Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    720s
  • max time network
    726s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/08/2024, 20:20

General

  • Target

    https://arceusx.com/

Score
3/10

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • System Location Discovery: System Language Discovery 1 TTPs 16 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
  • Modifies registry class 11 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 32 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 58 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://arceusx.com/
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1776
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8bcd146f8,0x7ff8bcd14708,0x7ff8bcd14718
      2⤵
        PID:3996
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,6766062869234474172,5180283554456863396,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
        2⤵
          PID:3564
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,6766062869234474172,5180283554456863396,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2424 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:756
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,6766062869234474172,5180283554456863396,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
          2⤵
            PID:3584
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6766062869234474172,5180283554456863396,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
            2⤵
              PID:2912
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6766062869234474172,5180283554456863396,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
              2⤵
                PID:3900
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,6766062869234474172,5180283554456863396,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:8
                2⤵
                  PID:3548
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,6766062869234474172,5180283554456863396,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:1140
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6766062869234474172,5180283554456863396,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
                  2⤵
                    PID:3884
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6766062869234474172,5180283554456863396,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
                    2⤵
                      PID:560
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6766062869234474172,5180283554456863396,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
                      2⤵
                        PID:1928
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6766062869234474172,5180283554456863396,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
                        2⤵
                          PID:3220
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6766062869234474172,5180283554456863396,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
                          2⤵
                            PID:5240
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6766062869234474172,5180283554456863396,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
                            2⤵
                              PID:5364
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6766062869234474172,5180283554456863396,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
                              2⤵
                                PID:5372
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6766062869234474172,5180283554456863396,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1
                                2⤵
                                  PID:5956
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2096,6766062869234474172,5180283554456863396,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6196 /prefetch:8
                                  2⤵
                                    PID:6060
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,6766062869234474172,5180283554456863396,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6352 /prefetch:8
                                    2⤵
                                      PID:4944
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6766062869234474172,5180283554456863396,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
                                      2⤵
                                        PID:2952
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,6766062869234474172,5180283554456863396,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 /prefetch:2
                                        2⤵
                                        • Suspicious behavior: EnumeratesProcesses
                                        PID:5204
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,6766062869234474172,5180283554456863396,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
                                        2⤵
                                        • Suspicious behavior: EnumeratesProcesses
                                        PID:3480
                                      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\Roblox.Arceus.X.NEO.1.3.9.apk"
                                        2⤵
                                        • System Location Discovery: System Language Discovery
                                        • Checks processor information in registry
                                        • Modifies Internet Explorer settings
                                        • Suspicious use of SetWindowsHookEx
                                        PID:5792
                                        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
                                          3⤵
                                          • System Location Discovery: System Language Discovery
                                          PID:2808
                                          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                            "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8C9FA337CDEC1828467BD0F7103E4B94 --mojo-platform-channel-handle=1724 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                                            4⤵
                                            • System Location Discovery: System Language Discovery
                                            PID:4788
                                          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                            "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=5F198EA780091A52B2F29C8C6244F5A9 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=5F198EA780091A52B2F29C8C6244F5A9 --renderer-client-id=2 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job /prefetch:1
                                            4⤵
                                            • System Location Discovery: System Language Discovery
                                            PID:4384
                                          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                            "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=BC6D8723168BCC5414B7517FAB6FFF88 --mojo-platform-channel-handle=2276 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                                            4⤵
                                            • System Location Discovery: System Language Discovery
                                            PID:5004
                                          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                            "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=FC110CC0B909A4EB79D85371D2A617D5 --mojo-platform-channel-handle=1836 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                                            4⤵
                                            • System Location Discovery: System Language Discovery
