akira | ea5d904dbb4d9106dd9f1047e657feb93caf8f7f570d848537d5305320745c12

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 16:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
Size

573KB
MD5

503f112e243519a1b9e0344499561908
SHA1

8d635ca131d8aa20971744dcb30a9e2e1f8cd1be
SHA256

1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc
SHA512

71da9efbc24bf3428f7efd08f47e6dc698cdae769a918800de72ab4945fb79c2f5b92d21a839d9e13e700b3cfd6ae365073c32a6f368e43830c6ccba3322d00e
SSDEEP

12288:BV0qnXKTH2P6rxTcQpXDHgswvodgnAdA:BV0EMm6rxTcQjos

Score

10^/10

akira execution ransomware ransowmware spyware stealer

Malware Config

Extracted

Path

C:\Program Files\akira_readme.txt

Family

akira

Ransom Note

Hi friends, Whatever who you are and what your title is if you're reading this it means the internal infrastructure of your company is fully or partially dead, all your backups - virtual, physical - everything that we managed to reach - are completely removed. Moreover, we have taken a great amount of your corporate data prior to encryption. Well, for now let's keep all the tears and resentment to ourselves and try to build a constructive dialogue. We're fully aware of what damage we caused by locking your internal sources. At the moment, you have to know: 1. Dealing with us you will save A LOT due to we are not interested in ruining your financially. We will study in depth your finance, bank & income statements, your savings, investments etc. and present our reasonable demand to you. If you have an active cyber insurance, let us know and we will guide you how to properly use it. Also, dragging out the negotiation process will lead to failing of a deal. 2. Paying us you save your TIME, MONEY, EFFORTS and be back on track within 24 hours approximately. Our decryptor works properly on any files or systems, so you will be able to check it by requesting a test decryption service from the beginning of our conversation. If you decide to recover on your own, keep in mind that you can permanently lose access to some files or accidently corrupt them - in this case we won't be able to help. 3. The security report or the exclusive first-hand information that you will receive upon reaching an agreement is of a great value, since NO full audit of your network will show you the vulnerabilities that we've managed to detect and used in order to get into, identify backup solutions and upload your data. 4. As for your data, if we fail to agree, we will try to sell personal information/trade secrets/databases/source codes - generally speaking, everything that has a value on the darkmarket - to multiple threat actors at ones. Then all of this will be published in our blog - https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion. 5. We're more than negotiable and will definitely find the way to settle this quickly and reach an agreement which will satisfy both of us. If you're indeed interested in our assistance and the services we provide you can reach out to us following simple instructions: 1. Install TOR Browser to get access to our chat room - https://www.torproject.org/download/. 2. Paste this link - https://akiralkzxzq2dsrzsrvbr2xgbbu2wgsmxryd4csgfameg52n7efvr2id.onion. 3. Use this code - 8207-KO-BXVB-HKJB - to log into our chat. Keep in mind that the faster you will get in touch, the less damage we cause.

URLs

https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion

https://akiralkzxzq2dsrzsrvbr2xgbbu2wgsmxryd4csgfameg52n7efvr2id.onion

Signatures

Akira
Akira is a ransomware first seen in March 2023 and targets several industries, including education, finance, real estate, manufacturing, and consulting.
ransomware akira

Process spawned unexpected child process 1 IoCs

This typically indicates the parent process was compromised via an exploit or macro.

description	pid	pid_target	Process	procid_target
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	3104	380	powershell.exe	83

Renames multiple (7603) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Run Powershell command to delete shadowcopy.

