Analysis
-
max time kernel
147s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
30-01-2024 05:43
Static task
static1
Behavioral task
behavioral1
Sample
0ec947a4f30a6ad7d055c72f5d6c1ffe7a538349f41e8156e9aa5c7a8b0d7811.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
0ec947a4f30a6ad7d055c72f5d6c1ffe7a538349f41e8156e9aa5c7a8b0d7811.exe
Resource
win10v2004-20231222-en
General
-
Target
0ec947a4f30a6ad7d055c72f5d6c1ffe7a538349f41e8156e9aa5c7a8b0d7811.exe
-
Size
291KB
-
MD5
5a5c745bf3e97fe2be01880132662f28
-
SHA1
924af25d379fc88319bc55958db898dbf5054309
-
SHA256
0ec947a4f30a6ad7d055c72f5d6c1ffe7a538349f41e8156e9aa5c7a8b0d7811
-
SHA512
151e4a07e19350d677e049c57c971b64924150eec007e665843cb6142ec73fc06ae4145c64164d3f7f25a376a7536ac6d9b3c85180503549a0c86f09cc0ded10
-
SSDEEP
6144:mdSK04ETTZ+4TBpvjLC4Ho/C1rCyPucrFqBFTbL39rqHRs8:moL4EnU4T/vjLTHtrCWurTpruF
Malware Config
Signatures
-
Jigsaw Ransomware
Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
-
Renames multiple (3776) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation 0ec947a4f30a6ad7d055c72f5d6c1ffe7a538349f41e8156e9aa5c7a8b0d7811.exe -
Executes dropped EXE 1 IoCs
pid Process 1512 drpbx.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\firefox.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Frfx\\firefox.exe" 0ec947a4f30a6ad7d055c72f5d6c1ffe7a538349f41e8156e9aa5c7a8b0d7811.exe -
Drops desktop.ini file(s) 2 IoCs
description ioc Process File created C:\Windows\assembly\Desktop.ini 0ec947a4f30a6ad7d055c72f5d6c1ffe7a538349f41e8156e9aa5c7a8b0d7811.exe File opened for modification C:\Windows\assembly\Desktop.ini 0ec947a4f30a6ad7d055c72f5d6c1ffe7a538349f41e8156e9aa5c7a8b0d7811.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.scale-125_contrast-white.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNotePageLargeTile.scale-150.png drpbx.exe File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\batch_window.html.zemblax drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\selector.js.zemblax drpbx.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\images\example_icons.png drpbx.exe File created C:\Program Files\VideoLAN\VLC\plugins\plugins.dat.zemblax drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-24_altform-unplated_contrast-black.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\SplashScreen.scale-125.png drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_sortedby_up_selected_18.svg drpbx.exe File opened for modification C:\Program Files\Microsoft Office\root\rsod\proofing.msi.16.en-us.tree.dat drpbx.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-100.png drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\dc-annotations\js\plugin.js drpbx.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-100_8wekyb3d8bbwe\AppxBlockMap.xml drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\editvideoimage.png drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\en-ae\ui-strings.js drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\tr-tr\ui-strings.js.zemblax drpbx.exe File opened for modification C:\Program Files\Java\jdk-1.8\include\jvmti.h drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\MixedRealityPortalMedTile.scale-125.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\ScreenSketchSquare150x150Logo.scale-100_contrast-black.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-80.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\BadgeLogo.scale-200_contrast-black.