Analysis
-
max time kernel
150s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
15-06-2024 18:29
Static task
static1
Behavioral task
behavioral1
Sample
SolaraB/Solara/SolaraBootstrapper.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
SolaraB/Solara/SolaraBootstrapper.exe
Resource
win10v2004-20240611-en
General
-
Target
SolaraB/Solara/SolaraBootstrapper.exe
-
Size
13KB
-
MD5
6557bd5240397f026e675afb78544a26
-
SHA1
839e683bf68703d373b6eac246f19386bb181713
-
SHA256
a7fecfc225dfdd4e14dcd4d1b4ba1b9f8e4d1984f1cdd8cda3a9987e5d53c239
-
SHA512
f2399d34898a4c0c201372d2dd084ee66a66a1c3eae949e568421fe7edada697468ef81f4fcab2afd61eaf97bcb98d6ade2d97295e2f674e93116d142e892e97
-
SSDEEP
192:konexQO0FoAWyEfJkVIaqaLHmr/XKT0ifnTJ1jvVXctNjA:HnexHAWyEfJoIaqayzKAifd1LVEj
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
Processes:
cd57e4c171d6e8f5ea8b8f824a6a7316.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ cd57e4c171d6e8f5ea8b8f824a6a7316.exe -
Downloads MZ/PE file
-
Sets file execution options in registry 2 TTPs 2 IoCs
Processes:
MicrosoftEdgeUpdate.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe MicrosoftEdgeUpdate.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" MicrosoftEdgeUpdate.exe -
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
Processes:
cd57e4c171d6e8f5ea8b8f824a6a7316.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion cd57e4c171d6e8f5ea8b8f824a6a7316.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion cd57e4c171d6e8f5ea8b8f824a6a7316.exe -
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
SolaraBootstrapper.exeMicrosoftEdgeUpdate.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation SolaraBootstrapper.exe Key value queried \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation MicrosoftEdgeUpdate.exe -
Executes dropped EXE 13 IoCs
Processes:
cd57e4c171d6e8f5ea8b8f824a6a7316.exeRobloxPlayerInstaller.exeMicrosoftEdgeWebview2Setup.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exepid process 4128 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 592 RobloxPlayerInstaller.exe 1612 MicrosoftEdgeWebview2Setup.exe 1464 MicrosoftEdgeUpdate.exe 416 MicrosoftEdgeUpdate.exe 1380 MicrosoftEdgeUpdate.exe 2384 MicrosoftEdgeUpdateComRegisterShell64.exe 2848 MicrosoftEdgeUpdateComRegisterShell64.exe 4476 MicrosoftEdgeUpdateComRegisterShell64.exe 2720 MicrosoftEdgeUpdate.exe 3760 MicrosoftEdgeUpdate.exe 1124 MicrosoftEdgeUpdate.exe 1308 MicrosoftEdgeUpdate.exe -
Loads dropped DLL 20 IoCs
Processes:
cd57e4c171d6e8f5ea8b8f824a6a7316.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exepid process 4128 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 4128 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 4128 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 4128 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 4128 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 1464 MicrosoftEdgeUpdate.exe 416 MicrosoftEdgeUpdate.exe 1380 MicrosoftEdgeUpdate.exe 2384 MicrosoftEdgeUpdateComRegisterShell64.exe 1380 MicrosoftEdgeUpdate.exe 2848 MicrosoftEdgeUpdateComRegisterShell64.exe 1380 MicrosoftEdgeUpdate.exe 4476 MicrosoftEdgeUpdateComRegisterShell64.exe 1380 MicrosoftEdgeUpdate.exe 2720 MicrosoftEdgeUpdate.exe 3760 MicrosoftEdgeUpdate.exe 1124 MicrosoftEdgeUpdate.exe 1124 MicrosoftEdgeUpdate.exe 3760 MicrosoftEdgeUpdate.exe 1308 MicrosoftEdgeUpdate.exe -
Registers COM server for autorun 1 TTPs 33 IoCs
Processes:
MicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\INPROCSERVER32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe -
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.dll themida behavioral2/memory/4128-1494-0x0000000180000000-0x0000000180AC0000-memory.dmp themida behavioral2/memory/4128-1570-0x0000000180000000-0x0000000180AC0000-memory.dmp themida -
Processes:
cd57e4c171d6e8f5ea8b8f824a6a7316.exeRobloxPlayerInstaller.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA cd57e4c171d6e8f5ea8b8f824a6a7316.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA RobloxPlayerInstaller.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
Processes:
flow ioc 7 raw.githubusercontent.com 8 raw.githubusercontent.com 20 raw.githubusercontent.com 22 raw.githubusercontent.com -
Checks system information in the registry 2 TTPs 8 IoCs
System information is often read in order to detect sandboxing environments.
Processes:
MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exedescription ioc process Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
Processes:
cd57e4c171d6e8f5ea8b8f824a6a7316.exepid process 4128 cd57e4c171d6e8f5ea8b8f824a6a7316.exe -
Drops file in Program Files directory 64 IoCs
Processes:
RobloxPlayerInstaller.exeMicrosoftEdgeWebview2Setup.exedescription ioc process File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\StudioSharedUI\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\StudioSharedUI\default_user.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\InspectMenu\scroll_bar.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\LegacyRbxGui\scroll.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\ExtraContent\textures\ui\LuaApp\ExternalSite\youtube.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\AvatarEditorImages\Sliders\gr-slider.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\fonts\families\HighwayGothic.json RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\models\RigBuilder\RigBuilderGUI.rbxm RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\Chat\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\PerformanceStats\TargetFiller.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\ExtraContent\textures\ui\LuaApp\9-slice\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\fonts\JosefinSans-Regular.ttf RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\Controls\DefaultController\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\Controls\XboxController\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\ExtraContent\textures\ui\LuaChat\graphic\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\SelfView\SelfView_icon_indicator_on.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\Controls\DesignSystem\ButtonStart.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\Emotes\Small\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\Settings\Radial\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\VoiceChat\SpeakerLight\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\homeButton.