execution ransowmware

PowerShell

T1059.001

pid	Process
3104	powershell.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops desktop.ini file(s) 4 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\desktop.ini	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files (x86)\desktop.ini	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Users\Admin\3D Objects\desktop.ini	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MEDIA\CHIMES.WAV	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_editpdf_18.svg	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Locales\uk.pak.DATA	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File created	C:\Program Files\Java\jre-1.8\lib\jfr\akira_readme.txt	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_COL.HXT	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\rsod\officemui.msi.16.en-us.boot.tree.dat	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\plugins.js	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-64_contrast-black.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\zh-cn\ui-strings.js	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GetStartedAppList.scale-200.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-72_altform-fullcolor.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-64_altform-unplated.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\StoreBadgeLogo.scale-200.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\akira_readme.txt	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ppd.xrm-ms	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-pl.xrm-ms	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RICEPAPR\RICEPAPR.ELM	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\akira_readme.txt	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\dd_arrow_small.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Viewpoints\Light\Cavalier.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteAppList.targetsize-24.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\large_trefoil_2x.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Store.Purchase\Controls\SuccessControl.xaml	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\plugins\rhp\akira_readme.txt	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File created	C:\Program Files\Windows Photo Viewer\ja-JP\akira_readme.txt	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SmallTile.scale-125.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsSmallTile.scale-125.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\Weather_TileLargeSquare.scale-200.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\GenericMailBadge.scale-100.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\GenericMailBadge.scale-150.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\Confirmation.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Trust Protection Lists\Mu\Analytics.DATA	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalAppList.targetsize-36_altform-unplated_contrast-black.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-24_contrast-black.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\akira_readme.txt	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-white_targetsize-256.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-80.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.targetsize-72_altform-unplated.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-30_altform-unplated_contrast-white.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.scale-125_contrast-white.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-30_altform-unplated_contrast-white.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Reader\akira_readme.txt	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\icudtl.dat	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_KMS_Client-ul-oob.xrm-ms	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\db2v0801.xsl	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\sql70.xsl	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\nl-nl\ui-strings.js	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ul-phn.xrm-ms	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\WPFEXTENSIONS.DLL	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Resources\1033\msmdsrv.rll	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailAppList.targetsize-80.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\en-US\MSFT_PackageManagementSource.strings.psd1	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\hu-hu\akira_readme.txt	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Locales\qu.pak	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_Subscription-ppd.xrm-ms	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\akira_readme.txt	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-125_8wekyb3d8bbwe\akira_readme.txt	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\resources.b1f209fa.pri	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\it-IT\MSFT_PackageManagement.strings.psd1	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-20_contrast-white.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\en-US\MSFT_PackageManagement.schema.mfl	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\eu-es\ui-strings.js	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe

Suspicious behavior: EnumeratesProcesses 41 IoCs

pid	Process
440	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
440	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
3104	powershell.exe
3104	powershell.exe
440	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
440	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
440	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
440	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
440	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
440	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
440	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
440	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
440	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
440	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
440	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
440	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
440	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
440	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
440	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
440	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
440	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
440	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
440	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
440	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
440	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
440	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
440	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
440	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
440	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
440	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
440	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
440	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
440	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
440	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
440	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
440	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
440	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
440	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
440	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
440	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
440	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	3104	powershell.exe
Token: SeBackupPrivilege	1672	vssvc.exe
Token: SeRestorePrivilege	1672	vssvc.exe
Token: SeAuditPrivilege	1672	vssvc.exe

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
"C:\Users\Admin\AppData\Local\Temp\1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
PID:440

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -Command "Get-WmiObject Win32_Shadowcopy | Remove-WmiObject"
1⤵
- Process spawned unexpected child process
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3104

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.akira

Filesize
1KB

MD5
7e076f4a27176bb83afa9b4b86d6a5b2

SHA1
63de804f1f98240d6ac8824055ddf1bd6978ba5e

SHA256
3e0a9bb07044ea47b7853908da0a9b84ea540e8601d56192b2bfe8755873a28a

SHA512
a27b9cd05c96f419baaf4cf4436131b272f1666b23ec6a84646b24cfe0f16d32b44c0e3bc49a22a0bddd477bd9cb96d2d912c765df7cb34396f8bc0e6ee03c63

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons.png.akira

Filesize
1KB

MD5
fb4e7d3fc76b1f8a5805278cdb45bca1

SHA1
ef7198450b14112a79d8d26277cf697157cf6d0b

SHA256
c70e866d98fd17ee8cf9f2c48541b445a511923d382701e7887c480b10ec835a

SHA512
8427cfe329a3b9e7e3452b40aaa440fd240bbb7a50dd1717cd10ada98c1d5fbb3e2509252f7704d48da5d8d4cc9bf632d8d6d88a5526e6f9922cd98dc9244903

