7d317343ffac1b8811eb2f88ea4739083f68616a1032ef3aaa6342b3d79f0455

Resubmissions

08/07/2024, 11:22

240708-ng2vrsyera 7

08/07/2024, 11:21

240708-nf95rayemc 7

Analysis

max time kernel
1153s
max time network
1157s
platform
windows11-21h2_x64
resource
win11-20240704-en
resource tags

arch:x64arch:x86image:win11-20240704-enlocale:en-usos:windows11-21h2-x64system
submitted
08/07/2024, 11:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Test.exe
Size

7.7MB
MD5

83d1fec1d36ae907018f59de843cae9f
SHA1

377e21f001fa53e3cf1d5a1f8738442ba78721ab
SHA256

7d317343ffac1b8811eb2f88ea4739083f68616a1032ef3aaa6342b3d79f0455
SHA512

9134740fa8b52a91cd3c4f4d37aa97f05be362c2cff10f3fdb4ebb65de40121651c537efedaca262e733c5ea44d608ddd7cef867dcd1c28a1b8296de8e1464e7
SSDEEP

196608:5Nn0h+sp0v0k5bp62RwanCxjU5x+baJhgK70HfXkqVgur:X0h+sypbM2RwanCx45Y+H+JV

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 12 IoCs

pid	Process
4452	Test.exe
4452	Test.exe
4452	Test.exe
4452	Test.exe
4452	Test.exe
4452	Test.exe
4452	Test.exe
4452	Test.exe
4452	Test.exe
4452	Test.exe
4452	Test.exe
4452	Test.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
4452	Test.exe
4452	Test.exe

Detected Akrien Game Cheat
Akrien.wtf is a cheat program for a selection of online PC games.

