Analysis
-
max time kernel
1800s -
max time network
1798s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
11-06-2024 01:00
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://github.com/quivings/Solara/raw/main/Files/SolaraB.zip
Resource
win10v2004-20240426-en
General
-
Target
https://github.com/quivings/Solara/raw/main/Files/SolaraB.zip
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 2 IoCs
Processes:
cd57e4c171d6e8f5ea8b8f824a6a7316.execd57e4c171d6e8f5ea8b8f824a6a7316.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ cd57e4c171d6e8f5ea8b8f824a6a7316.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ cd57e4c171d6e8f5ea8b8f824a6a7316.exe -
Downloads MZ/PE file
-
Sets file execution options in registry 2 TTPs 2 IoCs
Processes:
MicrosoftEdgeUpdate.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe MicrosoftEdgeUpdate.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" MicrosoftEdgeUpdate.exe -
Checks BIOS information in registry 2 TTPs 4 IoCs
BIOS information is often read in order to detect sandboxing environments.
Processes:
cd57e4c171d6e8f5ea8b8f824a6a7316.execd57e4c171d6e8f5ea8b8f824a6a7316.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion cd57e4c171d6e8f5ea8b8f824a6a7316.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion cd57e4c171d6e8f5ea8b8f824a6a7316.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion cd57e4c171d6e8f5ea8b8f824a6a7316.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion cd57e4c171d6e8f5ea8b8f824a6a7316.exe -
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
MicrosoftEdgeUpdate.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation MicrosoftEdgeUpdate.exe -
Executes dropped EXE 22 IoCs
Processes:
cd57e4c171d6e8f5ea8b8f824a6a7316.execd57e4c171d6e8f5ea8b8f824a6a7316.exeRobloxPlayerInstaller.exeMicrosoftEdgeWebview2Setup.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdge_X64_125.0.2535.92.exesetup.exesetup.exeMicrosoftEdgeUpdate.exeRobloxPlayerBeta.exeRobloxPlayerBeta.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exepid process 3088 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 1416 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 1256 RobloxPlayerInstaller.exe 3676 MicrosoftEdgeWebview2Setup.exe 544 MicrosoftEdgeUpdate.exe 5052 MicrosoftEdgeUpdate.exe 4216 MicrosoftEdgeUpdate.exe 5004 MicrosoftEdgeUpdateComRegisterShell64.exe 388 MicrosoftEdgeUpdateComRegisterShell64.exe 3624 MicrosoftEdgeUpdateComRegisterShell64.exe 1852 MicrosoftEdgeUpdate.exe 436 MicrosoftEdgeUpdate.exe 3556 MicrosoftEdgeUpdate.exe 2968 MicrosoftEdgeUpdate.exe 1484 MicrosoftEdge_X64_125.0.2535.92.exe 1236 setup.exe 1716 setup.exe 2140 MicrosoftEdgeUpdate.exe 2816 RobloxPlayerBeta.exe 3668 RobloxPlayerBeta.exe 4812 MicrosoftEdgeUpdate.exe 1772 MicrosoftEdgeUpdate.exe -
Loads dropped DLL 32 IoCs
Processes:
cd57e4c171d6e8f5ea8b8f824a6a7316.execd57e4c171d6e8f5ea8b8f824a6a7316.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeRobloxPlayerBeta.exeRobloxPlayerBeta.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exepid process 3088 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 3088 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 3088 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 3088 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 3088 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 1416 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 1416 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 1416 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 1416 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 1416 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 544 MicrosoftEdgeUpdate.exe 5052 MicrosoftEdgeUpdate.exe 4216 MicrosoftEdgeUpdate.exe 5004 MicrosoftEdgeUpdateComRegisterShell64.exe 4216 MicrosoftEdgeUpdate.exe 388 MicrosoftEdgeUpdateComRegisterShell64.exe 4216 MicrosoftEdgeUpdate.exe 3624 MicrosoftEdgeUpdateComRegisterShell64.exe 4216 MicrosoftEdgeUpdate.exe 1852 MicrosoftEdgeUpdate.exe 436 MicrosoftEdgeUpdate.exe 3556 MicrosoftEdgeUpdate.exe 3556 MicrosoftEdgeUpdate.exe 436 MicrosoftEdgeUpdate.exe 2968 MicrosoftEdgeUpdate.exe 2140 MicrosoftEdgeUpdate.exe 2816 RobloxPlayerBeta.exe 3668 RobloxPlayerBeta.exe 4812 MicrosoftEdgeUpdate.exe 1772 MicrosoftEdgeUpdate.exe 1772 MicrosoftEdgeUpdate.exe 4812 MicrosoftEdgeUpdate.exe -
Registers COM server for autorun 1 TTPs 33 IoCs
Processes:
MicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exedescription ioc process Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\INPROCSERVER32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 MicrosoftEdgeUpdateComRegisterShell64.exe -
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.dll themida behavioral1/memory/3088-1543-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/3088-1546-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/3088-1544-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/3088-1545-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/3088-1551-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/3088-1562-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/3088-1598-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/3088-1620-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/3088-1622-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/3088-1645-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/3088-1649-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/3088-1653-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/3088-1665-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/3088-1669-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/3088-1690-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/3088-1696-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/1416-1831-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/1416-1834-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/1416-1832-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/1416-1833-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/1416-1836-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/1416-1838-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/1416-1840-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/1416-1842-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/1416-1843-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/1416-1845-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/1416-1847-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/1416-1849-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/1416-1886-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/1416-1939-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/1416-2101-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/1416-2471-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/1416-2505-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/1416-2550-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/1416-2564-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/1416-2709-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/1416-2854-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/1416-2867-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/1416-3117-0x0000000180000000-0x0000000180E54000-memory.dmp themida -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Processes:
cd57e4c171d6e8f5ea8b8f824a6a7316.execd57e4c171d6e8f5ea8b8f824a6a7316.exeRobloxPlayerInstaller.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA cd57e4c171d6e8f5ea8b8f824a6a7316.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA cd57e4c171d6e8f5ea8b8f824a6a7316.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA RobloxPlayerInstaller.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs
Processes:
flow ioc 45 raw.githubusercontent.com 74 raw.githubusercontent.com 75 raw.githubusercontent.com 10 raw.githubusercontent.com 11 raw.githubusercontent.com 33 raw.githubusercontent.com 34 raw.githubusercontent.com -
Checks system information in the registry 2 TTPs 12 IoCs
System information is often read in order to detect sandboxing environments.
Processes:
MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exedescription ioc process Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe -
Suspicious use of NtCreateThreadExHideFromDebugger 2 IoCs
Processes:
RobloxPlayerBeta.exeRobloxPlayerBeta.exepid process 2816 RobloxPlayerBeta.exe 3668 RobloxPlayerBeta.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 44 IoCs
Processes:
cd57e4c171d6e8f5ea8b8f824a6a7316.execd57e4c171d6e8f5ea8b8f824a6a7316.exeRobloxPlayerBeta.exeRobloxPlayerBeta.exepid process 3088 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 1416 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 2816 RobloxPlayerBeta.exe 2816 RobloxPlayerBeta.exe 2816 RobloxPlayerBeta.exe 2816 RobloxPlayerBeta.exe 2816 RobloxPlayerBeta.exe 2816 RobloxPlayerBeta.exe 2816 RobloxPlayerBeta.exe 2816 RobloxPlayerBeta.exe 2816 RobloxPlayerBeta.exe 2816 RobloxPlayerBeta.exe 2816 RobloxPlayerBeta.exe 2816 RobloxPlayerBeta.exe 2816 RobloxPlayerBeta.exe 2816 RobloxPlayerBeta.exe 2816 RobloxPlayerBeta.exe 2816 RobloxPlayerBeta.exe 2816 RobloxPlayerBeta.exe 2816 RobloxPlayerBeta.exe 3668 RobloxPlayerBeta.exe 3668 RobloxPlayerBeta.exe 3668 RobloxPlayerBeta.exe 3668 RobloxPlayerBeta.exe 3668 RobloxPlayerBeta.exe 3668 RobloxPlayerBeta.exe 3668 RobloxPlayerBeta.exe 3668 RobloxPlayerBeta.exe 3668 RobloxPlayerBeta.exe 3668 RobloxPlayerBeta.exe 3668 RobloxPlayerBeta.exe 3668 RobloxPlayerBeta.exe 3668 RobloxPlayerBeta.exe 3668 RobloxPlayerBeta.exe 3668 RobloxPlayerBeta.exe 3668 RobloxPlayerBeta.exe 3668 RobloxPlayerBeta.exe 3668 RobloxPlayerBeta.exe 2816 RobloxPlayerBeta.exe 2816 RobloxPlayerBeta.exe 2816 RobloxPlayerBeta.exe 3668 RobloxPlayerBeta.exe 3668 RobloxPlayerBeta.exe 3668 RobloxPlayerBeta.exe -
