.dll | C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\Microsoft.VisualStudio.Setup.NuGet.Packaging.dll.config | C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\pl\Microsoft.VisualStudio.Threading.resources.dll | C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\zh-Hans\Microsoft.VisualStudio.Utilities.resources.dll | C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Current\Bin\amd64\Microsoft.Build.Tasks.Core.dll | C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\es\Microsoft.VisualStudio.ExtensionEngine.resources.dll | C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\Microsoft.Internal.VisualStudio.Interop.dll | C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\pt-BR\Microsoft.ServiceHub.Resources.dll | C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\zh-Hans\Microsoft.VisualStudio.Imaging.resources.dll | C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\ru\Microsoft.VisualStudio.Validation.resources.dll | C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\System.Composition.Convention.dll | C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio\Installer\vs_installer.windows.exe | C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\Remote Debugger\x86\Runtime\Microsoft.VisualStudio.Debugger.Runtime.NetCoreApp.dll | C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio\Installer\feedback.exe | C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio\Installer\Feedback\amd64\vcruntime140.dll | C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio\Installer\Feedback\msalruntime_x86.dll | C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio\Installer\Feedback\pt-BR\feedback.resources.dll | C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\ko\Microsoft.VisualStudio.Setup.Common.resources.dll | C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\ru\Microsoft.ServiceHub.Framework.resources.dll | C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\ru\VSInstallerElevationService.Contracts.resources.dll | C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\tr\Microsoft.VisualStudio.Setup.InstallerResources.resources.dll | C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio\Installer\Assets\Installer.70x70.contrast-black_scale-80.png | C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio\Installer\it\vs_layout.resources.dll | C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\es\Microsoft.VisualStudio.Setup.Common.resources.dll | C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\it\Microsoft.VisualStudio.Setup.Common.resources.dll | C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\tr\Microsoft.VisualStudio.Setup.resources.dll | C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.imagemanifest | C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Current\Bin\amd64\Microsoft.Build.Tasks.Core.dll | C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\CheckHyperVHost.exe | C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\pt-BR\Microsoft.TeamFoundation.Common.resources.dll | C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\Tools\Microsoft.VisualStudio.DevShell.dll | C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\en\Microsoft.VisualStudio.Imaging.resources.dll | C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\pt-BR\StreamJsonRpc.resources.dll | C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\runtimes\win-x86\native\msalruntime_x86.dll | C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\zh-Hant\VSInstallerElevationService.Contracts.resources.dll | C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\e595e24.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenservicelock.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenservicelock.dat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\Installer\e595e24.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{E407C30C-C3AA-4C6E-8394-9685770C9612} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5F8B.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Checks processor information in registry
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 | C:\Windows\system32\msiexec.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-945322488-2060912225-3527527000-1000\{2802EEA7-06F6-4603-870F-6D7DB73EA37E} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 981804.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://getsolara.dev
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c78546f8,0x7ff9c7854708,0x7ff9c7854718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff9b653cc40,0x7ff9b653cc4c,0x7ff9b653cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2056,i,6705053526160675332,15494597969804457071,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2052 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1944,i,6705053526160675332,15494597969804457071,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2172 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2308,i,6705053526160675332,15494597969804457071,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2468 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3160,i,6705053526160675332,15494597969804457071,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3172 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3224,i,6705053526160675332,15494597969804457071,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3240 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4600,i,6705053526160675332,15494597969804457071,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6020 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5988 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6464 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4888 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,14228138968090349744,18003983268576592933,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:8
C:\Users\Admin\Downloads\VisualStudioSetup.exe
"C:\Users\Admin\Downloads\VisualStudioSetup.exe"
C:\Users\Admin\Downloads\VisualStudioSetup.exe
"C:\Users\Admin\Downloads\VisualStudioSetup.exe"
C:\Users\Admin\Downloads\VisualStudioSetup.exe
"C:\Users\Admin\Downloads\VisualStudioSetup.exe"
C:\Users\Admin\Downloads\VisualStudioSetup.exe
"C:\Users\Admin\Downloads\VisualStudioSetup.exe"
C:\Users\Admin\AppData\Local\Temp\3ba0baf7386941421519a26f\vs_bootstrapper_d15\vs_setup_bootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\3ba0baf7386941421519a26f\vs_bootstrapper_d15\vs_setup_bootstrapper.exe" --env "_SFX_CAB_EXE_PACKAGE:C:\Users\Admin\Downloads\VisualStudioSetup.exe _SFX_CAB_EXE_ORIGINALWORKINGDIR:C:\Users\Admin\Downloads"
C:\Users\Admin\AppData\Local\Temp\131e6214b63b3e017ac37f93\vs_bootstrapper_d15\vs_setup_bootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\131e6214b63b3e017ac37f93\vs_bootstrapper_d15\vs_setup_bootstrapper.exe" --env "_SFX_CAB_EXE_PACKAGE:C:\Users\Admin\Downloads\VisualStudioSetup.exe _SFX_CAB_EXE_ORIGINALWORKINGDIR:C:\Users\Admin\Downloads"
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.exe" --env "_SFX_CAB_EXE_PACKAGE:C:\Users\Admin\Downloads\VisualStudioSetup.exe _SFX_CAB_EXE_ORIGINALWORKINGDIR:C:\Users\Admin\Downloads"
C:\Windows\SysWOW64\getmac.exe
"getmac"
C:\Users\Admin\AppData\Local\Temp\d392a2f42f9247e5c2d60a86\vs_bootstrapper_d15\vs_setup_bootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\d392a2f42f9247e5c2d60a86\vs_bootstrapper_d15\vs_setup_bootstrapper.exe" --env "_SFX_CAB_EXE_PACKAGE:C:\Users\Admin\Downloads\VisualStudioSetup.exe _SFX_CAB_EXE_ORIGINALWORKINGDIR:C:\Users\Admin\Downloads"
C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe
"C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe" /finalizeInstall install --in "C:\ProgramData\Microsoft\VisualStudio\Packages\_bootstrapper\vs_setup_bootstrapper_202408230528283693.json" --locale en-US --activityId "7586ab26-6066-4a39-9c44-a7ca40b86e1d" --campaign "2030:6e286be14298477f89dd561dc3300c36" --pipe "9a413dcf-0ed7-43d0-a296-6c9811c15737"
C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe
"C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe" /finalizeInstall install --in "C:\ProgramData\Microsoft\VisualStudio\Packages\_bootstrapper\vs_setup_bootstrapper_202408230528313013.json" --locale en-US --activityId "f31f90d4-bb5e-4be7-968e-23f0aa390266" --campaign "2030:6e286be14298477f89dd561dc3300c36" --pipe "3a4827b5-6259-4bb5-b7d5-844375fda23b"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x428 0x3ec
C:\Program Files (x86)\Microsoft Visual Studio\Installer\vs_installer.windows.exe
"C:\Program Files (x86)\Microsoft Visual Studio\Installer\vs_installer.windows.exe" /finalizeinstall 6F320B93-EE3C-4826-85E0-ADF79F8D4C61 "Visual Studio Installer" "Microsoft Visual Studio Installer" 3.11.2177.7163 0 "C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe"
C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe
"C:\Program Files (x86)\Microsoft Visual Studio\Installer\setup.exe" elevate --activityId 7586ab26-6066-4a39-9c44-a7ca40b86e1d --campaign 2030:6e286be14298477f89dd561dc3300c36 --handle 589892 --locale en-US --pid 4504 --pipeName 4515ff99329c43f88313abdff9f90183 --serializedSession "{\"TelemetryLevel\":null,\"IsOptedIn\":true,\"HostName\":\"Default\",\"AppInsightsInstrumentationKey\":\"f144292e-e3b2-4011-ac90-20e5c03fbce5\",\"AsimovInstrumentationKey\":\"AIF-312cbd79-9dbb-4c48-a7da-3cc2a931cb70\",\"CollectorApiKey\":\"f3e86b4023cc43f0be495508d51f588a-f70d0e59-0fb0-4473-9f19-b4024cc340be-7296\",\"AppId\":1000,\"UserId\":\"9ba3fc80-2adf-4a94-8617-e1690406200b\",\"Id\":\"6ab1ba98-2dc1-4f42-9c22-2027c962e671\",\"ProcessStartTime\":638599877360664394,\"SkuName\":null,\"VSExeVersion\":null,\"BucketFiltersToEnableWatsonForFaults\":[{\"AdditionalProperties\":[],\"Id\":\"a02930d9-c607-41c3-8698-0fd9196735a5\",\"WatsonEventType\":\"VisualStudioNonFatalErrors2\",\"BucketParameterFilters\":[null,null,\"(?i)vs\\.setup.*\",null,null,null,null,null,null,null]},{\"AdditionalProperties\":[],\"Id\":\"64a13603-6d89-42e4-a299-13f77e5ad306\",\"WatsonEventType\":\"VisualStudioNonFatalErrors2\",\"BucketParameterFilters\":[null,null,\"(?i)vs\\.willow.*\",null,null,null,null,null,null,null]}],\"BucketFiltersToAddDumpsToFaults\":[]}"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5024,i,6705053526160675332,15494597969804457071,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1128 /prefetch:8
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe" queue pause
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe" queue pause
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | getsolara.dev | udp |
| US | 104.21.93.27:80 | getsolara.dev | tcp |
| US | 104.21.93.27:80 | getsolara.dev | tcp |
| US | 8.8.8.8:53 | www.cloudflare.com | udp |
| US | 104.21.93.27:443 | getsolara.dev | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.93.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 142.250.179.68:443 | www.google.com | tcp |
| FR | 142.250.179.68:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 227.74.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.179.250.142.in-addr.arpa | udp |
| GB | 92.123.142.106:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 106.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 92.123.142.177:443 | r.bing.com | tcp |
| GB | 92.123.142.177:443 | r.bing.com | tcp |
| GB | 92.123.142.177:443 | r.bing.com | tcp |
| GB | 92.123.142.177:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 177.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | visualstudio.microsoft.com | udp |
| GB | 23.211.97.83:443 | visualstudio.microsoft.com | tcp |
| GB | 23.211.97.83:443 | visualstudio.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| GB | 23.46.73.244:443 | www.microsoft.com | tcp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 8.8.8.8:53 | 83.97.211.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.73.46.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 104.208.16.88:443 | browser.events.data.microsoft.com | tcp |
| GB | 23.46.73.244:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | mem.gfx.ms | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | 19.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | app.vssps.visualstudio.com | udp |
| US | 13.107.42.18:443 | app.vssps.visualstudio.com | tcp |
| US | 104.208.16.88:443 | browser.events.data.microsoft.com | tcp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | acctcdn.msftauth.net | udp |
| US | 8.8.8.8:53 | acctcdn.msauth.net | udp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| US | 152.199.21.175:443 | acctcdn.msftauth.net | tcp |
| US | 8.8.8.8:53 | acctcdnmsftuswe2.azureedge.net | udp |
| US | 8.8.8.8:53 | lgincdnmsftuswe2.azureedge.net | udp |
| US | 8.8.8.8:53 | acctcdnvzeuno.azureedge.net | udp |
| US | 8.8.8.8:53 | lgincdnvzeuno.azureedge.net | udp |
| US | 8.8.8.8:53 | logincdn.msftauth.net | udp |
| US | 8.8.8.8:53 | 18.42.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.64.8.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.33.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | img.youtube.com | udp |
| FR | 142.250.75.238:443 | img.youtube.com | tcp |
| FR | 142.250.75.238:443 | img.youtube.com | tcp |
| FR | 142.250.75.238:443 | img.youtube.com | tcp |
| FR | 142.250.75.238:443 | img.youtube.com | tcp |
| FR | 142.250.75.238:443 | img.youtube.com | tcp |
| FR | 142.250.75.238:443 | img.youtube.com | tcp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c2rsetup.officeapps.live.com | udp |
| IE | 52.111.236.68:443 | c2rsetup.officeapps.live.com | tcp |
| IE | 52.111.236.68:443 | c2rsetup.officeapps.live.com | tcp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | az667904.vo.msecnd.net | udp |
| US | 152.199.19.161:443 | az667904.vo.msecnd.net | tcp |
| US | 8.8.8.8:53 | az700632.vo.msecnd.net | udp |
| US | 152.199.19.161:443 | az700632.vo.msecnd.net | tcp |
| US | 8.8.8.8:53 | targetednotifications-tm.trafficmanager.net | udp |
| US | 20.42.128.98:443 | targetednotifications-tm.trafficmanager.net | tcp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.169.36.23.in-addr.arpa | udp |
| US | 152.199.19.161:443 | az700632.vo.msecnd.net | tcp |
| US | 152.199.19.161:443 | az700632.vo.msecnd.net | tcp |
| US | 8.8.8.8:53 | 98.128.42.20.in-addr.arpa | udp |
| US | 152.199.19.161:443 | az700632.vo.msecnd.net | tcp |
| US | 152.199.19.161:443 | az700632.vo.msecnd.net | tcp |
| US | 20.42.128.98:443 | targetednotifications-tm.trafficmanager.net | tcp |
| US | 20.42.128.98:443 | targetednotifications-tm.trafficmanager.net | tcp |
| US | 8.8.8.8:53 | aka.ms | udp |
| GB | 92.123.242.18:443 | aka.ms | tcp |
| US | 152.199.19.161:443 | az700632.vo.msecnd.net | tcp |
| US | 152.199.19.161:443 | az700632.vo.msecnd.net | tcp |
| US | 8.8.8.8:53 | download.visualstudio.microsoft.com | udp |
| FR | 68.232.34.200:443 | download.visualstudio.microsoft.com | tcp |
| US | 8.8.8.8:53 | targetednotifications-tm.trafficmanager.net | udp |
| US | 20.42.128.98:443 | targetednotifications-tm.trafficmanager.net | tcp |
| GB | 92.123.242.18:443 | aka.ms | tcp |
| US | 8.8.8.8:53 | 18.242.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.34.232.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chrome.google.com | udp |
| FR | 172.217.20.206:443 | chrome.google.com | tcp |
| US | 8.8.8.8:53 | 206.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| GB | 92.123.242.18:443 | aka.ms | tcp |
| US | 8.8.8.8:53 | visualstudio-devdiv-c2s.msedge.net | udp |
| US | 152.199.19.161:443 | az700632.vo.msecnd.net | tcp |
| US | 13.107.5.88:443 | visualstudio-devdiv-c2s.msedge.net | tcp |
| US | 8.8.8.8:53 | 88.5.107.13.in-addr.arpa | udp |
| US | 152.199.19.161:443 | az700632.vo.msecnd.net | tcp |
| US | 152.199.19.161:443 | az700632.vo.msecnd.net | tcp |
| US | 8.8.8.8:53 | sendvsfeedback2.azurewebsites.net | udp |
| US | 40.112.143.140:443 | sendvsfeedback2.azurewebsites.net | tcp |
| US | 8.8.8.8:53 | visualstudio-devdiv-c2s.msedge.net | udp |
| US | 13.107.5.88:443 | visualstudio-devdiv-c2s.msedge.net | tcp |
| US | 8.8.8.8:53 | 140.143.112.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | targetednotifications-tm.trafficmanager.net | udp |
| US | 20.42.128.98:443 | targetednotifications-tm.trafficmanager.net | tcp |
