Analysis
-
max time kernel
119s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
12-05-2024 03:18
Static task
static1
Behavioral task
behavioral1
Sample
37fa8fa315d60727ebce5fafa56690b8_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
37fa8fa315d60727ebce5fafa56690b8_JaffaCakes118.exe
Resource
win10v2004-20240426-en
General
-
Target
37fa8fa315d60727ebce5fafa56690b8_JaffaCakes118.exe
-
Size
240KB
-
MD5
37fa8fa315d60727ebce5fafa56690b8
-
SHA1
599c28e16fda50ab1377e900678084ae28557090
-
SHA256
e398c99bd0f61a4590594dc912e4d4ad23c306df6bd00274e2756d1a28f3ef80
-
SHA512
cc900fb64eececdd030be5d6b79ef4213f128cae0f4314e77ced24df573d54a68350c2bcd3c5f448e4c640d336ef4888bc2b9a5a6fca1ba39668df4b43c50b09
-
SSDEEP
6144:6KprPZVxYg036R2eqHzs5oP+8fgsOznWqZajzCrY4Fi/f:HXxk3RHzsmP+agVznWqZa/Cr7AX
Malware Config
Signatures
-
Jigsaw Ransomware
Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
-
Renames multiple (3737) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation 37fa8fa315d60727ebce5fafa56690b8_JaffaCakes118.exe -
Executes dropped EXE 1 IoCs
pid Process 5024 drpbx.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\firefox.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Frfx\\firefox.exe" 37fa8fa315d60727ebce5fafa56690b8_JaffaCakes118.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\BadgeLogo.scale-150_contrast-black.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\onboarding\landing_page_mobile_download_v1.png drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\s_thumbnailview_18.svg.fun drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\LargeTile.scale-100.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\MicrosoftSolitaireSmallTile.scale-100.jpg drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-black_targetsize-16.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteAppList.targetsize-256_altform-unplated.png drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_filter-disabled_32.svg.fun drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\ja-jp\ui-strings.js.fun drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-60_altform-unplated.png drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteAppList.targetsize-48_altform-unplated.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-24.png drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Download_on_the_App_Store_Badge_nl_135x40.svg drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\da-dk\ui-strings.js.fun drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalAppList.scale-200.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-20_altform-unplated.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\OutlookMailSmallTile.scale-200.png drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_filterselected-hover_32.svg drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.targetsize-96_contrast-black.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-white\SmallTile.scale-200_contrast-white.png drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\S_IlluNoSearchResults_180x160.svg.fun drpbx.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-100.png.fun drpbx.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarMediumTile.scale-400.png drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\adobe_spinner.gif drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\[email protected] drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.scale-200.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-16_altform-lightunplated.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteAppList.scale-400.png drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\da-dk\ui-strings.js drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\sv-se\PlayStore_icon.svg drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\images\AppExcel32x32.