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Yahoo-Dark.scale-150.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-32.png drpbx.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-140.png drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ro-ro\ui-strings.js.zemblax drpbx.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipsar.xml drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\GetHelpOffline2.png drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\en-gb\ui-strings.js drpbx.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\6445_48x48x32.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageWideTile.scale-150_contrast-white.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-black\LargeTile.scale-200.png drpbx.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-linkedentity.png.zemblax drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-16_altform-lightunplated.png drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\images\themes\dark\rhp_world_icon_2x.png drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\sl-sl\ui-strings.js drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_de_135x40.svg drpbx.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat drpbx.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\CardUIBkg.scale-100.HCBlack.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxAccountsLargeTile.scale-100.png drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\A12_Spinner_int.gif drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\pt-br\ui-strings.js.zemblax drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-black\LargeTile.scale-100.png drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\welcome.png drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\images\themeless\close.svg drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteAppList.scale-150.png drpbx.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-140.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\PhotosMedTile.contrast-black_scale-100.png drpbx.exe File created C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_CA\README_th_en_CA_v2.txt.zemblax drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-72_contrast-white.png drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\dd_arrow_small.png drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\core_icons.png.zemblax drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\en_get.svg drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\fr-ma\ui-strings.js drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\tr-tr\ui-strings.js.zemblax drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\pt-br\ui-strings.js drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-72_altform-unplated.png drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app-api\dev\app-api.js drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\example_icons2x.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-100_8wekyb3d8bbwe\AppxBlockMap.xml drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square71x71Logo.scale-200.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNotePageLargeTile.scale-125.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteWideTile.scale-150.png drpbx.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OsfInstallerConfig.xml drpbx.exe -
Drops file in Windows directory 3 IoCs