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\shaders\shaders_d3d10_1.pack RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\Slider.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\Controls\DesignSystem\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\Controls\XboxController\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\fonts\families\RobotoCondensed.json RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\PlatformContent\pc\textures\water\normal_12.dds RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\Cursors\CrossMouseIcon.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\StudioToolbox\AssetConfig\recent.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\Controls\XboxController\ButtonA.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\ExtraContent\textures\ui\LuaApp\icons\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\ExtraContent\textures\ui\LuaChat\graphic\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\ExtraContent\textures\ui\LuaChatV2\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\fonts\ComicNeue-Angular-Bold.ttf RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\PlatformContent\pc\textures\sky\indoor512_ft.tex RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\TextureViewer\arrowright_black_16.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\icon_placeowner.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\Controls\dpadUp.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\Controls\XboxController\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\Emotes\TenFoot\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\InGameMenu\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\fonts\SourceSansPro-Semibold.ttf RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Microsoft\Temp\EU3BA8.tmp\msedgeupdateres_or.dll MicrosoftEdgeWebview2Setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\VoiceChat\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\StudioSharedUI\models.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\ExtraContent\textures\ui\LuaChat\icons\icon-share-game-24x24.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\Debugger\Breakpoints\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\WebView2Loader.dll RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\dialog_white.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\ExtraContent\textures\ui\LuaApp\graphic\Auth\gradient_bg.jpg RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\InspectMenu\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\ExtraContent\textures\ui\LuaChat\graphic\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\AssetImport\btn_light_filepicker_28x28.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\MaterialGenerator\Materials\DiamondPlate.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\Controls\apostrophe.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\Controls\PlayStationController\PS5\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\Settings\Help\XButtonDark.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\Settings\Players\AddFriendIcon.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\ExtraContent\textures\ui\LuaChatV2\actions_notificationOff.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\fonts\PressStart2P-Regular.ttf RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\ExtraContent\textures\ui\Controls\DesignSystem\ButtonR1.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\ExtraContent\textures\ui\LuaChat\icons\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\configs\DateTimeLocaleConfigs\en-au.json RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\AnimationEditor\icon_error.png RobloxPlayerInstaller.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 5 IoCs
Processes:
chrome.exeRobloxPlayerInstaller.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS RobloxPlayerInstaller.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer RobloxPlayerInstaller.exe -
Processes:
RobloxPlayerInstaller.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio RobloxPlayerInstaller.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" RobloxPlayerInstaller.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133629498163241133" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Modifies registry class 64 IoCs
Processes:
RobloxPlayerInstaller.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon RobloxPlayerInstaller.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ = "IAppVersion" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods\ = "4" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\NumMethods\ = "12" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA} MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\ = "Google Update Policy Status Class" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods\ = "10" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusSvc\CLSID\ = "{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4} MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE} MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\PROGID MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84} MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E} MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods\ = "43" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\NumMethods MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CredentialDialogMachine\CurVer\ = "MicrosoftEdgeUpdate.CredentialDialogMachine.1.0" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ProxyStubClsid32 MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\NumMethods\ = "10" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ = "IGoogleUpdate3WebSecurity" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\NumMethods\ = "7" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\Elevation MicrosoftEdgeUpdate.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB} MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ = "IJobObserver" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB} MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ = "IPolicyStatus" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}\InprocHandler32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ = "IProcessLauncher2" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C} MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\NumMethods MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB} MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2} MicrosoftEdgeUpdate.