Analysis Overview
SHA256
be9ddcdedf8c36c64e6b0a32d2686b74a112913c54217ccaa46675bfd1dc82f1
Threat Level: Likely malicious
The file Roblox Account Manager.exe was found to be: Likely malicious.
Malicious Activity Summary
Uses browser remote debugging
Executes dropped EXE
Loads dropped DLL
Adds Run key to start application
Blocklisted process makes network request
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
Enumerates connected drives
Checks system information in the registry
Drops file in System32 directory
Drops file in Windows directory
Unsigned PE
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Modifies data under HKEY_USERS
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
Uses Volume Shadow Copy service COM API
Suspicious use of FindShellTrayWindow
Checks SCSI registry key(s)
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies registry class
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-12 11:00
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-12 11:00
Reported
2024-11-12 11:02
Platform
win11-20241007-en
Max time kernel
73s
Max time network
59s
Command Line
Signatures
Uses browser remote debugging
Executes dropped EXE
Loads dropped DLL
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{4373d0b5-4457-4a80-bad9-029de8df097b} = "\"C:\\ProgramData\\Package Cache\\{4373d0b5-4457-4a80-bad9-029de8df097b}\\VC_redist.x86.exe\" /burn.runonce" | C:\Windows\Temp\{B0A067A1-63DC-4B08-AA99-C2DF04170D78}\.be\VC_redist.x86.exe | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Checks system information in the registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\vccorlib140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\vcomp140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mfc140u.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mfc140rus.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\mfc140deu.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\msvcp140_1.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\msvcp140_codecvt_ids.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mfc140esn.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mfc140fra.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\mfc140enu.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\mfc140ita.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\msvcp140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\msvcp140_1.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\msvcp140_2.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\concrt140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\msvcp140_atomic_wait.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mfc140cht.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mfc140deu.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mfc140enu.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mfc140ita.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mfc140jpn.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\mfc140esn.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\msvcp140_atomic_wait.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vcomp140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mfc140kor.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\mfc140chs.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\mfc140cht.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\mfc140rus.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vcamp140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\msvcp140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\vccorlib140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\mfc140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\mfc140kor.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\mfcm140u.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vcruntime140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\msvcp140_codecvt_ids.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\msvcp140_2.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\vcruntime140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\vcruntime140_threads.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mfcm140u.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mfc140chs.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\mfc140fra.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\mfc140jpn.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\mfcm140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\concrt140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\vcamp140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mfc140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mfcm140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\mfc140u.dll | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SystemTemp\~DF207DA3E861A73B72.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF290.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF0F81566282FC5FC0.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e57ec9a.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIEFCF.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DFD0CDA26265F9F6CC.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF6E6D0F6B9D3C3A47.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF3F8.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e57ec84.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e57ec85.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{0DF1D9F9-6038-4641-AB6D-13DD654758A7} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF4C169CE5372B0479.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DFD7E08DAB4623AC84.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e57ec73.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{D7A66DA5-B103-45C1-A0A7-736C08E2F464} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIEED4.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DFB99CADAF1F62769E.