hxxps://www[.]dropbox[.]com/scl/fi/ds2blu4u4gz0o9cyuhxo0/Studio-Legale-Associato-Dalla-Fior-Lorenzi_IOR24_00059_25318_S_I_C_PO_-_credit_note02_20[.]pdf?rlkey=ffe19351mb1fp00edklguvx6t&dl=0

Analysis

max time kernel
122s
max time network
127s
platform
windows11-21h2_x64
resource
win11-20240214-en
resource tags

arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
submitted
20/02/2024, 11:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.dropbox.com/scl/fi/ds2blu4u4gz0o9cyuhxo0/Studio-Legale-Associato-Dalla-Fior-Lorenzi_IOR24_00059_25318_S_I_C_PO_-_credit_note02_20.pdf?rlkey=ffe19351mb1fp00edklguvx6t&dl=0

Score

4^/10

link pdf

Malware Config

Signatures

HTTP links in PDF interactive object 1 IoCs

Detects HTTP links in interactive objects within PDF files.

pdf link

resource	yara_rule
behavioral1/files/0x000600000002a8ff-484.dat	pdf_with_link_action

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2924404578-3852090450-4074565938-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2924404578-3852090450-4074565938-1000\{CCD35BF6-4AEF-4ACA-A210-D714095E23D2}	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Studio Legale Associato Dalla Fior - Lorenzi_IOR24_00059_25318_S_I_C_PO_&_credit_note02_20.pdf:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 40 IoCs

pid	Process
2876	msedge.exe
2876	msedge.exe
3432	msedge.exe
3432	msedge.exe
4180	msedge.exe
4180	msedge.exe
1812	identity_helper.exe
1812	identity_helper.exe
3232	msedge.exe
3232	msedge.exe
3800	msedge.exe
3800	msedge.exe
1540	msedge.exe
1540	msedge.exe
2100	msedge.exe
2100	msedge.exe
1064	AcroRd32.exe
1064	AcroRd32.exe
1064	AcroRd32.exe
1064	AcroRd32.exe
1064	AcroRd32.exe
1064	AcroRd32.exe
1064	AcroRd32.exe
1064	AcroRd32.exe
1064	AcroRd32.exe
1064	AcroRd32.exe
1064	AcroRd32.exe
1064	AcroRd32.exe
1064	AcroRd32.exe
1064	AcroRd32.exe
1064	AcroRd32.exe
1064	AcroRd32.exe
1064	AcroRd32.exe
1064	AcroRd32.exe
1064	AcroRd32.exe
1064	AcroRd32.exe
1176	identity_helper.exe
1176	identity_helper.exe
2220	msedge.exe
2220	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs

pid	Process
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe

Suspicious use of FindShellTrayWindow 61 IoCs

pid	Process
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
1064	AcroRd32.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
1064	AcroRd32.exe
1064	AcroRd32.exe
1064	AcroRd32.exe
1064	AcroRd32.exe
1064	AcroRd32.exe
1064	AcroRd32.exe
1064	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3432 wrote to memory of 1436	3432	msedge.exe	77
PID 3432 wrote to memory of 1436	3432	msedge.exe	77
PID 3432 wrote to memory of 2948	3432	msedge.exe	78
PID 3432 wrote to memory of 2948	3432	msedge.exe	78
PID 3432 wrote to memory of 2948	3432	msedge.exe	78
PID 3432 wrote to memory of 2948	3432	msedge.exe	78
PID 3432 wrote to memory of 2948	3432	msedge.exe	78
PID 3432 wrote to memory of 2948	3432	msedge.exe	78
PID 3432 wrote to memory of 2948	3432	msedge.exe	78
PID 3432 wrote to memory of 2948	3432	msedge.exe	78
PID 3432 wrote to memory of 2948	3432	msedge.exe	78
PID 3432 wrote to memory of 2948	3432	msedge.exe	78
PID 3432 wrote to memory of 2948	3432	msedge.exe	78
PID 3432 wrote to memory of 2948	3432	msedge.exe	78
PID 3432 wrote to memory of 2948	3432	msedge.exe	78
PID 3432 wrote to memory of 2948	3432	msedge.exe	78
PID 3432 wrote to memory of 2948	3432	msedge.exe	78
PID 3432 wrote to memory of 2948	3432	msedge.exe	78
PID 3432 wrote to memory of 2948	3432	msedge.exe	78
PID 3432 wrote to memory of 2948	3432	msedge.exe	78
PID 3432 wrote to memory of 2948	3432	msedge.exe	78
PID 3432 wrote to memory of 2948	3432	msedge.exe	78
PID 3432 wrote to memory of 2948	3432	msedge.exe	78
PID 3432 wrote to memory of 2948	3432	msedge.exe	78
PID 3432 wrote to memory of 2948	3432	msedge.exe	78
PID 3432 wrote to memory of 2948	3432	msedge.exe	78
PID 3432 wrote to memory of 2948	3432	msedge.exe	78
PID 3432 wrote to memory of 2948	3432	msedge.exe	78
PID 3432 wrote to memory of 2948	3432	msedge.exe	78
PID 3432 wrote to memory of 2948	3432	msedge.exe	78
PID 3432 wrote to memory of 2948	3432	msedge.exe	78
PID 3432 wrote to memory of 2948	3432	msedge.exe	78
PID 3432 wrote to memory of 2948	3432	msedge.exe	78
PID 3432 wrote to memory of 2948	3432	msedge.exe	78
PID 3432 wrote to memory of 2948	3432	msedge.exe	78
PID 3432 wrote to memory of 2948	3432	msedge.exe	78
PID 3432 wrote to memory of 2948	3432	msedge.exe	78
PID 3432 wrote to memory of 2948	3432	msedge.exe	78
PID 3432 wrote to memory of 2948	3432	msedge.exe	78
PID 3432 wrote to memory of 2948	3432	msedge.exe	78
PID 3432 wrote to memory of 2948	3432	msedge.exe	78
PID 3432 wrote to memory of 2948	3432	msedge.exe	78
PID 3432 wrote to memory of 2876	3432	msedge.exe	79
PID 3432 wrote to memory of 2876	3432	msedge.exe	79
PID 3432 wrote to memory of 1392	3432	msedge.exe	80
PID 3432 wrote to memory of 1392	3432	msedge.exe	80
PID 3432 wrote to memory of 1392	3432	msedge.exe	80
PID 3432 wrote to memory of 1392	3432	msedge.exe	80
PID 3432 wrote to memory of 1392	3432	msedge.exe	80
PID 3432 wrote to memory of 1392	3432	msedge.exe	80
PID 3432 wrote to memory of 1392	3432	msedge.exe	80
PID 3432 wrote to memory of 1392	3432	msedge.exe	80
PID 3432 wrote to memory of 1392	3432	msedge.exe	80
PID 3432 wrote to memory of 1392	3432	msedge.exe	80
PID 3432 wrote to memory of 1392	3432	msedge.exe	80
PID 3432 wrote to memory of 1392	3432	msedge.exe	80
PID 3432 wrote to memory of 1392	3432	msedge.exe	80
PID 3432 wrote to memory of 1392	3432	msedge.exe	80
PID 3432 wrote to memory of 1392	3432	msedge.exe	80
PID 3432 wrote to memory of 1392	3432	msedge.exe	80
PID 3432 wrote to memory of 1392	3432	msedge.exe	80
PID 3432 wrote to memory of 1392	3432	msedge.exe	80
PID 3432 wrote to memory of 1392	3432	msedge.exe	80
PID 3432 wrote to memory of 1392	3432	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.dropbox.com/scl/fi/ds2blu4u4gz0o9cyuhxo0/Studio-Legale-Associato-Dalla-Fior-Lorenzi_IOR24_00059_25318_S_I_C_PO_-_credit_note02_20.pdf?rlkey=ffe19351mb1fp00edklguvx6t&dl=0
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffea9bd3cb8,0x7ffea9bd3cc8,0x7ffea9bd3cd8
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,15090015236886390111,7461451348631904790,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1812 /prefetch:2
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1864,15090015236886390111,7461451348631904790,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1864,15090015236886390111,7461451348631904790,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:8
  2⤵
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,15090015236886390111,7461451348631904790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,15090015236886390111,7461451348631904790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1864,15090015236886390111,7461451348631904790,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3764 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1864,15090015236886390111,7461451348631904790,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4788 /prefetch:8
  2⤵
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,15090015236886390111,7461451348631904790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,15090015236886390111,7461451348631904790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,15090015236886390111,7461451348631904790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:1848
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1864,15090015236886390111,7461451348631904790,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5932 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,15090015236886390111,7461451348631904790,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,15090015236886390111,7461451348631904790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1864,15090015236886390111,7461451348631904790,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3364 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,15090015236886390111,7461451348631904790,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,15090015236886390111,7461451348631904790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,15090015236886390111,7461451348631904790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,15090015236886390111,7461451348631904790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
  2⤵
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,15090015236886390111,7461451348631904790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1
  2⤵
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,15090015236886390111,7461451348631904790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,15090015236886390111,7461451348631904790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,15090015236886390111,7461451348631904790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,15090015236886390111,7461451348631904790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,15090015236886390111,7461451348631904790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1864,15090015236886390111,7461451348631904790,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3800