                                            PID:3084
                                          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                            "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=4253F6BCDADAA2803B0BD2588103BB48 --mojo-platform-channel-handle=1712 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                                            4⤵
                                            • System Location Discovery: System Language Discovery
                                            PID:4100
                                    • C:\Windows\System32\CompPkgSrv.exe
                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                      1⤵
                                        PID:4740
                                      • C:\Windows\System32\CompPkgSrv.exe
                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                        1⤵
                                          PID:888
                                        • C:\Windows\system32\AUDIODG.EXE
                                          C:\Windows\system32\AUDIODG.EXE 0x4a4 0x40c
                                          1⤵
                                            PID:6100
                                          • C:\Windows\system32\OpenWith.exe
                                            C:\Windows\system32\OpenWith.exe -Embedding
                                            1⤵
                                            • Modifies registry class
                                            • Suspicious use of SetWindowsHookEx
                                            PID:6024
                                          • C:\Windows\System32\rundll32.exe
                                            C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                            1⤵
                                              PID:3540
                                            • C:\Windows\system32\OpenWith.exe
                                              C:\Windows\system32\OpenWith.exe -Embedding
                                              1⤵
                                              • Modifies registry class
                                              • Suspicious behavior: GetForegroundWindowSpam
                                              • Suspicious use of SetWindowsHookEx
                                              PID:5924
                                              • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\Roblox.Arceus.X.NEO.1.3.9.apk"
                                                2⤵
                                                • System Location Discovery: System Language Discovery
                                                • Checks processor information in registry
                                                • Modifies Internet Explorer settings
                                                • Suspicious behavior: EnumeratesProcesses
                                                • Suspicious use of SetWindowsHookEx
                                                PID:6128
                                                • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
                                                  3⤵
                                                  • System Location Discovery: System Language Discovery
                                                  PID:1936
                                                  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E79B4B43FF905B0BA759CE2F15EC8B64 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                                                    4⤵
                                                    • System Location Discovery: System Language Discovery
                                                    PID:876
                                                  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=721B33E453B8FBAA5BBD1582568B00C9 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=721B33E453B8FBAA5BBD1582568B00C9 --renderer-client-id=2 --mojo-platform-channel-handle=1764 --allow-no-sandbox-job /prefetch:1
                                                    4⤵
                                                    • System Location Discovery: System Language Discovery
                                                    PID:5780
                                                  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=5CAC32ACFA42A7AE424D2C52BEDFC840 --mojo-platform-channel-handle=2320 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                                                    4⤵
                                                    • System Location Discovery: System Language Discovery
                                                    PID:4360
                                                  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A557C83E196DFC807DC21857B1722592 --mojo-platform-channel-handle=2424 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                                                    4⤵
                                                    • System Location Discovery: System Language Discovery
                                                    PID:5700
                                                  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=1228B1CA491E4B0A775BB79AE0B5B3B7 --mojo-platform-channel-handle=2524 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                                                    4⤵
                                                    • System Location Discovery: System Language Discovery
                                                    PID:5220
                                                  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=6199CFC881C49885EED0278C8D079B24 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=6199CFC881C49885EED0278C8D079B24 --renderer-client-id=8 --mojo-platform-channel-handle=1828 --allow-no-sandbox-job /prefetch:1
                                                    4⤵
                                                    • System Location Discovery: System Language Discovery
                                                    PID:3124
                                            • C:\Windows\System32\CompPkgSrv.exe
                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                              1⤵
                                                PID:5660
                                              • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\Roblox.Arceus.X.NEO.1.3.9.apk"
                                                1⤵
                                                • System Location Discovery: System Language Discovery
                                                • Checks processor information in registry
                                                • Suspicious use of SetWindowsHookEx
                                                PID:5736
                                              • C:\Windows\system32\OpenWith.exe
                                                C:\Windows\system32\OpenWith.exe -Embedding
                                                1⤵
                                                • Modifies registry class
                                                • Suspicious behavior: GetForegroundWindowSpam
                                                • Suspicious use of SetWindowsHookEx
                                                PID:532
                                                • C:\Windows\system32\NOTEPAD.EXE
                                                  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Roblox.Arceus.X.NEO.1.3.9.apk
                                                  2⤵
                                                  • Opens file in notepad (likely ransom note)
                                                  PID:4908

