Overview

overview

10

Static

static

6

payment copy.pdf

windows10-1703-x64

4

payment copy.pdf

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    151s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    14-05-2024 13:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    payment copy.pdf

  • Size

    76KB

  • MD5

    ac3a8f618810c3680ce24a24252b5252

  • SHA1

    658126c5d9a6a7424861c2aee07816ae5498c8c1

  • SHA256

    77948e428ad7708bb79e23ec0dd199b4d25bed6c58813b1297eed1cd03251960

  • SHA512

    d56a2b6678c88ee311b4189f1811ba14df22c5e536f89f253eaac570113a405057ec7005fc1fad087b01b056a59791693b5a18ecd2f3f24db181c839cf1b791d

  • SSDEEP

    1536:yRNRvcJqzv+kafzNQDo8c2hlneYPJMpCJEM1qatanErV6Q7MyNCbbi1XEk:yRkJq5+J8zneQJMpCOZataExMyY3QXL

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 7 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious behavior: MapViewOfSection 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\payment copy.pdf"
    1⤵
    • Checks processor information in registry
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3872
    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4208
      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=75D266E7F8ECCFF834FC5BED6583CDAC --mojo-platform-channel-handle=1628 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
        3⤵
          PID:5024
        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=106D16379867A69B603961BA6F457200 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=106D16379867A69B603961BA6F457200 --renderer-client-id=2 --mojo-platform-channel-handle=1640 --allow-no-sandbox-job /prefetch:1
          3⤵
            PID:5028
          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
            "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=5425AC371CB7F97A5251F44B44C82EB0 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=5425AC371CB7F97A5251F44B44C82EB0 --renderer-client-id=4 --mojo-platform-channel-handle=2232 --allow-no-sandbox-job /prefetch:1
            3⤵
              PID:2348
            • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
              "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=246F4B00A3959ADC5F9B07A5DD5452CB --mojo-platform-channel-handle=2652 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
              3⤵
                PID:5080
              • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E84B3DD7070D6366A051838B9696BA47 --mojo-platform-channel-handle=1728 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                3⤵
                  PID:5024
                • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B4EAEBC3CE1F2A9C2E719F840CF5A347 --mojo-platform-channel-handle=2660 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                  3⤵
                    PID:4740
              • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
                "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
                1⤵
                • Drops file in Windows directory
                • Modifies registry class
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of SetWindowsHookEx
                PID:3408
              • C:\Windows\system32\browser_broker.exe
                C:\Windows\system32\browser_broker.exe -Embedding
                1⤵
                • Modifies Internet Explorer settings
                • Modifies registry class
                • NTFS ADS
                PID:3372
              • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                1⤵
                • Modifies registry class
                • Suspicious behavior: MapViewOfSection
                • Suspicious use of SetWindowsHookEx
                • Suspicious use of WriteProcessMemory
                PID:4552
              • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                1⤵
                • Drops file in Windows directory
                • Modifies Internet Explorer settings
                • Modifies registry class
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of SetWindowsHookEx
                PID:3956
              • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                1⤵
                • Drops file in Windows directory
                • Modifies registry class
                PID:1988
              • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                1⤵
                • Drops file in Windows directory
                • Modifies registry class
                PID:4764
              • C:\Windows\system32\OpenWith.exe
                C:\Windows\system32\OpenWith.exe -Embedding
                1⤵
                • Modifies registry class
                • Suspicious use of SetWindowsHookEx
                PID:1820
              • C:\Windows\System32\rundll32.exe
                C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                1⤵
                  PID:5148
                • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                  "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                  1⤵
                  • Drops file in Windows directory
                  • Modifies registry class
                  • Suspicious use of SetWindowsHookEx
                  PID:5128
                • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                  "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                  1⤵
                  • Drops file in Windows directory
                  • Modifies registry class
                  PID:5248

                Network

                MITRE ATT&CK Matrix ATT&CK v13

                Initial Access

                Execution

                Persistence

                Privilege Escalation

                Defense Evasion

                Modify Registry

                1
                T1112

                Credential Access

                Discovery

                Query Registry

                2
                T1012

                System Information Discovery

                1
                T1082

                Lateral Movement

                Collection

                Exfiltration

                Command and Control

                Impact

                Resource Development

                Reconnaissance

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
                  Filesize

                  36KB

                  MD5

                  b30d3becc8731792523d599d949e63f5

                  SHA1

                  19350257e42d7aee17fb3bf139a9d3adb330fad4

                  SHA256

                  b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

                  SHA512

                  523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

                  Download Submit
                • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
                  Filesize

                  56KB

                  MD5

                  752a1f26b18748311b691c7d8fc20633

                  SHA1

                  c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

                  SHA256

                  111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

                  SHA512

                  a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

                  Download Submit
                • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
                  Filesize

                  64KB

                  MD5

                  8f8e7976249b368d30e25996ee70711b

                  SHA1

                  89cffe68e61c6615075ba0f92b6c9c86695b71dd

                  SHA256

                  7d4a85ba506fea4ce8a0c1e439ab7adb892b195e304a2618fe6ddaca945e0418

                  SHA512

                  239bde9404b859e6a2eda38ac8939270881c4eda5f8d0acfc3bd63a691681d51a9680db57991797981c2349684b96905f26fb9e4490325123f5bc0a00e9363a0

                  Download Submit
                • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VSH5XF98\edgecompatviewlist[1].xml
                  Filesize

                  74KB

                  MD5

                  d4fc49dc14f63895d997fa4940f24378

                  SHA1

                  3efb1437a7c5e46034147cbbc8db017c69d02c31

                  SHA256

                  853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

                  SHA512

                  cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

                  Download Submit
                • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\0XWW6NF0\favicon[1].ico
                  Filesize

