akira | 1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc

Analysis

max time kernel
288s
max time network
203s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19-07-2024 13:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
Size

573KB
MD5

503f112e243519a1b9e0344499561908
SHA1

8d635ca131d8aa20971744dcb30a9e2e1f8cd1be
SHA256

1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc
SHA512

71da9efbc24bf3428f7efd08f47e6dc698cdae769a918800de72ab4945fb79c2f5b92d21a839d9e13e700b3cfd6ae365073c32a6f368e43830c6ccba3322d00e
SSDEEP

12288:BV0qnXKTH2P6rxTcQpXDHgswvodgnAdA:BV0EMm6rxTcQjos

Score

10^/10

akira execution ransomware ransowmware spyware stealer

Malware Config

Extracted

Path

C:\Program Files\akira_readme.txt

Family

akira

Ransom Note

Hi friends, Whatever who you are and what your title is if you're reading this it means the internal infrastructure of your company is fully or partially dead, all your backups - virtual, physical - everything that we managed to reach - are completely removed. Moreover, we have taken a great amount of your corporate data prior to encryption. Well, for now let's keep all the tears and resentment to ourselves and try to build a constructive dialogue. We're fully aware of what damage we caused by locking your internal sources. At the moment, you have to know: 1. Dealing with us you will save A LOT due to we are not interested in ruining your financially. We will study in depth your finance, bank & income statements, your savings, investments etc. and present our reasonable demand to you. If you have an active cyber insurance, let us know and we will guide you how to properly use it. Also, dragging out the negotiation process will lead to failing of a deal. 2. Paying us you save your TIME, MONEY, EFFORTS and be back on track within 24 hours approximately. Our decryptor works properly on any files or systems, so you will be able to check it by requesting a test decryption service from the beginning of our conversation. If you decide to recover on your own, keep in mind that you can permanently lose access to some files or accidently corrupt them - in this case we won't be able to help. 3. The security report or the exclusive first-hand information that you will receive upon reaching an agreement is of a great value, since NO full audit of your network will show you the vulnerabilities that we've managed to detect and used in order to get into, identify backup solutions and upload your data. 4. As for your data, if we fail to agree, we will try to sell personal information/trade secrets/databases/source codes - generally speaking, everything that has a value on the darkmarket - to multiple threat actors at ones. Then all of this will be published in our blog - https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion. 5. We're more than negotiable and will definitely find the way to settle this quickly and reach an agreement which will satisfy both of us. If you're indeed interested in our assistance and the services we provide you can reach out to us following simple instructions: 1. Install TOR Browser to get access to our chat room - https://www.torproject.org/download/. 2. Paste this link - https://akiralkzxzq2dsrzsrvbr2xgbbu2wgsmxryd4csgfameg52n7efvr2id.onion. 3. Use this code - 8207-KO-BXVB-HKJB - to log into our chat. Keep in mind that the faster you will get in touch, the less damage we cause.

URLs

https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion

https://akiralkzxzq2dsrzsrvbr2xgbbu2wgsmxryd4csgfameg52n7efvr2id.onion

Signatures

Akira
Akira is a ransomware first seen in March 2023 and targets several industries, including education, finance, real estate, manufacturing, and consulting.
ransomware akira

Process spawned unexpected child process 1 IoCs

This typically indicates the parent process was compromised via an exploit or macro.

Processes:

powershell.exe

description	pid	pid_target	process	target process
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	1912	2372	powershell.exe

Renames multiple (7629) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs
Run Powershell command to delete shadowcopy.
execution ransowmware

PowerShell
T1059.001

Processes:

powershell.exe

pid process

1912 powershell.exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

pid	process
1912	powershell.exe

Drops desktop.ini file(s) 4 IoCs

Processes:

1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe

description	ioc	process
File opened for modification	C:\Program Files\desktop.ini	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files (x86)\desktop.ini	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Users\Admin\3D Objects\desktop.ini	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe

Drops file in Program Files directory 64 IoCs

Processes:

1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe

description	ioc	process
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\contrast-white\WideTile.scale-200.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\root\ui-strings.js	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\en-il\akira_readme.txt	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\photo-shim.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-72_contrast-white.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\akira_readme.txt	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File created	C:\Program Files\Common Files\System\ado\fr-FR\akira_readme.txt	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SATIN\PREVIEW.GIF	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailLargeTile.scale-400.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\uk-UA\MSFT_PackageManagementSource.schema.mfl	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-80.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-16.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Images\hero.jpg	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.winmd	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\nl-nl\akira_readme.txt	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\ca-es\ui-strings.js	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ipschs.xml	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\fonts\akira_readme.txt	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-32_altform-unplated.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarLargeTile.scale-150.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\de-de\AppStore_icon.svg	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\StoreLogo.scale-150_contrast-white.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\RTL\contrast-white\MedTile.scale-100.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\StandardShader.vs.cso	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.targetsize-20.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\mso0127.acl	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\css\akira_readme.txt	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\akira_readme.txt	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\MicrosoftSolitaireAppList.targetsize-96_altform-lightunplated_devicefamily-colorfulunplated.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-80_contrast-white.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\it-it\akira_readme.txt	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarAppList.targetsize-36.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\RTL\contrast-white\SmallTile.scale-125.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Grace-ul-oob.xrm-ms	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\rsod\excel.x-none.msi.16.x-none.tree.dat	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-200_8wekyb3d8bbwe\microsoft.system.package.metadata\akira_readme.txt	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-60.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsStoreLogo.contrast-white_scale-200.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-white_targetsize-30.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Place\contrast-black\akira_readme.txt	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\sl-sl\akira_readme.txt	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\akira_readme.txt	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\LargeTile.scale-200_contrast-white.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-black_targetsize-30_altform-unplated.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\AppxBlockMap.xml	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageWideTile.scale-125_contrast-white.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\models\appuri.model	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxIdentityProvider_12.50.6001.0_x64__8wekyb3d8bbwe\XboxIdp.Tasks.winmd	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\gu\LC_MESSAGES\vlc.mo	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\TimerMedTile.contrast-white_scale-100.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\akira_readme.txt	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\sk-sk\ui-strings.js	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\uk-ua\ui-strings.js	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\fr-FR\mpvis.dll.mui	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\fr-CA\View3d\akira_readme.txt	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteAppList.targetsize-30_altform-unplated.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\CalculatorMedTile.contrast-white_scale-125.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarSplashLogo.scale-200.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\LibrarySquare71x71Logo.scale-200_contrast-black.png	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\cs-cz\akira_readme.txt	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\FREN\MSB1FREN.DLL	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\en-il\ui-strings.js	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Locales\fr.pak	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe

Suspicious behavior: EnumeratesProcesses 43 IoCs

Processes:

1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exepowershell.exe

pid	process
4872	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
4872	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
1912	powershell.exe
1912	powershell.exe
4872	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
4872	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
4872	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
4872	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
4872	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
4872	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
4872	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
4872	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
4872	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
4872	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
4872	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
4872	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
4872	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
4872	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
4872	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
4872	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
4872	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
4872	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
4872	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
4872	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
4872	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
4872	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
4872	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
4872	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
4872	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
4872	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
4872	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
4872	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
4872	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
4872	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
4872	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
4872	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
4872	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
4872	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
4872	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
4872	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
4872	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
4872	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
4872	1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

powershell.exevssvc.exe

description	pid	process
Token: SeDebugPrivilege	1912	powershell.exe
Token: SeBackupPrivilege	2264	vssvc.exe
Token: SeRestorePrivilege	2264	vssvc.exe
Token: SeAuditPrivilege	2264	vssvc.exe

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
"C:\Users\Admin\AppData\Local\Temp\1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
PID:4872

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -Command "Get-WmiObject Win32_Shadowcopy | Remove-WmiObject"
1⤵
- Process spawned unexpected child process
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1912

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.akira

Filesize
1KB

MD5
55e9c41cc1b87108d336272916f6c7e1

SHA1
781952aea729872f9ecb50d4c8d61cefa585fe35

SHA256
7b540b7fe2da6c59631390d9548e21e0e68ece53d156f9e9faf0e4034da76296

SHA512
3d119cd6f0a662a60cb940d9b78dcf0fd67e2fbd5755e43be2d8f049b25c46e6e0c6880893f65c255e956c369b916a2d3e0987268cc943627671a9dcd9c9c63c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons.png.akira