| US | 8.8.8.8:53 | aka.ms | udp |
| GB | 92.123.242.18:443 | aka.ms | tcp |
| US | 8.8.8.8:53 | download.visualstudio.microsoft.com | udp |
| FR | 68.232.34.200:443 | download.visualstudio.microsoft.com | tcp |
| US | 8.8.8.8:53 | mobile.events.data.microsoft.com | udp |
| AU | 104.46.162.227:443 | mobile.events.data.microsoft.com | tcp |
| GB | 92.123.242.18:443 | aka.ms | tcp |
| FR | 68.232.34.200:443 | download.visualstudio.microsoft.com | tcp |
| GB | 92.123.242.18:443 | aka.ms | tcp |
| US | 152.199.19.161:443 | az700632.vo.msecnd.net | tcp |
| US | 13.107.5.88:443 | visualstudio-devdiv-c2s.msedge.net | tcp |
| US | 8.8.8.8:53 | 227.162.46.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vortex.data.microsoft.com | udp |
| US | 20.42.73.24:443 | vortex.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 24.73.42.20.in-addr.arpa | udp |
| US | 152.199.19.161:443 | az700632.vo.msecnd.net | tcp |
| US | 13.107.5.88:443 | visualstudio-devdiv-c2s.msedge.net | tcp |
| US | 152.199.19.161:443 | az700632.vo.msecnd.net | tcp |
| US | 8.8.8.8:53 | vsstartpagenewsfeed.azureedge.net | udp |
| US | 152.199.19.161:443 | vsstartpagenewsfeed.azureedge.net | tcp |
| GB | 92.123.242.18:443 | aka.ms | tcp |
| GB | 92.123.242.18:443 | aka.ms | tcp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| GB | 92.123.242.18:443 | aka.ms | tcp |
| GB | 92.123.242.18:443 | aka.ms | tcp |
| GB | 92.123.242.18:443 | aka.ms | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 138.201.86.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | az667904.vo.msecnd.net | udp |
| US | 152.199.19.161:443 | az667904.vo.msecnd.net | tcp |
| US | 152.199.19.161:443 | az667904.vo.msecnd.net | tcp |
| US | 13.107.5.88:443 | visualstudio-devdiv-c2s.msedge.net | tcp |
| US | 152.199.19.161:443 | az667904.vo.msecnd.net | tcp |
| US | 8.8.8.8:53 | targetednotifications-tm.trafficmanager.net | udp |
| US | 13.85.16.224:443 | targetednotifications-tm.trafficmanager.net | tcp |
| US | 8.8.8.8:53 | 224.16.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| FR | 172.217.18.195:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 195.18.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download.visualstudio.microsoft.com | udp |
| FR | 68.232.34.200:443 | download.visualstudio.microsoft.com | tcp |
| FR | 68.232.34.200:443 | download.visualstudio.microsoft.com | tcp |
| FR | 68.232.34.200:443 | download.visualstudio.microsoft.com | tcp |
| FR | 68.232.34.200:443 | download.visualstudio.microsoft.com | tcp |
| FR | 68.232.34.200:443 | download.visualstudio.microsoft.com | tcp |
| FR | 68.232.34.200:443 | download.visualstudio.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0446fcdd21b016db1f468971fb82a488 |
| SHA1 | 726b91562bb75f80981f381e3c69d7d832c87c9d |
| SHA256 | 62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222 |
| SHA512 | 1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31 |
\??\pipe\LOCAL\crashpad_3436_RGTNVVNBVSBASHIY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9b008261dda31857d68792b46af6dd6d |
| SHA1 | e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3 |
| SHA256 | 9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da |
| SHA512 | 78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0088fd40add0174d1f584245f7eadbbe |
| SHA1 | f8b21d16357df22f6512e89473b9ec24f68f3beb |
| SHA256 | 300764c12e5fc970699f08319f2160b772ee84526e67d2d55fb1306e9e7d81b6 |
| SHA512 | c0320e99cfd944f713942696410b6fe70623b1e226617ac076de250ad173bc23b1ab52413897b51775a4c3308d4a9fa0bd72595b5fb83a9414e5da972584e7c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9b1966c0abb01dec0058f343a67b49db |
| SHA1 | d710d263b663f17e3e0f9c4b16f77f20cedb68e2 |
| SHA256 | 82d7d3d586c7b483b4954fa852c20cd43b644e4dfbd5502a948a3383ab956f89 |
| SHA512 | c2f50ea2e2fae358ab8095fa5bc8e7cc3cf6df0786d4652c5d603f14689fcfff2e3fa7f825b687055aec9d0b049d52f449b1c9586cb41e026ba75b386bfe8018 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4e25a7e0d87ae95820f6ab258a8e3e12 |
| SHA1 | d9555ea5605e36971bffb18c57bbbc6c39e23a8f |
| SHA256 | 0d5fc3ebb0c608f2092f50a2b4ac68aec5f325a4763d041734bb8aa52450cd57 |
| SHA512 | b9e7770395e4f47cedae47f7e4c4a96551e03efeece8b41caf9df8bad164f75c8a5369080faa89cdb29436979d4606572973ff9768cb0df63ffda846708eb3c4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d4f39e5ea4e65c8421b8155928a6bafd |
| SHA1 | 75801ca526be5c9f363b11d66b5c962434b38236 |
| SHA256 | 9c8065bd71638bf76344f0a8b534553edad599276bf27ce54d0099c9bb554545 |
| SHA512 | 28ccb5f2bbf06b127c664da66f4f21f01936c02f9f4b956f933e383e3e38ebf68a9bcd4092a32feac34718fc8ae991ce9914cd04fd90fdcf2ace9264ecb5651a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5f1037ef9f53abf2be30701108565fe0 |
| SHA1 | 14381cc3eadf9ede2780d85e2216f339eda4de39 |
| SHA256 | 8dd9cf52134be79f6701d9fa2370794bccac5a80e1066367e2c65a8338bfb212 |
| SHA512 | a286128c1ed630f89787286aa3d898048bc8c3694f158c0083135ef082fc7c15a12ab2bc6747a5a174f145f92a92fdc56f01007bdd9837d25cc3aa031a1a70d1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6ef03423889b2a6049fdd82357867f48 |
| SHA1 | 7fe192cfca298a2b31d8002d31d1fb15e9e1fe1c |
| SHA256 | f90f0e934ab3a9067dd977fccc0e377042270a2ba173359f72431da8bb0b98e7 |
| SHA512 | 21d5acd65e8dd1c42dbe033ac36572ec12e47e8d5c1e6331e92d5b59a865e66b95f37d1bcd97ab06af9413908d92dcf54b3191d2975f39553c49da69c1185be5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | bf3696de34abc2a424d953d22e5ed001 |
| SHA1 | fdf5c59209d6c465c43a1fb9911b01ca7b182a1a |
| SHA256 | cca4305da07a597aad9459c3889f65cef336e466217518de3431f6bbe8e42dec |
| SHA512 | 9eb3ae6d1b332649df604fabfec381de213a7d5028852ddd82da0435c82bdc92667582d447214ae0eb924ea05dba6634402034e49bd1cb9d8ce60b12f8533a9e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f3b397ca0c72b9f131d3b36485c9cc1f |
| SHA1 | e7a40085075b634edbd7e3a775aa3bec4dc00992 |
| SHA256 | ef37751822084fe29c7253db65595816d2e11d43fa081751af51adf77466f4fb |
| SHA512 | c9accdcbe3700a4b4695dd72ccf4f2fdb62c1e5d9e4c1abefac3c70ebdf3724ac5bc92e9ce7ac52a8c69f0d555e4ae6d207042325696b326913146fe4bee5316 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a367fcfa5c08a30b161cd7d7be5e464f |
| SHA1 | 0285f456e7bb87c9ab5d09951655142fdefb3619 |
| SHA256 | 9ea41586bffd9aada1d6ed8894b72f5f843ff4f95ad7084d92e709b5473c1828 |
| SHA512 | 2816fbd7bf495f07c1c3fba50778b01612818e4ebfa5342a370e2a283dcdfefa01aae0d18e419731a646c81730645ca26bb3d4aa5431eef42c39108cedeaed93 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582b41.TMP
| MD5 | 661760f65468e15dd28c1fd21fb55e6d |
| SHA1 | 207638003735c9b113b1f47bb043cdcdbf4b0b5f |
| SHA256 | 0a5f22651f8fe6179e924a10a444b7c394c56e1ed6015d3fc336198252984c0e |
| SHA512 | 6454c5f69a2d7d7f0df4f066f539561c365bb6b14c466f282a99bf1116b72d757bef0bf03a0e0c68a7538a02a993fc070c52133ca2162c8496017053194f441c |
C:\Users\Admin\Downloads\Unconfirmed 981804.crdownload
| MD5 | 0c098394cec740aa80f9a560256294f7 |
| SHA1 | 44b206db160ace29fa18e18961978a684e1bb41d |
| SHA256 | 51a494185140e5be5189a428d935327e4348cee302876adab007e750547abcea |
| SHA512 | c496d670209df32a009f199b86fb6c0ffd1413ca6108e9a0e236792df347cdbac7978ac87a3abda3818e6317c1ae88a0730d8138236dba16ca573188c80987b2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6466fccb6aad552c6084255782db8d20 |
| SHA1 | 5470d101909556701848e46aa1cf188a75930fe5 |
| SHA256 | 9447ffa25ab5dc8745435380436acbfb60ae5bcadb50b9e4baa8df74a69bf9b6 |
| SHA512 | 6824dee9f68c25938cfb90a515eb809e7392c5c1e53eef7eb4a120f7518a11d6cefad9b65895483843f683ce1b2ed8fa59416b05c1ba9bac7635e1aa4058c9ae |
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\HelpFile\1046\help.html
| MD5 | c2bdeaa46b13e3cde01e3dcaa734c0f2 |
| SHA1 | f91bb4cf0c65422a7f16d362903cc8a62e6d3b8b |
| SHA256 | 5a0802d6ca8d63d8476eec79bdbd6079a17dc149d5d8c7df13059d47bbb09f3a |
| SHA512 | 158a0d568d7c9fa4255299b317ab097fecb13a0072d19e09ef6387f75b0a847580a4c38c63618f4035698d1605f86fc40e723c74666409e0a40753438b4b5a29 |
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\HelpFile\1045\help.html
| MD5 | 9147bc24eace34955b865daa39dad8ab |
| SHA1 | 965e855533c6f247a3f4fc785b805096efc43850 |