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png.akira

Filesize
1KB

MD5
d6780c862ed703704a6c80b2661e55dc

SHA1
43262d6a375739c194abbf240f97456be094e262

SHA256
6587087ebf5b44550b444a054d5759a9038f9a44fa6a516f5f89777607162741

SHA512
202be3ff0ba3a21bec51e5cf87c38b5e65a3ce62195be3407bfd61471166a865e1a24471b78176ce4f5a36eef3bcafb7e096f6adf2c81580ec681dce1f8fe6b4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.akira

Filesize
979B

MD5
e35a862242d85ae0da5b4e053233e740

SHA1
723d9d18e3344de65ae36b577ea82e93ef0c0fac

SHA256
b6ecb3d9e155874a269bef612f4fc5e9519b436586fae2164b51621306cbeeb0

SHA512
bb9c824d4e9c2dcf5f8eb85d30a51fbe0831d51888312cbac572c5ee97bd58c6ef9933f8e5d30690dbb744fef9046955956117dcfae6f53e88fed902015a069a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.akira

Filesize
1KB

MD5
af45aa42f9f8966077c5b36f856b859a

SHA1
e5f3f3811c76b8d82c5efe89adfcc7d2f504f2f8

SHA256
21ea6d34c8dc7e08051d06102f1d76a054a13e1acd158b1b1da3464f87da602f

SHA512
594a8ad00953b386080c8324b3bd61cc5ce33e6d6165bdd448f67c65e43591a065859be9446a7d5e54eeb41b112ae1e6b4b14fd853d3138f0b554f53800bb5a7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.akira

Filesize
922B

MD5
dea7e84d03dbc5e5a6d47388d880ab39

SHA1
0a28249bd9c89250e92014e61c212a3a9b5cb1cc

SHA256
fb7841985a480c24b1ff7d6b12274fe89cd5d391e8a9b7586b7c015347bfe79f

SHA512
53ef4c9292138bb708403fb8bdad4d19fe9877c07d10f0b9edb055619e28723b88f259588f2bdd24d47ec598e57508d2e1740557d0b204ddc1fd3ce63323b3a5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.akira

Filesize
1KB

MD5
64e3d37170d259ef6f29abded5f5905e

SHA1
76c7beca749128c218ccfbaa1f9b843cbaa37e49

SHA256
51e8b59ae58c7b6c5c884989335f94da4579cdf0683e73adca3ed8acb08a3724

SHA512
0a04f0a1f4f04c7b03b725b84d15da494a2dda4e46acc6ab6a76921fe7363a96803044ca279ae317b4d3decee3c05749d461b584d906eed2e61afac522847f42

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.akira

Filesize
922B

MD5
a87468e04be32ad61ff7096eaaa0e55d

SHA1
12c2cafbab787ebe97b8c06e647a74ed7b63c52c

SHA256
830df0caa310c11dba406bb9f537dbb570fc7e177b76480a1dea12d952e0cc86

SHA512
efcc6bcd1e11125e49d127880657d976994661b9105f16179d0448777d385c5ac3df94ade83ef3a78c86f2a4ff47758e0c61ac2fe548ea113e9dc3b6bff3fe2f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.akira

Filesize
1KB

MD5
bf5a2b787faf931a39759893d7c887e9

SHA1
ea57e2bfa0504fe2d55ed68acd034af55c7a554e

SHA256
76d0dc97425bc22beb4f14d073c1ce4a5a22be70dae7b19420936766313dfad2

SHA512
f504f238a17af5b38e1015f830b8bfe75f442c675d37812f4d3211c542041b363e62c991abec8a7011cb65b2275fa54b73d72ca52454a2e5c515d750bc711054

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.akira

Filesize
922B

MD5
0c9cb9cc89c16471b5376622e53fa27f

SHA1
bbc7db8bf8b9e93a8c3b88b0d827dabaf2364861

SHA256
fb51093e44b607158212cecccd4d8717f166469cc15e6988add4062be0b83f8a

SHA512
599b68af76bf1b70dee8f8e10515cc977322e86e810dcbe9ab69f4e75b148b6061b7d2e7d8801ba6d6730a21e69709ff6cbd1d691cfbfbba81fbb71dba924676

