hxxps://drive[.]google[.]com/drive/folders/1A1WcU-ZaJi_GWB8VEiuGDLiJqLyMsdIp?usp=sharing

Analysis

max time kernel
306s
max time network
312s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
25-07-2024 11:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1A1WcU-ZaJi_GWB8VEiuGDLiJqLyMsdIp?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
6	drive.google.com
10	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 16 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\MuiCache	RdrCEF.exe
Key created	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3419463127-3903270268-2580331543-1000\{46502FA8-C741-47EF-96F7-F857B6A5461D}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\MuiCache	RdrCEF.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe

Suspicious behavior: EnumeratesProcesses 62 IoCs

pid	Process
4424	msedge.exe
4424	msedge.exe
3860	msedge.exe
3860	msedge.exe
4900	identity_helper.exe
4900	identity_helper.exe
1784	msedge.exe
1784	msedge.exe
5724	msedge.exe
5724	msedge.exe
5628	msedge.exe
5628	msedge.exe
5640	msedge.exe
5640	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
6020	AcroRd32.exe
6020	AcroRd32.exe
6020	AcroRd32.exe
6020	AcroRd32.exe
6020	AcroRd32.exe
6020	AcroRd32.exe
6020	AcroRd32.exe
6020	AcroRd32.exe
6020	AcroRd32.exe
6020	AcroRd32.exe
6020	AcroRd32.exe
6020	AcroRd32.exe
6020	AcroRd32.exe
6020	AcroRd32.exe
6020	AcroRd32.exe
6020	AcroRd32.exe
6020	AcroRd32.exe
6020	AcroRd32.exe
6020	AcroRd32.exe
6020	AcroRd32.exe
676	taskmgr.exe
676	taskmgr.exe
676	taskmgr.exe
676	taskmgr.exe
676	taskmgr.exe
676	taskmgr.exe
676	taskmgr.exe
676	taskmgr.exe
676	taskmgr.exe
676	taskmgr.exe
676	taskmgr.exe
676	taskmgr.exe
676	taskmgr.exe
676	taskmgr.exe
676	taskmgr.exe
676	taskmgr.exe
676	taskmgr.exe
676	taskmgr.exe
676	taskmgr.exe
676	taskmgr.exe
676	taskmgr.exe
2780	msedge.exe
2748	msedge.exe
2748	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	676	taskmgr.exe
Token: SeSystemProfilePrivilege	676	taskmgr.exe
Token: SeCreateGlobalPrivilege	676	taskmgr.exe
Token: 33	676	taskmgr.exe
Token: SeIncBasePriorityPrivilege	676	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
6020	AcroRd32.exe
676	taskmgr.exe
676	taskmgr.exe
676	taskmgr.exe
676	taskmgr.exe
676	taskmgr.exe
676	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
676	taskmgr.exe
676	taskmgr.exe
676	taskmgr.exe
676	taskmgr.exe
676	taskmgr.exe
676	taskmgr.exe
676	taskmgr.exe
676	taskmgr.exe
676	taskmgr.exe
676	taskmgr.exe
676	taskmgr.exe
676	taskmgr.exe
676	taskmgr.exe
676	taskmgr.exe
676	taskmgr.exe
676	taskmgr.exe
676	taskmgr.exe
676	taskmgr.exe
676	taskmgr.exe
676	taskmgr.exe
676	taskmgr.exe
676	taskmgr.exe
676	taskmgr.exe
676	taskmgr.exe
676	taskmgr.exe
676	taskmgr.exe
676	taskmgr.exe
676	taskmgr.exe
676	taskmgr.exe
676	taskmgr.exe
676	taskmgr.exe
676	taskmgr.exe
676	taskmgr.exe
676	taskmgr.exe
676	taskmgr.exe
676	taskmgr.exe
676	taskmgr.exe
676	taskmgr.exe
676	taskmgr.exe
676	taskmgr.exe

