Analysis Overview
SHA256
be9ddcdedf8c36c64e6b0a32d2686b74a112913c54217ccaa46675bfd1dc82f1
Threat Level: Likely malicious
The file Roblox Account Manager.exe was found to be: Likely malicious.
Malicious Activity Summary
Uses browser remote debugging
Loads dropped DLL
Executes dropped EXE
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
Checks installed software on the system
Adds Run key to start application
Checks system information in the registry
Drops file in System32 directory
Drops file in Windows directory
Enumerates physical storage devices
Unsigned PE
System Location Discovery: System Language Discovery
Modifies Internet Explorer settings
Modifies registry class
Checks SCSI registry key(s)
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-31 13:41
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-31 13:41
Reported
2024-10-31 13:43
Platform
win11-20241007-en
Max time kernel
91s
Max time network
95s
Command Line
Signatures
Uses browser remote debugging
Executes dropped EXE
Loads dropped DLL
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{4373d0b5-4457-4a80-bad9-029de8df097b} = "\"C:\\ProgramData\\Package Cache\\{4373d0b5-4457-4a80-bad9-029de8df097b}\\VC_redist.x86.exe\" /burn.runonce" | C:\Windows\Temp\{29E06F7C-1510-4D04-A3FD-A29DC0766AA8}\.be\VC_redist.x86.exe | N/A |
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Checks system information in the registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\mfc140chs.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mfc140fra.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mfc140ita.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\mfc140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\mfc140enu.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\mfc140rus.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\mfc140fra.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\concrt140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mfc140cht.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mfc140deu.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mfc140kor.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\mfc140cht.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\mfc140esn.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\msvcp140_atomic_wait.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\vccorlib140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\vcruntime140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mfc140enu.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mfc140esn.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\mfc140u.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\msvcp140_codecvt_ids.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mfc140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\mfc140chs.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\mfc140deu.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\mfc140jpn.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\msvcp140_1.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vcomp140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\concrt140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\msvcp140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\vcomp140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\mfc140ita.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\mfcm140u.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\msvcp140_2.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\msvcp140_1.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\msvcp140_atomic_wait.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\vcamp140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mfcm140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mfc140jpn.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mfc140rus.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\mfc140kor.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vcruntime140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\msvcp140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vccorlib140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\msvcp140_2.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\vcruntime140_threads.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mfcm140u.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\mfcm140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vcamp140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\msvcp140_codecvt_ids.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mfc140u.dll | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Installer\SourceHash{0DF1D9F9-6038-4641-AB6D-13DD654758A7} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI55A.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{D7A66DA5-B103-45C1-A0A7-736C08E2F464} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF52DFE67ECB64F734.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e5bfbc4.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DFE11B738BAC3873A2.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe | N/A |