| SHA256 | 322db9ffdb987d0c824a4de3b8db40722bcaf95833dcf90e7b5f250a841e592b |
| SHA512 | 2dc633abeb49b54ee4afaa21bb9dd4d43b7769a6df6ca1f3e777b7aeeabc0b8b0df2ef405e0fe4d4deffc680fb1f3b9e4c4d03d8fb8d13fbc9b11a0711670105 |
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\HelpFile\1055\help.html
| MD5 | c7b60e697671394781260d5b2cd21810 |
| SHA1 | 71219978a2e4cd53d3d6ec2084dab672e17935e6 |
| SHA256 | ccf766b55cb0cc623f2705206a2af04f2c83801580bc40a5ac20f644b814ab8f |
| SHA512 | 65f3adb35f1580bc757d37bb458eb1b2a1bbfaffb56eb514b9ca55c663ed15ab6d3f7e9557167cdfa7e4fbd8c4ee671b9fbac20440b62f1129922e4aebf9bdc2 |
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\Microsoft.VisualStudio.Setup.Download.dll
| MD5 | ff4d620948eba2e756b548bf413d1695 |
| SHA1 | 03963ceeef9ce06cbc1db072e8e8838a3b43a384 |
| SHA256 | ce87a7f28c3a639558744e92fe5fd14956824ef2b591923b5ba8988fd3af5b4f |
| SHA512 | 053a3b0978d94788d21a4a4cfbe2c9dcebf3613760a965c0f7f28ffeafb149cefb948314812e5e885f6cce0be2cbc05595d92a8260fad9025701c2389a4c1c3b |
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\HelpFile\1029\help.html
| MD5 | 432e50f4764d69625e5143571f823b6a |
| SHA1 | b0a9336cb2c54aa7f65c2cd3856ae17c47aad751 |
| SHA256 | c877fe7cd9544369a42a61b5c51264d74bfca5b4bc5d4dd1fa703428261d6abc |
| SHA512 | 5818f4da7924cb49ae6606b0a8df56b9204bf9cdf11b213b5c503e11d43c3088b8196a7350a6f461ba025cb52dabbb14429a128e88cfdbb8cc9fcb7b6398a312 |
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\HelpFile\1028\help.html
| MD5 | eeaf8cbf54b4e891ff6be38cf44e3814 |
| SHA1 | 7403ea3866651a9cf02c760721ffdddca1fca5c5 |
| SHA256 | aad5b2acf30eb9c2dd35ff3b5c6c1a76cc4f1ae0ab6f382a635f5c329439f3af |
| SHA512 | 349fcea1eb09619e12815fc467f6e7aa39cf3baf8b6557d00977438f81142f27c3210492735eaf096bbb0a5525adde6c2093072aaa05edffc8e753020914a43a |
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\HelpFile\2052\help.html
| MD5 | 1bd86fbd65d005648103e050d9beb9f1 |
| SHA1 | 13cad440b20cfe8337e425430892c946731c0ad8 |
| SHA256 | 740117157b31bd5c634a232a0ba98a692b28ed2b4829ef52372200eb547d07cf |
| SHA512 | 0bdb59979f5a6eca3e77c23d0d3463c9d8887c1e65bb12de3706c1a19067f78aba63022579e8ae6299cfe7b22f84c19fc947426d22d38d4d753fbda337175f79 |
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\HelpFile\1033\help.html
| MD5 | 4f7415e811acbdded478b40c3e7b287e |
| SHA1 | d0ed04c38662f1039c40d9ad247b47dc88c6be5e |
| SHA256 | 55846d86dbe60b1b663018d72befa0f53a61d34a4eb093563b93a41b2faa34a5 |
| SHA512 | a0c38d7591347b9a4b7cd906fe95d8f479f0270aefc39d94d2c28e76e05abe337e5557d0b24a3cafeb045f1163094ac79c01a5bd11b28e4c277d430d1668c4c3 |
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\es\vs_setup_bootstrapper.resources.dll
| MD5 | 4fc3fd8d5d65de16beaa28c5617b641b |
| SHA1 | 48a4235a8f04da93b16f2a34035b8567e8ca122b |
| SHA256 | 5a0c6fadf77292c5e552dbc1ead59ebc1d653a381670259b738822924dc38675 |
| SHA512 | e02ad4c96637a52f3102505c20c83f02da916ac6c218fe42a6ea6eba3b4b61a240291099492495d20e3f3fa492405a2fce63420bdaac560e58554028ad6bb24a |
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\cs\vs_setup_bootstrapper.resources.dll
| MD5 | a9fc7f4de9955294d5e5f72546825a45 |
| SHA1 | ba122e5e0c31bbb08a1422307caa956f40796250 |
| SHA256 | db67f1bac2c71a3aba4b5aa21eb427d3c439015bf4cd019ce6c8444f98887a2e |
| SHA512 | 21f7fc7fed7f8aca68860711fc11103ea34452a89d7beee0e7bea5ffd3a2e3237cef72da582f0dadffee9199c75be154a61186e8a1df7297bfcd7f4326e2a671 |
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.json
| MD5 | ad891c3b02a02419dc60db8c273a8315 |
| SHA1 | 141a08ca0e25d56bdb35fc71e1c767667079114a |
| SHA256 | 186c4b16ee009564819730b358dbdbb0792fc27e602698c5f0a16e20104647c7 |
| SHA512 | 64cdaf1d6d1b4072e24f3926f91103abf946ff044cda34a9070586c2d2927bcdfc53381c955e447a38965ee426373259759025f97b715158afc429080956196f |
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\detection.json
| MD5 | 782f4beae90d11351db508f38271eb26 |
| SHA1 | f1e92aea9e2cd005c2fb6d4face0258d4f1d8b6c |
| SHA256 | c828a2e5b4045ce36ecf5b49d33d6404c9d6f865df9b3c9623787c2332df07d9 |
| SHA512 | 0a02beeca5c4e64044692b665507378e6f8b38e519a17c3ceccca1e87f85e1e2e7b3598e598fc84c962d3a5c723b28b52ee0351faaec82a846f0313f3c21e0e4 |
C:\Users\Admin\AppData\Local\Temp\3ba0baf7386941421519a26f\vs_bootstrapper_d15\vs_setup_bootstrapper.exe.config
| MD5 | 72f9933c6e247a13353d9725cd22c2da |
| SHA1 | 5b76599644e7c70cd5f08e5a80cec225c891a9da |
| SHA256 | 1f423b67ee6ca6a714507ab08fbd383b6d442bd98d321f0a640d533d5a516650 |
| SHA512 | afc7b5959506d197246fb482b0a2ca8f1ebfb5957234e547151d1e7a40047a2974768ccdf5c321a984685d99d4f7a1b0fbfb7fe81c40387a229808e45814a6de |
C:\Users\Admin\AppData\Local\Temp\131e6214b63b3e017ac37f93\vs_bootstrapper_d15\vs_setup_bootstrapper.exe
| MD5 | 6bbcfe7ef974f24eca796d587456162b |
| SHA1 | b5d5bc64550245a5e794d7e0b4d4e5a7b20cb8b1 |
| SHA256 | fc9d044385526fa086c6ef4203a5eec913f1e2f826301b5a4256d52073437afc |
| SHA512 | d5ddf95e0449f025f60fed1e0b1a69e9182d83e461354f19916e87ffc03e5f5c55ab3654c2f67731e192747dd701540bcfd1287296c9c8d968cd3c03ab55716f |
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\Microsoft.VisualStudio.Setup.dll
| MD5 | d5d28455b19ad62d79bd8d599d4fee08 |
| SHA1 | 2349898c05657113cf96212a17b19904310e9684 |
| SHA256 | ab86f841443e1825d918122bd1300ce56384fd8117cee1f96c05d3725308c68b |
| SHA512 | 9ec54ad3d5619fde9b2d85c38f212650d7d5abbc5f94203680499af9f753509b6624638e1b59be97588c9b52b83816b319e6715214fbd7a13dfa211fbe3f7987 |
C:\Users\Admin\AppData\Local\Temp\131e6214b63b3e017ac37f93\vs_bootstrapper_d15\Microsoft.VisualStudio.Setup.Common.dll
| MD5 | 4bade82b2e754e515b43d0d8c6204f3c |
| SHA1 | 9c3cd921503aec08de934eb988888efefae27327 |
| SHA256 | 3d224ed38c0c33e2815d1d441a3325a070a250c9883df0bfcb015011077686f1 |
| SHA512 | 6f195adc09b13db9c0d57e0922444a476d57b019f94a1d2595d1924c1e3627d255eb5fac35c167e765c4a84c911bc8e76e965de9a799de631cdf4ce626051d05 |
memory/6792-903-0x0000000005A70000-0x0000000005AC0000-memory.dmp
memory/6792-902-0x0000000005750000-0x0000000005758000-memory.dmp
memory/6560-901-0x0000000005060000-0x0000000005152000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\Microsoft.VisualStudio.Telemetry.dll
| MD5 | 903f254110813906331bef23e680bb9d |
| SHA1 | 6e4adfae4281d0b5bd0d8efd8f8eb919e974bd7d |
| SHA256 | 148081b9aaaee96125f7d2f09acffb95d7ce1c50d4e7b4b3ca8f3e372e2b8425 |
| SHA512 | 150f5b438199faf8922390bc2cf93684de4a134e9c82f0e608954f02c47f630c8be22afe0349bd049bb1bc57dcd0951f9cf119713087940a769e076bae00c662 |
memory/6560-965-0x0000000004B30000-0x0000000004B38000-memory.dmp
memory/6560-964-0x0000000005450000-0x0000000005476000-memory.dmp
memory/6560-966-0x00000000058F0000-0x0000000005900000-memory.dmp
memory/6560-970-0x00000000059D0000-0x00000000059F2000-memory.dmp
memory/6560-971-0x0000000005B40000-0x0000000005E94000-memory.dmp
memory/6560-963-0x0000000005040000-0x0000000005052000-memory.dmp
memory/6560-962-0x00000000054E0000-0x0000000005592000-memory.dmp
memory/6560-896-0x0000000004EC0000-0x0000000004F54000-memory.dmp
memory/6560-972-0x0000000006BF0000-0x0000000006C56000-memory.dmp
memory/6560-1019-0x0000000006EA0000-0x0000000006F5A000-memory.dmp
memory/6792-884-0x0000000005770000-0x00000000058D8000-memory.dmp
memory/6800-878-0x0000000000370000-0x00000000003D8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\vs_setup_bootstrapper.config
| MD5 | 02a1ec74f1e2d09cd782083fbf92f2eb |
| SHA1 | f993b64ad4cbe5fd20cf48849ae25836f82e0194 |
| SHA256 | 79df1a0474df200a5c4098bfad7a979f7a70dbfdebecf0f0efa5fe701dbedb4f |
| SHA512 | 687e0de3ca40b55174597a0876d5415e4538c637702f52fa8656f01456554bee539af10b5e4b0158724f34cfb6f4296423b3ee5551b8294cb98c63dac463ec66 |
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\pl\vs_setup_bootstrapper.resources.dll
| MD5 | bdbdf55ac5acadda75e93ebbcdcefcd7 |
| SHA1 | e1150ceb541cf54a0d0f5267e0dada2dee902348 |
| SHA256 | 83c6d89bc3f772acd074ace0b52b13b19c9dd0b449c9a19a4fa14d7c2c60926f |
| SHA512 | 168cd2478bf0a3cbb71ca36cec109cc6e950431bbe96b562412b2ab994549f9883bed612cc0a74deb45cf82299424bf70bd9e4f4e5b473e34dda6c0c1eaa9f2f |
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\ko\vs_setup_bootstrapper.resources.dll
| MD5 | 1f4952dad29e29101a5b493b4fcb11e1 |