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e57ec85.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e57ec73.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DFAB24DDABAFC7B342.TMP | C:\Windows\system32\msiexec.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vcredist.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Temp\{7623CB75-D7E8-4204-B0DC-ABB6699E722C}\.cr\vcredist.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Temp\{B0A067A1-63DC-4B08-AA99-C2DF04170D78}\.be\VC_redist.x86.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Roblox Account Manager.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Roblox Account Manager.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 000000000400000097e32746e391c5270000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff00000000270101000008000097e327460000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff00000000070001000068090097e32746000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d97e32746000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000000000000000000097e3274600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000\Software\Microsoft\Internet Explorer\TypedURLs | C:\Users\Admin\AppData\Local\Temp\Roblox Account Manager.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\29 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\29 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\27 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\28 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133758829123454283" | C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5AD66A7D301B1C540A7A37C6802E4F46\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{D7A66DA5-B103-45C1-A0A7-736C08E2F464}v14.40.33816\\packages\\vcRuntimeMinimum_x86\\" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\15E8B87C56C0E773581D82F286F95E50\9F9D1FD083061464BAD631DD5674857A | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\INSTALLER\DEPENDENCIES\MICROSOFT.VS.VC_RUNTIMEADDITIONALVSU_X86,V14\DEPENDENTS\{4D8DCF8C-A72A-43E1-9833-C12724DB736E} | C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5040806F8AF9AAC49928419ED5A1D3CA\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5040806F8AF9AAC49928419ED5A1D3CA | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5AD66A7D301B1C540A7A37C6802E4F46 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5AD66A7D301B1C540A7A37C6802E4F46\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F9D1FD083061464BAD631DD5674857A\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5040806F8AF9AAC49928419ED5A1D3CA\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5AD66A7D301B1C540A7A37C6802E4F46\InstanceType = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5AD66A7D301B1C540A7A37C6802E4F46\DeploymentFlags = "3" | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\15E8B87C56C0E773581D82F286F95E50 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F9D1FD083061464BAD631DD5674857A\Version = "237536280" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F9D1FD083061464BAD631DD5674857A\Assignment = "1" | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\INSTALLER\DEPENDENCIES\VC,REDIST.X86,X86,14.30,BUNDLE\DEPENDENTS\{4D8DCF8C-A72A-43E1-9833-C12724DB736E} | C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x86,x86,14.30,bundle | C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x86,x86,14.40,bundle\Version = "14.40.33816.0" | C:\Windows\Temp\{B0A067A1-63DC-4B08-AA99-C2DF04170D78}\.be\VC_redist.x86.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5AD66A7D301B1C540A7A37C6802E4F46\Language = "1033" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5AD66A7D301B1C540A7A37C6802E4F46\AuthorizedLUAApp = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\679E80FBE29B63345BF612177149674C | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_x86,v14 | C:\Windows\Temp\{B0A067A1-63DC-4B08-AA99-C2DF04170D78}\.be\VC_redist.x86.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F9D1FD083061464BAD631DD5674857A\PackageCode = "74A59C9CB7128C440BC689986566ECC7" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F9D1FD083061464BAD631DD5674857A\Clients = 3a0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_x86,v14\Dependents\{4373d0b5-4457-4a80-bad9-029de8df097b} | C:\Windows\Temp\{B0A067A1-63DC-4B08-AA99-C2DF04170D78}\.be\VC_redist.x86.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\679E80FBE29B63345BF612177149674C\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\679E80FBE29B63345BF612177149674C\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F9D1FD083061464BAD631DD5674857A\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x86,x86,14.40,bundle\ = "{4373d0b5-4457-4a80-bad9-029de8df097b}" | C:\Windows\Temp\{B0A067A1-63DC-4B08-AA99-C2DF04170D78}\.be\VC_redist.x86.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x86,x86,14.40,bundle\DisplayName = "Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.40.33816" | C:\Windows\Temp\{B0A067A1-63DC-4B08-AA99-C2DF04170D78}\.be\VC_redist.x86.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x86,x86,14.40,bundle\Dependents\{4373d0b5-4457-4a80-bad9-029de8df097b} | C:\Windows\Temp\{B0A067A1-63DC-4B08-AA99-C2DF04170D78}\.be\VC_redist.x86.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x86,x86,14.40,bundle\Dependents | C:\Windows\Temp\{B0A067A1-63DC-4B08-AA99-C2DF04170D78}\.be\VC_redist.x86.