Suspicious use of SetWindowsHookEx 16 IoCs

pid	Process
6020	AcroRd32.exe
6020	AcroRd32.exe
6020	AcroRd32.exe
6020	AcroRd32.exe
6020	AcroRd32.exe
6020	AcroRd32.exe
6020	AcroRd32.exe
6020	AcroRd32.exe
5636	AcroRd32.exe
5636	AcroRd32.exe
5636	AcroRd32.exe
5636	AcroRd32.exe
5636	AcroRd32.exe
5636	AcroRd32.exe
5636	AcroRd32.exe
5636	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3860 wrote to memory of 3688	3860	msedge.exe	84
PID 3860 wrote to memory of 3688	3860	msedge.exe	84
PID 3860 wrote to memory of 3624	3860	msedge.exe	85
PID 3860 wrote to memory of 3624	3860	msedge.exe	85
PID 3860 wrote to memory of 3624	3860	msedge.exe	85
PID 3860 wrote to memory of 3624	3860	msedge.exe	85
PID 3860 wrote to memory of 3624	3860	msedge.exe	85
PID 3860 wrote to memory of 3624	3860	msedge.exe	85
PID 3860 wrote to memory of 3624	3860	msedge.exe	85
PID 3860 wrote to memory of 3624	3860	msedge.exe	85
PID 3860 wrote to memory of 3624	3860	msedge.exe	85
PID 3860 wrote to memory of 3624	3860	msedge.exe	85
PID 3860 wrote to memory of 3624	3860	msedge.exe	85
PID 3860 wrote to memory of 3624	3860	msedge.exe	85
PID 3860 wrote to memory of 3624	3860	msedge.exe	85
PID 3860 wrote to memory of 3624	3860	msedge.exe	85
PID 3860 wrote to memory of 3624	3860	msedge.exe	85
PID 3860 wrote to memory of 3624	3860	msedge.exe	85
PID 3860 wrote to memory of 3624	3860	msedge.exe	85
PID 3860 wrote to memory of 3624	3860	msedge.exe	85
PID 3860 wrote to memory of 3624	3860	msedge.exe	85
PID 3860 wrote to memory of 3624	3860	msedge.exe	85
PID 3860 wrote to memory of 3624	3860	msedge.exe	85
PID 3860 wrote to memory of 3624	3860	msedge.exe	85
PID 3860 wrote to memory of 3624	3860	msedge.exe	85
PID 3860 wrote to memory of 3624	3860	msedge.exe	85
PID 3860 wrote to memory of 3624	3860	msedge.exe	85
PID 3860 wrote to memory of 3624	3860	msedge.exe	85
PID 3860 wrote to memory of 3624	3860	msedge.exe	85
PID 3860 wrote to memory of 3624	3860	msedge.exe	85
PID 3860 wrote to memory of 3624	3860	msedge.exe	85
PID 3860 wrote to memory of 3624	3860	msedge.exe	85
PID 3860 wrote to memory of 3624	3860	msedge.exe	85
PID 3860 wrote to memory of 3624	3860	msedge.exe	85
PID 3860 wrote to memory of 3624	3860	msedge.exe	85
PID 3860 wrote to memory of 3624	3860	msedge.exe	85
PID 3860 wrote to memory of 3624	3860	msedge.exe	85
PID 3860 wrote to memory of 3624	3860	msedge.exe	85
PID 3860 wrote to memory of 3624	3860	msedge.exe	85
PID 3860 wrote to memory of 3624	3860	msedge.exe	85
PID 3860 wrote to memory of 3624	3860	msedge.exe	85
PID 3860 wrote to memory of 3624	3860	msedge.exe	85
PID 3860 wrote to memory of 4424	3860	msedge.exe	86
PID 3860 wrote to memory of 4424	3860	msedge.exe	86
PID 3860 wrote to memory of 1464	3860	msedge.exe	87
PID 3860 wrote to memory of 1464	3860	msedge.exe	87
PID 3860 wrote to memory of 1464	3860	msedge.exe	87
PID 3860 wrote to memory of 1464	3860	msedge.exe	87
PID 3860 wrote to memory of 1464	3860	msedge.exe	87
PID 3860 wrote to memory of 1464	3860	msedge.exe	87
PID 3860 wrote to memory of 1464	3860	msedge.exe	87
PID 3860 wrote to memory of 1464	3860	msedge.exe	87
PID 3860 wrote to memory of 1464	3860	msedge.exe	87
PID 3860 wrote to memory of 1464	3860	msedge.exe	87
PID 3860 wrote to memory of 1464	3860	msedge.exe	87
PID 3860 wrote to memory of 1464	3860	msedge.exe	87
PID 3860 wrote to memory of 1464	3860	msedge.exe	87
PID 3860 wrote to memory of 1464	3860	msedge.exe	87
PID 3860 wrote to memory of 1464	3860	msedge.exe	87
PID 3860 wrote to memory of 1464	3860	msedge.exe	87
PID 3860 wrote to memory of 1464	3860	msedge.exe	87
PID 3860 wrote to memory of 1464	3860	msedge.exe	87
PID 3860 wrote to memory of 1464	3860	msedge.exe	87
PID 3860 wrote to memory of 1464	3860	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/drive/folders/1A1WcU-ZaJi_GWB8VEiuGDLiJqLyMsdIp?usp=sharing
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff27646f8,0x7ffff2764708,0x7ffff2764718
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,5451515636272585007,5218460839351309147,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,5451515636272585007,5218460839351309147,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,5451515636272585007,5218460839351309147,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
  2⤵
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5451515636272585007,5218460839351309147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5451515636272585007,5218460839351309147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,5451515636272585007,5218460839351309147,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:8
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,5451515636272585007,5218460839351309147,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5451515636272585007,5218460839351309147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5451515636272585007,5218460839351309147,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5451515636272585007,5218460839351309147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5451515636272585007,5218460839351309147,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2140,5451515636272585007,5218460839351309147,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2936 /prefetch:8
  2⤵
  PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5451515636272585007,5218460839351309147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,5451515636272585007,5218460839351309147,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5451515636272585007,5218460839351309147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,5451515636272585007,5218460839351309147,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5864 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5451515636272585007,5218460839351309147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:5804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,5451515636272585007,5218460839351309147,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5896 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,5451515636272585007,5218460839351309147,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6448 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5451515636272585007,5218460839351309147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,5451515636272585007,5218460839351309147,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6512 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5451515636272585007,5218460839351309147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:5140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5451515636272585007,5218460839351309147,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1
  2⤵
  PID:5268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=2140,5451515636272585007,5218460839351309147,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=6020 /prefetch:6
  2⤵
  PID:5224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5451515636272585007,5218460839351309147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:5204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5451515636272585007,5218460839351309147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5451515636272585007,5218460839351309147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5451515636272585007,5218460839351309147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3128 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2140,5451515636272585007,5218460839351309147,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=6376 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2140,5451515636272585007,5218460839351309147,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6684 /prefetch:8
  2⤵
  PID:5572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2140,5451515636272585007,5218460839351309147,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6704 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5451515636272585007,5218460839351309147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6860 /prefetch:1
  2⤵
  PID:1212