| SHA1 | 5f28fcc8a7410b08a3522c40004b59aa5eadedb2 |
| SHA256 | dac9f9570685279b74e517b88b9ca90aa3d3b99fb26029fccc0b9992d4265560 |
| SHA512 | d662001961182996252a92eb7a05a8133a77e9d1818ef184778c7590c6f2f45e986e73cdcfb86b6cb0dbd7275bc1ce4519b83b5ee912b1bdb4550ba81ec6ebbc |
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\ru\vs_setup_bootstrapper.resources.dll
| MD5 | 20de8d19ae8224bf3aeee2611cf1e5c7 |
| SHA1 | 7fea35f9d9e5f3cd156931155a8f0da5505f2fcd |
| SHA256 | 793d53914b75e17bff3055566c7e0939215cf1ac0864a859992dc2c4887e2632 |
| SHA512 | 063c46194e6e6a5299df263279c49ff7075f1fc0fafe979bdfcf38d45eadc7a942bb16c1c0a1214ea806ceb9003599096a2e52cabfd6474919d3a537f7c73a37 |
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\ja\vs_setup_bootstrapper.resources.dll
| MD5 | 6a616a1e7532d40553a5dfd7181303b4 |
| SHA1 | bfa82ffa9dceb0eca03ea63652e26affa13622a0 |
| SHA256 | 3ef3876e3b5c9e5c4c60033f611a212eb689ec28b7fd42bfa4ac27d08b6ebb12 |
| SHA512 | 7650a6dea181bfb87947b35d99be1274ee3625aa8e12b0324dd5859eeabb95f5a605a7c4513baed6d9b01f8f9c69b9b57298274bca459ebe040ddd4a376a2b93 |
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\it\vs_setup_bootstrapper.resources.dll
| MD5 | 523439a1f41f8c6c524ce3cbbc6ed7c5 |
| SHA1 | e154ffe4c62fc576f3a0a8c0496cb8d7474e6cbe |
| SHA256 | 182ba7e12c77411107721396abf49e595dd9b1604229a49900236b8a814ee80b |
| SHA512 | cf76d6fde575b813125b5695eb14b3fd84ea60c227ebce90d09cb8bdd5d5cf47a7df2ab0f150ccfe1b5685e87ef7da445205241a09c45916982187f57b9f4514 |
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\pt-BR\vs_setup_bootstrapper.resources.dll
| MD5 | fb510464649d2f7b5121e2214a626515 |
| SHA1 | bbb5ac77a8ed7a1c044b9942b9f93a10df782998 |
| SHA256 | 9f8a2bad392fe88a9a97d9484c5a03c3c3dd70a4b4c79ecec52e48ddf273f006 |
| SHA512 | 3a4343ce03b754ad1020d2778d1bc781502c51c1204b05d09eb1339922351dffabcad2141ca39e211597ec29cdf7dd0670337be633645a3a5ff6d07122cc3c63 |
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\zh-Hant\vs_setup_bootstrapper.resources.dll
| MD5 | 73a69907f71eb330ebffea26d5153d9e |
| SHA1 | 86086610bebac11685f8f646d2579eda90900778 |
| SHA256 | 6bfe6354a5a57d15ac1d97eeb3ae784a2c92095f45d2f5a7f4bf480c809cfc0e |
| SHA512 | 6e162b7f027ef72204ace2068f1017053ad45f87fb21b440d2d4bf41cc7ccb7b2de2b55e63050e310f5029ce40c78097308c7a59ca2ebbe781a07b09d1ae5967 |
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\de\vs_setup_bootstrapper.resources.dll
| MD5 | af6b7872d9b6b3edb7dde2ced75e7f28 |
| SHA1 | 7a6188da89c380fff520b2d9d21d54c619ac7c05 |
| SHA256 | 37569429e1551e6c4fc5414c2a5c737c9894d4f43075b40eeb58e8aa76d6804f |
| SHA512 | cffffc22cda1a0d9d150dd9b87d4c412232f283e0a263cc96d94dfaeb329ea1d0b111aebbe808b5020af7390710e2bd5f4ddb542830d4b258aaa498a5c54d3b5 |
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\fr\vs_setup_bootstrapper.resources.dll
| MD5 | 2f9099f68f30e8cc203b2cd371610ebb |
| SHA1 | d67128c246c6ce1f93af1802e8220ad8755bb510 |
| SHA256 | 389902ab84511eb0f527da87ab52bdf9be9a6f44d21dec8e4fb1011e998b0099 |
| SHA512 | f7b25a7d475f227e0ed745b0a5fe9779bf447ba7697da7ce99e7ac12a322dbf266a9ca2e5052069b0c99c665dd107dc95547083d888536735d32f127bfa488f5 |
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\zh-Hans\vs_setup_bootstrapper.resources.dll
| MD5 | e997c076661026181c9527921d480c41 |
| SHA1 | 1386ad5d62e0ba065e43d0e1ff72d57d6d45e70c |
| SHA256 | 9caf736134f72ce916367d66a1d5c4e80c43850203dbc841166756213702639e |
| SHA512 | dc429fe580a913ad7d3370488dcec6de83b9fda82e6e2444b1dab1934ea0cf81a4fdf347d0292468072937c6db7f92f64cead7f9704b6c63a78fa81623d9a732 |
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\tr\vs_setup_bootstrapper.resources.dll
| MD5 | 43be7c3cccdec3a5475e613a47f61578 |
| SHA1 | 971c6d7cf60638d31d924efd267bd4c9724586c8 |
| SHA256 | 3bf97c53ef37ddb0d1f6d02e1ac9a7d8f42c31eb4083801e0545ead28e09ca76 |
| SHA512 | 2d041d03e2988a5ec818a76d072c232ba413d6cc8430ef90a8b5a2b951a2484a458c117b51a740568c7916c7e2652ef2fd390ffc4dfa8d0bb4d96aa53f6035ad |
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\VSInstallerElevationService.Contracts.dll
| MD5 | da2cdc564df4ee0fed7e1527c553c801 |
| SHA1 | 81eb6a43beede788a279779cb2be5660b9346d44 |
| SHA256 | 58a0c79bd537c9673b73062a0e014601ce60baa4c5a9ea314837c2ac42241ae7 |
| SHA512 | 6c42cb1d1c70409895c47f3beecc9514ccbce8fdf4596d8032183207dbb54c0291bbe240fb2dda3490d4507e51648d5df38b8ef8c5df3dcd256317317784d4c5 |
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\System.Runtime.CompilerServices.Unsafe.dll
| MD5 | c610e828b54001574d86dd2ed730e392 |
| SHA1 | 180a7baafbc820a838bbaca434032d9d33cceebe |
| SHA256 | 37768488e8ef45729bc7d9a2677633c6450042975bb96516e186da6cb9cd0dcf |
| SHA512 | 441610d2b9f841d25494d7c82222d07e1d443b0da07f0cf735c25ec82f6cce99a3f3236872aec38cc4df779e615d22469666066ccefed7fe75982eefada46396 |
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\System.Memory.dll
| MD5 | f09441a1ee47fb3e6571a3a448e05baf |
| SHA1 | 3c5c5df5f8f8db3f0a35c5ed8d357313a54e3cde |
| SHA256 | bf3fb84664f4097f1a8a9bc71a51dcf8cf1a905d4080a4d290da1730866e856f |
| SHA512 | 0199ae0633bccfeaefbb5aed20832a4379c7ad73461d41a9da3d6dc044093cc319670e67c4efbf830308cbd9a48fb40d4a6c7e472dcc42eb745c6ba813e8e7c6 |
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\Newtonsoft.Json.dll
| MD5 | 195ffb7167db3219b217c4fd439eedd6 |
| SHA1 | 1e76e6099570ede620b76ed47cf8d03a936d49f8 |
| SHA256 | e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d |
| SHA512 | 56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac |
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\runtimes\win-x86\native\msalruntime_x86.dll
| MD5 | 24178f8a52b4ca98d9b928e2bca7b43e |
| SHA1 | c731ebbda1a3b8ef4274c8ece233e6fbe9a91b80 |
| SHA256 | 23f826bfe027ba35aef0610f9a55fefeab868e831bed65ab284e9d7a83c5e7fd |
| SHA512 | a8f0d7069de8c20daffe4bf66746a594466f3a26034ca7127d5bb202693f507bf38e99b5924d4f932504dfd503bd904fdabd061779690c0f758fa2795e1ca307 |
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\runtimes\win-arm64\native\msalruntime_arm64.dll
| MD5 | 96221a9536911bb7b04b78f0026b9439 |
| SHA1 | 208d52ab83b1ee7e368c4ee4ad8c257b96a228ae |
| SHA256 | a7adf1c32576e2350a692bbe575c6e47dbbc252bc7d3fa220d76635e08017966 |
| SHA512 | 68b9f2b13ba79974c4b363104ee443fea7c5ca1cf3eaf8094149ada7488651edad9c8a9dad7c2ab70d41b9d58cb80b4410b80630115ff0d35a4378854788972f |
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\runtimes\win-x64\native\msalruntime.dll
| MD5 | c4b719fcbf6e1a0929a0e0fb63238f04 |
| SHA1 | a80c8f75053217c9ed6372ade34a9dad08bfae93 |
| SHA256 | e27d3fe39da1d019c3b419229c70798cab2ef739c2ff57d0f0197e203b7dd0c1 |
| SHA512 | ab13a2f1fd234d0e0443cd73c9e4ae67b4bd5b1d5a670b6ecf5a572a76a2c02db006412b7798fbdfe72ffa9c1cc76eb151735a00f7a06ce3b9c6f19c8b041c57 |
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\Microsoft.VisualStudio.Utilities.Internal.dll
| MD5 | 2dc1dc66b267a3470add7fab88b78069 |
| SHA1 | dbe80047475b503791038ed7e47389c062c15c72 |
| SHA256 | b044863f98af8d28f4f2f5e2dccb945c57439e1575afb37110e1eec306a6c89c |
| SHA512 | 44ef73aab50dcc13ccd94c0353c366818afb27ce73772d722755b04add0c4f294c7814c84da6069d9aa6136f2a48683c25062dcddd1664e8d32fed1b38ceca21 |
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\Microsoft.VisualStudio.RemoteControl.dll
| MD5 | 355c1a112bc0f859b374a4b1c811c1e7 |
| SHA1 | b9a58bb26f334d517ab777b6226fef86a67eb4dd |
| SHA256 | cc52e19735d6152702672feb5911c8ba77f60fdc73df5ed0d601b37415f3a7ed |
| SHA512 | f1e858f97dabeb8e9648d1eb753d6fcd9e2bab378259c02b3e031652e87c29fbabfc48d209983f7074dfc256afd42fa1d8184805534037771a71db517fe16c8b |
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\Microsoft.IdentityModel.Abstractions.dll
| MD5 | a11bd4da1799d6983a662073ce40281f |
| SHA1 | 6e85aca84bb83fd356a5f3018351a3152c696cc1 |
| SHA256 | d3265f1cab1188ebac29c78e0f114ff3a0b2701c8a2f5442bd4080afe92519b0 |
| SHA512 | 424bdb2db612da935c570fed005de6cc2b0bb718c0e9c9c6942b0658169a41ac0ea1ea24a4542f7181c4ab102d3ca9190de695026304c834987e32417ef82825 |
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\Microsoft.Identity.Client.NativeInterop.dll
| MD5 | dd37abdb7a4b5eefafc7f153fa0e07de |