                                              Network

                                              MITRE ATT&CK Enterprise v15

                                              Replay Monitor

                                              Loading Replay Monitor...

                                              Downloads

                                              • C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1

                                                Filesize

                                                264KB

                                                MD5

                                                7c4a8901907580578b272edfee955331

                                                SHA1

                                                9a17531bbf1987bc7cf494f111ea8ef28fadd2b1

                                                SHA256

                                                2c42d3ea099497918e1cca7740b0c117fef10aabf47df7fa47972d76b1c0798a

                                                SHA512

                                                881ee4a15e28ced9b12cada6fbf489f698d1820b23a212e353b7a9f2b91d31463a64c98aa4a5e35e3021e1e1239e770b7a2e0003597e3dcdda275c2c45d4565e

                                              • C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                                                Filesize

                                                292B

                                                MD5

                                                57351ec0f0f9934ead2e97483d3f870c

                                                SHA1

                                                20268f342528b380a0b912f1c48d75b5e2b4a034

                                                SHA256

                                                91a175ed4cc0ed29a3d01b74c56e1a42cf801b0e32219db4fd2a5b47adff613b

                                                SHA512

                                                77dc8e15996f2674609ed4851497a6c25927181dff254e3bfdd1f1b7c9528c99ac6cf458ec926eddf5f389a04d867cdc80bc02a8a8dbe998ced9b44dcf798b29

                                              • C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links

                                                Filesize

                                                128KB

                                                MD5

                                                61b8304e0b5b6e4d3d708bbd8bacdd16

                                                SHA1

                                                f81359fc4a1e070c4c4b3dc8f9106960f17fbea0

                                                SHA256

                                                482937b8d5e1ca67519b50a7e8fde79b329a0edbaed70de09293dc24c2531fbf

                                                SHA512

                                                2a2b48267f6b0678effedaad51bd330dfcfb99cb075ba05a5749c1b325029c9eef5ce2a20b675f5cb215d1f7938c677564eb6a9518a0201c0a11eb73d0879f09

                                              • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                                                Filesize

                                                36KB

                                                MD5

                                                b30d3becc8731792523d599d949e63f5

                                                SHA1

                                                19350257e42d7aee17fb3bf139a9d3adb330fad4

                                                SHA256

                                                b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

                                                SHA512

                                                523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

                                              • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                                                Filesize

                                                56KB

                                                MD5

                                                752a1f26b18748311b691c7d8fc20633

                                                SHA1

                                                c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

                                                SHA256

                                                111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

                                                SHA512

                                                a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

                                              • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                                                Filesize

                                                64KB

                                                MD5

                                                b1fc0d8cf2da5163ffecdab7749ac92d

                                                SHA1

                                                a4421c1bcf2b5935c627515ac72dcd7042c09d95

                                                SHA256

                                                33c55f88a393b7b298e82c20390fd201b9167a58a56b05a99e014be23268ab14

                                                SHA512

                                                0c83eb8943793cfe8970723b9a6a393092e8df4e3fa841aceeb6b91cc13273addece78ae429c38ec9be558eb633cf2ddb06b1e5d2aa78c4b08cca4f0d5673390

                                              • C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat

                                                Filesize

                                                240KB

                                                MD5

                                                4d4396a6d756b9363888d25501ceb016

                                                SHA1

                                                c15314ebd246b93eae4264645c0a4554588f1889

                                                SHA256

                                                3650550a5da88de7cc1176c4b0c56423a5e56b2584b99603e41174301e60c749

                                                SHA512

                                                6e281c918133f46ebc10cb98dc9c3d156e4dc452d0b4e7aa7010984878c809fea9c0ae8e994456d21fbd91e33645422a7d2639ddedaf91cce592490a819a0530

                                              • C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                                                Filesize

                                                12KB

                                                MD5

                                                8ef636b32b9ce6f078d22bd908d008d1

                                                SHA1

                                                71eadd2fa6433fa4964658232ff172e051aced7f

                                                SHA256

                                                d991c976db81d03c15128ee834a7c42d93788db00e37a2ebe0b8ebde77dee0df

                                                SHA512

                                                84957cb8db1776ee7aeeb5648c5f3f6e1d664c12390dcd5a1126b63c442023ef317348270181e92aff37de72c12fff5934be7a63848d346daac9ea605a9c6e64

                                              • C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\UserCache.bin

                                                Filesize

                                                39KB

                                                MD5

                                                5faaa78e13841482cf3844a342eb79f7

                                                SHA1

                                                6ad611f8048dc998a1bceb89821d1def82bd93d3

                                                SHA256

                                                f4f5f52c905094d0384c05814517c9ccb07cbbbab498aaeeab4011d7499b2cfe

                                                SHA512

                                                5c9b53d29cd4c8c10faa7f1c32a874ab401044b60915a928ddeae883f615700cfd61f5b000540789d659ae5fe1f46b9b94d65b445515b30476a1f07e20d13609

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                Filesize

                                                152B

                                                MD5

                                                ab8ce148cb7d44f709fb1c460d03e1b0

                                                SHA1

                                                44d15744015155f3e74580c93317e12d2cc0f859

                                                SHA256

                                                014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

                                                SHA512

                                                f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                Filesize

                                                152B

                                                MD5

                                                38f59a47b777f2fc52088e96ffb2baaf

                                                SHA1

                                                267224482588b41a96d813f6d9e9d924867062db

                                                SHA256

                                                13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

                                                SHA512

                                                4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

                                                Filesize

                                                20KB

                                                MD5

                                                a6ad24daf242e845b5d55268bd5d1f9e

                                                SHA1

                                                dfd157ac56810ef2b816480bde8d5557665261e1

                                                SHA256

                                                8598c88986c155a9f89ba7a6a426f98fb2a8e6ec1cb3dd06ad75a33c7a9518e9

                                                SHA512

                                                c623261c1bea860b09efd48f0b623a39a18e483d6620c3ef03bf993467db0c3ce40905c568ac63be03162916f60a6e3447aa75aeaac1b97387d4cde29f463f57

