Analysis
-
max time kernel
289s -
max time network
291s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
26-05-2024 01:19
Static task
static1
Behavioral task
behavioral1
Sample
SolaraB/Solara/SolaraBootstrapper.exe
Resource
win10-20240404-en
General
-
Target
SolaraB/Solara/SolaraBootstrapper.exe
-
Size
13KB
-
MD5
6557bd5240397f026e675afb78544a26
-
SHA1
839e683bf68703d373b6eac246f19386bb181713
-
SHA256
a7fecfc225dfdd4e14dcd4d1b4ba1b9f8e4d1984f1cdd8cda3a9987e5d53c239
-
SHA512
f2399d34898a4c0c201372d2dd084ee66a66a1c3eae949e568421fe7edada697468ef81f4fcab2afd61eaf97bcb98d6ade2d97295e2f674e93116d142e892e97
-
SSDEEP
192:konexQO0FoAWyEfJkVIaqaLHmr/XKT0ifnTJ1jvVXctNjA:HnexHAWyEfJoIaqayzKAifd1LVEj
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ cd57e4c171d6e8f5ea8b8f824a6a7316.exe -
Downloads MZ/PE file
-
Sets file execution options in registry 2 TTPs 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe MicrosoftEdgeUpdate.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" MicrosoftEdgeUpdate.exe -
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion cd57e4c171d6e8f5ea8b8f824a6a7316.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion cd57e4c171d6e8f5ea8b8f824a6a7316.exe -
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation msedgewebview2.exe Key value queried \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation msedgewebview2.exe -
Executes dropped EXE 33 IoCs
pid Process 2044 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 2896 RobloxPlayerInstaller.exe 1176 MicrosoftEdgeWebview2Setup.exe 4476 MicrosoftEdgeUpdate.exe 4900 MicrosoftEdgeUpdate.exe 3456 MicrosoftEdgeUpdate.exe 2512 MicrosoftEdgeUpdateComRegisterShell64.exe 2160 MicrosoftEdgeUpdateComRegisterShell64.exe 4116 MicrosoftEdgeUpdateComRegisterShell64.exe 3844 MicrosoftEdgeUpdate.exe 5092 MicrosoftEdgeUpdate.exe 3736 MicrosoftEdgeUpdate.exe 2816 MicrosoftEdgeUpdate.exe 4680 MicrosoftEdge_X64_125.0.2535.67.exe 2004 setup.exe 2612 setup.exe 2920 msedgewebview2.exe 3748 msedgewebview2.exe 4256 msedgewebview2.exe 672 msedgewebview2.exe 2296 msedgewebview2.exe 5268 msedgewebview2.exe 5008 MicrosoftEdgeUpdate.exe 2976 RobloxPlayerBeta.exe 4184 RobloxPlayerBeta.exe 5676 msedgewebview2.exe 812 msedgewebview2.exe 4624 RobloxPlayerBeta.exe 5300 msedgewebview2.exe 5820 msedgewebview2.exe 6028 RobloxPlayerBeta.exe 4376 msedgewebview2.exe 5788 msedgewebview2.exe -
Loads dropped DLL 59 IoCs
pid Process 2044 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 4476 MicrosoftEdgeUpdate.exe 4900 MicrosoftEdgeUpdate.exe 3456 MicrosoftEdgeUpdate.exe 2512 MicrosoftEdgeUpdateComRegisterShell64.exe 3456 MicrosoftEdgeUpdate.exe 2160 MicrosoftEdgeUpdateComRegisterShell64.exe 3456 MicrosoftEdgeUpdate.exe 4116 MicrosoftEdgeUpdateComRegisterShell64.exe 3456 MicrosoftEdgeUpdate.exe 3844 MicrosoftEdgeUpdate.exe 5092 MicrosoftEdgeUpdate.exe 3736 MicrosoftEdgeUpdate.exe 3736 MicrosoftEdgeUpdate.exe 5092 MicrosoftEdgeUpdate.exe 2816 MicrosoftEdgeUpdate.exe 2044 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 2044 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 2044 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 2044 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 2044 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 2920 msedgewebview2.exe 3748 msedgewebview2.exe 2920 msedgewebview2.exe 2920 msedgewebview2.exe 4256 msedgewebview2.exe 672 msedgewebview2.exe 4256 msedgewebview2.exe 2296 msedgewebview2.exe 672 msedgewebview2.exe 2296 msedgewebview2.exe 5268 msedgewebview2.exe 672 msedgewebview2.exe 672 msedgewebview2.exe 672 msedgewebview2.exe 672 msedgewebview2.exe 5268 msedgewebview2.exe 5268 msedgewebview2.exe 2920 msedgewebview2.exe 5008 MicrosoftEdgeUpdate.exe 2976 RobloxPlayerBeta.exe 4184 RobloxPlayerBeta.exe 2920 msedgewebview2.exe 2920 msedgewebview2.exe 5676 msedgewebview2.exe 5676 msedgewebview2.exe 812 msedgewebview2.exe 812 msedgewebview2.exe 4624 RobloxPlayerBeta.exe 5300 msedgewebview2.exe 5300 msedgewebview2.exe 5820 msedgewebview2.exe 5820 msedgewebview2.exe 6028 RobloxPlayerBeta.exe 4376 msedgewebview2.exe 4376 msedgewebview2.exe 5788 msedgewebview2.exe 5788 msedgewebview2.exe 5788 msedgewebview2.exe -
Registers COM server for autorun 1 TTPs 31 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe -
resource yara_rule behavioral1/memory/2044-3018-0x0000000180000000-0x0000000180AAC000-memory.dmp themida behavioral1/memory/2044-3019-0x0000000180000000-0x0000000180AAC000-memory.dmp themida behavioral1/memory/2044-3020-0x0000000180000000-0x0000000180AAC000-memory.dmp themida behavioral1/memory/2044-3021-0x0000000180000000-0x0000000180AAC000-memory.dmp themida behavioral1/memory/2044-3205-0x0000000180000000-0x0000000180AAC000-memory.dmp themida -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
description ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA RobloxPlayerInstaller.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA cd57e4c171d6e8f5ea8b8f824a6a7316.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs
flow ioc 245 raw.githubusercontent.com 251 raw.githubusercontent.com 3 raw.githubusercontent.com 4 raw.githubusercontent.com 218 raw.githubusercontent.com 244 raw.githubusercontent.com -
Checks system information in the registry 2 TTPs 12 IoCs
System information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName msedgewebview2.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer msedgewebview2.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe -
Drops file in System32 directory 14 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache MicrosoftEdgeUpdate.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187 MicrosoftEdgeUpdate.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content MicrosoftEdgeUpdate.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04 MicrosoftEdgeUpdate.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE MicrosoftEdgeUpdate.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft MicrosoftEdgeUpdate.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 MicrosoftEdgeUpdate.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04 MicrosoftEdgeUpdate.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187 MicrosoftEdgeUpdate.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5 MicrosoftEdgeUpdate.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData MicrosoftEdgeUpdate.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters2.dat MicrosoftEdgeUpdate.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters2.dat MicrosoftEdgeUpdate.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies MicrosoftEdgeUpdate.exe -
Suspicious use of NtCreateThreadExHideFromDebugger 4 IoCs
pid Process 2976 RobloxPlayerBeta.exe 4184 RobloxPlayerBeta.exe 4624 RobloxPlayerBeta.exe 6028 RobloxPlayerBeta.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs
pid Process 2044 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 2976 RobloxPlayerBeta.exe 2976 RobloxPlayerBeta.exe 2976 RobloxPlayerBeta.exe 2976 RobloxPlayerBeta.exe 2976 RobloxPlayerBeta.exe 2976 RobloxPlayerBeta.exe 2976 RobloxPlayerBeta.exe 2976 RobloxPlayerBeta.exe 2976 RobloxPlayerBeta.exe 2976 RobloxPlayerBeta.exe 2976 RobloxPlayerBeta.exe 2976 RobloxPlayerBeta.exe 2976 RobloxPlayerBeta.exe 2976 RobloxPlayerBeta.exe 2976 RobloxPlayerBeta.exe 2976 RobloxPlayerBeta.exe 2976 RobloxPlayerBeta.exe 2976 RobloxPlayerBeta.exe 4184 RobloxPlayerBeta.exe 4184 RobloxPlayerBeta.exe 4184 RobloxPlayerBeta.exe 4184 RobloxPlayerBeta.exe 4184 RobloxPlayerBeta.exe 4184 RobloxPlayerBeta.exe 4184 RobloxPlayerBeta.exe 4184 RobloxPlayerBeta.exe 4184 RobloxPlayerBeta.exe 4184 RobloxPlayerBeta.exe 4184 RobloxPlayerBeta.exe 4184 RobloxPlayerBeta.exe 4184 RobloxPlayerBeta.exe 4184 RobloxPlayerBeta.exe 4184 RobloxPlayerBeta.exe 4184 RobloxPlayerBeta.exe 4184 RobloxPlayerBeta.exe 4184 RobloxPlayerBeta.exe 4624 RobloxPlayerBeta.exe 4624 RobloxPlayerBeta.exe 4624 RobloxPlayerBeta.exe 4624 RobloxPlayerBeta.exe 4624 RobloxPlayerBeta.exe 4624 RobloxPlayerBeta.exe 4624 RobloxPlayerBeta.exe 4624 RobloxPlayerBeta.exe 4624 RobloxPlayerBeta.exe 4624 RobloxPlayerBeta.exe 4624 RobloxPlayerBeta.exe 4624 RobloxPlayerBeta.exe 4624 RobloxPlayerBeta.exe 4624 RobloxPlayerBeta.exe 4624 RobloxPlayerBeta.exe 4624 RobloxPlayerBeta.exe 4624 RobloxPlayerBeta.exe 4624 RobloxPlayerBeta.exe 6028 RobloxPlayerBeta.exe 6028 RobloxPlayerBeta.exe 6028 RobloxPlayerBeta.exe 6028 RobloxPlayerBeta.exe 6028 RobloxPlayerBeta.exe 6028 RobloxPlayerBeta.exe 6028 RobloxPlayerBeta.exe 6028 RobloxPlayerBeta.exe 6028 RobloxPlayerBeta.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\StudioToolbox\AssetConfig\onsale.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\ui\Emotes\Small\SelectedLine.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.67\Trust Protection Lists\Mu\Fingerprinting setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.67\Trust Protection Lists\Mu\Content setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\MaterialManager\Material_Variant.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\MaterialManager\Texture_None.