| SHA1 | 2d71fee552d4fad97d93fdcabd08704c5d2b082d |
| SHA256 | 00eb9713fb3d0215106f948fa3051246f4e16e2527b3c055206f3333205e5fe8 |
| SHA512 | 609194ba7c4ac726cb83af23a70add8924c83017f2d0a3644fc29c2f26ad2ab691e727995a8fa4985e67ebc80b95a6f93aebbd616cda6f740f6da90f18e76e3f |
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\Microsoft.Identity.Client.Extensions.Msal.dll
| MD5 | 352ee196cd65c98b729065aaf6f5c9e3 |
| SHA1 | 5da4c568740c6c91e02ef0e9e1dac38c52ae33c1 |
| SHA256 | 6ceaa8b598e7985d5637ab1659566dff9c1fda37edf0f044759b56444f739018 |
| SHA512 | db12aec8d7e230994e240c7b7fedc5420d3415ff199cc6279b8ae684e81681e139d562d9de39e4eaee1879fbe7a83eef5204e7e17ad475257853519292e107b4 |
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\Microsoft.Identity.Client.dll
| MD5 | 5b4952b8d74c11bbd787e480595012d4 |
| SHA1 | 7fd1411f4ba65e0ffdc706ffcbfa7a99ca689422 |
| SHA256 | bcaa10ede80bd7fc552f6c685dd5528a99beac2e2a60c5906d979fa6200127c5 |
| SHA512 | 221956e8c9137dff1001a5756dad32f4ca672b6c9ac3140088d1f67d54b39184863717c53b512fe675a70d0919a36f1e38be434c336e589b771f3f5051e3e08c |
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\Microsoft.Identity.Client.Broker.dll
| MD5 | 0616c47711cd8e496de1cdf7a37dced9 |
| SHA1 | 0540a98ff83cefeadc6017b2b9619646d8a3d1c6 |
| SHA256 | 2f8f83d478736eddf80d531b5772af61d4f70fbfada671c9ec3d16e1cebd7ef3 |
| SHA512 | 115c05a679f7cdbc8b9f7f55f28058a04c4d877502bcc960fd4fbcd471e4428e40e854530e12bf3ea5ae55bed081da4e41d84dd2ab3ee84627bcdfb87a3a45c8 |
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\Microsoft.C2RSignatureReader.Native.dll
| MD5 | 3c936c43ec8504458ffb250f51001e4e |
| SHA1 | 2fb2e612f53dad4b090d744fafb899d9c15dbf14 |
| SHA256 | aade20e7cb8fe8b6e148369dc4aafe59d696a1f03a7fe5ed724bb6e61c7b4757 |
| SHA512 | ff72165d3840080227aea368cac76de33ba88ada73c8b0267c18c09b62677bb0d5bdfde8a287a3986b9e5ff732f7e9647b16898753860bcd19e45d153b912840 |
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\Microsoft.C2RSignatureReader.Interop.dll
| MD5 | e237f055c57e4320755647d6e752fcf1 |
| SHA1 | 789861d0ab7fd408872f9d4b374615366c8dfbe3 |
| SHA256 | 8e393ca9cbc9456ce0747d5003c70c2e13792dc32fc3c00927afaf312d25877e |
| SHA512 | 850bbc16d516a58314856199d8da63c8a7f4ffd9268b09c041c8f8172ebd535ccccd8eb10b6ce04855eeb45893971c7c125344dcd17c69676ce722a05e96abe7 |
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\HelpFile\1049\help.html
| MD5 | 66d963430209555cdcb8a5c0219bc60c |
| SHA1 | b20a6cfcb7a8991d5d347382408e2a4f47d97df0 |
| SHA256 | d9ab0a8db5a8409c5849aa4e1512576225e5b320ea79b0cdc83c2b4848401611 |
| SHA512 | 62658581367de57df6be2521b876b6347658f81fc962bb3274b5c9c576ad94561aaa5352b3440d05f85e79c9b334381cb637e03796662ef2010f8cffabf9fd2a |
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\HelpFile\1041\help.html
| MD5 | 92e54a7db253a0a47c03b44d9651df3c |
| SHA1 | fe708e0ac308b7b72cf1bd7f93e2965a67b36ca7 |
| SHA256 | 36c917f205a9c9d5f37788ca45ecd57d0f8eeb498f8320849bbedf49e012e9f9 |
| SHA512 | 8df1acb2db601f410d765a59941ee5efad1d881defc9b2a7a02cbc77cfe901ea087cb9134e8c68f4c76d6a410c35e9040d6e55747dea3cad6c6e21da5622045a |
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\HelpFile\1036\help.html
| MD5 | f3f48126539e0ba3a98dd002fd224c3a |
| SHA1 | bf8079c93203a9778e44785a449a46729ba3c016 |
| SHA256 | 7a13a7da236e87310b88e620520c8dab78f47210c57e1fabbd1ac3162215baeb |
| SHA512 | 25a9a2ef201dd5bded852f6085f424d82eb1f0a10e675300c29113bb190970ceb0d28b4561ebfc5702ac56b16f9e176173b600e3e61f03566ebcae4e9d5ccc6c |
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\HelpFile\1031\help.html
| MD5 | 6f489a55562732d253ad828581176a9a |
| SHA1 | 6177fb738adc650c574d5b29965f3c88ae3518d5 |
| SHA256 | 9502ac0910bcee0eb3123f7b68a605d71c8df72fe7b33f4173afb4a01390581a |
| SHA512 | 0a3c3a51e09ca5f22a92c9c8cc0bdbba2fefe2370479026044f7703c0528c409a2816318fed921c4d3025d27ec535a6ce1bdbf61a7d009ae9d40ba2177e5eb9d |
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\HelpFile\3082\help.html
| MD5 | 0474106ac825b4f7727ff94576fc15c2 |
| SHA1 | ba346d0ab401dd35d6a7305414c4237177031a68 |
| SHA256 | a597aa82f35641455e12bd78662a05142f64bc221ff91d4ec4f2a8fa2983297f |
| SHA512 | 253b9892b92ffdf22fe2444065739368749d6075149d4c647fa89a21ea0324fa4aef8af32338dc6ae2eb365ecd0ed1f87cfcaafba9da29009925f92b3fd7fd23 |
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\HelpFile\1040\help.html
| MD5 | 88289fd0d816a06c1a7b303397d0c122 |
| SHA1 | df516cbcde29787ec24a8afc744d20f0156d52ca |
| SHA256 | df46ca96704cbef3b79e0aa7a8b8239e7acf12899b6c02a063f138c1f0f9fd34 |
| SHA512 | 135d6bbdd528048a1c5f000a14cf014dfa43ca0bc9e5b4957c1d83ca236390090f42861ad86731f500783f4af2fd693d6141d5d166908c9ff77ac0ec33ec0cb2 |
C:\Users\Admin\AppData\Local\Temp\ef793bfb248ad9d93463e63942ea9ce8\vs_bootstrapper_d15\HelpFile\1042\help.html
| MD5 | 8125e76142c8438863f35ce5b8e63e57 |
| SHA1 | 88c104928f0889b2f0565e3d07721e3209995eb9 |
| SHA256 | 929a97c8a9a4ea4f72e2f17dbb20e76e604b7f1255f20874aa1c44aec0f456c1 |
| SHA512 | a6a3b8ad6500ade7d256a774b8d12d07b8596b4bb92aaa849f51864550b16248183b85fb44f7cbc819679265ce04f0614ae2dcf88d496009d1fbdec75b3c4447 |
memory/6560-1030-0x0000000007000000-0x0000000007092000-memory.dmp
memory/6560-1031-0x0000000007650000-0x0000000007BF4000-memory.dmp
memory/6560-1032-0x0000000007630000-0x0000000007638000-memory.dmp
memory/6560-1033-0x0000000007640000-0x0000000007648000-memory.dmp
memory/6560-1034-0x000000000A600000-0x000000000A608000-memory.dmp
memory/6560-1036-0x000000000A3E0000-0x000000000A3EE000-memory.dmp
memory/6560-1035-0x000000000AB60000-0x000000000AB98000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 113f8829e5469dbc13caf775f3549d13 |
| SHA1 | 6ac3d95b2274f16ec670f3ca223ff7fd4516b065 |
| SHA256 | 8842bc23f1f8e6ca95718b0a4b13406a802a3f9ce87be1388926b11d5c51db68 |
| SHA512 | 2c2b882dba3886b44c6820493118708107c813c6242e4425dbdca2083ab649789e069e5b6432b1e9895c36b3bed90dddac0b4e3cd2ea071b70e8260636561c24 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 788e5d9bd679fd2ab473fd1b82539baf |
| SHA1 | dfd6e688d50848479255bab41468a7a2f0e31226 |
| SHA256 | f1b2b0387ed9fcf4bdbd3563e1e4bbcb43f069eeb00bcec2d1618ef8a6129084 |
| SHA512 | f88d2abc7579df462f089f7f0ddc4792bde6b71dcddd07826118c87a46e7953ca603f87c389968018a27e89d303ff059f58456ed89ba753a295b75f0538beb68 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2c8e4ba6ece76244665599f452486b29 |
| SHA1 | 41aed0e0ceb4b29789fd8e925fd3bab104067e96 |
| SHA256 | 6dc36c7952fb41140215244a451f6a22dbbc23ad3a88ce204a493d71c95cbb29 |
| SHA512 | 8dd36a0dcb1237f4ed9d0027de12f6e632d5dcac4fb2906713107cfa84a5002d83848a19fdb13bead9c2f906a231b4283602a9f15f6d28a81d573907f71f72be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 44f5c2710e8ab3820a79f67fc181786d |
| SHA1 | c9852528fbf1628fbf1a65a320a3785f906fcddd |
| SHA256 | 5fcf3313fab047c0f05db858efa0301f2828ef85f680b3549227da8bbea80e90 |
| SHA512 | a5efae33a1e409489c8a6d1201a488eb0f0a5cbb7e4d1be165b0a10a62cf4c5a0a6e67b61652d4d9f71dce21953edcf1beb6459d4235110054b66d606f1f5cc0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ad1de141efb3ad47c6ad57cfb9f125c7 |
| SHA1 | f52034d7921b5c2f1b286873a1a994cfba2468d1 |
| SHA256 | 17873c3d93161a0c9f65ba12829655b22257a9cc8cdd4c12a0b55a50ecd39000 |
| SHA512 | 0f294cb1f2d1387558ffc4fa359d478f686183edec7768a1931f707d62e8ac8e9c7cd49b6b58207649b751a532971f782ca237a8ec619b6c297747a6db7b154a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\68XY2BI1\dyntelconfig[2].cache
| MD5 | 6d0fca79faea45342ac7d8c5ca14a3a8 |
| SHA1 | c0644691358a5fecb088d953b39492083e046daf |
| SHA256 | 32353d84410361ebf591781f5d5e0ba180a0fc3d1dbcf7e2f0000720248d3e43 |
| SHA512 | fec2d4af958badd190c6f36e3dc44a22fa8be4f65bbdf01adfabbcc645c0b19ea9f8158386cafaeab8f651baff5515582bbe1b20f1b635442960f80cab8b33af |
memory/6800-1186-0x000000000BAE0000-0x000000000BB30000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\eunl3jxg.json
| MD5 | 60b79e17d692c0e208824e71255869c9 |
| SHA1 | 7da721dc9965d5661ba7d60751d05723dea4e3f1 |
| SHA256 | 82da867a24c47e9aa24736abd8debb40a73d801d91bba4f773288ead7820d966 |
| SHA512 | d7178f165c6be534f92a5c6f66877d4a291279c0655787de4a469e81e5491dc0a680b4aac646ad3dc8b7e0cfd6e58b84cfc9f96b61cd88e76e70a4f72626f000 |