                  758B

                  MD5

                  84cc977d0eb148166481b01d8418e375

                  SHA1

                  00e2461bcd67d7ba511db230415000aefbd30d2d

                  SHA256

                  bbf8da37d92138cc08ffeec8e3379c334988d5ae99f4415579999bfbbb57a66c

                  SHA512

                  f47a507077f9173fb07ec200c2677ba5f783d645be100f12efe71f701a74272a98e853c4fab63740d685853935d545730992d0004c9d2fe8e1965445cab509c3

                  Download Submit
                • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\VZYWJXWY\favicon[2].png
                  Filesize

                  7KB

                  MD5

                  9e3fe8db4c9f34d785a3064c7123a480

                  SHA1

                  0f77f9aa982c19665c642fa9b56b9b20c44983b6

                  SHA256

                  4d755ac02a070a1b4bb1b6f1c88ab493440109a8ac1e314aaced92f94cdc98e9

                  SHA512

                  20d8b416bd34f3d80a77305c6fcd597e9c2d92ab1db3f46ec5ac84f5cc6fb55dfcdccd03ffdc5d5de146d0add6d19064662ac3c83a852f3be8b8f650998828d1

                  Download Submit
                • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\VZYWJXWY\suggestions[1].en-US
                  Filesize

                  17KB

                  MD5

                  5a34cb996293fde2cb7a4ac89587393a

                  SHA1

                  3c96c993500690d1a77873cd62bc639b3a10653f

                  SHA256

                  c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

                  SHA512

                  e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

                  Download Submit
                • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\Adobe.rar.7q1u5v8.partial
                  Filesize

                  412KB

                  MD5

                  88592b17526e132988cee3ad37f0d852

                  SHA1

                  c49c43010c7e9d812437eed3cb8a1ac21812d81c

                  SHA256

                  cd5999b7894bd16871b5f43adf2d2dd9c12e67977e01566ac39f09abb0d04835

                  SHA512

                  1fc43dfdc57dfc52926c7d02ee3c9efde294e72bd015a8fb343bacce8e94004823ac0f9e630c45a2ae58dec36a18e30ba69ccb6e68dc58490f2e7ca201d2cd26

                  Download Submit
                • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3MEZIL27\Adobe[1].rar
                  Filesize

                  79KB

                  MD5

                  976b8928e28bbc535e45459d815b8112

                  SHA1

                  09ee5547fcb31b030e9fdc5726a8188b6c9e8a98

                  SHA256

                  784b899e54b4a49f4452827d9d44cedad11d89738ff5799f8338902935b1bdc8

                  SHA512

                  823fc1ab5c56a0ff543acb85ddb0ec784fd66f6aa206dc8f5bd74facfa7e3eb46d92a55cc4ea34ef5b4b2d28f297f630491287adac52b069da60771df316cd55

                  Download Submit
                • memory/1988-67-0x00000193206B0000-0x00000193206B2000-memory.dmp
                  Filesize

                  8KB

                  Download
                • memory/1988-65-0x0000019320690000-0x0000019320692000-memory.dmp
                  Filesize

                  8KB

                  Download
                • memory/1988-62-0x0000019320660000-0x0000019320662000-memory.dmp
                  Filesize

                  8KB

                  Download
                • memory/1988-59-0x00000193104A0000-0x00000193105A0000-memory.dmp
                  Filesize

                  1024KB

                  Download
                • memory/3408-70-0x000002C965AD0000-0x000002C965AD1000-memory.dmp
                  Filesize

                  4KB

                  Download
                • memory/3408-69-0x000002C965AC0000-0x000002C965AC1000-memory.dmp
                  Filesize

                  4KB

                  Download
                • memory/3408-16-0x000002C95F720000-0x000002C95F730000-memory.dmp
                  Filesize

                  64KB

                  Download
                • memory/3408-0-0x000002C95F620000-0x000002C95F630000-memory.dmp
                  Filesize

                  64KB

                  Download
                • memory/3408-35-0x000002C95C7F0000-0x000002C95C7F2000-memory.dmp
                  Filesize

                  8KB

                  Download
                • memory/3956-42-0x0000027D80AC0000-0x0000027D80BC0000-memory.dmp
                  Filesize

                  1024KB

                  Download
                • memory/3956-44-0x0000027D80AC0000-0x0000027D80BC0000-memory.dmp
                  Filesize

                  1024KB

                  Download
                • memory/4764-79-0x000002A18D400000-0x000002A18D500000-memory.dmp
                  Filesize

                  1024KB

                  Download
                • memory/5128-312-0x0000015CF9CB0000-0x0000015CF9CD0000-memory.dmp
                  Filesize

                  128KB

                  Download
                • memory/5128-318-0x0000015CFA140000-0x0000015CFA240000-memory.dmp
                  Filesize

                  1024KB

                  Download
                • memory/5128-326-0x0000015CFAD60000-0x0000015CFAD80000-memory.dmp
                  Filesize

                  128KB

                  Download
                • memory/5128-350-0x0000015CFBC80000-0x0000015CFBD80000-memory.dmp
                  Filesize

                  1024KB

                  Download
                • memory/5248-381-0x00000282CFE00000-0x00000282CFF00000-memory.dmp
                  Filesize

                  1024KB

                  Download
                • memory/5248-437-0x00000282E1590000-0x00000282E1592000-memory.dmp
                  Filesize

                  8KB

                  Download
                • memory/5248-435-0x00000282E0580000-0x00000282E0582000-memory.dmp
                  Filesize

                  8KB

                  Download
                • memory/5248-441-0x00000282E1710000-0x00000282E1712000-memory.dmp
                  Filesize

                  8KB

                  Download