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1664

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2836

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5636

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\CV CHARTE Dylan BONNET.docx.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:6020
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  PID:620
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B3BCC077F7A647B934B1A8E3781654C3 --mojo-platform-channel-handle=1768 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2688
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=E0492319813965AD89B461F5019C5DC6 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=E0492319813965AD89B461F5019C5DC6 --renderer-client-id=2 --mojo-platform-channel-handle=1776 --allow-no-sandbox-job /prefetch:1
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1004
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=033C8F8A48395B959E1439861DC69783 --mojo-platform-channel-handle=2332 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5836
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=57665529F2484A2FC3A7973E32C9F3BD --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=57665529F2484A2FC3A7973E32C9F3BD --renderer-client-id=5 --mojo-platform-channel-handle=2432 --allow-no-sandbox-job /prefetch:1
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1048
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=016317A8952D76231A1337AB645767FF --mojo-platform-channel-handle=2444 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5048
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=FC488DD43C20D541E1CD5826059DD508 --mojo-platform-channel-handle=1768 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.adobe.com/go/epdfrhprdr1_12_0_0?DTProd=Reader&DTServLvl=SignedOut
  2⤵
  PID:3048
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffff27646f8,0x7ffff2764708,0x7ffff2764718
    3⤵
    PID:2000

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3904

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:676

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\08f075a15c86473e989f5c2e34a132bc /t 5660 /p 6020
1⤵
PID:5896

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\CV CHARTE Dylan BONNET.docx.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:5636
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  PID:5612
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=133666F281644C2A7FE1E39A12FED326 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=133666F281644C2A7FE1E39A12FED326 --renderer-client-id=2 --mojo-platform-channel-handle=1688 --allow-no-sandbox-job /prefetch:1
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3076
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8D26C5F068254890979DE0C59B8B82CA --mojo-platform-channel-handle=1864 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6108
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=FD7111884F49CD14612DB82EE0172C5E --mojo-platform-channel-handle=2440 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2348
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8C03E5ABCC6F8CCA5495845CAD42E3D3 --mojo-platform-channel-handle=2000 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:684
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=3A0192B6A8469473EFB9AE715CF21C1B --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=3A0192B6A8469473EFB9AE715CF21C1B --renderer-client-id=6 --mojo-platform-channel-handle=1856 --allow-no-sandbox-job /prefetch:1
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5480
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=1BE93AD51294E7FE25C4C7F845B4B0FE --mojo-platform-channel-handle=1864 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.adobe.com/go/epdfrhprdr1_12_0_0?DTProd=Reader&DTServLvl=SignedOut
  2⤵
  PID:5524
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff27646f8,0x7ffff2764708,0x7ffff2764718
    3⤵
    PID:1144

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\20336a6bb8c949d7a1ff23b751ad75b3 /t 1604 /p 5636
1⤵
PID:2264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0

Filesize
44KB

MD5
1d253417f386a9d92e7068dbfb7f52ca

SHA1
6dbb029693fa08d17229e33ff6f82748dbf6e64a

SHA256
cc4ecaccea613a03885e04bd52087774a39081674f81970cac4b12cc2edd9206

SHA512
78588d48a3ae56528108c26736548f6645f53f8d3dc0f2c9a730026dce86753d55756853fe797d9a3f87ac76eca691276bc30aa8690844904e5c6e555fd888b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1

Filesize
264KB

MD5
7a93e44f5df737940112f7c44d5a4ed7

SHA1
15ebd62564ea4381afe586005c7d0b2912f36182

SHA256
f888cba4115a1263edac5d3e1da5c3b3d8e44ddc0bf28324a0bb2a12ca659a48

SHA512
da30f7d276d2f9711fc5c29fcbae52fa29c25fa8a770f3c15afe1b475de844e3d50ee42aec297331a4eeaf5c9b35457cc6cffacb390a454136a1fd656fef1359

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3

Filesize
4.0MB

MD5
6d6cdee75e1f53e954695da7a5b6fb45

SHA1
d1c77f7ccc8a5173733063e3243677879d773407

SHA256
1a7b84a3b9d3d330a6caca4cf7652dd77ff2bfa62f44488a7bed70ed0f2f14fd

SHA512
76db78bffe55477b7c7c307e8097805b7afe812aee9a53978b57f2560e90e4165c5659ee0ff072b129b6aa97ea68a78fdedcf2546e3c15f99a5941cc5a63f456

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Filesize
292B

MD5
1c2183437418c6039c503801e628b812

SHA1
be76d78f2a0fab006ec3389d47735e7748a477ac

SHA256
424afe9da1cd0db608605e842ee8072b079d05a44f0d6488e6c17d033214c102

SHA512
016388d0189d9b4b2d11bef8526a792798dbc8318256e3030b99f496ababf3397616c7c0985a3a9b3d3662d1513c0c06b2946c220c969d7b94e9607797de9e52

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links

Filesize
128KB

MD5
22b695f16fb360124507598ed2459024

SHA1
6f7250e8be6aafa807a35f22c11bf5102b98fe92

SHA256
7e5a2848c8698c868da86ca288cf08526c327a330cc200db5779be4b2e5cae1d

SHA512
dc6eb4061f51ab55a3c5515352883c2e2a750a971c6e6fcedf6a83687d0b9c5b50b5134e0f2e49460a92808420a2d83d15f41099f090865bd21dc43e621661f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
a82da2d4bb6fdd0cd06b1484e4df68de

SHA1
be8e9fccfec677b9b716625037699453335d3502

SHA256
e85d2b7428dd87e96080df5069bc8c68f2a164d494a9430f3503eecdd89de454

SHA512
3ebf8f0b79665f94a5775b071bdce1ad1794f89e7abee97f12695c40a9ab1370c0f9226c8bb682d64ca27479e8bba361d10cf76502049d9ab295f4981d56ba73