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2280

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2436

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3008

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\Studio Legale Associato Dalla Fior - Lorenzi_IOR24_00059_25318_S_I_C_PO_&_credit_note02_20.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:1064
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  PID:4924
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=FC5159451D489D9801B93F8CCC0B0192 --mojo-platform-channel-handle=1784 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2860
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=B1595F2BC829FEFD4DAB452B49FFFF8B --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=B1595F2BC829FEFD4DAB452B49FFFF8B --renderer-client-id=2 --mojo-platform-channel-handle=1792 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1180
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=DF02F826380D11A48D0B03155F6BF2D1 --mojo-platform-channel-handle=2368 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4556
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=930015687FAA7FAC0CAB5B34D54298BE --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=930015687FAA7FAC0CAB5B34D54298BE --renderer-client-id=5 --mojo-platform-channel-handle=2472 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:800
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=EF69C7AB1D17F5FF91EA70DA342A4ADC --mojo-platform-channel-handle=2620 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1588
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=589932A75748A6283AA1DC4403276808 --mojo-platform-channel-handle=1784 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://14d4q.riagem.ru/5i38juu/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:2100
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffea9bd3cb8,0x7ffea9bd3cc8,0x7ffea9bd3cd8
    3⤵
    PID:3224
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,11560106093194602279,248215790973978427,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1964 /prefetch:2
    3⤵
    PID:1984
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1948,11560106093194602279,248215790973978427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1540
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1948,11560106093194602279,248215790973978427,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2620 /prefetch:8
    3⤵
    PID:1956
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11560106093194602279,248215790973978427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1
    3⤵
    PID:1812
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11560106093194602279,248215790973978427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
    3⤵
    PID:1300
- - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1948,11560106093194602279,248215790973978427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4080 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1176
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1948,11560106093194602279,248215790973978427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2220
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11560106093194602279,248215790973978427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
    3⤵
    PID:1820
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11560106093194602279,248215790973978427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
    3⤵
    PID:4424
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11560106093194602279,248215790973978427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2916 /prefetch:1
    3⤵
    PID:1980
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11560106093194602279,248215790973978427,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
    3⤵
    PID:4376
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11560106093194602279,248215790973978427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
    3⤵
    PID:2592
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11560106093194602279,248215790973978427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:1
    3⤵
    PID:5208
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11560106093194602279,248215790973978427,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
    3⤵
    PID:5216

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4196

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
7ea7c5a1591b449a0d5a01c1ca784fef

SHA1
d748fb479a4ab3c96f82980227ceef21c5dd86a3

SHA256
7cc2334ad410c2cf1f619c50bf1a9133b0425182daf097c36aad17cb2d7155da

SHA512
b4c82cb21e528c8ecb07e0d6f80c9fd02f4954d22b80855a997e795fd1900d737d58362d23d3260aebaaed59afcca335f4fe3b77ddcc3eb6d0313662e5b76dd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d4a7484ba6d457556ace4c311458fce2

SHA1
fd8ef690a7b356300e024699478ea1f4193ef660

SHA256
ed5f71ca09455340e6a3a9b196b276e2880f482ba20c959248af412fbf993a50

SHA512
e35626dce77f642e060d3e54a84a4ad62af74576581f68ea1e041977dcf61d679c7b546102b99a221963d1d754566661b46eff2b3d6d751d300200d17e69ccad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bae26ab9d12553c457d5887e00ad155d

SHA1
ec3bc964e026c57e087dcd9809920feed5552d07

SHA256
b708c2d813e544a81d40beb41ae9b4f80bf26463b9ab516620a5a29924136853

SHA512
424fdd497d8c77e5544df22e8f41c7ca6da0ab95ab926689f56e2fd50d5bff4d61f6dafbe5cfd8c6b5330dd7cc0d06e990e61354f9bd2a6e5943a157e59128ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b7c9872539deb6b45ddb1408c70b625e

SHA1
a3c281068304773f6a4a83e8573553f3ba64b637

SHA256
53f5ddbe00399f22c3f089fafab680d2702984bdc79ddccaa502c4cdc564541a

SHA512
78932c5fbc63289af33cc0f5fe2d72ee5d93c28b0569403df064e331bd888b23f29af84a25125d95e436b77253cf9f915ccd9a9409a7bafb4704bb923edb81b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
43b3e849d1c3419df28654acea6f1253

SHA1
0140682c6324bc38aae3153cf0f820e97a42b340

SHA256
1c171f0fb0da639c24cda7051aedcd8a64590d97eeed77ab6dd2c02e8d13fc81

SHA512
31172a2b897a4bbaefaaa4f603cd2ffe02d4d8a5b50e284f9e66e9fcfaa36c1459ef13f67cf997d619eb8b658b1e058ee12c110c6b172987bc9954b106466881

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
3741dd70342a749b4d3581b1eabee98b

SHA1
a1b0d6f1412b1dcbd5f324e25882d8d1f33e1fef

SHA256
ad8cc93a8f1dc43b93c7bdd722138331e7bb8a27e93d0584d68d8fc57c948b45

SHA512
7e8c7c509d2799c38cf4b96eed87b94cd9fcb8583778c5f870c50c802f3194b0e3f97ec3dfce0615ddf680a6c2fee18a7618193900fe97d3cf87a930d4d04be0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
85b6c7121a2cc95a28ee7a98ecac952b

SHA1
27da1d277650a67e835310eb6776c622c16a3e46

SHA256
138022dd116704cb9038b3f574bfa48eff8f8a05ee205c29f7e43b24a9525c7f

SHA512
cbe6823b8a5f46fe44ca3a49d415694ec9b6d0ef70227a5bfc75289cd225bb64c50b55d31ce2874cb1458c5476e60ee3920cb9690a9465ddfa9a575ea674df22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
01619646f78ab4a2d717da5e9393c28a

SHA1
bc1ec031e937f5bcb1af740837a1ee3c3330301f

SHA256
3b0dc3a28bf09f346674e37ad229c60dc60bb021713059fcbf977c8903a45565

SHA512
984bba984fcdeb157952e031e7f786d8b078bc63cbfd5deb690a4d9cd7402ca2c4e8c910ff5f50784db729642176c13540c3ab6208c09af0fe1923f36dfa5683