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353} MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachine.1.0\CLSID\ = "{B5977F34-9264-4AC3-9B31-1224827FF6E8}" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497} MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ = "ICoCreateAsync" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\NumMethods\ = "11" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\ = "Microsoft Edge Update Broker Class Factory" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF} MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\VersionIndependentProgID MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\NumMethods\ = "4" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\NumMethods\ = "4" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\ServiceParameters = "/comsvc" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17} MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ = "IRegistrationUpdateHook" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachineFallback\CLSID\ = "{77857D02-7A25-4B67-9266-3E122A8F39E4}" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ = "IRegistrationUpdateHook" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ = "IJobObserver" MicrosoftEdgeUpdate.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
Processes:
SolaraBootstrapper.execd57e4c171d6e8f5ea8b8f824a6a7316.exechrome.exeRobloxPlayerInstaller.exeMicrosoftEdgeUpdate.exepid process 632 SolaraBootstrapper.exe 632 SolaraBootstrapper.exe 4128 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 4128 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 1220 chrome.exe 1220 chrome.exe 592 RobloxPlayerInstaller.exe 592 RobloxPlayerInstaller.exe 4128 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 4128 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 1464 MicrosoftEdgeUpdate.exe 1464 MicrosoftEdgeUpdate.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
Processes:
chrome.exepid process 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
SolaraBootstrapper.execd57e4c171d6e8f5ea8b8f824a6a7316.exechrome.exedescription pid process Token: SeDebugPrivilege 632 SolaraBootstrapper.exe Token: SeDebugPrivilege 4128 cd57e4c171d6e8f5ea8b8f824a6a7316.exe Token: SeShutdownPrivilege 1220 chrome.exe Token: SeCreatePagefilePrivilege 1220 chrome.exe Token: SeShutdownPrivilege 1220 chrome.exe Token: SeCreatePagefilePrivilege 1220 chrome.exe Token: SeShutdownPrivilege 1220 chrome.exe Token: SeCreatePagefilePrivilege 1220 chrome.exe Token: SeShutdownPrivilege 1220 chrome.exe Token: SeCreatePagefilePrivilege 1220 chrome.exe Token: SeShutdownPrivilege 1220 chrome.exe Token: SeCreatePagefilePrivilege 1220 chrome.exe Token: SeShutdownPrivilege 1220 chrome.exe Token: SeCreatePagefilePrivilege 1220 chrome.exe Token: SeShutdownPrivilege 1220 chrome.exe Token: SeCreatePagefilePrivilege 1220 chrome.exe Token: SeShutdownPrivilege 1220 chrome.exe Token: SeCreatePagefilePrivilege 1220 chrome.exe Token: SeShutdownPrivilege 1220 chrome.exe Token: SeCreatePagefilePrivilege 1220 chrome.exe Token: SeShutdownPrivilege 1220 chrome.exe Token: SeCreatePagefilePrivilege 1220 chrome.exe Token: SeShutdownPrivilege 1220 chrome.exe Token: SeCreatePagefilePrivilege 1220 chrome.exe Token: SeShutdownPrivilege 1220 chrome.exe Token: SeCreatePagefilePrivilege 1220 chrome.exe Token: SeShutdownPrivilege 1220 chrome.exe Token: SeCreatePagefilePrivilege 1220 chrome.exe Token: SeShutdownPrivilege 1220 chrome.exe Token: SeCreatePagefilePrivilege 1220 chrome.exe Token: SeShutdownPrivilege 1220 chrome.exe Token: SeCreatePagefilePrivilege 1220 chrome.exe Token: SeShutdownPrivilege 1220 chrome.exe Token: SeCreatePagefilePrivilege 1220 chrome.exe Token: SeShutdownPrivilege 1220 chrome.exe Token: SeCreatePagefilePrivilege 1220 chrome.exe Token: SeShutdownPrivilege 1220 chrome.exe Token: SeCreatePagefilePrivilege 1220 chrome.exe Token: SeShutdownPrivilege 1220 chrome.exe Token: SeCreatePagefilePrivilege 1220 chrome.exe Token: SeShutdownPrivilege 1220 chrome.exe Token: SeCreatePagefilePrivilege 1220 chrome.exe Token: SeShutdownPrivilege 1220 chrome.exe Token: SeCreatePagefilePrivilege 1220 chrome.exe Token: SeShutdownPrivilege 1220 chrome.exe Token: SeCreatePagefilePrivilege 1220 chrome.exe Token: SeShutdownPrivilege 1220 chrome.exe Token: SeCreatePagefilePrivilege 1220 chrome.exe Token: SeShutdownPrivilege 1220 chrome.exe Token: SeCreatePagefilePrivilege 1220 chrome.exe Token: SeShutdownPrivilege 1220 chrome.exe Token: SeCreatePagefilePrivilege 1220 chrome.exe Token: SeShutdownPrivilege 1220 chrome.exe Token: SeCreatePagefilePrivilege 1220 chrome.exe Token: SeShutdownPrivilege 1220 chrome.exe Token: SeCreatePagefilePrivilege 1220 chrome.exe Token: SeShutdownPrivilege 1220 chrome.exe Token: SeCreatePagefilePrivilege 1220 chrome.exe Token: SeShutdownPrivilege 1220 chrome.exe Token: SeCreatePagefilePrivilege 1220 chrome.exe Token: SeShutdownPrivilege 1220 chrome.exe Token: SeCreatePagefilePrivilege 1220 chrome.exe Token: SeShutdownPrivilege 1220 chrome.exe Token: SeCreatePagefilePrivilege 1220 chrome.exe -
Suspicious use of FindShellTrayWindow 37 IoCs
Processes:
cd57e4c171d6e8f5ea8b8f824a6a7316.exechrome.exepid process 4128 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid process 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe 1220 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