| File created | C:\Windows\Installer\e5bfbb2.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5bfbc4.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIFD48.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF792B39767D6C19A8.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5bfbc3.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF4903524B847A2AD2.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI44F.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e5bfbb2.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF2D02AD30E88E0423.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF4DDB802C4D9410D6.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5bfbd9.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF456B3BB13FB5F03A.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIFE82.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DFB4D256777A63F474.TMP | C:\Windows\system32\msiexec.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Temp\{30AA2097-F171-401B-A02A-C33ADA426E24}\.cr\vcredist.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Temp\{29E06F7C-1510-4D04-A3FD-A29DC0766AA8}\.be\VC_redist.x86.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Roblox Account Manager.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Roblox Account Manager.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vcredist.tmp | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000008e4795fcec2d58710000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800008e4795fc0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809008e4795fc000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d8e4795fc000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000008e4795fc00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Windows\system32\vssvc.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Software\Microsoft\Internet Explorer\TypedURLs | C:\Users\Admin\AppData\Local\Temp\Roblox Account Manager.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\28 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\29 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133748557600429939" | C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\27 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\29 | C:\Windows\system32\msiexec.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\INSTALLER\DEPENDENCIES\MICROSOFT.VS.VC_RUNTIMEADDITIONALVSU_X86,V14\DEPENDENTS\{4D8DCF8C-A72A-43E1-9833-C12724DB736E} | C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\679E80FBE29B63345BF612177149674C\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\679E80FBE29B63345BF612177149674C\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_x86,v14 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F9D1FD083061464BAD631DD5674857A\Language = "1033" | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\INSTALLER\DEPENDENCIES\VC,REDIST.X86,X86,14.30,BUNDLE\DEPENDENTS\{4D8DCF8C-A72A-43E1-9833-C12724DB736E} | C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5AD66A7D301B1C540A7A37C6802E4F46 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9F9D1FD083061464BAD631DD5674857A\VC_Runtime_Additional | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9F9D1FD083061464BAD631DD5674857A\Provider | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x86,x86,14.30,bundle\Dependents | C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x86,x86,14.40,bundle\Version = "14.40.33816.0" | C:\Windows\Temp\{29E06F7C-1510-4D04-A3FD-A29DC0766AA8}\.be\VC_redist.x86.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5AD66A7D301B1C540A7A37C6802E4F46\VC_Runtime_Minimum | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\679E80FBE29B63345BF612177149674C | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F9D1FD083061464BAD631DD5674857A\DeploymentFlags = "3" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F9D1FD083061464BAD631DD5674857A\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5040806F8AF9AAC49928419ED5A1D3CA | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_x86,v14\Version = "14.40.33816" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9F9D1FD083061464BAD631DD5674857A | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\60DB5E5629367203C8625813703DFCA1 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5AD66A7D301B1C540A7A37C6802E4F46\InstanceType = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F9D1FD083061464BAD631DD5674857A\Version = "237536280" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F9D1FD083061464BAD631DD5674857A\SourceList\PackageName = "vc_runtimeAdditional_x86.msi" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F9D1FD083061464BAD631DD5674857A\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{0DF1D9F9-6038-4641-AB6D-13DD654758A7}v14.40.33816\\packages\\vcRuntimeAdditional_x86\\" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x86,x86,14.40,bundle\ = "{4373d0b5-4457-4a80-bad9-029de8df097b}" | C:\Windows\Temp\{29E06F7C-1510-4D04-A3FD-A29DC0766AA8}\.be\VC_redist.x86.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5040806F8AF9AAC49928419ED5A1D3CA\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5040806F8AF9AAC49928419ED5A1D3CA | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5AD66A7D301B1C540A7A37C6802E4F46\PackageCode = "91507CEA530B99A40B0EFDE1E0E92A0B" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F9D1FD083061464BAD631DD5674857A | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5AD66A7D301B1C540A7A37C6802E4F46\Assignment = "1" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_x86,v14 | C:\Windows\Temp\{29E06F7C-1510-4D04-A3FD-A29DC0766AA8}\.be\VC_redist.x86.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\679E80FBE29B63345BF612177149674C\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_x86,v14\DisplayName = "Microsoft Visual C++ 2022 X86 Additional Runtime - 14.40.33816" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F9D1FD083061464BAD631DD5674857A\AuthorizedLUAApp = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_x86,v14\Dependents\{4373d0b5-4457-4a80-bad9-029de8df097b} | C:\Windows\Temp\{29E06F7C-1510-4D04-A3FD-A29DC0766AA8}\.be\VC_redist.x86.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x86,x86,14.40,bundle\DisplayName = "Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.40.33816" | C:\Windows\Temp\{29E06F7C-1510-4D04-A3FD-A29DC0766AA8}\.be\VC_redist.x86.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_x86,v14\DisplayName = "Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.40.33816" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\60DB5E5629367203C8625813703DFCA1 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5AD66A7D301B1C540A7A37C6802E4F46\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5AD66A7D301B1C540A7A37C6802E4F46\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_x86,v14\ = "{D7A66DA5-B103-45C1-A0A7-736C08E2F464}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5AD66A7D301B1C540A7A37C6802E4F46\Servicing_Key | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5AD66A7D301B1C540A7A37C6802E4F46\ProductName = "Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.40.33816" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5AD66A7D301B1C540A7A37C6802E4F46\Clients = 3a0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\15E8B87C56C0E773581D82F286F95E50\9F9D1FD083061464BAD631DD5674857A | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x86,x86,14.30,bundle | C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_x86,v14 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5AD66A7D301B1C540A7A37C6802E4F46\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{D7A66DA5-B103-45C1-A0A7-736C08E2F464}v14.40.33816\\packages\\vcRuntimeMinimum_x86\\" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_x86,v14\Dependents\{4373d0b5-4457-4a80-bad9-029de8df097b} | C:\Windows\Temp\{29E06F7C-1510-4D04-A3FD-A29DC0766AA8}\.be\VC_redist.x86.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\679E80FBE29B63345BF612177149674C | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\15E8B87C56C0E773581D82F286F95E50 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9F9D1FD083061464BAD631DD5674857A\Servicing_Key | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F9D1FD083061464BAD631DD5674857A\SourceList\Media\1 = ";" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F9D1FD083061464BAD631DD5674857A\Clients = 3a0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5AD66A7D301B1C540A7A37C6802E4F46\Provider | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5AD66A7D301B1C540A7A37C6802E4F46\Language = "1033" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5AD66A7D301B1C540A7A37C6802E4F46\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_x86,v14\Version = "14.40.33816" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_x86,v14\ = "{0DF1D9F9-6038-4641-AB6D-13DD654758A7}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F9D1FD083061464BAD631DD5674857A\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F9D1FD083061464BAD631DD5674857A\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{0DF1D9F9-6038-4641-AB6D-13DD654758A7}v14.40.33816\\packages\\vcRuntimeAdditional_x86\\" | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5040806F8AF9AAC49928419ED5A1D3CA\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5AD66A7D301B1C540A7A37C6802E4F46 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5AD66A7D301B1C540A7A37C6802E4F46\AuthorizedLUAApp = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F9D1FD083061464BAD631DD5674857A\PackageCode = "74A59C9CB7128C440BC689986566ECC7" | C:\Windows\system32\msiexec.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Roblox Account Manager.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\Roblox Account Manager.exe
"C:\Users\Admin\AppData\Local\Temp\Roblox Account Manager.exe"
C:\Users\Admin\AppData\Local\Temp\Roblox Account Manager.exe
"C:\Users\Admin\AppData\Local\Temp\Roblox Account Manager.exe" -restart
C:\Users\Admin\AppData\Local\Temp\vcredist.tmp
"C:\Users\Admin\AppData\Local\Temp\vcredist.tmp" /q /norestart
C:\Windows\Temp\{30AA2097-F171-401B-A02A-C33ADA426E24}\.cr\vcredist.tmp
"C:\Windows\Temp\{30AA2097-F171-401B-A02A-C33ADA426E24}\.cr\vcredist.tmp" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\vcredist.tmp" -burn.filehandle.attached=728 -burn.filehandle.self=732 /q /norestart
C:\Windows\Temp\{29E06F7C-1510-4D04-A3FD-A29DC0766AA8}\.be\VC_redist.x86.exe
"C:\Windows\Temp\{29E06F7C-1510-4D04-A3FD-A29DC0766AA8}\.be\VC_redist.x86.exe" -q -burn.elevated BurnPipe.{986D2F78-1FAB-4F84-8FB1-73DA7CCD0560} {0CFA315C-177A-4EE2-B3EC-CE4E7B7C9A70} 2996
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe
"C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={4373d0b5-4457-4a80-bad9-029de8df097b} -burn.filehandle.self=956 -burn.embedded BurnPipe.{9D1B8541-7542-4821-BA09-9F1E6D9C973D} {3869C70D-46FA-4CA9-8EC0-270263EDAC15} 4164
C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe
"C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe" -burn.clean.room="C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe" -burn.filehandle.attached=544 -burn.filehandle.self=560 -uninstall -quiet -burn.related.upgrade -burn.ancestors={4373d0b5-4457-4a80-bad9-029de8df097b} -burn.filehandle.self=956 -burn.embedded BurnPipe.{9D1B8541-7542-4821-BA09-9F1E6D9C973D} {3869C70D-46FA-4CA9-8EC0-270263EDAC15} 4164
C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe
"C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe" -q -burn.elevated BurnPipe.{2BDA9C85-8DFD-4BC1-A704-40CA8180046B} {1B8BC8B9-94BA-4A4F-B8AC-6C0FDE340CEE} 3312
C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe
"C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe" --allow-pre-commit-input --disable-background-networking --disable-background-timer-throttling --disable-backgrounding-occluded-windows --disable-breakpad --disable-client-side-phishing-detection --disable-component-extensions-with-background-pages --disable-component-update --disable-default-apps --disable-dev-shm-usage --disable-extensions --disable-field-trial-config --disable-hang-monitor --disable-infobars --disable-ipc-flooding-protection --disable-popup-blocking --disable-prompt-on-repost --disable-renderer-backgrounding --disable-search-engine-choice-screen --disable-sync --enable-automation --enable-blink-features=IdleDetection --export-tagged-pdf --generate-pdf-document-outline --force-color-profile=srgb --metrics-recording-only --no-first-run --password-store=basic --use-mock-keychain --disable-features=Translate,AcceptCHFrame,MediaRouter,OptimizationHints,ProcessPerSiteUpToMainFrameThreshold --enable-features= about:blank --disable-web-security --window-size="880,740" --window-position="200,-34" --remote-debugging-port=0 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\ylwy2j5u.l0p"
C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe
C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\ylwy2j5u.l0p /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\ylwy2j5u.l0p\Crashpad --annotation=plat=Win64 "--annotation=prod=Google Chrome for Testing" --annotation=ver=124.0.6367.201 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc28ffcc70,0x7ffc28ffcc7c,0x7ffc28ffcc88
C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe
"C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe" --type=gpu-process --disable-breakpad --user-data-dir="C:\Users\Admin\AppData\Local\Temp\ylwy2j5u.l0p" --no-appcompat-clear --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1852,i,13466541644589204222,8935004936565357921,262144 --disable-features=AcceptCHFrame,MediaRouter,OptimizationHints,ProcessPerSiteUpToMainFrameThreshold,Translate --variations-seed-version --mojo-platform-channel-handle=1872 /prefetch:2
C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe
"C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Temp\ylwy2j5u.l0p" --no-appcompat-clear --start-stack-profiler --field-trial-handle=1968,i,13466541644589204222,8935004936565357921,262144 --disable-features=AcceptCHFrame,MediaRouter,OptimizationHints,ProcessPerSiteUpToMainFrameThreshold,Translate --variations-seed-version --mojo-platform-channel-handle=1952 /prefetch:3
C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe
"C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-data-dir="C:\Users\Admin\AppData\Local\Temp\ylwy2j5u.l0p" --no-appcompat-clear --field-trial-handle=2200,i,13466541644589204222,8935004936565357921,262144 --disable-features=AcceptCHFrame,MediaRouter,OptimizationHints,ProcessPerSiteUpToMainFrameThreshold,Translate --variations-seed-version --mojo-platform-channel-handle=2392 /prefetch:8
C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe
"C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\ylwy2j5u.l0p" --no-appcompat-clear --start-stack-profiler --disable-background-timer-throttling --disable-breakpad --enable-automation --force-color-profile=srgb --remote-debugging-port=0 --allow-pre-commit-input --enable-blink-features=IdleDetection --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2772,i,13466541644589204222,8935004936565357921,262144 --disable-features=AcceptCHFrame,MediaRouter,OptimizationHints,ProcessPerSiteUpToMainFrameThreshold,Translate --variations-seed-version --mojo-platform-channel-handle=2788 /prefetch:1
C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe
"C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\ylwy2j5u.l0p" --no-appcompat-clear --disable-background-timer-throttling --disable-breakpad --enable-automation --force-color-profile=srgb --remote-debugging-port=0 --allow-pre-commit-input --enable-blink-features=IdleDetection --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2780,i,13466541644589204222,8935004936565357921,262144 --disable-features=AcceptCHFrame,MediaRouter,OptimizationHints,ProcessPerSiteUpToMainFrameThreshold,Translate --variations-seed-version --mojo-platform-channel-handle=2984 /prefetch:1
C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe
"C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\ylwy2j5u.l0p" --no-appcompat-clear --disable-background-timer-throttling --disable-breakpad --enable-automation --force-color-profile=srgb --remote-debugging-port=0 --allow-pre-commit-input --enable-blink-features=IdleDetection --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3768,i,13466541644589204222,8935004936565357921,262144 --disable-features=AcceptCHFrame,MediaRouter,OptimizationHints,ProcessPerSiteUpToMainFrameThreshold,Translate --variations-seed-version --mojo-platform-channel-handle=4532 /prefetch:1
C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe
"C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Temp\ylwy2j5u.l0p" --no-appcompat-clear --field-trial-handle=4900,i,13466541644589204222,8935004936565357921,262144 --disable-features=AcceptCHFrame,MediaRouter,OptimizationHints,ProcessPerSiteUpToMainFrameThreshold,Translate --variations-seed-version --mojo-platform-channel-handle=4984 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| FR | 2.20.90.140:443 | aka.ms | tcp |
| US | 199.232.210.172:443 | download.visualstudio.microsoft.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 128.116.119.4:443 | clientsettings.roblox.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| GB | 142.250.200.27:443 | storage.googleapis.com | tcp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| GB | 142.250.200.27:443 | storage.googleapis.com | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 108.177.15.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | roblox.com | udp |
| US | 8.8.8.8:53 | roblox.com | udp |
| GB | 128.116.119.3:443 | roblox.com | tcp |
| GB | 128.116.119.3:443 | roblox.com | tcp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| GB | 128.116.119.4:443 | www.roblox.com | tcp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| GB | 2.18.190.78:443 | static.rbxcdn.com | tcp |
| GB | 2.18.190.73:443 | images.rbxcdn.com | tcp |
| GB | 2.19.252.155:443 | js.rbxcdn.com | tcp |
| GB | 2.19.252.155:443 | js.rbxcdn.com | tcp |
| GB | 2.19.252.155:443 | js.rbxcdn.com | tcp |
| GB | 2.19.252.155:443 | js.rbxcdn.com | tcp |
| GB | 2.19.252.155:443 | js.rbxcdn.com | tcp |
| GB | 2.19.252.155:443 | js.rbxcdn.com | tcp |
| GB | 2.18.190.80:443 | css.rbxcdn.com | tcp |
| GB | 2.18.190.80:443 | css.rbxcdn.com | tcp |
| GB | 2.18.190.80:443 | css.rbxcdn.com | tcp |
| GB | 2.18.190.80:443 | css.rbxcdn.com | tcp |
| GB | 2.18.190.80:443 | css.rbxcdn.com | tcp |
| GB | 2.18.190.80:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | metrics.roblox.com | udp |
| US | 8.8.8.8:53 | metrics.roblox.com | udp |
| US | 8.8.8.8:53 | apis.roblox.com | udp |
| US | 8.8.8.8:53 | apis.roblox.com | udp |
| US | 8.8.8.8:53 | apis.rbxcdn.com | udp |
| US | 8.8.8.8:53 | apis.rbxcdn.com | udp |
| GB | 2.22.144.39:443 | apis.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | auth.roblox.com | udp |
| US | 8.8.8.8:53 | auth.roblox.com | udp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| GB | 142.250.200.10:443 | content-autofill.googleapis.com | tcp |
| N/A | 127.0.0.1:50333 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
Files
memory/2952-0-0x000000007509E000-0x000000007509F000-memory.dmp
memory/2952-1-0x0000000000910000-0x0000000000E7C000-memory.dmp
memory/2952-2-0x0000000005F20000-0x00000000064C6000-memory.dmp
memory/2952-3-0x0000000005910000-0x0000000005956000-memory.dmp
memory/2952-4-0x0000000075090000-0x0000000075841000-memory.dmp
memory/2952-5-0x0000000005A40000-0x0000000005AD2000-memory.dmp
memory/2952-6-0x00000000059A0000-0x00000000059C6000-memory.dmp
memory/2952-7-0x00000000059E0000-0x00000000059FE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Roblox Account Manager.exe.config
| MD5 | 0a86fa27d09e26491dbbb4fe27f4b410 |
| SHA1 | 63e4b5afb8bdb67fc1d6f8dddeb40be20939289e |
| SHA256 | 2b6d99db8369b0ff6372737d89d1c9e4101815b4168a3852c7b513f2897e7f3d |
| SHA512 | fbebc4dc0925d5d67271cac04c1ed324091442ef4c9f6243d2c1c523c9aa6b338c6a594e4987fc142dd3b2a023338a267c8a3454e47fbf0b3e0dbd7b3b65cc0d |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Roblox Account Manager.exe.log
| MD5 | 72c442c0ee7dde7b3455bb315289bcf2 |
| SHA1 | d33367411ce01348f531e098495885b9d2ea110b |
| SHA256 | 180f825c19263ae06fc891efcde51f993b720a27bd6e563742a110b40cb3fe41 |
| SHA512 | b66e975424f17e3b4dce2d2746d78b8a05001ee17a7208c1f5f81ed8530aa2e3d4b10f4c64b33ba7c05a5e9e2afc548abf6bdfaffd6015c2cb7d624a688dc018 |
memory/3080-14-0x0000000075090000-0x0000000075841000-memory.dmp
memory/2952-15-0x0000000075090000-0x0000000075841000-memory.dmp
memory/3080-16-0x0000000075090000-0x0000000075841000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\log4.config
| MD5 | e4659ac08af3582a23f38bf6c562f841 |
| SHA1 | 19cb4f014ba96285fa1798f008deabce632c7e76 |
| SHA256 | e4b10630d9ec2af508de31752fbbc6816c7426c40a3e57f0a085ce7f42c77bd5 |
| SHA512 | 5bfa1e021cc7ee5e7a00da865d68684202b3b92d3d369b85b80c591fffa67725d434398325dc1e37c659eab62c0a4118b3e279ac0096b95790d252ceb6254249 |
memory/3080-19-0x0000000005E90000-0x0000000005F04000-memory.dmp
memory/3080-20-0x0000000005F30000-0x0000000005F3A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RAMTheme.ini
| MD5 | f18fa783f4d27e35e54e54417334bfb4 |
| SHA1 | 94511cdf37213bebdaf42a6140c9fe5be8eb07ba |
| SHA256 | 563eb35fd613f4298cd4dceff67652a13ba516a6244d9407c5709323c4ca4bb1 |
| SHA512 | 602f6a68562bc89a4b3c3a71c2477377f161470bf8ae8e6925bf35691367115abfa9809925bd09c35596c6a3e5a7e9d090e5198e6a885a6658049c8732a05071 |
memory/3080-22-0x0000000075090000-0x0000000075841000-memory.dmp