Filesize
1KB

MD5
0e1fb1bddbe80cde4fe34da8be8e752a

SHA1
3ab0fc05da04e23f3ad93cdab6fcc0faaa4373bb

SHA256
b8d00adaff235eb24d46bdbb3144d772d8d283c36d4f7572aaa825316d55c0fc

SHA512
ca95b8f4372555087b7f89f4c310137cae39638a89f9f2ece2f0d56e5252e9c1528eecbee490f577e711e0da563a226d8642c87aa776ce849365570ac2f25e17

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png.akira

Filesize
1KB

MD5
8d42d536d6c2c147146414d36e4e27e0

SHA1
a481b73438a50bd8acf0a1ef9f75f8542750dc8e

SHA256
40b2691cc554e9c8d9e8be7850aacfdc8efc66bf68a7fc265b36424f519bf954

SHA512
5c0e54092893361fb8d3431e773713cf16db7d8eefa7c189878544fd56a6872c8738c0c2bd6b4b11e0201ade6d0a547e90c02fc33b946002e1d67c7ff3da9263

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.akira

Filesize
979B

MD5
a9491488958212de3c5487d9d0c81121

SHA1
d229af14d47dc664e7d78168d10bb01edf611000

SHA256
0cbd6c231be0d37127e6987846911220cfa7a6b7ce095e11b77114547e577554

SHA512
711b0cb66747224033e67c70c3c1a64ce4d2843877bd4d49372bb650b6dd9a6114335f1dcc6f39007eec37eea44275d46affa2eb13affbdb06492d16c66ee47a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.akira

Filesize
1KB

MD5
70f93a3b52bf8adcd17912e56cc91a48

SHA1
240989a5980af7bf8064f7dcb7cfe8a3c2c0002f

SHA256
21a7a7c80ae31ca1875bae7b56a1220d9da0eb7f2c31f1d28b3aa90220951e15

SHA512
574668ac370bebd03b94e6b8be3c1702be427ab16637c653d3f3b364d5d18c1af482853d631c12b5c11f2aba915ac1a8c85a62a29aff85481f3459c275ea1744

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.akira

Filesize
922B

MD5
3ca4b483a95a77e56994917b1a2458ca

SHA1
917d4098099d3701cfd567efb11567d3f9b7be31

SHA256
6cfe534a02bccbb75f8a17c70c08f61a091feba356603527061ffaf19df04614

SHA512
5addadf2a18e749010370f170eebb882cb692675ab27156fa63462dfd2d89ac74bfaac26c9832eadaba293c060c094fc3f4e249ded0ac1a0d54f0db3b36377aa

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.akira

Filesize
1KB

MD5
a11905aea41fbc7b548e653451fd94c2

SHA1
f0fcbdca964f653e40cff30e968b458df5f53fd2

SHA256
a1b06073a8eb4878fa85d21020b255954fcffcaebb4b0394c006681c53c45aad

SHA512
5c5df2017be313628fc732d471c49c031bd1237be6c470ab7e62aba0d4bd3c4fdd0236cb5658d6e4675a27bc4a3e247ecb43404330a70cffd95a646aa6e4f0de

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.akira

Filesize
922B

MD5
be46295ee3f87a958f54f31c9f685b4c

SHA1
eb15d70f8b584d0ff5c082d865ab9767dbc36ce4

SHA256
c0e6c06f3bae3e3839d1c1631118f9c1f80e2295aef7373e51c60e0bad10e1a3

SHA512
0b72c28e010b62eb996eec3e03dd745bf7e274c20f96de89e2526753aab6ee75e3d237cc8b7670d201ed715d1265642e8d2ad27467fe1b912af211940288be5f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.akira

Filesize
1KB

MD5
d75d0b57e4149e6b1f728f3cb778d278

SHA1
98d3cbb762876f71b711a650d52bf035ba322032

SHA256
9a7881b8a4d6fb3ed07693d138f1f894c81e666bea53b25de94ba76213dd5bbf

SHA512
03dfc1be3d691799ca1e4261c9a022138e462f4540dfa9851ba8b69fea58f01da55e0d755aeb15749c6b36d07bb79f6b2633bedb5675fcfd9c8d4d1eaf6098d7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.akira