description ioc Process File opened for modification C:\Windows\assembly 0ec947a4f30a6ad7d055c72f5d6c1ffe7a538349f41e8156e9aa5c7a8b0d7811.exe File created C:\Windows\assembly\Desktop.ini 0ec947a4f30a6ad7d055c72f5d6c1ffe7a538349f41e8156e9aa5c7a8b0d7811.exe File opened for modification C:\Windows\assembly\Desktop.ini 0ec947a4f30a6ad7d055c72f5d6c1ffe7a538349f41e8156e9aa5c7a8b0d7811.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 2616 0ec947a4f30a6ad7d055c72f5d6c1ffe7a538349f41e8156e9aa5c7a8b0d7811.exe Token: SeDebugPrivilege 1512 drpbx.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2616 wrote to memory of 1512 2616 0ec947a4f30a6ad7d055c72f5d6c1ffe7a538349f41e8156e9aa5c7a8b0d7811.exe 87 PID 2616 wrote to memory of 1512 2616 0ec947a4f30a6ad7d055c72f5d6c1ffe7a538349f41e8156e9aa5c7a8b0d7811.exe 87 PID 2616 wrote to memory of 1512 2616 0ec947a4f30a6ad7d055c72f5d6c1ffe7a538349f41e8156e9aa5c7a8b0d7811.exe 87
Processes
-
C:\Users\Admin\AppData\Local\Temp\0ec947a4f30a6ad7d055c72f5d6c1ffe7a538349f41e8156e9aa5c7a8b0d7811.exe"C:\Users\Admin\AppData\Local\Temp\0ec947a4f30a6ad7d055c72f5d6c1ffe7a538349f41e8156e9aa5c7a8b0d7811.exe"1⤵
- Checks computer location settings
- Adds Run key to start application
- Drops desktop.ini file(s)
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2616 -
C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe"C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe" C:\Users\Admin\AppData\Local\Temp\0ec947a4f30a6ad7d055c72f5d6c1ffe7a538349f41e8156e9aa5c7a8b0d7811.exe2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
PID:1512
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.zemblax
Filesize720B
MD5eec7951679fd5a1258bc318d0fbb0086
SHA13fcbdaa82e9d9580fb27bb6031fd14b3af828795
SHA2561a1e0b2d9f7d17283976becbcba04ff2ac961492b12c1c31e21dfbe5243f7546
SHA512f294af4248b00cd71b3cf7e3271e8eb98dffcb5268cbdcfd8381bf27b292fac36e27bf88b12a4efb9325d35fb1fe01b26ea8473c593a8a8110bd4b3bb92bfc41
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons.png.zemblax
Filesize7KB
MD55592f7be661f831429a8cb0717feb80c
SHA17780829666a82031f3c4691cb738cd44c692db94
SHA25603c77840861eef4cff3ce9440ec353f18bd32bb90a922625a9fba4bd32ed159e
SHA5120290ec94ef1333e999d3566353a66ad892e158097f8c1fcf3c852d424f24e87c7ab4ec33c035792add8ca465397a552c3dc2b9501613d52f10dd734ec9b83949
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_ie8.gif.zemblax
Filesize7KB
MD5fc053432be4d57afd202e051f78a3277
SHA17ca3346964c07f312f21c7110cf15e14f049a6ee
SHA2563ada489eda889c9c955284f7cf23a0d723368234b0577bd85e8d09ba81faac38
SHA512eb2fef5cbd0cbad288d5d15fe43ab7800287052b79f99aca8ffccbef26c4e328e68a5993c94e951353ac31459435fa0eafd0f71b47775629e363e2b1eae8254e
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_retina.png.zemblax
Filesize15KB
MD5387199037075d7cf3e1eb3814de210f4
SHA1465913e1bfa0cdcfdd7bcaa24dc1aae4320c7231
SHA2568af76032934fbbff31ea8391bd12d2de2ff3478acdac4c7f1ea0c37eb91f165a
SHA5124ae63a54a1ab7e5d642065f6ebd90cfae530fae947dae2849af43f737430b3461a0699889005fb1fc6611fba754aaf5a133192dc6edb15db39fa5e3029de5f3b
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons.png.zemblax
Filesize8KB
MD541dddb122fd9fdc588ef70b3f1830b1f
SHA1ff9cee0eeb911b2f83bf0fb2b0604549c5b2ed8c
SHA2569ef4a0201444abeca8654b82a049ee8a390537ce7c6d6b0930f49333ba4d6052
SHA51256e12866ab3751288221012b98f40b09800c7d82484851dd26bdc3557ccdbf0f86d4f780c9a6b524f1372abef358dc86a30f775172969bbdae23dbb26d7baf3d
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons_retina.png.zemblax
Filesize17KB
MD570a8b2bcac04f09ebb020b826cd7e444
SHA10b9c898ca2dda8b659cf4f70d2f68761b88aa9a3
SHA2563846e0de72766aea848205ef0df64448d97f55b9a2ffca7b015e727b78db2494