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.akira

Filesize
1KB

MD5
e9b9818172cc2ae2e42d54e5e62120af

SHA1
bd1ff8d203186593a4b85f15d68a0813d06dab7b

SHA256
5e8cb7a196f966166e2ebf7640dc6aef169b853c93548117c07346c6563009ae

SHA512
243ac4e3a382a9584c67a469104236f1c1e1f0c246a68be5ce5d7c9049d902239a218bc184b6beb7bd5d570836de47ae1be99ca2c242fc52d2252daac5f286e3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons.png.akira

Filesize
8KB

MD5
786cf2b22dbe1b2f5705db138a494807

SHA1
cd4e9c0b102ad8e477ca56b713a94c93b64bc96f

SHA256
e62e3826a25e89218904fa662767818243b2c940a422afc2fe9816521c3155f4

SHA512
874571bc67e289384d2e8b20a7e429091439decd265598250de68ab04821cf9c6b78d4759196d36802eae46d2b45bfbd8c227ae21a29cfe1b564192f0cb7ed0b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif.akira

Filesize
8KB

MD5
3bcc54e1ed13c9e47e8679b707ea93a4

SHA1
68288bf82fa4c8c2e8903630504cf209825a1cfe

SHA256
b05df66fa5583dc5777c4ab7b3c5cd7bbac2df2173f6886e25c58091abffe355

SHA512
35f4885d7405a08ea10874856b1b8bb7046ba78b8ef0b153ec5b079f27d02db7d79dde1971c26a8c41e9c7dbe1497f110d89070ab9ae49c8b343c07c3ee5dc09

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_retina.png.akira

Filesize
15KB

MD5
d531c344b844311291a378defe41e746

SHA1
11b6ab209f31cce575ba8799a8744475d68b3b4c

SHA256
762623b12a17f1102bee149b4ea44a9ff2b6de4fe6945f779d6c124b1c8f066c

SHA512
52a5dcfdc3dba5dc8c0112c9fe1f5f957da8cd90eee3bdddc59fd1e3f7a9ff53086564b9f4636646254b0c5ba71ca05319e6459f544660f95af4f82823570613

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons.png.akira

Filesize
8KB

MD5
ba4408cfef7396997bfbb63e3cad6745

SHA1
08037ed998822333b81333f95565b00be0d3a6bd

SHA256
01eda050b682c03fe8b9b44e90fb6a22c05e217f827bfc99e662e95846123e60

SHA512
6af2b9ac0728777835ced604f6e4dc24ca93ed350245b7bb225f9b568e17368b092e1e6179a0bd4f711c65bd779c58e8a36944ea2a18f602ac41f4f55a9a0cac

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png.akira

Filesize
17KB

MD5
fb865795733555cad5c7baaec029cdd7

SHA1
e79197dc58f07587fbe566680561cf99d4ecbe13

SHA256
3db013054f57333b13503870efa85b6218e6f36a09315339646ce1224a6a87a3

SHA512
be502c0ef73c315c2a0f372b4c8610d96de5c1e44291d5fa110ef3f46a6da8c0970ec0ef0ec4bf86eef9352a742ecae8b13d96c62c843ea3ec8c0628c7d36419

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_pattern_RHP.png.akira

Filesize
713B

MD5
211815acb9f2cf77c58d4670a2bbcb36

SHA1
fed900202ecd244fdc591f408d90d3d2645abfd5

SHA256
dc72308aa759cdb8ff5e14a2bc075a9ab60cfc47648b485535bcdfea5d15b8ae

SHA512
c14034f6a08abe3ae322258ce50ff78035c721ea9346883c08fc7d22ef9c1f934144e87ab13fdfe1ae07a3cabffe2a130dbb8e55521929e6b379bae309ce905a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png.akira

Filesize
1KB

MD5
d4df1f153cb958f6339e128d1a144779

SHA1
f18a5881fe584436b7f92e1f2d1d1d5d9fbcabca

SHA256
24a20435529fc372d18f06e8f96ff65b6f6ea34a527f9cc00cc4bbbbe6d7e6bb

SHA512
4a414754defceccca41cb07121cac8a30e3869ebfd5bbac5cf78b37d58e74c87874aa54ab83147fd7aaa6fb28885dcbab05cd675cc8d7a66dac1316953e754ff