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\StoreLogo.scale-100_contrast-black.png drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\de-de\ui-strings.js.fun drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\YellowAbstractNote.scale-100.png drpbx.exe File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red Orange.xml drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraWideTile.contrast-white_scale-100.png drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\de-de\ui-strings.js.fun drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\MissingAlbumArt.jpg drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MedTile.scale-100_contrast-black.png drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\s_listview_18.svg drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\en-gb\ui-strings.js drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-white_targetsize-80_altform-unplated.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.scale-200_contrast-black.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-24_contrast-white.png drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\adobe_spinner_mini.gif.fun drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\images\rhp_world_icon_hover.png.fun drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\Spacer\9px.png drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\de-de\ui-strings.js drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\SmallTile.scale-400.png drpbx.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-80.png.fun drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsAppList.targetsize-96_altform-unplated.png drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\themes\dark\example_icons2x.png.fun drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\it-it\ui-strings.js drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNotebookSmallTile.scale-100.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-36_altform-lightunplated.png drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\acrobat_pdf.svg.fun drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\selector.js drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\check_2x.png.fun drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxManifest.xml drpbx.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\GenericMailWideTile.scale-400.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-48_altform-lightunplated.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteAppList.scale-150.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\8041_24x24x32.png drpbx.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 4380 wrote to memory of 5024 4380 37fa8fa315d60727ebce5fafa56690b8_JaffaCakes118.exe 82 PID 4380 wrote to memory of 5024 4380 37fa8fa315d60727ebce5fafa56690b8_JaffaCakes118.exe 82
Processes
-
C:\Users\Admin\AppData\Local\Temp\37fa8fa315d60727ebce5fafa56690b8_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\37fa8fa315d60727ebce5fafa56690b8_JaffaCakes118.exe"1⤵
- Checks computer location settings
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:4380 -
C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe"C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe" C:\Users\Admin\AppData\Local\Temp\37fa8fa315d60727ebce5fafa56690b8_JaffaCakes118.exe2⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:5024
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.fun
Filesize720B
MD53c850ae7b9ab50e5e797d3e4341f4f9d
SHA1e54074a8008b9b918bdc6fb20439968aa2a279fa
SHA2561b17081243f71d71db1dcec4bb78722a2b002b481a539d1c3a9e848cb4acb601
