akira | 1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc

Analysis

max time kernel
570s
max time network
572s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
19-04-2024 04:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
Size

573KB
MD5

503f112e243519a1b9e0344499561908
SHA1

8d635ca131d8aa20971744dcb30a9e2e1f8cd1be
SHA256

1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc
SHA512

71da9efbc24bf3428f7efd08f47e6dc698cdae769a918800de72ab4945fb79c2f5b92d21a839d9e13e700b3cfd6ae365073c32a6f368e43830c6ccba3322d00e
SSDEEP

12288:BV0qnXKTH2P6rxTcQpXDHgswvodgnAdA:BV0EMm6rxTcQjos

Score

10^/10

akira ransomware spyware stealer

Malware Config

Extracted

Path

C:\Program Files\akira_readme.txt

Family

akira

Ransom Note

Hi friends, Whatever who you are and what your title is if you're reading this it means the internal infrastructure of your company is fully or partially dead, all your backups - virtual, physical - everything that we managed to reach - are completely removed. Moreover, we have taken a great amount of your corporate data prior to encryption. Well, for now let's keep all the tears and resentment to ourselves and try to build a constructive dialogue. We're fully aware of what damage we caused by locking your internal sources. At the moment, you have to know: 1. Dealing with us you will save A LOT due to we are not interested in ruining your financially. We will study in depth your finance, bank & income statements, your savings, investments etc. and present our reasonable demand to you. If you have an active cyber insurance, let us know and we will guide you how to properly use it. Also, dragging out the negotiation process will lead to failing of a deal. 2. Paying us you save your TIME, MONEY, EFFORTS and be back on track within 24 hours approximately. Our decryptor works properly on any files or systems, so you will be able to check it by requesting a test decryption service from the beginning of our conversation. If you decide to recover on your own, keep in mind that you can permanently lose access to some files or accidently corrupt them - in this case we won't be able to help. 3. The security report or the exclusive first-hand information that you will receive upon reaching an agreement is of a great value, since NO full audit of your network will show you the vulnerabilities that we've managed to detect and used in order to get into, identify backup solutions and upload your data. 4. As for your data, if we fail to agree, we will try to sell personal information/trade secrets/databases/source codes - generally speaking, everything that has a value on the darkmarket - to multiple threat actors at ones. Then all of this will be published in our blog - https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion. 5. We're more than negotiable and will definitely find the way to settle this quickly and reach an agreement which will satisfy both of us. If you're indeed interested in our assistance and the services we provide you can reach out to us following simple instructions: 1. Install TOR Browser to get access to our chat room - https://www.torproject.org/download/. 2. Paste this link - https://akiralkzxzq2dsrzsrvbr2xgbbu2wgsmxryd4csgfameg52n7efvr2id.onion. 3. Use this code - 8207-KO-BXVB-HKJB - to log into our chat. Keep in mind that the faster you will get in touch, the less damage we cause.

URLs

https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion

https://akiralkzxzq2dsrzsrvbr2xgbbu2wgsmxryd4csgfameg52n7efvr2id.onion

Signatures

Akira
Akira is a ransomware first seen in March 2023 and targets several industries, including education, finance, real estate, manufacturing, and consulting.
ransomware akira

Process spawned unexpected child process 1 IoCs

This typically indicates the parent process was compromised via an exploit or macro.

Processes:

powershell.exe

description	pid	pid_target	process	target process
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	2232	2184	powershell.exe

Renames multiple (7734) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops startup file 1 IoCs

Processes:

1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\akira_readme.txt	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops desktop.ini file(s) 32 IoCs

Processes:

1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe

description	ioc	process
File opened for modification	C:\Users\Public\Libraries\desktop.ini	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Users\Public\Music\desktop.ini	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\Desktop.ini	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Users\Admin\Documents\desktop.ini	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Users\Admin\Downloads\desktop.ini	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Users\Admin\Videos\desktop.ini	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Users\Public\Desktop\desktop.ini	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Users\Admin\Contacts\desktop.ini	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Users\Admin\Links\desktop.ini	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Users\Admin\Music\desktop.ini	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Users\Public\AccountPictures\desktop.ini	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Users\Admin\Favorites\desktop.ini	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Users\Admin\Favorites\Links\desktop.ini	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Users\Public\Pictures\desktop.ini	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Users\Public\Videos\desktop.ini	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Users\Admin\OneDrive\desktop.ini	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Users\Public\Downloads\desktop.ini	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files (x86)\desktop.ini	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\Stationery\Desktop.ini	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\desktop.ini	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Users\Admin\Pictures\Saved Pictures\desktop.ini	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Users\Public\Documents\desktop.ini	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Users\Admin\Pictures\Camera Roll\desktop.ini	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Users\Admin\Saved Games\desktop.ini	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Users\Admin\Searches\desktop.ini	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Users\Public\desktop.ini	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe

Drops file in Program Files directory 64 IoCs

Processes:

1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\ru-ru\AppStore_icon.svg	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\sk-sk\akira_readme.txt	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Gothic.xml	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\akira_readme.txt	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\OneNote\prnSendToOneNote_win7.inf	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\WXPNSE.DLL	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\images\themes\dark\akira_readme.txt	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Grace-ul-oob.xrm-ms	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\akira_readme.txt	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_4.5.6.0_x64__8wekyb3d8bbwe\Content\surfaceHub\en-GB\doc_offline_getconnected.xml	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarLargeTile.scale-125.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.15.2003.0_neutral_split.scale-100_8wekyb3d8bbwe\resources.pri	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mr.txt	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\Assets\Themes\Beach\mask\1d.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\svgCheckboxSelected.svg	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.16112.11621.0_x64__8wekyb3d8bbwe\Assets\iheart-radio.scale-100.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OsfInstallerConfigOnLogon.xml	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\Windows Defender\de-DE\EppManifest.dll.mui	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.0.1605.0_x86__8wekyb3d8bbwe\Microsoft.Advertising\bootstrap.js	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.56.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\34.jpg	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeApp\Designs\Emoticons\large\bandit.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeApp\Designs\Flags\small\kw_16x11.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\HxMailAppList.targetsize-16_altform-unplated.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-pl.xrm-ms	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ul-phn.xrm-ms	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneMusic_10.16112.11621.0_neutral_resources.scale-125_8wekyb3d8bbwe\Assets\AppList.scale-125.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.56.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\Weather_BadgeLogo.scale-100.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7668.58071.0_x64__8wekyb3d8bbwe\images\8498_24x24x32.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\it\akira_readme.txt	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\css\main-selector.css	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\zx______.pfm	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightDemiItalic.ttf	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\akira_readme.txt	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.OneConnect_2.1701.277.0_x64__8wekyb3d8bbwe\Assets\contrast-black\OneConnectAppList.targetsize-96.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeApp\Designs\Emoticons\large\wfh.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\TimerWideTile.contrast-white_scale-125.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeApp\Designs\Emoticons\large\wink.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1702.312.0_neutral_split.scale-100_8wekyb3d8bbwe\AppxManifest.xml	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\ja-jp\ui-strings.js	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\it-IT\InkObj.dll.mui	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\security\java.policy	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hr\LC_MESSAGES\akira_readme.txt	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\Assets\Themes\Beach\beach_12h.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\Assets\Themes\Western\mask\1s.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files (x86)\Windows Defender\es-ES\MpEvMsg.dll.mui	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Resources\1033\akira_readme.txt	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File created	C:\Program Files\Microsoft Office\Updates\Apply\akira_readme.txt	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\eu-es\ui-strings.js	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\Windows Media Player\en-US\wmpnssui.dll.mui	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7668.58071.0_x64__8wekyb3d8bbwe\images\OneNoteNotebookLargeTile.scale-200.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1611.10393.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-white\LargeTile.scale-100_contrast-white.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\form_responses.gif	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\da-dk\akira_readme.txt	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ipschs.xml	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\bn\LC_MESSAGES\vlc.mo	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File created	C:\Program Files (x86)\Internet Explorer\akira_readme.txt	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\Assets\ThemeCreation\Zoom_in.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7668.58071.0_x64__8wekyb3d8bbwe\images\OneNoteSectionGroupLargeTile.scale-100.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.OneConnect_2.1701.277.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\OneConnectMedTile.scale-125.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.OneConnect_2.1701.277.0_x64__8wekyb3d8bbwe\Assets\contrast-black\OneConnectWideTile.scale-200.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1611.10393.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\RTL\contrast-black\akira_readme.txt	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.10252.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.targetsize-20_altform-unplated.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.1.3_1.3.23901.0_x86__8wekyb3d8bbwe\AppxManifest.xml	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exepowershell.exe

pid	process
5044	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
5044	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
2232	powershell.exe
2232	powershell.exe
2232	powershell.exe
5044	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
5044	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
5044	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
5044	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
5044	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
5044	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
5044	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
5044	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
5044	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
5044	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
5044	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
5044	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
5044	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
5044	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
5044	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
5044	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
5044	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
5044	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
5044	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
5044	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
5044	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
5044	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
5044	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
5044	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
5044	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
5044	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
5044	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
5044	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
5044	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
5044	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
5044	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
5044	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
5044	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
5044	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
5044	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
5044	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
5044	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
5044	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
5044	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
5044	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
5044	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
5044	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
5044	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
5044	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
5044	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
5044	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
5044	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
5044	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
5044	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
5044	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
5044	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
5044	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
5044	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
5044	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
5044	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
5044	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
5044	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
5044	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
5044	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

powershell.exevssvc.exe

description	pid	process
Token: SeDebugPrivilege	2232	powershell.exe
Token: SeBackupPrivilege	3264	vssvc.exe
Token: SeRestorePrivilege	3264	vssvc.exe
Token: SeAuditPrivilege	3264	vssvc.exe

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
"C:\Users\Admin\AppData\Local\Temp\1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe"
1⤵
- Drops startup file
- Drops desktop.ini file(s)
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
PID:5044

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -Command "Get-WmiObject Win32_Shadowcopy | Remove-WmiObject"
1⤵
- Process spawned unexpected child process
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2232

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.akira

Filesize
1KB

MD5
93ac7f248151c5d191740a1d9e8eed7b

SHA1
7162d101d122be21f436ea3435b84e3a75c455a8

SHA256
ef3f4cb681da8b8dfa61f6d7ddc999db2b0ee7d7dde250e55a87ed425bf53db2

SHA512
67ea20dd17c8b6523c0a11f417719bd3fdeb60b8259d592a74bc1b5b1c1336997e24812946b204b3e264d724842287505ced34eb86881ffbc4a215de9126afcb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons.png.akira

Filesize
1KB

MD5
65bd773d2ab3a6a853a6fca973fc5c26

SHA1
c3ca9108047140660edaf4c7e52bfa9e19a3a09b

SHA256
760b508aa761aed6c5e777f1c6ebb16192f0f9323dfc63b3f63736cdfce0ae85

SHA512
058aa11ab5ef579760b7f77e92f1e65bcfdb00d3fcb22e5983e4e212a220b817ba047dbb33af56ff112953acb6cf46790fcdc8c296b7b8fd86deb39f652f2f86

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png.akira

Filesize
1KB

MD5
d3092b16acb9791e04ad2d3c137e6fcb

SHA1
1f40b6dda618d6cbe7cd232f1feaf68aa69ab1a8

SHA256
9e0a4c9748b72a7a398419346b3e2f5c53ff745c8a136425cabee87f997139ac

SHA512
039e4bf41f7f81ea77f8eed5003b19d30b7e13ee723642c0812bbbac87129be030ff63590a89756d02495d1da4d4b5a0b8da5e30895e2435a230c8a2f03f759e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.akira

Filesize
979B

MD5
3b1a3b8e868bf75f64eea50c5daa56b3

SHA1
b435375c608b8e924184c68544728b6f641c5fd5

SHA256
94a528c052b954a382148ab2387def96e3147d39e0f851013ee88083a6876954

SHA512
a62f29ed1504e9493a7f4429c283993a8aa0b989f9c78ab73fba84e7d538899d9d679beaa2d2302c071c5bb6b174816aff0db055317e5a924a2d5be444224a39

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.akira

Filesize
1KB

MD5
b648e38621a0bdc6f4fca86d102945d9

SHA1
398afb8dc74a2c7a0f7d7e5a974621f2a51aea98

SHA256
eac37e181c9a9464ef773765e1b3c9e7d3fdbd48fc645bcc9340ec6174ebf4e5

SHA512
a8d257eaf95ee0fb84182ec0c97c7ce0b379c93d81d1be923913378fa27cf4b1f363579b7375d5294afc5d2789ee0996bdc291fb2abc31104e44ba10497c51cb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.akira

Filesize
922B

MD5
7a3b16225bc61f5b4a6035ad95bf22eb

SHA1
d46c8e08a5c1fc599d7ab0e0332d32785b4eb99c

SHA256
8bdd5a131aea79e5890136f22de40f97028b398f5b4c9d8a6d5b230fa1119cce

SHA512
6a586327e5989c965c17253b78574a313838d94ff7cb610d1ea9f55a08a4728e29519b0175bc301edf1d8488a970342acef92342317f26be04c7268beadb9413

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.akira

Filesize
1KB

MD5
202a214a365544e92d30fcffd9f19c1b

SHA1
293f50053ea7e6adf05aed71cd4d74bbcda32dd5

SHA256
350caa13d2912ae3bb6bf733458a79e03cc26eb79185e212453ca4e8c532089f

SHA512
b8e6ef55df8ab5e804480668faee4d33920fc9ed9b47a4c4ee59724e53ec5dd43c2505a35c7fb2a65f0ba39d439fd6e1bea7d0008e984448242a2d3a4f4c0f8f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.akira

Filesize
922B

MD5
37030e56ed5c1f0d5a9fefce9991e818

SHA1
f8b752bcc2faf34339bb811ab82ec4f6762d99f1

SHA256
ff71464fccfb2e88ef0682fd7600ef79ca5dea0681634c979c80f44a6a8db12f

SHA512
181ec5e7056e92a7629793453d636cfcff6f27fddfbf669ae8f47c5e7a2f7cd53d4e133cf78cb66544e44c9879a334ba1a65c05789f2627ea9ac5abb24c7eae6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.akira