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
4452	Test.exe
4452	Test.exe
4308	msedge.exe
4308	msedge.exe
4428	msedge.exe
4428	msedge.exe
4904	msedge.exe
4904	msedge.exe
5556	identity_helper.exe
5556	identity_helper.exe
4452	Test.exe
4452	Test.exe
4452	Test.exe
4452	Test.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4428 wrote to memory of 2892	4428	msedge.exe	86
PID 4428 wrote to memory of 2892	4428	msedge.exe	86
PID 4428 wrote to memory of 4632	4428	msedge.exe	87
PID 4428 wrote to memory of 4632	4428	msedge.exe	87
PID 4428 wrote to memory of 4632	4428	msedge.exe	87
PID 4428 wrote to memory of 4632	4428	msedge.exe	87
PID 4428 wrote to memory of 4632	4428	msedge.exe	87
PID 4428 wrote to memory of 4632	4428	msedge.exe	87
PID 4428 wrote to memory of 4632	4428	msedge.exe	87
PID 4428 wrote to memory of 4632	4428	msedge.exe	87
PID 4428 wrote to memory of 4632	4428	msedge.exe	87
PID 4428 wrote to memory of 4632	4428	msedge.exe	87
PID 4428 wrote to memory of 4632	4428	msedge.exe	87
PID 4428 wrote to memory of 4632	4428	msedge.exe	87
PID 4428 wrote to memory of 4632	4428	msedge.exe	87
PID 4428 wrote to memory of 4632	4428	msedge.exe	87
PID 4428 wrote to memory of 4632	4428	msedge.exe	87
PID 4428 wrote to memory of 4632	4428	msedge.exe	87
PID 4428 wrote to memory of 4632	4428	msedge.exe	87
PID 4428 wrote to memory of 4632	4428	msedge.exe	87
PID 4428 wrote to memory of 4632	4428	msedge.exe	87
PID 4428 wrote to memory of 4632	4428	msedge.exe	87
PID 4428 wrote to memory of 4632	4428	msedge.exe	87
PID 4428 wrote to memory of 4632	4428	msedge.exe	87
PID 4428 wrote to memory of 4632	4428	msedge.exe	87
PID 4428 wrote to memory of 4632	4428	msedge.exe	87
PID 4428 wrote to memory of 4632	4428	msedge.exe	87
PID 4428 wrote to memory of 4632	4428	msedge.exe	87
PID 4428 wrote to memory of 4632	4428	msedge.exe	87
PID 4428 wrote to memory of 4632	4428	msedge.exe	87
PID 4428 wrote to memory of 4632	4428	msedge.exe	87
PID 4428 wrote to memory of 4632	4428	msedge.exe	87
PID 4428 wrote to memory of 4632	4428	msedge.exe	87
PID 4428 wrote to memory of 4632	4428	msedge.exe	87
PID 4428 wrote to memory of 4632	4428	msedge.exe	87
PID 4428 wrote to memory of 4632	4428	msedge.exe	87
PID 4428 wrote to memory of 4632	4428	msedge.exe	87
PID 4428 wrote to memory of 4632	4428	msedge.exe	87
PID 4428 wrote to memory of 4632	4428	msedge.exe	87
PID 4428 wrote to memory of 4632	4428	msedge.exe	87
PID 4428 wrote to memory of 4632	4428	msedge.exe	87
PID 4428 wrote to memory of 4632	4428	msedge.exe	87
PID 4428 wrote to memory of 4308	4428	msedge.exe	88
PID 4428 wrote to memory of 4308	4428	msedge.exe	88
PID 4428 wrote to memory of 1604	4428	msedge.exe	89
PID 4428 wrote to memory of 1604	4428	msedge.exe	89
PID 4428 wrote to memory of 1604	4428	msedge.exe	89
PID 4428 wrote to memory of 1604	4428	msedge.exe	89
PID 4428 wrote to memory of 1604	4428	msedge.exe	89
PID 4428 wrote to memory of 1604	4428	msedge.exe	89
PID 4428 wrote to memory of 1604	4428	msedge.exe	89
PID 4428 wrote to memory of 1604	4428	msedge.exe	89
PID 4428 wrote to memory of 1604	4428	msedge.exe	89
PID 4428 wrote to memory of 1604	4428	msedge.exe	89
PID 4428 wrote to memory of 1604	4428	msedge.exe	89
PID 4428 wrote to memory of 1604	4428	msedge.exe	89
PID 4428 wrote to memory of 1604	4428	msedge.exe	89
PID 4428 wrote to memory of 1604	4428	msedge.exe	89
PID 4428 wrote to memory of 1604	4428	msedge.exe	89
PID 4428 wrote to memory of 1604	4428	msedge.exe	89
PID 4428 wrote to memory of 1604	4428	msedge.exe	89
PID 4428 wrote to memory of 1604	4428	msedge.exe	89
PID 4428 wrote to memory of 1604	4428	msedge.exe	89
PID 4428 wrote to memory of 1604	4428	msedge.exe	89

C:\Users\Admin\AppData\Local\Temp\Test.exe
"C:\Users\Admin\AppData\Local\Temp\Test.exe"
1⤵
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
PID:4452
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3948
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:6064
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:5592
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2872
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa9da53cb8,0x7ffa9da53cc8,0x7ffa9da53cd8
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,4472728167774327173,3833557081414579978,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,4472728167774327173,3833557081414579978,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,4472728167774327173,3833557081414579978,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2548 /prefetch:8
  2⤵
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4472728167774327173,3833557081414579978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4472728167774327173,3833557081414579978,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:2776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4472728167774327173,3833557081414579978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:1
  2⤵
  PID:5628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4472728167774327173,3833557081414579978,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4540 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,4472728167774327173,3833557081414579978,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4576 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4472728167774327173,3833557081414579978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4472728167774327173,3833557081414579978,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4472728167774327173,3833557081414579978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,4472728167774327173,3833557081414579978,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5884 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,4472728167774327173,3833557081414579978,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1708 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2000

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2684

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1940

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1608

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\AkrienAntiLeak\java\bin\awt.dll