SHA512f487b32c693f47b45673d8bb47897cac320cfe437ffe668662604e89c958b673fda740d6fe18b59cdb52b652a42b441f033571eb06925b39ebba28f0dc916963
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons.png.fun
Filesize7KB
MD5534b7c9a1805e0e6180adc84758a2b4d
SHA1caeb7c9f783cdf209eedc03b1ea8470a73b5036f
SHA2565c0966427ac186debe9083b621d8638c9e09183c5f3d6cd4980df8cc6dc5cd7e
SHA51207845d98327f37ac26babd261a4a5a925e0fa12bc009abfb213a71d2fd77b3ec9c5001836b69caff4b828eaf2b53a89964eb49edcccab91e9e06b2b42a531c21
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_ie8.gif.fun
Filesize7KB
MD5ee0acfcb02cff62fcb6ec76d43c4c32b
SHA1f29cf14b56f39cd0354e3f60a30d08ab86d99d54
SHA2562460782b53bc19c1b041b5578ccca4a95f461ddcb0c1f3d6e42432f094711b69
SHA51215d2e0fa1f2d6e0e57245c428335a28a33f48ac2cf98dd387ba37b861d2489333aa65e75b0963d8a4b3cb60084c9e79ee1a916481911ffdaae2358a0737e5508
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_retina.png.fun
Filesize15KB
MD5b73eaac928d9787e2afe4a1ff3f45a30
SHA1f4964c577bb5a4718f7da0cfde373749764441f2
SHA2564d5b8021c13fb3e6aa7083321624e18a643d501265d803af94ee355af1ad03c1
SHA51237ef8b0541e64542b9d12941b2905a02332cb8fdd020bf165026704f646245a01442f56ca5ef7477bbc75afccb931e388ba004e0008ae5f58e765bed569281cf
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons.png.fun
Filesize8KB
MD5da7bc981eda289065716f1c878e38c1a
SHA1b2c94b060b0dae5060d76abfa86c75e2825d6c33
SHA2565625bf2a9d7e65f31c3c161b950f88d48fd656cb7559b4f3948f704196cdb564
SHA512781c0b526ede47a09681db35ae6da52c6bbec535a60ee907bb2058f4543fa432b9ed4f87c4bef2e27ea52ca9aabe1184b40ce36595ae70b3786c7c0c2449c0ca
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons_retina.png.fun
Filesize17KB
MD57645b12d6dfc942553806c0b0e362ed5
SHA1c2ff5bf6a56dba43eef3536705b5ab63d999bb98
SHA256ddbecdf15a08b0e94df9393f2ad6ee44808fbdfa29170cd14bfd7471681f8a20
SHA512dffb143435044abf504dcab22a65550a2440a7dbc22cb1fc855e2dca1164c81cefd1a6c6ff2a609d873caf86e352adf5a64e42b882c0260dee7cc6c9340e0553
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.fun
Filesize448B
MD5d80c5f158bf8bec8eab4162c965e1679
SHA158f2328a0b3160304c655be876b74b4c39f2a30e
SHA256eda4e8f5c11f2caeedf1f295bab96e139f5a3119fa0f29f1350f766c6ca30d14
SHA51226f8448822912dc95d5e24fe01b3bc78c6ad7d75d79a874a851e44f51ab7bb6e0853dd7b781d0b25dd7fe5f81664fc1358c1bac0a5dcbdd841eb177e95d22e13
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.fun
Filesize624B
MD52d6d426534832f6eaff70d22d860477b
SHA1e60b7960d1b900b3fe23345008f4d05e11342f8e
SHA2560e76dd0f23a21773dd2278549efe2cfd46f4811e3b2a90c0f92cc84fa1155366
SHA5121ee0aa251e0157c430a9a85b5ba1b20698a86b007e422e74d1a2d00d5e45969f31106c8556b40c77a2da49818268f4c7262a038f4b9330434f148239f9f868d4
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.fun
Filesize400B
MD5b7a3142e2b042b1e151813636cc5449b
SHA1de3f9676c1ee994b12cc89caca6f50ee171dbac7
SHA2561919360f56ce55c16484c601c3a774d59c1e55498145b763d843de61aaf84135
SHA5123dd44540cdac3b3482119c56123c4019d84698d5344c742c67ee64981132a727b16d7887420f7bba0501c816e927f8afc84a761538d26e3185171f335de0f96f
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.fun
Filesize560B
MD528976c776342c1c3a10d9aad763873bc
SHA1f82a3786f6a97dc5cd1bfcdd592b3c11f42d360a
SHA256448cf3bdd8ebd076e49daafd07d93de6e6e96bcc2da46de80de7c1e792873fa0
SHA512f67458e526eace17c7d4fcfdd45fa6691228408be48e699bc02b8c65fca59ceb8664af1a82185d252f8603cc1067d9d46b5284eec0d9c59539182b01d521874d
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.fun
Filesize400B
MD59102fa6329a127240a6328afcedeb0fa
SHA197a94a57d562a9fd6be239d4b7fa96964b3e7914
SHA25649419e76d7f39303fac0f15fab4c2e9a6ee9383fafbe48f85832110b28b03c00
SHA512673ff5985f3dae863cc0e21beee64c5d7349b482ec6634418190ef0497b87bfdef5e584cc0bca1f7f12a9ca185827ba408800171311ba8f1f4bf99f078a05dff