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies-journal

Filesize
12KB

MD5
82076ab7319481f3978e5a2f84e6cfb9

SHA1
3181a794f65deaa4199b127d20846df628672dcc

SHA256
e5ab2ca29ea59296aa9c786d81cb0788c617ae76a819547061ed4f59a4368eb7

SHA512
1b808e5ab9b593a99fd7a43546b37dca7b80ac8e62f9d5d4d340dd5b56cda46adb0dcf8b367fe7607ecfb9a356ac0d3c62f4e86c9048638209f8f0cadbb28453

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
24KB

MD5
04ba75b20fea9fbc2ab79c21ec7f6610

SHA1
023c2cf11e7a439eee3d1c93183e924218c83d88

SHA256
a30059e6674c2e1a288a9f328ba28decd2c8869121e604e5abb4325acad1b549

SHA512
1817ff0f69724473abb82048b4571c61dc78141ed87febc409868e2088ddc51353b4e0b47f6c778cc399e2f84bb4df99c65c991498c1c1196404a6788c05e169

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
986008b53f9770bf1a041e02546d079d

SHA1
b5d8382adafdedb437c6b8ff00c6e6c9591d008e

SHA256
15449a4837fc0d34bddc3c72499195aa74265367ade65f4ae491983ca4e35a79

SHA512
c65541d2284fdd23a2ef8cbbc0cc030f3a64bae10cb1625ec71ccf9866207665f793a253a3f18ba1c2d9da08f282fb9132358845ab7fb4bd3b5d37364ed47bca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
3104532fa924bf67c5b4e32e0e2e867f

SHA1
ddd6a7fa27435a8b61412a85563f898a9277f348

SHA256
7d6c961fa7fe2067d77b8f1c17db2434bfd8aa1c423c932a4ef211a6985191ab

SHA512
a1ca1c726052a574b039dac149c17770390eb4e5e20539f371f6dddb85c22f221a86f7eba7bafbd11459a322b5303eb3ffb7712a7ee9281a1c78f0f9257e7360

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
3KB

MD5
96031a775ee17d5291f54d6d65423808

SHA1
a7aab9e2a4cdf0c1262ff5cac3beeba35ece72a6

SHA256
8be230b2049c21fea8134e426a1b1bedcd2523bcad115229febeaecb24f1cea8

SHA512
ecf8422f7a7d05953b8be458ddacb3736fdb69346c0d120a9b3c30a4ed2e70bc2b2b7d8ce6ccfbe2c344c02c60133b9abd5045e1eb0a607ac920d4e059de865f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
1KB

MD5
ef9821b50a6982b96b650dc66f89465c

SHA1
063cbda0aa2a80793f6ef9bc6623c41fefba09b6

SHA256
b20adcea68055c8179840fb456ddb91fd2490edc0b76233559b8c0daa3fb2555

SHA512
559bd513922ef4336edfabbfffe7f21354f36062f02501cd214b46e9db9daaa354ce39347b6d0a75c3e1dbcb841382031a1eb75efd90bc319677bacf90e08bb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
4a7d895da9b964ea92210b3b28411b55

SHA1
d788abc6ccca914529384407efd04eed35fbf70b

SHA256
2d6a30b8de8e3d761ac08dcdfecf5f3c9adcc5398ca984967c50498132366985

SHA512
665b036d608b925c46c9bec50e73afe24661843f10b547b9f115d38ffe97a3a41d8f6b5b4003333699c31f9f81dc87b7885c06c44f3ff472c11202aab1d48889

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
a27a2bf919feefa1a349766b613a7b84

SHA1
bda900c8c9b2262f8f31b74fa5e7adba21cff80e

SHA256
5050a56c3071844ed7d07958a2aa404d0fe8a96ed6351193def170fdbbe1d992

SHA512
ada068fa99d67a584a166afb6a5fb803a546cab8399234546f4b5dbd9189f58cf3db4cd3caeeadf0abfdf57bc9dc60bdce4c324bc899aea8d1f0c5cd6d0fd8b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
e1e7515573ef2090778d37508a05ea28

SHA1
3fd52fc23c4078abd05c4a70f721312274bdc069

SHA256
580a5cb7a61f511f6b478d0ec95e306d77fc2c74b63c6ab3173e0027dc0c762d

SHA512
cfb508c7bbc075682f6e594f8a51788e4230a4a26ccec396af72e18c2fc57ebd5cafd02ef89bff8db88493de1722b691ecf1173c32d0ec3e6b9da74c9be448d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
8c82a517c2ebd4584ed31effc1052b0e

SHA1
d072f522cdf2a3a622a3a16783eba883a12b787c

SHA256
ff1db8f1d021530436e04b3a79e4f9bdba003754c5878a260f5a32b5124f44db

SHA512
aee4460cf5e22d0d1578e54485b5b18539289773adf01f2da258b994556c71e5c17a7d1a711cb89cba8add27f635cc19ec9b06db1cfc1bf80951e6f64540a55b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
ed19785295aea0d1b51abfef67e71ab2

SHA1
8b1f69a8b552ec018a56c97ef4a31e8e388ea817

SHA256
c6f90319513725353b087556a6c8f6c76d8eb1ea92a1da276a87b5f551ac5c39

SHA512
834f703ec84d52367d55bda29a6234eff2a33a600937b91dd53558299ad3074ba416e79fdee3bc5fdfb2233856d624cb43d104043386b5e616ae677841a93353