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_FB287BEB63DB9E8D59A799779773B97C

Filesize
471B

MD5
826a3197b782acfdce4dd66e9528ee91

SHA1
a4504e49a55039bbf1b36b6571c196854d4da91c

SHA256
83a7842dbac3cb6695fa7550f66100924e3ea6e3d5ec688a913dc4eff6bc5369

SHA512
c9f1d9d67b74053c2967dfaed9d6fd53c30375f156f3a51a6094323bb0d56dc04188836dadea314714fcde91e25ae3b46eb698c6e2d51dde32a82e03bd0fd778

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
76a9f05dd1d690f90017ba8601041c83

SHA1
e73ad2c2c50eb1798422d0f25edfc24bd99282d8

SHA256
f84a60e9e77aece42486500cbe5bce6c1bb927be592555e0f9d394fd4374da74

SHA512
527e21f784eed05f1a4556ba3449267b11541e855b7941f89beb0179ad97d0d87f986b6782ece03c28501772bce1948c60ecdb2218197d1968e59ed9a61bd6c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_FB287BEB63DB9E8D59A799779773B97C

Filesize
420B

MD5
7ec1eeedde3f6fab93f8ed9895d80d64

SHA1
261be19274a9d1b3313d1e6a826d40fb66ffcb0b

SHA256
13782251a36e3dc10f05882621c21e306f7860b0a64a1fc530bc613c27609db4

SHA512
13362e9dca7fed1e5a6827e8b5ed530bbf9cf7b8e0df0bef9ec4c09f15b994e7c126de72aae67ff7517140528cf29bba80487696be84568d5e1b02e04192c389

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
400B

MD5
3bb6f4122b952ebedc3ca349caea0b1c

SHA1
dcb48d07c34ed9699f0b579a0551a7054668c3ea

SHA256
37e6871b7520785958bef1ddc31567cd093498bd520c3d96387e74db90f8c142

SHA512
f93b568eadf4cde65780fc4f839b200930b5e8579d18eb6e79434c2c2af5e3bbc014c1bf289396516666569f6e868d4a416f13f2380f51818ddad0990407762e

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Filesize
12KB

MD5
d0e103d6c7ab0475c51b9f8cfaa2899b

SHA1
d0eef08a29a14ea0e652ccb8d11c123086ed9634

SHA256
3d17e10c2225a8a3672bd352b4f47e8b22539020eac740e496259a9aa053dcf4

SHA512
a22e3616566090f1d64e511b0a7cc2c6e05dc9eb52b97ca133ef63c9ed637e215067f360e8e7d53420a0af1a98ebfd76d6fd461a657e6d99350e22a108a1ae4b

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\UserCache.bin

Filesize
39KB

MD5
df9ce1d061a1dfda9aaa0a8d4cb31918

SHA1
4ea923ee3386ede90c8275ba72baac2585f5be2a

SHA256
1a742727e51488f31552bebe039e3e67fdc0f563262bd357ef89bae3f2a708cb

SHA512
50bfc666fe5ae0d8c8241440890183577167b86b7d1233defa0c5b80f03b88b24f5d598e8c26cef28f95b5e66160d17db8e2c94f6a4bc4bbbebb19a4c1d367f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1f9d180c0bcf71b48e7bc8302f85c28f

SHA1
ade94a8e51c446383dc0a45edf5aad5fa20edf3c

SHA256
a17d56c41d524453a78e3f06e0d0b0081e79d090a4b75d0b693ddbc39f6f7fdc

SHA512
282863df0e51288049587886ed37ad1cf5b6bfeed86454ea3b9f2bb7f0a1c591f3540c62712ebfcd6f1095e1977446dd5b13b904bb52b6d5c910a1efc208c785

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
60ead4145eb78b972baf6c6270ae6d72

SHA1
e71f4507bea5b518d9ee9fb2d523c5a11adea842

SHA256
b9e99e7387a915275e8fe4ac0b0c0cd330b4632814d5c9c446beb2755f1309a7

SHA512
8cdbafd2783048f5f54f22e13f6ef890936d5b986b0bb3fa86d2420a5bfecf7bedc56f46e6d5f126eae79f492315843c134c441084b912296e269f384a73ccde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
28KB

MD5
bfb4ad144233248db8f0b493c9f53943

SHA1
75f204ac49008ca945d35db03568db5ffa2ee27d

SHA256
57819395af403b8697d446c0ef64388fd0f4b33af5647bf8a79d0616cd903393

SHA512
0f5f4ffdc046a81da203998f22ce0f156036b3c14646faa1b1c30d6bd0cf5138b70b3d5ac60b2b6eed36d2beadc108b78119f757bea84705ac71a8f1b3d4dd6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
4fd359d30c2fc1e2520fccec058c4811

SHA1
a91724dfb039fc17310085c4af86984c1b1aa58b

SHA256
1de2dc6796212ee7d9e52d53b9eaef5ac45b2e80cd05f8336858a5b7fd6eadb7

SHA512
3dc41e8082a73c8757536b77bf417b2a49ee20bc34db5606595e8bc16356a817b0bff25ec393e3c8d704b69eb6903909f2b06ff76f26f60459e7c1ced062a043

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ccaf0a7fa98c09bfa0b1190d73bae398