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.fun
Filesize560B
MD5bc888d163a1e609f025bd6ca502561b5
SHA1dfa4b57ecaa1991c2feb40707aee960ed31e73ee
SHA2561d3f4a53c9bcee8392ec420f928b743e70d1619cf031706e42794c00ae015472
SHA512fd44f071096db62a0bf3f675597eb162ec811f0a843def0be4208706144193c73339682bd5692d670ee03def36386efba7b21bc657ef69f9a318e167f1ed73fa
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.fun
Filesize400B
MD5896ee128b4e5939d16e31ecf0fbceede
SHA10fd04f6fe0b93adad223ff5575e21fb760da2e7e
SHA256961b219e72446776be44e8cf59a47db9d39c186529ba11ed7bcdf4812499b9b1
SHA51239aa48fb1a9c92348bb26b1444b9596de60ec08233ab012f81eec6a4f2b1b15042611db5c4957f14e065a216be71a5b874d33ec234927d214987d54f606687f8
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.fun
Filesize560B
MD52df8fafef83dde3e4bc4440da277688a
SHA1bb4d76da7ed09d7ce4475f51b1630d01b084738d
SHA256565301d7db61e1d897573e4e9723f76fd478965522ab7a895feeddf546ad269f
SHA512fd059578cdd8b478f878a619fae2f471fc7aadaeca85e786c08bcbfe499d454c8372501bbbb20de25628b6c777148596b4cd2811f736e51fcee6d3b41d39f5c2
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons.png.fun
Filesize688B
MD5f089fca7a848d3d554fcbeeeee5a95a6
SHA1a3e9943ca3b24f0ad45ac1710019745b25b1f8c8
SHA256882289c7edb355fcb2b58b6952fb519fb088684d9aed1c6f539ec67e2a643a9f
SHA5128582b33f464159213367883f1235ac1e1f5f56d45477264c00dc0a2241a66ae01a8b2269dbd2fc659059d300dd137789cda1b5022df286566ccde81d72b53bd7
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons2x.png.fun
Filesize1KB
MD5bbcb71a011a0bfd490b0476d26a89ef9
SHA1254205d760f1d0a7dbbb9f8590c50930dfd8ea09
SHA256950dd46bb6627f4a68a7e14049f2ab9a932445ba08ce2ef881fe0c1d5a33ca71
SHA512e3ac965020573235ea2235ec9c1b7e5d3be8cae8ded4901229e4d8644f7910651fe248f065722da32705b31d3a3d8976ec4afc751ad059d7f734d6f4ab66d664
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_pattern_RHP.png.fun
Filesize192B
MD54e53828540ba4d3227328455ce76227a
SHA1a4f9d2e44e514a1e5497899ff1e634b0fa574c0f
SHA2562fe371f90de820f072ff0f500c4b205631a405d3836a5d093a412f35d1998fbb
SHA5122dfd0da11ab285d0f2b7be1de5b8b08d70d778723772d77574e21c54e7beb92300d97ef06eb58579e5ecdbe0e74738ce5643854dea4578af2f1a46586b711c88
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_patterns_header.png.fun
Filesize704B
MD540b0b4fdcc8ae4734d629196a52725fe
SHA1b2aee05d2bff7897009439719eba91c17f56748d
SHA256d3ef37f0006f7be8ba4a7fcdd534823a2cc284f01ed38c4c5f9939d0d416f577
SHA512b4c5afecc6c571c5b41d20093c73bd07ede695eed8cdb249a14d051d9f72dae3c7d35e139c69f528f2d7fae4d5c8d887e5438da9a41ff5532c0e52e3a0c67f12
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations.png.fun
Filesize8KB
MD548fea98fbc2da0eab74bfd7e4f48855a
SHA1ddbe3900851126bb00094287a48c9a5ef4a12ca4
SHA256aa68531d9d64a5dbad885fe8b8fd8369a91488308e18725a676ebe5dda65a46a
SHA5127174105ceab6eba3532c3c318cf5dfe4a9ff037416766d9553b6b174f422b8dabba1ce693ebdfcd94ea11da2d34ead0a228ebaf419579c88780cc34c033aad51
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations_retina.png.fun
Filesize19KB
MD5d01ec8c5e9a15bfb0638a87a790d0be7
SHA18ff4e9368a4544b796be9bcd5430b0cac966e4f9
SHA2564548c20c987b9a96cda8a3141ddfca557b9b277dec4db476c293ed26ab8cc1fd
SHA5120009fd66b57676c421190c483a56c7f17eeb4a4919e458648a474dd331c59b9aa961777d217ef320e850e73dfb1e89148d16e490dd2cc8e0ea954d23955608c8
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.fun
Filesize832B
MD548c27591284004f93644dd530c1e4049
SHA12cd82abbceb84abf9a153a301d3a3c92c01a7e9f
SHA2568e79d7ae1309ca75e3841d67792fd327c7d1be458ef43d93c5ee28b82f38c1f0
SHA512fd7f148fe3f246fe9f24b23353413dd56ab6067ecbb51f1e0432a40dd4e383e6327a30ad176b3fa64f7c9b1610c7eea458c9b2b948950ff0117ee1d1cf84065b
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.fun
Filesize1KB
