Malware Analysis Report

2024-10-18 23:51

Sample ID 241012-zfbgzavaql
Target 3bee1d24189d4941f68b96da6e207be4_JaffaCakes118
SHA256 a375201f22b6e71d8ea0f81266242e4638e1754aeee14059e9c5e39026d6c710
Tags
jigsaw persistence ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a375201f22b6e71d8ea0f81266242e4638e1754aeee14059e9c5e39026d6c710

Threat Level: Known bad

The file 3bee1d24189d4941f68b96da6e207be4_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

jigsaw persistence ransomware spyware stealer

Jigsaw Ransomware

Renames multiple (2103) files with added filename extension

Renames multiple (3782) files with added filename extension

Executes dropped EXE

Reads user/profile data of web browsers

Checks computer location settings

Adds Run key to start application

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-12 20:39

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-12 20:39

Reported

2024-10-12 20:41

Platform

win7-20240903-en

Max time kernel

117s

Max time network

117s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3bee1d24189d4941f68b96da6e207be4_JaffaCakes118.exe"

Signatures

Jigsaw Ransomware

ransomware jigsaw

Renames multiple (2103) files with added filename extension

ransomware

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Run\firefox.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Frfx\\firefox.exe" C:\Users\Admin\AppData\Local\Temp\3bee1d24189d4941f68b96da6e207be4_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\Apothecary.xml.gws C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ru.jar C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_bkg_orange.png C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\26.png C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_snow.png C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-impl.jar C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\ViewHeaderPreview.jpg.gws C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-templates_ja.jar.gws C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureB.png C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\Waveform.xml.gws C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\logo.png C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\plugin.jar.gws C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\jfluid-server_zh_CN.jar.gws C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\RSSFeeds.html C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.commands_5.5.0.165303.jar C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File created C:\Program Files\7-Zip\Lang\ku.txt.gws C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\jvmti.h.gws C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions\Document.gif.gws C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jvmstat.xml C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Messenger.xml.gws C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_choosecolor.gif.gws C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\hprof-16.png C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\ExpenseReport.xltx C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_hail.png C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\Origin.xml C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-down.png C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository_1.2.100.v20131209-2144.jar C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\epl-v10.html C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\DigitalInk.jpg C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File created C:\Program Files\Microsoft Office\Office14\Mso Example Setup File A.txt.gws C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\hwresmlm.dat C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ExecutiveMergeLetter.dotx.gws C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\clock.html C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)alertIcon.png C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_ja.jar C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\babyblue.png C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_ButtonGraphic.png C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\35.png C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.continuation_8.1.14.v20131031.jar.gws C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\rjmx.jar.gws C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsFormTemplate.html C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-coredump_zh_CN.jar.gws C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_VideoInset.png C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_ja.jar C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.jpg C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-gibbous.png C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.win32.nl_zh_4.4.0.v20140623020002.jar C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_VelvetRose.gif C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ZoomIconsMask.bmp C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiler_ja.jar.gws C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\flyout.html C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_settings.png C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-api.xml C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-api.xml.gws C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-uisupport.jar.gws C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\boot_ja.jar C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-coredump.xml C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\Concourse.xml C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_content-background.png C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\grayStateIcon.png C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A

Enumerates physical storage devices

Processes

C:\Users\Admin\AppData\Local\Temp\3bee1d24189d4941f68b96da6e207be4_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\3bee1d24189d4941f68b96da6e207be4_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe

"C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe" C:\Users\Admin\AppData\Local\Temp\3bee1d24189d4941f68b96da6e207be4_JaffaCakes118.exe

Network

N/A

Files

memory/3012-0-0x000007FEF5E8E000-0x000007FEF5E8F000-memory.dmp

C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe

MD5 3bee1d24189d4941f68b96da6e207be4
SHA1 dce911b1c05da965c8733935723b88bc29d12756
SHA256 a375201f22b6e71d8ea0f81266242e4638e1754aeee14059e9c5e39026d6c710
SHA512 a40b01c630ff2c4b90a2e1bbf285c5d558193ee0fba79a3210a56408087ca828292269945e3202f65b8eb038a565b1ea8a18d185864ba9dc4073a3633c86ca29

memory/3012-7-0x000007FEF5BD0000-0x000007FEF656D000-memory.dmp

memory/2544-8-0x000007FEF5BD0000-0x000007FEF656D000-memory.dmp

memory/2544-9-0x000007FEF5BD0000-0x000007FEF656D000-memory.dmp

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\invalid32x32.gif.gws

MD5 4624905679a8c26eb3cbcf0bea34785e
SHA1 341765659db6ac5dca240a2d559f9767b5ce1252
SHA256 799474c262c09de278cab1562154797551483d7e4cdfad242bdf51df82136e06
SHA512 25abe41f1b7e95c1371c59d15c27850a207a6221e77413ae3cef50b4c49cb98174f2c6da57f0be62658a545840ae5b55f80f2d24a54bc183babe408369cbc907

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html.gws

MD5 0642d2d543656090f67737542375d065
SHA1 e3712203384538166b0a6210643839d4225e5fae
SHA256 324f68091cf265d5fa4232d04155acddb152f7472cab54d433d84c62ece3daa8
SHA512 95cf9164922e1b7670d59bc00f2d8a0a9927d97054016c9324bc0121ab964656bb19bebcf6cd020cc6f633d63aa4c3860eea2c1a591142fb3a948235ec22f431

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html.gws

MD5 c62616ef21e492ce9e19f3b534f9f787
SHA1 95ba44c7bad9f3c3d64da082db80718438c7f32d
SHA256 5b64a36ad55a43e802597f343ba1dadf70a9a00304d60d20e08f58f94ebb9581
SHA512 bfdfd2c35a77e1c3d81b3448e0d1a0fb1527bb7a9884d179d64b35ca0c97c5b9c76fda8d9fa6dc4332e18e0962e6fa43de3d5266d9df49643c28769b77d285fd

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\DNTException\container.dat.gws

MD5 c3a747554556df614575dc417c3cf9d9
SHA1 2e71688b2013bc93b1c5c01e5fd902a32a62007e
SHA256 da1f992586145a03fec57464a38b8bb928cafd8fa9996386732e83a6de555ed7
SHA512 eb740b56bfc85d2c5be11af614cb413a0f0e055d6d2311d4790d86ad71c59a2ec4f13e09d04a180e3279c22ac320cfa38892bd0f6a5e8e04299ed64b2d514c2d

memory/2544-2120-0x000007FEF5BD0000-0x000007FEF656D000-memory.dmp

memory/2544-2123-0x000007FEF5BD0000-0x000007FEF656D000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-12 20:39

Reported

2024-10-12 20:41

Platform

win10v2004-20241007-en

Max time kernel

128s

Max time network

144s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3bee1d24189d4941f68b96da6e207be4_JaffaCakes118.exe"

Signatures

Jigsaw Ransomware

ransomware jigsaw

Renames multiple (3782) files with added filename extension

ransomware

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3bee1d24189d4941f68b96da6e207be4_JaffaCakes118.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\firefox.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Frfx\\firefox.exe" C:\Users\Admin\AppData\Local\Temp\3bee1d24189d4941f68b96da6e207be4_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\improved-office-to-pdf.png C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\StopwatchSmallTile.contrast-black_scale-100.png C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\LinkedInboxMediumTile.scale-125.png C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Integration\C2RManifest.osmuxmui.msi.16.en-us.xml C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\LTR\contrast-white\SmallTile.scale-125.png C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-30_altform-lightunplated.png C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosSmallTile.scale-200.png C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red.xml C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\RTL\contrast-white\WideTile.scale-125.png C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\Windows Media Player\Media Renderer\avtransport.xml C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\SmallTile.scale-200.png C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\BadgeLogo.scale-125.png C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_pt_135x40.svg.gws C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-36_altform-lightunplated.png C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-180.png.gws C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraSplashScreen.contrast-white_scale-125.png C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\proof.es-es.msi.16.es-es.boot.tree.dat.gws C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\core_icons_fw.png C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\hu-hu\ui-strings.js C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\nb-no\ui-strings.js C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\FileIcons\FileLogoExtensions.targetsize-32.png C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\de-de\ui-strings.js.gws C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\MLModels\autofill_labeling_features.txt.gws C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\typing\bubble\light.gif C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\flags.png C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\de-de\ui-strings.js.gws C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File created C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt.gws C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_WorriedEye.png C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-black_targetsize-36_altform-unplated.png C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\LargeTile.scale-125.png C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-100.png.gws C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\back-arrow-hover.svg.gws C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\nb-no\ui-strings.js C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\MapLightTheme.png C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\file_info2x.png C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\FileExtension.targetsize-63.png C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteAppList.targetsize-96_altform-unplated.png C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\ms_get.svg C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\WideTile.scale-200.png C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\requests\vlm.xml C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-64_altform-lightunplated.png C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\tr-tr\ui-strings.js.gws C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\BadgeLogo.scale-100.png C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\ExchangeMediumTile.scale-125.png C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\[email protected] C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosLogoExtensions.targetsize-16.png C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-100.png.gws C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File created C:\Program Files\7-Zip\Lang\io.txt.gws C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-140.png C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailAppList.targetsize-32_altform-lightunplated.png C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwcapitalized.dotx.gws C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\images\themes\dark\checkmark-2x.png C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl\Assets\OfflinePages\WebviewOffline.html C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalAppList.targetsize-72_altform-lightunplated.png C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-white_targetsize-24.png C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\fr-fr\ui-strings.js C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\StoreLogo.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\LiveTile\W1.png C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_share_18.svg C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-48_contrast-white.png C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-linkedentity-dark.png C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe N/A

Enumerates physical storage devices

Processes

C:\Users\Admin\AppData\Local\Temp\3bee1d24189d4941f68b96da6e207be4_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\3bee1d24189d4941f68b96da6e207be4_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe

"C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe" C:\Users\Admin\AppData\Local\Temp\3bee1d24189d4941f68b96da6e207be4_JaffaCakes118.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 5.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp

Files

memory/4496-0-0x00007FFBF2D55000-0x00007FFBF2D56000-memory.dmp

memory/4496-1-0x000000001C380000-0x000000001C84E000-memory.dmp

memory/4496-2-0x00007FFBF2AA0000-0x00007FFBF3441000-memory.dmp

memory/4496-3-0x000000001BCD0000-0x000000001BD6C000-memory.dmp

memory/4496-6-0x00007FFBF2AA0000-0x00007FFBF3441000-memory.dmp

C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe

MD5 3bee1d24189d4941f68b96da6e207be4
SHA1 dce911b1c05da965c8733935723b88bc29d12756
SHA256 a375201f22b6e71d8ea0f81266242e4638e1754aeee14059e9c5e39026d6c710
SHA512 a40b01c630ff2c4b90a2e1bbf285c5d558193ee0fba79a3210a56408087ca828292269945e3202f65b8eb038a565b1ea8a18d185864ba9dc4073a3633c86ca29

memory/2284-19-0x00007FFBF2AA0000-0x00007FFBF3441000-memory.dmp

memory/4496-18-0x00007FFBF2AA0000-0x00007FFBF3441000-memory.dmp

memory/2284-20-0x00007FFBF2AA0000-0x00007FFBF3441000-memory.dmp

memory/2284-21-0x00007FFBF2AA0000-0x00007FFBF3441000-memory.dmp

memory/2284-22-0x0000000001140000-0x0000000001148000-memory.dmp

memory/2284-23-0x00007FFBF2AA0000-0x00007FFBF3441000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\{E1E43AD9-F9F0-4786-88B7-21F449952559} - OProcSessId.dat.gws

MD5 c3a747554556df614575dc417c3cf9d9
SHA1 2e71688b2013bc93b1c5c01e5fd902a32a62007e
SHA256 da1f992586145a03fec57464a38b8bb928cafd8fa9996386732e83a6de555ed7
SHA512 eb740b56bfc85d2c5be11af614cb413a0f0e055d6d2311d4790d86ad71c59a2ec4f13e09d04a180e3279c22ac320cfa38892bd0f6a5e8e04299ed64b2d514c2d

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\invalid32x32.gif.gws

MD5 4624905679a8c26eb3cbcf0bea34785e
SHA1 341765659db6ac5dca240a2d559f9767b5ce1252
SHA256 799474c262c09de278cab1562154797551483d7e4cdfad242bdf51df82136e06
SHA512 25abe41f1b7e95c1371c59d15c27850a207a6221e77413ae3cef50b4c49cb98174f2c6da57f0be62658a545840ae5b55f80f2d24a54bc183babe408369cbc907

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.gws

MD5 ad8a20c3354cc9e1e977e15465823344
SHA1 ebccef3db400c7cef2996b3657f349a381cd807a
SHA256 2602bd92230180ce6746824e1c0e2266b1ed1643e6cbed712e23af1c88f5b811
SHA512 950f82cc355f6bbf01e581af6627d3dab31cb893fb9a036e0a7c8d0c3f097ba47ceef5b12be915d7164b69c5b1f2e1c52dfd6bb1304ec8eee33dd6b28a9eb62c

C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.gws

MD5 02bcd4ccce238299d4b7279fabe1078c
SHA1 f086725a337c62e4dff2bd0e33115ad58b7a7df0
SHA256 935fe7ef1e5df94a769e677657e9a910748eba742d0e8fab219ccad10d55d48b
SHA512 5b3b1a99b5e8693369e3ed8c4ed7c6f92ed5f470af6163dece4e5c150339efa5afcb1c4124237ba0d115fb0b0274834a9a7ecb5062caf6edc835a88a582ffa3f

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727658826891613.txt.gws

MD5 ab5c2b29946b9e09f0dac4fa5100eb68
SHA1 caad307b053bd42c3bd2ea3d65f57b2da6faba4c
SHA256 78a579c9dc6926c5a873d8977563737038f8ebac604ad7f9a845464f2069d31a
SHA512 bb41728e6f550543a4cfbaaad233c2511828deac1bf49bda3df4a71d1e543b6bb0c5ff7f0e3bc03dd2d13a0290d4088dbe1520379f78767b1dffdd019ce7644a

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727660257997193.txt.gws

MD5 4f8cb35a6adbb86ba3f8738a377a2c31
SHA1 ba07a75fe8fa06959fce60800c17b0b9b4af3e22
SHA256 78da6cafaf910ea83fefb3bd4a99a67f411986f97836d8d085e840bbb1bd9d87
SHA512 19fc06769a41a4c4abe3ded733703394ca237eea133c839ad87ed2d2f0739b5fc132c9d4254cde1b7bd6823ecddb4af85cdeb66ec6d3da8d292b47a1aaa720d5

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727666145703406.txt.gws

MD5 1de71eab93a6e25a601dea5a4f0fd8ad
SHA1 d92322a61d8bebdb7270e39dc274c516eb911aeb
SHA256 de19656f40d03f6ac475d247e133110486216605ff88e7bbe59edc4e47608900
SHA512 dc189e5a0be596c42ea041ff937ccc56a79a6ed5bda180a85cae57286725a87e0113c36da06a247757f9ac50d0e4db1ea277271e256d9a15c3a9ed5151a9bc78

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727713212700378.txt.gws

MD5 3b18def11a096b99ef0b9d2e1db5ec54
SHA1 16b093c50db99a5b474792f673d2e9abf3beb03a
SHA256 8ced4dec2ff834a5b5ec755a24cb2da0edfed8cdb1ca9b4f4495fa4c3a1acac1
SHA512 e562e3f234186bde91f7ffd6da3b37f3fe6a72626ddb9cd8726754ea579e522252a4d0f6ce5caaed11bbfb53e764ea6bce1bf080cd579ab74af21064db700efb

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{956eb289-a20a-456a-8100-e4caacde1a1d}\0.2.filtertrie.intermediate.txt.gws

MD5 92df3955a31d89c551eccf694988de89
SHA1 ee7273f91878ed7f65aa60cc342a22582d87e07b
SHA256 69a1de0369c140ef6f2ecc92b7e000555c3ee25e5e8de574696d4f4edca114d6
SHA512 d38ba0a4fe7e0214c436069f4cb1fe0ac0fa2637963bc51ad9e374321f80910299b9d49675da7dd587c6de89108be4389a4f5668ff243463b54406684334a7c2

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{956eb289-a20a-456a-8100-e4caacde1a1d}\0.1.filtertrie.intermediate.txt.gws

MD5 208da38c14d2967e979f4cda92b451f9
SHA1 07f4c57d3cc75482044886c985a52a928b96266f
SHA256 1b2c165eb9e14a6b184880b765e8c0a7217c95d34772c7e4cf7e72833627ad34
SHA512 6405723ac441ddcda39d81c64b2cd12ee6ec65f6e522f77db02d9a9c332ebe61db5422335af83521a2bd7cec468e31ad375b978734b9b8cdc688f690ef52863f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.gws

MD5 9195babb88903ec828fafe337b76d0f2
SHA1 e0e39add32fb44fc9bd3cf4b4a3ac4638a7339de
SHA256 7deeb653bfe38b620d6fc6ca0fbdc4574f2a037ab7068f185d92d9b730f2f031
SHA512 0fd753ebad66626ff28eb2d948aa5d3162da26071c5b90cc460c7d4e1cabd0263108b4bf65007c43a7b005809b15a79dd9186c7def9921bcc67c9fea41ae8f26

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.gws

MD5 22248b1821cf5dbe8c49c0cc98d1341d
SHA1 cb2c50d0a6c9a9b310f729fbeab62b6f281f4244
SHA256 5edf5ddf0e1014223ffcb1c59c92df6b8141b67e47d91cf246ca4a95f94dee6a
SHA512 02c23004cd3c84ad08ed2516586c752a0a5bfe1c67efd7308b6b8c6d9fc199b1600d893b927ee6a3f9d833de1ddadfeadabcd4de5f2bbd64aad98f838288944a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.gws

MD5 62a95a98a94edf4ad7b9d0bcd0ff7259
SHA1 e83683f0f49b6b274aff6d73c1447daa937135b7
SHA256 99dbfd770693af4b6abad1d2ccbfb05b16df49a9f208d68f7ae7e1f6ecc88946
SHA512 9ea6c8452028ab929b2e614cd7bb48e70fd493a114065fdc8a9d5aca91c8f923bbd440765cc17f7ea346c627342b2fe411b4aa7f7aaa20bf26055641cce321ec

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.gws

MD5 0b321dd2b5189902c72e6bc9f52ebf6f
SHA1 35b51e0af30cbe53e3549052d72c0a0e53c7ed11
SHA256 914f07c24cd5d64559c04ea01bb1167ac6d676f002de57ea1c6bb74ed35e80f3
SHA512 f7bd79e2ebb0c75a89778a712d01c044e66e0cb1ef448e22357429d60f9b8a88d133fea275a4064c525dffc7f036d0fcf4e73d5a39e1bf91160f665b43833cf3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.gws

MD5 62bc1d19fcda5c6662f9243c113ad342
SHA1 d07e29f8bc79b97b88348080ef97a46bd2cba354
SHA256 c6ebf7bae976762bea7d3bfcc0b5c4edb5cd3edf274aa769b571376816baf08d
SHA512 16b083eb6447db1f55ce978eb2e6e561e7fcf8b2ec6eddc13b2f77127961cdfdc7e057fe2deee9fd48ecaddc33e7fe3a8be5e2b923a0c8e8d6799cde885980f2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons.png.gws

MD5 48427442e0177f8cdaf8d1e9ddfb21f6
SHA1 78c02b52a6d0d668d2bfd1e8a479ff43e66c0713
SHA256 176f86db5673cdb183673e78653793af1cb9f045355f741d3ecaefc8e1a46425
SHA512 90ae974e8860fe20db37771a2e4cdbada4160bd759b0ebca058b5669e4299614487fc88acf2e46649590b857e8a47efe806f96e83c9e7b3ef66be730b017487e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons2x.png.gws

MD5 7e285d75b28652fdf6b881c072d6b89d
SHA1 fe9acebb06aeeb7e98d1974c4198df592104ac17
SHA256 1c5547c483a251bc3a89ab4cc3c9dba027e9d9372d5e8115a948015c4efac10c
SHA512 df5e1638d9acc9ca5cb125b067b35c6a73d0593de12bee5bf75eeb11242f6216ba5ad2e0601678ddd9d14231d4b7d2ccb2abef7b5a6c1c40f35515f13256f733

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.gws

MD5 3b3f035afc1a1134b77e5440a3d90de4
SHA1 99695d2bd5e5b641325ea6d3fd8ed9607f0fe79a
SHA256 cf28f076254df0547a0c57f56720d7dd0a6777459245e9250e7f737b8b67566e
SHA512 6936e4edc53afe1c5c73cba5fc2c16ea53d611685b26beffa894c109085ac8b9468dd8cda647d655053402415bbf5a7fe8db76931100bd4e42aaa1cc46fbe273

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.gws

MD5 aafaf4da622af921e65db18aff47b94e
SHA1 a2ddec0206196c9f10bee3c0e8cba2630986cfc7
SHA256 bfb856384d589ce55f860463d822e40ea9c09e1c26acd45473ef7b5abbdb6f72
SHA512 c3f3ceca051a3599168b6b65d7624fa6089a3aaaab097787754b40fd4fb11494c5b9663c84d2ca519856203bf045e08ff19f3237132a253451ae4df337a559be

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons.png.gws

MD5 2e258399eb4eb1a929c90bf2e3e90259
SHA1 90e9186422f3eacb47066431f233182becb663d6
SHA256 dea0b77cb4040e8bedce0b979dfa1a1e8fc5062d699961c78be9b51a293e79c8
SHA512 64270a446608e86361a1b3d3998c6e17f18a3d90614f11608c04462e601ce0dcb18687ea63dcf9419a674bfc8397dc069b38549bb2b3cabd2dbbbf47d3ea8779

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_ie8.gif.gws

MD5 b302ff685a7fbe2d5fa113ea3c4887ba
SHA1 ad401e158a4a13980b95d6af041f93832f9d4694
SHA256 afc755d89dbc70dc27eeb13ab80ff4ee7009c0135885864ffabd107e0318f56f
SHA512 a9966f7afc89585dacff48b1f58b66f2a1c490cf620dad87d0100cd60fcb40cf73ce70daa311e8bd97f4cf18646b6242ba0994e661ded3a48d4dd29ae1897cb3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_retina.png.gws

MD5 0e8b8abfd04a1668040d20e24dc9c51c
SHA1 f1ccc10cb526227dbc8bdf081c73460ead02243d
SHA256 df4236744db8166320d833091b964e8db7dff969c31c38d8b070848161c90358
SHA512 1399afd668efe263462cc88072dfb128730eeac253635af6561efb46df8f97e557727b6c826dde39215a7430d7fbe15405f0a8b4a5a2273e4166f23d89884a3d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons.png.gws

MD5 6461793e4d9ce8147f404890cb75f69b
SHA1 b7db8d5a202340af9e988c81e2cdc6f34d286e94
SHA256 d116262eae4db29fee337dd8888e0ab5bd54cd5080bd6e1b78653546926376d3
SHA512 88bbff83a9331017b624e74a66daac47981e96aa12fc86793a514e0d1495f4965720e8443532959ea95ad04dcf9055ca4d3ad759d1c41bcd62071ac644f4c1ed

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons_retina.png.gws

MD5 b3cf517679639deb3c21ff8fd2d2c6bc
SHA1 6ca03f7cb27bcee1b950953294b72f159fbe9a2e
SHA256 31b9d9de8dd7fb2d594f6576cb1acbf14b5a977858f22765d7b4d88be6bd4a2c
SHA512 e812fcaa58f7aada8444dac583c09cd399921a2d0cd1852af16ae01d19539949f2a382f1f4f1427d656e73aa141106a54f4f66b5221f0535f20863e2dc9a27de

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.gws

MD5 d8ba28a1a8f4e3d61ca028274823aed8
SHA1 5b89830cb539349de30354c7fc2c940f184fa24e
SHA256 f3f5d4df195d8aacd187e73c3462923d539de1aa2b340c76acc48285389ffc84
SHA512 26cdd584a2054209aa3c6632f0e13a838f99448c299ff1028b08392f817be2cb536c4b1383c6784e0072227ab9d67421ae42ee7f3aa2ffaf1f58b981387144b7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.gws

MD5 5cb13824a91c20fe5a896db95ad0db3d
SHA1 8308c3774c94c10697f97ebe1bbd69b89de6e03c
SHA256 61ba3593b4e99ca4264d61520af7043fd306d90789757dcb1cd13dc134ec419f
SHA512 8743927af311913a89a0247ec9e9b1ee2fb2dca43484ae7a12c5cc0bf36ffc953ee3189687e5dc915fcabb5744d5db31d58b1a09a028d61fe5f74767180dd89c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.gws

MD5 76a0cae76df925d676aa0a66edb49d41
SHA1 24f80cf554a6bf04cf122f363721ccd163665244
SHA256 3aeb5965e29e9c4b7c707f4df94314fc679d750d834e2668b755ffc4a0e534c0
SHA512 02a35bd3770d1b65eeb77ce37f313d454e4cc47273b69e8a5e5443c5ca10ab3f4e97188a99111b23a76c2eb9a0452f5cd0e86df99a093a7d89b0f5d0f940f122

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.gws

MD5 13236effc7ba5c135e80417317c47a24
SHA1 a3c54d456f6d895fc8cfa6701235b873aaeca845
SHA256 75ca63c5a1f618d7a6ce1adcb50515188e4be822189ffd7a8a7b776db4c6397f
SHA512 56fe2c7a78b79a07ca15ef791fcc6861eb0d47033740286786498705504f16a170a3be5154a43b2e603dc9b1700826588ef5e023a27be90d2d9b50832f91699a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_patterns_header.png.gws

MD5 5565bc8bc1ab266bb7d5eae4a73ceef4
SHA1 afafa00b294b5d77fc529b51661d0ded91ceba2f
SHA256 7468618a4d4263671c03e6517d492b7692d37664e5f3bb00feccd827d33bbb4e
SHA512 299e961e147a93636b8308c2b38f2f6ff87f98c70a906a74ec5726c6468528393c91ad465ffbf817b4f716908c4c60345f5e7464ceecdbe506b836d494b28024

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_pattern_RHP.png.gws

MD5 e8562f0ca25ac1b165e9061176f3a9fd
SHA1 b4fcf4b0244720b5bd441c5e6b5fd9982d5cdb65
SHA256 2dad421ee2f1ae878de8e09287e1074a50ddd9143d86f04a1ec640bee5363e58
SHA512 1333ad5c91b27bbfa00199c16610be604c0600a3afa1babff8933e00e88d07c340dbdb1659144bd2ab1566afe33dfdbedede59b17121fb495abbe1a72c9d0ab5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations.png.gws

MD5 bde7908ce88d492fb59d3c3bda22e4f2
SHA1 0b3712d8311402d90c716690696b311bcfbc8e03
SHA256 97521de7a9139433f8ee9ed7548fe1a37772ab983982c065bffb9d4b56064d9c
SHA512 9c2a455e544634a0a77ac55a5ac35e5fccc70092e5e813dafb8b88f5b6b00e2369a546a288616d5372e1a6a3face0e53d4ac80a462fa6f23ca282ad15999ddac

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations_retina.png.gws

MD5 011c5d91fb53cedaa1549c56cec838de
SHA1 36338d82eed00905ce689945fe8c8f04ccf437b0
SHA256 db7409ddb4e3d494a5885628cfa0ed5f827b0b591b527ba22d4da828d03bb3b0
SHA512 c9f4c26930df21497df3aff3bf8495989bb439e04c98e5ee9becd8107a6a498c1101016be13ffec7a1e4e41d7bd559cfb0fb83e23ac6132d6e27bd89b98cd5f3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.gws

MD5 5db32fe374f7ce1e7ff5bd66941f6694
SHA1 512353068c8ab1fbd99dc0b1344df2133ca4f064
SHA256 cb5ae253bd31d0bc80a494049627347dfae43be10f0ce03787d36d07b3a88b13
SHA512 532d788a2dd32e106aabd8104204972c1f60f1edbe8c74de3a7d219fc82d00bde43ea212e749eb858408db028c9387f6863c84e83b3245966ac6e35e52e82117

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.gws

MD5 47471ed13f58e0c7fd240c0b8a26db6f
SHA1 bfd84b3bf8078a1e4c11520f7de3b91bcaa30eec
SHA256 8c01439e436fbfdfc1ace7426dc41fd16107f41d788c41c22c1e87d51b89f6d5
SHA512 1456e7c0aed0c585786fedd961fb76c36f7614a661390e514c99106379ecc47c8504b603be33d66d4f7245e1f1786de4549f8000fb17fcea8227ecb262b63532

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.gws

MD5 dc8504577cfd34a04d2330919131de61
SHA1 0fa4d4d0e17492a11a8fab720fcac79c95b9c7d1
SHA256 b91ec2edcdb6bf6f110b66667497fa2c1a4146014acbb8e148f0fc22bffa9f54
SHA512 59455d1d395c6b14c15a99256cd6931ed43d381f390769e6ccbbbf9d0579b1c7765b32645e4d8e642cff4f747c37581e5b59ce35c7d7d4e54942a02880be45a6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.gws

MD5 6e6016bc84deba55074da787c9d84427
SHA1 00954733451fba0c6214b7915d5463ee5c22be2c
SHA256 b674ac346d9812a166f1ece75744c02c1d9c77495413d75d15b3874f4a1a90ad
SHA512 0a15ac8a0b54a44b022c0a6e5e72bb75b38caa865987a0b903a874df2c05f3c5bbc0edfee46f642191a55de0c540eb52a23d9da1cf10e80069c6be242b13c3c3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.gws

MD5 e38b4af75143cf8788410ccb04d5b729
SHA1 215bf41e75ff8afc7d48f2193e087b5bfe305411
SHA256 fa48c4dc49de8be4f7b935ae9ed31eacf07af890430a2598e13ac2dae5c06ae0
SHA512 ecdbd98f15f446c0e5cfa3c6718459c1df9b075c6f987ce278d0a17028e549096d7fad53bbf2da4e9c68750aec6be4c1229ceed6c281ce28d4c2c0ca0d393b6c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.gws

MD5 28acecd51ca758dfe88cd646b12e93fb
SHA1 95343fd5639cbc36e46781a58f5e81c43661fc9b
SHA256 9fca2c44154dcd3163f34f9e3cb65ce79eae9319fc027d022beabf075d1fd5f8
SHA512 a1803b49358c2547295782683c1cb4d5352d356cabf83857b0f86d7872a4403ad3bb1ee1d4584708336634a26e5252b38d446bbc78a4a351867228c4ef0acbf9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.gws

MD5 e399a057a31531a39bd6a4ffedf4977a
SHA1 d0cb7011364cbece4d61f7a775a302d92569815f
SHA256 34acd0127e4229f709236a7f97641ec46f3984fa3b83adabb01534f5e9049366
SHA512 b0be132e28bdd45e9ab1150fe0551eff52f2315c353bce31afe89993212732c993f22887a50ef9b9c36f752ff488a594fba14489b070d03bd336d7b638376038

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.gws

MD5 dc5f49c3c6ae80a8dd9d0543b7aecf6e
SHA1 fdd5d859c980dccf41a5af18b4761a585d5eecbb
SHA256 dc1945093eda6a7b0ddb12b22e0e1237c2f707a04370f52cf419bf648d1d98be
SHA512 2cc57851ca05f35d9073d1cf70622aea0f6b917321b7312d0fb670b48e9e04ba6d70d748e4ac132c9e80674047ab7ab9b1a8cd07d12d171041b4fdb015b5f537

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.gws

MD5 300eee88fe682535cca98094250f4696
SHA1 8b545844de4afd84082da0615fc6647e7731ad9d
SHA256 1441606a323724753c6edfbda12eca06bb26042c1e2b9ad5bb1ed21b5246c29f
SHA512 307e1537429d85895d8d86e606ad227bc44d7d3f4742b36b66c9d97f4492c5a56d9e13eb1433d5f06a108160f4fa03b5db5a8a1231cc817e9c2af14faddcffc2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.gws

MD5 15bf1ecfe6789eaa851d0f1abb7398b0
SHA1 797715eafb8dfd2af57a9d078422525daaa83085
SHA256 6029aaed6b91cbb63ec0bed01bddd5288b53a1271bd3327c1005f96a62b9ee54
SHA512 0211838b895defa302aa206803e0df8811ea243053cd671129e5000d81de5700759f72c095a6f0e7bb09894a06b0e8f76df2214bd12d87190c14372148d41ccd

memory/2284-3811-0x00007FFBF2AA0000-0x00007FFBF3441000-memory.dmp

memory/2284-3812-0x00007FFBF2AA0000-0x00007FFBF3441000-memory.dmp

memory/2284-3813-0x00007FFBF2AA0000-0x00007FFBF3441000-memory.dmp

memory/2284-3816-0x00007FFBF2AA0000-0x00007FFBF3441000-memory.dmp

memory/2284-3817-0x00007FFBF2AA0000-0x00007FFBF3441000-memory.dmp