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F9D1FD083061464BAD631DD5674857A\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{0DF1D9F9-6038-4641-AB6D-13DD654758A7}v14.40.33816\\packages\\vcRuntimeAdditional_x86\\" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F9D1FD083061464BAD631DD5674857A\DeploymentFlags = "3" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F9D1FD083061464BAD631DD5674857A\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_x86,v14\Version = "14.40.33816" | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\679E80FBE29B63345BF612177149674C | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_x86,v14\Version = "14.40.33816" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F9D1FD083061464BAD631DD5674857A\AuthorizedLUAApp = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F9D1FD083061464BAD631DD5674857A\InstanceType = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_x86,v14\Dependents\{4373d0b5-4457-4a80-bad9-029de8df097b} | C:\Windows\Temp\{B0A067A1-63DC-4B08-AA99-C2DF04170D78}\.be\VC_redist.x86.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5040806F8AF9AAC49928419ED5A1D3CA | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5AD66A7D301B1C540A7A37C6802E4F46\Provider | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5AD66A7D301B1C540A7A37C6802E4F46\ProductName = "Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.40.33816" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\60DB5E5629367203C8625813703DFCA1 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\679E80FBE29B63345BF612177149674C\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_x86,v14\ = "{0DF1D9F9-6038-4641-AB6D-13DD654758A7}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9F9D1FD083061464BAD631DD5674857A\Servicing_Key | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F9D1FD083061464BAD631DD5674857A\Language = "1033" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_x86,v14\ = "{D7A66DA5-B103-45C1-A0A7-736C08E2F464}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5AD66A7D301B1C540A7A37C6802E4F46\Servicing_Key | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5AD66A7D301B1C540A7A37C6802E4F46 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5AD66A7D301B1C540A7A37C6802E4F46\Assignment = "1" | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x86,x86,14.30,bundle\Dependents | C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\INSTALLER\DEPENDENCIES\MICROSOFT.VS.VC_RUNTIMEMINIMUMVSU_X86,V14\DEPENDENTS\{4D8DCF8C-A72A-43E1-9833-C12724DB736E} | C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_x86,v14 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9F9D1FD083061464BAD631DD5674857A\VC_Runtime_Additional | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F9D1FD083061464BAD631DD5674857A | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_x86,v14 | C:\Windows\Temp\{B0A067A1-63DC-4B08-AA99-C2DF04170D78}\.be\VC_redist.x86.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\VC,redist.x86,x86,14.40,bundle | C:\Windows\Temp\{B0A067A1-63DC-4B08-AA99-C2DF04170D78}\.be\VC_redist.x86.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_x86,v14 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F9D1FD083061464BAD631DD5674857A\ProductName = "Microsoft Visual C++ 2022 X86 Additional Runtime - 14.40.33816" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9F9D1FD083061464BAD631DD5674857A | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\15E8B87C56C0E773581D82F286F95E50 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\60DB5E5629367203C8625813703DFCA1 | C:\Windows\system32\msiexec.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Roblox Account Manager.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\Roblox Account Manager.exe
"C:\Users\Admin\AppData\Local\Temp\Roblox Account Manager.exe"
C:\Users\Admin\AppData\Local\Temp\Roblox Account Manager.exe
"C:\Users\Admin\AppData\Local\Temp\Roblox Account Manager.exe" -restart
C:\Users\Admin\AppData\Local\Temp\vcredist.tmp
"C:\Users\Admin\AppData\Local\Temp\vcredist.tmp" /q /norestart
C:\Windows\Temp\{7623CB75-D7E8-4204-B0DC-ABB6699E722C}\.cr\vcredist.tmp
"C:\Windows\Temp\{7623CB75-D7E8-4204-B0DC-ABB6699E722C}\.cr\vcredist.tmp" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\vcredist.tmp" -burn.filehandle.attached=728 -burn.filehandle.self=732 /q /norestart
C:\Windows\Temp\{B0A067A1-63DC-4B08-AA99-C2DF04170D78}\.be\VC_redist.x86.exe
"C:\Windows\Temp\{B0A067A1-63DC-4B08-AA99-C2DF04170D78}\.be\VC_redist.x86.exe" -q -burn.elevated BurnPipe.{DD9A5972-C36A-4E38-B543-1FBC56DE17D1} {D3755D2D-0D42-40B0-BB6F-961E71F577FD} 1332
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe
"C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={4373d0b5-4457-4a80-bad9-029de8df097b} -burn.filehandle.self=996 -burn.embedded BurnPipe.{9A4E6AFE-32A4-4A56-B3E6-F657F1BFDE0D} {6CF99502-0AAA-4CA4-85CE-CD88F9DDCF23} 2612
C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe
"C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe" -burn.clean.room="C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe" -burn.filehandle.attached=544 -burn.filehandle.self=560 -uninstall -quiet -burn.related.upgrade -burn.ancestors={4373d0b5-4457-4a80-bad9-029de8df097b} -burn.filehandle.self=996 -burn.embedded BurnPipe.{9A4E6AFE-32A4-4A56-B3E6-F657F1BFDE0D} {6CF99502-0AAA-4CA4-85CE-CD88F9DDCF23} 2612
C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe
"C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe" -q -burn.elevated BurnPipe.{4041330E-BB89-49D9-919E-1BC4DC5D44BB} {6505A2E2-0452-4225-AC66-5E557750DE13} 4528
C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe
"C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe" --allow-pre-commit-input --disable-background-networking --disable-background-timer-throttling --disable-backgrounding-occluded-windows --disable-breakpad --disable-client-side-phishing-detection --disable-component-extensions-with-background-pages --disable-component-update --disable-default-apps --disable-dev-shm-usage --disable-extensions --disable-field-trial-config --disable-hang-monitor --disable-infobars --disable-ipc-flooding-protection --disable-popup-blocking --disable-prompt-on-repost --disable-renderer-backgrounding --disable-search-engine-choice-screen --disable-sync --enable-automation --enable-blink-features=IdleDetection --export-tagged-pdf --generate-pdf-document-outline --force-color-profile=srgb --metrics-recording-only --no-first-run --password-store=basic --use-mock-keychain --disable-features=Translate,AcceptCHFrame,MediaRouter,OptimizationHints,ProcessPerSiteUpToMainFrameThreshold --enable-features= about:blank --disable-web-security --window-size="880,740" --window-position="200,-34" --remote-debugging-port=0 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\u1ffu3vu.2d0"