SolaraBootstrapper.exechrome.exedescription pid process target process PID 632 wrote to memory of 4128 632 SolaraBootstrapper.exe cd57e4c171d6e8f5ea8b8f824a6a7316.exe PID 632 wrote to memory of 4128 632 SolaraBootstrapper.exe cd57e4c171d6e8f5ea8b8f824a6a7316.exe PID 1220 wrote to memory of 4056 1220 chrome.exe chrome.exe PID 1220 wrote to memory of 4056 1220 chrome.exe chrome.exe PID 1220 wrote to memory of 4992 1220 chrome.exe chrome.exe PID 1220 wrote to memory of 4992 1220 chrome.exe chrome.exe PID 1220 wrote to memory of 4992 1220 chrome.exe chrome.exe PID 1220 wrote to memory of 4992 1220 chrome.exe chrome.exe PID 1220 wrote to memory of 4992 1220 chrome.exe chrome.exe PID 1220 wrote to memory of 4992 1220 chrome.exe chrome.exe PID 1220 wrote to memory of 4992 1220 chrome.exe chrome.exe PID 1220 wrote to memory of 4992 1220 chrome.exe chrome.exe PID 1220 wrote to memory of 4992 1220 chrome.exe chrome.exe PID 1220 wrote to memory of 4992 1220 chrome.exe chrome.exe PID 1220 wrote to memory of 4992 1220 chrome.exe chrome.exe PID 1220 wrote to memory of 4992 1220 chrome.exe chrome.exe PID 1220 wrote to memory of 4992 1220 chrome.exe chrome.exe PID 1220 wrote to memory of 4992 1220 chrome.exe chrome.exe PID 1220 wrote to memory of 4992 1220 chrome.exe chrome.exe PID 1220 wrote to memory of 4992 1220 chrome.exe chrome.exe PID 1220 wrote to memory of 4992 1220 chrome.exe chrome.exe PID 1220 wrote to memory of 4992 1220 chrome.exe chrome.exe PID 1220 wrote to memory of 4992 1220 chrome.exe chrome.exe PID 1220 wrote to memory of 4992 1220 chrome.exe chrome.exe PID 1220 wrote to memory of 4992 1220 chrome.exe chrome.exe PID 1220 wrote to memory of 4992 1220 chrome.exe chrome.exe PID 1220 wrote to memory of 4992 1220 chrome.exe chrome.exe PID 1220 wrote to memory of 4992 1220 chrome.exe chrome.exe PID 1220 wrote to memory of 4992 1220 chrome.exe chrome.exe PID 1220 wrote to memory of 4992 1220 chrome.exe chrome.exe PID 1220 wrote to memory of 4992 1220 chrome.exe chrome.exe PID 1220 wrote to memory of 4992 1220 chrome.exe chrome.exe PID 1220 wrote to memory of 4992 1220 chrome.exe chrome.exe PID 1220 wrote to memory of 4992 1220 chrome.exe chrome.exe PID 1220 wrote to memory of 4992 1220 chrome.exe chrome.exe PID 1220 wrote to memory of 1624 1220 chrome.exe chrome.exe PID 1220 wrote to memory of 1624 1220 chrome.exe chrome.exe PID 1220 wrote to memory of 3948 1220 chrome.exe chrome.exe PID 1220 wrote to memory of 3948 1220 chrome.exe chrome.exe PID 1220 wrote to memory of 3948 1220 chrome.exe chrome.exe PID 1220 wrote to memory of 3948 1220 chrome.exe chrome.exe PID 1220 wrote to memory of 3948 1220 chrome.exe chrome.exe PID 1220 wrote to memory of 3948 1220 chrome.exe chrome.exe PID 1220 wrote to memory of 3948 1220 chrome.exe chrome.exe PID 1220 wrote to memory of 3948 1220 chrome.exe chrome.exe PID 1220 wrote to memory of 3948 1220 chrome.exe chrome.exe PID 1220 wrote to memory of 3948 1220 chrome.exe chrome.exe PID 1220 wrote to memory of 3948 1220 chrome.exe chrome.exe PID 1220 wrote to memory of 3948 1220 chrome.exe chrome.exe PID 1220 wrote to memory of 3948 1220 chrome.exe chrome.exe PID 1220 wrote to memory of 3948 1220 chrome.exe chrome.exe PID 1220 wrote to memory of 3948 1220 chrome.exe chrome.exe PID 1220 wrote to memory of 3948 1220 chrome.exe chrome.exe PID 1220 wrote to memory of 3948 1220 chrome.exe chrome.exe PID 1220 wrote to memory of 3948 1220 chrome.exe chrome.exe PID 1220 wrote to memory of 3948 1220 chrome.exe chrome.exe PID 1220 wrote to memory of 3948 1220 chrome.exe chrome.exe PID 1220 wrote to memory of 3948 1220 chrome.exe chrome.exe PID 1220 wrote to memory of 3948 1220 chrome.exe chrome.exe PID 1220 wrote to memory of 3948 1220 chrome.exe chrome.exe PID 1220 wrote to memory of 3948 1220 chrome.exe chrome.exe PID 1220 wrote to memory of 3948 1220 chrome.exe chrome.exe PID 1220 wrote to memory of 3948 1220 chrome.exe chrome.exe PID 1220 wrote to memory of 3948 1220 chrome.exe chrome.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\SolaraB\Solara\SolaraBootstrapper.exe"C:\Users\Admin\AppData\Local\Temp\SolaraB\Solara\SolaraBootstrapper.exe"1⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:632 -
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"2⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4128
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1220 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd866dab58,0x7ffd866dab68,0x7ffd866dab782⤵PID:4056
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=2120,i,4846492701849755251,9451150371793213847,131072 /prefetch:22⤵PID:4992
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1916 --field-trial-handle=2120,i,4846492701849755251,9451150371793213847,131072 /prefetch:82⤵PID:1624
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2276 --field-trial-handle=2120,i,4846492701849755251,9451150371793213847,131072 /prefetch:82⤵PID:3948
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=2120,i,4846492701849755251,9451150371793213847,131072 /prefetch:12⤵PID:1072
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3084 --field-trial-handle=2120,i,4846492701849755251,9451150371793213847,131072 /prefetch:12⤵PID:3868
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4372 --field-trial-handle=2120,i,4846492701849755251,9451150371793213847,131072 /prefetch:12⤵PID:4460
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4520 --field-trial-handle=2120,i,4846492701849755251,9451150371793213847,131072 /prefetch:82⤵PID:4412
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4684 --field-trial-handle=2120,i,4846492701849755251,9451150371793213847,131072 /prefetch:82⤵PID:1524
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4756 --field-trial-handle=2120,i,4846492701849755251,9451150371793213847,131072 /prefetch:12⤵PID:2488
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3504 --field-trial-handle=2120,i,4846492701849755251,9451150371793213847,131072 /prefetch:82⤵PID:1336
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4232 --field-trial-handle=2120,i,4846492701849755251,9451150371793213847,131072 /prefetch:82⤵PID:4396
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3196 --field-trial-handle=2120,i,4846492701849755251,9451150371793213847,131072 /prefetch:82⤵PID:824
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4552 --field-trial-handle=2120,i,4846492701849755251,9451150371793213847,131072 /prefetch:12⤵PID:1404
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3160 --field-trial-handle=2120,i,4846492701849755251,9451150371793213847,131072 /prefetch:82⤵PID:2280
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5040 --field-trial-handle=2120,i,4846492701849755251,9451150371793213847,131072 /prefetch:12⤵PID:1336
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5184 --field-trial-handle=2120,i,4846492701849755251,9451150371793213847,131072 /prefetch:82⤵PID:4816
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 --field-trial-handle=2120,i,4846492701849755251,9451150371793213847,131072 /prefetch:82⤵PID:2116
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 --field-trial-handle=2120,i,4846492701849755251,9451150371793213847,131072 /prefetch:82⤵PID:4628