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                Filesize

                                                2KB

                                                MD5

                                                e49650dfbe1160e7b248994af59242ad

                                                SHA1

                                                5ae8ab259514dfb2f277e6088918b26e1c90fc30

                                                SHA256

                                                1edf3eee0de86d7f1438e95a98ca1e474a9f33ce564245d12efa4eab94924d53

                                                SHA512

                                                7cdc966663682da683b9080f3129738239bec95f8e1aa5b62fcb078c193a5c8f6ff8a462a2ec873249db3f754562aea3742f6426bde1ac20204145443b323a64

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                Filesize

                                                4KB

                                                MD5

                                                4df34f695217a36545d2bb51e835332e

                                                SHA1

                                                ed8e518cd2c308b53a6e26ef81768b5f4bedbffe

                                                SHA256

                                                92de13cbf405971b5c6b955c7068246c910da72c8a08a5334324d24dc898575a

                                                SHA512

                                                be9ccb2990fcdf5855107199f7b93a27494f6d7b257ff897fee380df11285f5d6d4ac52264d061e97b9617ea53ca01bef102643b9ec094faa3d7bff6b2635a44

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                Filesize

                                                4KB

                                                MD5

                                                b1b8228df64402a94d1e30e7ba3dae11

                                                SHA1

                                                ae9b9491a9e98cba9ffd99abc7972beb2e8d2a10

                                                SHA256

                                                2fc215e434e0b8459d4b377bd3aaec3557f141b62275c044ba871e2098ac877c

                                                SHA512

                                                d4b8d51a8023528abc2bc9b104c2fb7ca99a6929087dd0ce467d2c309129705aeb6ff6faa4be4911bac3388bfbf43383969b5e6ec5ce5190026ad1b038ec01a3

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                Filesize

                                                6KB

                                                MD5

                                                4732e9a98f487d3c50ea595b0c16db9e

                                                SHA1

                                                99c45d099ffaf107cf415971471baa7b596ce1fd

                                                SHA256

                                                75ccb6625a60d18e577bad8616ec0148841462947d3655e10f43c9022711a28e

                                                SHA512

                                                f6d5037ca15aea61cb28c81753da7624854c80e6a7f9134318a5e1afb21c9d2a7add48ae026a5e4518144c6936225391220c723c5a541dc930eeb9b4eed3b181

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                Filesize

                                                7KB

                                                MD5

                                                12f9bbff6f0f5b36af4d8f49a9487f83

                                                SHA1

                                                cfabc5d525106bc48a375bb5ad82b5ef580d51ca

                                                SHA256

                                                2f759c50445773ec67cc016e782ae136ae620bf9490673cd01442c3d638b791a

                                                SHA512

                                                f660e3669744be1e497f7c78110cf43bc27afef1041724654dbb7e19eb4875b1768fb2f3ce89197b94368280be4d35ee45e8230de54f7c7694776cb372fac513

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                Filesize

                                                5KB

                                                MD5

                                                90d1f41d158f85bf968ff94417822074

                                                SHA1

                                                81fd006f10c798d99e08a147f6769ee61d6b4251

                                                SHA256

                                                69b61583e56b8d874d11156290b015729bb4221e11833230b6d93e88af0bc1e4

                                                SHA512

                                                152f2c6f2835020dbd00a0a36d5c05340727265771895620419cbaf6ae06559538c1dbb329c6a6ce4a5b656565c01cb62e25a4b922c407870e84295f0044b334

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                Filesize

                                                7KB

                                                MD5

                                                436eeb90384a94a64f47223e743392bd

                                                SHA1

                                                e0cc2e5332738026fc282ac5ed6ddeb54fb01366

                                                SHA256

                                                2b362f09f1c6789c88c7ec6abe7ec9f811ea6ff916140c6a1b4952ff69657caf

                                                SHA512

                                                2399956c9ecc6cadb25bc896b126b0847c9fe73364df49d722a272d072782b3671b4dadd757438707b07f35f65f699da2cfa713abd01b1b1decced20af779be8