C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe
C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\u1ffu3vu.2d0 /prefetch:4 --monitor-self --monitor-self-argument=--type=crashpad-handler --monitor-self-argument=--user-data-dir=C:\Users\Admin\AppData\Local\Temp\u1ffu3vu.2d0 --monitor-self-argument=/prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\u1ffu3vu.2d0\Crashpad --annotation=plat=Win64 "--annotation=prod=Google Chrome for Testing" --annotation=ver=124.0.6367.201 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9fc36cc70,0x7ff9fc36cc7c,0x7ff9fc36cc88
C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe
C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\u1ffu3vu.2d0 /prefetch:4 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\u1ffu3vu.2d0\Crashpad --annotation=plat=Win64 "--annotation=prod=Google Chrome for Testing" --annotation=ver=124.0.6367.201 --initial-client-data=0x1c4,0x1c8,0x1cc,0x118,0x1d0,0x7ff73dec9900,0x7ff73dec990c,0x7ff73dec9918
C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe
"C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe" --type=gpu-process --disable-breakpad --user-data-dir="C:\Users\Admin\AppData\Local\Temp\u1ffu3vu.2d0" --no-appcompat-clear --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1988,i,16766091272339496740,11534123053306318933,262144 --disable-features=AcceptCHFrame,MediaRouter,OptimizationHints,ProcessPerSiteUpToMainFrameThreshold,Translate --variations-seed-version --mojo-platform-channel-handle=1984 /prefetch:2
C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe
"C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Temp\u1ffu3vu.2d0" --no-appcompat-clear --start-stack-profiler --field-trial-handle=1772,i,16766091272339496740,11534123053306318933,262144 --disable-features=AcceptCHFrame,MediaRouter,OptimizationHints,ProcessPerSiteUpToMainFrameThreshold,Translate --variations-seed-version --mojo-platform-channel-handle=1704 /prefetch:3
C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe
"C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-data-dir="C:\Users\Admin\AppData\Local\Temp\u1ffu3vu.2d0" --no-appcompat-clear --field-trial-handle=2212,i,16766091272339496740,11534123053306318933,262144 --disable-features=AcceptCHFrame,MediaRouter,OptimizationHints,ProcessPerSiteUpToMainFrameThreshold,Translate --variations-seed-version --mojo-platform-channel-handle=1948 /prefetch:8
C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe
"C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\u1ffu3vu.2d0" --no-appcompat-clear --disable-background-timer-throttling --disable-breakpad --enable-automation --force-color-profile=srgb --remote-debugging-port=0 --allow-pre-commit-input --enable-blink-features=IdleDetection --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2832,i,16766091272339496740,11534123053306318933,262144 --disable-features=AcceptCHFrame,MediaRouter,OptimizationHints,ProcessPerSiteUpToMainFrameThreshold,Translate --variations-seed-version --mojo-platform-channel-handle=2864 /prefetch:1
C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe
"C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\u1ffu3vu.2d0" --no-appcompat-clear --disable-background-timer-throttling --disable-breakpad --enable-automation --force-color-profile=srgb --remote-debugging-port=0 --allow-pre-commit-input --enable-blink-features=IdleDetection --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2836,i,16766091272339496740,11534123053306318933,262144 --disable-features=AcceptCHFrame,MediaRouter,OptimizationHints,ProcessPerSiteUpToMainFrameThreshold,Translate --variations-seed-version --mojo-platform-channel-handle=2892 /prefetch:1
C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe
"C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\u1ffu3vu.2d0" --no-appcompat-clear --disable-background-timer-throttling --disable-breakpad --enable-automation --force-color-profile=srgb --remote-debugging-port=0 --allow-pre-commit-input --enable-blink-features=IdleDetection --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4512,i,16766091272339496740,11534123053306318933,262144 --disable-features=AcceptCHFrame,MediaRouter,OptimizationHints,ProcessPerSiteUpToMainFrameThreshold,Translate --variations-seed-version --mojo-platform-channel-handle=4508 /prefetch:1
C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe
"C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Temp\u1ffu3vu.2d0" --no-appcompat-clear --field-trial-handle=4896,i,16766091272339496740,11534123053306318933,262144 --disable-features=AcceptCHFrame,MediaRouter,OptimizationHints,ProcessPerSiteUpToMainFrameThreshold,Translate --variations-seed-version --mojo-platform-channel-handle=4920 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | aka.ms | udp |
| GB | 2.16.234.57:443 | aka.ms | tcp |
| US | 8.8.8.8:53 | 57.234.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download.visualstudio.microsoft.com | udp |
| US | 199.232.214.172:443 | download.visualstudio.microsoft.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 128.116.119.4:443 | clientsettings.roblox.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 172.217.16.251:443 | storage.googleapis.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.119.116.128.in-addr.arpa | udp |