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b4d34e1a37a0aea9b637776ece3f6a29

SHA1
0a2ec74943c4b391f24cc783536c76c77286ba5f

SHA256
ff8ad3a32c75093da18bf818dc948f41992fa2dc600636e52d5bb0f235f3e62d

SHA512
a7db8e4daf44c0fed2dd4949a78f1c2b7a36488d2aae8e79ff3df9e9d8bba7cfe23a8556752b992b0af7bd0629b469635b3a5b839c85cbd862de80f0bb9a0a5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3cedc65ae71918c4343ffd09b7128fcb

SHA1
8d8b99c57a8fbb9f09522d0b750abfa620229945

SHA256
a63f346beff2085f4b1af260009b4acc17acc25874a47fb5112db1f72c295199

SHA512
63b49cd124f866a85738fb2f2efcaf58bb1db231b619f6f350948e48cd5f0fb15a244ae2bf25d523da4b8c92a7415b3b10485aeb82556e90362fd9fb9413c587

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ebc0b7cedd19cf58c2fb509958247b20

SHA1
24cbf407ff45eb7258b48f6be7bc21a404141735

SHA256
cc35a460510ecf6ce13e5001f692442089f437c572bd9703c4d9dd9d6d9dfc66

SHA512
6d7cacd975c8e4e17e6b0e354274f92fcbee3e8fdf0bf0d05900deda19893e6e32b96eac0812ed1946e1780dac852406293659305536f0e3d354e2c993656acf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fa1af8ab9eb56e1f6506f2b8ba71f711

SHA1
d0ae15f50593a640462ee579f02984b47a362acf

SHA256
b54a77e50a1c41cdacdb2d3a8280efdc22c1567f3c5700250e4e6824ad83d0eb

SHA512
26bbb4aa603a1a2eb93e44e5b7c94d00d0bcb7a60c7535ad9062cf8c3aa515406b5d43dd55c2651d648eee895dbafa18f56ab5a05bd8af19d833412e9e008ded

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
387cc30cef2104c9cb20e8d1475289d9

SHA1
a944f29b220aee5c0e7bcc1aaa8d7a139a99818e

SHA256
2035906acddca47acbe5fc0c4c4e58b03727cdf148d3b02bd325ba68e2281571

SHA512
4ff28b313491a5aa1e11f29f4b3d2e94af8fe07be5d9b4eb885a1dc93492fc7e11b5525159ad506932492832c79ae354f1b56d110378ab8e9a9e64d84573822a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b414f5faa75b31999d9bb048073fef7f

SHA1
acc82a29e4c0e2a7e0f6e4ff1caab4341d8dd29e

SHA256
184102d754f13057461977bb0bbac7f03606cb8d6c08c0800cf5836ca6712de3

SHA512
914fd93182172cc32515e3653fd26dd206e57b11a90086a6d7e61674bcdb3ceddec8d235fee6ae999ddf4756a4c4759e70107770fd0b1e5d5022049459619d14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5f0885d10303350d7cb04e2d6d66354f

SHA1
5dfb8652e4cd5633655b8b9a2ac0c98da72bbea1

SHA256
0ecff5fb9cc640099042a69c152028f4548e04d530ad722346e0aba9f405b7d2

SHA512
e16e1c4cd1fa55590cbc8e61b575951e2087ffd1c1950eacd24ba63578a6392bb809ebe8a345d22be39d4e32aacee632b07df2138d75c02a894728f53c101db1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
22d5dd2ef085418cc54dda78316accf8

SHA1
1f25561bf8d57cbe52bc9b9b6f0aa4b8aaa57a1a

SHA256
95efa0be0b77020a87ade9bfe5b9bd04013cb37494e2f35d704c7d31d9cb1a24

SHA512
a8fe1d20594ecc98161e1e273a2b2c16e9ad4564e309707a592ea57cef30ce1161a35adb2dcba3e19f6b9df97ad78b2e25955593d2ecd35ec7abc3822d2c1da3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
67c5b5de2d96b3aba17eeeb157772dd1

SHA1
f663f64b78cf495b61c7e7a72ffa73552d8cdacd

SHA256
c475b30757887c335be79c087620eeaa31749cb1f82cefb2ea48640e377739f0

SHA512
0f892384278f868f6e986d31ec787720de25d261688551058110b3e4961390876d053c73dd156aebe1ba49364675e19669aed2842c4c38dd9c4820625f4c22a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
d20535bc240b8f8479cb92bd09f905a3

SHA1
4a0789d113a9abc56a88fc68bb77755c1534c012

SHA256
451fbed468cdcd38efefdaf371fe3524c36fe6d78cbeef8ec2341688531674aa

SHA512
ee06c2b0fa56904713063d616d4948355064c17377515426f25df9641b4d93abb09befe4656d0ed03522247a82203e16ef43e073efdf19593b4594af644e2189