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations.png.akira

Filesize
9KB

MD5
3283d4259b0eb93f5b11a20336932f3a

SHA1
6f03981823040ec7ef40b9fd68c13caed89b092d

SHA256
3731246b52435adcfc9807bfdc6825de005409b40da87cff139b88974d03aaaa

SHA512
4a852695afce8fe8f3c2b9306de9711c406fad5e705a85e32faf7d9d39827e2e6dec5e4000f02a126f8bafab6246d923e914cf73d2015544e6e5146acbe3a687

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png.akira

Filesize
19KB

MD5
75f3d15725664538f5d190fc7599f33a

SHA1
fd7b1779f7e1d37b0336ae504e438b602037b5fd

SHA256
4a147ec8e2717e68d08f0363c352e872d6003ffba2846fec74d252458a8b0e9c

SHA512
f09e947daff9b481bac3c744190cca3a36b512680dfa410de2fb44416e2072a94f9b448d5ff56afbf7417b7d9bcbc328e4d4d3b22bd82df5c4131eb5c9257a43

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.akira

Filesize
1KB

MD5
fed16f6e396aa8fd64b4053073eb1348

SHA1
80db34e322e4af2325286453739e37f18b5f609b

SHA256
a30393ba6e6018ec795e8fc87c60e05ba18ae4e1073c6390f10f29e0d7ff8cdb

SHA512
08b5c764a7b22d54f9547eb868b7bed08c2b796e83d366307c340a6361501430252abaed23a5dbc02d7b0741618e55a444c4268b797f37e7a27f7c01c61886d1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.akira

Filesize
1KB

MD5
581cd5472752f58b52f32e118d5ebd35

SHA1
fb09dbeeb9b2506aa1f9bb410322045362d0e8bf

SHA256
7545d0f700d3ff35acf88f4eed79cc92622ec2d2c45f977b442e89fac15d0347

SHA512
38a1cf0912eff5c17f3427dfaf334469d93a2c413bc77849f45bbbcd15d974434c80329c6d44d8ac74a2b139f9c3cee79be07f3e640e30b13b23a24fa8dcc56f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.akira

Filesize
1KB

MD5
fa7598bb4e9b9e0d095293f497fd2422

SHA1
e1e48fbfb3bf1241007d13b31ee34ae00f8a983c

SHA256
0cb627028fcf9d08b16f74d9ba67a3739af69d5cd67803efa267a9d370f5989a

SHA512
752f20f7987898d9e24e1618d27c85f1eaabfc16648c48f634db6d32d343f79c2133d8bec6e8d022c95fafdbf6f9bb903260472c3808b6157322a3c8435144f1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\css\main.css.akira

Filesize
1KB

MD5
3317eb178738d91644502f3885b7c74f

SHA1
7214095f32b11c2ff14b803456e2edc206f7b271

SHA256
5f9c1b466942abe6d1c1dfcd987b4837e64fd37e05e6e221090a8adaaaed037b

SHA512
d038eb90ad82647e572e7fa0d86c72af92e2a12520762f5f07dcfd23846d8f33f22443ed0f266b3cc8d86cff8bb2bb9edf9f5afd8dfb09cd239904cbb13eb80d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.akira

Filesize
3KB

MD5
2437be7113bf63f12c32e4cf42a01c71

SHA1
acbdc942dcecbb2320140af1ae8e27ee444634c2

SHA256
6308311339a2aedc9a3c1315c0cd231778b22a98fd03f693b0c3ac7c30f1f1ae

SHA512
a51dd2435b6c6d335ca7dc4e8ba44f5e5ff2de9fa0c0f3c9a8ed9f3dc357608bbc3f11e222962fbf9c64dd4fa7003a01ad78cc2a1f9f34c4aeda5126480d2b11