| GB | 172.217.16.251:443 | storage.googleapis.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 173.194.69.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | roblox.com | udp |
| US | 8.8.8.8:53 | roblox.com | udp |
| GB | 128.116.119.4:443 | roblox.com | tcp |
| GB | 128.116.119.4:443 | roblox.com | tcp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| GB | 2.18.190.78:443 | static.rbxcdn.com | tcp |
| GB | 2.18.190.80:443 | css.rbxcdn.com | tcp |
| GB | 2.18.190.80:443 | css.rbxcdn.com | tcp |
| GB | 2.18.190.80:443 | css.rbxcdn.com | tcp |
| GB | 2.18.190.80:443 | css.rbxcdn.com | tcp |
| GB | 2.18.190.80:443 | css.rbxcdn.com | tcp |
| GB | 2.18.190.80:443 | css.rbxcdn.com | tcp |
| GB | 2.19.117.6:443 | js.rbxcdn.com | tcp |
| GB | 2.19.117.6:443 | js.rbxcdn.com | tcp |
| GB | 2.19.117.6:443 | js.rbxcdn.com | tcp |
| GB | 2.19.117.6:443 | js.rbxcdn.com | tcp |
| GB | 2.19.117.6:443 | js.rbxcdn.com | tcp |
| GB | 2.19.117.6:443 | js.rbxcdn.com | tcp |
| GB | 2.18.190.73:443 | images.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | metrics.roblox.com | udp |
| US | 8.8.8.8:53 | metrics.roblox.com | udp |
| US | 8.8.8.8:53 | apis.roblox.com | udp |
| US | 8.8.8.8:53 | apis.roblox.com | udp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| US | 8.8.8.8:53 | apis.rbxcdn.com | udp |
| US | 8.8.8.8:53 | apis.rbxcdn.com | udp |
| GB | 2.19.117.27:443 | apis.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | auth.roblox.com | udp |
| US | 8.8.8.8:53 | auth.roblox.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 172.217.16.234:443 | content-autofill.googleapis.com | tcp |
| N/A | 127.0.0.1:50324 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
Files
memory/2940-0-0x000000007445E000-0x000000007445F000-memory.dmp
memory/2940-1-0x0000000000350000-0x00000000008BC000-memory.dmp
memory/2940-2-0x00000000058D0000-0x0000000005E76000-memory.dmp
memory/2940-3-0x0000000005390000-0x00000000053D6000-memory.dmp
memory/2940-4-0x0000000074450000-0x0000000074C01000-memory.dmp
memory/2940-5-0x0000000005480000-0x0000000005512000-memory.dmp
memory/2940-6-0x00000000053E0000-0x0000000005406000-memory.dmp
memory/2940-7-0x0000000005420000-0x000000000543E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Roblox Account Manager.exe.config
| MD5 | 0a86fa27d09e26491dbbb4fe27f4b410 |
| SHA1 | 63e4b5afb8bdb67fc1d6f8dddeb40be20939289e |
| SHA256 | 2b6d99db8369b0ff6372737d89d1c9e4101815b4168a3852c7b513f2897e7f3d |
| SHA512 | fbebc4dc0925d5d67271cac04c1ed324091442ef4c9f6243d2c1c523c9aa6b338c6a594e4987fc142dd3b2a023338a267c8a3454e47fbf0b3e0dbd7b3b65cc0d |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Roblox Account Manager.exe.log
| MD5 | 72c442c0ee7dde7b3455bb315289bcf2 |
| SHA1 | d33367411ce01348f531e098495885b9d2ea110b |
| SHA256 | 180f825c19263ae06fc891efcde51f993b720a27bd6e563742a110b40cb3fe41 |
| SHA512 | b66e975424f17e3b4dce2d2746d78b8a05001ee17a7208c1f5f81ed8530aa2e3d4b10f4c64b33ba7c05a5e9e2afc548abf6bdfaffd6015c2cb7d624a688dc018 |
memory/2940-14-0x000000007445E000-0x000000007445F000-memory.dmp
memory/4896-15-0x0000000074450000-0x0000000074C01000-memory.dmp
memory/2940-16-0x0000000074450000-0x0000000074C01000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\log4.config
| MD5 | e4659ac08af3582a23f38bf6c562f841 |
| SHA1 | 19cb4f014ba96285fa1798f008deabce632c7e76 |
| SHA256 | e4b10630d9ec2af508de31752fbbc6816c7426c40a3e57f0a085ce7f42c77bd5 |
| SHA512 | 5bfa1e021cc7ee5e7a00da865d68684202b3b92d3d369b85b80c591fffa67725d434398325dc1e37c659eab62c0a4118b3e279ac0096b95790d252ceb6254249 |
memory/4896-17-0x0000000074450000-0x0000000074C01000-memory.dmp
memory/4896-20-0x0000000006C00000-0x0000000006C74000-memory.dmp
memory/4896-21-0x0000000006D80000-0x0000000006D8A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RAMTheme.ini
| MD5 | f18fa783f4d27e35e54e54417334bfb4 |
| SHA1 | 94511cdf37213bebdaf42a6140c9fe5be8eb07ba |
| SHA256 | 563eb35fd613f4298cd4dceff67652a13ba516a6244d9407c5709323c4ca4bb1 |
| SHA512 | 602f6a68562bc89a4b3c3a71c2477377f161470bf8ae8e6925bf35691367115abfa9809925bd09c35596c6a3e5a7e9d090e5198e6a885a6658049c8732a05071 |
memory/4896-23-0x0000000074450000-0x0000000074C01000-memory.dmp
memory/4896-24-0x000000000B2C0000-0x000000000B2FA000-memory.dmp
memory/4896-25-0x0000000074450000-0x0000000074C01000-memory.dmp
memory/4896-26-0x000000000B8E0000-0x000000000B8EA000-memory.dmp
memory/4896-27-0x000000000BA40000-0x000000000BAE0000-memory.dmp
memory/4896-32-0x000000000C460000-0x000000000C4B8000-memory.dmp
memory/4896-34-0x000000000D7D0000-0x000000000D882000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RAMSettings.ini
| MD5 | 1d917eaf5dcc8e06dd032c33f3a3d36a |
| SHA1 | 1eacb4eced22393fd5140910d30070f2e054e2fe |
| SHA256 | 787fa9af1c32b7e198119469c0e2c02c06b34ec7c990b62b9f4fb9bc8cedaa5f |
| SHA512 | 3cf5bc6160262ad454477cc0fab401696a7e5dff9e6fae1cdcfa0579ded640ea8c383dfcea6194f55c914927058e2355fd661d1fa83f87c10aeffa6a91cb9fcd |
memory/4896-35-0x000000000D9C0000-0x000000000D9E2000-memory.dmp
memory/4896-36-0x000000000D9F0000-0x000000000DAE4000-memory.dmp
memory/4896-37-0x000000000DAE0000-0x000000000DAFA000-memory.dmp
memory/4896-38-0x000000000DB20000-0x000000000DB28000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\vcredist.tmp
| MD5 | d38126688b5647bf209606d07a90c2e6 |
| SHA1 | 467bb2c862def52f2858e5158c96f7ac6d6dcab2 |
| SHA256 | ed1967c2ac27d806806d121601b526f84e497ae1b99ed139c0c4c6b50147df4a |
| SHA512 | 8a0991b993d5206450228454b4f83251cc311cc2b0dd105494928e03bf2e865de8ccf9676c8e7453164bb1805929a3a9616ea020524b77dbc0a6bbca0d222daf |
C:\Windows\Temp\{7623CB75-D7E8-4204-B0DC-ABB6699E722C}\.cr\vcredist.tmp
| MD5 | 38b9328b53a786141dc7d54992aa03bc |
| SHA1 | b3de0981128c8170b70e977a21c6c7e3e8437d8f |
| SHA256 | 32e2651799071c5e6c51bdaf0df7823526b25b2f34c01f9472bb159044d62c11 |
| SHA512 | b5ac7f0675feea295be0553520fd5341e5122ea1e33d2eaffa5d9f9170f5c97b30ea5db25774c00a69ecc48f018412bb1795e357aafc7565e242e5e4025527e2 |