SHA512e4e9c955fb8f8b9e6b87b4932cef924d04ddd733a33c7014f518a7319d7cec989157aa9e87be9c36a188724d6213407c95fc1e0fce080798e2aaad1c6d92e6d4
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.zemblax
Filesize448B
MD5253a706a6452f1d9c4bc4a2688d727ff
SHA1f73421b4ff27c86a73549263d60d1ae12d147a50
SHA2568a5dccac9642eb8c69f0abeea9bbd16e568a7dc19941ea0699710bd61fc19de4
SHA5123085b88d4d5f227413fa3a54b5a03cd94959f9aa87a4fcfb6ed9d8de8d4c43728203f41b56affddcc1e476cd38694e3105e88053f6d95f6d7c1cc90b6b978ced
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.zemblax
Filesize624B
MD53c32fcab90c66c08875f62072c674d80
SHA176a6bf7f026dab9995a381e09fe3544460b4c028
SHA2560cdf9620c250303fdfdc70f99a3d00cade8fb28f6d351a1120116aec43111ce0
SHA512ef3f6cffb8f0dc6c413d02b5dd99579f186f7743c1f59fada7c85fcd3d1716c27ffd643476153060fff6e66d755be5ba5db0f6a47fc83778913f3ed89b8256ad
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.zemblax
Filesize400B
MD583e504fbc3ccf2f02450cf5aa7fdafc9
SHA1e56445751164b8e66f89b5c47a1934f9ae709fe2
SHA2562c11258f87ea3b0413eab3bf0f36160095bd7c439010f93bf0de2c96907ffe39
SHA512de019aac389689e479e81a0bc5014caa6fe1b401699a27fa0c5c0ac2f0be8961c91fcb7b022b8fd8308a1b0880aaa942efbd9fa91583cb0ab6cf5f4d00951280
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.zemblax
Filesize560B
MD5dcd18fb874e43303a49cd67277074fb4
SHA1edf49a842ca9805ddf50db47bb45069dd4d7e15d
SHA256e6f393d0b52b858315359c55dca71eaa0c2a40b5b36953ff770860b1ea44ba52
SHA5122e05e34dd9fd28aea1c840550d59140f4050ac7b88a5ab7ca03186b076e73ab5019bd384673d7ee759336d7337eadcdaf3a7f9e6bf04edd3686ac330d4e0ff16
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.zemblax
Filesize400B
MD584a1a15b4402535b9d600e3d9cb917a1
SHA1cb80673bf0f224a8350ad42bd7e9584e59ffc7ad
SHA2568a76c343e900f2fddf77bc0be713ebab8a9942c6be4f698902a61e67e3856650
SHA5125aa7ab4150977e2dc5b8011bb7c88749290e6b34ae1c80bbd20146a78efffb3934f30d45cee01cd18df8dd4a5d0848fbfc31d2569de9fd358ab61c2e8eadf645
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.zemblax
Filesize560B
MD53e17c708f8a89cc171e9fb77df17e588
SHA1c6fbd0e78c9bad69c0ce2516a2faa8a3e2b84c27
SHA2565f51e8e1f1bbb83b85717a0e665f39f5ce958ba1482c9078088aa6024f0a418e
SHA512b4d8240348eff58b41bd918bd5f15065e76a8b07160c9e32604ff5c464669920ae9b6c5b1840aa90aa454fc877ca76cb832bbb597e3eb1ffc41d74ab5b28c27f
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.zemblax
Filesize400B
MD5fef219dbb46c12635ef5f6a4c6edda69
SHA1005ec25e5767f3deba3ac8931101db7362cfb5be
SHA2569c664894b1b7d699cd642de8f22a2747249a19d32a47a3d0a4e442d513a89c13
SHA5120081b6c74e636c66bdee2da5da91c4f0f1742c989909ade2b7492c6d687b8f20dbe5441de115dddffb07138d73bd5e3f9a7062a92364366443d9ba66830e450b
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.zemblax
Filesize560B
MD5d3becf3ed4fca8c25b1c6f7c8403b7ad
SHA116bd2150aaeea7cc44d934a49eee2b17898474a1
SHA256a190408bd684b1873c1b01bfc760f5d08e11411b7d9c00c0e4a1f5ffe59b14ca
SHA5128b51bfffe5ca723f7d4d7d47d37bf615a08cd3182fa1a3106930719aa18df973f71787f521b3dfba162176f4651bbe8905f0a4cbe8a36f7aec6680576fcfeef5
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons.png.zemblax
Filesize688B
MD5da55a1e0a5828362402383310e42e97b
SHA1ab69a5e7a1bc12b6df0623ce29f83dc1a5235422
SHA2562ef4308ef84ac243a42741d72f5ae0a7791cc9ed80e05a6201f7921a69436f45
SHA512d7d6e0a163770ee39603d0b4e3ce396cd69c1a4cd7cec2b1ae63cb62082b0520568d00cf320c10a7b30ccf84a57f510ca1ddfb2408132b85365f5ef4e1c5fa75
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons2x.png.zemblax