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.akira

Filesize
2KB

MD5
2c0adcc1e15d6cacd4975c52f7c5ffd3

SHA1
b4c7cd5da7b81afceffba20d864649bc05c8a243

SHA256
dcad5a92523e318218487e17cf366feb88989a7ccf97987df245a5e806707788

SHA512
42f0928d7ac3fd98c01ff89a64d3ae31ddfa2aca5b6cc929bb2c3cec094d19b379894d47b314566a645041af0c8acf069c9c78140a5c8532c343b9e369c5925d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.akira

Filesize
5KB

MD5
1de11209ed5d3dc89351665df8093879

SHA1
baf1b24ef023d41df72519106e875e0b105e3945

SHA256
bdd07432306b3821c9bcdd0ae81a9d9c1e37465b314a05273530f492a893b3d2

SHA512
324c75c419dda09d00586e93a033c7a5aa1b20613a9786dcf062f7e04abc293ddb86a7a5250db8b96e06b9ca826ae44bf7840b351e17605d00a7f80846016a30

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.akira

Filesize
823B

MD5
c27ede2cbe28b6d1c042741c1d8154fe

SHA1
3036697f956a5f3182f2602b7eee84d73f02b14b

SHA256
17474686fd4475ce9a59b1dec4049a11ec81a4e753514a02c076e20345074a35

SHA512
a0c298a6f05590f03cfa8b994f94f93a5f9dd295fe4f1be335063edbcb1eadcbd20d1c435fca63a034d0baef58cc9b577beb9f06d6fa918ea4523b8f4ee6a52b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.akira

Filesize
919B

MD5
dfd91a7e7be063e7c49dfdc17614ab42

SHA1
82490439360bcc6d5e6286c3b67705e3b75b1a9d

SHA256
c60861a519598e17df00e43a9ea2b3885f0a5313a1c21a33b01953220b17416f

SHA512
8380196a911d55ee5bfa6fb2e6efd5a163bd264a378585369e69da4b6d57f7d3b494740dfab9bbbd6913e4096334cf61790979bfd3af981d967210eedd3a4343

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.akira

Filesize
1KB

MD5
7d9f98b45813e692ea833d61856e9759

SHA1
e6e7d13a252c6a216c884c053326d0e4cff76c28

SHA256
f7543e59a96d8c7f0746fc653ab44ecc64d747157974afb40343f4f228a22259

SHA512
86e1b8c394e8d4177851595d7dd4e9f12f733ef70e1f174f4ea7aae9620d0c7933d5ee4bce2522c2479f35a775b542f8a128cfc7918fb5c2ebe193a54eab1b52

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.akira

Filesize
1KB

MD5
95f54f3485cce6d0050e2ea36c11ca5e

SHA1
986ff35c7a4cfb5123d64951ab8d3e371e228ad9

SHA256
605754b4dbdb9ff0d6810348a0c9cd47ba35a76aa4de35440d34141b423c45c7

SHA512
33c5c246a6a1134aef1ce76a208d982049d023425882556671e2e1e8bd0764087f8380af0f009e3e946254f2181dc34a88fef6ff2edb065a73b3aed8465d6196

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.akira

Filesize
3KB

MD5
fae9909d681798bafa54da7fefc13dfd

SHA1
25713cad41e04480e8f516ceea9daf972acf3ef5

SHA256
401dfbe91fba82fef1f046036277dc709482af2587000e43ebf15f0b83dda2ff

SHA512
7b9732542dd16a6387b54fb465c6251f1bde78a3969817dbdc794e84dfa311e2919b3d9142ebf47d33b6e024208841347d0a1d56500761d58e86c97ef4074d1b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.akira

Filesize
1KB

MD5
a9064b198ac9108047d3fb624bdd2b8d

SHA1
a1f97fedb7e7825196351427e7932ab112b1ceb2

SHA256
60e3295cdee09b3a63b490f2dda8256fb66d2a72d26675cb006b363fd831e3ce

SHA512
659aa6f3ec0daeeb9e6ccae9fef5ec72ce572b42fca6b16c4c7260c73d53d419ca4469faae8bd03c785ed5797e5c36f77bba172c41faeeadb7020b60f6a5b0e7

