akira | ea5d904dbb4d9106dd9f1047e657feb93caf8f7f570d848537d5305320745c12

Analysis

max time kernel
39s
max time network
48s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25-06-2024 15:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
Size

573KB
MD5

503f112e243519a1b9e0344499561908
SHA1

8d635ca131d8aa20971744dcb30a9e2e1f8cd1be
SHA256

1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc
SHA512

71da9efbc24bf3428f7efd08f47e6dc698cdae769a918800de72ab4945fb79c2f5b92d21a839d9e13e700b3cfd6ae365073c32a6f368e43830c6ccba3322d00e
SSDEEP

12288:BV0qnXKTH2P6rxTcQpXDHgswvodgnAdA:BV0EMm6rxTcQjos

Score

10^/10

akira execution ransomware ransowmware spyware stealer

Malware Config

Extracted

Path

C:\Program Files\akira_readme.txt

Family

akira

Ransom Note

Hi friends, Whatever who you are and what your title is if you're reading this it means the internal infrastructure of your company is fully or partially dead, all your backups - virtual, physical - everything that we managed to reach - are completely removed. Moreover, we have taken a great amount of your corporate data prior to encryption. Well, for now let's keep all the tears and resentment to ourselves and try to build a constructive dialogue. We're fully aware of what damage we caused by locking your internal sources. At the moment, you have to know: 1. Dealing with us you will save A LOT due to we are not interested in ruining your financially. We will study in depth your finance, bank & income statements, your savings, investments etc. and present our reasonable demand to you. If you have an active cyber insurance, let us know and we will guide you how to properly use it. Also, dragging out the negotiation process will lead to failing of a deal. 2. Paying us you save your TIME, MONEY, EFFORTS and be back on track within 24 hours approximately. Our decryptor works properly on any files or systems, so you will be able to check it by requesting a test decryption service from the beginning of our conversation. If you decide to recover on your own, keep in mind that you can permanently lose access to some files or accidently corrupt them - in this case we won't be able to help. 3. The security report or the exclusive first-hand information that you will receive upon reaching an agreement is of a great value, since NO full audit of your network will show you the vulnerabilities that we've managed to detect and used in order to get into, identify backup solutions and upload your data. 4. As for your data, if we fail to agree, we will try to sell personal information/trade secrets/databases/source codes - generally speaking, everything that has a value on the darkmarket - to multiple threat actors at ones. Then all of this will be published in our blog - https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion. 5. We're more than negotiable and will definitely find the way to settle this quickly and reach an agreement which will satisfy both of us. If you're indeed interested in our assistance and the services we provide you can reach out to us following simple instructions: 1. Install TOR Browser to get access to our chat room - https://www.torproject.org/download/. 2. Paste this link - https://akiralkzxzq2dsrzsrvbr2xgbbu2wgsmxryd4csgfameg52n7efvr2id.onion. 3. Use this code - 8207-KO-BXVB-HKJB - to log into our chat. Keep in mind that the faster you will get in touch, the less damage we cause.

URLs

https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion

https://akiralkzxzq2dsrzsrvbr2xgbbu2wgsmxryd4csgfameg52n7efvr2id.onion

Signatures

Akira
Akira is a ransomware first seen in March 2023 and targets several industries, including education, finance, real estate, manufacturing, and consulting.
ransomware akira
Process spawned unexpected child process 1 IoCs
This typically indicates the parent process was compromised via an exploit or macro.

Processes:

powershell.exe

description pid pid_target process target process

Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 2624 380 powershell.exe
Renames multiple (7603) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs
Run Powershell command to delete shadowcopy.
execution ransowmware

PowerShell
T1059.001

Processes:

powershell.exe

pid process

2624 powershell.exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

description	pid	pid_target	process	target process
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	2624	380	powershell.exe

pid	process
2624	powershell.exe

Drops desktop.ini file(s) 4 IoCs

Processes:

1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\desktop.ini	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Users\Admin\3D Objects\desktop.ini	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\desktop.ini	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe

Drops file in Program Files directory 64 IoCs

Processes:

1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe

description	ioc	process
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ppd.xrm-ms	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\akira_readme.txt	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\XLICONS.EXE	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorLargeTile.contrast-black_scale-200.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libffi.md	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\akira_readme.txt	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\ThreeWayBlendPage.xbf	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\akira_readme.txt	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\akira_readme.txt	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\sk-sk\ui-strings.js	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\akira_readme.txt	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\LTR\akira_readme.txt	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\plugins\rhp\exportpdfupsell-app-selector.js	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\akira_readme.txt	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fi-FI\akira_readme.txt	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\akira_readme.txt	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\css\main.css	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-72_altform-lightunplated.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNewNoteMedTile.scale-125.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\FlagToastQuickAction.scale-80.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-30_altform-unplated.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\LargeLogo.scale-200_contrast-black.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AlarmsLargeTile.contrast-black_scale-125.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\50.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Voices\en-IN\en-IN_female_TTS\skin_en-IN_female_TTS.lua	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\StoreMedTile.scale-200.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account-select\js\plugin.js	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\akira_readme.txt	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File created	C:\Program Files\VideoLAN\VLC\locale\es\akira_readme.txt	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GetStartedAppList.scale-200_contrast-black.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-80_altform-fullcolor.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-white_targetsize-96_altform-unplated.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-40.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\playlist\bbc_co_uk.luac	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square44x44\PaintAppList.targetsize-256.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\PackageManagement.psd1	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarSmallTile.scale-400.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\share.svg	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File created	C:\Program Files (x86)\Windows Photo Viewer\es-ES\akira_readme.txt	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-ul-phn.xrm-ms	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-30_altform-unplated.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Work\contrast-black\akira_readme.txt	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\XboxNano.winmd	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-64_altform-unplated_contrast-black.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-64_contrast-white.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\node_modules\reactxp-experimental-navigation\akira_readme.txt	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\VariableFrameRateVideoPlayer.xbf	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-black\MedTile.scale-100.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-60_altform-fullcolor.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-white\WideTile.scale-200.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File created	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\akira_readme.txt	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\de\akira_readme.txt	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\akira_readme.txt	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLUECALM\BLUECALM.ELM	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\xaml\onenote\CaptureImageControl.xaml	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-32_altform-lightunplated.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\chrome-ext-2x.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\AppxSignature.p7x	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl\Assets\OfflinePages\Scripts\akira_readme.txt	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\ShareLogo_15px.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\StoreSmallTile.scale-100.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Wide310x150Logo.scale-125.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe

Suspicious behavior: EnumeratesProcesses 41 IoCs

Processes:

1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exepowershell.exe

pid	process
744	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
744	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
2624	powershell.exe
2624	powershell.exe
744	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
744	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
744	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
744	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
744	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
744	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
744	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
744	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
744	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
744	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
744	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
744	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
744	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
744	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
744	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
744	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
744	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
744	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
744	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
744	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
744	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
744	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
744	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
744	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
744	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
744	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
744	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
744	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
744	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
744	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
744	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
744	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
744	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
744	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
744	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
744	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
744	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

powershell.exevssvc.exe

description	pid	process
Token: SeDebugPrivilege	2624	powershell.exe
Token: SeBackupPrivilege	3792	vssvc.exe
Token: SeRestorePrivilege	3792	vssvc.exe
Token: SeAuditPrivilege	3792	vssvc.exe

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
"C:\Users\Admin\AppData\Local\Temp\1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
PID:744

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -Command "Get-WmiObject Win32_Shadowcopy | Remove-WmiObject"
1⤵
- Process spawned unexpected child process
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2624

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3792

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.akira

Filesize
1KB

MD5
e70b08c3eb71a695d8b38800c86cf907

SHA1
02c0f99ef321cb0ba7d2bb31e3d743179df34616

SHA256
ea084da0f4c1207c6ca8913baa4b9da81fb4853c1f99afbdca9bd9e13ae64e3e

SHA512
c91d7ddd788a1da8e8c789f46878e0cc8a51f5b6ff1fc9f60a4b075a7a9f9d553d02c39a92c1be053b5332554e687efcd7e2c77eb3df95b9be64db15c12c0f02

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons.png.akira

Filesize
1KB

MD5
4b81474ce5aff5aa5109b4107fc2e682

SHA1
f6402d1ee716b759a30296684b3f2c0b49034888

SHA256
1e38b12d38d0a3d5b38b3318cf1362f5bf5678aa197a2b2725747ac8483caa20

SHA512
2c923a43a306235a8f69085bd347e094f4466b2f5aa8d47348a5a25cc3c7a220d3ed6f4bb3c6fc63f4c254f9a58fe40098355c4f072fde4c2fb489023714945c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png.akira

Filesize
1KB

MD5
cb1bdc367177cc4bbfd306db01a3d45a

SHA1
388efc4bfc972c8ad23b542e76a1262ab8652bca

SHA256
fe46fe9ec875f60c78aa2ca9e3244c78b6b693f60f8a633d6103b6025bf585a2

SHA512
a9f82df4ff041347afbbf612d5cfbc3133390a8fe8a0bb34b01001d09695283d5f4d48e4dff20f81391c68c796f848f2838ecb2b6f36295094ba6f29d701d786

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.akira

Filesize
979B

MD5
1907fa171253a253226a8204af4eb6f5

SHA1
10d2e7ebc57a09257332c9c938426b1d96ce88a3

SHA256
19ece4e06a59c92648f14801b188383e1872aa048b4b460df9ecd9d0bc0f850b

SHA512
2c8d4b988266aa0b2e86c999692ddf1fdfd9512fda2374e98c7bac98efb0258e970f41fc69db7f07956a4d41b9357fb4ca961fbdeca716355f5a5cdbe4b06d8a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.akira

Filesize
1KB

MD5
d79999f69f580a9a0a574765bbffb96d

SHA1
9c6038eb38753c79189371a4484b70ca8ca7b8ee

SHA256
f2d5b33fa83f66e575d5dc1256126920aa40d2dba5b05ced4b099d86ac41d8ee

SHA512
4c243bc643f568ba487a97802e5c7dc38e58ed6f41fc96ff809dad7aa577b021ed045b9dd01951e4901100edff9dead3cbe8b3234a8ebaa26de131c1e4b7bf99

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.akira

Filesize
922B

MD5
ea06d93929b82c7cddf81b61a6a1799b

SHA1
b5c6eead34043b57245e240e62d9565f1ba546c9

SHA256
5af70735380861bc3fb58c683519c170f8e53eb352e89977a01ff3c2865bcdd9

SHA512
7f8b8cf0d5650734ad9d5e254d3c2d2991854b9409d11757aae3ad98859b85183086a1e7b79373429b52ee4142d7df40b0af9943a18f4576419693fbd66aa929

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.akira

Filesize
1KB

MD5
879b2c0a9225e8e3148560a22625176b

SHA1
98b7c5a5d661d6736697be2545e49cac3a2ef6da

SHA256
373ba5506eae3113f5627d1a3bc5ef1b8d68c0ee21c8cf622cd3fb230cec5b33

SHA512
6e5cf9c358d8440c88ec02a095a1c4a1b8a5d1383a79ad00b1a83894c638c39f00f69f1895aada07ecb3971f0c59fb179ef717a419bf0a24810fab0cc584b4b4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.akira

Filesize
922B

MD5
58a7d73517d6ffebfeacbd4598d84641

SHA1
2e3b05daa93f7b2def7635f54e846c6c15999f66

SHA256
0c7862a05b3a3eeaf0aad5bc29a2edb3b8fbc21ee931654a0c0df5997ebcd68d

SHA512
f38328a8febeeec67a2355b7363edd99ca77ba2522d161e965c69a271e8fbb189b3101a9acefd78b934293aba483fd3798a78edd3c9c051887154e103cc56137

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.akira

Filesize
1KB

MD5
e1c7c852b2d27a83e108e8eda1ff6e50

SHA1
81c8764010a0a5243d00f86f47d7b1b01d0221c7

SHA256
1686fe4e22aae9b0edfb360a4ed9936ac87fc7d94aeaac3e67023f90580d3eb6

SHA512
753c5b9f85a17fbd99bd5b3f5f588efefc7ddd42f086c453c8c896275699d9ca444299f64a617226dc6b20a1a02ef2ca4acbc445b5c058e27a1b215af6412e86

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.akira

Filesize
922B

MD5
3e1ef2b743f68c4cbc8b65f888390485

SHA1
a1eb1e39ac6599db069dc12bb82dc4adea0f5549

SHA256
174ddd9a435eff28b805a887b79ca556a18012c573d9c08e3e8ae9be2d936587

SHA512
0a9b634906ad9bc1e29cdbe3a1378050692acc633e4951856846f3ea081813ad42fc86f0e0ac5c77f6088810fee8b08706ca32d9e3dbf667282bdb7d2ed536ba

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.akira

Filesize
1KB

MD5
f33bcbf0855329921a30c0d1988e3ab8

SHA1
2e29ab5678ea14e6056a2498116a14b67c4fdddc

SHA256
8117ffef8b6a96c0b109f21b95d093afed245c657eb796703e0f000902a704ee

SHA512
a933dfd7035fd6d7c3c964fd15c3f8162fba167d469ebcd9fd4cdf82f1dae648a78bcf7510153cd357f6258f46cfd1daedce18539046b8260eb3485323860296

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons.png.akira

Filesize
8KB

MD5
c3e0b54cc18c09ad531f02fff5518a39

SHA1
68fa89c2d165d7df1cd7ae3629c9adf2dfac7396

SHA256
26288fc6011d80cd923400aa41687cad3509d126e0f7dc863ffe89a2b2daa515

SHA512
21721605afbc88f5fdd5d3e4144ea8a5b96b4d9d0dc646a8f64b1496b326f822b8b2339eeac4d0921527b7a41b808ba7fa68d29940a347837b421ba27c3e5649

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif.akira

Filesize
8KB

MD5
9c8bc91a1b47e5de5866f502dbef2cc0

SHA1
641bb638fc6d26ae7136e0d8e7487eade67b57fc

SHA256
88837074b3a8b80f0b60eaed351c64618fb42b759f59b740c76ccb0c9ec44651

SHA512
04e436fdcd8918f36c48462d54d941ef2359d0a2a9f0db7a1ae9e86698e978005be6b74d5255709bbf2b56dda8c4905ca601accf58daa51e55ee47f81e908cd5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_retina.png.akira

Filesize
15KB

MD5
3c6b9e26f31a4589339914345f19c71f

SHA1
a0154db83532f48fa5ecacab5c5645f7270661b8

SHA256
fc2a72ab88058c891f0d4e598552be4bc8782be86488b4ec8ca5b16e19457636

SHA512
3a9c425a829dd4b3d884b72166c9e405701c4d8b9c7f70bf04870687ebdcdec2dbbbcf205d1aadda7ab75470c6e3f21df121aee22bea1d47cbdeba76291a82df

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons.png.akira

Filesize
8KB

MD5
bb01b27ba7e01c209162884f03e06c86

SHA1
155697d1a9121581f7183bb22960f7daae647fb9

SHA256
89831bd99e3feafdee86e95b041be593a089044bb45acd061ee8400c214f9cdf

SHA512
974a1ecc1e557f151259287c54b7eb5b1aa0031a307050f32b68a9e63bd33eb864583d05b23d4d5ced269c9f5cf7cd7591123f0671c12ef430c4bc1ee05daaea

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png.akira

Filesize
17KB

MD5
5fb2dfa13cc77f18d311b6f0f7fc4a5b

SHA1
eda99887eef914a117cf5817cd1a00b2225270cc

SHA256
9b4d9ec406ffe71c663c3d143bc0b4ca5a208a81e64651b458c9b343dd7145e3

SHA512
d169f9ff11b87a7e3bcad5b95f8f953f3d52d04ef1f60ad8cd079cafac9b99d9482baf4c870e6ffbf85bf699f84cd48d22f2663686736f4514ddca857422ddca

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_pattern_RHP.png.akira

Filesize
713B

MD5
dae2ad2da41796b5e85f48b1828356ce

SHA1
047de06b4d97be09f15366a5d823caa954be7e64

SHA256
05bd7902bf0e50ef513b933f506fee76cebf5ecd726fce60b2aebfd23341d1e3

SHA512
c6d4666ffce0acf8410f627ab398c5d5006dd4d635ffab36fdf07a4d06a1c600a7c1d6bcd0725b437f20ab5518e7bec256d316cd3c44661cebb810d1ca37dc8a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png.akira

Filesize
1KB

MD5
2df02cc28d45bbbad9a6eac61aa478ce

SHA1
cd76aa7de00e82945b2c51e2b9a91bb15a8c5ce3

SHA256
1c1492e18b52a4cefe4cdfb1c530ce3ac546a735f8e2e10c338fb9c581b9152d

SHA512
7ecdba9e11b5bff3ed8f28ea518f5758b83d5dd3c404651af1fea14ce00ae9a20be510fdf408828d6025788e75c1fb8691ab61a390abf78cbf7d6fe467ed1783

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations.png.akira

Filesize
9KB

MD5
7a26af726ff8683a22d141aacae1e3a9

SHA1
18baffbeea2bd17e5ad52721e875bff3d76e6c1e

SHA256
8f33feb573c7bd7608eb1e78f1548523c056eeccb7249c78b72f0697e2c6b21c

SHA512
72fc56903c33c9258c5e41a448db754ca90cead315100d4af6c1b70fccc6da8ea94331c1444167c1dc931ee1d134e23a89a559ead928266611cbd580c3793b0f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png.akira

Filesize
19KB

MD5
60ea6b485abf2751c85149b35f03091f

SHA1
a8d025c5d78ef32f541e191f120aeba2c3d5072c

SHA256
6545b7e94abcdb5dddb8ea3f158739b53328b7edc395be7349d9c1016ccfe1a1

SHA512
027aea7ec2a4eee95fe6702bf2a58e95ac8a2d39cb7a42321240387cbbff419c37797de99c13ced7c93bf010a4494b6f69596708604d944bab364c4d25cc2e30

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.akira

Filesize
1KB

MD5
b54f13b485759165da9e503e1d2e09da

SHA1
3e6d640c2e5bec15101174964567d6cefc5fa84c

SHA256
befb8a13dd5375c8b554aadf7c32d1e019cd763182eba3150e5cf5d07fdb09a1

SHA512
6effec55cb15156c739b769e2a8a1d915d0b8169ed4dbae0f703548d682d39fa184b7164928e6864c21696dd01b80426c08a60f4e81e2832dbcfb9acce49535e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.akira

Filesize
1KB

MD5
5b48afb100529904699664141198c170

SHA1
7482d78708c955efb30b383827876f6f088af991

SHA256
d4dbca0d7b172884db7798c86a943095d0200983b0f2056bf3d0764399a9d32f

SHA512
572e7e44a7cee87cf5ef2b7d365b03d6db733d77fc3e6deaa7e328e296f060c4506330dbcf5746f0cd62026007ac936e5c663cfc3ee77745e42fe78510def8a6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.akira

Filesize
1KB

MD5
3cd1d9cf221e00f72b9b5e2aa2221f2d

SHA1
bd3612f64d9cd6106f28a69c0a2ca3a7fab80b36

SHA256
cc1004b5e8fd5d126aebe1026cba9fe7ee31d6b9252af0399aedb2982b2e96f0

SHA512
9b9539d475844793f54ca6347f9dd507ff3fdb46fc792fc6feebaa3dbd1824d247f942b3485d84a903f3d662cac9447a35942d153a917c0962f0eea13ad27d87

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\css\main.css.akira

Filesize
1KB

MD5
451a6406d93f7913cea47125a0abe0f9

SHA1
77effad90ef1e6946393c9c90a863c912c29a934

SHA256
4baa3edf5fb5595d1b785a215a3a1a7a343d44c3fcd08003a4fd0b69be46ef14

SHA512
38fb7fc940dae2b61d93ea5e7bcd96a7a85824eaaa3a5946fc2280ed5d032da7077ea9e5e3dba86b684007c7b6dc92bd2334e46fe20ec84b80878c9460b16cb6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.akira

Filesize
3KB

MD5
b023a05e06f691548f6577f7c87538f4

SHA1
72c32101312c234365c0e9530aa6f7704fa4aa71

SHA256
5b9dfcd179318795850e29a051c7ca7b2c7ecea75cde04453af01942cd5509cf

SHA512
fce7fa721ec7e4b014542b53b74df3eae6d2f88bc3cbbee87895b82cb5081259bd5a9dd7669a7e7791cc56777e4e7f851ad4df9dba2a33ea774b4d26a18e3a8b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.akira

Filesize
2KB

MD5
7932b9a305c2a5282176ce46da58542c

SHA1
5cde7951befa7ca66da5fd3e338469900cdae3a6

SHA256
760b5bc78782c071d11337c317f97207d4a7fbea1071e882245b068029567e62

SHA512
601f43be740eccdc1e86e04a3b9c916cafe6da863bf78b01cc3dd1c2b96738019fcbf1d81619a98ddad61896e5e1e2fed12e79c4c04dbee8643db6058e0eeb58

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.akira

Filesize
5KB

MD5
f4bc5e69e42b36d5a59e093c4fd9ddaf

SHA1
955b8dcb9179ca494d208e35066087dc1c044e3a

SHA256
c4ee9c4587ffaa0c45650bdc5ed901f681bc4f3d1fb42019511d40862a44efdd

SHA512
520da3199b593156a4c975b1dc406f533949083cbe2639c1610b8a0271a455fd51dc60eb3841a462eec39ea7e4d9a668fb00fde8a681cc0acc0a449e260d2ef4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.akira

Filesize
823B

MD5
5efa1bbcce6f73376c4852afe0c7d03e

SHA1
83f55a989e6d892d2258440ae2c2d4bc7b1503de

SHA256
2858e4c1e3bfaf99bfa26380a4a0b6981bed64da2389de31c729c196b91ae983

SHA512
b734f6f98d458ae286973378e605d84b6755e2d2c2a19730c5b83f5b9fe0e4d16d999e1be442a55f03e4c21891b7f9a655c7d85791e3321893fe6f827fab431f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.akira

Filesize
919B

MD5
787be48c8810439a24e3d544321db45a

SHA1
c7a91986d4c8373c641cad3e3082418f1d8481b7

SHA256
7d1a960c2315f8ff13994e44b89f943bf529b56362caacf1ae680bbdf982e852

SHA512
037d04bfe9e230638f75c2d9cb8672a756a1b2e514c163c32505895b18fb3958736a6f1ea0ce2cb0ad84d786fc5d05d79e5bb4ae96c296e9fa0669e36b7e1632

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.akira

Filesize
1KB

MD5
f6fb375fd615746e78da8f4188c58459

SHA1
88306c3a63745db12ba0c95292c6a6d5d7b10cac

SHA256
5700abaec1ba37b14055b435d56348a05dc325a75218e2f5082341e90d28c5bf

SHA512
7bb7fda79db9e847b39bd1027e9c7de2c466137b92b2f3e1e398d5f345466c3b7435a66ea96f72420dbbb0f7059dc9fb659d7b8c8432447a808a1a367dd66550

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.akira

Filesize
1KB

MD5
0e46dc2147a26089ab9195eb6bd1c638

SHA1
e4bcc1087ea5cb8faeb9fe988618c281eeff5273

SHA256
b3701c49e680d94351c029e507b51b34359c4701f9d62fc303241e1df287a89e

SHA512
59135425a82d77265f2e252dd2c4c8ecb105b15e8c09af34b2f32b7b2f44c401c8dbaf0866465d8832d938bb02b091044586e9e4db819a6c038bf3f0e27e2d74

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.akira

Filesize
3KB

MD5
9f46896a3824cebf3ca17c48fcc3446c

SHA1
f8eebab9dc3c2715664efab5bdb3667786363358

SHA256
d28b37018659710e5752499ae4ffdac6540a8bf5e4761732a5e3870151cd4728

SHA512
76ee25e12a0289a558fb1ab3b288f869d44e164952a2d72991313c3269fba722f09a0357df28049a00562f998e2d26df30db2e679d54d7c755166de3d9d86cf7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.akira

Filesize
1KB

MD5
6aeb1444f0128118e3bfc2e2c570b6e3

SHA1
26d965106a534d20b873bc23e55369e7a499ccc0

SHA256
5ef3fc6e31ce5ad5b89c93efe4716f0c13070a928a25201aaac84b4f4ee6be86

SHA512
8fc1f599150c162b07ed7aa1eef01ef9ef0d0aeed42d938b74fb762c5f14ed928c017d4fc90d5ed434e422b063ff42e8ba33d1191ce04002924357508ad00b21