Filesize
922B

MD5
14f9c11a7df1a04e79bd46ce06398d0b

SHA1
f084bece172e2829847074dc43e1dc6ee5bf7374

SHA256
1cef857561b24c87ac25ff4f48dfa0082ff067012997d7e0313671a5ec199789

SHA512
f273720df338e45096ae26ba9b84c49b40c7b0dae76d9bbd0f294b9448a85f9a5cd05fa4b5df95f5bb072cf75982a7505fc2174e90fbb1c4c9d494b3f9353399

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.akira

Filesize
1KB

MD5
2f2e4d1e5ae356033fa0120916328145

SHA1
9a09a65f62aa3284513c22d75da8dc47a841c970

SHA256
5afc8454111942b10865a9b95f09f785b8fa959d2e2a20e5e461692aa1fed7fd

SHA512
2768f48ec9eea0b766472385372ce6165603c83f734b29ea1c06d61626cca9e3480bc1b36df6b07f3e8739b83e14154711782dd85595c062a26938f90df2e524

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons.png.akira

Filesize
8KB

MD5
0c8ca3ef2de25bb03cbd188fd1a6e0ea

SHA1
f321c78920bbb2ccaa8b176f522c41c2f055c3d9

SHA256
ac6f3e724d08b1cc3f5c61ccf3b7a0e9cca1b65ef0a56b4db291c3b7a7e0cdd7

SHA512
aebb9f649be3762c14599304e414113079e614e89e94e7aa202f3fcdcac1a12245b8268947164538695175c1fe6671dca6fa6dab8c696063cc976d61d9384bc5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif.akira

Filesize
8KB

MD5
6568dc0b5dc1aaa096427454ea81e140

SHA1
39aafe354e158cfba792e4cc5269e2df3dd1e890

SHA256
f1a0d3a6afc37ed5d091436239b4fae52b14bc005fdcbae81629376976c45d1a

SHA512
2032fc8caed2376d8b546a23d9564fd6ad22deb9643858ce4ae7ec5f800aa8e4a15df73b7e6f697ea70ca884d04c4a1462cb89ecbdc609cdd49d30cebb13e414

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_retina.png.akira

Filesize
15KB

MD5
5b3c30fac9abf707f08ad0505c1a3fc7

SHA1
dae0c05c7aa2a14c537fe68519047f102e02f89e

SHA256
a056b0f51f2bedd81412ba57d70e8695fd482e02d343f6c84782bcf7371275de

SHA512
049078f96154be40ce2c7aae0e0be43f0f6192872f2c9e0fb5cb507a61ff5da26c589847b4149b84627675460cd93b8c5edfde93967b2c06a58d947b1ce25d42

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons.png.akira

Filesize
8KB

MD5
fb2447f3d60dbadd14dc5cab80669079

SHA1
d5b89f040c3f31c7b0fb46b65ae460f6b837b77e

SHA256
300487d14f49a17bea4969c6a4f95dce4fee26390fc444dfb995d611fc9d43a0

SHA512
7261060e81c7bf34c7c04b65de0f92e7965a25e8fe15808ab4fada241030f687c82cd0c064d948b772d2dcec06af1c599298901704f812554f299a3a205e4b51

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png.akira

Filesize
17KB

MD5
7cfb3dac1d7e6be98f2e9465d39683b8

SHA1
edda75549ca8ca323dbfc700d8cf55671ad3f865

SHA256
479235826f87056ff2e054fbf2560379327432fc26e94c5072d32a6390861df0

SHA512
38d89347b3d7f825ab54c42ce139214ecdbea4a5d2e5f6494f4e6b63d3be61f3b103131ece4f9f0e29961188bd30356f5003ca3ca8fc511567a9079888c82308

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_pattern_RHP.png.akira

Filesize
713B

MD5
7aea407dfbe9df7519fdd3378a93222b

SHA1
a12cf1c95c9ba9aa81c11b30dc7f235826a8b0b9

SHA256
bbdcfa9e8c2c29907d2a588866a87f8e1dc982db1794725022e118041a27f53a

SHA512
cd8613c34972b3d97d3f7d506a83469cbf3ab1f8086e5a7ac47b126e3b7f2720b70ae450b905abc8d2d785d5adf400d7e8cee0da8416fe0b0a05ec79e0d8978f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png.akira