memory/3080-23-0x000000000A470000-0x000000000A4AA000-memory.dmp
memory/3080-24-0x0000000075090000-0x0000000075841000-memory.dmp
memory/3080-25-0x000000000A580000-0x000000000A58A000-memory.dmp
memory/3080-26-0x000000000AC00000-0x000000000ACA0000-memory.dmp
memory/3080-31-0x000000000B610000-0x000000000B668000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RAMSettings.ini
| MD5 | 1d917eaf5dcc8e06dd032c33f3a3d36a |
| SHA1 | 1eacb4eced22393fd5140910d30070f2e054e2fe |
| SHA256 | 787fa9af1c32b7e198119469c0e2c02c06b34ec7c990b62b9f4fb9bc8cedaa5f |
| SHA512 | 3cf5bc6160262ad454477cc0fab401696a7e5dff9e6fae1cdcfa0579ded640ea8c383dfcea6194f55c914927058e2355fd661d1fa83f87c10aeffa6a91cb9fcd |
memory/3080-33-0x000000000C980000-0x000000000CA32000-memory.dmp
memory/3080-34-0x000000000CB70000-0x000000000CB92000-memory.dmp
memory/3080-35-0x000000000CBA0000-0x000000000CC94000-memory.dmp
memory/3080-36-0x000000000CC90000-0x000000000CCAA000-memory.dmp
memory/3080-37-0x00000000049F0000-0x00000000049F8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\vcredist.tmp
| MD5 | d38126688b5647bf209606d07a90c2e6 |
| SHA1 | 467bb2c862def52f2858e5158c96f7ac6d6dcab2 |
| SHA256 | ed1967c2ac27d806806d121601b526f84e497ae1b99ed139c0c4c6b50147df4a |
| SHA512 | 8a0991b993d5206450228454b4f83251cc311cc2b0dd105494928e03bf2e865de8ccf9676c8e7453164bb1805929a3a9616ea020524b77dbc0a6bbca0d222daf |
C:\Windows\Temp\{30AA2097-F171-401B-A02A-C33ADA426E24}\.cr\vcredist.tmp
| MD5 | 38b9328b53a786141dc7d54992aa03bc |
| SHA1 | b3de0981128c8170b70e977a21c6c7e3e8437d8f |
| SHA256 | 32e2651799071c5e6c51bdaf0df7823526b25b2f34c01f9472bb159044d62c11 |
| SHA512 | b5ac7f0675feea295be0553520fd5341e5122ea1e33d2eaffa5d9f9170f5c97b30ea5db25774c00a69ecc48f018412bb1795e357aafc7565e242e5e4025527e2 |
C:\Windows\Temp\{29E06F7C-1510-4D04-A3FD-A29DC0766AA8}\.ba\wixstdba.dll
| MD5 | f68f43f809840328f4e993a54b0d5e62 |
| SHA1 | 01da48ce6c81df4835b4c2eca7e1d447be893d39 |
| SHA256 | e921f69b9fb4b5ad4691809d06896c5f1d655ab75e0ce94a372319c243c56d4e |
| SHA512 | a7a799ecf1784fb5e8cd7191bf78b510ff5b07db07363388d7b32ed21f4fddc09e34d1160113395f728c0f4e57d13768a0350dbdb207d9224337d2153dc791e1 |
C:\Windows\Temp\{29E06F7C-1510-4D04-A3FD-A29DC0766AA8}\.ba\logo.png
| MD5 | d6bd210f227442b3362493d046cea233 |
| SHA1 | ff286ac8370fc655aea0ef35e9cf0bfcb6d698de |
| SHA256 | 335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef |
| SHA512 | 464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b |
memory/3080-100-0x000000000C900000-0x000000000C950000-memory.dmp
memory/3080-101-0x0000000004A60000-0x0000000004A68000-memory.dmp
memory/3080-102-0x000000000E7C0000-0x000000000EB17000-memory.dmp
memory/3080-104-0x0000000075090000-0x0000000075841000-memory.dmp
memory/3080-105-0x0000000075090000-0x0000000075841000-memory.dmp
memory/3080-106-0x0000000075090000-0x0000000075841000-memory.dmp
memory/3080-107-0x0000000075090000-0x0000000075841000-memory.dmp
memory/3080-109-0x000000000B6C0000-0x000000000B6CA000-memory.dmp
memory/3080-110-0x000000000B6F0000-0x000000000B702000-memory.dmp
C:\Windows\Temp\{29E06F7C-1510-4D04-A3FD-A29DC0766AA8}\vcRuntimeMinimum_x86
| MD5 | aebc9db05b27963bdd7dc5f3c7eca0a9 |
| SHA1 | 31d6f6cabd5fbfb7c2899d481f18e18930dbfdfd |
| SHA256 | d9598b33dc795da4cbd520b790c45507cbce3976576e0e506b388c5f7ac3290c |
| SHA512 | 564d945821d80e27fdffcfdafd79c72d498018067a74e85fd6ee595a6a09453ae0fb1df41b430f656001bafc1b0b89c5433bd5aae48c179daa7a8a8732090c63 |
C:\Windows\Temp\{29E06F7C-1510-4D04-A3FD-A29DC0766AA8}\cab54A5CABBE7274D8A22EB58060AAB7623
| MD5 | c15278501772ebaf95ab908b94a552f2 |
| SHA1 | cf9c8ae523d9a6ed2797be072c9f659b9ed5dadb |
| SHA256 | 17d7bcb6c05f6c422f1bfbf5db923fc7d1427ec578968b75403830e759853b07 |
| SHA512 | f109a3af129b0025bd6dfb141d27e3d336145bc70c1fde590e44e4402d479680ca91ac0bc8cf8cd854e05a74c649719822218b2a1f58f75cbbaa9f03c9aeaf93 |
C:\Windows\Temp\{29E06F7C-1510-4D04-A3FD-A29DC0766AA8}\vcRuntimeAdditional_x86
| MD5 | 4879fe953ed435ca08589645b8eec144 |
| SHA1 | bc58d6f3ed69be01690d97c59dafda612cbc5f2b |
| SHA256 | 0ddc3f10282fdb663ac92ce5930e46cf996a4b42b592b9911b4001d12d4178bc |
| SHA512 | 222cb3f93b5d759c87077716f9cc95f152997e6c95a13aae8a4e789c274836ba41a03b6e08926135efdc8cd8413b47f02f34ddd4f6c7622ea98458b6e06d24ce |
C:\Windows\Temp\{29E06F7C-1510-4D04-A3FD-A29DC0766AA8}\cabB3E1576D1FEFBB979E13B1A5379E0B16
| MD5 | 512cc3e31ba72999bd0be1ff2faf59df |
| SHA1 | 56210834f64afa1800def2bc26d421e78c056639 |
| SHA256 | 55b0b98e9222a6f43c644bbf6f642267535d08270dce52c09e0f31b98385ffb0 |
| SHA512 | 3c912488fdbd9b6f01e87a189f825b77c186d018df9ed27fe554644eb0b40fdeac8903f7ee99a77c740c75b27056fd7977e47810144714052539308d16a7df67 |
C:\Users\Admin\AppData\Local\Temp\dd_vcredist_x86_20241031134205_000_vcRuntimeMinimum_x86.log
| MD5 | 42821b66c54d49747373573cb09c6e3c |
| SHA1 | 43ca2224522269941b4b9dcae1ac41141e77c631 |
| SHA256 | 0cd83cb0a9268955e043b742f1f137e6ad12f25bbf63b67ef9ca6dfe39087c48 |
| SHA512 | 6b22d60b64b3034862cfd7082dbc8f7cc9ef759afab3319efcf0eef089d8e62e6d108d9b27edbfe853a4ddf4b2c6c67365478a9deda17292effcbc9e2ca38225 |
C:\Config.Msi\e5bfbbc.rbs
| MD5 | 25b23e0ffac3ec5e7f2ed739909946f3 |
| SHA1 | 933507bb39bd085ac5091ac60aae0e1c09c91d97 |
| SHA256 | 9666bfe23c5989d996c1bc66405d25e47bdfd789316331095137ec688074b495 |
| SHA512 | 7e23f50288eed99aff79348420f6baef427a36398b17cd7caa786b635fa2782ca6a119c191bfcda7282540bd617690117bf0d4089d2caeadd9c3c4e8c373ff77 |