C:\Windows\Temp\{B0A067A1-63DC-4B08-AA99-C2DF04170D78}\.ba\wixstdba.dll
| MD5 | f68f43f809840328f4e993a54b0d5e62 |
| SHA1 | 01da48ce6c81df4835b4c2eca7e1d447be893d39 |
| SHA256 | e921f69b9fb4b5ad4691809d06896c5f1d655ab75e0ce94a372319c243c56d4e |
| SHA512 | a7a799ecf1784fb5e8cd7191bf78b510ff5b07db07363388d7b32ed21f4fddc09e34d1160113395f728c0f4e57d13768a0350dbdb207d9224337d2153dc791e1 |
C:\Windows\Temp\{B0A067A1-63DC-4B08-AA99-C2DF04170D78}\.ba\logo.png
| MD5 | d6bd210f227442b3362493d046cea233 |
| SHA1 | ff286ac8370fc655aea0ef35e9cf0bfcb6d698de |
| SHA256 | 335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef |
| SHA512 | 464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b |
memory/4896-102-0x00000000057E0000-0x00000000057E8000-memory.dmp
memory/4896-101-0x00000000079D0000-0x0000000007A20000-memory.dmp
memory/4896-103-0x000000000F490000-0x000000000F7E7000-memory.dmp
memory/4896-105-0x0000000074450000-0x0000000074C01000-memory.dmp
memory/4896-106-0x0000000074450000-0x0000000074C01000-memory.dmp
memory/4896-107-0x0000000074450000-0x0000000074C01000-memory.dmp
memory/4896-108-0x0000000074450000-0x0000000074C01000-memory.dmp
memory/4896-110-0x000000000C500000-0x000000000C50A000-memory.dmp
memory/4896-111-0x000000000C530000-0x000000000C542000-memory.dmp
C:\Windows\Temp\{B0A067A1-63DC-4B08-AA99-C2DF04170D78}\cabB3E1576D1FEFBB979E13B1A5379E0B16
| MD5 | 512cc3e31ba72999bd0be1ff2faf59df |
| SHA1 | 56210834f64afa1800def2bc26d421e78c056639 |
| SHA256 | 55b0b98e9222a6f43c644bbf6f642267535d08270dce52c09e0f31b98385ffb0 |
| SHA512 | 3c912488fdbd9b6f01e87a189f825b77c186d018df9ed27fe554644eb0b40fdeac8903f7ee99a77c740c75b27056fd7977e47810144714052539308d16a7df67 |
C:\Windows\Temp\{B0A067A1-63DC-4B08-AA99-C2DF04170D78}\vcRuntimeAdditional_x86
| MD5 | 4879fe953ed435ca08589645b8eec144 |
| SHA1 | bc58d6f3ed69be01690d97c59dafda612cbc5f2b |
| SHA256 | 0ddc3f10282fdb663ac92ce5930e46cf996a4b42b592b9911b4001d12d4178bc |
| SHA512 | 222cb3f93b5d759c87077716f9cc95f152997e6c95a13aae8a4e789c274836ba41a03b6e08926135efdc8cd8413b47f02f34ddd4f6c7622ea98458b6e06d24ce |
C:\Windows\Temp\{B0A067A1-63DC-4B08-AA99-C2DF04170D78}\cab54A5CABBE7274D8A22EB58060AAB7623
| MD5 | c15278501772ebaf95ab908b94a552f2 |
| SHA1 | cf9c8ae523d9a6ed2797be072c9f659b9ed5dadb |
| SHA256 | 17d7bcb6c05f6c422f1bfbf5db923fc7d1427ec578968b75403830e759853b07 |
| SHA512 | f109a3af129b0025bd6dfb141d27e3d336145bc70c1fde590e44e4402d479680ca91ac0bc8cf8cd854e05a74c649719822218b2a1f58f75cbbaa9f03c9aeaf93 |
C:\Windows\Temp\{B0A067A1-63DC-4B08-AA99-C2DF04170D78}\vcRuntimeMinimum_x86
| MD5 | aebc9db05b27963bdd7dc5f3c7eca0a9 |
| SHA1 | 31d6f6cabd5fbfb7c2899d481f18e18930dbfdfd |
| SHA256 | d9598b33dc795da4cbd520b790c45507cbce3976576e0e506b388c5f7ac3290c |
| SHA512 | 564d945821d80e27fdffcfdafd79c72d498018067a74e85fd6ee595a6a09453ae0fb1df41b430f656001bafc1b0b89c5433bd5aae48c179daa7a8a8732090c63 |
C:\Users\Admin\AppData\Local\Temp\dd_vcredist_x86_20241112110116_000_vcRuntimeMinimum_x86.log
| MD5 | e1b7e2d925c91471c920b69f0c916fd6 |
| SHA1 | 0220017d067d4a1eaa2f4291507e2f0a44bd2a5c |
| SHA256 | 5fd3d8438cc0b263aed132a526253050cb4b70d3ca3b0f6aa068337b505e1ac5 |
| SHA512 | cd7a72ca038c8bec5de9dc05dec688f323ed15967a4bf4ea198ab3d23eab281dea6da50ddf4c72bb880627040cd740d61ba72f5f28ab2fe31eb8796ddf2acd0a |
C:\Config.Msi\e57ec78.rbs
| MD5 | 9064ae5dd30202efc652ef8bd8239216 |
| SHA1 | 32a22da5b6d1f536e70a308c60d7b65e55e08209 |
| SHA256 | 524c5275b1eba06c9ef5691d10aa2e074c0c1da0106f3ab6a520c1f60c363fd0 |
| SHA512 | f213ed3359372c3a06140ceba0d6648bc085ecba75160497af33fded4aeac250f79c81926f00ae44e7cdae05e3ba9f10364f3fd9d2df36288b39d3c5a2b9777d |
C:\Config.Msi\e57ec7d.rbs
| MD5 | 42e6aa57f516d15809959ee3a38017d2 |
| SHA1 | 4a2243fa1564a7feaa72e77af83d41a427d5a28d |
| SHA256 | aa72ee8a0c1ef0e9c096f1c14824719e28916de7f7d791d434c2b683829e8f83 |
| SHA512 | 4237cb84f8d7d063ed28cc6f6d08c5ad364faafa12d7baf8cf78d090fc0435491def03c34815a8ebe9752a2b16c9ec1ac8f678b43b529004e2ac423f233c0b61 |
C:\Users\Admin\AppData\Local\Temp\dd_vcredist_x86_20241112110116_001_vcRuntimeAdditional_x86.log
| MD5 | 352d63abf7831a676c9d71ee4ab7bd96 |
| SHA1 | 232d820df844915543797dd29dbc39fc4b7894bc |
| SHA256 | fe209abaab5d112304aefe31c02f4d965e7ab557692e0e219da936b6bb10ddc5 |
| SHA512 | 0632c6dc07db69e2e36078da9489b13a4c741064f5db35edc0cf55576771a7b78d82bdc9a2ab1379f4833d8203c622b49b4a0bd94f859a9ea040b74d5c72e846 |
C:\Config.Msi\e57ec8a.rbs
| MD5 | 0821a9f832a820426edfdded735b5bc0 |
| SHA1 | 9a7626d0da0b156046c3bb14acd6dc40ebf7813d |
| SHA256 | 17e042d78eb25dbbca9d9b55cd7cc336eae44d48a1f3df1c8d0ec0a5828703f5 |
| SHA512 | dd025ad0966fca6be1b5121b40fd52b53ca5e4c57977ad084b883205c41a5b213dc3716b99a0e161c7aea28f4274cdbc9a59e0b4976cc15a6d77099d16c8916b |
C:\Config.Msi\e57ec99.rbs
| MD5 | 67b0065144258368be15b5507274986f |
| SHA1 | 63b221e383ff8ebd0c5b258518625b93a170a59f |
| SHA256 | 311536c0f81157f7993f187bc1bb13019a52c4be4375077c67169c8f2a1fc50a |
| SHA512 | 80ea4faa8330d68bfbb347c3ef4e22410220814065856afe9abd0aa1baad8f6767442ec566d04c93b1eb090b40bd3907ac868760ea4a5480c9727183f75d0a41 |
C:\Windows\Temp\{E6EFEBBD-B3BA-4EED-978C-6C49D1B0EF35}\.ba\wixstdba.dll
| MD5 | eab9caf4277829abdf6223ec1efa0edd |
| SHA1 | 74862ecf349a9bedd32699f2a7a4e00b4727543d |
| SHA256 | a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041 |
| SHA512 | 45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2 |
memory/4528-457-0x00000000004B0000-0x0000000000527000-memory.dmp
memory/1840-420-0x00000000004B0000-0x0000000000527000-memory.dmp
memory/752-458-0x00000000004B0000-0x0000000000527000-memory.dmp
memory/4896-525-0x00000000060F0000-0x00000000060FA000-memory.dmp
memory/4896-526-0x000000000C4C0000-0x000000000C4CA000-memory.dmp
memory/4896-527-0x000000000C4E0000-0x000000000C4F4000-memory.dmp
memory/4896-528-0x000000000C550000-0x000000000C58E000-memory.dmp