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.akira

Filesize
33KB

MD5
395e5eec8b6d924ab31ddc82ce4c8501

SHA1
1f6ec2063a6484af315529ee1bd46e8aeef86d87

SHA256
940c5e638f9711b26f953e587c37ccc55895c44f7c1b23af75d1c0f4a4ad207a

SHA512
1ac8d4d56ae8b8f6ee7f18714319576194abd1a5a8e8c65bf3258224baaeff3de98eeccbbb8a92b338caea4adfd51ccb32a1db7d055d6d836c1632669ee268b6

Download Submit
C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_LinkNoDrop32x32.gif.akira

Filesize
687B

MD5
eb4a83ec67da0b798fb13c20bf1424bd

SHA1
6f9a17e5b80f835a98dd319782e4d3d2d711cc3a

SHA256
0db1e95fbbde8c4c2959bbd397be5f9de3a5f215c978f2b902963c0489c06a49

SHA512
1b75d5db06e28a1813955764a3c73b968f80b524d557b48934859913e05d379efb7099218a8b38ed4eb2ce977101d16ce0f9bcd3b2eb4bb6d6f4bc53b60aae83

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_F_COL.HXK.akira

Filesize
648B

MD5
65a1a2de816265e67103947dd9492bae

SHA1
fb613b894eb8b0440031bc323b7b284fe0b12f20

SHA256
017d195169505978981ffb9e30b9a75c481cbd6806c15040f1c1f4cbe71ca539

SHA512
04ed17d18b11730833e36ec534c27a86b952ca6b622a74f139c420df389511989aa65f7a70768c777aa74854ef20598bf0e46e53a733caacf6bd51a8e2975b66

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_K_COL.HXK.akira

Filesize
647B

MD5
7631a51defd9217ac412ef56e8ec37c3

SHA1
3849e2c48edde3cf682e607f8c1157e19f304e11

SHA256
2aef366829cf790c028285f12908e006c066f8589d7453963df0eb4ad1daff23

SHA512
7f98caee2d8d91e5115ba89f7971336340932cb153279ab2ac1ca379f58285202a3ee009148157989c05616b37245cedda1b7ed6804ee74485236bb66764bf76

Download Submit
C:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\vlc.mo.akira

Filesize
607KB

MD5
119c0e03f07b8d65b08b4bc37615e2a3

SHA1
077ff8f334e964087857756d988bd53d7d6b17d5

SHA256
d405d5e45f8aa6bf70d1d979219fb37092e9ae302e97a73eba0b6ec6412e965a

SHA512
2a03ba8bf6390ba999cdadfc5aaf7cdc1fbd48f2c9874952d6b3845126a174ffda39cd06b922a130c6f27e5fb426719d989785bd12bfbccf7f063e7fd612358a

Download Submit
C:\Program Files\akira_readme.txt

Filesize
2KB

MD5
de49e2e3eeb866fc517949893ed74bed

SHA1
3b503e6776a34f026f77ba7fea719dec182575e6

SHA256
994010aaf2f723b06ace4f35eba28068160c38714fda8d62205b3b2e7b96b07e

SHA512
f4c59b0f90ff8f6e05106c47160c239da0b5598845316a5a8705bde5f47378596fead491db828f4ab35ec84f796a22907210b51729d4c023c7ace68dccc1f9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\CURRENT.akira

Filesize
550B

MD5
1a3297c8b2985309afe238630e1e807e

SHA1
e4e7136672f4e4a0009bb18af79b65e5ea5f46ba

SHA256
be6bf66a657c2d74793c8210697319092ae4cdf0598ca4bd7fbf0d62ece8f973

SHA512
080409292cfbce2c1a6c0f0fb05b230fc4d5b303b3cd6de01429831a2e15976c3b59828b7e3c5b371ba4a20dfe1105e9f7232e157c257b47cb2e93d3f8588758