SHA1
1d69d279d2d766cd6cb8921043d64b19815b53e2

SHA256
bdc91c903a3d82501198355845a87b4d91507332b6236f763cc9c0e77158793e

SHA512
3f2c170d01600fb24ac496c574189f7297a76f54fa90ea68095178ba30b3101af0de93072c0847e41ac8fbdd5668c0689c7c4081114e11ee81dce380a31bfd92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
dd2f2d0615616dcf04b9c145b1a39e0e

SHA1
b8caf04d5479fa913c041ff10b1b127c1b763025

SHA256
6ac3c6b160336fbac45b49a4c36706ec884422ce722600f3cb4c79481ebe74b9

SHA512
468e6c17350ab1b945c7d5b18ea1b9cde57caeabe9cadca3ea58387bd55dfb0ef0f5d268a6a7e5efbd94f6d084e4cf9d17678b1b0a7f14433942c0611584b8f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
85b5486cf727b1c93425b0deeddccc49

SHA1
ceb94e3b46f0043bf43118866bbf8c67dfe9f0d7

SHA256
5a0dae4c025a47c0ea75e2bb4cfa536dfe5c48975b461541cd873cf1173e5363

SHA512
18ca94790523a1866dd0c561621ce70e517bc765674b242eb038bb65545b41399c790beb078da70154fe26e3f58deb4effd90e59fd39efeb4fb9a2854f2762ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c06f448fff8d75c23b1cb232eaa3e232

SHA1
83f852dcce4835687ddb7323ff60765904fa3296

SHA256
bf7524c1df3878f1c70f6a8906756c8d8f4f1ca44a3f02f93d903bd626f969de

SHA512
710819cc3604ba6234cfe2e8a455eeb9625a1eedd731957689110773f856102a8ec1d1f3ac5aa907402c1f7be31b71b207b867172e9f7a12fafebbe7ce5aa4d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
08e6565ddd873b7be95ffe05f32a8c29

SHA1
ce8af66c7feb5aff02d3672b7f4b80da38bbf8b9

SHA256
9a018c7221f2b70eeaf8adc1880975bc74ba46ac7f890b5887f979abf11204d6

SHA512
28cca72d2248c9ad4f6947951d6634e595a1da8df83b55cb02c1c2289a68adb7b639019b75d94ca8d5d389ee831c0f0edb805b3a5e1f161d8f3fc4af7b7cadd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
411901973a1268b76dc71cf21288d300

SHA1
8b49eb69801eca8e8d993730178ef624b428e0d0

SHA256
51c4f6669c87daccf6aa3cae18f2e75bebe3acdd040209e20677639c2033937f

SHA512
611f0473b0945d0356db484a83e0cc159afdfc8422d1bbcc20cf19520ad5c14f9709df0eabc47d1bd692ae7c0ec22f26e1fb5277804038feaf82da3febdaba82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
5a8aa394739d14f2c17587737c629700

SHA1
0458f656d1dfd0e718a26ea3954c42b677b129c6

SHA256
cff30066d5011eff1c2ecbe914cf97296beb0f6844841fbd216e8ebabca07048

SHA512
63c7e722bf86180248886da74c6939e03f13c32420649c881de4197eb079b02080c83afd3cf110d2ebe614ab75e5286eb7d0458b3bd0adf384e62ce3d9c32b22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
d934f6265523b8b6efa9cced83e474b1

SHA1
b29ca2aed12ccc676149aeccebc8ee68294394cd

SHA256
e74aaa6b24322092bff3560c323e3fa91f4fd4891fc31548af3c300dfcac5364

SHA512
a8c822529a97c704c2fff87b23d66bc3b738e61fe67a1f8aa15fd0d3a4fd12241ee4f36c92bfd3089445bc4a4d3c51739c0cdf8df6abb11be8aa096e531d6f9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4c55aaa12860e7063121f603b27e6837

SHA1
1096c61a7f887b2b45ca23e86fd0c7443cae9023

SHA256
0063860f3bebbb08e019027f7635399bfff749aff911ff69df13377378abea5a

SHA512
b8247a9ec36a1bc9e55a7cca7b2b306344de5101d23fd3dd8c628b21c817dd060e4b1bd0773bfe4c948db1af5b41b15814820b8fe3283ad5e003e6d1c399d71e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0a877c5f828ae44468810c7bdd577878

SHA1
d96dcd0ec0303cb7104fb2c4cf87bba94b3c8a7f

SHA256
9f2f0559fcb5f28c5958a79417a602d761990dcfe0acb43dd2848467a6eb02c6

SHA512
0ae9c3bac46fe17eb714d5de8968184870bbcb9f44e71e7ef2c0c85c6858cf4ed9a5f2f08f983bbba21a6228517129d313aae9a7697f1096b923753b957b28ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
51dd141d8fad39f10527485d0c87322f

SHA1
7f6b94967e6d595fb4e262cfbc74ce457718d6cd

SHA256
14f4c58161a2ee1f6106d833410fafe023d215f9eb1607c833d73663adc903bc

SHA512
f281b1fd447840fa6489580ead49dd23642f61dd5dde46a5b5211c6a63a352a529c959b211a5997579a54c1e0b1e29f43f500722f5984c5e2a822b83439dcd32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cc02217dda1954b662012737e99e1bc6

SHA1
41664fb9a220acfe689844b42382f63e236effec

SHA256
3371222fcb67da9b2a75cbf58781ada9da8ab6e93b0a9f7d8aca0300ac10150d

SHA512
a5ba97a4ac47373025788c68502e49daabb739aef51f7aac1b7481ca82932226c6032db849f86e20204bab6c11059ed7eb68eb7a00f091945c245e2f520af45d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e38e2de7d5bc72cf5427f466e5b8ce94