MD5e4d0679a0705f5bfd2fc82ffbc326daf
SHA1103f733495643af3226a9cdb78bcd1ef23b1c3c4
SHA256eb10903b4ad7089337c6d90cf0f035cc1c7a87905aa77880a526d3fc3f71e0cd
SHA512cb26c9cc492ed6515db6e25d45d4daabd57ca79c5ac8c8b222c1af506575b56235bcfd631a8ef20ab53225351d620afcaf61dd2531e07a282ac8106146f7d0bf
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.fun
Filesize1KB
MD5fdb2c0ef484b172f1f6c33bee4f5eb14
SHA1c0d6213ee655213462dc2a8113d2484d2b4b2642
SHA2560117345163acafc8e7b6849929766295a95c672940e3d039c4f40415b0143275
SHA512df0809af6636ffb9274c3d4ce9d59dfb7318b99ee8153eb93218c57ae71b62051547ecaaa96d22375f41e5a3d3c099dae8b420e9e2ebcdc9995c48d12a296d68
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.fun
Filesize2KB
MD5ce559d8f407057f1be997f03450a5df1
SHA15abfd77def5d1356465fd1b33d9819da4018772d
SHA256e252f14fcb4b1c606608aed7bdd63325ec18f894eec6d0cc390003fbe234f7bf
SHA512310ab69a7a6e9be68ef0aae4e6d6112f5d6b18c4aca0cd9399622f52cf73304273ada785fdde2066f14788008e83f29fc829118310eb98f0fb38016ed1d9a137
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.fun
Filesize2KB
MD528e106f9fc44892aa67840c95879cf2d
SHA15014e5e7c38b9423f8712e6020872093378c422a
SHA256f37d4a737282a5983e5433add88d26273e2188380bc49c602bd4f41306679f2c
SHA5123aa4cded44788c77d322a12dcd23e40003a031c342ce0674e20e4bb1cbdd74fb8b3ef538b42a47d6a39c4839b2b3aefb666407cbfa11a45b772a3633dcd810d2
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.fun
Filesize4KB
MD5be4d7f71358aeb0bbbf3da2e887327eb
SHA18909decb2b9e1ee4962c510bfdb965f5583be41a
SHA25654f9cc47001b19159c7fb9cee685b90e3d74832de69d0734beb48280c3eec89f
SHA512239671ffc2ff706cf4ee669a8cf09c932a8055270fd76f3e3ab5c538fb62791130f02a2561e58d7cc3855d0ac4ff5d9f4983cf0e4ac64a50c459b78c052b5a08
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.fun
Filesize304B
MD52312556b85f2fa2ff929808fd00d374c
SHA18ab79829b8ca16535261ab93b54f7930b0d1a9f5
SHA256ba622a0e122ff3282cc2d754fb59f9b0f097bf5f39f2444e875a9b5d2966486f
SHA512f390d8c6c14068b09389aff95ab7775b635d7ff2e957ef2886312969760087b38dd9b8c05806f6ed9360d71908f4975ed8712bdc17cd1125e5f9a8c1a4b6677f
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.fun
Filesize400B
MD505d5eed613a6c44f94c91e59dd91f0ca
SHA11c150e45b7395767a8356070bb8d88674b8b8a0c
SHA256f9da291ef0a9fe4af726fd05ac75520179acdaf5ba0e42f239db81434100041c
SHA512d09b0a57f5044b3bd8fa8c263db28a5a4a9a4bb0d3d3d1cfaa022925c26019eb80704fc3366215e594ce1718decf895c47ad963626ae3e3a11ad87e18ab2f963
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.fun
Filesize1008B
MD50ab8e4714a6837ead8fc3de5acb6fb75
SHA1eb63ab926aee97d251d3bdd774d6c31e1488fab3
SHA2567c6cae3a3f3b1b492fbed41fd3a286a8f82edf6c2ffa9513eef7f0ad06a5fa90
SHA512cd4e7d1f3dd810ee7258b75b605780fa6e49dc9472f03942a1add946b3963110cc0d2481a303026eb54a1b9947d31bfd5e6704675e7996232429c998176248df
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.fun
Filesize1KB
MD524564c009c6c28b2c4eb6903c521a21e
SHA14821977b23851ea36ba82f104e6284ae33b37a6c
SHA256c428f8fa80c9254365c58613776c7c158434618d09d543bf49e10dc1adfbed5f
SHA512f64115da93e89224b82d5788235e51cc3803e78b099f2370a7d52a10b9fa6a82c54ba73e2c5c0bf5cd1cc3d4ca375bd97468acc311afd332be9d6980aecd3f4f
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.fun
Filesize2KB
MD5f5b69e4b5e6c1454d403e0f71e069a5f
SHA1072710d0b0fc22b99967066d58883004ccf5b1a5
SHA25681fcc23b87b29335d44e0c20919960be52d7541beea2752f9ee76d785f52645b
SHA512318e54377b3ad83c5af0c2c14515e9c809eddf76c130f485a0f7d1e3bc7f9309dfff280185e4886afb5fb0deb1aa604aa2edb8b098114d5e03c371051da13409
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.fun
Filesize848B
MD52a905dacd837f155477c0825afd7d97c
SHA1941901b3752cd6a6be0aee243a98a3299d4dbab0
SHA256f2dbecc0121480571b753757542ce1a580f738c0182f335f4d46c331bb66ca92