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.akira

Filesize
33KB

MD5
add67c245d61dda240a393c51f29af3d

SHA1
10448fc904c4df797555c2903b56f644d26a6269

SHA256
260e273d2dc18b4f5bde5e0bfa158eb436cc86fd2954019ec64f1fae95e985a4

SHA512
b6f8185a411e566e30fe01746754f5fbe9e61348062f4b1ce4d640e71066eaa37f45d3508b22afc59a3f4ab53c0464b6c3b24e21f4c028e303b47496fcdf90da

Download Submit
C:\Program Files\Java\jre-1.8\lib\images\cursors\invalid32x32.gif.akira

Filesize
687B

MD5
983d02ec244d093972e7abda68bc2ecc

SHA1
6da5e5f5f828ea62bb33f6f4d0930c0d6775f051

SHA256
fb087ddb8ae213500ae39e5dd250344a24d48d24b602b97f422d19ecfca628c4

SHA512
b1aa9bbd2de64abdddf664781250804e2b74f7f2171003769d2ea5e0a9e4e32060e78cfd24e2dc0a55acfddb52a19980aa62363f2501aea5262552f18fbbc151

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_F_COL.HXK.akira

Filesize
648B

MD5
837129d11eac805edafcbc07e7a50d0d

SHA1
747620154def1810f7b07293d2e704a1f174d978

SHA256
ade4ec0365e1d82b0e0f3a32401f09dfe4ee07da77cc92d465529d9cfb180231

SHA512
863349cdc28e413ab27088e4b0e4096c80013c286ceebbdfa211aa5d938b17b1284058cdbc3e2a12294701a3caa9df4eec533765ad694fdc7eb61bcfd606c804

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_K_COL.HXK.akira

Filesize
647B

MD5
b2a56f65e594436ba15020c861ed8b7e

SHA1
49612d1ce7ffae89bfddaf2b197217564e0d1675

SHA256
d75fca696efd8d7965d723820a80e0966904a183c66b99d503e9677d662b3ec1

SHA512
2b4cd44c16b963eb63ae5d659f6ebba295c178cf091ee013ea4ac17fc0b90351600c027fbba96f73997905f50fa62d66db93b114e52490ac249bd492b9b27ea9

Download Submit
C:\Program Files\VideoLAN\VLC\locale\fr\LC_MESSAGES\vlc.mo.akira

Filesize
614KB

MD5
6a976c965e70a89d0ed760e32fb9da90

SHA1
e0f2c97019ba933f4ece57aed105ccf6ef5c40e0

SHA256
9813d7f034776ca47b2fe6668b53f4b21e8c5869748556c1546fe25a6c6d7136

SHA512
8fbbd359541f9d91b4b64ac4bf88f03ca2d016daa62c369609d960aad03c8a990c2efcc2eb55044e8b7f1d42bafe599c7d2aea6320072839f1bdc33d77b09d2b

Download Submit
C:\Program Files\akira_readme.txt

Filesize
2KB

MD5
de49e2e3eeb866fc517949893ed74bed

SHA1
3b503e6776a34f026f77ba7fea719dec182575e6

SHA256
994010aaf2f723b06ace4f35eba28068160c38714fda8d62205b3b2e7b96b07e

SHA512
f4c59b0f90ff8f6e05106c47160c239da0b5598845316a5a8705bde5f47378596fead491db828f4ab35ec84f796a22907210b51729d4c023c7ace68dccc1f9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\CURRENT.akira

Filesize
550B

MD5
0d93603a95f776410380e8b6f53e9b5f

SHA1
5898a0b72655caa2c9d0b593d83d56a384eb1c7c

SHA256
deec123134af3d8f3262c684ecab237ac6e7a174f2939874f9f56a6ae227a344

SHA512
f56b0be7f68fcd5a1bc0d23725441dcf6d0d7c6858250e429de9ae902208093a8f7675e75d27fd42fb836e24321fe813e0efd28a59d8c69c737a2b6625efb351

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\MANIFEST-000001.akira

Filesize
575B

MD5
1d2f4f3d5aa7abb27a8ce17adba75b0f

SHA1
ca01c1f461fcb750f93328a062bf1d27c345115f

SHA256
3d52cc62ab77417d7959287e4e36c18e6bb3e5985896749403a23b24cf6ca4ce

SHA512
a519bae4b47946ccbd8e78fe1f2236b10f0b9855dd31784519c3fdbdab97b74aba2d23e9c1de86154ddf5cd3627d9508d806fcbeba9ec9d60a3d00c0aac7dddd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_2.akira

Filesize
8KB

MD5
a0ef8f5e0204a0c10b942a91130d70b7

SHA1
9baa00a55217455490108d6d9d8ef0220fb51743

SHA256
3c6cf8d48f236bfa9136572379d9edf8abc7a1ea37ce29ee6e55b69efa1a6104

SHA512
ffb1592d37e8ea8b50c7d59774b61892441669b62dbe9e54491894aee3a6881d7fbfe1a1ec22ff680a30f740248887ac8392d59e1c6cd2c57ac1144145aca27d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0.akira

Filesize
8KB

MD5
8eb9edd173dfdafd4c379e7ef615d27e

SHA1
84295c00e8295215511bd3ef1b23abb9441cc1f1

SHA256
28af0eee36b7ade0b9ac8d779a71e54acebfa175deebaa1736403c0dbfbd933a

SHA512
808e2d42c51f068c390a82825297a4b6d89a06824bd75718190d3aeb72c5fe6659f50a839320d2b38b87f83ad62c7bb388336e9d61d670f5591f601596ba7845

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1.akira

Filesize
264KB

MD5
1a1ea41558dc9ee23f5ac3ecff44d4a8

SHA1
8fe54cd844688c2ecb208c4fadcdb7bdabfbb5d4

SHA256
df4ca6f0a292d9507ffc63ac81d66d10665898814b62904d7cb0368e4c7da21b

SHA512
46d3ef39ea319b624d2b28aa5d2677aa187fbcf6c77fee81585306ab19ba8a10f529415e698988d7d7a5436cb8bd05b4ab0b402c005f3b66bb7831f82aac7bef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3.akira

Filesize
8KB

MD5
3aed3fbf5b6408342a4b5e4fe591e899

SHA1
3579a6268ff101151e7f8ed0f7adaef9dd350417

SHA256
18b655242ece2897fcf3cc3ecb6bea3ba9ad1c985b668a125ddd2add7b0b553b

SHA512
9a25216440a650d8a1116a4720b1eb69ad1ad96be92140e66ab95037f6c6993e15feb289913fe9baa7dc1c7c687a3fe95c7ee13113875cb29971e71776ec4ff9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
3KB

MD5
9310e95e11733726103ee17277eae9fe

SHA1
d1d1096b6bfc30830866ece7956e84d3794e87db

SHA256
383364a0c6aa8a12ad23a9f7b9937cf011623d168694b00fa3ac5dab6ed8ae3b

SHA512
2e361b81ebe222cdcc60cb263a1e041eb1ea48da32ed9a6039af8cae3c8f2bc082ea64b4b461b28de736f506680fec78ee788c26437639fc82ced554422a2805

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index.akira

Filesize
558B

MD5
f8ab5fe3f38d259f2fdf307a2cc36d92

SHA1
68b583282126274e90386dbe1587e47e789bbb32

SHA256
061c2dd1e0492611fa32f469ad4f6f526201b597eb2bdfc5760ac4b1f9d50f28

SHA512
e60ab62b4d9ae194d5f87dd638bad9e440465b0d513c0cf934ca200846b5d3280c6368204e2cc3904ea928b5f7b100ac892762461a0c12150bee0d522e581446

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_rg1u3w2c.v15.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/3104-11-0x00007FFA4C3A0000-0x00007FFA4CE61000-memory.dmp

Filesize
10.8MB

Download
memory/3104-0-0x00007FFA4C3A3000-0x00007FFA4C3A5000-memory.dmp

Filesize
8KB

Download
memory/3104-12-0x00007FFA4C3A0000-0x00007FFA4CE61000-memory.dmp

Filesize
10.8MB

Download
memory/3104-15-0x00007FFA4C3A0000-0x00007FFA4CE61000-memory.dmp

Filesize
10.8MB

Download
memory/3104-1-0x00000182B8630000-0x00000182B8652000-memory.dmp

Filesize
136KB

Download