Filesize
1KB

MD5
9a42419e5227db57e0c72f72b237894d

SHA1
10cdc4cb0b65f195c13a4122c3363267dea2f508

SHA256
7d84f733eb5f86b89ead0ae91d1d65678ea615b78ea616605eb9ae77a9ba6b1a

SHA512
4287415710aad74dd6b4c7c955678c3a4156260dcfc851c6180155364c801a7e93d4caa4dbec6cf8e99943b8ccc48a5409fd07cd8623265551d94fc17871b4bb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.akira

Filesize
922B

MD5
56ae52e882ba63ecec19251999080811

SHA1
fd68617d7623d4aa83e24d2e2eab8807873b4957

SHA256
8b07631c585bb00051351d6de8379a2b9618d5f84f97438b0b1fd722d38179db

SHA512
4afdbc73ff8ea9e9fab66eb06536ad896c32349e1089367809384afb2b0dc33cdf1ecb278a145ab66c92862a4fe57711f84ff400cfda36c835f33276b91d493d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.akira

Filesize
1KB

MD5
39467d8d04f55f170555e08608467a4e

SHA1
d4dfd859d40364e2ba5b3af41dfca5d92a389bfa

SHA256
b5571ee457db854e782fda74d85f6065f5877a1766b9b548715056070db51ad4

SHA512
6970d523aedbef4536a354f31af6317c93366d25b783e0b43db345b132236601f0758ae37fdb4efaa85764257bea678121afff6f37fb25a1deb3eeee98ee7692

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons.png.akira

Filesize
8KB

MD5
1eca42d00c973d348014d8eb61754445

SHA1
7985892c6d2cdbf27d005f9f201a687378a0b82f

SHA256
a2d56ec75e830b0162010f3d2a2526cec2fc87b22aa12a2606ed386532293044

SHA512
70e280236e1e6c8bc6e42c98d8e4ce727a315d8314b9dd819acef087e6f8f4f6d96abd81439aca32c2ba95a23a7cf8c728a5da0d6fd8d493d36abb26034958e9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif.akira

Filesize
8KB

MD5
06a1b003bf9fa8af5139c5b87f1f1843

SHA1
f0ca3710b3de1b47e6438b94e543433f97dd066a

SHA256
bde4239dbba7041304a261b6b73ede8e0b9f6c7b6b93eec871f61d80ddcc55af

SHA512
251a82a03e26e34809635882d6bfbc6b08cbd536c34d39999749a20b3f2eb8230d997d58697980581c3ebf9619408dae53be5fbba4aa1222e3e82bee04282265

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_retina.png.akira

Filesize
15KB

MD5
a90c228de09f6abf290f7f2d17ac49e3

SHA1
015d44925d5d0b1aa642b595524f3dc182910c28

SHA256
11fdb7f9351054e716133abf323aeb67dd5a2ed3ba63cefa39829375955ce5be

SHA512
c459e5e2591eeef091bc4447033331ff96acd91bf8d1fa86b5e75c6c284d17c2f55a367ddde3f092efe6fedae9cd86e837fccf9fde72633cc771d149ac168309

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons.png.akira

Filesize
8KB

MD5
363441364c0c19f4fc574ec3f72f18c6

SHA1
2c9f4ef56d354251d028fa43b83628b2879ff09f

SHA256
0576933847df4b6bcf9682888ad2b17ea72e0897bda83c062377dc0158108aa5

SHA512
4a0ec5a704a20ea2b92c9883120ed89d9cb3a0eb5b46f4c58b00d3f6e8ffac0dbebe18d7a954fd854aa492743ddfa06e2dd8f9dc023addbc632f448cae621375

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png.akira

Filesize
17KB

MD5
2ee0e20521f35c69f5b9c51634c9ad9c

SHA1
c1366d4be59bac7e4b6177cdfa6900d386a6f037

SHA256
6c9fe4d4828423772814bcaf9051854061af08d4ca60fad0cf63db9bc04ae803

SHA512
782d743c3ef7c2ac9e4370f055dcd36ad6f8a78949186ee1c0d8b9751aae44b41b48ae2fe6fcb1ae7aa7b10a31f137f039a17fd1a2af5c6f77e66eaff3f88cc0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_pattern_RHP.png.akira

Filesize
713B

MD5
7f14b4b3fddd2ca93b5fa2e46172e2cf

SHA1
f5dba20acc74c239f5944422ebad9f9475a074ad

SHA256
fc376d3a9bb96049301dbb3992c31a0aae02b237a1c407ddcb810c8df061c0e9

SHA512
3962308c6c28fa06a8a124b2989aa1e892dda283b9dacd7dc063e929d6658c1fa38c5f905a56b2189c91227e1213c9c8386c6e1795d9da012d08603c88a73d7c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png.akira

Filesize
1KB

MD5
5c68178998194808dae66481d3086758

SHA1
8c81fad9a6e9a283214268921dff003425fe8a53

SHA256
40f9e86aad3bdc83ae23c1658fb87f2aae8a5564a957eb96ec44567068f351ae

SHA512
cc16205cc3093de77a89ae31c59260585a45004fafdaebff860c3f9fdf2ede8acebf42346942c4ef164109e078fde6c90ac30f3e6d845f39870214bf80fc5fc7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations.png.akira

Filesize
9KB

MD5
9f2ce5c316f27f3e584e4958d5ea4c09

SHA1
3f29c852192c4d7ab1676fe5932e68a10448eff2

SHA256
c39ee8489837d8edeefb90ecf959f844957461577888973524e8e3466a65373d

SHA512
cc7e7f94585dd40525ee01bbb72127e79587daf70dfeb269629a91d0a91ad8920a121b183e76aca465f2bec62c992e404507db374dbc2decd9977b54c09a3955

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png.akira

Filesize
19KB

MD5
b93556d19623956685b10e817beafca4

SHA1
bab127838f89fedfbd709f6cd11c5656cb4c452a

SHA256
b41624c881461efac8992964b4c8150a5db5ff2f78c24b70523cc5301217e765

SHA512
138ba0b3530f69f385469156f9712cb62aa2b813a1431dfbb136360c5f8d9200b80f599fa7b04282ed503931a557acf05adb0f37c1bfd1324406ab4d39556375

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.akira

Filesize
1KB

MD5
8ba404ed376036f3d96d1905f098d47c

SHA1
449a1b455aa5cc7f21f6078dc068e141a3f3075a

SHA256
f10954eb1b01c2569747752bb27a99884dd8b0b3a64d3c0d994cc6435a0f4c97

SHA512
8c7f05bee70a283986fb9ad26b11adcd4daed86ff8ceff5b2b6ccbe09abc12eeb8404852f6cb10830a79822d9623ef1083db837468b3d49fcff1149c0755445f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.akira

Filesize
1KB

MD5
7b80a5810b2c69394289693d35ddb2f1

SHA1
2197ea7df39dadcea7e15487ce17fca63a5d15f3

SHA256
b379a0a22f2ea45f24c074cc94b85dc194167b828c2e4e130b56d0608b74421e

SHA512
0721463fe618d60814763fba06fbd0e01a835dd1c921ac1d577986349f167f00c50393f61f709736c380459b77cd2995a143c1a45238a7b8fe83bad7be2086c5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.akira

Filesize
1KB

MD5
63db42bd8c4adfa238c6381621188fab

SHA1
936427de2a3822bd372b27983d3b85fdddcd359b

SHA256
b74d4ec2b76242aa01c39fbad5d1b09593f7a00cb7babcada4844ae43af1a473

SHA512
eecefd822278b7275139e5d833cf675c6d27e1bf5c0875127fffc5e64131c486464cc6d6d16f39e3b1e7896fc026d1980e70c2b3d09f397a2916a799e4e8ed97

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\css\main.css.akira

Filesize
1KB

MD5
de529a30a884ef7a5b645ce806b75dc5

SHA1
0a0870c3b7c961fab96cea8b3445c92d936bb563

SHA256
5e556be866ef4289e2370df3d0804b64be4241e94fdde89637ed2a99957480ca

SHA512
d478946fee3155b99bc00f2caf69bd2814d676839f9dc98800a31a66fd0c236e779552e8a2ddac26e19d6055c7e6804ce1af92476e195fd0ff44e44efef1bb76

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.akira

Filesize
3KB

MD5
b3a02833938fc89207206bef04b7a8a9

SHA1
f460c4a42116b1b3b2d85f232c1315551ece5a14

SHA256
32c0f14138524237bc4422fcd96a3ee42e64d4a777f57d207c2c224dffc89765

SHA512
7b5b4f03d35193904fdb76f751924666348b60d8cb5b0b3e780b91619fefe6c5bf249520fc4025ff8b33201f3ab2e43c9844e26db018863d00d8acd879793994

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.akira

Filesize
2KB

MD5
9be65cd13120f58075a994324999136f

SHA1
ca7a9d8701c220268ccf71b1a6cb8ff27e290666

SHA256
1b1813c2cb788eb229b215da20d4689876d39b4eb28e882a31bc78f52b535ed9

SHA512
fd5e9212465cf453048f95194d4dbb957c233d2a8cfbaec653ea966b82751a4691565dc892de909501917c5e31d4cdb792c317ed47c93394e3660d0babec36a6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.akira

Filesize
5KB

MD5
54aaf13fef02dd9bc838a1af170b99be

SHA1
63774f0c2456ff7721f797d04016bc103bec1f60

SHA256
1d4d05a848d9f24bfbd6bb1deacd3003da96640cf84e22f0787d46c6e402ae18

SHA512
fa66d6d482f0634a2b29b3ec779e54d0c94be255a82001e212a1b8c8adabcfcbbdff7d4d918d2a6914ff89bbac35377cb898a001a29f095934b8cffbfae2a617