Filesize
1.4MB

MD5
8034610b3e92f99e739acc9a33725fa9

SHA1
94b0b8b4698b6b98483b5b655dca2dd4f77d50e2

SHA256
698841b130cb9b135f4111d09daaa6693aa9a8528adeadd08523374bc4047e36

SHA512
ba34813903d0c9abae0f9be1b1eb0b5581e9d0eb011d43adccb06f97cea063d9a5f81fc9e6ba239ab76d801224f0c3411c45a3eee62357b1610f282cecb887fa

Download Submit
C:\AkrienAntiLeak\java\bin\java.dll

Filesize
148KB

MD5
a516863257644db008e4170f56edd85d

SHA1
6f330cc533262de0e8715669630b9bec6830f5db

SHA256
575f3a3144f4b13347d859acbc9e5cc45bc5aeb20e93159066f4ddb7634f1df4

SHA512
ec59ec515a2c5ad6fec8b15cf5b6d9ae4bc18e869a6258aeb9dce4afc7c5ef1502b07d368ee90856d5e4489a0b70117e93db3d7164359a7dbf87f52c8ec80046

Download Submit
C:\AkrienAntiLeak\java\bin\management.dll

Filesize
30KB

MD5
35a75985bbcbda81ebdb4b846d9e81d8

SHA1
dd2304697c8494b90c6e1f455e3e69de27afc376

SHA256
5d086fbad6335425663a203b9aa3641b65d5c1ca0ceb1cd9e5e7851c036c7a19

SHA512
68dc557280b566b3b5aef3d7a2e438ba388d1178bf8fdfc79772be9e66318679072ac95d9366af1360f146d2cd746a4f8d8f4d93104fd5f14105aab5a5d3ab17

Download Submit
C:\AkrienAntiLeak\java\bin\msvcr100.dll

Filesize
809KB

MD5
df3ca8d16bded6a54977b30e66864d33

SHA1
b7b9349b33230c5b80886f5c1f0a42848661c883

SHA256
1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36

SHA512
951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0

Download Submit
C:\AkrienAntiLeak\java\bin\net.dll

Filesize
89KB

MD5
71d2ae9fe0d5d708797ff32652c1e50a

SHA1
aa753edeaee6ab15d489d467dd14ec31bc67594c

SHA256
e4a52e6011b0e5831c4048a3f3e5462bb15fe6ea874007652397e524c8293fb4

SHA512
8d4fcb38700bcbc10a5f2b684a4ea116d8435a6d3febe949608e5fd5a7b91d165ad934667498209201c39098f1f2e0ac2d23e7f809efba1d86685d40751b17e4

Download Submit
C:\AkrienAntiLeak\java\bin\nio.dll

Filesize
53KB

MD5
411e7b5bceaced72ddb7dc552ebd4ce1

SHA1
f6c54c95886d754045e633e720303998181c23f5

SHA256
13eb467938a6ac9d4cc5df46e0aa371604ee38d9c4652c8c6c22176bb4586078

SHA512
24cbf0e6b79284c8c279a5c9420e5f9ccef2dcde2d316ed44c7a96e7704bf8387309633cf89f6af859a380e1f67b3c740ac660ffb01e295fc7be1209c14449e5

Download Submit
C:\AkrienAntiLeak\java\bin\server\jvm.dll

Filesize
8.8MB

MD5
e11b672fab7e7a25f3c45d80980e915d

SHA1
4d733814c684295013ccf6bd7531414d7702908a

SHA256
0b560a12128eedaa374b60e1dad15900d07982bcbf5648485a4c253a44bf2570

SHA512
f1df78178e3a0fecead8cfa5d115aab607b8c2bbe405c7e99020bd0e3a83274d660c37436c4a29d76923e170cd577885c2747e90e65c2350ece66169644bfd17

Download Submit
C:\AkrienAntiLeak\java\bin\sunec.dll

Filesize
126KB

MD5
17dde0f1cbe235168ffd86bb819f1aaa

SHA1
ddb5ec92f786d143665a597d06fba89e9036dfd6

SHA256
209663ba3570359809d187864b835554e7c1d0f97ade41ed71d90c8ec9973dc4

SHA512
356f45a6ecde6fc86ae6401af967074b9e7124587e2dfef3957db3b08ca5b93cfe34c9150b55267b5dad1527006943afa9235914c7677098b63e40316c4fd4f5