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000004.log

Filesize
26KB

MD5
5bd0b108f26b8f680c068c194000a239

SHA1
dffa8e333027bf58b58f6465c391ddd71efcc153

SHA256
b9e8acc304ccbdb5fc5f9284eb3a33a4dcfeefaf41d5138e905816c34103168d

SHA512
ebd33b7bf6622182c88e984f4647965608e0cd7f04b54da72e487d03b33e27cfde51f9380f03e93ef02e0f744aa1624a2a37bf50207f86d76ef6623eed20fed3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
485B

MD5
1c7c4c94d2291369fd41b0095c8a7a26

SHA1
463466500d03eb4551b8ede488fc191bf7d2a116

SHA256
b8fdfbe3df25a9c9d44636f6ec2da046d496bf9d474cdfef6d99fb03cffa2df2

SHA512
4aa7d211c8d9d46aa3d4045ce2c6beacc8aec752a318100f14962182be76fafe027ab7002b11206bbff2d9ee366e6d1e1315cbcc3a3bdd4f1790bb473860570d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001

Filesize
97B

MD5
6b368cfbb196066c4bbcdfe3332fdfbd

SHA1
177949b0e9ee2a0a65dc3a5cd12c381d41d20d16

SHA256
05151cf891f8e2dee9537232458c06043a68376c0c95db71992900a0aa842288

SHA512
c182405161b1399e1b72a76654257b1d9b9e07801a53654993ba4d84e547798a69544b1e33c1b4a1f1abea9d68551bb166f39f6f5f5e6d6b8d9fbd8e29acbd63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13352900480384651

Filesize
6KB

MD5
64835402b13b083f862ea07756baced9

SHA1
eccc9b8991a4c5842f92e4a8938a4563f57d7120

SHA256
95fa9c148664f9c5efb1e508f6f804b6d816bfd99ebe2c30a98ec45cf2ed9d4c

SHA512
7741834115098681987faad5b20908c944daf87d4a0dc123b54261ae4bd1cc058c79160bfbcd46bff7c1f932870821ce62940bf6ed3c9018ae9d587f26fd3909

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
184B

MD5
d4a4b9825d4a1bd576ab9387c18f2d9f

SHA1
2077c6fa1d1cf4cfcc276b65ff1f00270597e7cc

SHA256
31e2a65e7d4d93838cf914f2ca7f96b07ca322a1975307bb2dce079db8cce488

SHA512
0c50aff6a6d25aa3b2f46b379fb42491bfe1581f3048d347b1055020e17f0cc1fc6a1a218e3234236b159f597d474d74686628673ac567f08c07fb0bf30a419b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
8442bfab1eee2b3c0c7946d66e7baf77

SHA1
cc2c9766385418a820c912ce0f315cd55eef0a32

SHA256
8e61d01eb6bdfc799e3c4656abf6a3d7ddd0b12fe20c5e8c489be0a29c38e7c5

SHA512
6e0ae057ad8e9a9a9fb980bbea249fb889364facc48075c1c02bf7872f3e092125d8ae80d62a059197c670631cb8fd9de2c678c070cb05fe9fe13fb9fdf75874

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
89437a43767c33170c90142fa94cbbac

SHA1
6880f25fead25c806d1efff576f31066dbe20baa

SHA256
c0274a87e431cfa0f572019c325e3cd03e9437258c4f67ab005119e4ecf1cc4b

SHA512
76ae41a6cdfcce1e9b99fe18ab2716bd1ea8c918a3f2c9e8688fed378755ec0588c32f3590471791d08ff85d2d4c5106f5a2b63ec4b867c513ef6cf6de2ff2f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
fdbcfe685e70544663ca41a2167d4d33

SHA1
bf7551210e0b8e9b714acacca47beff292a38fce

SHA256
3ad14b38ec53c4e43956c9ab792f9d858ef42cde768610cb002536be0cc5a898

SHA512
b08eabc8336120aef80ca8c3688cdfad3b9db04a8a5e36dbba80bc9883d1485fbcd47252d5b4c0a5e5670fcefe09858b943fb2a932cda715a6a03c330c365bd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
4f7eaf1b012d4d19d9e61ea3dfb583af

SHA1
755bf1607bd588fb16e2d58fe42e8a33d0546be3

SHA256
c8f0c0b4a9909633727231a507b890c8847143039ec373ecdb056775ed92a1bd

SHA512
ef7f21c509b4907513034a04b20836336a70102243211adb493832eaf381aeaf62052d138406a57781b7f177f8b1f88c99dd5520c82e03288cac30c0c842599e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
49a83e4af568b87759941251069e5ba9

SHA1
028170d2b20abba4a22be91f5021ca29d50bc4fe

SHA256
c10c001cf47a2f9deb58c0d28ff1e7540b0f7ed0c134296d8dcafc9ef0884cd7

SHA512
5b398669cf49bea5f9e10921025348e74dbf87654d83d2b6072c9fd62cebfd30f48b349ae943e5f7dcb6bf24c96a3fb6f6f871568fd468637a79ba31f903c8b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
12fad4051ddddbde87722927cdad563f

SHA1
983d8a3de245cd13ccd08faac559634aaca642b4

SHA256
bb0c4f7e8b8c5074681bcbd485a20f861d236b884c1fbf26b2bf68970e395efc

SHA512
76dfeef7a595cecd8744333685684b791d9c0e625e649c8064fa22d50705ba890ebc28e9cd41e849ba081eb0f4fc4aa76ae49fff85e87b8eae50b1575280c030