memory/4896-529-0x0000000007D30000-0x0000000007D40000-memory.dmp
memory/4896-530-0x000000000C510000-0x000000000C524000-memory.dmp
memory/4896-531-0x000000000C6E0000-0x000000000C6E8000-memory.dmp
C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome_elf.dll
| MD5 | 561916711c707fe011411fd3d2cf71a8 |
| SHA1 | f7780da112a6abb515e7a9883810cf82a634674a |
| SHA256 | 0d2ccf801ceabba978a77238e1b79afc9a66983a11c07e011f876c063a71ffdb |
| SHA512 | 29b11fa1ffff586df4bae7a141a5e69500e327b54aa19efc32bd5bdd2f9652bbb641bc7bdc3116c95ca27022022894da5f9c94c987ce6c9793fce93f668b9c5a |
C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome.exe
| MD5 | f26dfce9583f0d7d41b31ee11e56be43 |
| SHA1 | 5718e9ea9c5ec6888a3d5eae9c090b0880414b0a |
| SHA256 | 613536f294de53d1e9bb53a31269300fef4427f5e461ff6c7a1de3fa88c7667c |
| SHA512 | 88447cf2767667a2d470b62b2f2be79483343003e40e02deeafc20ea27d63b66cd336ceede04f850edb920009672682e32290050b18daf9c575bd020d7bd4966 |
C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\icudtl.dat
| MD5 | 74bded81ce10a426df54da39cfa132ff |
| SHA1 | eb26bcc7d24be42bd8cfbded53bd62d605989bbf |
| SHA256 | 7bf96c193befbf23514401f8f6568076450ade52dd1595b85e4dfcf3de5f6fb9 |
| SHA512 | bd7b7b52d31803b2d4b1fd8cb76481931ed8abb98d779b893d3965231177bdd33386461e1a820b384712013904da094e3cd15ee24a679ddc766132677a8be54a |
C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\resources.pak
| MD5 | d092e6572493590a6cb2498e029509dc |
| SHA1 | f3564c4fec2e855486d63a90e34b1abb59e40ecb |
| SHA256 | 103ba11595d71025abc07c1f32e9f0fa11d9a191afeba6ee950154c5b358ac0b |
| SHA512 | e8894be07117dd7fa624a8d48dafa9371623bad475bc2523eaa5d0da1aa026deecb03062678a35a79c9798d5215a008ed812548ae2107d22bbe226940499d7ff |
C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\locales\en-US.pak
| MD5 | a8af211968e7d1fbc577fc55e1859f6d |
| SHA1 | 1fbf54c0be76318b4c4ede2daea08191221df890 |
| SHA256 | 92efd174fffe9e958e20edf1acdb9394ce81ae38b9d1a04203cb35585ecbb5b7 |
| SHA512 | 11c2d88467135e8d39c06dffe27be53c471d0c917b1767050d6c36dd7701ecac22680313203efc312ac6ffe867da658cc38ccb9ba19962e78a5accc6e5df0e21 |
C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome_200_percent.pak
| MD5 | e7f0c4a2f06aa4c40206cdc1bfb9166e |
| SHA1 | 14679473561d6f3d710a2514620e2f97650e5791 |
| SHA256 | 3cd793c813d79579e5dafb3b63204e2ccb525f6b27a6dc25525c9fafabce4d29 |
| SHA512 | fcca36df17760212654f3d08a0265fbce42b51a3ca13e70012dd723fd6ea084775036744fe32d0439fcf496c2fb2d5a733fbb87bdd3f318a64bb4611c7ff5f58 |
C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\chrome_100_percent.pak
| MD5 | f796340aed680b64c37657912c63b050 |
| SHA1 | 8fccd026e7e88c733cbd37b495e9e0afff0b24be |
| SHA256 | 329113e1ab3c6ac34d8375fd0a66e6ba12c1c49675101d10e231316b5a14c8c2 |
| SHA512 | 98a8d6858b23bebdee8c7d13d5534aa568bffd2e9c030aec2263778ac2bdd7dea5c7e38b942352089ec4123d789eeaa2376623fba652e119db61cc006d3ace56 |
C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\libEGL.dll
| MD5 | 06ed270c198a3d563ee931ac6f825683 |
| SHA1 | 3c34e2bcf9099413a176085a3e1cade95035d3d2 |
| SHA256 | 89c3cf5576b06b8114450f55f16f5fa0c2197db45a7ef0e57bc0eda872dcd6f5 |
| SHA512 | e865bae51bc2c2687049919a5581339a70f66beb9eb62488830be06ec1892f8bb11bc5728f9c7665469dae7333bfa110312696d954f19d0c86aad8277453a713 |
C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\dxcompiler.dll
| MD5 | 6caa5cb29ca313e5facf1ecb9bf1bb0e |
| SHA1 | 1c57de100aaecdfd5d57305a33bc15bee78822be |
| SHA256 | 81b7a214c95ca2462addcc6061604fc69c4393f1fc2b4457e015f38cb7d54093 |
| SHA512 | dfef239eab517de44435a61d199136e1a44a450ad2ecbfe4d542b4be57dcbb2948a6c553e2e56920628e4e7eae6db3f2a7aeefca6e3854563838ef2ac2deaa52 |
C:\Users\Admin\AppData\Local\Temp\u1ffu3vu.2d0\Default\Site Characteristics Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Temp\u1ffu3vu.2d0\GrShaderCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\Temp\u1ffu3vu.2d0\GrShaderCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Temp\u1ffu3vu.2d0\GrShaderCache\data_1
| MD5 | d0d388f3865d0523e451d6ba0be34cc4 |
| SHA1 | 8571c6a52aacc2747c048e3419e5657b74612995 |
| SHA256 | 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b |
| SHA512 | 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17 |
C:\Users\Admin\AppData\Local\Temp\u1ffu3vu.2d0\GrShaderCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\Temp\u1ffu3vu.2d0\Default\Extension Scripts\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\dxil.dll
| MD5 | 30da04b06e0abec33fecc55db1aa9b95 |
| SHA1 | de711585acfe49c510b500328803d3a411a4e515 |
| SHA256 | a5fe1d8d9caa2ff29daffd53f73a9a4e19c250351b2abe4fc7b57e60ce67ac68 |
| SHA512 | 67790874377e308d1448d0e41df9dd353a5f63686df4eb9a8e70a4da449b0c63a5d3655ab38d24b145ad3c57971b1c6793ea6c5ac2257b6eb2e8964a44ab0f08 |
C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\vk_swiftshader.dll
| MD5 | 50b6baa8afafbf849557eef9a6c600af |
| SHA1 | 8f050d6b8a89be5d27209ae26c90874757a8eb5f |
| SHA256 | b1bdf61233010357f8bf5d5837719229b527581ac2ebcd5c9662f04471f2cc9e |
| SHA512 | 60866cc0fd0aa65febdf1da751701bcaf3cd90edf3cca3a8b3058c1aed26b56ba74332be697d22b30214446234477030a86605cc71b85940ea8adc6c169e7f35 |
C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\v8_context_snapshot.bin
| MD5 | 0753b1e35ebc257c8511b6f219fac1ec |
| SHA1 | 7acd65cbcc253130b0127a0a189601671e9fc1d1 |
| SHA256 | ddd3a5acffc4e8d6b9211c84733debdf394c3cb12d702598e1a5e56b13c89c61 |
| SHA512 | b9dfac660d834aacb30e6e1e272c4f0669659514f48aadc8b5542dd42ca1bd5aca4bbd00941c2ccacccc9ca068f133623dedc9994f5ccbbf1ac36bbdef99aee2 |
C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\libGLESv2.dll
| MD5 | acd281e2a183ef45f130663118d20897 |
| SHA1 | dcab723cc20477a40d99a62e6bbfb75fa470c47f |
| SHA256 | 6cebea494ff17a5ec8c54b7fd5e13834eae556178ac42e7eab545263646aa080 |
| SHA512 | a59c491002224e86b4598104927b4c10107bf964ea7ad192f9ac6dca8a9a5b39d0e37c888c6d2e36234eb0b48c60a55da36852d377f4a506ca41274f834703ee |
