Analysis
-
max time kernel
129s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
07-06-2024 17:21
Static task
static1
Behavioral task
behavioral1
Sample
VirusShare_3bee1d24189d4941f68b96da6e207be4.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
VirusShare_3bee1d24189d4941f68b96da6e207be4.exe
Resource
win10v2004-20240508-en
General
-
Target
VirusShare_3bee1d24189d4941f68b96da6e207be4.exe
-
Size
436KB
-
MD5
3bee1d24189d4941f68b96da6e207be4
-
SHA1
dce911b1c05da965c8733935723b88bc29d12756
-
SHA256
a375201f22b6e71d8ea0f81266242e4638e1754aeee14059e9c5e39026d6c710
-
SHA512
a40b01c630ff2c4b90a2e1bbf285c5d558193ee0fba79a3210a56408087ca828292269945e3202f65b8eb038a565b1ea8a18d185864ba9dc4073a3633c86ca29
-
SSDEEP
12288:5l9mnmYK1bcy9oNm3/oK14MfZGLBddXLA:cqzONmQrBM
Malware Config
Signatures
-
Jigsaw Ransomware
Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
-
Renames multiple (3776) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation VirusShare_3bee1d24189d4941f68b96da6e207be4.exe -
Executes dropped EXE 1 IoCs
pid Process 4012 drpbx.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\firefox.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Frfx\\firefox.exe" VirusShare_3bee1d24189d4941f68b96da6e207be4.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-32_altform-lightunplated.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-36_altform-unplated.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-24_contrast-white.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-white_targetsize-64.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SmallTile.scale-150_contrast-black.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\Ratings\Yelp5.scale-200.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.targetsize-80_contrast-black.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\Sticker_Icon_DogEar.png drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\faf-main.js.gws drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\ko-kr\PlayStore_icon.svg drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\nl-nl\ui-strings.js.gws drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\da-dk\ui-strings.js.gws drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\ui-strings.js.gws drpbx.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-32_altform-unplated.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\Spacer\9px.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square150x150\PaintMedTile.scale-125.png drpbx.exe File created C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_CA\README_en_CA.txt.gws drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\themes\dark\files_icons.png.gws drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\BuildInfo.xml drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\HelpAndFeedback\FeedbackThumbnail.png drpbx.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-warning.png.gws drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\eu-es\ui-strings.js drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\progress_spinner_dark.gif.gws drpbx.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-black\WideTile.scale-125.png drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_pattern_RHP.