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\TagEditor\lineargradient.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\ExtraContent\textures\ui\LuaApp\icons\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.67\v8_context_snapshot.bin setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.67\Trust Protection Lists\Mu\Analytics setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\models\MaterialManager\sphere_model.rbxm RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\AnimationEditor\menu_shadow_side_right.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\StudioToolbox\Search.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\ExtraContent\textures\ui\LuaApp\ExternalSite\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\ExtraContent\textures\ui\LuaChatV2\ic-add-friends.png RobloxPlayerInstaller.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.67\Trust Protection Lists\Mu\LICENSE setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\AlignTool\Min.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\AnimationEditor\icon_pin.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\AvatarEditorImages\Sliders\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\TerrainEditor\trianglesmallinverted.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\ui\Emotes\Large\SelectedLine.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\ExtraContent\textures\ui\LuaChatV2\actions_notificationOff.png RobloxPlayerInstaller.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.67\Locales\cs.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.67\Edge.dat setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\9SliceEditor\Dragger2OutlinedTop.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\particles\forcefield_glow_alpha.dds RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\ui\Controls\DefaultController\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\ui\Settings\Radial\BottomSelected.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.67\identity_proxy\internal.identity_helper.exe.manifest setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\9SliceEditor\Dragger2OutlinedBottom.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\MaterialGenerator\Copy_16x16.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\ui\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\ui\Controls\xboxY.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\ui\Controls\DefaultController\DPadLeft.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\ui\InGameMenu\BackgroundGlow.png RobloxPlayerInstaller.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.67\identity_proxy\win11\identity_helper.Sparse.Stable.msix setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\advCursor-default.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\SurfacesDefault.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\fonts\arial.ttf RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\GameSettings\ScrollBarBottom_Wide.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\TerrainTools\mtrl_basalt.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\ui\Emotes\Editor\Large\[email protected] RobloxPlayerInstaller.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.67\Trust Protection Lists\Mu\Social setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\PublishPlaceAs\MoreDetails.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\StudioToolbox\ToolboxIcon.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\configs\DateTimeLocaleConfigs\zh-cjv.json RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\AnimationEditor\icon_warning.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\ui\Controls\XboxController\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\AnimationEditor\button_curve_editor.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1BB43FDE-41FF-4D86-BC05-239F00D4E9DA}\EDGEMITMP_FAD76.tmp\setup.exe MicrosoftEdge_X64_125.0.2535.67.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\DeveloperStorybook\Banner.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\MaterialManager\More_Menu.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\StudioSharedUI\default_user.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\ui\Controls\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\ExtraContent\textures\ui\Controls\DesignSystem\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.67\Locales\as.pak setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\fonts\HWYGOTH.ttf RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\TerrainTools\button_hover.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\ui\RobloxNameIcon.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\ExtraContent\textures\ui\Gamepad\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Microsoft\Temp\EU2B9A.tmp\msedgeupdateres_de.dll MicrosoftEdgeWebview2Setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.67\Trust Protection Lists\Sigma\Other setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.67\identity_proxy\resources.pri setup.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2920_643920195\hyph-ta.hyb msedgewebview2.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 8 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedgewebview2.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS RobloxPlayerInstaller.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer RobloxPlayerInstaller.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedgewebview2.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedgewebview2.exe -
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player RobloxPlayerInstaller.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" RobloxPlayerInstaller.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox RobloxPlayerInstaller.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" RobloxPlayerInstaller.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio RobloxPlayerInstaller.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" RobloxPlayerInstaller.exe -
Modifies data under HKEY_USERS 64 IoCs
description ioc Process Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs MicrosoftEdgeUpdate.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople MicrosoftEdgeUpdate.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix MicrosoftEdgeUpdate.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing MicrosoftEdgeUpdate.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" MicrosoftEdgeUpdate.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" MicrosoftEdgeUpdate.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix MicrosoftEdgeUpdate.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" MicrosoftEdgeUpdate.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133611600193442912" chrome.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry msedgewebview2.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ MicrosoftEdgeUpdate.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs MicrosoftEdgeUpdate.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" MicrosoftEdgeUpdate.exe -
Modifies registry class 64 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE} MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\ = "Microsoft Edge Update Update3Web" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ = "IAppWeb" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\NumMethods\ = "4" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachine\CLSID\ = "{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ = "IJobObserver2" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ = "IApp2" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB} MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command RobloxPlayerInstaller.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\NumMethods\ = "4" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE} MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods\ = "10" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ProxyStubClsid32 MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0} MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32 MicrosoftEdgeUpdate.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\Elevation\Enabled = "1" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ = "IPolicyStatusValue" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachineFallback.1.0\CLSID MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\msedgeupdate.dll,-1004" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7} MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\NumMethods MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ = "IBrowserHttpRequest2" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A} MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8} MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{08D832B9-D2FD-481F-98CF-904D00DF63CC}\ = "Microsoft Edge Update Process Launcher Class" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ = "IApp" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF} MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\NumMethods\ = "10" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\NumMethods MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\LocalServer32 MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.ProcessLauncher.1.0\ = "Microsoft Edge Update Process Launcher Class" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon RobloxPlayerInstaller.