SHA1
9ad24fc7b90c1e73908a97be2bd7d41e34148b5d

SHA256
fdea1eac10b23abfaa29ffc91a9c630b9f7c3aa595b7fa247cc78353c7400806

SHA512
408635bb09f75cf13af0d75c7d23581f9e1d5dc5783520d4c8f1fd4e333c7b20c27055ae6f5791a841497d33a7565a18aa82e93ba844acd662677002a6fdfa96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0188dac0728334b7edc1efdd10f96cad

SHA1
ec577075841373b82e9c3f08fd5a59fb5557feca

SHA256
e5c4537efe3337ce3199f6033c7d8e6aef5d1e0281b7e7dc8696490271616d2b

SHA512
19ee1f2b9d229c480ab15fbf0e5da54d03de226fb5e68b11b3e54598e9efbd5311824d3b6844548e7a75e56dd47562e262ab7b93ff2844c9b810bd7c79034883

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
292bd1fb385be1df5c4c29abb12876ce

SHA1
c076a27758c8737621171d40a9d04f2b4dc59dd0

SHA256
00620cfe3037f3bea6ce54d0d39f92448973f94bc05efe03c44c801722611e57

SHA512
774166c4a9cef53878243e2d85e46a3f1a1fe6e580e9262bbd93062ac3e9780a914dedac0b181d80dc5812df6c18c04a3fd6fa48ed3acf290363ee8ec372b018

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\f60a8ce66a668ec875d85e530780c5a3f687f45b\index.txt

Filesize
95B

MD5
901968e71fd2331fb8e41a046f56bcfc

SHA1
e8081c7ee87ca4a994cc256f9f0fd1ce9c6731a1

SHA256
b688c6514eebb0b4f9f1307b95cfa0ee2274d68274ea37024b5994869c69d2fe

SHA512
1d004d99e36822db9430d38f36da6715ae4bd94d95bf4f3c58f20fa71980f294a375ad07be9839bf927d6b00e2952274cf01c96d6badde2bd2e69fd7c5fa29b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\f60a8ce66a668ec875d85e530780c5a3f687f45b\index.txt

Filesize
161B

MD5
6fc6b8cd4e2f5bd90ee2517ff0c8e4c8

SHA1
adcf6fb2aca16db034b86067f23d76662ec8192c

SHA256
93ab134365941c14f4d4f38c7979e07f75382a36c73cdde985daf7dc911f5fad

SHA512
752b78f1b51b7558953443fca36f0f830d125b0cce392f2bfa42e5eda353f3040586eade96eae61514b5dc6388fe326bb90d086939a245c9c34a07964e1ab7ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\f60a8ce66a668ec875d85e530780c5a3f687f45b\index.txt

Filesize
154B

MD5
70ce9a5a1fddd4b1094d87a6057f1d44

SHA1
6b85138bd514a8d886116c2536b970eb6a2c72c7

SHA256
ce9f003fec48745d970f8de0a136983afb75df3f4fc3017af59784ac6f741a25

SHA512
922705c2da6210d792966cbb53829c32ca706c017f7af67b4945d280d1396f3fafe00ec0b4c588e9e052cac51333d3ae9e2b6448571fa73e0ffc287a7087971b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
14a8dfbe1c6881c7be894812414d4574

SHA1
e0a3f44153f070390b70597673ed3178cc54583f

SHA256
eca9fce4308b851e1630e8f9f2fd6af6eb16ae8c5b029161285c5b83819283a4

SHA512
93a9b570d5e9f2ea3711047cce42a2872c1527e72e0471f050e43f99b20503c02049690167650f72d828f81f9944f8f30d47c722aac9aa709a4fa09d03ace206

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bcbf91e638abcee23d1d7e28176b9aee

SHA1
ffc95ba69c799126f2e1acd9d9e187d032129220

SHA256
f1342469575de83fc025487f35bc5964bc472b5bc989abf767ac60cb561b7b5e

SHA512
aef186d2be364b06669f9f40ab08a8f4be92f417ad2f16e17d5b5bb5c19f3ebbcb45c08e980827f044b4f92641f172eaa634534f74846bdf702bf94fbabb2a21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
5d6011758889fc7407a3677be1ca4a48

SHA1
669fa5ad48dfdbb16f1d9dbbb665706f4557959c

SHA256
4adeba93a53197161250dadfb06c380e1dabae6bb1cecb39bcae1334e2b06c86

SHA512
4496fc7407b87a0cf874b67a052f25d636e441cc3027b19de30f09444ce673fb5dcce5578f0c64d7fdf5c10b989cb0d22e864c9a4e5b8ef5e006355bcda407a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
d1d95da02cf5e3c7fdc468ba153ea322

SHA1
e81c13d2df9a491e0f50d25f6cee3dd7103f19a7

SHA256
0e28242bb578a88cd12f8ba3047c84998d085ad104e7e959a2dfe28ab3e31616

SHA512
9e4a27f3e8d012281c6ba8a6cf37c7999a2c385f451b95465067c7b52d65898ceb7c06db2d057a87513ab1d2021e985bd9d66c4086e3e9a291aa07a813d1c34f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
f0fb4438034dfb1d08cdc8d28bcaccca

SHA1
f2b046edc8190c3d90e7e23a16b71c06b6479550

SHA256
09f9b19593be0fd7b984032f8dae770c39934152adc1882e6d5d486b072ce161

SHA512
a7aa911d13cbf22c247cc29b57b1c1cb4928a0498ce7597b721c18cf55a7537f4b80e5ee6ec480629771d4148e3462f8b21a57818c00e06e644ce92a5dcd5beb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e6202002dbb5ceaddc5fe3df213fdf3e