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
6a1cd1088f33771e887e8c893ed3b457

SHA1
7f957531f8a13fad36a57a5fe356a918f516a236

SHA256
357c943aac57cdcb693686381468c80a41b933d677f7f8eaf36d99b52a002d4e

SHA512
19aa9532192bd5943ce3402f082500d34c96a506e38705a1dd30ef144ac1d79b68c6e3b7e41a04a326a2320c06a8fa466c6374d298aadf86384a7aae5c8d19e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d532.TMP

Filesize
538B

MD5
b8222ed1f19d3017cae90e300eb5195a

SHA1
5f7e498624ad4975af21490dd09d02d8ac61c5a3

SHA256
2a4c9f9da0d6a99ea03d42a98d8c56b5819bd1b32215d62d5c23729c2d24c76a

SHA512
e202851b343a8f87a378e3485f676b6ef3e86a29233a77b0400a1c6469f7808283bbc31c937e345ce692bdaf9082610cd5da015f650ce2168a025f6516d5e922

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
b9ec3e6c1f68cfcd7d31de44112249d5

SHA1
9b6cfb2a0d07216169c8167cdca35cd69bcf3a2b

SHA256
d0d4a6a30cb067ccacea7ea928e49b551114a0528d1d201ef352f039ab2d6c29

SHA512
4b35a591645616415434a96a639b472196da98b1a254f24fe6877ad1a430fd4e26c4b9b14e3042700cdb9a2cbd1d82bb0ef59e18ac93e8f95b7e77bf0b045739

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f79d299c-60a8-4ca2-a65d-7a24ab46cf46.tmp

Filesize
6KB

MD5
939d9efbf9522bdbd01dfce8389a0192

SHA1
39052fd1201419b83c3717500d768ea4ec95d8d2

SHA256
d2d27fc0f528eaf913ba7edeceb571e0fd08b550c779bc0524fb999f32ca3808

SHA512
b748a88d443772608002d82eeb1d08bad47f55a0f6563eb8f9eb18d7db5adf5fcebe227ea2e1e64971cd53b6fe668e2ef4aef0240fedacb2452f56852292e947

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
116KB

MD5
8782c69b9f57be6845d62af231c003e4

SHA1
1326aa9ee757ec1982e2852bc5ea5cad3f177564

SHA256
6eddbb603104699390e77ede2106de713e4703aae59cb53a44f085fef648ddb0

SHA512
06dc932d497ac360326606d4d33aac0578101c458f48d7855bd26221d483648784825769788a9c508f89e54886f3f515e8b2979ac6b7c5fd65418a53bf48e3e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
4KB

MD5
fa5c2dad8d9d18c014246d40392ae643

SHA1
f7766e385ce946bc629ddf9ef4e8f91d973c3071

SHA256
c3163df60e9801b03f83610e999528a87f3c874736bbb31ed0a8d39e1e0729d9

SHA512
e57ae0a7474788cb553b5ecc760e17d69cdb1e3a03f02de6515ca699a10db2552f6091db45f7ec4c46807ab81482bc596444824869f15556fdea01601c72a5a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
6ffb6acdbd999e29af3de7558d6aef45

SHA1
1c17bd3cffde786ae786b1f0f8aa51580a4a8306

SHA256
42355dc9d744916f36c8c081a869917181d192e7fb6e2d5c72172e13877502f3

SHA512
9fc934f86db8d374599ddb3be7c151bbacecc33ec8e061f97c7b1741c68298fa652f55a0924a515706b4126cfc9430bc8277b98f519c8b6df81b26ab2ca5473b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
318B

MD5
753a4726b3bc0fc442f1dbf11676b86b

SHA1
7ad5be9047e80a874f2fb0ba383eb390e1197b23

SHA256
2dd3c16e432a841a09bf2e6ee716bc3d56877b7faf75a63e0c9947db11efbf74

SHA512
a541bfd0e8700dd53166c650cfa05edf02c2e2f054dfbfcf36d74c2e8c0efd3abf0711e93f66dc8031a3a8e3facaa3701177b12ef61f10d49d33e4a627addf89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
5b7c9052c1c8d5151754f1b82426496b

SHA1
9c4d1e13aa5d8cb76a4baeeda297c6965b70bc85

SHA256
a01516b25d48448f1fd478e206d73f36d5b9b6e4e94291d1dac39ffb49ff7924

SHA512
7d2cd0526760563ee7ed2204dd5cc788d04ca304ea2f3fbb9218c2bf20e30ed97fe35d467956d4d7ac31f5d271f358a2be0435ceb3e0384f8f312f7a5cc9ae2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
df76424cc19690def191f458ae618776

SHA1
382b5a09b281942f57cd8c0760b39b3fdc2d3d75

SHA256
f7c5e708f7a547d9cdf8be4f33f47971263649ece1ee3fcbeadeb8253cb84898

SHA512
74ca7bc61e58e9ef496a15a32d7c1d305df567c3165746614755b38c7a3e8aee41a71370a58fe48c6038c3bcb23bcac36c1f34501a46944f71b07ecfeaab82d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
91e4fa36d6f6b65f87c5e3c200ab6cfd