Drops file in Program Files directory 64 IoCs
Processes:
RobloxPlayerInstaller.exesetup.exeMicrosoftEdgeWebview2Setup.exedescription ioc process File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\VirtualCursor\cursorDefault.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\ExtraContent\textures\ui\LuaChat\icons\ic-bc.png RobloxPlayerInstaller.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.92\Locales\tr.pak setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\CollisionGroupsEditor\rename.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\FaceControlsEditor\checkbox_unchecked.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\ButtonRightDown.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Microsoft\Temp\EU167D.tmp\msedgeupdateres_uk.dll MicrosoftEdgeWebview2Setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.92\Locales\as.pak setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\icon_friendrequestrecieved-16.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\Keyboard\close_button_icon.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ViewSelector\background.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ViewSelector\right_hover.png RobloxPlayerInstaller.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.92\Locales\or.pak setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\AnimationEditor\icon_add.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ManageCollaborators\closeWidget_light.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\TerrainEditor\trianglesmallinverted.png RobloxPlayerInstaller.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\Locales\fi.pak setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\advClosed-hand.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\ExpandArrowSheet.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\Emotes\TenFoot\SegmentedCircle.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\Controls\XboxController\ButtonY.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\AppImageAtlas\img_set_2x_20.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\ExtraContent\textures\ui\LuaApp\graphic\gr-avatar [email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\models\ViewSelector\Corner.mesh RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\DeveloperFramework\Votes\rating_up_green.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\ExtraContent\textures\ui\LuaApp\graphic\Auth\gradient_bg.jpg RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\ExtraContent\textures\ui\LuaChat\icons\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\ExtraContent\textures\ui\LuaChatV2\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.92\Locales\hr.pak setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\clb_robux_20.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\dialog_green.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\ExtraContent\textures\ui\AvatarExperience\PPEWidgetBackgroundLightTheme.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\Settings\Slider\SelectedBarLeft.png RobloxPlayerInstaller.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\Locales\es.pak setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\ExtraContent\textures\ui\LuaApp\icons\GameDetails\social\Discord_large.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\ExtraContent\textures\ui\LuaChat\icons\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\TerrainEditor\volcano.png RobloxPlayerInstaller.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe.sig setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\AnimationEditor\icon_showmore.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\PublishPlaceAs\navigation_pushBack.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\RoactStudioWidgets\slider_bar_light.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\Controls\XboxController\[email protected] RobloxPlayerInstaller.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\edge_feedback\mf_trace.wprp setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\AnimationEditor\img_key_border.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\fonts\Oswald-Bold.ttf RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\TagEditor\famfamfam.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\TopBar\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\ExtraContent\textures\ui\LuaApp\icons\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\DevConsole\Info.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\PlatformContent\pc\textures\sky\indoor512_rt.tex RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\Controls\XboxController\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\Settings\MenuBarIcons\GameSettingsTab.png RobloxPlayerInstaller.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.92\Trust Protection Lists\Mu\CompatExceptions setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\Trust Protection Lists\Mu\TransparentAdvertisers setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\models\MaterialManager\smooth_material_model.rbxm RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\PlatformContent\pc\textures\wangIndex.dds RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\PerformanceStats\TargetLine.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.92\Locales\ru.pak setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\AnimationEditor\img_eventGroupMarker_border.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\Controls\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\Controls\xboxB.png RobloxPlayerInstaller.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.92\VisualElements\LogoBeta.png setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\Locales\nn.pak setup.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 8 IoCs
Processes:
chrome.exeRobloxPlayerInstaller.exechrome.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS RobloxPlayerInstaller.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer RobloxPlayerInstaller.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Processes:
RobloxPlayerInstaller.exedescription ioc process Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" RobloxPlayerInstaller.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player RobloxPlayerInstaller.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" RobloxPlayerInstaller.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox RobloxPlayerInstaller.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" RobloxPlayerInstaller.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio RobloxPlayerInstaller.exe -
Modifies data under HKEY_USERS 44 IoCs
Processes:
MicrosoftEdgeUpdate.exechrome.exechrome.exedescription ioc process Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs MicrosoftEdgeUpdate.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133625412874595189" chrome.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust MicrosoftEdgeUpdate.exe -
Modifies registry class 64 IoCs
Processes:
MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exeRobloxPlayerInstaller.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ = "IGoogleUpdate3" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\NumMethods\ = "4" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods\ = "9" MicrosoftEdgeUpdate.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}\InprocHandler32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ = "IAppCommandWeb" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ProxyStubClsid32 MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ = "IGoogleUpdateCore" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\NumMethods\ = "10" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.ProcessLauncher.1.0\CLSID\ = "{08D832B9-D2FD-481F-98CF-904D00DF63CC}" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.CoreMachineClass" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3} MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ = "IPolicyStatus4" MicrosoftEdgeUpdate.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\ELEVATION MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\NumMethods MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ = "IBrowserHttpRequest2" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods\ = "4" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32 MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD} MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdate.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\LOCALSERVER32 MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\ = "PSFactoryBuffer" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ProxyStubClsid32 MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\LocalServer32 MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\ProgID\ = "MicrosoftEdgeUpdate.Update3WebMachineFallback.1.0" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebSvc\CLSID\ = "{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84} MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837} MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\NumMethods\ = "26" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ = "IPolicyStatus" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ = "IAppBundle" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69} MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}\InprocHandler32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69} MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\ = "Google Update Policy Status Class" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\roblox\ = "URL: Roblox Protocol" RobloxPlayerInstaller.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ = "IPolicyStatus4" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ = "IGoogleUpdate3" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8F09CD6C-5964-4573-82E3-EBFF7702865B}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.CoreClass" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods\ = "24" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreMachineClass\ = "Microsoft Edge Update Core Class" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ = "ICoCreateAsync" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD} MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ = "IGoogleUpdate3Web" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine.dll" MicrosoftEdgeUpdate.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\VERSIONINDEPENDENTPROGID MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ = "IPolicyStatus" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachineFallback\ = "Microsoft Edge Update Update3Web" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}\ProgID\ = "MicrosoftEdgeUpdate.Update3WebSvc.1.0" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdateComRegisterShell64.exe -
Suspicious behavior: EnumeratesProcesses 29 IoCs
Processes:
chrome.exeSolaraBootstrapper.exechrome.exeSolaraBootstrapper.execd57e4c171d6e8f5ea8b8f824a6a7316.exechrome.exeRobloxPlayerInstaller.exeMicrosoftEdgeUpdate.exeRobloxPlayerBeta.exeRobloxPlayerBeta.exeMicrosoftEdgeUpdate.exepid process 2452 chrome.exe 2452 chrome.exe 4996 SolaraBootstrapper.exe 4996 SolaraBootstrapper.exe 4996 SolaraBootstrapper.exe 840 chrome.exe 840 chrome.exe 5032 SolaraBootstrapper.exe 5032 SolaraBootstrapper.exe 1416 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 1416 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 4296 chrome.exe 4296 chrome.exe 1256 RobloxPlayerInstaller.exe 1256 RobloxPlayerInstaller.exe 544 MicrosoftEdgeUpdate.exe 544 MicrosoftEdgeUpdate.exe 544 MicrosoftEdgeUpdate.exe 544 MicrosoftEdgeUpdate.exe 544 MicrosoftEdgeUpdate.exe 544 MicrosoftEdgeUpdate.exe 2816 RobloxPlayerBeta.exe 2816 RobloxPlayerBeta.exe 3668 RobloxPlayerBeta.exe 3668 RobloxPlayerBeta.exe 4812 MicrosoftEdgeUpdate.exe 4812 MicrosoftEdgeUpdate.exe 4812 MicrosoftEdgeUpdate.exe 4812 MicrosoftEdgeUpdate.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
Processes:
chrome.exechrome.exepid process 2452 chrome.exe 2452 chrome.exe 2452 chrome.exe 2452 chrome.exe 4296 chrome.exe 4296 chrome.exe 4296 chrome.exe 4296 chrome.exe 4296 chrome.exe 4296 chrome.exe 4296 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exeSolaraBootstrapper.exedescription pid process Token: SeShutdownPrivilege 2452 chrome.exe Token: SeCreatePagefilePrivilege 2452 chrome.exe Token: SeShutdownPrivilege 2452 chrome.exe Token: SeCreatePagefilePrivilege 2452 chrome.exe Token: SeShutdownPrivilege 2452 chrome.exe Token: SeCreatePagefilePrivilege 2452 chrome.exe Token: SeShutdownPrivilege 2452 chrome.exe Token: SeCreatePagefilePrivilege 2452 chrome.exe Token: SeShutdownPrivilege 2452 chrome.exe Token: SeCreatePagefilePrivilege 2452 chrome.exe Token: SeShutdownPrivilege 2452 chrome.exe Token: SeCreatePagefilePrivilege 2452 chrome.exe Token: SeShutdownPrivilege 2452 chrome.exe Token: SeCreatePagefilePrivilege 2452 chrome.exe Token: SeShutdownPrivilege 2452 chrome.exe Token: SeCreatePagefilePrivilege 2452 chrome.exe Token: SeShutdownPrivilege 2452 chrome.exe Token: SeCreatePagefilePrivilege 2452 chrome.exe Token: SeShutdownPrivilege 2452 chrome.exe Token: SeCreatePagefilePrivilege 2452 chrome.exe Token: SeShutdownPrivilege 2452 chrome.exe Token: SeCreatePagefilePrivilege 2452 chrome.exe Token: SeShutdownPrivilege 2452 chrome.exe Token: SeCreatePagefilePrivilege 2452 chrome.exe Token: SeShutdownPrivilege 2452 chrome.exe Token: SeCreatePagefilePrivilege 2452 chrome.exe Token: SeShutdownPrivilege 2452 chrome.exe Token: SeCreatePagefilePrivilege 2452 chrome.exe Token: SeShutdownPrivilege 2452 chrome.exe Token: SeCreatePagefilePrivilege 2452 chrome.exe Token: SeShutdownPrivilege 2452 chrome.exe Token: SeCreatePagefilePrivilege 2452 chrome.exe Token: SeShutdownPrivilege 2452 chrome.exe Token: SeCreatePagefilePrivilege 2452 chrome.exe Token: SeShutdownPrivilege 2452 chrome.exe Token: SeCreatePagefilePrivilege 2452 chrome.exe Token: SeShutdownPrivilege 2452 chrome.exe Token: SeCreatePagefilePrivilege 2452 chrome.exe Token: SeDebugPrivilege 4996 SolaraBootstrapper.exe Token: SeShutdownPrivilege 2452 chrome.exe Token: SeCreatePagefilePrivilege 2452 chrome.exe Token: SeShutdownPrivilege 2452 chrome.exe Token: SeCreatePagefilePrivilege 2452 chrome.exe Token: SeShutdownPrivilege 2452 chrome.exe Token: SeCreatePagefilePrivilege 2452 chrome.exe Token: SeShutdownPrivilege 2452 chrome.exe Token: SeCreatePagefilePrivilege 2452 chrome.exe Token: SeShutdownPrivilege 2452 chrome.exe Token: SeCreatePagefilePrivilege 2452 chrome.exe Token: SeShutdownPrivilege 2452 chrome.exe Token: SeCreatePagefilePrivilege 2452 chrome.exe Token: SeShutdownPrivilege 2452 chrome.exe Token: SeCreatePagefilePrivilege 2452 chrome.exe Token: SeShutdownPrivilege 2452 chrome.exe Token: SeCreatePagefilePrivilege 2452 chrome.exe Token: SeShutdownPrivilege 2452 chrome.exe Token: SeCreatePagefilePrivilege 2452 chrome.exe Token: SeShutdownPrivilege 2452 chrome.exe Token: SeCreatePagefilePrivilege 2452 chrome.exe Token: SeShutdownPrivilege 2452 chrome.exe Token: SeCreatePagefilePrivilege 2452 chrome.exe Token: SeShutdownPrivilege 2452 chrome.exe Token: SeCreatePagefilePrivilege 2452 chrome.exe Token: SeShutdownPrivilege 2452 chrome.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
chrome.exechrome.exepid process 2452 chrome.exe 2452 chrome.exe 2452 chrome.exe 2452 chrome.exe 2452 chrome.exe 2452 chrome.exe 2452 chrome.exe 2452 chrome.exe 2452 chrome.exe 2452 chrome.exe 2452 chrome.exe 2452 chrome.exe 2452 chrome.exe 2452 chrome.exe 2452 chrome.exe 2452 chrome.exe 2452 chrome.exe 2452 chrome.exe 2452 chrome.exe 2452 chrome.exe 2452 chrome.exe 2452 chrome.exe 2452 chrome.exe 2452 chrome.exe 2452 chrome.exe 2452 chrome.exe 2452 chrome.exe 2452 chrome.exe 2452 chrome.exe 2452 chrome.exe 2452 chrome.exe 2452 chrome.exe 2452 chrome.exe 2452 chrome.exe 4296 chrome.exe 4296 chrome.exe 4296 chrome.exe 4296 chrome.exe 4296 chrome.exe 4296 chrome.exe 4296 chrome.exe 4296 chrome.exe 4296 chrome.exe 4296 chrome.exe 4296 chrome.exe 4296 chrome.exe 4296 chrome.exe 4296 chrome.exe 4296 chrome.exe 4296 chrome.exe 4296 chrome.exe 4296 chrome.exe 4296 chrome.exe 4296 chrome.exe 4296 chrome.exe 4296 chrome.exe 4296 chrome.exe 4296 chrome.exe 4296 chrome.exe 4296 chrome.exe 4296 chrome.exe 4296 chrome.exe 4296 chrome.exe 4296 chrome.exe -
Suspicious use of SendNotifyMessage 48 IoCs
Processes:
chrome.exechrome.exepid process 2452 chrome.exe 2452 chrome.exe 2452 chrome.exe 2452 chrome.exe 2452 chrome.exe 2452 chrome.exe 2452 chrome.exe 2452 chrome.exe 2452 chrome.exe 2452 chrome.exe 2452 chrome.exe 2452 chrome.exe 2452 chrome.exe 2452 chrome.exe 2452 chrome.exe 2452 chrome.exe 2452 chrome.exe 2452 chrome.exe 2452 chrome.exe 2452 chrome.exe 2452 chrome.exe 2452 chrome.exe 2452 chrome.exe 2452 chrome.exe 4296 chrome.exe 4296 chrome.exe 4296 chrome.exe 4296 chrome.exe 4296 chrome.exe 4296 chrome.exe 4296 chrome.exe 4296 chrome.exe 4296 chrome.exe 4296 chrome.exe 4296 chrome.exe 4296 chrome.exe 4296 chrome.exe 4296 chrome.exe 4296 chrome.exe 4296 chrome.exe 4296 chrome.exe 4296 chrome.exe 4296 chrome.exe 4296 chrome.exe 4296 chrome.exe 4296 chrome.exe 4296 chrome.exe 4296 chrome.exe -
Suspicious use of UnmapMainImage 2 IoCs
Processes:
RobloxPlayerBeta.exeRobloxPlayerBeta.exepid process 2816 RobloxPlayerBeta.exe 3668 RobloxPlayerBeta.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 2452 wrote to memory of 4052 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4052 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4124 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4124 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4124 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4124 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4124 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4124 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4124 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4124 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4124 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4124 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4124 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4124 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4124 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4124 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4124 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4124 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4124 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4124 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4124 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4124 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4124 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4124 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4124 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4124 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4124 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4124 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4124 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4124 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4124 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4124 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4124 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4928 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4928 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4576 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4576 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4576 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4576 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4576 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4576 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4576 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4576 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4576 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4576 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4576 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4576 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4576 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4576 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4576 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4576 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4576 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4576 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4576 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4576 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4576 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4576 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4576 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4576 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4576 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4576 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4576 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4576 2452 chrome.exe chrome.exe PID 2452 wrote to memory of 4576 2452 chrome.exe chrome.exe
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/quivings/Solara/raw/main/Files/SolaraB.zip1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2452 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe1ce8ab58,0x7ffe1ce8ab68,0x7ffe1ce8ab782⤵PID:4052
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 --field-trial-handle=1868,i,15774972159347748676,7645346286627329412,131072 /prefetch:22⤵PID:4124
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1868,i,15774972159347748676,7645346286627329412,131072 /prefetch:82⤵PID:4928
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2232 --field-trial-handle=1868,i,15774972159347748676,7645346286627329412,131072 /prefetch:82⤵PID:4576
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2988 --field-trial-handle=1868,i,15774972159347748676,7645346286627329412,131072 /prefetch:12⤵PID:4836
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3296 --field-trial-handle=1868,i,15774972159347748676,7645346286627329412,131072 /prefetch:12⤵PID:436
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4596 --field-trial-handle=1868,i,15774972159347748676,7645346286627329412,131072 /prefetch:82⤵PID:3320
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4652 --field-trial-handle=1868,i,15774972159347748676,7645346286627329412,131072 /prefetch:82⤵PID:4824
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4596 --field-trial-handle=1868,i,15774972159347748676,7645346286627329412,131072 /prefetch:82⤵PID:844
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2108 --field-trial-handle=1868,i,15774972159347748676,7645346286627329412,131072 /prefetch:12⤵PID:2716
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4280 --field-trial-handle=1868,i,15774972159347748676,7645346286627329412,131072 /prefetch:12⤵PID:1612
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=736 --field-trial-handle=1868,i,15774972159347748676,7645346286627329412,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:840
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:1348
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:3988
-
C:\Users\Admin\Downloads\SolaraB\SolaraB\Solara\SolaraBootstrapper.exe"C:\Users\Admin\Downloads\SolaraB\SolaraB\Solara\SolaraBootstrapper.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4996 -
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"2⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:3088
-
C:\Users\Admin\Downloads\SolaraB\SolaraB\Solara\SolaraBootstrapper.exe"C:\Users\Admin\Downloads\SolaraB\SolaraB\Solara\SolaraBootstrapper.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
PID:5032 -
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"2⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
PID:1416
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4296 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe1ce8ab58,0x7ffe1ce8ab68,0x7ffe1ce8ab782⤵PID:3796
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:22⤵PID:4132
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1948 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:82⤵PID:2748
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2244 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:82⤵PID:3692
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3104 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:12⤵PID:612
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3144 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:12⤵PID:5052
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4036 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:12⤵PID:1644
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4552 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:82⤵PID:1684
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4656 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:82⤵PID:852
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4804 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:82⤵PID:1000
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4956 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:82⤵PID:2708
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:82⤵PID:3664
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4420 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:82⤵PID:1404
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4612 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:82⤵PID:1792
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5028 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:12⤵PID:316
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4968 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:12⤵PID:1072
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5104 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:12⤵PID:224
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4792 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:12⤵PID:4152
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4552 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:82⤵PID:4984
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5072 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:82⤵PID:4992
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4988 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:82⤵PID:1852
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4616 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:82⤵PID:1964
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4764 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:82⤵PID:4148
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:82⤵PID:1508
-
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"2⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Drops file in Program Files directory
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:1256 -
C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exeMicrosoftEdgeWebview2Setup.exe /silent /install3⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:3676 -
C:\Program Files (x86)\Microsoft\Temp\EU167D.tmp\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\Temp\EU167D.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"4⤵
- Sets file execution options in registry
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Suspicious behavior: EnumeratesProcesses