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5496 --field-trial-handle=2120,i,4846492701849755251,9451150371793213847,131072 /prefetch:12⤵PID:1116
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4684 --field-trial-handle=2120,i,4846492701849755251,9451150371793213847,131072 /prefetch:12⤵PID:1124
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4424 --field-trial-handle=2120,i,4846492701849755251,9451150371793213847,131072 /prefetch:12⤵PID:4904
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 --field-trial-handle=2120,i,4846492701849755251,9451150371793213847,131072 /prefetch:82⤵PID:2608
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5812 --field-trial-handle=2120,i,4846492701849755251,9451150371793213847,131072 /prefetch:82⤵PID:1276
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5832 --field-trial-handle=2120,i,4846492701849755251,9451150371793213847,131072 /prefetch:82⤵PID:1592
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 --field-trial-handle=2120,i,4846492701849755251,9451150371793213847,131072 /prefetch:82⤵PID:4124
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5840 --field-trial-handle=2120,i,4846492701849755251,9451150371793213847,131072 /prefetch:82⤵PID:2948
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5956 --field-trial-handle=2120,i,4846492701849755251,9451150371793213847,131072 /prefetch:82⤵PID:2856
-
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"2⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Drops file in Program Files directory
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:592 -
C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exeMicrosoftEdgeWebview2Setup.exe /silent /install3⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:1612 -
C:\Program Files (x86)\Microsoft\Temp\EU3BA8.tmp\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\Temp\EU3BA8.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"4⤵
- Sets file execution options in registry
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Suspicious behavior: EnumeratesProcesses
PID:1464 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc5⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:416 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver5⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:1380 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:2384 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:2848 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:4476 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MDFDRkUxM0QtRDE3MS00QjYxLUIwNEUtMzBFQjk2NUU5RjFGfSIgdXNlcmlkPSJ7M0Q0NUUwRDAtNTgxNi00RTY4LUFDNDUtQ0QzNTY4MzdCMzMzfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InszRkZCQTQ2OC04OEFGLTQ0QzYtQkFFNy1ERDk5Q0YzQjcwNEV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7RDZqeFBlVW1LZmg4eXR5NkYwN1l4TTFlWkRIL1RWNkZRVDJmZkRpWnl3dz0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE4Ny40MSIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU4NTUyNDg0MDMiIGluc3RhbGxfdGltZV9tcz0iNzkwIi8-PC9hcHA-PC9yZXF1ZXN0Pg5⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:2720 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{01CFE13D-D171-4B61-B04E-30EB965E9F1F}" /silent5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3760
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:740
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:1124 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MDFDRkUxM0QtRDE3MS00QjYxLUIwNEUtMzBFQjk2NUU5RjFGfSIgdXNlcmlkPSJ7M0Q0NUUwRDAtNTgxNi00RTY4LUFDNDUtQ0QzNTY4MzdCMzMzfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InsxRUM1QjdCNC0yN0M1LTREQTMtQUM3MC1DRUJFNzVEM0FCRDJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTEwLjAuNTQ4MS4xMDQiIG5leHR2ZXJzaW9uPSIxMTAuMC41NDgxLjEwNCIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU4NjA4OTgwODEiLz48L2FwcD48L3JlcXVlc3Q-2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:1308
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Microsoft\Temp\EU3BA8.tmp\EdgeUpdate.datFilesize
12KB
MD5369bbc37cff290adb8963dc5e518b9b8
SHA1de0ef569f7ef55032e4b18d3a03542cc2bbac191
SHA2563d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3
SHA5124f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1
-
C:\Program Files (x86)\Microsoft\Temp\EU3BA8.tmp\MicrosoftEdgeComRegisterShellARM64.exeFilesize
179KB
MD57a160c6016922713345454265807f08d
SHA1e36ee184edd449252eb2dfd3016d5b0d2edad3c6
SHA25635a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9
SHA512c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e
-
C:\Program Files (x86)\Microsoft\Temp\EU3BA8.tmp\MicrosoftEdgeUpdate.exeFilesize
201KB
MD54dc57ab56e37cd05e81f0d8aaafc5179
SHA1494a90728d7680f979b0ad87f09b5b58f16d1cd5
SHA25687c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718
SHA512320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b
-
C:\Program Files (x86)\Microsoft\Temp\EU3BA8.tmp\MicrosoftEdgeUpdateComRegisterShell64.exeFilesize
212KB
MD560dba9b06b56e58f5aea1a4149c743d2
SHA1a7e456acf64dd99ca30259cf45b88cf2515a69b3
SHA2564d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112
SHA512e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7
-
C:\Program Files (x86)\Microsoft\Temp\EU3BA8.tmp\MicrosoftEdgeUpdateCore.exeFilesize
257KB
MD5c044dcfa4d518df8fc9d4a161d49cece
SHA191bd4e933b22c010454fd6d3e3b042ab6e8b2149
SHA2569f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2
SHA512f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c
-
C:\Program Files (x86)\Microsoft\Temp\EU3BA8.tmp\NOTICE.TXTFilesize
4KB
MD56dd5bf0743f2366a0bdd37e302783bcd
SHA1e5ff6e044c40c02b1fc78304804fe1f993fed2e6
SHA25691d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5
SHA512f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e
-
C:\Program Files (x86)\Microsoft\Temp\EU3BA8.tmp\msedgeupdate.dllFilesize
2.0MB
MD5965b3af7886e7bf6584488658c050ca2
SHA172daabdde7cd500c483d0eeecb1bd19708f8e4a5
SHA256d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19
SHA5121c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4
-
C:\Program Files (x86)\Microsoft\Temp\EU3BA8.tmp\msedgeupdateres_af.dllFilesize
28KB
MD5567aec2d42d02675eb515bbd852be7db
SHA166079ae8ac619ff34e3ddb5fb0823b1790ba7b37
SHA256a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c
SHA5123a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3
-
C:\Program Files (x86)\Microsoft\Temp\EU3BA8.tmp\msedgeupdateres_am.dllFilesize