memory/6800-1187-0x000000000BA90000-0x000000000BAA2000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 958040cc190f3d7bebe0bc5427524791 |
| SHA1 | 01df1cfc88d9b2633ac3bed5a4588141a94a83fc |
| SHA256 | 7c1510c29b3e316c13b39f1c60dde96aba84ad38ba14d0af97236b984a354ba9 |
| SHA512 | 570ebb21af7f11d16b14593e751a571d39f2f5a6ee6a4e08eccf47edf668b68dfc411302f5b5e066cb2b566b753a2fa37003906a279b7303ebc1e3ca8af12f66 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\5c3b3d6f-7170-4881-9914-163040958347.tmp
| MD5 | 74efb0c3a495a269c6537cc902280e85 |
| SHA1 | 8ce0b7513d015b4041796de7f730ce45deafd844 |
| SHA256 | 60f0cb1daea0d63e1eb0cd789421833d0a3c28ac3cca4d8cf1149fed33de4517 |
| SHA512 | 89b72f3576ca30222169ea79c5831f901b05b8b3720dbda7efc6e7005f0e6d2382603532fec03fca9fe16ec61b08030b6bf672dc796b49d9325979eb80eff2b2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a63c321aa4c1a465018928d541084375 |
| SHA1 | 9990533b7611577b540cd74c51692806449c09e9 |
| SHA256 | 90c8771ef22fd2a9672c2a928bdd42d59085f3829ff5ff4792aa54da967656e1 |
| SHA512 | d770add10c987ca03c11c6e90cd4df70e99c01da6fcd76aeb35ea7ea26190978c89dd037da97b8a55799c7df2705faf8cdb3608e58c039161297072b6316b761 |
memory/6800-1230-0x000000000AAF0000-0x000000000AAFA000-memory.dmp
memory/6800-1231-0x000000000AB60000-0x000000000AB82000-memory.dmp
memory/4504-1712-0x00000248F0F80000-0x00000248F1276000-memory.dmp
memory/4504-1713-0x00000248F3890000-0x00000248F39F8000-memory.dmp
memory/4504-1714-0x00000248F37C0000-0x00000248F3854000-memory.dmp
memory/4504-1715-0x00000248F3A00000-0x00000248F3A9E000-memory.dmp
memory/4504-1716-0x00000248F3B60000-0x00000248F3C12000-memory.dmp
memory/4504-1718-0x00000248F3AE0000-0x00000248F3B0A000-memory.dmp
memory/4504-1719-0x00000248F3860000-0x00000248F3882000-memory.dmp
memory/4504-1717-0x00000248F3AA0000-0x00000248F3ADC000-memory.dmp
memory/4504-1721-0x00000248F3770000-0x00000248F377E000-memory.dmp
memory/4504-1722-0x00000248F37A0000-0x00000248F37BA000-memory.dmp
memory/4504-1723-0x00000248F3D40000-0x00000248F3E32000-memory.dmp
memory/4504-1724-0x00000248F3B10000-0x00000248F3B22000-memory.dmp
memory/4504-1725-0x00000248F3C70000-0x00000248F3C96000-memory.dmp
memory/4504-1726-0x00000248F3B40000-0x00000248F3B48000-memory.dmp
memory/4504-1727-0x00000248F3790000-0x00000248F379A000-memory.dmp
memory/4504-1728-0x00000248F3C40000-0x00000248F3C50000-memory.dmp
memory/4504-1729-0x00000248F3C20000-0x00000248F3C28000-memory.dmp
memory/4504-1730-0x00000248F3CE0000-0x00000248F3CEE000-memory.dmp
memory/4504-1734-0x00000248F4320000-0x00000248F43AA000-memory.dmp
memory/4504-1735-0x00000248F44F0000-0x00000248F462C000-memory.dmp
memory/4504-1736-0x00000248F43B0000-0x00000248F43F2000-memory.dmp
memory/4504-1737-0x00000248F4310000-0x00000248F431C000-memory.dmp
memory/4504-1738-0x00000248F4630000-0x00000248F46EA000-memory.dmp
memory/4504-1739-0x00000248F4400000-0x00000248F4408000-memory.dmp
memory/4504-1741-0x00000248F4430000-0x00000248F443E000-memory.dmp
memory/4504-1740-0x00000248F4480000-0x00000248F44B8000-memory.dmp
memory/4504-1749-0x00000248F4840000-0x00000248F4890000-memory.dmp
memory/4504-1750-0x00000248F6E80000-0x00000248F6F2A000-memory.dmp
memory/4504-1752-0x00000248F4890000-0x00000248F48B2000-memory.dmp
memory/4504-1753-0x00000248F6E20000-0x00000248F6E70000-memory.dmp
memory/4504-1754-0x00000248F4820000-0x00000248F483E000-memory.dmp
memory/4504-1751-0x00000248F6F30000-0x00000248F6F8E000-memory.dmp
memory/4504-1755-0x00000248F6DD0000-0x00000248F6DEC000-memory.dmp
memory/4504-1756-0x00000248F7090000-0x00000248F718C000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0d9fbfff3d5aae061d52623f5604b67e |
| SHA1 | 2f157af098d1f3e0d86b695617c92ab6385e5ae3 |
| SHA256 | 11d9747885c494702d29d6f1809621ad72d845eda6a20ba680f53d88ef5c9fd2 |
| SHA512 | 35922d8adc2090ff526f6ac2d6d5bb797ee5140873c0c7d983a5e36330116527a1785a02284d05eab7cde4ffddbe81082c70903d73370108fa67579f6ab9cd9d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 09a0e5ecfc195309c001bca1d8531a1b |
| SHA1 | 95205df7a32ca26eda3b4ea6551df1a6f78f7769 |
| SHA256 | 70e991b7cc077761708b2e2099ac839698b56716f5c0d0b9585765e62a57b6a7 |
| SHA512 | 76e1b31b417929a8d105d358f99ea1d310e792ea0c5d82d7f584a763dffb7443d890d3effc0781edd6d91f5c1cadee0bcb33098c87ba53fcbf4d1929eb276b7e |
memory/4504-1774-0x00000248F6DF0000-0x00000248F6E02000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240823052857_c934af26616e425984371a4038d5db16.trn
| MD5 | fd2734899c6775db4db99ebe3b33629f |
| SHA1 | ca0cd5521d82efd24708ac0107db0ccd7d76fc26 |
| SHA256 | 4cde2ae2baec17d99405affb6217b28f58b8ddb34f79195e42f6b5d6d8640db9 |
| SHA512 | 1c1c313604590de7c81036006dde09889398d779294ae2f23cd1796980af21d3bb3f74f3aa0a9f0e85fd203949d4b8266be1bcd0b5fd1a53fb607b1754354f32 |
C:\Users\Admin\AppData\Local\Microsoft\VSApplicationInsights\vstelAIF-312cbd79-9dbb-4c48-a7da-3cc2a931cb70\20240823052858_13f8ae18b48a472aa64a1e00c2d22921.trn
| MD5 | 4e7856aa87ff2e60aca4c56f54945533 |
| SHA1 | 92c526f442788b5949d206a7c7cdd7dd8d9a4093 |
| SHA256 | dc4fa0f71f2cb6dd8c4a452f903d3f86fa41d561c4e44c06226a764541dcb107 |
| SHA512 | be654a79f8bc873fc96936eab91b942f68b10351f571ab9f5c3b71edb92f26c1b65e01790956a2e66771904a0044bbcb1a12bcbce5eca8ecb47875ad0d1ac8d9 |
memory/4504-1793-0x00000248F6E10000-0x00000248F6E18000-memory.dmp
memory/4504-1792-0x00000248F4810000-0x00000248F4818000-memory.dmp
memory/4504-1798-0x00000248F7BD0000-0x00000248F7CA4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\x2wcqed2.gj4\cvq2xdx3.json
| MD5 | 4a008080bbd2cf26a9adfe7483ea9387 |
| SHA1 | 23d39850ea55c471da3dcfe4baface62aed53d22 |
| SHA256 | e5085ecda7f5fc5b5011e8c64144c7d6eba1c1d8fe1ef6244637cb11a05f6ed1 |
| SHA512 | 2fcf36f84a0fafad169cfdbf712978fdd71e292ee8e40d7760ca00cb8770725135da319a99c089b4fe1ec5a44e13575e9ec3d81d3918afd149f658a9ba4030a6 |
C:\Users\Admin\AppData\Local\Microsoft\VisualStudio\Packages\_Channels\13adb548\channelManifest.json
| MD5 | 7b9135b566d33c574a50f6cfa56ea8af |
| SHA1 | a8a13de1d2c771c3e4bd27b33146707ea3f84230 |
| SHA256 | f6d7735df5039096f95fade1e647cf6cfe44ab7738dcffa72af4aec6f5e166e6 |
| SHA512 | 6930530764ca0490ff5e8a5aa7a829bd01478af26a0fc24d4f908c262f7f4254d0c56617bb8b75052e3003ef69c69e374bc8ea0a9b15071c04e0582a49cbbb54 |
memory/6132-1972-0x000001C080E20000-0x000001C080E2C000-memory.dmp
memory/4504-1988-0x00000248F85A0000-0x00000248F86D2000-memory.dmp
memory/4504-1995-0x00000248F7B70000-0x00000248F7B78000-memory.dmp
memory/4504-1997-0x00000248F3090000-0x00000248F30A8000-memory.dmp
memory/4504-1998-0x00000248F3080000-0x00000248F308E000-memory.dmp
memory/4504-1999-0x00000248F30D0000-0x00000248F30E2000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\VisualStudio\Packages\_ChannelFeeds\F4D08EA8\channels.json
| MD5 | 92cff2ed765026e74cf6749269fe946b |
| SHA1 | 9a44a54d6bdd1f1978951cc53e57df051c12d0a5 |
| SHA256 | bc4c79576ee184f93ec0cea3e18a9b0111f078e3be37accdfb6b347ea546935b |
| SHA512 | ea7f4058eaa71b64c6398aee7cfd72d22789317e0ab85c0d91845703d68133577c3c6673c6417a1ac5a552d3b5c940ba9649563e63d28681db5f35d5e0b39246 |
C:\Users\Admin\AppData\Local\Temp\vo1ykc3b.mia\0wxxldzz.json
| MD5 | 65ba5aeacb43ced17cd76efdec9c0622 |
| SHA1 | 407d7953d6ba3a9f48f55e304b0299a75db4ae6c |
| SHA256 | cee8e10e758c07c8b7aed3c0c1ae356dfc01370865e1692e3e290d27a64be29e |
| SHA512 | bd0152ce6cdaf6b9e78b2f4a44474e76ca03b6aede51d6811fa12b3a56cf6d4730ef3c504fc7c297c49fd595ed92fceaf6e082fe686a863dd5a438064113787f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9754775e5c89116218c8da54a202f3ee |
| SHA1 | b8a16115ec0c26b8add067ed415223d8466ac75d |
| SHA256 | fc1e9a7379895630a1a9c12573c4b0893ab21bbf2c2ba2aea0aecf30b29009c0 |
| SHA512 | 43692cd101c47a08b203cf78fdb8238721ecd77d75a6efd2bb3a594a75a1de03134475c4aa4500ae5eab5c85725824d34db7c2af915c3d7d8208a70109d91c24 |
memory/4504-2080-0x00000248F8760000-0x00000248F876A000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\VisualStudio\Packages\_ChannelFeeds\F4D08EA8\.updateUri
| MD5 | e3c9f3c009c49e91b372ce3be05da610 |
| SHA1 | df98879fb7402b9b08bdc18fc2f3d4d5ccec12cc |
| SHA256 | f4d08ea820b816e2822bdd3351613ed185e4e36503ccc348f4a8a7957fadfd6f |