Download Submit
C:\AkrienAntiLeak\java\bin\sunmscapi.dll

Filesize
26KB

MD5
5c17a6c12518e6a0d81c3bcec574f11a

SHA1
a366c13fe01c1aee3589c5f3b1a8155c5402c4dd

SHA256
9bbf13754b4e3f8a8fce93729170ad9587cfe40b9577e599eb75daaf73174983

SHA512
34b12b0614e955ef8217ec381858d0ec41854054b8fd4d529d660b251e06d3f9483c5240764d263ed673497bf2f3971dd659a6c2018136da2c0e23b2f293db2e

Download Submit
C:\AkrienAntiLeak\java\bin\verify.dll

Filesize
41KB

MD5
b3bdcdf717264334359b320a51c7b3f9

SHA1
3f4ab81565978c03e442c50e89537295e3afc545

SHA256
a179b80c32724970fb158e8a35b77c66d5e4532780bdd1a0b632562168486aef

SHA512
979cb4e5a89a10de793bf1b572ed20a7ce6cd48837cb89c325b99df9131f3dc568c7a7c052d7193de5bd110360a805f2d0052a8592d4ed2e09ddc934fc4254ef

Download Submit
C:\AkrienAntiLeak\java\bin\zip.dll

Filesize
70KB

MD5
65f9ddc334ce5ba48374cecd54cb6492

SHA1
592f5c22a24870140c10736f409f106ffb19e50f

SHA256
7a8ca42553987632c5b8a03cb6bb17ec43629505282af325ccb2c63783d37cad

SHA512
a7b67f5bf8d286882479587bb4ee8197228a5651ff8c521edb26e3029154ca28ccdb36ced08d6243cc950d8cb4cf0a5b6e875cf1460928b3e6ca47edd6fd4f15

Download Submit
C:\AkrienAntiLeak\libs\natives\lwjgl64.dll

Filesize
310KB

MD5
0b9fcfbd6d44e4d83605cc35171668c8

SHA1
f4013116d6750829851370ed19a9eaf8251ad6e1

SHA256
ebdcedbc3e24b911aacd7bb666ab426397ca7d7883a8d4e3cf28946041c95425

SHA512
e920e284f47f888d10cac45ec8775e58481f5a8c2316d3fa01ff1e7b1bb63c64d2d0850b2da8fd040727b969d3b3f9b85afbd86b6cbfaecca580b853a1499f59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
640b9bae54d22b45b4d52a96e2f81f13

SHA1
b1c7304e9abbe1759f8df7f88ca2c6354b42fdf3

SHA256
834c17e205445d197a64177b76ae0bb718bfe2eb8ffe492f008946603edf80d4

SHA512
8baaa3339cddca01a018e9a0900426a7590f7107c55372d65fe932dd570bb4289238977396037c9bf73157d6bfd7f1f5795842df39c354200c2af1a84014e6a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b45c28d31ee31580e85d12f5ce5b6a46

SHA1
8bd9a23f3141aa877711fc7835446b8783b51974

SHA256
d944d6021a2fdf016911aa4d9e8b437431fa4f92b0229b9e3322b4354a4b19c7

SHA512
3628da551c52367a4b54ca0cb7c401f7d3a8dd37375b3b57d82adb06c96657ac55d593ffa7a9f000f74ecd7e6d35562a96013d0c70b04123f055a4d2af72aa3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cad99d6fbcf15e7799279a66df03b3f1

SHA1
1bc6c34945c005abe76611c239122d6c5670620c

SHA256
b3fe5abe35d817669862dd4ca0b498cbab5357f26b6e243aeaf3fb88a3aa23a8

SHA512
77be3acc210b4df0182eec9737b2a84e9de0da138d835c5ff111f0b4b71c81bc1beca31b593e9f1b3807bd0bc88890edcab7998ae6e89579e498e7155f525ff1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d4c357dd1389ff615144bdf488f2165a

SHA1
7c2cba9547d57e6b73f40eba89d946327f2400b6

SHA256
1b40f9709776c449063d2af7ca6f2bd1e84a2517210cbf576198f521d1a96c01

SHA512
a2a0af968b17a7505b020b04b0b6d13e6b78781eb829f7bac47a075c4644f92057e07bfc98c0a2bde8d50bc1ccf36793332b2aeb14d2164cc05bb93448ddcde3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
03cbe18fde190a9426df24bd539b8436

SHA1
f170d2b793af3959f77b7dd2d74e036a8423f1b3

SHA256
392e7c7dce0fadc5d0e5ca21ca9fa405202755bce7ee783f7cd49f7eed44000f

SHA512
9cf9f885c34ca4fd91215626f79c9cc5b8d072d771427b247d98e141924d984a91f74b3196b834fefda12e4d146930e232eae1754144d4d008dd782de428d394

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
76c8d54a05042680a2c7e0d5651b4c29

SHA1
0855f2a9dc5a937b8fdfcce65390f7fb70f2f037

SHA256
b884e6f44f167dc98c9e4394954a171758eff2484a10c5aaa01845ae10e9b5b5

SHA512
c4a2c7ebc20085d6cfde814c4d5badf4c024da27bd91ef7d29f4cdac361faee5dd6a83fb0fe17226f66bbc882d2f753efe65aa03bac83a287ef5c1f9e243666d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\436EZ8MY\assets[1].htm

Filesize
167B

MD5
0104c301c5e02bd6148b8703d19b3a73

SHA1
7436e0b4b1f8c222c38069890b75fa2baf9ca620

SHA256
446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f

SHA512
84427b656a6234a651a6d8285c103645b861a18a6c5af4abb5cb4f3beb5a4f0df4a74603a0896c7608790fbb886dc40508e92d5709f44dca05dd46c8316d15bf

Download Submit
memory/4452-2500-0x0000000075450000-0x0000000076856000-memory.dmp

Filesize
20.0MB

Download
memory/4452-0-0x0000000140442000-0x000000014097E000-memory.dmp

Filesize
5.2MB

Download
memory/4452-2499-0x00007FFABE6C0000-0x00007FFABE6C2000-memory.dmp

Filesize
8KB

Download
memory/4452-2498-0x00007FFABE6B0000-0x00007FFABE6B2000-memory.dmp

Filesize
8KB

Download
memory/4452-276-0x0000000140000000-0x0000000141127000-memory.dmp

Filesize
17.2MB

Download
memory/4452-2544-0x0000000002490000-0x0000000002491000-memory.dmp

Filesize
4KB

Download
memory/4452-275-0x0000000140442000-0x000000014097E000-memory.dmp

Filesize
5.2MB

Download
memory/4452-2563-0x0000000002490000-0x0000000002491000-memory.dmp

Filesize
4KB

Download
memory/4452-2564-0x0000000002490000-0x0000000002491000-memory.dmp

Filesize
4KB

Download
memory/4452-2591-0x0000000002490000-0x0000000002491000-memory.dmp

Filesize
4KB

Download
memory/4452-2593-0x0000000002490000-0x0000000002491000-memory.dmp

Filesize
4KB

Download
memory/4452-3-0x0000000140000000-0x0000000141127000-memory.dmp

Filesize
17.2MB

Download
memory/4452-2-0x00007FFABE6A0000-0x00007FFABE6A2000-memory.dmp

Filesize
8KB

Download
memory/4452-1-0x00007FFABE690000-0x00007FFABE692000-memory.dmp

Filesize
8KB

Download
memory/4452-2690-0x0000000002490000-0x0000000002491000-memory.dmp

Filesize
4KB

Download
memory/4452-2704-0x0000000002490000-0x0000000002491000-memory.dmp

Filesize
4KB

Download
memory/4452-3219-0x0000000140442000-0x000000014097E000-memory.dmp

Filesize
5.2MB

Download
memory/4452-3220-0x0000000140000000-0x0000000141127000-memory.dmp

Filesize
17.2MB

Download