Filesize1KB
MD599e75070c47372fd2f4968096fd63564
SHA1f6d8f975c32b167a7eb1d15c451e74eefebe7dbe
SHA256ec4e071e70fca563b716f176f7f320c1d9f89224ed6c1292960ea6eae725a5d1
SHA5120ddea105ca33dc812fe635a4035254d3ff221f026484bacdbfef2030dc97e2a7f8bfedacdde2dea88baf1126b4ad512ed74a8c811a229a8a5b4c8265b50bf97d
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_pattern_RHP.png.zemblax
Filesize192B
MD5f2bceb9d193b7c88d9d683f3deb471d0
SHA1108f6533af1d80568d40f05de9c0429fa75a613e
SHA256bcd262be8826efdfd5e86bfc3a7adb911193ff065a814662012680f96b397c0e
SHA512630cbc2892a8ac119784cdbf2e1b9a701a2c5d4d57dd62cee06a1ed231baf3c310edcaaa892510cead627d2215d671ea09b9affe75c06abe7f52d36cc3b93644
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_patterns_header.png.zemblax
Filesize704B
MD5c901f6f909196c9c472c5fbc71a14cbc
SHA16d75fc25096b45a79877bde4c1b3ef817f1985a5
SHA256b4b23dfa958d13e09c69229beb590e4342da21ba88063c40f01f0927f052aa1f
SHA5129cd37c1e6f74e7630da357060317622bed8b986fef66960e8a6d5e1186c3f49069c408afa1272adfe911224ba2c9fcf399c6a6721b9f2667f13702f4bc0a6da3
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations.png.zemblax
Filesize8KB
MD5eaa0c69c7b4722dbf57665ed604dfe55
SHA1c02ea73f99ecfa819a746d74556eff51ef0c718f
SHA2560b206bbb502a0f3fb50b3d6bf04d7309f44bb7a3ca2f2daa8502e12b8de8a968
SHA5127d07751004e39160bb2577f3eb9b4d0cc00fa93bd6e08589f9315f1fe70db9f6c5fce2f0e12012bd224a67c0515668c266ab7de5fa9fb0b9ca558d97ef1ed976
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations_retina.png.zemblax
Filesize19KB
MD52faa9d1a5b79ef6adb12345ca2a038d2
SHA16a68fc691796e4526168ce8ae38d456e130eea12
SHA2564a725acfcba16d43f702ad02c9763839c469ceabaa5fcdb51a86ee7392a328ec
SHA512a139ff10951dda2fd295f06276983378400c5366f10e1ad0900e40e09751da0e04fea7f5c88e0210107fc4cd4afb6bda068b41c2c29b3348c6818442e132e20e
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.zemblax
Filesize832B
MD5a72f404bf1a733ba72187bab018d2c2e
SHA127ae23c3a3282d0f367fb31f4a10cdd27a3764ac
SHA256ff1b2feb68469452f527f2f8b5b4dc9255c226610de0babc733ceb7dc62611ea
SHA5128b045a1e278a00a3c4dcef474c217e24454ab7c4c8023cfce9b4e7ce86d26356b5315bc3c8dc63ba994ab7bc5d42f6774713227d63e16a6166bf6ec12b36c289
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.zemblax
Filesize1KB
MD5e13acf8770662140e316e3586e47a666
SHA16608e64a013c51f39e7d6a49393460ca056d332c
SHA256f5732d7a479602084c4224aba1e2885df5fc735fb01e43456357f08b2ba02ed8
SHA512f9bff61c040041d058b24fb7e3a8b48f553cc09f8c0c54fa3d58cf500f5914df4cf3d72b62eae71d168af6fededcab2538dffc93f72c05301924ab00590edd8e
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.zemblax
Filesize1KB
MD593560c01be8ad2f3b67b7dcd7914671b
SHA19b35eb2b9c9e5972c008805acc2b5d9f9c4b907b
SHA2561633292e6ea0b5889aefea3b9eb91c393f202ab8d78af7304a2a9a8bd7c864b3
SHA512aa4add79b81c2b208f2b5c694b92b1e1fc3f18233177ee1e97bb36159f5d094fa26ef46bba512d8051f5f2c5c8a85ef9810ded2e2c7b2b4c7efcfa4c58de0d02
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.zemblax
Filesize2KB
MD5330ebde02f5852ba1ada5129a007f9e3
SHA1510921fd43aaf4c7b2b14133dabef74be4ffbf7c
SHA256ded3a4b0b046310801f5aeba10b6b3a3613245cff7f3824738b68aae31d92917
SHA512a4e25ba756819e468e6a75305d3436b1012997eff917e0bcc616025b370b1a83e5a1566f8d07a90ff08d5a0f045bdfcf8fef59de22c4d7b000423fd3fa889524
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.zemblax
Filesize2KB
MD580b4ac3331fa9a908e79ff728cbea2e7
SHA1a560d81a1c8c7c4b98e3a117b6a83ea17e179a44
SHA256fae2f094dd10ef401142636c18ba4491a773a232ae49395bee25093e3183e592