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailAppList.targetsize-256_altform-lightunplated.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-48_altform-unplated_devicefamily-colorfulunplated.png drpbx.exe File created C:\Program Files\Microsoft Office\root\Templates\1033\StudentReport.dotx.gws drpbx.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linessimple.dotx.gws drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\Glyph_0xe805.png drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\share_icons.png.gws drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNotebookMedTile.scale-125.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-60_contrast-black.png drpbx.exe File created C:\Program Files\SendConvert.potx.gws drpbx.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_window.html drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\it-it\ui-strings.js drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_2019.716.2316.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml drpbx.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\MediumTile.scale-125.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_Lollipop.png drpbx.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Scan_visual.svg drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\cstm_brand_preview.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-48_altform-unplated_contrast-black.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteWideTile.scale-400.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-white\SmallTile.scale-100.png drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\sv-se\ui-strings.js drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedSplash.scale-100_contrast-white.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\TXP_TicketedEvent.png drpbx.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Unlock.White.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\RTL\contrast-white\SmallTile.scale-125.png drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\fi-fi\ui-strings.js.gws drpbx.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipssrl.xml drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\S_IlluDCFilesEmpty_180x180.svg.gws drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\SmallTile.scale-100_contrast-black.png drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_filter-dark-focus_32.svg drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\selector.js.gws drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalAppList.targetsize-256_altform-unplated.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\Weather_TileLargeSquare.scale-200.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\LargeTile.scale-200_contrast-black.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Advanced-Light.scale-400.png drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\rhp\exportpdf-rna-tool-view.js.gws drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\zh-cn\ui-strings.js.gws drpbx.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 1524 wrote to memory of 4012 1524 VirusShare_3bee1d24189d4941f68b96da6e207be4.exe 82 PID 1524 wrote to memory of 4012 1524 VirusShare_3bee1d24189d4941f68b96da6e207be4.exe 82
Processes
-
C:\Users\Admin\AppData\Local\Temp\VirusShare_3bee1d24189d4941f68b96da6e207be4.exe"C:\Users\Admin\AppData\Local\Temp\VirusShare_3bee1d24189d4941f68b96da6e207be4.exe"1⤵
- Checks computer location settings
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:1524 -
C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe"C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe" C:\Users\Admin\AppData\Local\Temp\VirusShare_3bee1d24189d4941f68b96da6e207be4.exe2⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:4012
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.gws
Filesize720B
MD59195babb88903ec828fafe337b76d0f2
SHA1e0e39add32fb44fc9bd3cf4b4a3ac4638a7339de
SHA2567deeb653bfe38b620d6fc6ca0fbdc4574f2a037ab7068f185d92d9b730f2f031
SHA5120fd753ebad66626ff28eb2d948aa5d3162da26071c5b90cc460c7d4e1cabd0263108b4bf65007c43a7b005809b15a79dd9186c7def9921bcc67c9fea41ae8f26
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons.png.gws
Filesize7KB
MD52e258399eb4eb1a929c90bf2e3e90259
SHA190e9186422f3eacb47066431f233182becb663d6
SHA256dea0b77cb4040e8bedce0b979dfa1a1e8fc5062d699961c78be9b51a293e79c8
SHA51264270a446608e86361a1b3d3998c6e17f18a3d90614f11608c04462e601ce0dcb18687ea63dcf9419a674bfc8397dc069b38549bb2b3cabd2dbbbf47d3ea8779
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_ie8.gif.gws
Filesize7KB
MD5b302ff685a7fbe2d5fa113ea3c4887ba
SHA1ad401e158a4a13980b95d6af041f93832f9d4694
SHA256afc755d89dbc70dc27eeb13ab80ff4ee7009c0135885864ffabd107e0318f56f
SHA512a9966f7afc89585dacff48b1f58b66f2a1c490cf620dad87d0100cd60fcb40cf73ce70daa311e8bd97f4cf18646b6242ba0994e661ded3a48d4dd29ae1897cb3
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_retina.png.gws
Filesize15KB
MD50e8b8abfd04a1668040d20e24dc9c51c
SHA1f1ccc10cb526227dbc8bdf081c73460ead02243d
SHA256df4236744db8166320d833091b964e8db7dff969c31c38d8b070848161c90358
SHA5121399afd668efe263462cc88072dfb128730eeac253635af6561efb46df8f97e557727b6c826dde39215a7430d7fbe15405f0a8b4a5a2273e4166f23d89884a3d
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons.png.gws
Filesize8KB
MD56461793e4d9ce8147f404890cb75f69b
SHA1b7db8d5a202340af9e988c81e2cdc6f34d286e94
SHA256d116262eae4db29fee337dd8888e0ab5bd54cd5080bd6e1b78653546926376d3
SHA51288bbff83a9331017b624e74a66daac47981e96aa12fc86793a514e0d1495f4965720e8443532959ea95ad04dcf9055ca4d3ad759d1c41bcd62071ac644f4c1ed
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons_retina.png.gws
Filesize17KB
MD5b3cf517679639deb3c21ff8fd2d2c6bc
SHA16ca03f7cb27bcee1b950953294b72f159fbe9a2e
SHA25631b9d9de8dd7fb2d594f6576cb1acbf14b5a977858f22765d7b4d88be6bd4a2c
SHA512e812fcaa58f7aada8444dac583c09cd399921a2d0cd1852af16ae01d19539949f2a382f1f4f1427d656e73aa141106a54f4f66b5221f0535f20863e2dc9a27de
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.gws
Filesize448B
MD522248b1821cf5dbe8c49c0cc98d1341d
SHA1cb2c50d0a6c9a9b310f729fbeab62b6f281f4244
SHA2565edf5ddf0e1014223ffcb1c59c92df6b8141b67e47d91cf246ca4a95f94dee6a
SHA51202c23004cd3c84ad08ed2516586c752a0a5bfe1c67efd7308b6b8c6d9fc199b1600d893b927ee6a3f9d833de1ddadfeadabcd4de5f2bbd64aad98f838288944a
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.gws
Filesize624B
MD562a95a98a94edf4ad7b9d0bcd0ff7259
SHA1e83683f0f49b6b274aff6d73c1447daa937135b7
SHA25699dbfd770693af4b6abad1d2ccbfb05b16df49a9f208d68f7ae7e1f6ecc88946
SHA5129ea6c8452028ab929b2e614cd7bb48e70fd493a114065fdc8a9d5aca91c8f923bbd440765cc17f7ea346c627342b2fe411b4aa7f7aaa20bf26055641cce321ec
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.gws
Filesize400B
MD562bc1d19fcda5c6662f9243c113ad342
SHA1d07e29f8bc79b97b88348080ef97a46bd2cba354
SHA256c6ebf7bae976762bea7d3bfcc0b5c4edb5cd3edf274aa769b571376816baf08d
SHA51216b083eb6447db1f55ce978eb2e6e561e7fcf8b2ec6eddc13b2f77127961cdfdc7e057fe2deee9fd48ecaddc33e7fe3a8be5e2b923a0c8e8d6799cde885980f2
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.gws
Filesize560B
MD50b321dd2b5189902c72e6bc9f52ebf6f
SHA135b51e0af30cbe53e3549052d72c0a0e53c7ed11
SHA256914f07c24cd5d64559c04ea01bb1167ac6d676f002de57ea1c6bb74ed35e80f3
SHA512f7bd79e2ebb0c75a89778a712d01c044e66e0cb1ef448e22357429d60f9b8a88d133fea275a4064c525dffc7f036d0fcf4e73d5a39e1bf91160f665b43833cf3
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.gws
Filesize400B
MD5d8ba28a1a8f4e3d61ca028274823aed8
SHA15b89830cb539349de30354c7fc2c940f184fa24e
SHA256f3f5d4df195d8aacd187e73c3462923d539de1aa2b340c76acc48285389ffc84
SHA51226cdd584a2054209aa3c6632f0e13a838f99448c299ff1028b08392f817be2cb536c4b1383c6784e0072227ab9d67421ae42ee7f3aa2ffaf1f58b981387144b7
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.gws
Filesize560B
MD55cb13824a91c20fe5a896db95ad0db3d
SHA18308c3774c94c10697f97ebe1bbd69b89de6e03c
SHA25661ba3593b4e99ca4264d61520af7043fd306d90789757dcb1cd13dc134ec419f
SHA5128743927af311913a89a0247ec9e9b1ee2fb2dca43484ae7a12c5cc0bf36ffc953ee3189687e5dc915fcabb5744d5db31d58b1a09a028d61fe5f74767180dd89c
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.gws
Filesize400B
MD576a0cae76df925d676aa0a66edb49d41
SHA124f80cf554a6bf04cf122f363721ccd163665244
SHA2563aeb5965e29e9c4b7c707f4df94314fc679d750d834e2668b755ffc4a0e534c0
SHA51202a35bd3770d1b65eeb77ce37f313d454e4cc47273b69e8a5e5443c5ca10ab3f4e97188a99111b23a76c2eb9a0452f5cd0e86df99a093a7d89b0f5d0f940f122
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.gws
Filesize560B
MD513236effc7ba5c135e80417317c47a24
SHA1a3c54d456f6d895fc8cfa6701235b873aaeca845
SHA25675ca63c5a1f618d7a6ce1adcb50515188e4be822189ffd7a8a7b776db4c6397f
SHA51256fe2c7a78b79a07ca15ef791fcc6861eb0d47033740286786498705504f16a170a3be5154a43b2e603dc9b1700826588ef5e023a27be90d2d9b50832f91699a
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons.png.gws
Filesize688B
MD548427442e0177f8cdaf8d1e9ddfb21f6
SHA178c02b52a6d0d668d2bfd1e8a479ff43e66c0713
SHA256176f86db5673cdb183673e78653793af1cb9f045355f741d3ecaefc8e1a46425
SHA51290ae974e8860fe20db37771a2e4cdbada4160bd759b0ebca058b5669e4299614487fc88acf2e46649590b857e8a47efe806f96e83c9e7b3ef66be730b017487e
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons2x.png.gws
Filesize1KB
MD57e285d75b28652fdf6b881c072d6b89d
SHA1fe9acebb06aeeb7e98d1974c4198df592104ac17
SHA2561c5547c483a251bc3a89ab4cc3c9dba027e9d9372d5e8115a948015c4efac10c
SHA512df5e1638d9acc9ca5cb125b067b35c6a73d0593de12bee5bf75eeb11242f6216ba5ad2e0601678ddd9d14231d4b7d2ccb2abef7b5a6c1c40f35515f13256f733
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_pattern_RHP.png.gws
Filesize192B
MD5e8562f0ca25ac1b165e9061176f3a9fd
SHA1b4fcf4b0244720b5bd441c5e6b5fd9982d5cdb65
SHA2562dad421ee2f1ae878de8e09287e1074a50ddd9143d86f04a1ec640bee5363e58
SHA5121333ad5c91b27bbfa00199c16610be604c0600a3afa1babff8933e00e88d07c340dbdb1659144bd2ab1566afe33dfdbedede59b17121fb495abbe1a72c9d0ab5
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_patterns_header.png.gws
Filesize704B
MD55565bc8bc1ab266bb7d5eae4a73ceef4
SHA1afafa00b294b5d77fc529b51661d0ded91ceba2f
SHA2567468618a4d4263671c03e6517d492b7692d37664e5f3bb00feccd827d33bbb4e
SHA512299e961e147a93636b8308c2b38f2f6ff87f98c70a906a74ec5726c6468528393c91ad465ffbf817b4f716908c4c60345f5e7464ceecdbe506b836d494b28024
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations.png.gws
Filesize8KB
MD5bde7908ce88d492fb59d3c3bda22e4f2
SHA10b3712d8311402d90c716690696b311bcfbc8e03
SHA25697521de7a9139433f8ee9ed7548fe1a37772ab983982c065bffb9d4b56064d9c
SHA5129c2a455e544634a0a77ac55a5ac35e5fccc70092e5e813dafb8b88f5b6b00e2369a546a288616d5372e1a6a3face0e53d4ac80a462fa6f23ca282ad15999ddac
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations_retina.png.gws
Filesize19KB
MD5011c5d91fb53cedaa1549c56cec838de
SHA136338d82eed00905ce689945fe8c8f04ccf437b0
SHA256db7409ddb4e3d494a5885628cfa0ed5f827b0b591b527ba22d4da828d03bb3b0
SHA512c9f4c26930df21497df3aff3bf8495989bb439e04c98e5ee9becd8107a6a498c1101016be13ffec7a1e4e41d7bd559cfb0fb83e23ac6132d6e27bd89b98cd5f3
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.gws
Filesize832B
MD55db32fe374f7ce1e7ff5bd66941f6694
SHA1512353068c8ab1fbd99dc0b1344df2133ca4f064
SHA256cb5ae253bd31d0bc80a494049627347dfae43be10f0ce03787d36d07b3a88b13
SHA512532d788a2dd32e106aabd8104204972c1f60f1edbe8c74de3a7d219fc82d00bde43ea212e749eb858408db028c9387f6863c84e83b3245966ac6e35e52e82117
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.gws
Filesize1KB
MD53b3f035afc1a1134b77e5440a3d90de4
SHA199695d2bd5e5b641325ea6d3fd8ed9607f0fe79a
SHA256cf28f076254df0547a0c57f56720d7dd0a6777459245e9250e7f737b8b67566e
SHA5126936e4edc53afe1c5c73cba5fc2c16ea53d611685b26beffa894c109085ac8b9468dd8cda647d655053402415bbf5a7fe8db76931100bd4e42aaa1cc46fbe273
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.gws
Filesize1KB
MD5aafaf4da622af921e65db18aff47b94e
SHA1a2ddec0206196c9f10bee3c0e8cba2630986cfc7
SHA256bfb856384d589ce55f860463d822e40ea9c09e1c26acd45473ef7b5abbdb6f72
SHA512c3f3ceca051a3599168b6b65d7624fa6089a3aaaab097787754b40fd4fb11494c5b9663c84d2ca519856203bf045e08ff19f3237132a253451ae4df337a559be
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.gws
Filesize2KB
MD547471ed13f58e0c7fd240c0b8a26db6f
SHA1bfd84b3bf8078a1e4c11520f7de3b91bcaa30eec
SHA2568c01439e436fbfdfc1ace7426dc41fd16107f41d788c41c22c1e87d51b89f6d5
SHA5121456e7c0aed0c585786fedd961fb76c36f7614a661390e514c99106379ecc47c8504b603be33d66d4f7245e1f1786de4549f8000fb17fcea8227ecb262b63532
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.gws
Filesize2KB
MD5dc8504577cfd34a04d2330919131de61
SHA10fa4d4d0e17492a11a8fab720fcac79c95b9c7d1
SHA256b91ec2edcdb6bf6f110b66667497fa2c1a4146014acbb8e148f0fc22bffa9f54
SHA51259455d1d395c6b14c15a99256cd6931ed43d381f390769e6ccbbbf9d0579b1c7765b32645e4d8e642cff4f747c37581e5b59ce35c7d7d4e54942a02880be45a6
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.gws