PID:544 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc5⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:5052 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver5⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:4216 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:5004 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:388 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:3624 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RjY4REYzMUItQzgyMC00OTNCLTk5QTQtQzc0QTdBRUIwRDdBfSIgdXNlcmlkPSJ7RTgwNTU5MzktNjM3MS00RTU1LTg5RTItQ0FFNkM2NTFFMTNDfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntDMDFFNkJGMC05NzNELTQ0NTEtOTJGMC04RkI0MkMxNzk1MDh9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7c0c5REo2TTNmWmtQN0NFTFdHbkR4Qyt3YVJhUUV1RUx2TElmWGsvTUF0Yz0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0Ny4zNyIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc3MjkwODY4NDYiIGluc3RhbGxfdGltZV9tcz0iMTE4MiIvPjwvYXBwPjwvcmVxdWVzdD45⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:1852 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{F68DF31B-C820-493B-99A4-C74A7AEB0D7A}" /silent5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:436 -
C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe"C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe" -app -isInstallerLaunch3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:2816
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:220
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Modifies data under HKEY_USERS
PID:3556 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RjY4REYzMUItQzgyMC00OTNCLTk5QTQtQzc0QTdBRUIwRDdBfSIgdXNlcmlkPSJ7RTgwNTU5MzktNjM3MS00RTU1LTg5RTItQ0FFNkM2NTFFMTNDfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins1OTFBNDI2Ni1DNEY5LTRFOEUtOTc1QS04ODJBNTg1NDc0Mzh9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTEwLjAuNTQ4MS4xMDQiIG5leHR2ZXJzaW9uPSIxMTAuMC41NDgxLjEwNCIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc3MzUwNDcxNzUiLz48L2FwcD48L3JlcXVlc3Q-2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:2968 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{66F0BBDA-83E4-48C5-B030-8B25B98B67E0}\MicrosoftEdge_X64_125.0.2535.92.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{66F0BBDA-83E4-48C5-B030-8B25B98B67E0}\MicrosoftEdge_X64_125.0.2535.92.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level2⤵
- Executes dropped EXE
PID:1484 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{66F0BBDA-83E4-48C5-B030-8B25B98B67E0}\EDGEMITMP_708F9.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{66F0BBDA-83E4-48C5-B030-8B25B98B67E0}\EDGEMITMP_708F9.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{66F0BBDA-83E4-48C5-B030-8B25B98B67E0}\MicrosoftEdge_X64_125.0.2535.92.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level3⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:1236 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{66F0BBDA-83E4-48C5-B030-8B25B98B67E0}\EDGEMITMP_708F9.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{66F0BBDA-83E4-48C5-B030-8B25B98B67E0}\EDGEMITMP_708F9.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.142 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{66F0BBDA-83E4-48C5-B030-8B25B98B67E0}\EDGEMITMP_708F9.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=125.0.2535.92 --initial-client-data=0x22c,0x230,0x234,0x208,0x238,0x7ff668504b18,0x7ff668504b24,0x7ff668504b304⤵
- Executes dropped EXE
PID:1716 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RjY4REYzMUItQzgyMC00OTNCLTk5QTQtQzc0QTdBRUIwRDdBfSIgdXNlcmlkPSJ7RTgwNTU5MzktNjM3MS00RTU1LTg5RTItQ0FFNkM2NTFFMTNDfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntFODVBRkMwMC1BOTE3LTQ3NUMtQkIxNy01ODBFQ0FGRTgwRkF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTI1LjAuMjUzNS45MiIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9Ii0xIiBpbnN0YWxsZGF0ZT0iLTEiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzc0NDc1NzM2MyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc3NDQ4Njc0ODQiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4MDE0Nzc2ODgzIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuZi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy8xOTlkNmIyMi02ZjhlLTQ2MjAtODAyOS1mN2UzYTJhM2ZkZWE_UDE9MTcxODY3MjgwMiZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1hN2t5WEIwZ1l3MXRBRkJTNVlrYWtqMTFqcmlnSElweTltcDB3cUklMmJFd0dYZEl3U281dzUyM05BOHJISXglMmZONmlTZVlhdnhac2Myd1FmR1JjN0h4MXclM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzM4MTA3NTIiIHRvdGFsPSIxNzM4MTA3NTIiIGRvd25sb2FkX3RpbWVfbXM9IjIwMzcxIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODAxNDg1NzI4NiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjgwMjkzMzcxNTUiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9Ijg0NzM1NjczNTMiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSI0MDciIGRvd25sb2FkX3RpbWVfbXM9IjI2OTgwIiBkb3dubG9hZGVkPSIxNzM4MTA3NTIiIHRvdGFsPSIxNzM4MTA3NTIiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjQ0NDIxIi8-PC9hcHA-PC9yZXF1ZXN0Pg2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:2140
-
C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe"C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:3668
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:4812
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:1772
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.92\Installer\setup.exeFilesize
6.9MB
MD5d42926508ba6626be0143a2aa5275ba9
SHA1ca2b45426611211dcd47fe66c9255ab81b843943
SHA2569595008f51be8ca7c82618c84d30f0a7fdac9fe7433b806af504da0d38aef10a
SHA51253aabfbf20389f4d28746c41109b5a194ed5d21521fa67042bd5a0fb38407e877bed5481a7502bec848a54d0fd4e33b09e3c6bc47a576f8e14a4458c64bc14e2
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exeFilesize
201KB
MD54dc57ab56e37cd05e81f0d8aaafc5179
SHA1494a90728d7680f979b0ad87f09b5b58f16d1cd5
SHA25687c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718
SHA512320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b
-
C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exeFilesize
5.3MB
MD5d6ec3ffe6c3b16f94d459947f56cab5f
SHA1f6a05ce1e412ac4273ad362ab9ff8c314bb80747
SHA25687eb356a07a15634ab05fd847c70f26fcd9ff745dc62afaa4404d6fc5206eaf9
SHA5129a3c46f18b8527bdc02e5a0a442b9bd08326e2f59e40e80e555f3193dac5e649526e27259f1dee7260b9b66642a0aefeac9d7854a2024451db398cb078ffa484
-
C:\Program Files\MsEdgeCrashpad\settings.datFilesize
280B
MD586fd4e8c269df6b0d1104e0668eadae2
SHA1fcf7f9289bf151a4ac99f0ca8d9af1170d01b018
SHA256e2cc44c9724aaba3e03a8fdeb9af10e4c28e65e79ed81f15a90de3fadd83c07c
SHA51299986f5d036133d373218f26a22aab7ff6b616a3e6839b8b0a840426dd42fe9fa05e255b7019d833d300d374f5d1115ef2e3725cd134416eb407cbad83b2d076
-
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.logFilesize
88KB
MD5c5c924179838003e01ad5c7f4f730b9d
SHA118eb04a048d05bae88fe03eae42adbe5c953ef4f
SHA25693c370b788be1619c57e28d80454f89dfe03020e3b31c40055e76fb70835aff8
SHA51216dfb2313ce5b5ee62a859653d3581586c983e94d96bce330cd014e5a7210735b891f3bd3dcdc08f2d4c283757188beb36418c797a52a54acc3c9278c7891bf5
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.datFilesize
40B
MD5d0df793c4e281659228b2837846ace2d
SHA1ece0a5b1581f86b175ccbc7822483448ec728077
SHA2564e5ceefae11a45c397cde5c6b725c18d8c63d80d2ce851fa94df1644169eafc9
SHA512400a81d676e5c1e8e64655536b23dbae0a0dd47dc1e87e202e065903396e6a106770cec238093d748b9c71b5859edf097ffff2e088b5b79d6a449754140a52ad
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0Filesize
44KB
MD53eedd3b5538ed7c9bc5b86270e48d608
SHA10f281e898e33f5ce5bd639ab58ecdc7dc5259dcc
SHA256ccd68a3536a8dc2555177dbd37f65dde93b8338f01971fde5ccc5f09347d9bca
SHA512b1d34094f3ea10ac8a448445c8ad746f754fd3107544ac91cd1a5891b03fb5aa3c8ee5ed6f515f2b15d6baf556c12ce1e29944a775dd99492573e83a8921e7ef
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1Filesize
264KB
MD553edc02ca5b0a735d6f70d60c6b1b16d
SHA17331326644655c726d72cf310331c3886d7ee136
SHA256008df1128d47a52263510cff368c5be47997ce72689da83b20ce72c67dc866ae
SHA51207cad14fba9462694fe7acb9d94e816d2fcdd290d3dae8333334f93b3855cb433d6644343c7a3f64773c3ac89788b8aef81b496244508536db17aa79f940d9bf
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2Filesize
1.0MB
MD555c1dd8240457c56907255cd086a7bf3
SHA14cec7f24361ac554e8a521bb3b067973c68986f0
SHA256f290f03028d8897ed18c6bcf59699a8d682706ffdcb617c10697872e7282c617
SHA5129c2470a458b8ddd2e04a0ff0626e47dcd1baf3212538f5dcc4d7640d04707fc29f5e9ac91db5bb6622a5c50138930e3a80cfcb3cbd82a703232b603de61eedd1
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3Filesize
4.0MB
MD5b3208f47b9b645da26c071555b2eae5d
SHA105e1d25754c4c77f56cb824a20013fed486fd21b
SHA256bcf262893d1a20e0543a8f91897d23715d6e78c07a02c82eeb7c22e4a1e0b153
SHA512e2fe9f6db1f5d46c8626e17fc254809e4a8588348a1eb9eddb8ef1890ddf5096bcfe3d020f0d5de39408a470c7ef9b07ec5530351b8491a89534ea8332922bd4
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005Filesize
202KB
MD56a16cbefd2e29c459297b7ccc8d366ad
SHA140da0213a9e5ea4cb6948f4a8e92b5e8b97e6cfe
SHA2569462da5aa6e2a762b02a24b7305bac86349e5b5ea182d36fd6a163de550cde60
SHA5126a9de0231f9987554a20208a89c6c802d28c57ecb6f9e95771c94156b65c61ac1e18298ce6d3f0559d3a08052845cc2014dab335e119fde731d745e4857b7d74
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006Filesize
24KB
MD51fc15b901524b92722f9ff863f892a2b
SHA1cfd0a92d2c92614684524739630a35750c0103ec
SHA256da9a1e371b04099955c3a322baee3aeee1962c8b8dabe559703a7c2699968ef4
SHA5125cdc691e1be0d28c30819c0245b292d914f0a5beaed3f4fc42ac67ba22834808d66a0bfc663d625274631957c9b7760ada4088309b5941786c794edad1329c75
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007Filesize
24KB