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\NumMethods\ = "6" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32 MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\Elevation\Enabled = "1" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}\ProgID MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}\AppID = "{A6B716CB-028B-404D-B72C-50E153DD68DA}" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-0a57b2f24afe434b\\RobloxPlayerBeta.exe\" %1" RobloxPlayerInstaller.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ = "ICurrentState" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\ProgID\ = "MicrosoftEdgeUpdate.CoreMachineClass.1" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open RobloxPlayerInstaller.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachine.1.0\CLSID\ = "{B5977F34-9264-4AC3-9B31-1224827FF6E8}" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF} MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF} MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ = "IPolicyStatus4" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}\InprocHandler32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe -
Suspicious behavior: EnumeratesProcesses 30 IoCs
pid Process 4948 SolaraBootstrapper.exe 4948 SolaraBootstrapper.exe 2456 chrome.exe 2456 chrome.exe 2896 RobloxPlayerInstaller.exe 2896 RobloxPlayerInstaller.exe 4476 MicrosoftEdgeUpdate.exe 4476 MicrosoftEdgeUpdate.exe 588 chrome.exe 588 chrome.exe 4476 MicrosoftEdgeUpdate.exe 4476 MicrosoftEdgeUpdate.exe 4476 MicrosoftEdgeUpdate.exe 4476 MicrosoftEdgeUpdate.exe 2976 RobloxPlayerBeta.exe 2976 RobloxPlayerBeta.exe 4184 RobloxPlayerBeta.exe 4184 RobloxPlayerBeta.exe 2920 msedgewebview2.exe 2920 msedgewebview2.exe 4624 RobloxPlayerBeta.exe 4624 RobloxPlayerBeta.exe 6028 RobloxPlayerBeta.exe 6028 RobloxPlayerBeta.exe 5788 msedgewebview2.exe 5788 msedgewebview2.exe 2044 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 2044 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 2044 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 2044 cd57e4c171d6e8f5ea8b8f824a6a7316.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2920 msedgewebview2.exe 2456 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeDebugPrivilege 4948 SolaraBootstrapper.exe Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe Token: SeShutdownPrivilege 2456 chrome.exe Token: SeCreatePagefilePrivilege 2456 chrome.exe Token: SeShutdownPrivilege 2456 chrome.exe -
Suspicious use of FindShellTrayWindow 53 IoCs
pid Process 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2044 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe -
Suspicious use of SendNotifyMessage 40 IoCs
pid Process 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe 2456 chrome.exe -
Suspicious use of UnmapMainImage 4 IoCs
pid Process 2976 RobloxPlayerBeta.exe 4184 RobloxPlayerBeta.exe 4624 RobloxPlayerBeta.exe 6028 RobloxPlayerBeta.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4948 wrote to memory of 2044 4948 SolaraBootstrapper.exe 74 PID 4948 wrote to memory of 2044 4948 SolaraBootstrapper.exe 74 PID 2456 wrote to memory of 5000 2456 chrome.exe 77 PID 2456 wrote to memory of 5000 2456 chrome.exe 77 PID 2456 wrote to memory of 520 2456 chrome.exe 79 PID 2456 wrote to memory of 520 2456 chrome.exe 79 PID 2456 wrote to memory of 520 2456 chrome.exe 79 PID 2456 wrote to memory of 520 2456 chrome.exe 79 PID 2456 wrote to memory of 520 2456 chrome.exe 79 PID 2456 wrote to memory of 520 2456 chrome.exe 79 PID 2456 wrote to memory of 520 2456 chrome.exe 79 PID 2456 wrote to memory of 520 2456 chrome.exe 79 PID 2456 wrote to memory of 520 2456 chrome.exe 79 PID 2456 wrote to memory of 520 2456 chrome.exe 79 PID 2456 wrote to memory of 520 2456 chrome.exe 79 PID 2456 wrote to memory of 520 2456 chrome.exe 79 PID 2456 wrote to memory of 520 2456 chrome.exe 79 PID 2456 wrote to memory of 520 2456 chrome.exe 79 PID 2456 wrote to memory of 520 2456 chrome.exe 79 PID 2456 wrote to memory of 520 2456 chrome.exe 79 PID 2456 wrote to memory of 520 2456 chrome.exe 79 PID 2456 wrote to memory of 520 2456 chrome.exe 79 PID 2456 wrote to memory of 520 2456 chrome.exe 79 PID 2456 wrote to memory of 520 2456 chrome.exe 79 PID 2456 wrote to memory of 520 2456 chrome.exe 79 PID 2456 wrote to memory of 520 2456 chrome.exe 79 PID 2456 wrote to memory of 520 2456 chrome.exe 79 PID 2456 wrote to memory of 520 2456 chrome.exe 79 PID 2456 wrote to memory of 520 2456 chrome.exe 79 PID 2456 wrote to memory of 520 2456 chrome.exe 79 PID 2456 wrote to memory of 520 2456 chrome.exe 79 PID 2456 wrote to memory of 520 2456 chrome.exe 79 PID 2456 wrote to memory of 520 2456 chrome.exe 79 PID 2456 wrote to memory of 520 2456 chrome.exe 79 PID 2456 wrote to memory of 520 2456 chrome.exe 79 PID 2456 wrote to memory of 520 2456 chrome.exe 79 PID 2456 wrote to memory of 520 2456 chrome.exe 79 PID 2456 wrote to memory of 520 2456 chrome.exe 79 PID 2456 wrote to memory of 520 2456 chrome.exe 79 PID 2456 wrote to memory of 520 2456 chrome.exe 79 PID 2456 wrote to memory of 520 2456 chrome.exe 79 PID 2456 wrote to memory of 520 2456 chrome.exe 79 PID 2456 wrote to memory of 776 2456 chrome.exe 80 PID 2456 wrote to memory of 776 2456 chrome.exe 80 PID 2456 wrote to memory of 1088 2456 chrome.exe 81 PID 2456 wrote to memory of 1088 2456 chrome.exe 81 PID 2456 wrote to memory of 1088 2456 chrome.exe 81 PID 2456 wrote to memory of 1088 2456 chrome.exe 81 PID 2456 wrote to memory of 1088 2456 chrome.exe 81 PID 2456 wrote to memory of 1088 2456 chrome.exe 81 PID 2456 wrote to memory of 1088 2456 chrome.exe 81 PID 2456 wrote to memory of 1088 2456 chrome.exe 81 PID 2456 wrote to memory of 1088 2456 chrome.exe 81 PID 2456 wrote to memory of 1088 2456 chrome.exe 81 PID 2456 wrote to memory of 1088 2456 chrome.exe 81 PID 2456 wrote to memory of 1088 2456 chrome.exe 81 PID 2456 wrote to memory of 1088 2456 chrome.exe 81 PID 2456 wrote to memory of 1088 2456 chrome.exe 81 PID 2456 wrote to memory of 1088 2456 chrome.exe 81 PID 2456 wrote to memory of 1088 2456 chrome.exe 81 PID 2456 wrote to memory of 1088 2456 chrome.exe 81 PID 2456 wrote to memory of 1088 2456 chrome.exe 81 PID 2456 wrote to memory of 1088 2456 chrome.exe 81 PID 2456 wrote to memory of 1088 2456 chrome.exe 81 -
System policy modification 1 TTPs 1 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection msedgewebview2.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\SolaraB\Solara\SolaraBootstrapper.exe"C:\Users\Admin\AppData\Local\Temp\SolaraB\Solara\SolaraBootstrapper.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4948 -
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"2⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
PID:2044 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.67\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.67\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=2044.2760.65064434197849867903⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Drops file in Program Files directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- System policy modification
PID:2920 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.67\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.67\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.112 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.67\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=125.0.2535.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x130,0x7ffeede54ef8,0x7ffeede54f04,0x7ffeede54f104⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3748
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.67\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.67\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1696,i,16422974520262665711,3588611942670894438,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=1692 /prefetch:24⤵
- Executes dropped EXE
- Loads dropped DLL
PID:672
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.67\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.67\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=1612,i,16422974520262665711,3588611942670894438,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=1880 /prefetch:34⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4256
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.67\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.67\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=1232,i,16422974520262665711,3588611942670894438,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=1980 /prefetch:84⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2296
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.67\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.67\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3224,i,16422974520262665711,3588611942670894438,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=3232 /prefetch:14⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:5268
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.67\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.67\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=4436,i,16422974520262665711,3588611942670894438,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4476 /prefetch:84⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5676
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.67\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.67\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=4492,i,16422974520262665711,3588611942670894438,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4464 /prefetch:84⤵
- Executes dropped EXE
- Loads dropped DLL
PID:812
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.67\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.67\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=4488,i,16422974520262665711,3588611942670894438,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4616 /prefetch:84⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5300
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.67\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.67\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=4592,i,16422974520262665711,3588611942670894438,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4616 /prefetch:84⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5820
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.67\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.67\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=4752,i,16422974520262665711,3588611942670894438,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4736 /prefetch:84⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4376
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.67\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.67\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4400,i,16422974520262665711,3588611942670894438,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4644 /prefetch:84⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:5788
-
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2456 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0x6c,0xd8,0x7ffef32f9758,0x7ffef32f9768,0x7ffef32f97782⤵PID:5000
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1852,i,16439402511901200653,17596771578000289226,131072 /prefetch:22⤵PID:520
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1804 --field-trial-handle=1852,i,16439402511901200653,17596771578000289226,131072 /prefetch:82⤵PID:776
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2088 --field-trial-handle=1852,i,16439402511901200653,17596771578000289226,131072 /prefetch:82⤵PID:1088
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2872 --field-trial-handle=1852,i,16439402511901200653,17596771578000289226,131072 /prefetch:12⤵PID:2144
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2896 --field-trial-handle=1852,i,16439402511901200653,17596771578000289226,131072 /prefetch:12⤵PID:5060
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4488 --field-trial-handle=1852,i,16439402511901200653,17596771578000289226,131072 /prefetch:12⤵PID:2768
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4640 --field-trial-handle=1852,i,16439402511901200653,17596771578000289226,131072 /prefetch:82⤵PID:2756
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4660 --field-trial-handle=1852,i,16439402511901200653,17596771578000289226,131072 /prefetch:82⤵PID:4876
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 --field-trial-handle=1852,i,16439402511901200653,17596771578000289226,131072 /prefetch:82⤵PID:5008
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5072 --field-trial-handle=1852,i,16439402511901200653,17596771578000289226,131072 /prefetch:82⤵PID:4976
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5068 --field-trial-handle=1852,i,16439402511901200653,17596771578000289226,131072 /prefetch:82⤵PID:4256
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level2⤵PID:1596
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff643967688,0x7ff643967698,0x7ff6439676a83⤵PID:4024
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5184 --field-trial-handle=1852,i,16439402511901200653,17596771578000289226,131072 /prefetch:12⤵PID:408
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4628 --field-trial-handle=1852,i,16439402511901200653,17596771578000289226,131072 /prefetch:82⤵PID:4876
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1636 --field-trial-handle=1852,i,16439402511901200653,17596771578000289226,131072 /prefetch:12⤵PID:1344
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2948 --field-trial-handle=1852,i,16439402511901200653,17596771578000289226,131072 /prefetch:82⤵PID:2476
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2892 --field-trial-handle=1852,i,16439402511901200653,17596771578000289226,131072 /prefetch:82⤵PID:2572
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 --field-trial-handle=1852,i,16439402511901200653,17596771578000289226,131072 /prefetch:82⤵PID:3456
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=1716 --field-trial-handle=1852,i,16439402511901200653,17596771578000289226,131072 /prefetch:12⤵PID:4596
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3832 --field-trial-handle=1852,i,16439402511901200653,17596771578000289226,131072 /prefetch:12⤵PID:4352
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 --field-trial-handle=1852,i,16439402511901200653,17596771578000289226,131072 /prefetch:82⤵PID:676
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5288 --field-trial-handle=1852,i,16439402511901200653,17596771578000289226,131072 /prefetch:82⤵PID:3824
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5188 --field-trial-handle=1852,i,16439402511901200653,17596771578000289226,131072 /prefetch:82⤵PID:4968
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 --field-trial-handle=1852,i,16439402511901200653,17596771578000289226,131072 /prefetch:82⤵PID:352
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5900 --field-trial-handle=1852,i,16439402511901200653,17596771578000289226,131072 /prefetch:82⤵PID:612
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5864 --field-trial-handle=1852,i,16439402511901200653,17596771578000289226,131072 /prefetch:82⤵PID:4672
-
-
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"2⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Drops file in Program Files directory
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2896 -
C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exeMicrosoftEdgeWebview2Setup.exe /silent /install3⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:1176 -
C:\Program Files (x86)\Microsoft\Temp\EU2B9A.tmp\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\Temp\EU2B9A.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"4⤵
- Sets file execution options in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Suspicious behavior: EnumeratesProcesses
PID:4476 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc5⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:4900
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver5⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:3456 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:2512
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:2160
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:4116
-
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QzgwQTI3NjUtRjdDNy00NzEyLUE5OEEtRDQyOERCQ0IzQUZGfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntGQjBCNTgyQy03NTcyLTRDQTItQkY0QS03OTQ4RUU1MDg0MEZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE1MDYzLjAiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iUUVNVSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxLjMuMTcxLjM5IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1ODA4NzM4OTUxIiBpbnN0YWxsX3RpbWVfbXM9IjUyMyIvPjwvYXBwPjwvcmVxdWVzdD45⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:3844
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{C80A2765-F7C7-4712-A98A-D428DBCB3AFF}" /silent5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5092
-
-
-
-
C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\RobloxPlayerBeta.exe"C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\RobloxPlayerBeta.exe" -app -isInstallerLaunch3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:2976
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 --field-trial-handle=1852,i,16439402511901200653,17596771578000289226,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:588
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5560 --field-trial-handle=1852,i,16439402511901200653,17596771578000289226,131072 /prefetch:12⤵PID:1528
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5680 --field-trial-handle=1852,i,16439402511901200653,17596771578000289226,131072 /prefetch:82⤵PID:6044
-
-