C:\Users\Admin\AppData\Local\PuppeteerSharp\Chrome\Win64-124.0.6367.201\chrome-win64\D3DCompiler_47.dll
| MD5 | a7b7470c347f84365ffe1b2072b4f95c |
| SHA1 | 57a96f6fb326ba65b7f7016242132b3f9464c7a3 |
| SHA256 | af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a |
| SHA512 | 83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d |
memory/4896-680-0x000000000C320000-0x000000000C32A000-memory.dmp
\??\pipe\crashpad_744_LNFGAXTFJDHODGYZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Temp\u1ffu3vu.2d0\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Temp\u1ffu3vu.2d0\Local State
| MD5 | 0ca9cb21e163c7e9b90c19ea5f3248c7 |
| SHA1 | 7707a5e0c6ade8719998026c441c70c842d2e424 |
| SHA256 | 655fe28ea7bc975d1fe28cd259ab8187b14d7e6c7fd7af92caa3d09626ca27bd |
| SHA512 | 928d456fb68ae881a4e74b17660453acabc3b55bf1605d6bead2ac5c3824b261b4401576644356d5fb8b0bc715d926757201251a04963300b8c0483295fdbaa2 |
C:\Users\Admin\AppData\Local\Temp\u1ffu3vu.2d0\Local State~RFe5851c5.TMP
| MD5 | 16ac3479b3bb1c3ffdd0070682c900b3 |
| SHA1 | 04538108a77ad67c18582d03cd3a3e1ab60c6ef4 |
| SHA256 | 3029b4f2490ac12f9dacba61ddee38d89364eb84461a02a4aded1bb1767bd7a0 |
| SHA512 | 7124d6bf2c248a83cb2c550f3d4cacb60bc973f75a9f04935881607039d7ad364e4823c8bd38c4e2c7ac22bed7bc1d8840a2da241fb171cfebd25af90fcddc52 |
C:\Users\Admin\AppData\Local\Temp\u1ffu3vu.2d0\Default\Secure Preferences
| MD5 | 086afae8d65aeeb395212f5a875678c0 |
| SHA1 | a4161273f103028eabebb3366feb478311ad61bb |
| SHA256 | 9f2e2fb2a841e99ceeee65948b16eaa23eaec300a304ef2bde37fc5b13c55af1 |
| SHA512 | e3bc0179e7d5c63828ead4fe5a8d90aa07a8dca3e14bca73144079f4f2c8c23c96ad98b929b52d8f7742042f24f06db5c74fd38626de440ebf7c451fcc62e844 |
C:\Users\Admin\AppData\Local\Temp\u1ffu3vu.2d0\Default\Preferences
| MD5 | 2f85263f41dddc02be5eeb5e11cdad32 |
| SHA1 | 7bab233c42133f4b4e7c9ad408bd3a5f39c90547 |
| SHA256 | e800ed7e1aade2cc7f37f5c0d4033612ad2ded9f0a0e012421672c99b99d1604 |
| SHA512 | b72bc675af7fcbb60bb798d770d4723591130fe7a8ff335a94594b665239b4f44a2bbe05138008cca5a1c5e9b63467f00f7b11c4388e22e6bd59ce213bc66d4c |
C:\Users\Admin\AppData\Local\Temp\u1ffu3vu.2d0\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 61a9a45984cdf1ff71c1482f97d9e11d |
| SHA1 | a8a8da5b24d2c6ab0a1a34ae2525961dfe5e58b0 |
| SHA256 | 8e77ae28b06601b73e5ba915d62420a9d75865a87a513dee2d75e4b35b75c630 |
| SHA512 | e992e040bd6d1b9d765f338136800f261ce2c29b496796570068bd54349d05a34ad20504b6742911f4479da2c87b59f675b1b2d50a68408f2921d236ca46d1c4 |
C:\Users\Admin\AppData\Local\Temp\u1ffu3vu.2d0\Default\Preferences~RFe5861d2.TMP
| MD5 | c22d87290e419ad43ef38a1f30f33fab |
| SHA1 | 6475ccf3fecba0c460030ec1be0f798d5a6dc475 |
| SHA256 | c96f6ed3281d5ad981bb2a453f22582bb08bec67aad352e4fcf31bc2f2605041 |
| SHA512 | 059d5f08d940412c391bd2b6b6f6b93f8d857dd254bad8c7740c870c26e675f75023f0fbb9379ac455818327a55d3028b293b11eb7e936c59f7130e3799ca5c6 |
C:\Users\Admin\AppData\Local\Temp\u1ffu3vu.2d0\Local State
| MD5 | f5b207d6b12b95b592a8b19a4fb55b98 |
| SHA1 | 38d69587229bd23ebb9ddbbbe80b8725e76d093c |
| SHA256 | 7b76b0317b1b6fa30f34b8a3538e8b9695546e38aed61b785989bba6e27f882b |
| SHA512 | 36aa457fd89df7abef61e3eb58a30f4270a27192482bc3ccf6b64e27d0adf202d7f8385c4ce35dcab2868652b0d2afc21db2e92ba721ad01579a41585563e4a2 |
C:\Users\Admin\AppData\Local\Temp\u1ffu3vu.2d0\Default\Secure Preferences~RFe5861c2.TMP
| MD5 | 2714aeaccd8642219269cdfb751ba122 |
| SHA1 | 4b2d069108bc2444c2b4faa975ddebf311b54f6d |
| SHA256 | ed79364912367127d2d9dd6f291862085d50fb79b0934fc5b53e73d77b36e15b |
| SHA512 | 45e281c9aef326ae4b1395bbf43ace1cbea9d0c19c07c732811eea290d200afd417f572da003dad16f3375c2065f4c69783cb30286900c68bfa9a43fe484f973 |
C:\Users\Admin\AppData\Local\Temp\u1ffu3vu.2d0\Local State
| MD5 | 8e7cd2b44f328bcc331ec96aba0bb880 |
| SHA1 | 8cf5c0f42e4066ede084c9e66e7fa2f78b92ea65 |
| SHA256 | 5deb364b8074d1e787ef2c1170f79904b4ac54d363665d4903fc79151835355b |
| SHA512 | 1b9a1459af074111095842f48f50bc750ce741a4d6ffc3dede6dafb65fbb78b6177476cbfde236e51e1a9e0c6c22eca1eb21ffed82720bd58c9269209755fd56 |
C:\Users\Admin\AppData\Local\Temp\u1ffu3vu.2d0\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ab869525a62500318686029fc35ac986 |
| SHA1 | 3a8361add8cbfc54b532c3692d18662f532226f9 |
| SHA256 | 4d0b8164fc78ff2477109762aff6db928a94fc6a418af850722d15b4dd1b1f64 |
| SHA512 | 16d551440452c64aae1135c5cfcaa6ed46ab4fc5e0e1038b9aa02005e32c66828932e46fb7597884ef5a715c069939681c9bcc9883ba6c94c65b89c7eb2c630d |
C:\Users\Admin\AppData\Local\Temp\u1ffu3vu.2d0\Default\Network\TransportSecurity
| MD5 | d515ba179ac36b4bb05bd3c449a0c4b8 |
| SHA1 | daa6211e4700d60ce94458bd9bfc83061c2796b7 |
| SHA256 | 33ee5c8a210d0dedf72dc67643fb0c83be79c9b1399dcc445106e3bec9638e96 |
| SHA512 | 97110c020a40f3414f8a46526252fdc06243f28e0872d799ae4c75942724bdee6a54daec106d678f57b8ec5de83f653c4b31d88d1040f50b28af2e1e12732f24 |
C:\Users\Admin\AppData\Local\Temp\u1ffu3vu.2d0\Default\Network\TransportSecurity~RFe5861f1.TMP
| MD5 | 51d01dde166144859ad58cb82218550a |
| SHA1 | dcf3d43fb9fa8951eb116f6af42cd61e6c94efa5 |
| SHA256 | a8453129e421d0b164c4d0dc0948cf411719abcc434d173bd28ffabc43c1d105 |
| SHA512 | d1657c9b6019b98460196c78764b6161a7d571093218a99b3785b470e23a89af333437b9944719f7159d5aea49c39d48721ba00b28cb88d1067b827eacbed595 |
C:\Users\Admin\AppData\Local\Temp\u1ffu3vu.2d0\Default\Network\Network Persistent State
| MD5 | aec86b0c8a92e21f09b2d28ac317e5e2 |
| SHA1 | fa89bc0fa648245599422464d8a2d986760cfb54 |
| SHA256 | 5b9d4287e122ec292c173e1a0d821daf0bf5c315185701822544c3eacdf8c262 |
| SHA512 | 79dd656df07e8d57860e5becce0f2c634bb08d243fcc1233d00ddba439b06c8b90509eb9e3723767625d11fd16ac49acdb8b2edd6ec5167dcf0495de1197ac35 |
C:\Users\Admin\AppData\Local\Temp\u1ffu3vu.2d0\Default\Network\Network Persistent State~RFe5861f1.TMP
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |