Analysis
-
max time kernel
128s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
12-10-2024 20:39
Static task
static1
Behavioral task
behavioral1
Sample
3bee1d24189d4941f68b96da6e207be4_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
3bee1d24189d4941f68b96da6e207be4_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
3bee1d24189d4941f68b96da6e207be4_JaffaCakes118.exe
-
Size
436KB
-
MD5
3bee1d24189d4941f68b96da6e207be4
-
SHA1
dce911b1c05da965c8733935723b88bc29d12756
-
SHA256
a375201f22b6e71d8ea0f81266242e4638e1754aeee14059e9c5e39026d6c710
-
SHA512
a40b01c630ff2c4b90a2e1bbf285c5d558193ee0fba79a3210a56408087ca828292269945e3202f65b8eb038a565b1ea8a18d185864ba9dc4073a3633c86ca29
-
SSDEEP
12288:5l9mnmYK1bcy9oNm3/oK14MfZGLBddXLA:cqzONmQrBM
Malware Config
Signatures
-
Jigsaw Ransomware
Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
-
Renames multiple (3782) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation 3bee1d24189d4941f68b96da6e207be4_JaffaCakes118.exe -
Executes dropped EXE 1 IoCs
pid Process 2284 drpbx.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\firefox.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Frfx\\firefox.exe" 3bee1d24189d4941f68b96da6e207be4_JaffaCakes118.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\improved-office-to-pdf.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\StopwatchSmallTile.contrast-black_scale-100.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\LinkedInboxMediumTile.scale-125.png drpbx.exe File opened for modification C:\Program Files\Microsoft Office\root\Integration\C2RManifest.osmuxmui.msi.16.en-us.xml drpbx.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\LTR\contrast-white\SmallTile.scale-125.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-30_altform-lightunplated.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosSmallTile.scale-200.png drpbx.exe File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red.xml drpbx.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\RTL\contrast-white\WideTile.scale-125.png drpbx.exe File opened for modification C:\Program Files\Windows Media Player\Media Renderer\avtransport.xml drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\SmallTile.scale-200.png drpbx.exe File opened for modification C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\BadgeLogo.scale-125.png drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_pt_135x40.svg.gws drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-36_altform-lightunplated.png drpbx.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-180.png.gws drpbx.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraSplashScreen.contrast-white_scale-125.png drpbx.exe File created C:\Program Files\Microsoft Office\root\rsod\proof.es-es.msi.16.es-es.boot.tree.dat.gws drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\core_icons_fw.png drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\hu-hu\ui-strings.js drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\nb-no\ui-strings.js drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\FileIcons\FileLogoExtensions.targetsize-32.png drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\de-de\ui-strings.js.gws drpbx.exe File created C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\MLModels\autofill_labeling_features.txt.gws drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\typing\bubble\light.gif drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\flags.png drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\de-de\ui-strings.js.gws drpbx.exe File created C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt.gws drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_WorriedEye.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-black_targetsize-36_altform-unplated.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\LargeTile.scale-125.png drpbx.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-100.png.gws drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\back-arrow-hover.svg.gws drpbx.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\nb-no\ui-strings.js drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\MapLightTheme.png drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\file_info2x.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\FileExtension.targetsize-63.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteAppList.targetsize-96_altform-unplated.png drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\ms_get.svg drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\WideTile.scale-200.png drpbx.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\requests\vlm.xml drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-64_altform-lightunplated.png drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\tr-tr\ui-strings.js.gws drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\BadgeLogo.scale-100.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\ExchangeMediumTile.scale-125.png drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\[email protected] drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosLogoExtensions.targetsize-16.png drpbx.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-100.png.gws drpbx.exe File created C:\Program Files\7-Zip\Lang\io.txt.gws drpbx.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-140.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailAppList.targetsize-32_altform-lightunplated.png drpbx.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwcapitalized.dotx.gws drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\images\themes\dark\checkmark-2x.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl\Assets\OfflinePages\WebviewOffline.html drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalAppList.targetsize-72_altform-lightunplated.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-white_targetsize-24.png drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\fr-fr\ui-strings.js drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\StoreLogo.scale-100_contrast-white.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\LiveTile\W1.png drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_share_18.svg drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.scale-100_contrast-white.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-48_contrast-white.png drpbx.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-linkedentity-dark.png drpbx.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 4496 wrote to memory of 2284 4496 3bee1d24189d4941f68b96da6e207be4_JaffaCakes118.exe 88 PID 4496 wrote to memory of 2284 4496 3bee1d24189d4941f68b96da6e207be4_JaffaCakes118.exe 88
Processes
-
C:\Users\Admin\AppData\Local\Temp\3bee1d24189d4941f68b96da6e207be4_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3bee1d24189d4941f68b96da6e207be4_JaffaCakes118.exe"1⤵
- Checks computer location settings
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:4496 -
C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe"C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe" C:\Users\Admin\AppData\Local\Temp\3bee1d24189d4941f68b96da6e207be4_JaffaCakes118.exe2⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:2284
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.gws
Filesize720B
MD59195babb88903ec828fafe337b76d0f2
SHA1e0e39add32fb44fc9bd3cf4b4a3ac4638a7339de
SHA2567deeb653bfe38b620d6fc6ca0fbdc4574f2a037ab7068f185d92d9b730f2f031
SHA5120fd753ebad66626ff28eb2d948aa5d3162da26071c5b90cc460c7d4e1cabd0263108b4bf65007c43a7b005809b15a79dd9186c7def9921bcc67c9fea41ae8f26
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons.png.gws
Filesize7KB
MD52e258399eb4eb1a929c90bf2e3e90259
SHA190e9186422f3eacb47066431f233182becb663d6
SHA256dea0b77cb4040e8bedce0b979dfa1a1e8fc5062d699961c78be9b51a293e79c8
SHA51264270a446608e86361a1b3d3998c6e17f18a3d90614f11608c04462e601ce0dcb18687ea63dcf9419a674bfc8397dc069b38549bb2b3cabd2dbbbf47d3ea8779
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_ie8.gif.gws
Filesize7KB
MD5b302ff685a7fbe2d5fa113ea3c4887ba
SHA1ad401e158a4a13980b95d6af041f93832f9d4694
SHA256afc755d89dbc70dc27eeb13ab80ff4ee7009c0135885864ffabd107e0318f56f
SHA512a9966f7afc89585dacff48b1f58b66f2a1c490cf620dad87d0100cd60fcb40cf73ce70daa311e8bd97f4cf18646b6242ba0994e661ded3a48d4dd29ae1897cb3
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_retina.png.gws
Filesize15KB
MD50e8b8abfd04a1668040d20e24dc9c51c
SHA1f1ccc10cb526227dbc8bdf081c73460ead02243d
SHA256df4236744db8166320d833091b964e8db7dff969c31c38d8b070848161c90358
SHA5121399afd668efe263462cc88072dfb128730eeac253635af6561efb46df8f97e557727b6c826dde39215a7430d7fbe15405f0a8b4a5a2273e4166f23d89884a3d
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons.png.gws
Filesize8KB
MD56461793e4d9ce8147f404890cb75f69b
SHA1b7db8d5a202340af9e988c81e2cdc6f34d286e94
SHA256d116262eae4db29fee337dd8888e0ab5bd54cd5080bd6e1b78653546926376d3
SHA51288bbff83a9331017b624e74a66daac47981e96aa12fc86793a514e0d1495f4965720e8443532959ea95ad04dcf9055ca4d3ad759d1c41bcd62071ac644f4c1ed
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons_retina.png.gws
Filesize17KB
MD5b3cf517679639deb3c21ff8fd2d2c6bc
SHA16ca03f7cb27bcee1b950953294b72f159fbe9a2e
SHA25631b9d9de8dd7fb2d594f6576cb1acbf14b5a977858f22765d7b4d88be6bd4a2c
SHA512e812fcaa58f7aada8444dac583c09cd399921a2d0cd1852af16ae01d19539949f2a382f1f4f1427d656e73aa141106a54f4f66b5221f0535f20863e2dc9a27de
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.gws
Filesize448B
MD522248b1821cf5dbe8c49c0cc98d1341d
SHA1cb2c50d0a6c9a9b310f729fbeab62b6f281f4244
SHA2565edf5ddf0e1014223ffcb1c59c92df6b8141b67e47d91cf246ca4a95f94dee6a
SHA51202c23004cd3c84ad08ed2516586c752a0a5bfe1c67efd7308b6b8c6d9fc199b1600d893b927ee6a3f9d833de1ddadfeadabcd4de5f2bbd64aad98f838288944a
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.gws
Filesize624B
MD562a95a98a94edf4ad7b9d0bcd0ff7259
SHA1e83683f0f49b6b274aff6d73c1447daa937135b7
SHA25699dbfd770693af4b6abad1d2ccbfb05b16df49a9f208d68f7ae7e1f6ecc88946
SHA5129ea6c8452028ab929b2e614cd7bb48e70fd493a114065fdc8a9d5aca91c8f923bbd440765cc17f7ea346c627342b2fe411b4aa7f7aaa20bf26055641cce321ec
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.gws
Filesize400B
MD562bc1d19fcda5c6662f9243c113ad342
SHA1d07e29f8bc79b97b88348080ef97a46bd2cba354
SHA256c6ebf7bae976762bea7d3bfcc0b5c4edb5cd3edf274aa769b571376816baf08d
SHA51216b083eb6447db1f55ce978eb2e6e561e7fcf8b2ec6eddc13b2f77127961cdfdc7e057fe2deee9fd48ecaddc33e7fe3a8be5e2b923a0c8e8d6799cde885980f2
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.gws
Filesize560B
MD50b321dd2b5189902c72e6bc9f52ebf6f
SHA135b51e0af30cbe53e3549052d72c0a0e53c7ed11
SHA256914f07c24cd5d64559c04ea01bb1167ac6d676f002de57ea1c6bb74ed35e80f3
SHA512f7bd79e2ebb0c75a89778a712d01c044e66e0cb1ef448e22357429d60f9b8a88d133fea275a4064c525dffc7f036d0fcf4e73d5a39e1bf91160f665b43833cf3
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.gws
Filesize400B
MD5d8ba28a1a8f4e3d61ca028274823aed8
SHA15b89830cb539349de30354c7fc2c940f184fa24e
SHA256f3f5d4df195d8aacd187e73c3462923d539de1aa2b340c76acc48285389ffc84
SHA51226cdd584a2054209aa3c6632f0e13a838f99448c299ff1028b08392f817be2cb536c4b1383c6784e0072227ab9d67421ae42ee7f3aa2ffaf1f58b981387144b7
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.gws
Filesize560B
MD55cb13824a91c20fe5a896db95ad0db3d
SHA18308c3774c94c10697f97ebe1bbd69b89de6e03c
SHA25661ba3593b4e99ca4264d61520af7043fd306d90789757dcb1cd13dc134ec419f
SHA5128743927af311913a89a0247ec9e9b1ee2fb2dca43484ae7a12c5cc0bf36ffc953ee3189687e5dc915fcabb5744d5db31d58b1a09a028d61fe5f74767180dd89c
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.gws
Filesize400B
MD576a0cae76df925d676aa0a66edb49d41
SHA124f80cf554a6bf04cf122f363721ccd163665244
SHA2563aeb5965e29e9c4b7c707f4df94314fc679d750d834e2668b755ffc4a0e534c0
SHA51202a35bd3770d1b65eeb77ce37f313d454e4cc47273b69e8a5e5443c5ca10ab3f4e97188a99111b23a76c2eb9a0452f5cd0e86df99a093a7d89b0f5d0f940f122
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.gws
Filesize560B
MD513236effc7ba5c135e80417317c47a24
SHA1a3c54d456f6d895fc8cfa6701235b873aaeca845
SHA25675ca63c5a1f618d7a6ce1adcb50515188e4be822189ffd7a8a7b776db4c6397f
SHA51256fe2c7a78b79a07ca15ef791fcc6861eb0d47033740286786498705504f16a170a3be5154a43b2e603dc9b1700826588ef5e023a27be90d2d9b50832f91699a
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons.png.gws
Filesize688B
MD548427442e0177f8cdaf8d1e9ddfb21f6
SHA178c02b52a6d0d668d2bfd1e8a479ff43e66c0713
SHA256176f86db5673cdb183673e78653793af1cb9f045355f741d3ecaefc8e1a46425
SHA51290ae974e8860fe20db37771a2e4cdbada4160bd759b0ebca058b5669e4299614487fc88acf2e46649590b857e8a47efe806f96e83c9e7b3ef66be730b017487e
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons2x.png.gws
Filesize1KB
MD57e285d75b28652fdf6b881c072d6b89d
SHA1fe9acebb06aeeb7e98d1974c4198df592104ac17
SHA2561c5547c483a251bc3a89ab4cc3c9dba027e9d9372d5e8115a948015c4efac10c
SHA512df5e1638d9acc9ca5cb125b067b35c6a73d0593de12bee5bf75eeb11242f6216ba5ad2e0601678ddd9d14231d4b7d2ccb2abef7b5a6c1c40f35515f13256f733
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_pattern_RHP.png.gws
Filesize192B
MD5e8562f0ca25ac1b165e9061176f3a9fd
SHA1b4fcf4b0244720b5bd441c5e6b5fd9982d5cdb65
SHA2562dad421ee2f1ae878de8e09287e1074a50ddd9143d86f04a1ec640bee5363e58
SHA5121333ad5c91b27bbfa00199c16610be604c0600a3afa1babff8933e00e88d07c340dbdb1659144bd2ab1566afe33dfdbedede59b17121fb495abbe1a72c9d0ab5
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_patterns_header.png.gws
Filesize704B
MD55565bc8bc1ab266bb7d5eae4a73ceef4
SHA1afafa00b294b5d77fc529b51661d0ded91ceba2f
SHA2567468618a4d4263671c03e6517d492b7692d37664e5f3bb00feccd827d33bbb4e
SHA512299e961e147a93636b8308c2b38f2f6ff87f98c70a906a74ec5726c6468528393c91ad465ffbf817b4f716908c4c60345f5e7464ceecdbe506b836d494b28024
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations.png.gws
Filesize8KB
MD5bde7908ce88d492fb59d3c3bda22e4f2
SHA10b3712d8311402d90c716690696b311bcfbc8e03
SHA25697521de7a9139433f8ee9ed7548fe1a37772ab983982c065bffb9d4b56064d9c
SHA5129c2a455e544634a0a77ac55a5ac35e5fccc70092e5e813dafb8b88f5b6b00e2369a546a288616d5372e1a6a3face0e53d4ac80a462fa6f23ca282ad15999ddac
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations_retina.png.gws
Filesize19KB
MD5011c5d91fb53cedaa1549c56cec838de
SHA136338d82eed00905ce689945fe8c8f04ccf437b0
SHA256db7409ddb4e3d494a5885628cfa0ed5f827b0b591b527ba22d4da828d03bb3b0
SHA512c9f4c26930df21497df3aff3bf8495989bb439e04c98e5ee9becd8107a6a498c1101016be13ffec7a1e4e41d7bd559cfb0fb83e23ac6132d6e27bd89b98cd5f3
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.gws
Filesize832B
MD55db32fe374f7ce1e7ff5bd66941f6694
SHA1512353068c8ab1fbd99dc0b1344df2133ca4f064
SHA256cb5ae253bd31d0bc80a494049627347dfae43be10f0ce03787d36d07b3a88b13
SHA512532d788a2dd32e106aabd8104204972c1f60f1edbe8c74de3a7d219fc82d00bde43ea212e749eb858408db028c9387f6863c84e83b3245966ac6e35e52e82117
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.gws
Filesize1KB
MD53b3f035afc1a1134b77e5440a3d90de4
SHA199695d2bd5e5b641325ea6d3fd8ed9607f0fe79a
SHA256cf28f076254df0547a0c57f56720d7dd0a6777459245e9250e7f737b8b67566e
SHA5126936e4edc53afe1c5c73cba5fc2c16ea53d611685b26beffa894c109085ac8b9468dd8cda647d655053402415bbf5a7fe8db76931100bd4e42aaa1cc46fbe273
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.gws
Filesize1KB
MD5aafaf4da622af921e65db18aff47b94e
SHA1a2ddec0206196c9f10bee3c0e8cba2630986cfc7
SHA256bfb856384d589ce55f860463d822e40ea9c09e1c26acd45473ef7b5abbdb6f72
SHA512c3f3ceca051a3599168b6b65d7624fa6089a3aaaab097787754b40fd4fb11494c5b9663c84d2ca519856203bf045e08ff19f3237132a253451ae4df337a559be
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.gws
Filesize2KB
MD547471ed13f58e0c7fd240c0b8a26db6f
SHA1bfd84b3bf8078a1e4c11520f7de3b91bcaa30eec
SHA2568c01439e436fbfdfc1ace7426dc41fd16107f41d788c41c22c1e87d51b89f6d5
SHA5121456e7c0aed0c585786fedd961fb76c36f7614a661390e514c99106379ecc47c8504b603be33d66d4f7245e1f1786de4549f8000fb17fcea8227ecb262b63532
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.gws
Filesize2KB
MD5dc8504577cfd34a04d2330919131de61
SHA10fa4d4d0e17492a11a8fab720fcac79c95b9c7d1
SHA256b91ec2edcdb6bf6f110b66667497fa2c1a4146014acbb8e148f0fc22bffa9f54
SHA51259455d1d395c6b14c15a99256cd6931ed43d381f390769e6ccbbbf9d0579b1c7765b32645e4d8e642cff4f747c37581e5b59ce35c7d7d4e54942a02880be45a6
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.gws
Filesize4KB
MD56e6016bc84deba55074da787c9d84427
SHA100954733451fba0c6214b7915d5463ee5c22be2c
SHA256b674ac346d9812a166f1ece75744c02c1d9c77495413d75d15b3874f4a1a90ad
SHA5120a15ac8a0b54a44b022c0a6e5e72bb75b38caa865987a0b903a874df2c05f3c5bbc0edfee46f642191a55de0c540eb52a23d9da1cf10e80069c6be242b13c3c3
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.gws
Filesize304B
MD528acecd51ca758dfe88cd646b12e93fb
SHA195343fd5639cbc36e46781a58f5e81c43661fc9b
SHA2569fca2c44154dcd3163f34f9e3cb65ce79eae9319fc027d022beabf075d1fd5f8
SHA512a1803b49358c2547295782683c1cb4d5352d356cabf83857b0f86d7872a4403ad3bb1ee1d4584708336634a26e5252b38d446bbc78a4a351867228c4ef0acbf9
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.gws
Filesize400B
MD5e38b4af75143cf8788410ccb04d5b729
SHA1215bf41e75ff8afc7d48f2193e087b5bfe305411
SHA256fa48c4dc49de8be4f7b935ae9ed31eacf07af890430a2598e13ac2dae5c06ae0
SHA512ecdbd98f15f446c0e5cfa3c6718459c1df9b075c6f987ce278d0a17028e549096d7fad53bbf2da4e9c68750aec6be4c1229ceed6c281ce28d4c2c0ca0d393b6c
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.gws
Filesize1008B
MD5e399a057a31531a39bd6a4ffedf4977a
SHA1d0cb7011364cbece4d61f7a775a302d92569815f
SHA25634acd0127e4229f709236a7f97641ec46f3984fa3b83adabb01534f5e9049366
SHA512b0be132e28bdd45e9ab1150fe0551eff52f2315c353bce31afe89993212732c993f22887a50ef9b9c36f752ff488a594fba14489b070d03bd336d7b638376038
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.gws
Filesize1KB
MD5dc5f49c3c6ae80a8dd9d0543b7aecf6e
SHA1fdd5d859c980dccf41a5af18b4761a585d5eecbb
SHA256dc1945093eda6a7b0ddb12b22e0e1237c2f707a04370f52cf419bf648d1d98be
SHA5122cc57851ca05f35d9073d1cf70622aea0f6b917321b7312d0fb670b48e9e04ba6d70d748e4ac132c9e80674047ab7ab9b1a8cd07d12d171041b4fdb015b5f537
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.gws
Filesize2KB
MD5300eee88fe682535cca98094250f4696
SHA18b545844de4afd84082da0615fc6647e7731ad9d
SHA2561441606a323724753c6edfbda12eca06bb26042c1e2b9ad5bb1ed21b5246c29f
SHA512307e1537429d85895d8d86e606ad227bc44d7d3f4742b36b66c9d97f4492c5a56d9e13eb1433d5f06a108160f4fa03b5db5a8a1231cc817e9c2af14faddcffc2
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.gws
Filesize848B
MD515bf1ecfe6789eaa851d0f1abb7398b0
SHA1797715eafb8dfd2af57a9d078422525daaa83085
SHA2566029aaed6b91cbb63ec0bed01bddd5288b53a1271bd3327c1005f96a62b9ee54
SHA5120211838b895defa302aa206803e0df8811ea243053cd671129e5000d81de5700759f72c095a6f0e7bb09894a06b0e8f76df2214bd12d87190c14372148d41ccd
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.gws
Filesize32KB
MD5ad8a20c3354cc9e1e977e15465823344
SHA1ebccef3db400c7cef2996b3657f349a381cd807a
SHA2562602bd92230180ce6746824e1c0e2266b1ed1643e6cbed712e23af1c88f5b811
SHA512950f82cc355f6bbf01e581af6627d3dab31cb893fb9a036e0a7c8d0c3f097ba47ceef5b12be915d7164b69c5b1f2e1c52dfd6bb1304ec8eee33dd6b28a9eb62c
-
Filesize
160B
MD54624905679a8c26eb3cbcf0bea34785e
SHA1341765659db6ac5dca240a2d559f9767b5ce1252
SHA256799474c262c09de278cab1562154797551483d7e4cdfad242bdf51df82136e06
SHA51225abe41f1b7e95c1371c59d15c27850a207a6221e77413ae3cef50b4c49cb98174f2c6da57f0be62658a545840ae5b55f80f2d24a54bc183babe408369cbc907
-
Filesize
436KB
MD53bee1d24189d4941f68b96da6e207be4
SHA1dce911b1c05da965c8733935723b88bc29d12756
SHA256a375201f22b6e71d8ea0f81266242e4638e1754aeee14059e9c5e39026d6c710
SHA512a40b01c630ff2c4b90a2e1bbf285c5d558193ee0fba79a3210a56408087ca828292269945e3202f65b8eb038a565b1ea8a18d185864ba9dc4073a3633c86ca29
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.gws
Filesize8KB
MD502bcd4ccce238299d4b7279fabe1078c
SHA1f086725a337c62e4dff2bd0e33115ad58b7a7df0
SHA256935fe7ef1e5df94a769e677657e9a910748eba742d0e8fab219ccad10d55d48b
SHA5125b3b1a99b5e8693369e3ed8c4ed7c6f92ed5f470af6163dece4e5c150339efa5afcb1c4124237ba0d115fb0b0274834a9a7ecb5062caf6edc835a88a582ffa3f
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{956eb289-a20a-456a-8100-e4caacde1a1d}\0.1.filtertrie.intermediate.txt.gws
Filesize16B
MD5208da38c14d2967e979f4cda92b451f9
SHA107f4c57d3cc75482044886c985a52a928b96266f
SHA2561b2c165eb9e14a6b184880b765e8c0a7217c95d34772c7e4cf7e72833627ad34
SHA5126405723ac441ddcda39d81c64b2cd12ee6ec65f6e522f77db02d9a9c332ebe61db5422335af83521a2bd7cec468e31ad375b978734b9b8cdc688f690ef52863f
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{956eb289-a20a-456a-8100-e4caacde1a1d}\0.2.filtertrie.intermediate.txt.gws
Filesize16B
MD592df3955a31d89c551eccf694988de89
SHA1ee7273f91878ed7f65aa60cc342a22582d87e07b
SHA25669a1de0369c140ef6f2ecc92b7e000555c3ee25e5e8de574696d4f4edca114d6
SHA512d38ba0a4fe7e0214c436069f4cb1fe0ac0fa2637963bc51ad9e374321f80910299b9d49675da7dd587c6de89108be4389a4f5668ff243463b54406684334a7c2
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727658826891613.txt.gws
Filesize77KB
MD5ab5c2b29946b9e09f0dac4fa5100eb68
SHA1caad307b053bd42c3bd2ea3d65f57b2da6faba4c
SHA25678a579c9dc6926c5a873d8977563737038f8ebac604ad7f9a845464f2069d31a
SHA512bb41728e6f550543a4cfbaaad233c2511828deac1bf49bda3df4a71d1e543b6bb0c5ff7f0e3bc03dd2d13a0290d4088dbe1520379f78767b1dffdd019ce7644a
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727660257997193.txt.gws
Filesize47KB
MD54f8cb35a6adbb86ba3f8738a377a2c31
SHA1ba07a75fe8fa06959fce60800c17b0b9b4af3e22
SHA25678da6cafaf910ea83fefb3bd4a99a67f411986f97836d8d085e840bbb1bd9d87
SHA51219fc06769a41a4c4abe3ded733703394ca237eea133c839ad87ed2d2f0739b5fc132c9d4254cde1b7bd6823ecddb4af85cdeb66ec6d3da8d292b47a1aaa720d5
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727666145703406.txt.gws
Filesize65KB
MD51de71eab93a6e25a601dea5a4f0fd8ad
SHA1d92322a61d8bebdb7270e39dc274c516eb911aeb
SHA256de19656f40d03f6ac475d247e133110486216605ff88e7bbe59edc4e47608900
SHA512dc189e5a0be596c42ea041ff937ccc56a79a6ed5bda180a85cae57286725a87e0113c36da06a247757f9ac50d0e4db1ea277271e256d9a15c3a9ed5151a9bc78
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727713212700378.txt.gws
Filesize75KB
MD53b18def11a096b99ef0b9d2e1db5ec54
SHA116b093c50db99a5b474792f673d2e9abf3beb03a
SHA2568ced4dec2ff834a5b5ec755a24cb2da0edfed8cdb1ca9b4f4495fa4c3a1acac1
SHA512e562e3f234186bde91f7ffd6da3b37f3fe6a72626ddb9cd8726754ea579e522252a4d0f6ce5caaed11bbfb53e764ea6bce1bf080cd579ab74af21064db700efb
-
Filesize
16B
MD5c3a747554556df614575dc417c3cf9d9
SHA12e71688b2013bc93b1c5c01e5fd902a32a62007e
SHA256da1f992586145a03fec57464a38b8bb928cafd8fa9996386732e83a6de555ed7
SHA512eb740b56bfc85d2c5be11af614cb413a0f0e055d6d2311d4790d86ad71c59a2ec4f13e09d04a180e3279c22ac320cfa38892bd0f6a5e8e04299ed64b2d514c2d