MD5e3b6738bb9d0911f9f90c60d1d8ab00d
SHA1cfc99af0437930ace419f299442f915d028586c4
SHA2569d8f9d8a9d19e4663539843a7b1d9c8131cf3209e6b3b070bc70843300e5900f
SHA5127b5b09772d42a63a907d9a06f6afba0b69e0a82458a212612fada31d21ef22036d867c9c00cabaddbdbb387920d336bf51ab16ae2ebd725f82bd9f531abd074a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008Filesize
43KB
MD55e99f5fa54ddede154b3b707f25e30ad
SHA1982b7f4b411bd6e079e00e039a2b43915302e35f
SHA256f3f789870aa7543f19fc8f82546c84a56593b73200405ee618114b10ed333bb9
SHA5121602ef1c0e70eb71fb0f5740b27e8a81943a1d00ff4f2eaf4cc094a2430c43a53b486469b0aae7f60ea53bb6f224ce86215e37a869c57a918afe5f1592a568fd
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009Filesize
57KB
MD5bbc49a399e1dfd7325763cdad8bc0f70
SHA10a63706e3d9e0065ce805c5ae9059a737c5f55e0
SHA256c66dacc1368667ed58a01e096d78ce6130b8d03e91d33e34c9f5535396374b44
SHA512d7d180c6403e4b4c462e9ad959af8767fdfdb8d89e5a9d76ea7a66b19e65e5eeaaf4f6ed0dc05cbfa0cc2e4cc423bbb575d386fc3b08b8e6ec556339a9ed4dff
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000aFilesize
33KB
MD5b3a346859804d8d466aee19475595a01
SHA11e1211e0aa4087ade1797c8c25356e36dd50156e
SHA25686a2e32f8e8d9913d9736a720988737ebde11a98366f61535d03ea2541d051e2
SHA5121218fb57b2f4138a5935121848fc7cba6b27e216db736fd4ddaf302ce90a190c396708d5ec570790af2c171b31baa7aa49fe2120949f354c3339707a6d3deb4b
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000bFilesize
35KB
MD543c36f673477b4331deb10e5085e85f7
SHA176b4149f14e53abd4a0dc375ae581313569acfd3
SHA25601c80838c9a69f86b7f21f096dc3774f045ac0a5308ce1eff541b608db3c6375
SHA512289086938109e658a6575c09fe80adff08f68758fef44955e4b5c477d281ea1eefa588da629b4e90a7a5d9111cf9d53ae487fe27255458d8eb478fcd6d6d53a5
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000cFilesize
35KB
MD5a81d21a19a84def8fa1677f23e32cf92
SHA18b03d0a32b2acfc0a9f4e59d6d4dcb0a76aa13f7
SHA256303a1e1afe228e6ea0ed6434800695f4ffb72116dc4d957bb5806ae0ce3fe446
SHA512a60cefc2663a9791f3f410b0b1c7a91e18e36cbcca75902531f55da8289f9052e3d3a516b17a805c21397802be1873f320acfb584442dbf385ddd3f98a389d35
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000dFilesize
34KB
MD5211eb522e1bb0d8f41ab7d026fac7f50
SHA1ba1c4aed63ad2903b561c149d3e1de84f150ef87
SHA25604163201d4ace3396e9a264604d7394bcfb9199c679a21ab28eb23b294c18ef7
SHA512c1c075752350bdc8a5c986109f00dea451a0cddacdca71e64c73b1ddd43a1cfc0afbf166e1554818b58fc452edd9b80d2bd813374f3ebd8df251c0b7d678eeeb
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000eFilesize
38KB
MD57b83640b9b17601fa91384c903488b0e
SHA196f03aff69f6dd77d3731f71a73c4b35542cf4f4
SHA25647a68818e0bb722ba86007127ae8c8c14258380696757c9fee22278b88c55a23
SHA512f33a5fd6eb6c7561c0f7eb314a5bf64e33ed742d43f0fc0f373a5018c760665bbbcf5db670476a2d7fe3656b64c684c2a081f2e1b5b365bebb998b009aa5b855
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
168B
MD55e2a80ee9d22b378ac69157a5a72e6a5
SHA122b496a62a05776e1cda71aaf238eab31f496a07
SHA256b17d55ffd0467f48b7c31254735f148a714361b5438d4107c9dcdf39c111f1ab
SHA512134020090d97f139e08118f0fd89a13e5533caf791b48c569da3dfd0a91656c132d75e538435e1f79187ffc67c2c3e9bde6d0db403322c060ca3c7e289202ca9
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
168B
MD52ca1fbe9679f97b39c6339b0037cc723
SHA194c6904738564e2dab730721ba88ad4f72844b61
SHA25638b2965013c9d90652e8611d448f9358f714499be8585388f64846d048fbdd6e
SHA512fded1fb44f1cbbb1686439d03e8dd060e5469025c700f89b9d381da69e9d3bcf67c17dd30728b98eb25fd26f522049abd9e26e593ca3163d3bdb214dfad1350f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
3KB
MD5cbc13b1d5e44e15e6379a3749e4d5c32
SHA1e5510276e63c9511a5e60dd0a5052c21931c1980
SHA256b2f0631f61f5fbcd99d42ab07d715eb103d31cd9966b84c64b7b43a0c6d99244
SHA512d25df547cac6f0cc88e1138835d58d9fad9323cef77f7fd994478b1e396b07287df4fa968891080cbe3edf13c2bc1132b64634b05359057580fa50f003b3032d
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
168B
MD58d9b4efd799b97e7d7fbb09010318413
SHA125e090a590172dd284eeb3954c1d04e08c0e3c93
SHA256b16c76ae05701af63f6245864ffb8626f14b144a35e85d83d7d62beaf9d32cd0
SHA51208d4598157e9cb50a55388c8b786563754a413adcc0fa0588c5b9acf87a71f0b14fa5ce95ecf7f6513414ae31d50821fd4e7ec9404e7747b53f2ec47427fb5a3
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\HistoryFilesize
152KB
MD552f33e51cf6cf0689e7cf610361a5e0a
SHA18b9f3870ef153f4a0d827639b8a1a73908292cdc
SHA256f248d0fff48a1f6c285d47d311a0df3b6146bae82625bd3a169c74de78e854ee
SHA512f00cbb23d8a29231e071c8e44716beae66308ab529697d08ed18728d156a2f08d7a9d03bf4dcca15cbfe4e8d2fd79dafd91550a1991d50be17d5fe9129749e53
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesFilesize
20KB
MD52e46c951b072088d4217dbee733ceb63
SHA11c9dc00cda65ed9ec61ad81397de6d13055c6206
SHA256aff654153608a38ad3923ea3dc997fdecc591cae3ec67a2af7f55e88fc1bd3b3
SHA512de11b95173299c96e28db3abef20d3c0b654e0e8117763d1904b9f4d841a35edb7da9bbd1c20085af372a8fe44ec68e1399876d4c297a7e137633b36c10b4f88
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
1KB
MD509cdd6328eabc63ff15796d3678c7a10
SHA14693cbc9cf8365bdd1ad3c6e5fde89fc937b2eb5
SHA256098e5cc6eaa8ea33818fa6711f6e2f8c10d2d215aca81770d6ca04e2704b46ba
SHA5122d7cd2993d918a5e177fa4b637800d9e0c9f09e46200e1cfbb0fb1bc5344136f8921deb9232ab93b09c5b9f059a8f5fb13450f86cec41fa6663a31b61eb1b817
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
1KB
MD5fed61f6b6abae37d01cf56bd02cddbf2
SHA111b1c5092821a7d89dadd76579c918c323eba578
SHA2565d4949873cd5e9123b83d57de02c36cf1586ed06ae003089107c8356766d93a4
SHA512cedc70afbb5731aaf42c71d8a8aca7db2a523701d9a4dd27202f81f60b84bec83dc49d619a67aa0220072ff2dbad4dd9ac048745655bf0a4eba1f7a466c77174
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
5KB
MD534aa2375d9e5a2a43e286ad8b142e37e
SHA1aee00acaef33047f515d48c515985015a0c09f2d
SHA256ad3ea68b887799f08e83b678cb5f86b5071052902fb175e5810f2f540ec6fbe8
SHA5126dee6ed6f5d49bc79e548b9dcad2b1b2fe7b49b9355f7e1b23879ad616ef677e9642c32fb62948f63f0b52f7df539d9556710b1d8d957482a4a36239797c1ff1
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending ReportsFilesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
689B
MD5f31102dd5334e9d5682c64ac56a63a45
SHA1d3077d38650b0daf732c9fcfbffd9ad56ed14488
SHA2561958b44356facd74314aca533dab1587d5a2ee2b0048adcc0757467481d0050d
SHA51296f33b85ef44062f07ccdfe9327648435250904ce332fe190345c9002e107505994b7f11cda5f84cb02c720f3fb67e68f7c9ddd28376a6b6e6761396b91e7182
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
689B
MD5bbe440b11d35f762efcaf9ac61c380f0
SHA14d8aef277c5aeab27ead446831aca999acea21ab
SHA25675f704b58d57758a556f776c7fdf0ef021b0f4bd9ed2ebac145f1bcd9b3049d7
SHA51282796d83421893b518615a79f6569ef99d7155beee50f965e8c35a8d63a8de7389b54aa6bd4721dbed1fc19c851d3d4740ea6feacefc1025562355a1b2fabd29
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
689B
MD56fa2872ef345a916e67d9f9160e10e1c
SHA13e06569a3c9b5f96da297e1951f213b3f9758daa
SHA256a60e376d8cdd96418b83d9da7a549380275439c8e4fed9c42aa76101439be428
SHA5127b4e09931b2e9c997d114978af5cba54aa484da13c9551bd6974f460221293be1d2e8609e46a8354c5a80d33415f740a63e796628cfed2f0352b31f9b3355287
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD52f91f3fa311d695c33a5a17dfcadb95b
SHA1358ea47ead4cde33b6a84c161e30c145c3bb447f
SHA256624a36ef2c76469fe0d1ff4698ea340dd17fd92a8c976cc403d037eabb7c15a8
SHA5125b257676c61f8f2ed3feb583ad7ac45050bc4439131266551fa5f232fb26b3e027cf6023d6b1a67bda7df7f7f77b921e070e9c856c774d3ac9fef98ed1ffd5ad
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
2KB
MD5174633537d11987067c354e2971744d5
SHA17ad451af6807eefd572e3cf3f94a53ac9dfc1dee
SHA25628c01a96fa625ff1a480afd2ab8f4da07af7a61d7fa77615c6dc680414be917c
SHA512beaca296d20acefed29363b909cf7469829f7e3d578cd55cfdc9bf9a31df1e5c53bbcab3f679abcf14c2fc5eecf946826213de4dd0a0090e9bfdd4b9294d146a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
2KB
MD56d23898e25008a63c2fd1261751c7009
SHA142c89fec5f1c2a3adb511312b365f39720889217
SHA256f3af96545ea312ba0e74bb4c7e61cfa6f957c224c28a6812db1c394f1aae4797
SHA5125a441cd6ada8039f189d20f45ec87efa89d25bdd363f0add0ccbd6f47797c860b4104bcfeb8b5f3e09f97937f1f09e870c2416d6dafd19d95c996a79c0a3fc6f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
2KB
MD54181a6b3d15081ebc44b1baaeef01be4
SHA11e3bc3784dc59e2b42b5eb7f2aa8c3bea841aa45
SHA25629b85df8e4819352dcf1375917be483fdbbec764e99021dd6cbe48c13cc8fe8a
SHA5127e5ae7b9f15ec2a82692ad1c765b77ef470c96a08a61cccedc9f1114de6b2bbb2cb077d27b735e889f12a7c85893de09b05112fffc256d68f713ff58c0d7e31d
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD5330f1657117a7d803a76f0e64fda17dd
SHA113e32a559b89be2a74bc5cd80e14af6b15ee7383
SHA2565bd02f3e5c6b0b8090877370504920c2c145fcc601a725b266d66c7bcd9215e9
SHA5120eed7a38a21c5c3e95d0d055e417970ec46d9ce60e38bcfeabf6591b20807380cddf4212c0efe917589aab656151e10b00e207979e878e8674abba2f1e48b603
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD57b4014d431521e3af64aa1843946b09c
SHA17f3fe89d37748e939c0110ee6560220e80ff33e5
SHA25624d74173c1bbcd9fd0cadf68e3ab5c85dc54ab12195255cd74fcc387e694dc53
SHA512471eddc55a5d35bf5f52d87a87af4ba3a2573f2add53940e75a747fca84106b94f41e07e41b85612c77b577ccabdd8487650ade88f6304b5516756f88af22269
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD5e48d5359c57726054cf6a7d56335ffb5
SHA1ca8ae7e9a3d59c77c7c48a35353d765a5cbdff67
SHA256c48d420849a4c3ff209365c017cb47549aa3d6de37e1e21a3025c94f53e848db