C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\RobloxPlayerBeta.exe"C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:6OlhBZxCOUU9Jx7rI64Td6cRRpEPgf3WXLhxoAAHuzRYGyAZ3WAv04cbsLfwBGKBe6JFbULM7wOgHrE59E03fswfpnnAp9itzY7L0aGlIxSkBbKpNPHOvTZ7pVTNM09gKZ96h2rYe5-Rx133pc10AGJFFe3TFEvUQeNykMJ02sg2jPiKfIBaLFmK0XOsLaaIiWDA6eyT8nz_kQBFXQ8FMlbGWJ-hq_B7w5uTa_-9rus+launchtime:1716686680181+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1716686426994010%26placeId%3D155615604%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D75cf7988-7b4b-4037-8712-8c9803a0632e%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1716686426994010+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:6028
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4356
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Modifies data under HKEY_USERS
PID:3736 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QzgwQTI3NjUtRjdDNy00NzEyLUE5OEEtRDQyOERCQ0IzQUZGfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InsxNEQ3RUY5NC0zMkNELTQyQTAtODlDMi1DMkIwQzM3NTUxMTJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE1MDYzLjAiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iUUVNVSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEwNi4wLjUyNDkuMTE5IiBuZXh0dmVyc2lvbj0iMTA2LjAuNTI0OS4xMTkiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIzIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1ODEyMDg4OTQ4Ii8-PC9hcHA-PC9yZXF1ZXN0Pg2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Drops file in System32 directory
- Modifies data under HKEY_USERS
PID:2816
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1BB43FDE-41FF-4D86-BC05-239F00D4E9DA}\MicrosoftEdge_X64_125.0.2535.67.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1BB43FDE-41FF-4D86-BC05-239F00D4E9DA}\MicrosoftEdge_X64_125.0.2535.67.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level2⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:4680 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1BB43FDE-41FF-4D86-BC05-239F00D4E9DA}\EDGEMITMP_FAD76.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1BB43FDE-41FF-4D86-BC05-239F00D4E9DA}\EDGEMITMP_FAD76.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1BB43FDE-41FF-4D86-BC05-239F00D4E9DA}\MicrosoftEdge_X64_125.0.2535.67.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level3⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:2004 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1BB43FDE-41FF-4D86-BC05-239F00D4E9DA}\EDGEMITMP_FAD76.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1BB43FDE-41FF-4D86-BC05-239F00D4E9DA}\EDGEMITMP_FAD76.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.112 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1BB43FDE-41FF-4D86-BC05-239F00D4E9DA}\EDGEMITMP_FAD76.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=125.0.2535.67 --initial-client-data=0x210,0x214,0x218,0x1ec,0x21c,0x7ff750a44b18,0x7ff750a44b24,0x7ff750a44b304⤵
- Executes dropped EXE
PID:2612
-
-
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QzgwQTI3NjUtRjdDNy00NzEyLUE5OEEtRDQyOERCQ0IzQUZGfSIgdXNlcmlkPSJ7REY5NDg4M0EtNDM2My00MDU4LUFEQUQtNzZBNjNDQzAwOTRGfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InsxMEE5MkRBQi00QzBELTQyRDYtOEI1NC1CRDdDRThGMEU2MjF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE1MDYzLjAiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iUUVNVSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O1ZQUW9QMUYrZnExNXdSemgxa1BMNFBNcFdoOE9STUI1aXp2ck9DL2NoalE9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEyNS4wLjI1MzUuNjciIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU4NTg5MTg5MjUiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1ODU4OTU4OTkzIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjA2Mzc4OTE0NSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmYudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvMDcwOGU3NzAtNTFhMC00ZDAwLWEyZjMtZDczNmRiODU4NmU3P1AxPTE3MTcyOTEzMzEmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9ZWM4WXVLYjFaJTJmWExFV0lsbnc2N2dtdDQlMmZhMlEwNWxrWiUyZll6JTJmakdRbWVnbHRwTUN6WnB6ZmgxMEJsbVBoTWVmSEFuTmswTEZTaGF4JTJmZUxRNml0VyUyYkElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzM4MDg1OTIiIHRvdGFsPSIxNzM4MDg1OTIiIGRvd25sb2FkX3RpbWVfbXM9IjE2MTYwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjA2Mzg3OTIwOSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjYwNzgzNTkwMjEiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjY0ODk2MzI2MTciIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSI5OTUiIGRvd25sb2FkX3RpbWVfbXM9IjIwNDc4IiBkb3dubG9hZGVkPSIxNzM4MDg1OTIiIHRvdGFsPSIxNzM4MDg1OTIiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjQxMTI0Ii8-PC9hcHA-PC9yZXF1ZXN0Pg2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Drops file in System32 directory
- Modifies data under HKEY_USERS
PID:5008
-
-
C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\RobloxPlayerBeta.exe"C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\RobloxPlayerBeta.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:4184
-
C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\RobloxPlayerBeta.exe"C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\RobloxPlayerBeta.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:4624
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6.9MB
MD56aafb8c6ce355a80514a2f3abc13a9ad
SHA12db9a7dde9086dd415ee41b4b109a3311f088c8c
SHA256adbd1a10981cccd00918d924ec93a9d6f29d16190691f6984b199f9a42cc0cb6
SHA512c9f23c68b7385d8edfdbff7b80a6064ac8eb879384796e7f54b094155feb32a86836c4a910c323128a4a6b3b15b7fbe1a9b0b56153ff0e71c96dce7776b0f848
-
Filesize
12KB
MD5369bbc37cff290adb8963dc5e518b9b8
SHA1de0ef569f7ef55032e4b18d3a03542cc2bbac191
SHA2563d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3
SHA5124f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1
-
Filesize
179KB
MD57a160c6016922713345454265807f08d
SHA1e36ee184edd449252eb2dfd3016d5b0d2edad3c6
SHA25635a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9
SHA512c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e
-
Filesize
201KB
MD54dc57ab56e37cd05e81f0d8aaafc5179
SHA1494a90728d7680f979b0ad87f09b5b58f16d1cd5
SHA25687c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718
SHA512320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b
-
Filesize
212KB
MD560dba9b06b56e58f5aea1a4149c743d2
SHA1a7e456acf64dd99ca30259cf45b88cf2515a69b3
SHA2564d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112
SHA512e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7
-
Filesize
257KB
MD5c044dcfa4d518df8fc9d4a161d49cece
SHA191bd4e933b22c010454fd6d3e3b042ab6e8b2149
SHA2569f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2
SHA512f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c
-
Filesize
4KB
MD56dd5bf0743f2366a0bdd37e302783bcd
SHA1e5ff6e044c40c02b1fc78304804fe1f993fed2e6
SHA25691d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5
SHA512f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e
-
Filesize
2.0MB
MD5965b3af7886e7bf6584488658c050ca2
SHA172daabdde7cd500c483d0eeecb1bd19708f8e4a5
SHA256d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19
SHA5121c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4
-
Filesize
28KB
MD5567aec2d42d02675eb515bbd852be7db
SHA166079ae8ac619ff34e3ddb5fb0823b1790ba7b37
SHA256a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c
SHA5123a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3
-
Filesize
24KB
MD5f6c1324070b6c4e2a8f8921652bfbdfa
SHA1988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf
SHA256986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717
SHA51263092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100
-
Filesize
26KB
MD5570efe7aa117a1f98c7a682f8112cb6d
SHA1536e7c49e24e9aa068a021a8f258e3e4e69fa64f
SHA256e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01
SHA5125e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8
-
Filesize
28KB
MD5a8d3210e34bf6f63a35590245c16bc1b
SHA1f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693
SHA2563b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766
SHA5126e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a
-
Filesize
29KB
MD57937c407ebe21170daf0975779f1aa49
SHA14c2a40e76209abd2492dfaaf65ef24de72291346
SHA2565ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9
SHA5128670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7
-
Filesize
29KB
MD58375b1b756b2a74a12def575351e6bbd
SHA1802ec096425dc1cab723d4cf2fd1a868315d3727
SHA256a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105
SHA512aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19
-
Filesize
29KB
MD5a94cf5e8b1708a43393263a33e739edd
SHA11068868bdc271a52aaae6f749028ed3170b09cce
SHA2565b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c
SHA512920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7
-
Filesize
29KB
MD57dc58c4e27eaf84ae9984cff2cc16235
SHA13f53499ddc487658932a8c2bcf562ba32afd3bda
SHA256e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98
SHA512bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc
-
Filesize
28KB
MD5e338dccaa43962697db9f67e0265a3fc
SHA14c6c327efc12d21c4299df7b97bf2c45840e0d83
SHA25699b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04
SHA512e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9
-
Filesize
29KB
MD52929e8d496d95739f207b9f59b13f925