SHA1
78df076bcdddc6f3d35e5d0c2c5cfb8fa049f006

SHA256
79fdfef1cd2a817820b2033ea51d18d767c0d36e3d81194319fa887a62035e06

SHA512
4067b7e205ec38902cd828608133cefd94542fec40eb23417655eb410e308bd4e1096543ab9af3a0ac6d31c757c454b4b6435d80d327fad222496a7f57bdba33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
6cd3742ea6b957bd9be07ee7c279d797

SHA1
5778318a1ce2b0d29c69df75e8649d2fdd405790

SHA256
0575e5dc1a1e057b4dd2630b84c047f98f861fec4449749533f14a331c3370eb

SHA512
91f178361d7fef99c39c921221ccfaca2400457b90847abe1bf5901b97358af4b18992d10fd0e3b58626416b44a6ebd9cca0ed3b76b1048c3429156c05b56114

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5d9e2531a185e798c45be3047bd3c4a7

SHA1
00c7e68274af806469740fccd949e275bca61cab

SHA256
924db3595ae85f9fefb7a5ae0a87d854ccaa74e373166814b45d42eb8cccf08a

SHA512
299d5426836116353dcfede6488feb97973e4d6b988282e4674e2c7df3b6dae484493aa7c83d130fe489bf89f910e357ab1bc5c3ee906aa5c08623f537e46174

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b1453327ee316e71adfffa956de3e634

SHA1
4c133e368b31b46d82060f93b367eac969466cef

SHA256
cfc426d4c72cc5207742f4c2d9dde4324a9353c61cd0bde8fc8e534331d5ed70

SHA512
a875af996082767752c8456d124a0ad7650fde6fe982f2a5e4a8ee00fb1a41789217bde5abfda18b38a91732e89f57d65613b4cd4ba52c119cf14664b399a9bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
66fd87f76b33fa59947edaaf4cedc2a3

SHA1
1abffa11549d8a1d611ad05cdb6e64b0fd184a76

SHA256
6052a4a22e1561270989f17d95cbb53a352a5489791ea14317480440b1a5beb5

SHA512
f3fd17e0304503a1fa9bcd0433aa3c0f781c4006a67fce81619daea9d8ec0a0dd26b9a7a6c9ef2421da33873eb3768e6d62f18fbf4d40540af2a80a03d44aac7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
8b4b1168b5905008158c4bf89702bba8

SHA1
0ba91a85c6a4109a6ff4134425b071803acc43f7

SHA256
fcaeaf5fc99025a8a180eebde3ce99d740596cf0fdf9f297f6d7ffe7c5b48b1c

SHA512
60544a35bd4f94362f5f2e3d72b069c666afa7c42c428369190fa2f61dfc8e793dd1428a68ae77c84d17339d0e3cdd21f2391ff6c3a38b05d37b0c55ccbc7d85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
39ef6399f2354acf6d29f8b686f84501

SHA1
b76c4937021b89dd638d269950d13a0d187af498

SHA256
8943880766ad6249a7c81fb77cfb110f5fc12ed3d58b917e7af5b0c0e82d6cb1

SHA512
b4492d658393d0c2bf3f6ea6afc63c126d4076ece4784d15c1f91a2a091561352e42ac5088cef707f9a3156db40c5b468be0b23b45818fd9f775dbf533fa1a88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
6dfc62649a279886fec4aa87b9705f19

SHA1
bc3a0f1156cf1a1d75bcff5f3f3ea4f4a7331528

SHA256
d556a29e5e5ab85d45f97a663d33872c132587a0017b307d1a00ddd1be332494

SHA512
ad67791b46760094262bd6b3ee49e3c04a9e094462e4e8116e8e2c5b9af21f6c85ac980da947d96bf1702ffb69fc097f077c9b8cd37467250d4978291da8ff77

Download Submit
C:\Users\Admin\Downloads\Studio Legale Associato Dalla Fior - Lorenzi_IOR24_00059_25318_S_I_C_PO_&_credit_note02_20.pdf

Filesize
266KB

MD5
56f4efe904c96bf34d8a56adca0bb452

SHA1
c8be33c3abd636ddc7febf41526c0e2d95bb6476

SHA256
6cce1864645a43f029fb55b6c8b12ccb9cc7e8456df4139c3569d2ba3f50cec3

SHA512
9a2da78417bff4d0e9af5a58f8fa8dc55738d112804e495729dcb9d35262d4a1dc7580665055347ed9e2ad7d94d5c741a0fa732dc140e378b9be7d6a626ce43a

Download Submit
C:\Users\Admin\Downloads\Studio Legale Associato Dalla Fior - Lorenzi_IOR24_00059_25318_S_I_C_PO_&_credit_note02_20.pdf:Zone.Identifier

Filesize
440B

MD5
31dffade9767890854cff35378712528

SHA1
7619fd980209b5c395883f3312f998ba251b616e

SHA256
ae06eb4095048697797c1966cbc380311ae7dd1c7c13cb387a3a7ffa098cabea

SHA512
f7ce4e7e6d40bf00903c920db11d509c4c14695cf323f12bb4891d22bb64c2b3802c11f6e21e0fd4b880774519a8e17fec63cd933f336dc365929eba213e4294

Download Submit