SHA512d8c67c377364da266fa1e96e6e4d85512de4c398b741bc7c9cb256a286139372a2e2392b6b999637e6c4a85abd785b7b61a6a33b471d07dc1f8c66374ff380e8
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.zemblax
Filesize4KB
MD51b7b3c75b6bc8239ee804511f50fb37b
SHA17ef84226c26a4926688b99acffa422f079086db3
SHA256fbb4d36895ef92ac9cd35f5cda071448bed859644f04b736604982a86f2d10dd
SHA51299aefd677f341271c39445c32a8150473eb09540669a2b3c5c23f0db9812bf51f9fbf939089c55c9cb69bbe25f998bf92954fb54b8eadbfb17beeb9cc88494c2
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.zemblax
Filesize304B
MD5e4a1ea37b55b76f106894055b85cacc5
SHA1d2eca45dd6d4573e7b0bf5aef92f82f468546081
SHA2566df30bb47e3927cd1806747f96907346e3ae274f1545d66de7b4f8709b35466e
SHA51245ed9b69abc226cc065fafc4056510f5efe7ae80af756430f8b8abebe5372699e2722d70d074d604dc899bff0fd1013fe737d95f0663bcdf82e0ab0fd4f7dc38
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.zemblax
Filesize400B
MD50d8c943cf95933792afdd9da68dba4fd
SHA156a08306e3ac7539446df12a0540b4612ba41f0e
SHA2562f399abad4ec5760dde566fe8250b02ec7c70c6b71fb8172486e26a5dc47e87e
SHA51243ea388ad95b2e5dd0dfff57f6423c4a88accb1ad5e2507a65bf52b572f699bd2cae953bd90c3d166dbc74fe07532e5e7bd4f952f53563139602a90b464a6619
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.zemblax
Filesize1008B
MD53a1368e59206bd2bde0001b28747777f
SHA13276dde5953a97431301085fa7aa9b87c83976e6
SHA2564c92ea301b73096255167e1e33dae64752766b7deb4d42e6b66230a8cc2d8bb9
SHA512fe1d18b737d58fabe78ec7d42b3d1bac5dc9c50682fb96a265465c710f383451460af85bdd2e36095f907a0ff8bd8923ec15d8ed83a84cdb1761e0e4ad1a33a7
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.zemblax
Filesize1KB
MD525ff937463801283bb0e6b496b6e1782
SHA1149f8c24fb67cc5346089b558e6e7b47e9819880
SHA25653b3c5497cccb56a31d9b35ad2133261fb1d5edab4eff7245712b11d26d52d60
SHA5127e6bb6e887b8c06f1f711a43baf8632a1ff5a98b686058d9671b04e6848343973af50eb2113f201182459608ee1009f7caa303bd7d29d119e658f022b0e9a56b
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.zemblax
Filesize2KB
MD5a2fd009312cc3519092430efd56f11ab
SHA1eeef564d324ae946240e2ce0e1ba0093169ac497
SHA2561c70b02cb23030f9023f57325d7e28c5dba6e6fc938e631d71b959fa97dab0b1
SHA512acfea8a4d5692a811d4b66abc766f116044fe871c2c77d2da2b1c11bc118aa052b6cc2926b228a280f4f2d3ca48a8a4307c69e0fee5f260fa07134c08fcda333
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.zemblax
Filesize848B
MD5d30d41e29d98a6bb19ecb2db7bac6f53
SHA19a2ed87651e2f490195311e06262efa23372b577
SHA2562f694978bf8a08c1552ba7fb7711202434d8d9bc503e42b72639100457696ca0
SHA5127528f49ec2bec670e36ca099e174549fe097ce3a7191f282bdd760f3f5ec5dd85ff3245c3d5e21694d0f6327e158c19f832612608f32277894931ab8e544f97b
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.zemblax
Filesize32KB
MD5a2be3f24265a2b503525ad49d3b027b3
SHA13f85c3822246d61a2d34bdb821f4ec821f8e0117
SHA256bcf7f12bdfe1951523662dead56fae489e1468dc9a35a3ab0ba1291f3554d98d
SHA51243eae937ce7aa162cbbae26d11c53a7fcff217378381df5d073b0db8558b36dcdf83e7c2a30b912c292c93332f55f3bc7402bf40a8bffb0d3a5f753819fcce02
-
Filesize
160B
MD503186ca0229630a6928fa98ef4c3391b
SHA18deed189ee4ae64db770d5755f9c199c8213eaa9
SHA256f171defc92b8fda921aae4bd1696d3252effc17dff52b567e19559ab29f287bc
SHA5125a712127004b6506fbe562f2eb402e8a40844cb4a6edeb010c833bf552be784cf4ce560cd0235367823d7f77c38e80b83e2f3cafb6e1d613944a9b38c8f886ab
-
Filesize
54KB
MD5f61dd5aaa7d987cd636860ed532ca2dc
SHA1ef3817a989ff0843e16ff936a78f1daab37ca68e
SHA2563401d0a4b7c8cf1c6073115f5e5c8b0b70cd2757d5da5a6625b1aae8d9e707a2