C:\Config.Msi\e5bfbb7.rbs
| MD5 | 8f8840583b64d661d7847a637b537163 |
| SHA1 | 2a566aa0c48fec936ad2e4a91d6721f2a5ad34c1 |
| SHA256 | 57aa21f0c0f549cbecec6c2ac291030144c85fc49abef5a0677cb618e6201d74 |
| SHA512 | 3ef6fee0bdc797a2d5de59e9d44dae55cfa86e91f07295566210373b813f8c858207ded78cf52045fa4e73781609788facb49476b4398e9ffdf56c7c5d638252 |
C:\Users\Admin\AppData\Local\Temp\dd_vcredist_x86_20241031134205_001_vcRuntimeAdditional_x86.log
| MD5 | 0f6e5cfa17d2a486075cccfc87dc8fb3 |
| SHA1 | 2c9086958a36e18e175ae9e2628daa67471ecbc3 |
| SHA256 | 48bc317616441e4ffe8933f57160184d4542f98f5ff8fa1b882f0240365f205e |
| SHA512 | 6e746834039c9e178c58e23db0c327675f626751e71e1c588fb4a8382eec3b5b0a299055e245c3ba58ec72b6c4cecad39c5f44f889df0b91d718383708fd62fa |
C:\Config.Msi\e5bfbd8.rbs
| MD5 | e7e932a2ed860ce5f7bc406aa19367bb |
| SHA1 | 6064240c4d0a8cb9a3ea71786e3f7b1fe796fab8 |
| SHA256 | 406e4e3d1cf3fee5e8397ace243e0de552353b56a7c938dc09ff5eb99cf45025 |
| SHA512 | 2a0d95bd126d70c6cbf5076ff0f030739c711ccd7d594330db1083de33858cd4b3424d9993b410909b17357c091a368516dca71b41d273317cd32f866aa20624 |
C:\Config.Msi\e5bfbc9.rbs
| MD5 | 82f8099d52c8c0efee73db563a844627 |
| SHA1 | 0afcf12fc0b96fd99966a49b782de2b66bc3df7a |
| SHA256 | 56dcbefa2fb6bb662393b4dd69e6f0056600a3a5cbec5828ee05f3120e4ab13b |
| SHA512 | 9726c7ab5e1a3fe85d1b04fddadd72c22a4aedd93584f85aa227986a026a9c42aff4c30a61ce7f84a0a2d7de0bec0226b4face2f189a5821b9d89c31031d67d0 |
C:\Windows\Temp\{E54616AA-AC52-4E07-9C4A-8733CF9274F6}\.ba\wixstdba.dll
| MD5 | eab9caf4277829abdf6223ec1efa0edd |
| SHA1 | 74862ecf349a9bedd32699f2a7a4e00b4727543d |
| SHA256 | a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041 |
| SHA512 | 45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2 |
memory/2932-420-0x0000000000400000-0x0000000000477000-memory.dmp
memory/3312-457-0x0000000000400000-0x0000000000477000-memory.dmp
memory/564-458-0x0000000000400000-0x0000000000477000-memory.dmp
memory/3080-522-0x0000000005280000-0x000000000528A000-memory.dmp
memory/3080-523-0x00000000053D0000-0x00000000053DA000-memory.dmp
memory/3080-524-0x000000000B680000-0x000000000B694000-memory.dmp
memory/3080-525-0x000000000B710000-0x000000000B74E000-memory.dmp
memory/3080-526-0x000000000B670000-0x000000000B680000-memory.dmp
memory/3080-527-0x000000000B6D0000-0x000000000B6E4000-memory.dmp
memory/3080-528-0x000000000B750000-0x000000000B758000-memory.dmp
C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe
| MD5 | f26dfce9583f0d7d41b31ee11e56be43 |
| SHA1 | 5718e9ea9c5ec6888a3d5eae9c090b0880414b0a |
| SHA256 | 613536f294de53d1e9bb53a31269300fef4427f5e461ff6c7a1de3fa88c7667c |
| SHA512 | 88447cf2767667a2d470b62b2f2be79483343003e40e02deeafc20ea27d63b66cd336ceede04f850edb920009672682e32290050b18daf9c575bd020d7bd4966 |
C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome_elf.dll
| MD5 | 561916711c707fe011411fd3d2cf71a8 |
| SHA1 | f7780da112a6abb515e7a9883810cf82a634674a |
| SHA256 | 0d2ccf801ceabba978a77238e1b79afc9a66983a11c07e011f876c063a71ffdb |
| SHA512 | 29b11fa1ffff586df4bae7a141a5e69500e327b54aa19efc32bd5bdd2f9652bbb641bc7bdc3116c95ca27022022894da5f9c94c987ce6c9793fce93f668b9c5a |
C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\icudtl.dat
| MD5 | 74bded81ce10a426df54da39cfa132ff |
| SHA1 | eb26bcc7d24be42bd8cfbded53bd62d605989bbf |
| SHA256 | 7bf96c193befbf23514401f8f6568076450ade52dd1595b85e4dfcf3de5f6fb9 |
| SHA512 | bd7b7b52d31803b2d4b1fd8cb76481931ed8abb98d779b893d3965231177bdd33386461e1a820b384712013904da094e3cd15ee24a679ddc766132677a8be54a |
C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\locales\en-US.pak
| MD5 | a8af211968e7d1fbc577fc55e1859f6d |
| SHA1 | 1fbf54c0be76318b4c4ede2daea08191221df890 |
| SHA256 | 92efd174fffe9e958e20edf1acdb9394ce81ae38b9d1a04203cb35585ecbb5b7 |
| SHA512 | 11c2d88467135e8d39c06dffe27be53c471d0c917b1767050d6c36dd7701ecac22680313203efc312ac6ffe867da658cc38ccb9ba19962e78a5accc6e5df0e21 |
C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\resources.pak
| MD5 | d092e6572493590a6cb2498e029509dc |
| SHA1 | f3564c4fec2e855486d63a90e34b1abb59e40ecb |
| SHA256 | 103ba11595d71025abc07c1f32e9f0fa11d9a191afeba6ee950154c5b358ac0b |
| SHA512 | e8894be07117dd7fa624a8d48dafa9371623bad475bc2523eaa5d0da1aa026deecb03062678a35a79c9798d5215a008ed812548ae2107d22bbe226940499d7ff |
C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome_200_percent.pak
| MD5 | e7f0c4a2f06aa4c40206cdc1bfb9166e |
| SHA1 | 14679473561d6f3d710a2514620e2f97650e5791 |
| SHA256 | 3cd793c813d79579e5dafb3b63204e2ccb525f6b27a6dc25525c9fafabce4d29 |
| SHA512 | fcca36df17760212654f3d08a0265fbce42b51a3ca13e70012dd723fd6ea084775036744fe32d0439fcf496c2fb2d5a733fbb87bdd3f318a64bb4611c7ff5f58 |
C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome_100_percent.pak
| MD5 | f796340aed680b64c37657912c63b050 |
| SHA1 | 8fccd026e7e88c733cbd37b495e9e0afff0b24be |
| SHA256 | 329113e1ab3c6ac34d8375fd0a66e6ba12c1c49675101d10e231316b5a14c8c2 |
| SHA512 | 98a8d6858b23bebdee8c7d13d5534aa568bffd2e9c030aec2263778ac2bdd7dea5c7e38b942352089ec4123d789eeaa2376623fba652e119db61cc006d3ace56 |
C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\libEGL.dll
| MD5 | 06ed270c198a3d563ee931ac6f825683 |
| SHA1 | 3c34e2bcf9099413a176085a3e1cade95035d3d2 |
| SHA256 | 89c3cf5576b06b8114450f55f16f5fa0c2197db45a7ef0e57bc0eda872dcd6f5 |