SHA17c1c574194d9e31ca91e2a21a5c671e5e95c734c
SHA2562726c48a468f8f6debc2d9a6a0706b640b2852c885e603e6b2dec638756160df
SHA512ea459305d3c3fa7a546194f649722b76072f31e75d59da149c57ff05f4af8f38a809066054df809303937bbca917e67441da2f0e1ea37b50007c25ae99429957
-
Filesize
30KB
MD539551d8d284c108a17dc5f74a7084bb5
SHA16e43fc5cec4b4b0d44f3b45253c5e0b032e8e884
SHA2568dbd55ed532073874f4fe006ef456e31642317145bd18ddc30f681ce9e0c8e07
SHA5126fa5013a9ce62deca9fa90a98849401b6e164bbad8bef00a8a8b228427520dd584e28cba19c71e2c658692390fe29be28f0398cb6c0f9324c56290bb245d06d2
-
Filesize
28KB
MD516c84ad1222284f40968a851f541d6bb
SHA1bc26d50e15ccaed6a5fbe801943117269b3b8e6b
SHA256e0f0026ddcbeafc6c991da6ba7c52927d050f928dba4a7153552efcea893a35b
SHA512d3018619469ed25d84713bd6b6515c9a27528810765ed41741ac92caf0a3f72345c465a5bda825041df69e1264aada322b62e10c7ed20b3d1bcde82c7e146b7e
-
Filesize
28KB
MD534d991980016595b803d212dc356d765
SHA1e3a35df6488c3463c2a7adf89029e1dd8308f816
SHA256252b6f9bf5a9cb59ad1c072e289cc9695c0040b363d4bfbcc9618a12df77d18e
SHA5128a6cbcf812af37e3ead789fbec6cba9c4e1829dbeea6200f0abbdae15efd1eda38c3a2576e819d95ed2df0aafd2370480daa24a3fe6aeb8081a936d5e1f8d8ed
-
Filesize
28KB
MD5d34380d302b16eab40d5b63cfb4ed0fe
SHA11d3047119e353a55dc215666f2b7b69f0ede775b
SHA256fd98159338d1f3b03814af31440d37d15ab183c1a230e6261fbb90e402f85d5f
SHA51245ce58f4343755e392037a9c6fc301ad9392e280a72b9d4b6d328866fe26877b2988c39e05c4e7f1d5b046c0864714b897d35285e222fd668f0d71b7b10e6538
-
Filesize
30KB
MD5aab01f0d7bdc51b190f27ce58701c1da
SHA11a21aabab0875651efd974100a81cda52c462997
SHA256061a7cdaff9867ddb0bd3de2c0760d6919d8d2ca7c7f889ec2d32265d7e7a75c
SHA5125edbda45205b61ac48ea6e874411bb1031989001539650de6e424528f72ec8071bd709c037c956450bb0558ee37d026c26fdb966efceb990ed1219f135b09e6e
-
Filesize
30KB
MD5ac275b6e825c3bd87d96b52eac36c0f6
SHA129e537d81f5d997285b62cd2efea088c3284d18f
SHA256223d2db0bc2cc82bda04a0a2cd2b7f6cb589e2fa5c0471a2d5eb04d2ffcfcfa0
SHA512bba581412c4297c4daf245550a2656cdc2923f77158b171e0eacf6e933c174eac84580864813cf6d75d73d1a58e0caf46170aee3cee9d84dc468379252b16679
-
Filesize
27KB
MD5d749e093f263244d276b6ffcf4ef4b42
SHA169f024c769632cdbb019943552bac5281d4cbe05
SHA256fd90699e7f29b6028a2e8e6f3ae82d26cdc6942bd39c4f07b221d87c5dbbfe1e
SHA51248d51b006ce0cd903154fa03d17e76591db739c4bfb64243725d21d4aa17db57a852077be00b9a51815d09664d18f9e6ad61d9bc41b3d013ed24aaec8f477ad9
-
Filesize
27KB
MD54a1e3cf488e998ef4d22ac25ccc520a5
SHA1dc568a6e3c9465474ef0d761581c733b3371b1cd
SHA2569afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011
SHA512ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245
-
Filesize
28KB
MD59db7f66f9dc417ebba021bc45af5d34b
SHA16815318b05019f521d65f6046cf340ad88e40971
SHA256e652159a75cbab76217ecbb4340020f277175838b316b32cf71e18d83da4a819
SHA512943d8fc0d308c5ccd5ab068fc10e799b92465a22841ce700c636e7ae1c12995d99c0a93ab85c1ae27fefce869eabadbeafee0f2f5f010ad3b35fa4f748b54952
-
Filesize
5.3MB
MD50469bb703f1233c733ba4e8cb45afda2
SHA1a07afd7ecf1d0b740b0e2eddfcde79dcf6e1767f
SHA25600314da401908da37ebfe9b642506cab81a4467c092719fcf007be045bc4a9e0
SHA512342c9629e705eb78c7bd52b3efe4a92b6a8bece9933956390450600635e4c0511ca96ccaa25e6920e9d25ccdf444dabfea7b09f8fbcba2f371655f87633b6d67
-
C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
Filesize1.5MB
MD5610b1b60dc8729bad759c92f82ee2804
SHA19992b7ae7a9c4e17a0a6d58ffd91b14cbb576552
SHA256921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08
SHA5120614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4
-
Filesize
280B
MD5ba9b619fe0a30e4666e6eb23831a467e
SHA1b9bc8dbc42926b6ea2ad8807ee887a79b049ddf1
SHA2564c3247b1cf554ee609405e2d1df96c268b25c15d66d610455a3fdfd85ff92d55
SHA5128d2a68f2c043e80a239d9bf595a506b0f03c609700008c42f0a9008b84632458ce1a860aeca6a7dd9fb7aad51a607478845ba30ecd943f357af1069796887859
-
Filesize
76B
MD5ba25fcf816a017558d3434583e9746b8
SHA1be05c87f7adf6b21273a4e94b3592618b6a4a624
SHA2560d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11
SHA5123763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f
-
Filesize
43B
MD555cf847309615667a4165f3796268958
SHA1097d7d123cb0658c6de187e42c653ad7d5bbf527
SHA25654f5c87c918f69861d93ed21544aac7d38645d10a890fc5b903730eb16d9a877
SHA51253c71b860711561015c09c5000804f3713651ba2db57ccf434aebee07c56e5a162bdf317ce8de55926e34899812b42c994c3ce50870487bfa1803033db9452b7
-
Filesize
687B
MD50807cf29fc4c5d7d87c1689eb2e0baaa
SHA1d0914fb069469d47a36d339ca70164253fccf022
SHA256f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42
SHA5125324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3
-
Filesize
141KB
MD5677edd1a17d50f0bd11783f58725d0e7
SHA198fedc5862c78f3b03daed1ff9efbe5e31c205ee
SHA256c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0
SHA512c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff
-
Filesize
179B
MD5273755bb7d5cc315c91f47cab6d88db9
SHA1c933c95cc07b91294c65016d76b5fa0fa25b323b
SHA2560e22719a850c49b3fba3f23f69c8ff785ce3dee233030ed1ad6e6563c75a9902
SHA5120e375846a5b10cc29b7846b20a5a9193ea55ff802f668336519ff275fb3d179d8d6654fe1d410764992b85a309a3e001cede2f4acdec697957eb71bdeb234bd8
-
Filesize
16KB
MD54ae157a9c6204591a4febd3ddd0dbca2
SHA12d438bc22d15545aa503b22d327a82f277b75077
SHA256bc6a8b0672b1e54935ee92398d85b53ff71a33bc03257cfe3cbe755a6f0123e3
SHA5129cc86f187b3d27c66e91d04ad5dd1bdf41cb8218706e5b1f9cbf47dcdfcd7d3258adbc58a30692dea4f249370d552668fb2a139f7050bde7a8d948b5b924984d
-
Filesize
98KB
MD5f996e49da547473edffff57b1b76231f
SHA11e0cd895f6c2a60a4cfd25cec7941000203fb91c
SHA256429c245c93f6801d9d14dc1c9128aa0b7dfc69ac1b054b6f3f46d25d77a59bb4
SHA512e94613f37fc596c259074736181465acef2e6c7992e39eaa8f15ffbfae240c3eaba9f0f0f500e6b415c13ccba30343eb8dd148a7d47558ebca3c007dad12240d
-
Filesize
51KB
MD5588ee33c26fe83cb97ca65e3c66b2e87
SHA1842429b803132c3e7827af42fe4dc7a66e736b37
SHA256bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760
SHA5126f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04
-
Filesize
2KB
MD5328a752b4c9d52f1cad11fcb00a44eef
SHA174b7fdc700df80bf9a4095e36064f3dc0009ce10
SHA2563b0a1d7cd7fb5f3f13e240be21159ecf0f6e1705c523d205224f652cc9ea116b
SHA512c48046ca0f76f783750e141818b23344bf8d3b1d5fe301594ea89434788a009f3fe7f40884b8b100c7c5cda749975f3f6396cc0e7c8dcc04342d13fbc6c854d2
-
Filesize
4KB
MD5bc16c9d7a69af8923cdb10f8d4c7bf2e
SHA19272ded16be7b9946f254f2df4b222692a2fb21f
SHA256e36431e0e77707b572ff2e9265a1c3098faac5bdc6aa05cad28167b814880e1e
SHA512fba825f5866d7464ad358fd8b9d9b0da60c4b8bb93215c67b6581419aefb0cbf17be7664dee4fbe2c2240d53a9170d19c38263c526a30cc5b16f19ca428d5157
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001
Filesize23B
MD53fd11ff447c1ee23538dc4d9724427a3
SHA11335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA51210a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\391ccbb8-eb8b-4cb6-9e87-4d600da16539.tmp
Filesize4KB
MD5cb3aaef732475b8fa016f585c78b8abd
SHA1c373cecc717f1651b224cfda59717707d0379f33
SHA256cf4452cf8b918a7aecb4bbe9550f90187b617f86c0bd9ab5d13a81f4bd20f280
SHA51292c758aa2bd5ac9afa2f0860c4a4417c9915f1074bd89b226dc246cdc21bd7f5895fb958cf59e5b39d7696bf3ed9319e8d01cd7130248c72cadfd46397394bdb
-
Filesize
7KB
MD5b50b56e88259dcde0fa659395a2e862c
SHA103d647f155f249f3fd7d65ab53b65ebc9c8efc49
SHA2560540d787d74dbff145be2c6206df1fcb847912c152faa3977ae6ba6398847f4c
SHA51245b8c873f1c78a8d9c5b458e3485040166d02a565c078e72e21f5b5ec39b8507ea74ee50d6b9f58199502b5c31a7e1ffcc6ae506f30529a03d126e2498e00331
-
Filesize
7KB
MD597ff49ca1f11fd85d62bd0a634c0b30b
SHA11fbc4673cc55996d5b1d9c76b1fa7337bc7b6dc4
SHA256f5c5048eec09c768d229bddbb39de45d3b5559f6708283ed0415296c0930820a
SHA512128b844a5cd8cc2cbcc123f2f871fe76d9c44dedd12738bccccf81f2b2e97ffbbd4f32016731cee1d59a192619213874f89e9f18afbfc52fa0d2f6bfcb5bd632
-
Filesize
3KB
MD50d93abcb8e0fae5d79bcd5059ebec2e7
SHA1e5f267c8c8ebebc2f35ebca1fbae2fe2a0ad228c
SHA2564fc1ca2f3a7502a460614241eef218d854d8f05b5d24a246270efbad07670fcd
SHA512f7223950fd684f7c1c77432e7a260a2059eea1a2fc619c02b22d1879ad882f7b697d988b2c44315efe6ae817ad9c21438c5b1d290bdce144b184b591cbe7a877
-
Filesize
4KB
MD5458d56f928c8cebb1902c8a2bfca3626
SHA1c314948e633b764488868783d79f8188827d254f
SHA256ad9a1116e92e7c9b80bb492b45815641b5d84592d70c73a74d31b08ae9fd92d5
SHA512cb46e9780a009b73ec8167f357b8fa720813524883be71f1f86db0b96afbb42b644bffac44cebe01606026d745986ef1ca78f0e63790f6047498d083d6690e4f
-
Filesize
2KB
MD5e601cdfde22977ef344c40b0af89e3fd
SHA1dbcfe1bf7a223fdec423393dc8e34d993910a1fc
SHA256ad2ada826a37345cc6ec05b502f998cccbbc693281071586e8eed7fdac9b14ec
SHA51259b60f2a275e54ce882cc86c97eec64a648ae2fc0ea91850be80e9c4a40b3cb31f3002d956be9225708b538906ed2e8ee1b522e2d468295f5482e3483a1a7543
-
Filesize
1KB
MD58c24603dc15379c91837da02506bb7de
SHA151cca49710b92b8f68429c9bbc5897f5557c3f33
SHA256029c8fe30c18602547f46cc0fbca603b3be6064d24b858b42d1b285b0955848e
SHA512dc49a00340eca301318bd0fe9f0abac00fa9a537fe2dd01837c694e58e26fccaddfc80bb3bc0ed1a07e5e7a69895330335c15e09dec26c43ee8195a10d317e59
-
Filesize
4KB
MD5640e58569227a7c51bdb1b678a1317c5
SHA117bf2a70cd80dd8ce03d6ca94814857ccbfb5f44
SHA256bf5dac1aeb25e3d4a3b7bee837191fada316f27f5312b6fc5911145cf057614b