SHA512d97c8fd590425a656399e211cecabe714d9ca4cc1d0ae97ebb7c1d51cf588b93bb5dcc29c41c2a3d132d0cad3e0c6a879b09ef0d4f8a5b740d550bdb68c8bd16
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD550ae16ba8d7e92cc7dd7b5e2744f2dd5
SHA1aa572ce2e2944e31fd8d7b3873bff135810f377f
SHA2563d3aac9da64619a864c80d58c2f159dc7166fee2c94eb219369477b5881bb094
SHA512b20e0b376a81a09017d73e97f792c8befe326bb9e86fdefd87817bf4f9879cb43dcf6b95eef8a7dc8603ff9f505bd48b097b1c5d55337578aa7d4f8713065daf
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
8KB
MD52e5fa4bc4a29611e59c903c67b95f585
SHA1af94601175a397bacaf912a11b10d8b6a2234180
SHA256c323f7d695218ece960401a37946d11c2201d0ebd1252f9c234868f066be6ac6
SHA512c8bb6c67a9df54f45e3e859a980260175e147eda943894254ad1913989cb7f41c118a21b0a347be69ac2f9c1a0e3dee8ef1f2036ab782f03078524280e1ceed8
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
8KB
MD59f5db8860f49a14f86e60658ff9ee7ef
SHA1d7aae506a4b2a10077776c32f5bcde4204e03fb3
SHA2561a0ac8a7050a7a8243aefaf2b4f687809ba60e253880f5e4171d7eb05476c588
SHA5123c6d5217690982e3836c3136989f822ad9366a74a16b26e3276ccfa5cd86ed05498a417f71ba2c43fb2fcc3d3c57c6578d4ba28994d69b8c406575fe9fcfae57
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
8KB
MD54be068866383b407e977074d26160e35
SHA1e3c39ee69eaa12b2ee9099535ac8048f552b8028
SHA2564564a58829517750274aa4863af19e1a1ce113bc2f56f4cc67bc1a39418c72bb
SHA5123abcc3b3beb7d12a22592d424c9a22f0fe812df12c7d0c350efcddc64e4ab7f26b381cdb2b88e5960a0d44d948ff6513ecd37d57e43f6f0574e94f6e84494d8e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
8KB
MD5ffaf1ec6cd0637c33c6d0e1186e0c0fe
SHA1cf4183ea02878227762a41f3bafa7e499335da53
SHA256bf7735a2fa695ed2ca615b716608a97fcbdcbfbc06e0f0af4d653b13d4c6fe44
SHA512453f3494ebf8a0ba143dfc0e5fc47bb5f7285a3efc317099595d8a9561826c0151cb77afe359722db0630df66cbab649b40be31fde76928bdeb3d1ec506bf17f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure PreferencesFilesize
16KB
MD5d6b64567b46a981d2c72bd443e256f9f
SHA1d9ef8b28b13f39fde5886ccfba05feebe1bf1463
SHA256e1e5d3326c520c5a2185ce4175d39bfaceff6f491707ea7ebc8eb48200ccd26a
SHA512e72630a29b02fafe481251ca7d0f7f58aa83239714b347a19cfa6fb26bad20fba84da458b4bf679be957185d259d7f27e754949bbd5fa0305703eaed9a5d4a6a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txtFilesize
56B
MD594275bde03760c160b707ba8806ef545
SHA1aad8d87b0796de7baca00ab000b2b12a26427859
SHA256c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968
SHA5122aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5b3c69.TMPFilesize
120B
MD524aa91724f5f406e3581534f1e0f2c6d
SHA105f77cc11f23dd5860c448e09724f876ffc1b4c9
SHA25608587de8e931bcb8df8ba66171295cf8f689ba942008377c0fbc7cb68b0dd404
SHA512bb5f887e92669a5a66b7b4e9094f0c31eb2bfa3bf66b74b4da92f4c30c0eadb3554a6256a888203d394288a09b7913271166115030940495260afbf9e459a008
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOGFilesize
348B
MD5c83f6709eab16798c87a1ce41080b0f9
SHA1aec29a6b8530f35c1da4bb2d43e547d08bec409a
SHA2564fe334a79225de318c8e492e0e9827092b2628dc0b54d91d927ce7bdfd4916ba
SHA512c2427e9c137dba70f3ebb2aa4097c41b7a6dbe4088544cda0a05e8592f1d089aa2dc69ddf939d85b8c5464d20d669ffa30e2c2efc44d3a61a4cc14650a9aa0f4
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOGFilesize
324B
MD5d661e15e428e80c45aae7c0f472b1998
SHA1771b5b36a95017e935e3a86d6dae62bda97d4794
SHA2563b4a5ca18fe7c414d24940c276d578e1a7f821d22bcae9ca66f9e4a851fe480a
SHA512172ad0e361d7081839a046a951309b31c11601c05648c5a684450bc2dd10f466a36275b61d9e4d083ffbcb27e460d4521cb9e19a9c25f857afa748e1a3736b8a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited LinksFilesize
128KB
MD51e08f3b7c8591208c309311d4df12d45
SHA12cdeffe954c12666ae8f103ff1c79ec97c678853
SHA2561de398df8d707cd36d3c6e2287237c4d5595d232d3d85533cf08e18fa07a1106
SHA512b7b4fe99bb62508b9642132317cf404ba2e76e5341c9a780a255c20923cdfb86007936b464c81ebc1af1212fb7f3ce837c8c1ca096a4210181f29b1e1a2b46f5
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last VersionFilesize
14B
MD5009b9a2ee7afbf6dd0b9617fc8f8ecba
SHA1c97ed0652e731fc412e3b7bdfca2994b7cc206a7
SHA256de607a2c68f52e15a104ead9ecbaa3e6862fdb11eac080e408ba4d69f1f7a915
SHA5126161dd952ae140a8fb8aa5e33f06bc65fdc15ce3fbfe4c576dc2668c86bce4a1d5c1112caee014e5efa3698547faad3bc80ec253eedb43148e36e1a02ce89910
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
130KB
MD50ff432ea812156dbb0a939383b8591d6
SHA1e732ceef2f9f1a420013225d2a223f508db6c927
SHA256967c09b9ed5b5d66cd0c17df1c071a6604ef3d085f355a44e244f01ccf297c7b
SHA512c3da8509a9e697e9f419887fc3e29e3f7330227c9cde9ba1800d6178acd9a4c9b22de5c800917b24b215ec96780562d86f63f837cc670d55bb1990882bb29ef6
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
263KB
MD54e03f9b53c4e81c62b6dd61b11aa9d9c
SHA1f143665ec29503e06d090760838efd099db7b4e7
SHA25677fd58c2d3b75be389ea3437cbe8168331573c649e4959308dfa957cb39cbe65
SHA5121f712b9cb70a468c5785922484c4f3c4adbf91b9e75dcb8e1a335d1400a52cb5fbb19881d1067dbde7aa84b1b4fc7e965fed2bb24230f4991596dae1e39c22d3
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
130KB
MD547d4b33320084fb9ef739510dc347716
SHA18cd6ce284fafd0f4328e58f225aa3dbc2f1f1a08
SHA256909682b6db22b6a68d7bbc97f31491b6a97b5fe1ed1c6c5797fd016f3ddaa2a8
SHA512b58b60cf0e4e0995ec186e872fd65de26c4541863f6e0d1256913feab89692ff5e6e2ff7c31c62650a537cccec31084ae3c4ea51ab8fff9ab93ef8e846a896b5
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
263KB
MD5681c94ec8518645b76816cb741d1a47f
SHA17e45bb9b000c0230443e831e402b3daff10e8cbe
SHA256f16a8a9d81359971f48deb0df20af616d6b57f191a0ad684ce52ce66644c5015
SHA51203374ef282f497971a4a75974d3571f6634906a3b022dadd484dc52f8226f096be898a5211469bb21911c7dc5ef1fc6b39bcc8eb890d205de1ee1e33f7c49156
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info CacheFilesize
99KB
MD532abc5578c6806c888625f297a9a011a
SHA107b0bb906cc28d79ee11d1957555ee0cdb2c281a
SHA256fd5482cfdd1ad68c5edc2d45e837dba978faac2bdf6fd07768ee6a4ccf4d0970
SHA5128ea636072154779856b777b90c234c7f39c19e95ec6fca30da1fdd5adf992b031dbf89844d5068e62811630cf3bb18094549d1afbb05bf3232ba0baeff401778
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info CacheFilesize
104KB
MD54170540f70fc82c0e771ceace9ef65ba
SHA1e012836d70fec6d5b27f20b5691a993253d3b5a2
SHA25638ef182f19ce35b4f99ca7855ede38d87006b6c0b16f5e93aa6a9ec8c0bc20df
SHA512e7b260849da072bf282719822a73611e0ef9b3b8c5b77957136fe5111d941adf36a83b600213382538770a93a0d142f8aee9be9f4bc914e82a7eefc9fabcd0db
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1Filesize
264KB
MD53fabe1cca558cd14c1867ec4cef3b140
SHA14dc3202bf955041b4e33760f63e66c651c823aee
SHA256427a1bb28f052d2b4602a79e23d32e7d32b08291d46820e722eb8617c4a56e79
SHA51221d337f33485655e6a3c8dbd3daeaa22dbc4d336433f1d11710c69a318282b6a2e27d75f308f3b22dd274c354b31c5093ace38dab9e853070b32282c53649431
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\VariationsFilesize
86B
MD5961e3604f228b0d10541ebf921500c86
SHA16e00570d9f78d9cfebe67d4da5efe546543949a7
SHA256f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed
SHA512535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472
-
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SolaraBootstrapper.exe.logFilesize
1KB
MD5d76ce66bbfab518b30bcb3a830f64c43
SHA11b9b1bffa29afff9168964ea3ffdc7fbca1edd1d
SHA2568b07738c3c9471baeb55c105c2b8a89af24192952930fe0335d939ec95d6db3e
SHA5127edcc8e20a4fcce906ae2958594a7813b574cde139a37f4da1ee94fc2c81b9d32df63b9f73c1446bc4fb2cefea9069e6e3ff536305145844fac22214e9a0453c
-
C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\d711fadf1919a05ac8eccb48c397156cFilesize
5.8MB
MD5d711fadf1919a05ac8eccb48c397156c
SHA1d316ed33dda1b7170d56e086e53d280854f301ec
SHA256b17555f65d11b29752665637a871d3cc2ad874076d2bee06a8dabd3520e34834
SHA512dd5ec72eeb0e5fc28f122e46deb8a6c8464cbc2d8c74f545b27296b14c8b133fe009b38eace44e76af07a3db3fedbc6069b638348e550dffce84314674a01282
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Core.dllFilesize
488KB
MD5851fee9a41856b588847cf8272645f58
SHA1ee185a1ff257c86eb19d30a191bf0695d5ac72a1
SHA2565e7faee6b8230ca3b97ce9542b914db3abbbd1cb14fd95a39497aaad4c1094ca
SHA512cf5c70984cf33e12cf57116da1f282a5bd6433c570831c185253d13463b0b9a0b9387d4d1bf4dddab3292a5d9ba96d66b6812e9d7ebc5eb35cb96eea2741348f
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Wpf.dllFilesize
43KB
MD534ec990ed346ec6a4f14841b12280c20
SHA16587164274a1ae7f47bdb9d71d066b83241576f0
SHA2561e987b22cd011e4396a0805c73539586b67df172df75e3dded16a77d31850409
SHA512b565015ca4b11b79ecbc8127f1fd40c986948050f1caefdd371d34ed2136af0aabf100863dc6fd16d67e3751d44ee13835ea9bf981ac0238165749c4987d1ae0
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\get-intrinsic\.nycrcFilesize
139B
MD5d0104f79f0b4f03bbcd3b287fa04cf8c
SHA154f9d7adf8943cb07f821435bb269eb4ba40ccc2
SHA256997785c50b0773e5e18bf15550fbf57823c634fefe623cd37b3c83696402ad0a
SHA512daf9b5445cfc02397f398adfa0258f2489b70699dfec6ca7e5b85afe5671fdcabe59edee332f718f5e5778feb1e301778dffe93bb28c1c0914f669659bad39c6
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\has-proto\.eslintrcFilesize
43B
MD5c28b0fe9be6e306cc2ad30fe00e3db10
SHA1af79c81bd61c9a937fca18425dd84cdf8317c8b9
SHA2560694050195fc694c5846b0a2a66b437ac775da988f0a779c55fb892597f7f641
SHA512e3eca17804522ffa4f41e836e76e397a310a20e8261a38115b67e8b644444153039d04198fb470f45be2997d2c7a72b15bd4771a02c741b3cbc072ea6ef432e9
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\hasown\.nycrcFilesize
216B
MD5c2ab942102236f987048d0d84d73d960
SHA195462172699187ac02eaec6074024b26e6d71cff