| SHA512 | e865bae51bc2c2687049919a5581339a70f66beb9eb62488830be06ec1892f8bb11bc5728f9c7665469dae7333bfa110312696d954f19d0c86aad8277453a713 |
C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\dxcompiler.dll
| MD5 | 6caa5cb29ca313e5facf1ecb9bf1bb0e |
| SHA1 | 1c57de100aaecdfd5d57305a33bc15bee78822be |
| SHA256 | 81b7a214c95ca2462addcc6061604fc69c4393f1fc2b4457e015f38cb7d54093 |
| SHA512 | dfef239eab517de44435a61d199136e1a44a450ad2ecbfe4d542b4be57dcbb2948a6c553e2e56920628e4e7eae6db3f2a7aeefca6e3854563838ef2ac2deaa52 |
memory/3080-604-0x000000000B580000-0x000000000B58A000-memory.dmp
C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\dxil.dll
| MD5 | 30da04b06e0abec33fecc55db1aa9b95 |
| SHA1 | de711585acfe49c510b500328803d3a411a4e515 |
| SHA256 | a5fe1d8d9caa2ff29daffd53f73a9a4e19c250351b2abe4fc7b57e60ce67ac68 |
| SHA512 | 67790874377e308d1448d0e41df9dd353a5f63686df4eb9a8e70a4da449b0c63a5d3655ab38d24b145ad3c57971b1c6793ea6c5ac2257b6eb2e8964a44ab0f08 |
C:\Users\Admin\AppData\Local\Temp\ylwy2j5u.l0p\Default\Extension Rules\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Temp\ylwy2j5u.l0p\Default\shared_proto_db\metadata\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Temp\ylwy2j5u.l0p\GrShaderCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\Temp\ylwy2j5u.l0p\GrShaderCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\Temp\ylwy2j5u.l0p\GrShaderCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Temp\ylwy2j5u.l0p\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Temp\ylwy2j5u.l0p\Default\Cache\Cache_Data\data_1
| MD5 | d0d388f3865d0523e451d6ba0be34cc4 |
| SHA1 | 8571c6a52aacc2747c048e3419e5657b74612995 |
| SHA256 | 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b |
| SHA512 | 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17 |
C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\vk_swiftshader.dll
| MD5 | 50b6baa8afafbf849557eef9a6c600af |
| SHA1 | 8f050d6b8a89be5d27209ae26c90874757a8eb5f |
| SHA256 | b1bdf61233010357f8bf5d5837719229b527581ac2ebcd5c9662f04471f2cc9e |
| SHA512 | 60866cc0fd0aa65febdf1da751701bcaf3cd90edf3cca3a8b3058c1aed26b56ba74332be697d22b30214446234477030a86605cc71b85940ea8adc6c169e7f35 |
C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\libGLESv2.dll
| MD5 | acd281e2a183ef45f130663118d20897 |
| SHA1 | dcab723cc20477a40d99a62e6bbfb75fa470c47f |
| SHA256 | 6cebea494ff17a5ec8c54b7fd5e13834eae556178ac42e7eab545263646aa080 |
| SHA512 | a59c491002224e86b4598104927b4c10107bf964ea7ad192f9ac6dca8a9a5b39d0e37c888c6d2e36234eb0b48c60a55da36852d377f4a506ca41274f834703ee |
C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\D3DCompiler_47.dll
| MD5 | a7b7470c347f84365ffe1b2072b4f95c |
| SHA1 | 57a96f6fb326ba65b7f7016242132b3f9464c7a3 |
| SHA256 | af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a |
| SHA512 | 83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d |
C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\v8_context_snapshot.bin
| MD5 | 0753b1e35ebc257c8511b6f219fac1ec |
| SHA1 | 7acd65cbcc253130b0127a0a189601671e9fc1d1 |
| SHA256 | ddd3a5acffc4e8d6b9211c84733debdf394c3cb12d702598e1a5e56b13c89c61 |
| SHA512 | b9dfac660d834aacb30e6e1e272c4f0669659514f48aadc8b5542dd42ca1bd5aca4bbd00941c2ccacccc9ca068f133623dedc9994f5ccbbf1ac36bbdef99aee2 |
\??\pipe\crashpad_2060_XWRBOSHKUMLIQEXB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Temp\ylwy2j5u.l0p\Default\Code Cache\js\index-dir\the-real-index~RFe5c40c9.TMP
| MD5 | bdd018bd76e9fc290dd8d2fa044c5b9b |
| SHA1 | 1249c67739d30f9638b8f9484c4ffa4c6f206656 |
| SHA256 | 6e3099423316b7e0d430e701cb977e8e7a8e01034b5f930bcedc4179baf5ca2e |
| SHA512 | 7a875fbd20ceaaee18002ec97e81a56a1ecfc09d05bcc405c41a770f7055877091afa61c53394587a4d4ef9a171f1437daa6987862e07ace4d855ccbb2418464 |
C:\Users\Admin\AppData\Local\Temp\ylwy2j5u.l0p\Local State
| MD5 | ea2023199df874e425ce4942150106a7 |
| SHA1 | ca0fe556bc4b882c4ff437cae6ff46959a8975d1 |
| SHA256 | 29fcb76f96b47edf73a7cc4d6132630e05efa822ade14b350e6bcb5a3d86a07e |
| SHA512 | c8f597b5039df15072bb3439438ee91d3087554716c137f6e11de38618fc163c714f2d4aac5ed70d88dc165809b136443424b829b642809a36a1e6e50504cb0a |
C:\Users\Admin\AppData\Local\Temp\ylwy2j5u.l0p\Local State~RFe5c40c9.TMP
| MD5 | 8ea21402e20e49583c1f94d1dc0ba156 |
| SHA1 | c9dfbc8d7b9c77a02707b0a196f503dca7e8f827 |
| SHA256 | 7c5a37f3442a67aaecf968948f810b1d1b2cd58877f9015313966c9b84e50edc |
| SHA512 | 37763b1610175e6bab8215a18f611a9271864d38a19aeaea5283a3eccf827d0c49acc6e426a724316a43d572dd5a6ef2432ba8bf41a8b7498228519c2e438a25 |
C:\Users\Admin\AppData\Local\Temp\ylwy2j5u.l0p\Local State
| MD5 | 214e699b3b09a7ce5b58f5c2ba1dc0e1 |
| SHA1 | 4f55a0c082018255a4dec4afb1c8c872a39d0d7b |
| SHA256 | 1d592153586e0fad91857e1336d41b5c45bae07eb668b998ba9d8d3f22695bb1 |
| SHA512 | 0f9f52c80e0b349429132db00198305753f65330373bb7e0e057732d40281e3fd6984b3a89cda09a45d18f8448db321657c52e40656f91bc5c92c864c743e895 |
C:\Users\Admin\AppData\Local\Temp\ylwy2j5u.l0p\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e57ceec1d28a75d24944336631c4e79c |
| SHA1 | 38fc7c53958ee2ab27cd708a5ca76039979b8940 |
| SHA256 | a9eb49f4f0bc31691080b3caafb498c615fa50d38b88f0c008e379c6f1725ff7 |
| SHA512 | 3efa61dbeff013a9b7238993b989cbe294c4c95438c8bd08166cb818eddc1ecf23a80e3d9e0130e3104cb3997b494d360b7c65d1d3f1cc8004b8eb7f552db759 |