24KB
MD5f6c1324070b6c4e2a8f8921652bfbdfa
SHA1988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf
SHA256986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717
SHA51263092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100
-
C:\Program Files (x86)\Microsoft\Temp\EU3BA8.tmp\msedgeupdateres_ar.dllFilesize
26KB
MD5570efe7aa117a1f98c7a682f8112cb6d
SHA1536e7c49e24e9aa068a021a8f258e3e4e69fa64f
SHA256e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01
SHA5125e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8
-
C:\Program Files (x86)\Microsoft\Temp\EU3BA8.tmp\msedgeupdateres_as.dllFilesize
28KB
MD5a8d3210e34bf6f63a35590245c16bc1b
SHA1f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693
SHA2563b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766
SHA5126e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a
-
C:\Program Files (x86)\Microsoft\Temp\EU3BA8.tmp\msedgeupdateres_az.dllFilesize
29KB
MD57937c407ebe21170daf0975779f1aa49
SHA14c2a40e76209abd2492dfaaf65ef24de72291346
SHA2565ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9
SHA5128670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7
-
C:\Program Files (x86)\Microsoft\Temp\EU3BA8.tmp\msedgeupdateres_bg.dllFilesize
29KB
MD58375b1b756b2a74a12def575351e6bbd
SHA1802ec096425dc1cab723d4cf2fd1a868315d3727
SHA256a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105
SHA512aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19
-
C:\Program Files (x86)\Microsoft\Temp\EU3BA8.tmp\msedgeupdateres_bn-IN.dllFilesize
29KB
MD5a94cf5e8b1708a43393263a33e739edd
SHA11068868bdc271a52aaae6f749028ed3170b09cce
SHA2565b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c
SHA512920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7
-
C:\Program Files (x86)\Microsoft\Temp\EU3BA8.tmp\msedgeupdateres_bn.dllFilesize
29KB
MD57dc58c4e27eaf84ae9984cff2cc16235
SHA13f53499ddc487658932a8c2bcf562ba32afd3bda
SHA256e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98
SHA512bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc
-
C:\Program Files (x86)\Microsoft\Temp\EU3BA8.tmp\msedgeupdateres_en.dllFilesize
27KB
MD54a1e3cf488e998ef4d22ac25ccc520a5
SHA1dc568a6e3c9465474ef0d761581c733b3371b1cd
SHA2569afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011
SHA512ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245
-
C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exeFilesize
5.4MB
MD5f899ed8284f9df71e4dd43b152dd60e9
SHA1715796f8e8c83699dc2672f5acee91dce08715cf
SHA2568d886a250762d21047a8a579251909225f5adab2e372a7f03e2c1c8c3d294152
SHA51249b6ec6cc9b7256a19ec18ae5045fb01118b5ae1b2aa5b6e4d9b66daca8b7b3dcbfdde84c20a416378ece260fbb06addaed2c3d6af7eaff4958934fbb81dd796
-
C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exeFilesize
1.5MB
MD5610b1b60dc8729bad759c92f82ee2804
SHA19992b7ae7a9c4e17a0a6d58ffd91b14cbb576552
SHA256921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08
SHA5120614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4
-
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.logFilesize
196KB
MD5c15dd9a5d569de6fcd4bad53b369c39f
SHA167ef35e99d3b6dce85027ce7e3cdfac7652fb8a4
SHA25646a1dce0f406128e0d4eac5fcd95ee04e4602c1119dace21c0e15edca570b319
SHA5121d437296aa74f804d2633b089c916f45c9057ce5cec3546cbb7c1f78b490da0260e65b1ef98ef7f73560af1014d123941588e9499165abb233fa397027c2cb42
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000dFilesize
97KB
MD5a3646b347a22cde6b33f6b7d32e22516
SHA12922b0709b51672bc206aae983742c68a5346f2e
SHA2566e2b727c15a6dc6eafeeb252181d62deedf3c460e6a756531f901986ce3c0896
SHA512f842410f5466aaea1fa749c218240ab9f2a978d7a0a91501ea5af9e38a620d55d0b33e58078a8d15c2d5f6c54e44090286d63ec2f83eb04f3e4fa90e2961fcd1
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000d6Filesize
51KB
MD5588ee33c26fe83cb97ca65e3c66b2e87
SHA1842429b803132c3e7827af42fe4dc7a66e736b37
SHA256bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760
SHA5126f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
5KB
MD5fbdf699db6abae4c9318c1353acec59b
SHA108bb1c69383b025ea3db9d77d6b7cfc12575d578
SHA256cd8f78361dd853b424b725cbc4187c253b2b08da0aece283524c0da3591841e1
SHA51258c1bbc7a8db5c5f616df7827faacaa0a223a1cd4a034c1093f15bf90e0447b29bc08ef4394f585cc4ce24209c42e26844703caa42d43d9f80743253c8c1be2f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001Filesize
23B
MD53fd11ff447c1ee23538dc4d9724427a3
SHA11335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA51210a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\6d2334ca-229b-4a36-a016-3304ae18c19f.tmpFilesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
9KB
MD5fdbd754bfd3ea95b2b196adea0c65ddb
SHA188327ae87e57ba1d8ba87f1ad2d6db90e7edd4ab
SHA25682b3902b3ba3bd521deaf3512a49d00a453b91d64188672e4865183220f736c2
SHA5121bead9fb83287eb376b9bb886efe717dacb7b26ed6e9a59b99fe2cd087b810d9a9ac3500934060a0fa5e3485f7458a2094e15dc99e37e2ef258968f14c08c1c6
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
4KB
MD51d83bbbcbbb5855fcd0f6e5740451a1f
SHA176f97370008c0e43c0522a4895babdb9ce130870
SHA2568b0eea39ef6083fedc8fc718979228276d7749dc3564ba1ce89f66865f5645e8
SHA512d9c5d0cac485624cfd7d27e39e1c3d791e69d147245974d20165ff394697b9ec80b2f055babc20a51b3efe7905343e238c9096db808464e9ae1cf0494cb1f8f7
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
4KB
MD5462147640337de064ac20dad0e049c5f
SHA12f3c330d76b6517b6aedc70eb30f3138d9e24093
SHA256b63a5f29818cae905a797c74b70936c203e334443c7a17853ef92ecbd7b7c797
SHA5126205ac8c2524d59f30b1bf13b1fd4c6711dc8ceebb8c6ab62337e196a02735537ad242e84b7cdd30d505cec6c7859b9ad3deab901e5ff39297d788760eb44c8c
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
2KB
MD55839cf6b0051e9ae446ec8fdc1bd1bd8
SHA10e9b3eefe3cba2011a50c276d485b8aac30045fc
SHA256d334d3c306f0e72369baa452194ecee63441fa72471103745957e5f2147f2743
SHA512ca89504d431d6f22ad3dff8adccaf15912576266f46beef9685b460ee436b324074e46e93103b4e590b3b12b0f5bd9d069b74e86c544b8a34aafa9876297e0bc
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD5a8a9cbbabe1866f4756f8580a7b9e392
SHA1d7c95737833cbe3335615229c4765e0e7a9ac3bc
SHA256ae47ca5bd02ba4b21317ac98ebe5f0b7ac5fe1bb7bbef126cac091dd7ca0e754
SHA512416b5828f8fc314bfa19775dcdc1d85f22843977ae3f747ead1fdf3f2e310100be429dd40f94be4bd7e3c4b2bf756b6bd0ebe168c3bb26921b55d9742a6b031f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
4KB
MD53731a9e5458ece9433791e0eb77c592e
SHA15d812923d2216bd594789638affbf28c04866d1e