SHA51262a9d915ed7f65c73b835cf379c077dc9d33fb31f67fd02314df7186643cbf651004b053abce9a02633b804c9121bf057563ed2038f891aea3c7cf188e3aa078
-
Filesize
4KB
MD5fdb95d720233484294287818f4beb6c1
SHA10ddbe6ff078e90f2ef0c4ff26d71e63520880e33
SHA2568acd7e8a680c8261c16f3ad33fe2461c8f754f59330510ff004b1a9ecbc8a528
SHA5126c73d6aefca53c273c204d05b6c3ae3663aa3a75cef98c6f429c6c163f2e25d16110dd042d4a5ef510c9ab159ae742da63b4d69e23b2583b1cba00a1f644a6d7
-
Filesize
4KB
MD5a8355ff3b06bd879aeedb7467b9a2904
SHA1af9dc954572b407434e9a2ea3393ca542923befc
SHA25639248a5e0ed42ff02ca800b6717c47e886c5b864876a900d041e7272dfd7c7f1
SHA51299f4a523d1a6448434290525c91b81ce323cc7f9a6c6b27b2ea6b4ceb26ffecb475a9664876f55814a39e288c5ba49be0af0b449a6ef1d9391feac8bc864ec9e
-
Filesize
4KB
MD5aef8950e620e69e3ada6783d123656b4
SHA120df3bc9aed9c46643802b312a0739f381acfcf5
SHA256db0794c5aa8ec88d932439d13b9b3e0539a162d29b83825506e49a5ebb0908d9
SHA5123fc81385e8ce22dcdc863d32ab90ec43f7c66d2d21e3747e1b085a779c0a6d156117097dcecbba70e94095ef739c57fd464e2f9b2ab69c0aa799710894add70b
-
Filesize
4KB
MD5de77ce8a3254eeda39d3e96b74c68d09
SHA175c324b671ce1cffe31a58520e3dfc7b84c1b372
SHA256fcd428aca602872ddc52545b9deed27fd0145b13819e6d4ee656c3e3efbcbd13
SHA5129750f3056ec2728ed56bc212e9ce2596b1d45e39ad5599629e67ae036a47b5e36c1d685f0906085ceff16d258a56920a44a9dc44f63aaf174cb3b01fbc8e48b8
-
Filesize
4KB
MD5cf82738d48a9c6221baaaef52afcd919
SHA1458f4354331510371ab1b4eedcde3a02888898f0
SHA2569d361d4b54d1e50f8900ad196ca77008688c5a2ba146cfa743b14f332e3234f7
SHA512f9e88046180139e8aa7225da2b870786f69ef66a9a237a877d3f33e8f87cbdf2e6f5f0b415417df120a3b11c253a877e243b6142ecbf562ae1d667e44e324bcb
-
Filesize
4KB
MD53a7d4cf64fee199c1fcd0625a6c30316
SHA12a0e8bb3db6ce8b71698ef7a9ade3b35d7795dca
SHA256e6bd826413d0fbe0054c18fca072d1111146d0542a1f0c8be6e3d1fcb208e310
SHA5122c0165738e88240ddd4eb46f66535d498e7a95724b46b386299566a6953467acf561597fe92293a15479cc45154ce30308128305d1136cfe7d572099510a78bc
-
Filesize
4KB
MD59082a44b0ccdc469abc54636d88458bb
SHA1947c5217b948d0bab39f588d3c7192603e684e8a
SHA256fc3531bf775b802b7212a6312fb092fbdb1d52dd8da1d90782da097ebcfbf931
SHA512037cb416bfad6c62bc0c1a5d7ee969dcacd36719e380a1dff562d576883634636b58feafe507e850ff2c1f2fe99f6c243298540ae584309408981d47d91c8d4b
-
Filesize
3KB
MD55c6b1deef1321f8b84fabb8610294a53
SHA1656ad295408d4200308ae72563579f783428250d
SHA2561efd8732d2f30adea37de050ed8c71110f8fe0a8863f2b46e5fdb716bb5b4dc5
SHA51221f8986fe5682ab2bb6e632c15bc5872a5c151f1456c8f3f34fe21e23d8f035430ee557a00879b1504c40cad9b5c7d79b899268c7daf7cf3c803ecb6ee2c8ec4
-
Filesize
4KB
MD55290ec990f16226b7ca12f3266e8be7e
SHA1221d83922c5d398bf22a0e0e7ad90463edcc6a87
SHA256444fe286e594974cae1edfb7a90c27abe37f49085685466298448706fd7c1f23
SHA51281734574abfd99d84818c309b8d2d540a77b6621c69ea9a169b789f538361cd34b32cea9990f3b2e3625f0145de9afdbfeca0a2e22e38a2ef1ddb357b0161094
-
Filesize
4KB
MD5bed1693b7a2ad431d008d12bb46eac7c
SHA1061e32a218fcc5af024d329bf1afe2f2021d7135
SHA2567b02f2c9474e7d94093429ab9b692f883ca5f3cffbd4bb43e6bce0e89b07d452
SHA51227490ae86d4674460c61a5c6b000152522a1c1a292d6f05a0d9ee8ca3c3ac8f3c51ad5b3c2884ea36748c483156437c75e6f19d899e6d689216faeb828baec35
-
Filesize
1KB
MD510ba0da42066cc5956484e71a77d01a1
SHA195d42350d8b5d82cefd666d94f8886afc1cb5b3e
SHA256c391cc7f325101cbb2aec3ee00bb4fbb09f35ac49eac1ab2213c410531eabc3a
SHA5123dcfe87e416ade4fd3e7db6b38f57c1f6674ab244db7f739196c9bf47fb1f74cf1fc16b465de1c9c635ff00753d9d0324739e565ffbf4a941936eda6ac3a5495
-
Filesize
1KB
MD58d83b91b745e14a489aeeebd68ba3958
SHA1cb0c5f59501d632e7c5438960cbaba9e073cf836
SHA25650bdd10c876631f0ad1b005661544f3d57e37aab7c613c744f68c319772beee9
SHA512fa093bb325183b09a5b7908c959cb8308e49d4ba1ae2cfcc7d975b6a213db2f1c4c38916c6b9fe8e8c0a4cb846756de8c248c593d8fdcb4e2b163fd8aef79932
-
Filesize
4KB
MD50c1612f9ef9bb3da53fb6be5e266793b
SHA1d90b5318b6cab60e1f204b869b4655c92e1d1270
SHA2563023942600c6cceb890228059f45fbb986e1f09d546837108b0e32305ffa9a7d
SHA51234e12285e5f99de6b6a2dfed9f675340fda3fcb7e98dbfc011c4ecbba3bad8bf437c1180a28f9a5f8d16ccd240fac1836cbedfb19fdebd6340bd947f43e20302
-
Filesize
4KB
MD52eea2eb44910f8af29a4a0f028c207bf
SHA1f08bbd5527a80e0bd58029e557ac37fb5ecf1105
SHA256eb6605d95ec82d78ace179cb8ea449560a13be986527fc090e46e33e716a0062
SHA5123341ce916405a137758ec3d8961ccb688bd04632780f8f2e262231467f45f1822dd1dc99e6610618124b6d7a8c7a6edb181686f73bb94a456cfd1c23623e879b
-
Filesize
4KB
MD5978e5cd7d4c8c6aac2b5c8a51118a117
SHA1e0cab9aef0968c4aaaa1d3172580f07aa71d664e
SHA256dea734d5e242ba4f6ee3f4605a8d957d419a8c9f77def3530145f3d78283edf7
SHA51205f4b41bdff6645683555c392989574a7e73267fe5621dc025757c8559faae289d4d5c3d5845ceb64b2a45129583545e2e05397920bc74e7828a72b727f8b5a0
-
Filesize
4KB
MD56d45263ee2b93001dbdcee3aba1ba6d5
SHA147aebfa94797769bf2fb5c1252a8bc7c71b8cb5d
SHA256877423194bf4962acfb74ee09dbb8b62eceb661db7d80b89761f7536ec4bfaa9
SHA512b7dcef322b6ae9102e89fab0932c34924371f8a8fb0bea081ee69fe86d5b3cf528655ef7fa2a03b5bc1ee62d98f63e41f4e7569f56d639fa48fa89ecc7648d20
-
Filesize
1KB
MD5bd6376b111a19a0144e6d5aa38da5832
SHA186d70cf4845439255c150c6dc4785720e2150678
SHA256b5cdcc378c0e0063b170fad286d0e747a8688392d03277568ef33b965c974871
SHA512b3fcfb9ef3f76447fdbe69d93e4a8ff47fe3ab02928ea5a69d4c8359879a09629fe5452e6c90caf14b5583f92f51df66e10942674d902a44146af74c0f529326
-
Filesize
2KB
MD503b1e9ba5a51e12d895edb79fadd0a99
SHA13990d5d13670bd87a52aed114466a28755fbb319
SHA2563cf18e50ea803ae0743e7bd190149b1417cafdf3f2faa102d05652c24a59af62
SHA512366b37b3654a6450d24cd093e3b28bdef0caf84bfd8490b779d0ea1265d2a5ebad6d7cfe420581211a280c3729135623a33a3783755d015359ba537138dd71f6
-
Filesize
4KB
MD5ae37588be73f2919a1ca0b13587da708
SHA1ffd3722201f0050a29de5fecbc2d0a38545b4f44
SHA2563948ada4e98add6c2cb1f992d2d05065dfd3528cd97675abd46c1227d305a1b1
SHA512a98607cddb40246777bfa90e1ee811f35967bb34df8a5a0d0cc373224ed261e793b2df2a5ddd89a67581827ab7753ebae36a86144610ca72af7550df2f23a081
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\e4387e22-f613-4352-a697-495f9c2989dd.tmp
Filesize4KB
MD558f379b4a23c1a388569c15d16a08909
SHA173328bfc08284c310962f8456960cdb614691aaf
SHA25694c92acab7710177986c73b7da56eb8ae537e917f9163304bd98b3258b237945
SHA512cb0cf921a18861b4838d2a841ece7d76c4f30b1d05a847f6d99f3b7058aeaa2639b82a23843f0b90acf4baad486d7ca3308de5633f531ec37f4dcc03037875ce
-
Filesize
6KB
MD5a887b7efb0eb85585ccc35160bb27245
SHA186a580cf59f89e3649a532debe0e414c741a158d
SHA256d3a9c4d241802ce86dc02fdf2723c9be6ccf042c853c9dfc1bae73325dfcc237
SHA512b2b2ba75bf07adbd0de3cacc11c57038d79e2d3caa7a9daa52e88acddf73d58d528b6aa41b90c05f8b7976f36d68c8b3507da6086a9dea7c0586278260fddf4a
-
Filesize
5KB
MD59c0162d0f3c2bf71e37ef8dcb6d3dd59
SHA184eecb567ec8ec3da41fa3dfe11aecebdd590af7
SHA256702e2d6deec082b7f78415e8786f1fcb4a4665c1bb82c66016d5324b7022b4e4
SHA5126b70f516630347904b3e0d0eb19ed75d375ac5331be98e183c053bde69cf8f229d67ad4b28e1a6f3d4a498fbe7d3298ef945a26a2a3815a0345207143574e09d
-
Filesize
6KB
MD5456e2c3e035ab16d11895bc28c4b2067
SHA16f51a0e08c1ea841c6d7c01f1d5d95f0467fdb0a
SHA256af93082237961757a033991484a639b2c4dc4fccf512e774a6512c6db0b424c5
SHA5125e9bb1055e0c912fe6a4955db275dd652c6659665ce36f4ac91371eba02f99b2dd4ca0a522f18b0089f51e5b43e0b3cd13dd17adec01d46d597592e3b3dfda5b
-
Filesize
6KB
MD5a165c369335589bd4c1324f66f3eaa9f
SHA14a316e68b7c2dcce59655d2ed475b356f3e04088
SHA2568256fc63e16478ea230441879e5335f1f698f9aed2db945eac1849cb3c653cd5
SHA5122b485698f4356d86ed6ceae48b8b5d264977ab843429e278df46cd39146cbe1494002a1fa9268aa7b6908666ea04e069fc3846ffc6fd24755337c275e5acac59
-
Filesize
6KB
MD516cdb0db2e9237cbf3a2229b92e1043d
SHA1adbe017c9a83b79e780f2df0befd0ae49ac97c3a
SHA256ce5b330856cd6b88d9dfd0afbc0d377998de9130a7dc9bbe03512bb3f61dfcb8
SHA512b6d643af16e7b63ffb35ebcc667d3ad9f37df3cb666031f1b93d287ef4c3e518600a7f5019d38756ce219ffbac0123b7864fa45b5bb4ddbc022ef0709d5197cd
-
Filesize
6KB
MD58b1e82ae4b63b19b4073dca9024925a3
SHA1ee017d185cfd81d2628fca8381bd64313c25a3ca
SHA2566a134faccd6dd05728f9a31619163f445e4e46880229061063e18d0a570469de
SHA5129d44af59f94c3857940a81ed5f8f77d7fb0014702563c35865bdadd94bd46f8d1a822e0c9feb4a04f710303d46cbe9e2f88e4e04caa48c504944e94d9c4d9686
-
Filesize
12KB
MD5d65599786c58a4c21039658ae865e2d1
SHA1dbbf011643c558c7b8fbc218b5e9ab8331671004
SHA256b99acbd2d84ffbfb83e2df683f1f4952c8665078b8fd98df38734ef36e923e86
SHA5121f5844eb5395a502ba957c8aa6fd948798426b0adbf5b143f47d7669e8fa3f8ca6590b4f61dd941439bb05fd6478c5ca31314612499af63857df1469c10c6897
-
Filesize
277KB
MD5d7e33869f927748ec1b81270435a9ad0
SHA1a234aea0074da195d23bc1a8eadf3680dbfbcd34
SHA2560cb4d3b9a149950127fe882fe6176aa5966753396ad0733dc9e12f20c6758f2c
SHA512c8adaaa57c90673e754fa0bfec91cce5619d3b00a40d8d61702b24daec3b3f4d361020077eec412b3e5c964b2929985ad68efc4a416820698a183c357ac8ff43
-
Filesize
115KB
MD545733f6f292349e7f483879589f3eed2
SHA16809e754d2e3c83d4fce1c619960c6127b011b9a
SHA256f71329bcb998cc864642078cc9baa7ffa788bc955f6f91d23d4736922e22899c
SHA512344ea193a74a6b2a8c5a48c51bbfac6310081351120409a10d72b65954b005203bdc626905c718262d96f2f3163851635732caea9605c7fc0ff2f4c63a84142e
-
Filesize
100KB
MD5518fa3c4771d966ddad9104c13ed249c
SHA125259ec08aaf14651603e859477894584da41fab
SHA25679f35610d75f30f0f83f00d6504ad8767689aca514278006eacd2d536c0af842