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\MANIFEST-000001.akira

Filesize
575B

MD5
494d7a4003af93b933a7d122ddd9541c

SHA1
6d97523fb6cff93faacd814e00b3fc93f879de31

SHA256
ef47c3b89bfaf83bc2bc9eec094a4fef2a3882aa4eef90b921d507ad6577ec46

SHA512
42a0e1f509de2347953a37ffa6782414c4451a08bc16681ec010dc17a74a23723d1cf2db21e23b30219aa690bbb1b2744ae85bd109cf9fac0c3023720f73976c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_2.akira

Filesize
8KB

MD5
14ff12223302320fe5f4b9fcd9c66dfb

SHA1
b2584fcb5f7c7f63f8fff73aea9ade47514b67a0

SHA256
6d830409c2da3b255453dea10e3e2c88709e0cd07361f569dbf9febde110fc9c

SHA512
6e28fb2ac3235f9df5e1a7a480345fe7e87950763465cbcf9044d6f053890cc13121e45573f9e8c68aa766a894d4e61ce04eddccd575fea316794c126747d0af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0.akira

Filesize
8KB

MD5
9fc94a721fb122257b83a1e6d196ecd0

SHA1
2303d88312184aaddf61237f056bd14548bce2db

SHA256
5b48ee47d8ddb2a7413c3ee1aadf0037ef5c3b86ada17acf7014a5400e78b183

SHA512
c544c63e93fa7ffb2652342c671304dbc585ce1eace89bce5809840cd75e93cac93f8bede982169614c0bd3065a967847983bfc2c403b6db5efc0daecb1f806a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1.akira

Filesize
264KB

MD5
92a489231d64148f59cf701fdd1c1ef5

SHA1
c597763065480372b5e13015e0e2e8343ccf3829

SHA256
b6886ac0c77b1f1ce6f525e562f0190047745a0d733accd4b4d60995e878373a

SHA512
6a17e08e4ce2a4fd711433b41abb6cb7c737fc736c88c300dde8653cbd68842b3cc3ffad8392d767b154c6c387eb56343452dcd3d3f979cf29ddf57220360cbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3.akira

Filesize
8KB

MD5
5c73b96803cca84b42b05b3460d56b85

SHA1
80eecfabaaad591380d3234707ab870635ddc0aa

SHA256
c5be93dba1082d3cb0a1ffe8ad96d3fe193c8748ce20199e2f9983026ca6f3b1

SHA512
38a33057b8942973361a2201a54b2a26d5a7751a17ad0fa0d4a15ae97578ced6ae9e02708eab602017c373c3baf9502be6db9363fd35213adc7a89a7d4437203

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
3KB

MD5
9803eeb97e80df6e2b38e98af5083558

SHA1
e52766057e24b673e16b66955cf021112369b8e6

SHA256
c5ab2134f9d4942c27901e6886f2bf79839682833daca7f696975796b6e210e8

SHA512
f08af1aacd018f4ac50b7e9be5f50edb847b82c19b3907c9658285832135c75d93140cc19c3259e748dec7a7b1c9c699195feb4aac563e8c1619a0ea2f48b291

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index.akira

Filesize
558B

MD5
1f5d31ffcd8df74d9a0f7320e25f0dcb

SHA1
04c5ef85b9cb4936fb575fd43079ad0755c02edf

SHA256
113295730350fe4bd2f1c8485e1725a8b3d14901ba6f625bcff5391b0c5ec06a

SHA512
495fa6849fda2ad1dcdaddb28ca3605c38badd1ae5ae3843ccf1fd70f210d4ff651b1ef68c714f2384c45a2f3bf6103f323b63717ab5a27788713362b6417dbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_rg1u3w2c.v15.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/2624-11-0x00007FFA4C3A0000-0x00007FFA4CE61000-memory.dmp

Filesize
10.8MB

Download
memory/2624-1-0x0000018CA8E20000-0x0000018CA8E42000-memory.dmp

Filesize
136KB

Download
memory/2624-0-0x00007FFA4C3A3000-0x00007FFA4C3A5000-memory.dmp

Filesize
8KB

Download
memory/2624-12-0x00007FFA4C3A0000-0x00007FFA4CE61000-memory.dmp

Filesize
10.8MB

Download
memory/2624-15-0x00007FFA4C3A0000-0x00007FFA4CE61000-memory.dmp

Filesize
10.8MB

Download