SHA2561667af5f1e058f414969fe94c12fe543a196b51ff967de5532172bbcc9d2b420
SHA5126d1084a106b7a98606db271de46a37f12c8fe54dc8600dffb1d62b4c234b57f72ccb91655615a5127f5cf3543cb3ae65bb80b587b170fa6d1a261c07fdca17e9
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
4KB
MD58b34833cb61996077741b63ab40c704f
SHA1911c3c840c0f438710ee5215816f4ff7fba298fa
SHA256dae64e303221fb6ffd7db3fe91532517aae200129b9a4d5e72cc30ed5114f726
SHA512ed5e8fa302106caa6f365022aa70d019b5c04321577d56caf55c6f5b70bccca089ebbe8a496203a7ac284739d04fedb46a38f83f6d8991950aabbb91f1dcdbb3
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
4KB
MD503f5c70d72eb08607bf71769c61a8609
SHA17606ca4b2c3c2c16571def9fadbd6823aaa3137f
SHA2562c87c0505dec1399b27eb7dc98e2f7f23b0dfad8ec518ca2de30c151717c7a1d
SHA512458cdd65514c7e8f975560791ff2b2159ca36fb9cde423457a89ae4542414d61c66d0138f20488387efd8703387a31f54f1e44f1876fddba223a693ec8191af9
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
4KB
MD52649fd95fc57cf174756db5edeef50fd
SHA1450e4fb28509878772251dbe689ea1c492ed6877
SHA25647dc2380befc913029823090ca6411042cd9da309317e1a23109f72b72722fa9
SHA5128fce10f538fe2842113d9633c60f6e1fb9047fe616554bbfb00e69ecfe47f00b4735136d36364a8362e8bf18889a0884b6ace3cd02d36c7cc257074c3a1eec1c
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
4KB
MD5ae7a249176576da396baa8aac799168e
SHA1f3f79ffe3d688f9d9663ae8360e7ddcd28cd8566
SHA2568a81302e48117abd1d00b5e7b93c71200371a3f0f036e9731ec232aae9fedfd6
SHA512872b8aa398ad16f5302dae6169a17d2fcd8ff6e54a44fcf2af1f964195fcf39edbee3b16f6e547f24c30ae33475b3d4aa6671a74012b431d28135dffd6d98390
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD58c3ea7b5636995454eb2fe99fde2493e
SHA13016100965eafa0f72459e1d06bbbace52914bd7
SHA256355c4bf12ca65c1dd6eb287268b0351dd548b2cafa041731fa4b564bd4ffbdfe
SHA51250cd501af48bdf75360ffeda1f307abfd3fa25c58534839e17bfa60e9f9c1dc4953e85e44bdfec0a3e160c5df8ebc3f3ddfac2eaa3ed27efe2c35102d49afd6c
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD586b3539583f8bf7b1880115346235bba
SHA1e8ccde1813be0f7f8dc78de090a05a0d055b73ef
SHA256d7cc47130aff16daf7453b64c968790b52f645a6f3143bc04f33a43159d08007
SHA512539338f8dc1fd23042afdf06e58891aab4814ab4e16205725976656a17dec325e215e9e0432130d404a37eb004ac366f8dba31f1252a1b7f1b3119081971ad6e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD5cc1af20d40ebd8a63b4a3573bed7f5bc
SHA19b7486098ea640ad5a90692e537c095df4a2ea7f
SHA25616aea2242ca236c8cf73c145a0446fe64dd4d47fc8334511ecbb96094d72458b
SHA512d259db7ca308bf4c1ed3a1bcb5bcb6e5d038311a2042cc2f56030906815de1d0f2eaea7a2d83556378174799d62b20e23acd1865a2431b0b7ef71514a14a4f0e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure PreferencesFilesize
16KB
MD543a4a9f2081ae42998e511acd6391b3f
SHA173cf822cec4dd813564efb5afbbb632ff4761bb0
SHA256c9c11ca9581015b5456eb5e08ff7d71d4fa7f256a7906e509655d15e779a3565
SHA512c84e4d50dc1746a92c8c9d0a3e9b9c813ebce7a432a92111b840ca0253be982abc98cb8dda206020f0684b0c1f094f77dca61d44e5da641e44128cc279754dbf
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
276KB
MD56fa12019133fadb3525f5eeb3a2e0132
SHA11102ae76cc8bc24e9c7ab08d0906da274953d5e0
SHA256d160f4d5252e31d9d203ce6bb6038dae73d5d4267cb9ec120dcf2e88667e8810
SHA512f9b992cb7ffcf7478f4108f956d1f94aa43555d6a4b1fdf15d22666851d967f40c5e8bbe9e7c36d26f7cdf8ed3dbc42287c9847a8472c6a03d990a2146b7f1ba
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info CacheFilesize
93KB
MD53c702e23a903334e63085495ca425985
SHA1ffda07c76b4569faebe5ae1a226cf6a5b1a57b70
SHA256fea9d1ed5fc6490c8c61a031702f6074dcfa4d6c28ca98f657710808263821ca
SHA512429b9b93bc0d1958d5ed4bcb33b8e9ab088154e37c7752dd9942907251bff9f2e3125d71382969f4e7a19b0a2d04853fa3fda1e59dd5b2484ec9c83e8c842afd
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info CacheFilesize
104KB
MD5132af561cf90f1a79e1374322d86b5db
SHA12843367b6edf3a6afae8a2ca19db8ac876fd5824
SHA2569d1c8b66401138bfd4fc4ff4f8729ba5e45359689f4427ca01e31dcba3bb4b9b
SHA5124a635148e9d04fa6a9bb73feffac5ff312ba4de1aee61a10745c4b4de3e251cb4f5d04d5862b2a968e734b54d6b0683fb37f29edd4d00c23f286fafdd9044dfb
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58627e.TMPFilesize
89KB
MD582324359b76112146675288ee3100200
SHA14ebefbd43a8ee19df2cca4891046b02cf42bbdbf
SHA256e2a1588a3d78a6f0bc1ea5094027496d1ff78f7b84e070874975c1feb8364351
SHA512991b1bbdd8474d8630519ff12bae3d1c274ea914e214d6a927ead1f5762950cfadbf4c41e87e6db7a1b0cd8443e05c4d28faa5585188bd28a1c02a8603212029
-
C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\e602387055ae7b12c23fbeefeb417682Filesize
5.8MB
MD5e602387055ae7b12c23fbeefeb417682
SHA14efa866cca9693eafb65a6babfebd64bf99037da
SHA2568df68686863894e7f47069b854d07d6eb449269f527c09433495efb130f33dde
SHA51287ee31aaf7929c3ef6ddad322727185efe0702f239d81eeda85ff0bc5c873316a660129aecc3bde5809de1449efd5de0f458db27610d126a69dddf35d38c27f3
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Core.dllFilesize
488KB
MD5851fee9a41856b588847cf8272645f58
SHA1ee185a1ff257c86eb19d30a191bf0695d5ac72a1
SHA2565e7faee6b8230ca3b97ce9542b914db3abbbd1cb14fd95a39497aaad4c1094ca
SHA512cf5c70984cf33e12cf57116da1f282a5bd6433c570831c185253d13463b0b9a0b9387d4d1bf4dddab3292a5d9ba96d66b6812e9d7ebc5eb35cb96eea2741348f
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.WinForms.dllFilesize
37KB
MD54cf94ffa50fd9bdc0bb93cceaede0629
SHA13e30eca720f4c2a708ec53fd7f1ba9e778b4f95f
SHA25650b2e46c99076f6fa9c33e0a98f0fe3a2809a7c647bb509066e58f4c7685d7e6
SHA512dc400518ef2f68920d90f1ce66fbb8f4dde2294e0efeecd3d9329aa7a66e1ab53487b120e13e15f227ea51784f90208c72d7fbfa9330d9b71dd9a1a727d11f98
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Wpf.dllFilesize
43KB
MD534ec990ed346ec6a4f14841b12280c20
SHA16587164274a1ae7f47bdb9d71d066b83241576f0
SHA2561e987b22cd011e4396a0805c73539586b67df172df75e3dded16a77d31850409
SHA512b565015ca4b11b79ecbc8127f1fd40c986948050f1caefdd371d34ed2136af0aabf100863dc6fd16d67e3751d44ee13835ea9bf981ac0238165749c4987d1ae0
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\get-intrinsic\.nycrcFilesize
139B
MD5d0104f79f0b4f03bbcd3b287fa04cf8c
SHA154f9d7adf8943cb07f821435bb269eb4ba40ccc2
SHA256997785c50b0773e5e18bf15550fbf57823c634fefe623cd37b3c83696402ad0a
SHA512daf9b5445cfc02397f398adfa0258f2489b70699dfec6ca7e5b85afe5671fdcabe59edee332f718f5e5778feb1e301778dffe93bb28c1c0914f669659bad39c6
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\has-proto\.eslintrcFilesize
43B
MD5c28b0fe9be6e306cc2ad30fe00e3db10
SHA1af79c81bd61c9a937fca18425dd84cdf8317c8b9
SHA2560694050195fc694c5846b0a2a66b437ac775da988f0a779c55fb892597f7f641
SHA512e3eca17804522ffa4f41e836e76e397a310a20e8261a38115b67e8b644444153039d04198fb470f45be2997d2c7a72b15bd4771a02c741b3cbc072ea6ef432e9
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\hasown\.nycrcFilesize
216B
MD5c2ab942102236f987048d0d84d73d960
SHA195462172699187ac02eaec6074024b26e6d71cff
SHA256948366fea3b423a46366326d0bb2e54b08abd1cf0b243678ba6625740c40da5a
SHA512e36b20c16ceeb090750f3865efc8d7fd983ae4e8b41c30cc3865d2fd4925bf5902627e1f1ed46c0ff2453f076ef9de34be899ef57754b29cd158440071318479
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\vary\LICENSEFilesize
1KB
MD513babc4f212ce635d68da544339c962b
SHA14881ad2ec8eb2470a7049421047c6d076f48f1de
SHA256bd47ce7b88c7759630d1e2b9fcfa170a0f1fde522be09e13fb1581a79d090400
SHA51240e30174433408e0e2ed46d24373b12def47f545d9183b7bce28d4ddd8c8bb528075c7f20e118f37661db9f1bba358999d81a14425eb3e0a4a20865dfcb53182
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\VCRUNTIME140.dllFilesize
99KB
MD57a2b8cfcd543f6e4ebca43162b67d610
SHA1c1c45a326249bf0ccd2be2fbd412f1a62fb67024
SHA2567d7ca28235fba5603a7f40514a552ac7efaa67a5d5792bb06273916aa8565c5f
SHA512e38304fb9c5af855c1134f542adf72cde159fab64385533eafa5bb6e374f19b5a29c0cb5516fc5da5c0b5ac47c2f6420792e0ac8ddff11e749832a7b7f3eb5c8
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\WebView2Loader.dllFilesize
133KB
MD5a0bd0d1a66e7c7f1d97aedecdafb933f
SHA1dd109ac34beb8289030e4ec0a026297b793f64a3
SHA25679d7e45f8631e8d2541d01bfb5a49a3a090be72b3d465389a2d684680fee2e36
SHA5122a50ae5c7234a44b29f82ebc2e3cfed37bf69294eb00b2dc8905c61259975b2f3a059c67aeab862f002752454d195f7191d9b82b056f6ef22d6e1b0bb3673d50
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Wpf.Ui.dllFilesize
5.2MB
MD5aead90ab96e2853f59be27c4ec1e4853
SHA143cdedde26488d3209e17efff9a51e1f944eb35f
SHA25646cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed
SHA512f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\bin\path.txtFilesize
49B
MD56b09afc61af8884f2fc6204922e970be
SHA1fe3da40f27e8dc2b8e2392c9590666982fff3398
SHA256f99a87a0c9006940f0d9efa1331d253dcf56016c82f4e266b507c303bb8493a6
SHA51269ac27dbd690d1919a5da98e5f427328147c18a338596a0cf7ccb2cd09594da388fc4bb5df660bb4ca5a630f3ffc3ee3783b24c262683d2c5992db2f1abca8ea
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.dllFilesize
4.1MB
MD5c2bde3ba169916206ef61ce2af29abd5
SHA19ea8cc423fdd68280988d94f2eac468e445d34f8
SHA2562099337afdfc49b325763e2e741253aac15c195e0010039a625459e8ea1ac526
SHA512442e5935be20dd345fb9940113a7db2e06649eb36fc79a4b7128e3054c8a27a34c62b826397b2d46810ea32f3b2d8367bb375b7996019fcbc2d400dff5f21ca0
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exeFilesize
86KB
MD5d213a75b1956398e4c36bcc2f93339bf
SHA16a2739cc0e67f5593c744fbcbc8f00f12eef9954
SHA256ece75d080f94df4b3699389021337b1536cfed229d1325f09b03f0b0d6d85ab4
SHA512d32ddaf4c6f8f8df6c390d683e6c039f3b0d8f35f68f690b28bf88b17caedf0e11abd3aeb2e46238d0cd0a91b2db095cca0782b4e27f04453ea4cb6db38f4dd7
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\libcurl.dllFilesize
522KB
MD5e31f5136d91bad0fcbce053aac798a30
SHA1ee785d2546aec4803bcae08cdebfd5d168c42337
SHA256ee94e2201870536522047e6d7fe7b903a63cd2e13e20c8fffc86d0e95361e671
SHA512a1543eb1d10d25efb44f9eaa0673c82bfac5173055d04c0f3be4792984635a7c774df57a8e289f840627754a4e595b855d299070d469e0f1e637c3f35274abe6
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\zlib1.dllFilesize
113KB
MD575365924730b0b2c1a6ee9028ef07685
SHA1a10687c37deb2ce5422140b541a64ac15534250f
SHA256945e7f5d09938b7769a4e68f4ef01406e5af9f40db952cba05ddb3431dd1911b
SHA512c1e31c18903e657203ae847c9af601b1eb38efa95cb5fa7c1b75f84a2cba9023d08f1315c9bb2d59b53256dfdb3bac89930252138475491b21749471adc129a1
-
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dicFilesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exeFilesize
5.4MB
MD5a0396f9bb5e0144808cc7c7fda47e682
SHA176bef1c55c6f288ca5988d344c4e92ee8f3a6329
SHA256b5d35eaf2ca4befb5ac6de8680609c9a86fdc257b49d21ce4c8d17eddaa1b51a
SHA512dd49140d4661d813501d67c44d5fedd6bdc7ce731242fb33973b0b7a5b603344682fe1bc393fcf9fe3f5ad10ed9f1de7dbc42c66ec16b84063fe535f288ab7e0
-
\??\pipe\crashpad_1220_DORKGSFMNDAVHBGDMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/632-5-0x0000000005590000-0x00000000055A2000-memory.dmpFilesize
72KB
-
memory/632-2-0x0000000002530000-0x000000000253A000-memory.dmpFilesize
40KB
-
memory/632-3-0x00000000749D0000-0x0000000075180000-memory.dmpFilesize
7.7MB
-
memory/632-0-0x00000000749DE000-0x00000000749DF000-memory.dmpFilesize
4KB
-
memory/632-1473-0x00000000749D0000-0x0000000075180000-memory.dmpFilesize
7.7MB
-
memory/632-1-0x00000000000C0000-0x00000000000CA000-memory.dmpFilesize
40KB
-
memory/1464-2816-0x0000000073340000-0x0000000073550000-memory.dmpFilesize
2.1MB
-
memory/1464-2815-0x0000000000CF0000-0x0000000000D25000-memory.dmpFilesize
212KB
-
memory/4128-1475-0x000001C574470000-0x000001C5749AC000-memory.dmpFilesize
5.2MB
-
memory/4128-1570-0x0000000180000000-0x0000000180AC0000-memory.dmpFilesize
10.8MB
-
memory/4128-1477-0x000001C573F30000-0x000001C573FEA000-memory.dmpFilesize
744KB
-
memory/4128-1501-0x00007FFD8D3C0000-0x00007FFD8DE81000-memory.dmpFilesize
10.8MB
-
memory/4128-1472-0x000001C558040000-0x000001C55805A000-memory.dmpFilesize
104KB
-
memory/4128-1480-0x00007FFD8D3C0000-0x00007FFD8DE81000-memory.dmpFilesize
10.8MB
-
memory/4128-1471-0x00007FFD8D3C3000-0x00007FFD8D3C5000-memory.dmpFilesize
8KB
-
memory/4128-1479-0x000001C572660000-0x000001C57266E000-memory.dmpFilesize
56KB
-
memory/4128-1482-0x000001C5749B0000-0x000001C574A2E000-memory.dmpFilesize
504KB
-
memory/4128-1476-0x00007FFD8D3C0000-0x00007FFD8DE81000-memory.dmpFilesize
10.8MB
-
memory/4128-1565-0x00007FFD8D3C0000-0x00007FFD8DE81000-memory.dmpFilesize
10.8MB
-
memory/4128-1502-0x00007FFD8D3C0000-0x00007FFD8DE81000-memory.dmpFilesize
10.8MB
-
memory/4128-1500-0x00007FFD8D3C3000-0x00007FFD8D3C5000-memory.dmpFilesize
8KB
-
memory/4128-1499-0x000001C578ED0000-0x000001C578EDE000-memory.dmpFilesize
56KB
-
memory/4128-1498-0x000001C578F00000-0x000001C578F38000-memory.dmpFilesize
224KB
-
memory/4128-1497-0x000001C574450000-0x000001C574458000-memory.dmpFilesize
32KB
-
memory/4128-1494-0x0000000180000000-0x0000000180AC0000-memory.dmpFilesize
10.8MB
-
memory/4128-1493-0x00007FFD8D3C0000-0x00007FFD8DE81000-memory.dmpFilesize
10.8MB