SHA256948366fea3b423a46366326d0bb2e54b08abd1cf0b243678ba6625740c40da5a
SHA512e36b20c16ceeb090750f3865efc8d7fd983ae4e8b41c30cc3865d2fd4925bf5902627e1f1ed46c0ff2453f076ef9de34be899ef57754b29cd158440071318479
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\vary\LICENSEFilesize
1KB
MD513babc4f212ce635d68da544339c962b
SHA14881ad2ec8eb2470a7049421047c6d076f48f1de
SHA256bd47ce7b88c7759630d1e2b9fcfa170a0f1fde522be09e13fb1581a79d090400
SHA51240e30174433408e0e2ed46d24373b12def47f545d9183b7bce28d4ddd8c8bb528075c7f20e118f37661db9f1bba358999d81a14425eb3e0a4a20865dfcb53182
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Newtonsoft.Json.dllFilesize
695KB
MD5195ffb7167db3219b217c4fd439eedd6
SHA11e76e6099570ede620b76ed47cf8d03a936d49f8
SHA256e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d
SHA51256eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\VCRUNTIME140.dllFilesize
99KB
MD57a2b8cfcd543f6e4ebca43162b67d610
SHA1c1c45a326249bf0ccd2be2fbd412f1a62fb67024
SHA2567d7ca28235fba5603a7f40514a552ac7efaa67a5d5792bb06273916aa8565c5f
SHA512e38304fb9c5af855c1134f542adf72cde159fab64385533eafa5bb6e374f19b5a29c0cb5516fc5da5c0b5ac47c2f6420792e0ac8ddff11e749832a7b7f3eb5c8
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\WebView2Loader.dllFilesize
133KB
MD5a0bd0d1a66e7c7f1d97aedecdafb933f
SHA1dd109ac34beb8289030e4ec0a026297b793f64a3
SHA25679d7e45f8631e8d2541d01bfb5a49a3a090be72b3d465389a2d684680fee2e36
SHA5122a50ae5c7234a44b29f82ebc2e3cfed37bf69294eb00b2dc8905c61259975b2f3a059c67aeab862f002752454d195f7191d9b82b056f6ef22d6e1b0bb3673d50
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Wpf.Ui.dllFilesize
5.2MB
MD5aead90ab96e2853f59be27c4ec1e4853
SHA143cdedde26488d3209e17efff9a51e1f944eb35f
SHA25646cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed
SHA512f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\bin\path.txtFilesize
48B
MD5be2a7d7f566380c227aee6c9352ba882
SHA1b8b1236b1ce17f295b2780622cad96f4a1694b46
SHA256fa95da2b65d081614dc31c4ec93f5443a42fca6f0fec3552d341b7588cd0a0e6
SHA512771cacef95bf3f9564fa59f72654e269b280b08ed388910c60d911a5a265c3ccdadb75060e502981301c38041eb25d7097731901aa431822f47208d10a73c67b
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\bin\version.txtFilesize
4B
MD54de75b5a999e9b1724852304ef16ed2e
SHA1399b71c8641cfd5cf6a3f4008386df2887e29ceb
SHA2561934821343f916f643d45d73f68723602c7da45e2599781b740903d4cfa4746e
SHA5126eeb1c478d442dae79a85a978743a68c055a91108aa8bbeb1eb82154cfa40433b1d24e89c639ca879f2b2b4d1dfd1578d2cd7a16f7553d9c146f70bba00b8a7b
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.dllFilesize
5.9MB
MD5987175c463ec9a5e76bab033cea9d859
SHA1ceed36975f4583a34c26150e045a97f5f019e769
SHA25624fca8dd76effd975d230f55eb107e1be6c03d658410274fe6340a2b3ec9075c
SHA5129851d254fef3fdfcd7b188893a9a547ed3f08eee82a72c273f13beb7d075beecd32e3c5c51f9e3135d7060fca71a2bf79dbdbb1a136549a9e408a6214feaa000
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exeFilesize
85KB
MD5f8f4522d11178a26e97e2046f249dfa7
SHA18b591d9a37716e235260fb6b3f601e4ccbebf15d
SHA2563c372a8919c28dc76414b2f30da423c3e1018b1a8444527949ce20cc3fc93ed0
SHA51252ea881cad501cf1d5e8ac47355e862ac1bd39cb6e1ff3d362d392b6f2d676e74878832505d17a552aaa3bc8f3977da11fa3f9903722eedd23716fb46ddb7492
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\libcurl.dllFilesize
522KB
MD5e31f5136d91bad0fcbce053aac798a30
SHA1ee785d2546aec4803bcae08cdebfd5d168c42337
SHA256ee94e2201870536522047e6d7fe7b903a63cd2e13e20c8fffc86d0e95361e671
SHA512a1543eb1d10d25efb44f9eaa0673c82bfac5173055d04c0f3be4792984635a7c774df57a8e289f840627754a4e595b855d299070d469e0f1e637c3f35274abe6
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\zlib1.dllFilesize
113KB
MD575365924730b0b2c1a6ee9028ef07685
SHA1a10687c37deb2ce5422140b541a64ac15534250f
SHA256945e7f5d09938b7769a4e68f4ef01406e5af9f40db952cba05ddb3431dd1911b
SHA512c1e31c18903e657203ae847c9af601b1eb38efa95cb5fa7c1b75f84a2cba9023d08f1315c9bb2d59b53256dfdb3bac89930252138475491b21749471adc129a1
-
C:\Users\Admin\Downloads\Unconfirmed 693054.crdownloadFilesize
5.4MB
MD584e67989f7ccd11c2b7db38f3d3443b8
SHA1c3e821de715aa7508b3273de16c9156014d81922
SHA2565eac06573fb9289a5ad1dfa8b88d2d7b79f1bd89e61c53247f8cae50143e7a2c
SHA512d0ea7235f591f31edeb7183c91fb0bb1347a9386c170c43b21e2c5fd93b7040e73e1a1a9f3ef6f83d097b1af0f9e2a9938dd59ae47588940491da25248eb7d99
-
\??\pipe\crashpad_2452_YSYVOGCQPHSGMJOXMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/544-2870-0x0000000073D00000-0x0000000073F10000-memory.dmpFilesize
2.1MB
-
memory/544-2869-0x0000000000C80000-0x0000000000CB5000-memory.dmpFilesize
212KB
-
memory/1416-1833-0x0000000180000000-0x0000000180E54000-memory.dmpFilesize
14.3MB
-
memory/1416-1849-0x0000000180000000-0x0000000180E54000-memory.dmpFilesize
14.3MB
-
memory/1416-1847-0x0000000180000000-0x0000000180E54000-memory.dmpFilesize
14.3MB
-
memory/1416-1845-0x0000000180000000-0x0000000180E54000-memory.dmpFilesize
14.3MB
-
memory/1416-1843-0x0000000180000000-0x0000000180E54000-memory.dmpFilesize
14.3MB
-
memory/1416-1842-0x0000000180000000-0x0000000180E54000-memory.dmpFilesize
14.3MB
-
memory/1416-1840-0x0000000180000000-0x0000000180E54000-memory.dmpFilesize
14.3MB
-
memory/1416-1838-0x0000000180000000-0x0000000180E54000-memory.dmpFilesize
14.3MB
-
memory/1416-1836-0x0000000180000000-0x0000000180E54000-memory.dmpFilesize
14.3MB
-
memory/1416-1837-0x00007FFE24F40000-0x00007FFE24F64000-memory.dmpFilesize
144KB
-
memory/1416-1832-0x0000000180000000-0x0000000180E54000-memory.dmpFilesize
14.3MB
-
memory/1416-1834-0x0000000180000000-0x0000000180E54000-memory.dmpFilesize
14.3MB
-
memory/1416-1831-0x0000000180000000-0x0000000180E54000-memory.dmpFilesize
14.3MB
-
memory/1416-1886-0x0000000180000000-0x0000000180E54000-memory.dmpFilesize
14.3MB
-
memory/1416-1939-0x0000000180000000-0x0000000180E54000-memory.dmpFilesize
14.3MB
-
memory/1416-2101-0x0000000180000000-0x0000000180E54000-memory.dmpFilesize
14.3MB
-
memory/1416-2471-0x0000000180000000-0x0000000180E54000-memory.dmpFilesize
14.3MB
-
memory/1416-2505-0x0000000180000000-0x0000000180E54000-memory.dmpFilesize
14.3MB
-
memory/1416-3117-0x0000000180000000-0x0000000180E54000-memory.dmpFilesize
14.3MB
-
memory/1416-2867-0x0000000180000000-0x0000000180E54000-memory.dmpFilesize
14.3MB
-
memory/1416-2854-0x0000000180000000-0x0000000180E54000-memory.dmpFilesize
14.3MB
-
memory/1416-2709-0x0000000180000000-0x0000000180E54000-memory.dmpFilesize
14.3MB
-
memory/1416-2564-0x0000000180000000-0x0000000180E54000-memory.dmpFilesize
14.3MB
-
memory/1416-2550-0x0000000180000000-0x0000000180E54000-memory.dmpFilesize
14.3MB
-
memory/3088-1597-0x00007FFE09A93000-0x00007FFE09A95000-memory.dmpFilesize
8KB
-
memory/3088-1665-0x0000000180000000-0x0000000180E54000-memory.dmpFilesize
14.3MB
-
memory/3088-1622-0x0000000180000000-0x0000000180E54000-memory.dmpFilesize
14.3MB
-
memory/3088-1620-0x0000000180000000-0x0000000180E54000-memory.dmpFilesize
14.3MB
-
memory/3088-1598-0x0000000180000000-0x0000000180E54000-memory.dmpFilesize
14.3MB
-
memory/3088-1649-0x0000000180000000-0x0000000180E54000-memory.dmpFilesize
14.3MB
-
memory/3088-1562-0x0000000180000000-0x0000000180E54000-memory.dmpFilesize
14.3MB
-
memory/3088-1551-0x0000000180000000-0x0000000180E54000-memory.dmpFilesize
14.3MB
-
memory/3088-1552-0x00007FFE0C760000-0x00007FFE0C784000-memory.dmpFilesize
144KB
-
memory/3088-1549-0x000001C856F50000-0x000001C856F88000-memory.dmpFilesize
224KB
-
memory/3088-1550-0x000001C856F10000-0x000001C856F1E000-memory.dmpFilesize
56KB
-
memory/3088-1548-0x000001C852680000-0x000001C852688000-memory.dmpFilesize
32KB
-
memory/3088-1545-0x0000000180000000-0x0000000180E54000-memory.dmpFilesize
14.3MB
-
memory/3088-1544-0x0000000180000000-0x0000000180E54000-memory.dmpFilesize
14.3MB
-
memory/3088-1546-0x0000000180000000-0x0000000180E54000-memory.dmpFilesize
14.3MB
-
memory/3088-1653-0x0000000180000000-0x0000000180E54000-memory.dmpFilesize
14.3MB
-
memory/3088-1543-0x0000000180000000-0x0000000180E54000-memory.dmpFilesize
14.3MB
-
memory/3088-1645-0x0000000180000000-0x0000000180E54000-memory.dmpFilesize
14.3MB
-
memory/3088-1532-0x000001C8398D0000-0x000001C8398DE000-memory.dmpFilesize
56KB
-
memory/3088-1530-0x000001C852290000-0x000001C85230E000-memory.dmpFilesize
504KB
-
memory/3088-1528-0x000001C852350000-0x000001C85240A000-memory.dmpFilesize
744KB
-
memory/3088-1527-0x000001C8526E0000-0x000001C852C1C000-memory.dmpFilesize
5.2MB
-
memory/3088-1525-0x000001C837B90000-0x000001C837BAA000-memory.dmpFilesize
104KB
-
memory/3088-1669-0x0000000180000000-0x0000000180E54000-memory.dmpFilesize
14.3MB
-
memory/3088-1696-0x0000000180000000-0x0000000180E54000-memory.dmpFilesize
14.3MB
-
memory/3088-1523-0x00007FFE09A93000-0x00007FFE09A95000-memory.dmpFilesize
8KB
-
memory/3088-1690-0x0000000180000000-0x0000000180E54000-memory.dmpFilesize
14.3MB
-
memory/3088-1693-0x000001C857B10000-0x000001C857BC2000-memory.dmpFilesize
712KB
-
memory/4996-55-0x0000000075390000-0x0000000075B40000-memory.dmpFilesize
7.7MB
-
memory/4996-54-0x0000000002580000-0x000000000258A000-memory.dmpFilesize
40KB
-
memory/4996-57-0x0000000005660000-0x0000000005672000-memory.dmpFilesize
72KB
-
memory/4996-53-0x00000000001A0000-0x00000000001AA000-memory.dmpFilesize
40KB
-
memory/4996-52-0x000000007539E000-0x000000007539F000-memory.dmpFilesize
4KB
-
memory/4996-1524-0x0000000075390000-0x0000000075B40000-memory.dmpFilesize
7.7MB