SHA1
b457b2eca62fbda4e9ba16e15612f452434a1966

SHA256
7947d7cd3bcab9ee3cb749ce55452e581d4fc6e2df38977fd61716c083d5e8ef

SHA512
ef3cd8c2291a51d5510697ac31fb15446c27db313505517dc1e58cc82bebab91fae08a08759d3f409344a0f51edcda4522846b7380ae219688f0fd9604f3066d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
3c80593940e7c810bac2df5dbd2d74b8

SHA1
4254b9054c39e1617acb4eab02c4454e869a73c2

SHA256
d754bb7bce99ac7d57112cc6c0cbb7a902c6c5ce01508fd85c1cbd111ede879b

SHA512
53d0fd97e876bc4c024e2a33a67bbe0d488e02379f08e7bb4d59c9570ca20b0356f3798b4e90b3c18d6a0ac0ad5159ec4432b519b6b39489adba0d93af8757a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
7c625960e7b4d4e01a223a531e24a876

SHA1
b6b26f8c566f73407d52a8e496fae6aac827a7bf

SHA256
c8a4391083ab47540f9a47b2fd76df408befd913955655dfdb5805da9e3d7b8c

SHA512
b7404f5d5403106f01e0d4061779f7ee0cbfe2489e24842addca41afe00863559dcf48a4f3d013644bb5af57f8f199f8311a4d038a7a1ef768bc891a687db3c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5f3e574386a9437e198a6ba089016d58

SHA1
c6fef07a849f975c7895dd53b7a0097d2bbf7f5b

SHA256
ef8536ef57e27e22a5ec7eb492ddaa9ac61e56f63f48da3e1d7cdff3d1aa2f35

SHA512
62137fd5583ac53b20a3fbd4be4b3845f87370a85b38d1247305b80dba654c87732dfaf5dffc93f940223d20cd732d86f9a4479fe8af9c3fde34b56e18b2ef34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3179806ec980474b9d6e71d7a68a14c0

SHA1
ef46c1094028e5ad855363d691817ff60292025b

SHA256
0db1c44177675f3e137367924c3abef6866df002a61c16158f8a4b65fe907fec

SHA512
60e200cae048e2ecefde6999f5210cf57635d8eb5ea4148d1168fc43a28ed8762561fb663a25c606a3c944de4778604dc0c88704471660acadb03b8733152428

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
4cd3658a7a13f261a2dece7cacb7c6b8

SHA1
3fd91900d1e00cad274df48c3bc242fb7031e0d0

SHA256
8f711fc6dbe4d2b366378324558a506fd30c167aebd908d24d36c57ef51baf72

SHA512
af2fc99f801d447459508d3baca29374683f0fe0bf7b6ea0b69269ae2c69a798148df03176830cbf60b958cdc12a305fec959c4f914e54c65e29a229fa30f69d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4a8405aa15fa44bb04e2f93d58785492

SHA1
0e2e01eab6bc7e73c72b3962561296b0316dd1ec

SHA256
aa952b3d9cb76d67c6c117ad8d6696410bd1024211e5a7f769d059b4514f0a95

SHA512
53fe906f1b8181aa159d51901a48ac134008746b58bd73c1d35bf6deb73f378a58056a5995efccfe5f85a6d3870121a69656971416903ff0b6c8c0ceb4f7d388

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5808a6.TMP

Filesize
1KB

MD5
3b6ad9aac27f6d7226e75a355945becb

SHA1
3cac50ccb83de86686732a001dbc21fc9063c10e

SHA256
28131312e6fa0d18011c12d1518ee4e8f23d918d4dd12e4cbfb6daec6fed4fe6

SHA512
d9d190f8880f47ead645df9272c10ca5a58408917e044f2dd636fabde4f022a9d76c726b2e3c13427d0166604152942339a6a6dad76464253308f91e25172c61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e86a71abeffeeb9918b819d2c69cc4c6

SHA1
e4499ec768582caf8443383218bc08343153899a

SHA256
45867ec77eb527c8fe29e1dd0848fa0ddd79ee05b22451ba14ff53a8149b4510

SHA512
79fac5a59c57b5c3ab576fada8f55e5f9a34d83271ba823c6bf0700125c68093a1015ed50735df8a3d2c21c051d79a5c2fd68ded637c4d6adc2c151c39a3e12a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
ccf723c80fd8a87366ad005a1868d1aa

SHA1
6b480931ee835b64e4506558cd1f9cbe915d00a1

SHA256
5cd3c3504c86450a6a6cc2a637fbd79344898265dd74f68d8dae1bd08d09f23f

SHA512
751e09ef88c9d932e49ddfe56cebdd0ffea234452fcc1391ec3225856e5a28fe89f59cf4fc405d9146a86200ef2bf5f15905597bc2ba7c1ffd2753d78f592ed6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
1c5ccbdc3d36270216a3665c57b718a2

SHA1
524d954447311e3e352d9d01a63c81904b55542f

SHA256
ddb5a5a811dc339994e8e8168ebcc5fadaf2147a465eeaa6dba70a7ebb17e897

SHA512
3147918e9ba7d678ffb5d91a53d459b19890f220c0176da49107e246b277633a006df6d6d185511f6afce572478ab090e36b26ecf204b469fccb9dad491cf598

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
d2492dfb06ecf4610694d6a76c4efcf6