| SHA512 | 444aa325d744a7fbcdc5a48cd7b51814e3cca5caf58b0e16316e015f898773a5d3476059399a704a9b4dc6350d06430ba42a78058f2cd8c03669147b346f22ca |
memory/4504-2084-0x00000248F87A0000-0x00000248F87C8000-memory.dmp
memory/6280-2085-0x000001DB65170000-0x000001DB651AC000-memory.dmp
memory/4504-2087-0x00000248F8980000-0x00000248F898A000-memory.dmp
memory/4504-2086-0x00000248F88C0000-0x00000248F88C8000-memory.dmp
memory/4504-2088-0x00000248FAE40000-0x00000248FAE7C000-memory.dmp
memory/4504-2090-0x00000248FAE90000-0x00000248FAE9A000-memory.dmp
memory/4504-2089-0x00000248FAE20000-0x00000248FAE38000-memory.dmp
memory/4504-2091-0x00000248FB390000-0x00000248FB422000-memory.dmp
memory/6280-2093-0x000001DB654D0000-0x000001DB654D8000-memory.dmp
memory/6280-2092-0x000001DB654C0000-0x000001DB654C8000-memory.dmp
memory/6280-2095-0x000001DB65A20000-0x000001DB65A4A000-memory.dmp
memory/6280-2099-0x000001DB65830000-0x000001DB6583A000-memory.dmp
memory/6280-2100-0x000001DB65840000-0x000001DB65848000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\h0kov1no.ztv
| MD5 | fc30061d3eb4ef5cc1abdde06a76d6f8 |
| SHA1 | c2e66013c101e7e4cc82c06213e63c5c4bb334e2 |
| SHA256 | d1b50fd4dd343112dd4efd867b682de7742d5cac20743218133ced7462635065 |
| SHA512 | 6f327af1ed4522b66467c675fae879b96de44de0640f2a4a9906ceda6459c27a7c0f272dd554fb7a4ebe1b5f3ad8200f637a3e74592e31499592b8f844444bc0 |
C:\Config.Msi\e595e27.rbs
| MD5 | 9908d2f56dafd4cc0706d00cdd179648 |
| SHA1 | e9c0e7947e10fd8b001c49c2c9775a83e1aa4448 |
| SHA256 | b208046ec600145c60d3635e46e9b2d4f14ab946f4f3cfe39ae6ba25d9cffa93 |
| SHA512 | 8a11be69930acd3bd316cba042c04de43b5615f36c64aa052c8c0bfe0477ef9b622687e2688e72cb40a64281d631bcadef2c8474e306643c8a628debc398ffcc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 68e3df4b4e1736f1f3669c13efcf5a55 |
| SHA1 | 3fabda1f8ccbf3b916309b93b543c761cb40f762 |
| SHA256 | aa646a139a6f40f65ebade17dc4834e065a07c00f3aa545a6b3e9720f1754064 |
| SHA512 | d19e1561b5d28b1b24b1996e3f9cdf24abae60161c7e3741622a389a0752ffb9e5df66c5f27969d35f7404213cf1eb3a8c4da3e65daf1a25355dcc0c05078cea |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2697534590fbf6e6e9871410434ea615 |
| SHA1 | 403269b8d70efd8e9fd9013d9dbb8173119d380e |
| SHA256 | 901d39695bfc4d0135d2fbeaa8f8bfc64eeb99be6aa60c0037734625ac67925b |
| SHA512 | f178d58e3cd49b52b0474af14d0083a92609ded51dd5a3abd3b51bab6b1e201fd4d9a3ea6e2206a71cf5185a656634f2cd7c6e6e040e890b09aad6bf18c973c5 |
C:\Users\Admin\AppData\Local\Temp\jgokzb0z\Microsoft.VisualStudio.UIInternal.Resources.46C807004130CA1E885B\Microsoft.VisualStudio.UIInternal.vsix
| MD5 | 12b8e5d846b56c7d4a314604980e67b9 |
| SHA1 | b75692be26a555628c83524cf2376c28b59f289e |
| SHA256 | cb29f4e0ded2dae7543e5afe5f17c49a3ad882c668359f48bd590ab6992e1e8b |
| SHA512 | b5da66d7eeaa63a3d65c670d32e9f0a35aa2189b96baca9b64dfa7d67437810c69b02c5f9b3065100da610d9658fc05b8b09d2374dfd0d8b609bd73da5f00c7c |
C:\ProgramData\Microsoft\VisualStudio\Packages\Microsoft.VisualStudio.MinShell.Auto.Resources,version=17.11.35208.52,language=en-US\payload.vsix
| MD5 | 745a46443977c672beee5742beddba84 |
| SHA1 | 98602365f7b9c3e185835acdb9aee2f2a24017f2 |
| SHA256 | c00253aec3ea2a86878dd8e91bd3be2269f4886886b7efcc93e62c5ba4ffb128 |
| SHA512 | 7cff04d07e89e7c0b34884cde3ea17f1c00ec1a45d492c12f15db9f3bdbf24c664491cc51f5ee29cd7e4f30a2705ef2dfa2df53f9525d4a322cd1bed1d4ab168 |
C:\Users\Admin\AppData\Local\Temp\jgokzb0z\Microsoft.VisualStudio.MinShell.Resources.x64.13834BE7B1D04E65354C\payload.vsix
| MD5 | 72c34d80ed3e7f67a4a623bf71736775 |
| SHA1 | a29ea414bc7745d18ac83ecfbd268bd7b015b902 |
| SHA256 | bc1ac75caee2417fd6d3db8e06749b3436f422b20d3855035828d9e4909d81c7 |
| SHA512 | 86f65555c92e3963f4e638a0102f9e0e925be2a57dbb3ca2b75d29ac3c4b6d13d76d86c6c299862f2d7dfb5c7dc9df81283b592ce4130d771d8ecb8a6417b8b3 |
C:\Users\Admin\AppData\Local\Temp\jgokzb0z\Microsoft.VisualStudio.Devenv.Config.8D5233B850B22161F07C\payload.vsix
| MD5 | 610124ae4dcba3afde6c5c15708cc9ff |
| SHA1 | 7eada08aaa60be0ffcfdd52733f721ab442547f4 |
| SHA256 | 76b9c94bd6dadaa58304323f87b9d7760ccb56275411df74bf8ee910eabf81ee |
| SHA512 | 13998a963001a10b6695525e3d75b52735c6adb1c6c643ed384839ab34475653cca5993f3f825763e3548cbd173dd0defa131231194807dc38bf526de8038245 |
C:\Users\Admin\AppData\Local\Temp\jgokzb0z\Microsoft.VisualStudio.NativeImageSupport.D38C44C53B57A0FCCAB4\payload.vsix
| MD5 | b31e3ca30830633f6abaca1e9bccaedf |
| SHA1 | 942748833aa4ba1f0c81da5f9037623d0c929e21 |
| SHA256 | e9302b2dd81d6e08f3a1e1a757b21c2f2ac3196ba6e00d4d70d8c252afa0366b |
| SHA512 | d2b030101a88f91de19005b86adfb639421a9229a28a4f13d352ca3e60cdca746d2356b78af0679e30ca319422c575ced83c832e5da9d3a323b6d06dd1dad95b |
C:\Users\Admin\AppData\Local\Temp\jgokzb0z\Microsoft.VisualStudio.Branding.Community.C1F1038951DCDCF800E1\payload.vsix
| MD5 | e2f1bcb1753571fc3f079d324f21bd63 |
| SHA1 | 948151dc3bc1cba13e939512c004fc00f20cbf6a |
| SHA256 | bed2bb07d582449cbe6793fb4d9b9e1a8c52294bfd819cdf2eed3ee70b8430d1 |
| SHA512 | 8b13b6f924696d74a0d4ab19da54d53220eba5f931d1b08aa23ff064716d389f73148e4d8345e2463186eca6877861edc9ed072cffdb8e7654e580e3a4aecb33 |
C:\ProgramData\Microsoft\VisualStudio\Packages\_Instances\9b837ea7\state.json
| MD5 | 551678080c7fd5c8b118572f69297ddb |
| SHA1 | 046e7291bb85e7d3ab39247caa8e599ff810e0f3 |
| SHA256 | 9a63fa2ebb73ecd46bff500ee206809186e481dcb02472f396af9814d63c3f75 |
| SHA512 | 174913a4dfef31fd0e0bfab54219a00ec6f1b7429e6127b6fcb27a2e83fa2a3301433a28ae4261b13cc2d92f105d3b1a3304560718ddbd728e57f69372fe08b0 |
C:\Users\Admin\AppData\Local\Microsoft\VisualStudio\Packages\_Instances\9b837ea7\state.json
| MD5 | f9c08b8d61000a54cf3e98986d1233d3 |
| SHA1 | 9c9f52d8f53a89ac3b91cb7325faca64765b76f2 |
| SHA256 | 7099467e63e63dc986c43e930436079d2d1896a4c767aac7093c5d98185ebc5c |
| SHA512 | a61e3cbb63463e1b4af79ee679bb654d7c4045d32463c51db0973d6082cf6f2bb7a2de9f1814736b57c35f4978bb0e1700c863910c5b09375edd16d4d91586a8 |
C:\Users\Admin\AppData\Local\Temp\jgokzb0z\Microsoft.VisualStudio.ExtensionManager.Auto.031A045E57606EF777E9\Microsoft.VisualStudio.ExtensionManager.Auto.vsix
| MD5 | e56f2eafc4f161cea6eae0340ca73d8a |
| SHA1 | 80344d2073e25204ee756399972ca41ade5b5964 |
| SHA256 | d7d844d8da97c77247a44748796c4a62098ae555de4ab46addd51012628dce4e |
| SHA512 | 0309c5fe8f23be8be6afe794a149a891e08023290e7a54f0c328495b10ed3b7b9d72a84b611e27cb333903951fd3f48a6d2e6310f89506b8f3d2ae6cee39111a |
C:\Users\Admin\AppData\Local\Temp\jgokzb0z\Microsoft.VisualStudio.ExtensionManager.x64.3428329F9BDF75798AF7\Microsoft.VisualStudio.ExtensionManager.x64.vsix
| MD5 | ab955c074d211b2529dc05dd2825ec91 |
| SHA1 | 6ebd22a588d35b914ad395541745251ff8abf3f3 |
| SHA256 | cd60c1f1e9828c3be01381b9d58987e96008072937becb1826f5532bedc1b59f |
| SHA512 | e88b62ebb10df398d2e9d4a4b5d3ca73d276dc4ae7a17a92e3349ea9495e6f6485c6bfb9010ec899784b2b8df4d2182e390fae00f4241d9deb30930dfed5d3c0 |
C:\Users\Admin\AppData\Local\Temp\jgokzb0z\Microsoft.VisualStudio.CoreDotNet.C373FAE4CE04BE9DE0BC\Microsoft.VisualStudio.CoreDotNet.vsix
| MD5 | e103a5a02d8b54a1a4752923a60570bc |
| SHA1 | 00bd934e144355bb2a89e6e8e7650d83dcb74a95 |
| SHA256 | 8ced30cd75f27b7842d7a9892ab6e762b663bf251bd84ed1273640695123f89d |
| SHA512 | 766b0125d5c180360e68738090f328f7b25cb7d508a04be4442d2271274a2ebfe2c714219098d1ee0b1e0875111f9083a1f594bd5fbdd6b9783f943c50ff7550 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 33d2a0e74147e733fe5a588337f18316 |
| SHA1 | 88500ba94a9e5965203228c42c3099b6fe6989da |
| SHA256 | 990157f69b663f4585dd67b817c30de9f685d1ea1d953922b28e512d232650f9 |
| SHA512 | f20a80cd16bcbdfab88f6f2737b3983233ff3bf87dadc452e511053861f98ca9fc8a988c97d48625356b299495912c99dff257a4511d1c17aa73c67e92ad6179 |
C:\Users\Admin\AppData\Local\Temp\jgokzb0z\Microsoft.VisualStudio.UIInternal.Guide.2B1E3182496E0BAD4173\Microsoft.VisualStudio.UIInternal.Guide.vsix
| MD5 | a610792fddcbc0a66565c38b9d2c26ed |
| SHA1 | 1f33117912b3828d097c7ce616256f18b3b7edda |
| SHA256 | 22b1da379ad3142c71d7eb74c3d9c834bec259639b94a905e898c0803fc88e9a |
| SHA512 | 7e771a28c154145834672dd3650f3646b1d5698ff9f5577a5012e3c0d6c0e8d817dcc278e5e5a5f881ecb5d6deabfb280950942fd725faaa7928319330c86a80 |