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.akira

Filesize
823B

MD5
c149d9b788adf560ed54dc4216307fea

SHA1
41e509016dd7835651b01f92cd7a2ea94c3c41e3

SHA256
c7afdd1a8d1c423bf28462b3f5653c7b3ba49aa0e8251f5fa8e367b33d110637

SHA512
f5cc0f48653f63fd445a263d47489938133f3c6fc6c3fbd19f65720a50843f377ee2a4e317b2288c859d1952ccefbdf2906dd7de57cfcf543b74c00e8e77b27a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.akira

Filesize
919B

MD5
17fa77d2e628a8b36d358410e54b1fe1

SHA1
9ed7e9713dcdeb4fc8831691e567a2351e05d437

SHA256
4f0c829c6fd3985df591fa7f732b2533e7b70adb7c6ae6531d9ff9c177f878e5

SHA512
32e18c0c6ebb33432cf366054b98645d39f06faec95dc10e8307de7f8f48e13ab78d567a489771a5de8749d44e4a65ac73b91f2b8ef8189d8dcb70b00b098ec6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.akira

Filesize
1KB

MD5
1531503d1f078a8ccd9f1a8ee4d98033

SHA1
3babc0e4d30e614bba68d5fd7881158a5acf349b

SHA256
023dc5ba428d3bf8a0389cf595d5d52d7a9e06b5aef4f01c99235f10799e18e8

SHA512
37aa6c99dfa6d00c58aa8f029e0f65f9239f28505125a1789caf8685dbd336f9f91de8f9dcebc44061aa7bebcfc39f9ceb302dc2d1832ea763e9a27d49e961ae

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.akira

Filesize
1KB

MD5
9b7efafea739b84634e03e1d7b958336

SHA1
1de38ad0471b2b15009c2af85b6a66e16902f244

SHA256
6ea389f64ccf1f2d9d78b5ab03e79ae5b1470a18cccce8bcc0b8b80ca68af81a

SHA512
e6b17d1fdc0b4f1aef6c03e55287bcc54227628f3661b69fdaa0e604a27df9fa03fca30b2bc4b78ec16ab1e83f7e11d4d85a8b6e995df56af44ba5664c9b3283

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.akira

Filesize
3KB

MD5
c1676bb761f6a671f9e9246052e27a2a

SHA1
f097a0666ada843b86025af7cb5b1363b4e4a796

SHA256
f7a008ff2816617e27cf9439e24051066657a989631dca3d29de7ff1659319fd

SHA512
cbc7c61896b9923f366fa19a90e6b3926a91864634fd97ab4a22365916cc2879bab97424ebc3c4ddc68a92243d54fe67700c0a4b4a7874b20d8ba260eca54fac

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.akira

Filesize
1KB

MD5
87a08af9508212bb69231efb61fa8265

SHA1
008ff25275ae628b25cf5bb8bde36682aebe5b11

SHA256
be53c2556e5d92484b58acce6aa9cd5e6e958802fcff2c5182b540808f7851e9

SHA512
a71e9e89dccac014d4fbb19b08bea0bae698ddca3d07a669b604e8f224bdead9373566e74a6b5682a13ed6ade19beef06871a7559844e1a21693a62bc96fec1e

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.akira

Filesize
33KB

MD5
303c2bc6dc0651fe026d120f5bf8ea4d

SHA1
c231c089440b1c216cb17c6ba4b6f5a26df40f8d

SHA256
f9698f33d00856a037b5b0a880e40274f944a1d75551cedec6fcbfdc74800314

SHA512
e07c6bc4eccdeb66a4d5be36ac96c8f0ca944778eb9a2f4b01f04a65d2ddf94989dc7536aade48b5c85cd540eca3a76d2d45edcf88c4a33d1fb33a6b196048ff

Download Submit
C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_CopyNoDrop32x32.gif.akira

Filesize
687B

MD5
9982e679c567dced0679e9a899b001c7

SHA1
a65d66b1d4639af9da263a7ce3973d4830956c3f

SHA256
fd85bb44205197a1b8fbbab776da16aba383166ae68c66f57dec0310408c5384

SHA512
f70814b9548d9c6fc777b50f7e6fb18c6dadd36e429baf37887685d6882dcb0d3894d98627ea4817203970e68196c1c344c632561029cb854b29d4168a8bf331

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_K_COL.HXK.akira

Filesize
647B

MD5
9fc746bc4751ca91e873135d078110c9

SHA1
ab7fc174d846e8098dcbeca96c3c89a8d009711c

SHA256
aa9d9475389db769f683dd08954c1be9820120d8bf28e380893d870e796bb497

SHA512
5290b6019286eefc958ec9c23d023d714e51a4ac2bad16c98abe11dcf299739a124040d2b2bcefb002c9690bac65a5d0216811a60f48ddc9f885cc0c828abc97

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_F_COL.HXK.akira

Filesize
648B

MD5
adf09d3ab80c60a2339fa14d829e5026

SHA1
516ec88ce06ecc2bfd1ee807acaebf0fca7068cb

SHA256
1d4943947faecc763cb01d34207508b3b88c37d3a18dcc37308e7e819a475433

SHA512
6c27fee41bd224f74be501d84404a50735f1d4b946f4d7981de21bb81de5baf429446c72d0df4da0da0cd4fa17bd5c1488202e7380ffacc255acaabbfec2057a

Download Submit
C:\Program Files\VideoLAN\VLC\locale\es_MX\LC_MESSAGES\vlc.mo.akira

Filesize
609KB

MD5
9db1dffa31007ce140d4f427a0fba951

SHA1
b6c96c0fdc48e816dd38fe91ec235639df8e30ba

SHA256
12f1e1853168fabcc349cef3e4861f89669be2b4d8ce87590c3f4060737e67ad

SHA512
fbf1842f9387c7411a663deae0505b68741a811823cde9125b6b489edba696c66c3b3b7faf42476a4f5f489010cc5b78fc4f4332c5ee332384dcefe6ac3c2260

Download Submit
C:\Program Files\akira_readme.txt

Filesize
2KB

MD5
de49e2e3eeb866fc517949893ed74bed

SHA1
3b503e6776a34f026f77ba7fea719dec182575e6

SHA256
994010aaf2f723b06ace4f35eba28068160c38714fda8d62205b3b2e7b96b07e

SHA512
f4c59b0f90ff8f6e05106c47160c239da0b5598845316a5a8705bde5f47378596fead491db828f4ab35ec84f796a22907210b51729d4c023c7ace68dccc1f9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT.akira

Filesize
550B

MD5
a825c09a8b5f6a53239d6a06682bd7b9

SHA1
c1354857d09ca0a27be8e1034c22cefacd6e7f2d

SHA256
d3503c597783d0ada61a13ac573916263de5ad3a361cecc41e6509df93eb6ce4

SHA512
26187a82a3b0a546fac1b6bba51ad229eb2346fd43c993e66f38eeeaf680784499e32912ef9c23ac51830492dc280d8a7f76af31d6ee69069c8ae55e2812f722

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001.akira

Filesize
575B

MD5
90cda66775d02946c4b5eb1fe713a8c5

SHA1
ae3e2400446114eebd27fd6e6481be7869598828

SHA256
3e8c7aadc2e26ae9346c43e7a61c61b6e709d9f47bad64afdc9a9437186073ab

SHA512
0846bf9076b13517378f56ea0a1e667f2718f4a19b6acb89326137eebf82ce533c3372ce7a0f11c96a39c4f10b37ba95a086f60a138c12239c79a72fdb74c1a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_2.akira

Filesize
8KB

MD5
113ccabadf1a36a4fa014c22537ced50

SHA1
3f75641caf3b9fa122dc119ce2484fe4ddcc3723

SHA256
15df67d2d4f98906cddd9f69fd531ecf07b0d695ba89ffc030cb1fbc9ab1422f

SHA512
7e0fb8cf273db429439b0b214ebc0de8d1c97ec3d9f68bb4948f58fb323576c6fd6f2c12176b53fc1a572927f5f24c13378bfec4ad0fb250a79b31140f653533

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0.akira

Filesize
8KB

MD5
ef46c0f1db256ee2e3281b93acb363db

SHA1
0aedaf1f7a8fb35b836d076a4b3e4eb7edc2a963

SHA256
153a463cb1f5586e40214514085e769a58a32ec1d5a87cc5faaafbd30559843e

SHA512
8244d88216bfce7b20b5e0dc6d9d00b860bc10249b8c64164fad1e8a11dc70c8111995f5935ecc26109ec598752d737cc52d6affce5add476c5f426f5924f025

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1.akira

Filesize
264KB

MD5
cebf2fc0ceb1c259ff40d8c72954edda

SHA1
4f502ed696493df3ed74fcbf7423821d6553a0f8

SHA256
9a8afb7697db83beb02c52bfec764a0da91534c7e28e7eb47ba505a802432c06

SHA512
5ebaf94dce0a7e98451f91551256e2321376c7a4cb81b474776dea1856a1433850748b66ab2610b380bfc58b090dd17d5908e5d714b77ff2a3ae8a4bbf901379

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3.akira

Filesize
8KB

MD5
6c7357f3d06da697e6b84ec755dc8007

SHA1
144a11268864d6d22431d9dc406710ebbe6eaa0c

SHA256
c8e0249d12df034430f3e140553c5dc060dc319a40a4d7392b31f51416e04d49

SHA512
ff41f0aed8965c5ffcf90b68fd7861b68b08db9e123ba3080827aefeb1230c6cdfccb1fd9f6a20099b57cc71e6cce130e67012fdfe8b6b7f4447e6b3871b34df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
3KB

MD5
ed61b6970f464730007e449bb979a643

SHA1
885b4ee47b3966d651f15c53768b1c70829451ea

SHA256
5898b33481a3a70ef6811bc3cf759a7c49c3c51288cec30a07dde5c0f41899dd

SHA512
30b5a8be11c7bc3210fb9ae0a0e98a2586f2bef07d4eb4f902b9afabbb037635f004f72edbe28d0f218ad5a1940139b12ad3cae89d932dccd2a9e31196dd310d

Download Submit
C:\Users\Admin\AppData\Local\Packages\DesktopView_cw5n1h2txyewy\Settings\settings.dat.akira

Filesize
8KB

MD5
7d1ee38add1aef88229b1f8fb8dc9ecb

SHA1
4f478577a0187afeafbfb32577b8ce7b647a650f

SHA256
e71501c1e30757035de23d5e94674dffbb054431b78fc244ddff49b991bc12f8

SHA512
13ad715cdd0f553640f8ea45b8fc361a421d2865bc145638e7fc7cdb18a24d915ab8b7ae7318ced8279beef9deff236235829fac6dca92b889a455f56ef6e07b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edbres00002.jrs.akira

Filesize
512KB

MD5
70fba81cff9ed75a6f646ad579a8132e

SHA1
3268c4da45d132e6f3326aee775af4ae15e8ad23

SHA256
b629318b28f6fe11c4bd2973a1fbdd7411d08be3e9d36eefcdd190249e152504

SHA512
8886d5453801af1f9ea796295d104dd56bd080bb59e86af00ced8762d0e3b7f55de87242a4dbe12fededc1502e8e8a7fbc97d8534f50d6f97b439c06642454b8

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{f9239a44-9c4f-45f9-b520-0e38464e9918}\0.1.filtertrie.intermediate.txt.akira

Filesize
539B

MD5
571b08cf8419986df2a1369a8ca2c1cf

SHA1
b5d4849be9ad11680c7debf0f8929905d1b33ca0

SHA256
73432bddf8f20b9c73a48d9cf3d77480cf35550a9673ba484614106ca7ada15b

SHA512
b53f4801f5b417bd83439afa0324721e534a5a978d1aec0490d234b3c7763bebfca43d6e166cfd5e4f77d59d1fde04d663b7f14a196934310b934233b3dac845

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{f9239a44-9c4f-45f9-b520-0e38464e9918}\0.2.filtertrie.intermediate.txt.akira

Filesize
539B

MD5
a5f41d107431ce53d3baf0e4eeb3b630

SHA1
d54762539115b23713fcab14cf68fba7d520c50d

SHA256
3535dda13c2ab787e20eedaab9ee7066d2474b8502a070a31413384a3d4e12ce

SHA512
d5ab118965b84a43b048c68da7b0507650f27731cfa700fe72128002c4b75199da52d3f9abf3353b2a558ad415b62c228bd639f66fd67bc54a1324be82225791

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{f9239a44-9c4f-45f9-b520-0e38464e9918}\Apps.index.akira

Filesize
101KB

MD5
830d939592b5d1137279e76d40a0b024

SHA1
58c1d9d6c23c452def54b563e1d6fbf7067748e4

SHA256
14635d22bc3a5ce4a8052dca06656d58439a1a9bd9e9f748b9023b385892e7f2

SHA512
9e4749632876f00c952bdd921c954372a72afb89a0832c048b514549e108f76200795abca86544009d14bc1d8ec4912aae3712440b15c3aeeb7af4178a15c73f

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ozakrzzj.z3q.ps1

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite.akira

Filesize
48KB

MD5
9467e98bd9f101df50dd9b2d6abd1330

SHA1
e688bbda7f756427ee8549e3d08eac73b0462666

SHA256
6c364e39f5c4abc1d80b08e20a12c90b7cebc9deb83d8e87b47d7e30fb33fe9f

SHA512
d9b63b2fb048e0697d8fa7542d80b1fefe45044d625fb80a729b87d416296e1d00c7e72a871a91ea8f75f044c8cbbc3295bbb9d7db8fdd9383338a3f36551001

Download Submit
memory/2232-6-0x00007FFCAE010000-0x00007FFCAE9FC000-memory.dmp

Filesize
9.9MB

Download
memory/2232-9-0x000001B54AC90000-0x000001B54ACA0000-memory.dmp

Filesize
64KB

Download
memory/2232-30-0x00007FFCAE010000-0x00007FFCAE9FC000-memory.dmp

Filesize
9.9MB

Download
memory/2232-26-0x000001B54AC90000-0x000001B54ACA0000-memory.dmp

Filesize
64KB

Download
memory/2232-10-0x000001B54AF20000-0x000001B54AF96000-memory.dmp

Filesize
472KB

Download
memory/2232-7-0x000001B54AC90000-0x000001B54ACA0000-memory.dmp

Filesize
64KB

Download
memory/2232-4-0x000001B54AC20000-0x000001B54AC42000-memory.dmp

Filesize
136KB

Download