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                Filesize

                                                705B

                                                MD5

                                                3ee16f910ad01f87f18310ec766c2b76

                                                SHA1

                                                ad2f06b44e43346a6052a6eb0379b1fcf674ed6b

                                                SHA256

                                                28c573892d2d36f3677eaea28ec551608ba046e2c7bc16008fb28af5c18a2b06

                                                SHA512

                                                2a3c564211bffd7c7f7027a2447be3efffc3b2c2e780cc0e9c013f1e61388bb36c7f9cf61844c8993c6b5ce1e4bfc245dd6adaeb469709cae1747b4c82100957

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57dd50.TMP

                                                Filesize

                                                538B

                                                MD5

                                                e452087324d5affceca43f2fd69d0e7d

                                                SHA1

                                                68f01055495287ea92cf45984739bdb911933f75

                                                SHA256

                                                c8756386c6442880b0c6a8937ab82e457178f0defd17df948c283af435722258

                                                SHA512

                                                7f66f4fd406a65933909301e2f8d54927b114c1de81b76148175f05f121da6aed5d4b63fd9e48e2cf35dc64c15cf76aabbda9862d9a9fd1fee81df82a43ccbe8

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                Filesize

                                                16B

                                                MD5

                                                6752a1d65b201c13b62ea44016eb221f

                                                SHA1

                                                58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                SHA256

                                                0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                SHA512

                                                9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                Filesize

                                                10KB

                                                MD5

                                                f2e9032dd8ed45a61fd77d806b6a23f8

                                                SHA1

                                                a0171f27f6741e5e65410eee30572a4d813378cb

                                                SHA256

                                                b4cca7c0da636c553f18f713762b23fd04675c3550c30cf0698217c4993556fb

                                                SHA512

                                                73d900d0addcefed25e0426ee1cc0f0113ec1b4b0081a7bab3a86eda89ea43b03dc29bc923958d1e873ba086682461e8695d58e548907a3ccc9fae8b58cab9e9

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                Filesize

                                                12KB

                                                MD5

                                                533299f72fe707011b1661b882304638

                                                SHA1

                                                9b2b26de519d1f10c3dbd744bcffb5950c34e031

                                                SHA256

                                                1034a620244967504f0b570387c0bd713ee689aaf3630f0cf10f2c77f1d1cd4a

                                                SHA512

                                                df9ba2f61432984860860abe7760f301f8de02e664ce21586789ec7791f35eb316d145abdd6a65dd5e6741e02edaf338d2459a07c55d2736db8ef950f0e70a98

                                              • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_store

                                                Filesize

                                                10KB

                                                MD5

                                                9d2bd5017b44aa52af1ff2010fe5f68d

                                                SHA1

                                                e91cd193e22948ba625f25ed3640c7680b1f50e8

                                                SHA256

                                                d17a4abc2687de6a0fca3eac2151c6cb41c8189752d6c5fd44e018ce6fc7e27f

                                                SHA512

                                                f7c4d4f6bd55240a3de9578bd861687bc0305e94eb7426a23f0afebc3d9ca93941f6e6c6117636fd4e392ca1190253ec9e2a937133b32720d5d670ba306f8281

                                              • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei

                                                Filesize

                                                23KB

                                                MD5

                                                02760f70afc1541bcea3a331da64cabc

                                                SHA1

                                                03fcea3b5ad22ff0bc0f0e7cd9b07db3dc447ed3

                                                SHA256

                                                9ebd1d17d34ad3beabec22c386436844041c8c032581f334958bdee9a5d3060d

                                                SHA512

                                                b27fdb7aea6e9588550388444ba721ccac670b32fb20d0527e84cfdf334a75f7be4f6052841019249a96b38742f4daaa929f1c11abe51e43bc96afb67af4a61d

                                              • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\TMDocs.sav

                                                Filesize

                                                36B

                                                MD5

                                                5c6b932a79952b4b27833691305e61db

                                                SHA1

                                                09804db0986a989c2c49cdcea563567fb4c7b1a0

                                                SHA256

                                                dee5a5925227b125f4ac6d9b70a277e6ec8494ffc73d1cce9e08cc7a78d6208a

                                                SHA512

                                                4faa9585bb10156d5dea3b62d3a3a1bfa92430ba6e1e3381fc4c76c3071c85e53d5cbce0016dba1d1f9ea1b7af37b4a4efbaf4f3106b7d958b6e2e90aa0df059