SHA512660e4b97a71b7a01366f23945e6890d2b23afd771424fee16137f129e6794811b294e330b87446e17155c666c09873a55b8b0e0280f16b5f03698011e3fc4075
-
Filesize
291KB
MD55a5c745bf3e97fe2be01880132662f28
SHA1924af25d379fc88319bc55958db898dbf5054309
SHA2560ec947a4f30a6ad7d055c72f5d6c1ffe7a538349f41e8156e9aa5c7a8b0d7811
SHA512151e4a07e19350d677e049c57c971b64924150eec007e665843cb6142ec73fc06ae4145c64164d3f7f25a376a7536ac6d9b3c85180503549a0c86f09cc0ded10
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.zemblax
Filesize8KB
MD54103c9fcbc7a13f7f1f59db8b1a6f8d8
SHA1667b20b4121f5a59281fac7efa7a25772363eb90
SHA256fefbc7f7a542d9d578045180068bc67c8113ce549be48ad19119b89692aa4a10
SHA5127e517270b31a898afe6d5b966e1032984415e59b8b8c2a24bb972e1583c61489123d691fbd0ed9baf9396c2679eaa44391a2247ebc2b94b63ca55830a399a6e5
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{cb8362bd-b99f-4152-8e80-4befcd6702a9}\0.1.filtertrie.intermediate.txt.zemblax
Filesize16B
MD5ca16683a524406d6b375296bdd58273a
SHA11e054372b227a9c43e4ce085886022c639656884
SHA25672126522826ca9da163d4072f3d096a0902e020272709f92e563ecf9a3c58d68
SHA5122cd48b3cec807eb105086151d3c6a2ef8420deda1da529fb97f85f0853cd840381e7b7ec38209e08cf26cf9047eb329393eaebfc085bfd6366255355082f0f35
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{cb8362bd-b99f-4152-8e80-4befcd6702a9}\0.2.filtertrie.intermediate.txt.zemblax
Filesize16B
MD583bc2ff46c75be2c5d608c0f57d62dac
SHA16267ff14b9bda104ae5cf6839fe95389eabbc005
SHA256f392e6549e27257c01fcae204c77adcd2f7e2d05d3387984c180c9490b989165
SHA5128c2e6a50a5f3091160c158a06e7c4dc4e8c1a4399a716586c8bfddb9af38eb28049711c2bd24d4fdc32b661b2d7a4147221db7b38b5960e4435ec2661e077a7e
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133477619084460292.txt.zemblax
Filesize77KB
MD5b3c16132b35b31683bf20646e7b4e456
SHA1f8be173ccdfe588bedf1bea0b0d9bc7f9f87ccaa
SHA256c354b20bf8b74608c18f408bfc44ec8772875a5f42ed00222d7456d8bf092bce
SHA51224c4b98f2dd1b49805763f233d136b3fbf18c7746a0aad2ebd1010008f2b94430e5b2c0e225eae730d20513d627e06c3fda8180009d399bf27ac0a05db41c4d8
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133477621685071964.txt.zemblax
Filesize47KB
MD5cb3a0f735c035a43aed9dac826552a93
SHA12c840ef6c2b7942b33d9c52e7466ad20017931dd
SHA25654409e74464d843f601d17a4f54f56c0894a5ae7633669c3c08582b1dc3ac121
SHA5123f7021dd6ec240ba44c8ad3ecfe9f7d066c561e9ef45944214a8764914ebb11e3dbe4d50c9377d537b4b239ca8431d1581594f385fb4ecb4504f451a94db3816
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133477626419841993.txt.zemblax
Filesize64KB
MD521597d216b01e7115e937ddc726264bb
SHA1273530b313b8c6639e624545d165726c5ea8246a
SHA25653fd8c094484463a71e8c97b8bd3324613febf2c92fc519e09a2c23ee7655e08
SHA51272ab2b9e6af48cb2ba89088b8d2e34eb3caf421c6ab7c69c95cf7537ce8a00de992f4c38f771d089a108c4aac3e8c97bd80eb93c0f2eabc3115ddab924774dab
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133477660934803060.txt.zemblax
Filesize74KB
MD5b1c950226fd5522925205033c8497674
SHA18fdaaa47378aacb7028066fbdd2c2af8583e76e8
SHA256529c99d573dc09f1da6dbdc49af0e963db2b6d5ea576ca4b4ed8bc4ac6d95700
SHA512e13b7c7529bbbb3c72df1b34d539e34e629db4621acf7a0fdefd3fcc30c992413e01943d9fe7157f63ee0e7742967df5a4b0386c5816f8583103010c647bb83b
-
Filesize
16B
MD5826ba14567ed55f5b8379572f2f4c18f
SHA1058d2dd1512aff32324c5c82f56ee6bb3db11fdb
SHA256485e5116cf106b073e5a4277b6f73ebbc97546aef23bccae4ddd5cfd7ca9ca16
SHA5129256d414e06142134d260206fd763fdcd0002e66a2ece26ed295a1c5f761659b545bb7c81fefa1d0a72478e3dd71343dd653e65bdf66954c4991e3ee0bb57911