SHA51246fed4b283944f19d83e72459b5fb95d098d3424d84b8a54b6b40a8523a9abc89c99d1b99ea0566c91a4c3beaef0a89a4f28424f29cf99e63a4f90492f5641bb
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.fun
Filesize32KB
MD59cfee6c4eb67101674cd4c136b19247e
SHA1b5802651983ea22376d7c3e46ec396c0a24186ab
SHA256123e9d73e51376eaf486a0a99fae496094807d725db4faa34b1da7040dd3bb40
SHA512bf985cd10d540706597ec508d9914b889b967ca04e6efe754f2981efc4f659100ad078c9d55c97643b8dc273c2dc1c432141366d45465c838d2d858eac38a355
-
Filesize
160B
MD57bd31afefecc33ea1ce4d68e4747d075
SHA11f9a19ec5a29df36865ba77217914ed2700f8a43
SHA256e2c4d17c1afed9177aa9b96a20769f55fa2402e3f7c0b794aa0afccbf25daba8
SHA512c7a12dedc792ea8dc00910c43a2d4d52562098b6ef6fb20ef6d1a02f1c6a6cecef5cb38b053b292321f8aecaf0f5fe4724748e0d71ba0d0023153ef5c657fe30
-
Filesize
240KB
MD537fa8fa315d60727ebce5fafa56690b8
SHA1599c28e16fda50ab1377e900678084ae28557090
SHA256e398c99bd0f61a4590594dc912e4d4ad23c306df6bd00274e2756d1a28f3ef80
SHA512cc900fb64eececdd030be5d6b79ef4213f128cae0f4314e77ced24df573d54a68350c2bcd3c5f448e4c640d336ef4888bc2b9a5a6fca1ba39668df4b43c50b09
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.fun
Filesize8KB
MD5128dd6be3deae00d0316ef6b34ed8cbf
SHA1091f89029909efa4de1e77cdecdad0d0f8728eba
SHA256a2be57d9d357edd89219d5b13c76d250760282dbc83bdc1b401a6eb52f4ab5ca
SHA512ce782ccf7d0cc5945b008c5df06d0bc60a2211e202e98e73fd81a509852f5e661a5b05411835459e7b70b75d025380467eaef4201d05f6511392aa3ac32a2fcf
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{c2066bf6-8098-4d79-bae9-cfb04f518f0f}\0.1.filtertrie.intermediate.txt.fun
Filesize16B
MD57a2702066f8ae5a41e121d332716da77
SHA1865efd2386c7a98269a78e0a49bf22d3b3bbf192
SHA256d9890327a81687b1542e3c1d4832e5fa0696ebfef0c18f77f2358e3da8a09087
SHA512f2ff55c97cc1443c9f26646da59cd55abc2138de6b74a286ff5a7e7f9fc07903c350c47b7e6b851399af50089b07c1b9ca21c44530a014cdb66ee285b302cfa3
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{c2066bf6-8098-4d79-bae9-cfb04f518f0f}\0.2.filtertrie.intermediate.txt.fun
Filesize16B
MD5e8cf79e9349143759d4ada1f443608a7
SHA171ff76ad0b4c578a9b6bceb4995fe744adbd518d
SHA2560ccdab07f860abeb38663e3415540034115f822cb004d84c2fc99ae076ed88ff
SHA5120bb8493a48b799438cd1d6fc769c3f3ce0c302b66d7759457558e44a01a1e2bccd50dc565dff7758838cd0f28b8bcf3f63da62a85610e26116e234de8ec9d4ce
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133586086594688776.txt.fun
Filesize77KB
MD51c5e94e8e734dd05bc2f112b90fdde79
SHA1fedc1cdc25f17b267a7f9728093b7533df4bbb8d
SHA2562e41ed1f79b9d35f5c456cf1229a075028f45da7d630e90bb16256224e8a10b3
SHA51287c9953a192305bf3ce3106a00932f304e495fb9a8b1270aaf86fa83cf88d9f67c60783c6f9babdd64c69452637d8b57c19d67b9c1f4c0147c2febf6ac2bbf3c
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133586091897989945.txt.fun
Filesize48KB
MD5d68865d622c42ac52e7fc7924c9c5a2b
SHA17709b86af02b8bb7eef0794d460b7be42b510d29
SHA256249ec7e6229836b627b3999cb05b7b61fad3c51cc3d75408aea73a6b80eceb94
SHA5126ba836f98d11ef0a329b87be013fe112efa3f3e56c829da89ffbdbc9b26723f0098bed5f2cd764cff042bb9c9aa3fe270d9a5f377820a0e7536a94b920dcd417
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133586094768785820.txt.fun
Filesize66KB
MD59b3a2d6ddfc264d3af55652fae0ca8a8
SHA1b291c3c5a067f19355eed89c4063907c3bdcabf0
SHA2567e7f47d1d4a88892da2024a3617dbd3bdc9e8ad4d3396ec659905e61a2eeccaa
SHA512fb7988810b845f3d8b4030c235641cda48a12ba433d1d8b5572133a489d536095f58d5b14384bbe7266def75657154f10501d8c7c4b3455e6108d87a590e232f
-
Filesize
16B
MD5bee170ea54aa2d72463f533de0c2fc71
SHA18eb53e2f1bbfe30326f8745d48ac2f94e85e5974
SHA2569a8520991c071633598679cd3098f88c0789d3aa67e6114cec21033c2ab37960
SHA512bcc05419a2f18209d57c27469ea524dade64c1fd984657fcbd2eed5368e18ea183b02323fae33f355115aeecb847e012b1d0b57cf8983751747e9ab0f8f59b4c