SHA5122b66277795f441d7d5fa8f24bcfb9173f6c1c1be0cd5b499e165f7ac32283fcc483164ff3e8ea1f83b64b146ef05664e8366cc62f09dd7c196b9a601910dac78
-
Filesize
118KB
MD5028c15e88ca2b02ef7e4adafc3841683
SHA110bf693cad793f729e3db7840fa22f0b2acfa2e8
SHA2562c227554f13ca247322e7bb1b0c53e49fe0533d36148a65c1624adbbe7dd3966
SHA5121f566f302d664ecc3fba98fd44881c97c937f44ae4f08cc435fc1c42ddaddc9f16ba6f3875e88d065e6b040af80e7544938263a2c06453a9e2ea0ed00dc202c7
-
Filesize
102KB
MD5b5c9b7e333aefee1835cbcaa7ad680d9
SHA15b061235ff1c98216f5c85632c00a7cfb4db8be2
SHA25626d678c758ea9cacfd5bd4ba4ff2069db27c5feb07d3de025aa7074e16b222e7
SHA51263dc2b93b4c6f9ed8ad21850e08e37fafbb43b7fd3a94e089d6813a4ad1ec897c917f148243caa257b352b06cd7c77dd5c311466b42cd054c4b1bdb3edeec1a5
-
Filesize
99KB
MD5efc5de2ae2fa32ad3428f73bdc0e4c56
SHA10fad576428dc439c74ad90d6bb11e31bc1f508a9
SHA256a8e8f011bd2c46d594e96a99d47c29024527e2a3823ba69ee5db551c59a51332
SHA512ced242f9a724032a7a1cd4ae3b7d1a5a88ed032e766e9073bb0e3548cbb7f431cb72ec7ad498e531ce538b127a83cdd34c2f5e2759b78f425e956436d8772481
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
5.7MB
MD5938199ca646378b696716037afc964ba
SHA12d865bfeccf3badef2f64e5d6453e6ab71d5f5a7
SHA2562acc3e0879e4a71a6b08e2d6af7b238198d2eda73518b9394d82d00b010c9d7e
SHA5121a37727c5dfaffa3023845592b400acc226face537176064698b8415d79284b6276fe68bf0e5870dc8898a846f923bd95eaac1d185613759ad6ca1068456b322
-
Filesize
488KB
MD5851fee9a41856b588847cf8272645f58
SHA1ee185a1ff257c86eb19d30a191bf0695d5ac72a1
SHA2565e7faee6b8230ca3b97ce9542b914db3abbbd1cb14fd95a39497aaad4c1094ca
SHA512cf5c70984cf33e12cf57116da1f282a5bd6433c570831c185253d13463b0b9a0b9387d4d1bf4dddab3292a5d9ba96d66b6812e9d7ebc5eb35cb96eea2741348f
-
Filesize
43KB
MD534ec990ed346ec6a4f14841b12280c20
SHA16587164274a1ae7f47bdb9d71d066b83241576f0
SHA2561e987b22cd011e4396a0805c73539586b67df172df75e3dded16a77d31850409
SHA512b565015ca4b11b79ecbc8127f1fd40c986948050f1caefdd371d34ed2136af0aabf100863dc6fd16d67e3751d44ee13835ea9bf981ac0238165749c4987d1ae0
-
Filesize
139B
MD5d0104f79f0b4f03bbcd3b287fa04cf8c
SHA154f9d7adf8943cb07f821435bb269eb4ba40ccc2
SHA256997785c50b0773e5e18bf15550fbf57823c634fefe623cd37b3c83696402ad0a
SHA512daf9b5445cfc02397f398adfa0258f2489b70699dfec6ca7e5b85afe5671fdcabe59edee332f718f5e5778feb1e301778dffe93bb28c1c0914f669659bad39c6
-
Filesize
43B
MD5c28b0fe9be6e306cc2ad30fe00e3db10
SHA1af79c81bd61c9a937fca18425dd84cdf8317c8b9
SHA2560694050195fc694c5846b0a2a66b437ac775da988f0a779c55fb892597f7f641
SHA512e3eca17804522ffa4f41e836e76e397a310a20e8261a38115b67e8b644444153039d04198fb470f45be2997d2c7a72b15bd4771a02c741b3cbc072ea6ef432e9
-
Filesize
216B
MD5c2ab942102236f987048d0d84d73d960
SHA195462172699187ac02eaec6074024b26e6d71cff
SHA256948366fea3b423a46366326d0bb2e54b08abd1cf0b243678ba6625740c40da5a
SHA512e36b20c16ceeb090750f3865efc8d7fd983ae4e8b41c30cc3865d2fd4925bf5902627e1f1ed46c0ff2453f076ef9de34be899ef57754b29cd158440071318479
-
Filesize
1KB
MD513babc4f212ce635d68da544339c962b
SHA14881ad2ec8eb2470a7049421047c6d076f48f1de
SHA256bd47ce7b88c7759630d1e2b9fcfa170a0f1fde522be09e13fb1581a79d090400
SHA51240e30174433408e0e2ed46d24373b12def47f545d9183b7bce28d4ddd8c8bb528075c7f20e118f37661db9f1bba358999d81a14425eb3e0a4a20865dfcb53182
-
Filesize
5.2MB
MD5aead90ab96e2853f59be27c4ec1e4853
SHA143cdedde26488d3209e17efff9a51e1f944eb35f
SHA25646cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed
SHA512f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d
-
Filesize
85KB
MD5f8f4522d11178a26e97e2046f249dfa7
SHA18b591d9a37716e235260fb6b3f601e4ccbebf15d
SHA2563c372a8919c28dc76414b2f30da423c3e1018b1a8444527949ce20cc3fc93ed0
SHA51252ea881cad501cf1d5e8ac47355e862ac1bd39cb6e1ff3d362d392b6f2d676e74878832505d17a552aaa3bc8f3977da11fa3f9903722eedd23716fb46ddb7492
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad\settings.dat
Filesize280B
MD5a3813b6cf29fa56e55f47b8c2af07b7c
SHA16d09b5b812bbb4f72afb9a49c9afe675db72cf16
SHA256cc5b162dc197c4182c62ea887dc6dc16826b957d7647edc1662e16d956d63baf
SHA5125ecb01f74ba1b6c0dc2048f336dea0d31b8f84f0a3341b14449e393a8215a8a75f3f2f3f29bfea69f9580a87b86318eba3ca6bbdd955519ea9d0add4fef4a5b2
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Extension Rules\MANIFEST-000001
Filesize41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Network\Network Persistent State
Filesize1KB
MD5608107d6127999bcd9dc5a393701e203
SHA1c5fa9f8910f0555dc3c8e47d1b1cfffea6c43d30
SHA25680106109e2bb9c815cd62cb33e6fd9f91efbc9740b203fcdf6a9420726488236
SHA512de7911235e3e2857eb94e6fd16fa7e1db7cd8ad78b1342f482eef4fba3e130eb5e26ab10fa93d12694fa2593505856ccb1f983c1f0d5ef8b21df916dd4dc6283
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Network\Network Persistent State~RFe5ade2c.TMP
Filesize59B
MD52800881c775077e1c4b6e06bf4676de4
SHA12873631068c8b3b9495638c865915be822442c8b
SHA256226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Network\SCT Auditing Pending Reports
Filesize2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Preferences
Filesize6KB
MD5af50b48f8f0f07a8c73d6113d4cb0a7c
SHA17c594431c5eea22c4632c6351bb237ac4cd6c623
SHA2569dd7289a8c777b299dc5d286b1c8e5bb592fcf7ed9cd7612a1b9b508d651095d
SHA5128fa58d52a79a4bb0e9f54d50600742d3d59a5b4ca8c40f9c82c9aff80e5194543577f1c7a18359ca2f2f1646f135d07d83ac3701f093b1d70cc1f80290f707c6
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Sync Data\LevelDB\000001.dbtmp
Filesize16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\a8a4a9b4-c58b-4624-bee0-e313af8d39bb.tmp
Filesize6KB
MD570f8c211734d733c34f5a335713135b9
SHA16a13570917c1d59c2bc8f927761f9fdeef1ffac5
SHA25636df18d392887b07f813ffc5a62df0b301d19e7c56018aa2f2c5a9a02b05b93b
SHA5126c78239c0f19088d1b8dac1dd19356a590db733c21f360af51134a029fc2f689d1a4158cc562bd3538c007f94035aa0d9c95d9d64f2083031524daae31a2ff3c
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\GrShaderCache\data_0
Filesize8KB
MD5cf89d16bb9107c631daabf0c0ee58efb
SHA13ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA5128cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\GrShaderCache\data_1
Filesize264KB
MD5d0d388f3865d0523e451d6ba0be34cc4
SHA18571c6a52aacc2747c048e3419e5657b74612995
SHA256902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\GrShaderCache\data_2
Filesize8KB
MD50962291d6d367570bee5454721c17e11
SHA159d10a893ef321a706a9255176761366115bedcb
SHA256ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\GrShaderCache\data_3
Filesize8KB
MD541876349cb12d6db992f1309f22df3f0
SHA15cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State
Filesize1KB
MD53c8a07ccb81f24d9a5326dc58f0a9bb7
SHA100bce5a5d745cf8c1fdf079e8d4265dce0e51162
SHA2567bd73b3ba625296b1b6745fbfd2c5e559c1b49fc3374bda4b7e651137d899d89
SHA51291f89310d5ff14dcbb8edc040dde209875dc83639e54a5feb9e6673df46afb548f18a092b5406c10a97f500ac1b749befefa867b8e1b9528f96f7bfdae707e14
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State
Filesize3KB
MD5f1689372e0e8dae79bb78ad58c6d48d2
SHA19b06e2c5438a6eeeabb8160f6b58d22c8df0cd86
SHA2563b844581f1ae48b13e01bece516c60f02ed0c7451704f79e43e8a687e68a1811
SHA512b47ba4256cb5232a9b8e3d580cdb1c425589b57675257e2c861a1282fa437542a201fbedfd3a83e759416d28bba9af54809500578b9890cebd0cc5bbb62bbe3c
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State
Filesize4KB
MD540a84e076af3ea6d3c2c4844613ee8c0
SHA175812b7888215fb8ba1760d9cc885904b4db6026
SHA25667080f0f9e795644ae4489329772544e51c4f09395bdc456f7b91698dfa14ffa
SHA51290a1db5d4724eeeb3e8282b779c806c25b85f9af4017cf6423c8d1fd55ddbf263fb6221332374feb0340c265ae0cca83f71e68f695b7b9ba4ee2b647d1396632
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State
Filesize16KB
MD5815ec9efa9e30d86ba251dd145a3ea7f
SHA125cc0626a16d88d423e88f37e222c675279708ae
SHA256eba0b329e451d246a6a14e610d532ce86889e6c784614a99289dfb4b5f39ddfc
SHA512cd00db9a8eff9036ffe90132e85c5f06720ca0561bf41afbcc0da250e96e2d6b81468c54203be6fe0b00fda711dfd272fc43a4a0539df9ba0cb3e7d1b5a0c0a1
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State~RFe59cb07.TMP
Filesize1KB
MD566d721bcdf52de6955390e2dbc870b3f
SHA1f6c64bcf112d447bb18bdae981ede7b193996833
SHA25656a6d4b5a3ccdff44c16c260c13fb44fe32efb5bb46bed5b10b40d9f31a4ceab
SHA51242be463575d8c29c559b55bdbf0f1557183d75d27bac62cbbaeeefe2ffec6ea3c4287f7eb02f3002ad35e2a77d20f14ca7949e032d7f03efb1287a8c148ef394
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\hyphen-data\101.0.4906.0\hyph-as.hyb
Filesize703B
MD58961fdd3db036dd43002659a4e4a7365
SHA17b2fa321d50d5417e6c8d48145e86d15b7ff8321
SHA256c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe
SHA512531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92
-
Filesize
5.3MB
MD5f8abc05327115c321307efaf662498bb
SHA14d848adb9b0a5b278f97f75fa125145dcbffd572
SHA256c89eda2b48317bd4da398d59213d86afa0c06034cab5e3ea5df5865e369d2a0f
SHA512a6b70331ad553645cd82edc5f6bfa50b4bb16bfc2443469c7eb1ff79e6b4a246cfd7de0691da400777651529a2bca20311645a763dffbf7e10cc4334ab074ae4
-
Filesize
133KB
MD5a0bd0d1a66e7c7f1d97aedecdafb933f
SHA1dd109ac34beb8289030e4ec0a026297b793f64a3
SHA25679d7e45f8631e8d2541d01bfb5a49a3a090be72b3d465389a2d684680fee2e36
SHA5122a50ae5c7234a44b29f82ebc2e3cfed37bf69294eb00b2dc8905c61259975b2f3a059c67aeab862f002752454d195f7191d9b82b056f6ef22d6e1b0bb3673d50