Filesize4KB
MD56e6016bc84deba55074da787c9d84427
SHA100954733451fba0c6214b7915d5463ee5c22be2c
SHA256b674ac346d9812a166f1ece75744c02c1d9c77495413d75d15b3874f4a1a90ad
SHA5120a15ac8a0b54a44b022c0a6e5e72bb75b38caa865987a0b903a874df2c05f3c5bbc0edfee46f642191a55de0c540eb52a23d9da1cf10e80069c6be242b13c3c3
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.gws
Filesize304B
MD528acecd51ca758dfe88cd646b12e93fb
SHA195343fd5639cbc36e46781a58f5e81c43661fc9b
SHA2569fca2c44154dcd3163f34f9e3cb65ce79eae9319fc027d022beabf075d1fd5f8
SHA512a1803b49358c2547295782683c1cb4d5352d356cabf83857b0f86d7872a4403ad3bb1ee1d4584708336634a26e5252b38d446bbc78a4a351867228c4ef0acbf9
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.gws
Filesize400B
MD5e38b4af75143cf8788410ccb04d5b729
SHA1215bf41e75ff8afc7d48f2193e087b5bfe305411
SHA256fa48c4dc49de8be4f7b935ae9ed31eacf07af890430a2598e13ac2dae5c06ae0
SHA512ecdbd98f15f446c0e5cfa3c6718459c1df9b075c6f987ce278d0a17028e549096d7fad53bbf2da4e9c68750aec6be4c1229ceed6c281ce28d4c2c0ca0d393b6c
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.gws
Filesize1008B
MD5e399a057a31531a39bd6a4ffedf4977a
SHA1d0cb7011364cbece4d61f7a775a302d92569815f
SHA25634acd0127e4229f709236a7f97641ec46f3984fa3b83adabb01534f5e9049366
SHA512b0be132e28bdd45e9ab1150fe0551eff52f2315c353bce31afe89993212732c993f22887a50ef9b9c36f752ff488a594fba14489b070d03bd336d7b638376038
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.gws
Filesize1KB
MD5dc5f49c3c6ae80a8dd9d0543b7aecf6e
SHA1fdd5d859c980dccf41a5af18b4761a585d5eecbb
SHA256dc1945093eda6a7b0ddb12b22e0e1237c2f707a04370f52cf419bf648d1d98be
SHA5122cc57851ca05f35d9073d1cf70622aea0f6b917321b7312d0fb670b48e9e04ba6d70d748e4ac132c9e80674047ab7ab9b1a8cd07d12d171041b4fdb015b5f537
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.gws
Filesize2KB
MD5300eee88fe682535cca98094250f4696
SHA18b545844de4afd84082da0615fc6647e7731ad9d
SHA2561441606a323724753c6edfbda12eca06bb26042c1e2b9ad5bb1ed21b5246c29f
SHA512307e1537429d85895d8d86e606ad227bc44d7d3f4742b36b66c9d97f4492c5a56d9e13eb1433d5f06a108160f4fa03b5db5a8a1231cc817e9c2af14faddcffc2
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.gws
Filesize848B
MD515bf1ecfe6789eaa851d0f1abb7398b0
SHA1797715eafb8dfd2af57a9d078422525daaa83085
SHA2566029aaed6b91cbb63ec0bed01bddd5288b53a1271bd3327c1005f96a62b9ee54
SHA5120211838b895defa302aa206803e0df8811ea243053cd671129e5000d81de5700759f72c095a6f0e7bb09894a06b0e8f76df2214bd12d87190c14372148d41ccd
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.gws
Filesize32KB
MD5ad8a20c3354cc9e1e977e15465823344
SHA1ebccef3db400c7cef2996b3657f349a381cd807a
SHA2562602bd92230180ce6746824e1c0e2266b1ed1643e6cbed712e23af1c88f5b811
SHA512950f82cc355f6bbf01e581af6627d3dab31cb893fb9a036e0a7c8d0c3f097ba47ceef5b12be915d7164b69c5b1f2e1c52dfd6bb1304ec8eee33dd6b28a9eb62c
-
Filesize
160B
MD54624905679a8c26eb3cbcf0bea34785e
SHA1341765659db6ac5dca240a2d559f9767b5ce1252
SHA256799474c262c09de278cab1562154797551483d7e4cdfad242bdf51df82136e06
SHA51225abe41f1b7e95c1371c59d15c27850a207a6221e77413ae3cef50b4c49cb98174f2c6da57f0be62658a545840ae5b55f80f2d24a54bc183babe408369cbc907
-
Filesize
436KB
MD53bee1d24189d4941f68b96da6e207be4
SHA1dce911b1c05da965c8733935723b88bc29d12756