SHA1
4b6d172d7f3d52ca0eb685a9a6475176b5b5aeae

SHA256
5b9b200a4daeb3746a9be501006f1b458b53bfdbf92d675f698fa77dcee0cfed

SHA512
00b0d29054e2f80164aeaccd874dd6914cb092551ac247dfeda2d0fb04303f7a20235aad3ad0ffe562bf47b87f315c9eea387956919f832caafb81a538a82261

Download Submit
C:\Users\Admin\AppData\Local\Temp\A9R1gf68zv_tynj1m_4n8.tmp

Filesize
9KB

MD5
d80a3d394ccc6789a8af4bb65f90e397

SHA1
b248a6f97e672a3d06750406e677e446426ef05d

SHA256
a9544cd3f648861cc1fa2f2526059f580ba07147c8bee8f5846b49a96f497969

SHA512
1820148a0ae668a3161f163a4219c01efea255df8fee2a64898dcf2dbf85b868bcd8bbd76cc1afc5711b0c56c616a8c22b967d53af651bc3a3d043c915846221

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
ae5f445ba26fa62038d0fad330b56623

SHA1
f4612e5bdbbb6be63d07513374e6f45de6dd1549

SHA256
d55715fba94b124e905f62340e1d544d6bbffe4ad4eed7eea5ddb3333e70a2d9

SHA512
b1b49c4f09486f51982ea3290a794772eda9e5bd672264d5376818ffc3493deb73605238afa77a8409f246db9e85e4522b6c4916256d00d8c70a275a5a3d2c88

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
b95d0c5dd632d42b09cb9330591102ba

SHA1
a65b5200f9a2e95c51d0b80ead62f3be3fa387d9

SHA256
bde9ba2d02322dcbc943a6ef72d8c96f6d042c6d31bd22ad309b67fc84c16c1d

SHA512
6dd12af7666ef4b1d8d66fa130134c357f7ad59bf1f73bb943da343abd92a74273ae570386c0f97b7de39bb5f892a564255316dea7eaebd70895effcb32b0bba

Download Submit
C:\Users\Admin\Downloads\CV - DEVILLIERS Morgane.pdf

Filesize
177KB

MD5
a0fd1ea537d341e817725f4fe63888a2

SHA1
c945f0811245e65b9097e46ef3686030d2d7552f

SHA256
c07c5e11ce688e0f14834502c849fa8843aead102148bcae71ede2915061ca16

SHA512
f49ada64bbff50ac751868cdeda55032d121e711a374804a7b424e34f2f8fe19d5b3f7e34c23bf8d5f9ee8eb2fc2fb6b52f88d6352683d75c1184bb9ecd3d328

Download Submit
C:\Users\Admin\Downloads\CV CHARTE Dylan BONNET.docx.pdf

Filesize
86KB

MD5
eed40eff2564a1361e23d8d03c2f87e5

SHA1
1e06a0b0c7ad590c0aef23a31426ecff939cb0c8

SHA256
d1733bc61cb92ef5613e90579aaae76f5302221e06b3f905565cddc769f2a04b

SHA512
1a0c1b5cf80d712ca1d571098f543d7ec804dac77cd5bcbbc85b13fdd0a738c7167065dbf62a5737f230a0efd2584eb5a615b374db9c4393a383757cf8ec38de

Download Submit
C:\Users\Admin\Downloads\CV MARTINS.pdf

Filesize
151KB

MD5
9ac5e9fa75f4b37b8cfcb796b7ae8e95

SHA1
25d2d064345adc9935564592ffa9dca5d9a90cb3

SHA256
86d8ee3fef5d840309c6edf115e7569193fd459bbf353acfab14d466a0951280

SHA512
788105974751f548d52ec70a67176ce435d216746310ef511303d2baf603da66dd9ea82a23551fbe423637d9daea6d2acb0ad7ef60d84801f8d741e4c21bf529

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 362325.crdownload

Filesize
194KB

MD5
4b10474b2b1bc227295272a53e941710

SHA1
1c62768e12a186040aadf05942770cae9773f7c8

SHA256
06dc11cb731173f68fa7325d74da0ee33bc8f21ef8c4f3cd33ad16f73e0b50e9

SHA512
61c9d3fc885da2733065eb1fd8363ba9a104258583bcecddfa2418c9a0b739b861cb2f4878145c07a3cd78900ab5039dbeb7d531186f015d09313c22d980caae

Download Submit
memory/676-791-0x0000025FAF470000-0x0000025FAF471000-memory.dmp

Filesize
4KB

Download
memory/676-788-0x0000025FAF470000-0x0000025FAF471000-memory.dmp

Filesize
4KB

Download
memory/676-789-0x0000025FAF470000-0x0000025FAF471000-memory.dmp

Filesize
4KB

Download
memory/676-790-0x0000025FAF470000-0x0000025FAF471000-memory.dmp

Filesize
4KB

Download
memory/676-787-0x0000025FAF470000-0x0000025FAF471000-memory.dmp

Filesize
4KB

Download
memory/676-792-0x0000025FAF470000-0x0000025FAF471000-memory.dmp

Filesize
4KB

Download
memory/676-782-0x0000025FAF470000-0x0000025FAF471000-memory.dmp

Filesize
4KB

Download
memory/676-781-0x0000025FAF470000-0x0000025FAF471000-memory.dmp

Filesize
4KB

Download
memory/676-786-0x0000025FAF470000-0x0000025FAF471000-memory.dmp

Filesize
4KB

Download
memory/676-780-0x0000025FAF470000-0x0000025FAF471000-memory.dmp

Filesize
4KB

Download
memory/6020-612-0x000000000B700000-0x000000000B84D000-memory.dmp

Filesize
1.3MB

Download