SHA256a375201f22b6e71d8ea0f81266242e4638e1754aeee14059e9c5e39026d6c710
SHA512a40b01c630ff2c4b90a2e1bbf285c5d558193ee0fba79a3210a56408087ca828292269945e3202f65b8eb038a565b1ea8a18d185864ba9dc4073a3633c86ca29
-
Filesize
16B
MD5c3a747554556df614575dc417c3cf9d9
SHA12e71688b2013bc93b1c5c01e5fd902a32a62007e
SHA256da1f992586145a03fec57464a38b8bb928cafd8fa9996386732e83a6de555ed7
SHA512eb740b56bfc85d2c5be11af614cb413a0f0e055d6d2311d4790d86ad71c59a2ec4f13e09d04a180e3279c22ac320cfa38892bd0f6a5e8e04299ed64b2d514c2d
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.gws
Filesize8KB
MD502bcd4ccce238299d4b7279fabe1078c
SHA1f086725a337c62e4dff2bd0e33115ad58b7a7df0
SHA256935fe7ef1e5df94a769e677657e9a910748eba742d0e8fab219ccad10d55d48b
SHA5125b3b1a99b5e8693369e3ed8c4ed7c6f92ed5f470af6163dece4e5c150339efa5afcb1c4124237ba0d115fb0b0274834a9a7ecb5062caf6edc835a88a582ffa3f
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{5ad19b1b-600e-4a94-9f1d-df48f742e3e2}\0.1.filtertrie.intermediate.txt.gws
Filesize16B
MD5208da38c14d2967e979f4cda92b451f9
SHA107f4c57d3cc75482044886c985a52a928b96266f
SHA2561b2c165eb9e14a6b184880b765e8c0a7217c95d34772c7e4cf7e72833627ad34
SHA5126405723ac441ddcda39d81c64b2cd12ee6ec65f6e522f77db02d9a9c332ebe61db5422335af83521a2bd7cec468e31ad375b978734b9b8cdc688f690ef52863f
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{5ad19b1b-600e-4a94-9f1d-df48f742e3e2}\0.2.filtertrie.intermediate.txt.gws
Filesize16B
MD592df3955a31d89c551eccf694988de89
SHA1ee7273f91878ed7f65aa60cc342a22582d87e07b
SHA25669a1de0369c140ef6f2ecc92b7e000555c3ee25e5e8de574696d4f4edca114d6
SHA512d38ba0a4fe7e0214c436069f4cb1fe0ac0fa2637963bc51ad9e374321f80910299b9d49675da7dd587c6de89108be4389a4f5668ff243463b54406684334a7c2
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133596439083295209.txt.gws
Filesize77KB
MD591ccec998a1b2e5189229789eb40bd7a
SHA1a2cf1a33849ac5d384c7ed041cf2e000fb9c8da5
SHA256aa4519811c014a0a7afee4e187c17a7234fd0d565aff7ce231f4736858ae20f8
SHA512547ab8888682e94451e80663e5dd6a7ddf2067bb6f75f78b6f0574dce8d5e9f1d88f70b2eac9fb92a69814a0c4e298ea5062b47e9425944e3480b99d2f45eaac
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133596440479376967.txt.gws
Filesize47KB
MD5b58787b834dcbc0603fbca76b9226153
SHA196666ce41b688453c5ede9557b438b487209b3ab
SHA25646c5d2f752618bd310131d552e02ffa8ead20d4d7d071759024822a7452e81f5
SHA512e462c7756a3aacebcdf2ca08a43d0d3d7139909c51617122923ce33598ae9d000cbc6c2040e6af047b2041dfca7d36d6e1bd465e6b1efde2ec16d097ed871ca9
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133596447864304096.txt.gws
Filesize66KB
MD5580d4cf26a9b602926714db8c1030ff0
SHA1698e8a449784c908fec5cffe1a1f759ffa007448
SHA256c05f03c31da347b15f4258a3fcc6e9d30d33e31a1b3ba9974e76a0f91d6c7e90
SHA51288ceaeb53c9eb3ceaf9735384476fd8008837f751bb2dfeba7f93f21a355b4c3bab8fb209e92042227cc86d6d63b3b8e8a493b8ae35cc86e00eaab8108ca4850
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133596472680466129.txt.gws
Filesize75KB
MD536cceae9dd7121b04cc0db802ea4eac8
SHA10ef9632af23d027d399a91518f5b982ba2ffcca0
SHA2569b7413c770caff335423f93fa7bd138597b4a396955492d79fadc5b373e8e98e
SHA512fa1a8d4e31b77018fc531585ddbc3433d194f5bdfa2ab82d46e6f3d5d9077e9066c30518ca1c55e0133ff97edc6c6683d43ed1f2c03308704f786d088072164e