Filesize
1KB

MD5
cbd962c139a4ffe2dad2417798928359

SHA1
283305b25daa71d73ab488375554c40851d14219

SHA256
0292bd3bb132c8448de74ae5e13f71dcf6c65386a878833eb2cc172d1c8ec734

SHA512
c31dd3fefd082186b21b02fea2e015018885f64ccd8b6deb7e32110e1dc6587a654abf4ac01a63cd45ca897cbfbd7df4dd26af2a9511289ff0e1b5f7adb1fb9f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations.png.akira

Filesize
9KB

MD5
11c77aedbea7eb7759b6d14ca81cf31a

SHA1
2a0a1a1820faeb268c0c9d51103d13c0fab7a05c

SHA256
7012c2fdb17d156092f3ae96c952d7fe07113265934365b2aacd30791dd013fb

SHA512
d81e9de147f4d24c39c7b6ac851da05c81fbf8babace823e8a1c13807b0b3e61cc6b6abb2039de80ef703252d404da8d485287924168dc876b7b107bed2c9dac

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png.akira

Filesize
19KB

MD5
aeec16f9b2ac9740830e7c47daca547a

SHA1
f5e68e2c6d9dce8977a51cb630fdaba59ed2ded2

SHA256
0c1b38930fbb840fab0b927c52b22d7fd3e255a17a43840b7d7f33009c76f1ef

SHA512
f103161c0e87af33dd3fc79fe761c2002169aa53e59d157a82a43071baa7ffed3cdc278944249e97de9f91b5fba3e205e88686e4f4fc8f8cb8576e7aecded11a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.akira

Filesize
1KB

MD5
fa0b6dd86fdc852018d4574be58f3a16

SHA1
1dc3d4c96b2dcd13b1fa4ba941b02d007fab3956

SHA256
a8bfc9f38ee98dd8b2ee61f5c616223f904d9f9b5da6594d62ee31c36255301f

SHA512
b256acf1a87ba4d96109e6a29232e788937a76d68cf991f55cc9993bddb2773859e9ac6cd7cca366374e64134918d4934f1ab00997b8484fc81c6dd6c8cad5f4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.akira

Filesize
1KB

MD5
cb486f567c8393dc25d74143b87ca67a

SHA1
b6769a57d34bdde0a388be99ef5d1b468a179d25

SHA256
07a29a861d91259b338b9a9700fed95057947173963d9d8714c88941522f4fe3

SHA512
9324a2c6a585373db813afee5c17cbc31329baedb961c2813de92b24d687ed5bde9a78f3609ea66bc15dbcc79d61f30bf942108a6ee6647d382a1e30fdcd9d72

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.akira

Filesize
1KB

MD5
e1d28783a8fe5ddc11e02076693ca49a

SHA1
d07014b53a6581d6dcc10bd0bf564faef7c41702

SHA256
63559f8e63c95802b126a74ccacdffbdb4973178f4828eebcd847da818a3e5ab

SHA512
d4e393cabe7c4e6c3cfbca98d10449948f2471964816b74aa6fa1bd3cbcf27f621829b572e3c1a1b001b418d0da4f7105800dfbb6913172ebf7dfd263c043411

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\css\main.css.akira

Filesize
1KB

MD5
b8daa50ac8b8005a92e8d96b6518232e

SHA1
5eca4bb149c6a820f6c169f20f93b3f47733ae22

SHA256
587a5f41f0238ceafa122ecf02ea90d30a8ac3f1cc1e15e176e33868dc5a4552

SHA512
e66c9e1465809fd426ee7fc3ebdd502ba2d9cd9ac4b863b482df018052dd096096785c4369fdd0723c8edc8c1f72dd29b26a526f4f05dbf26b4eab284501188f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.akira

Filesize
3KB

MD5
5cfd01d14d233251044387f6815bcf75

SHA1
ccecf3eb7018ee69dd004714cd4ea0ef638c4995

SHA256
1389e03bcb0e7bc3f387a27798bf814c87d2e636701612934a7fcb1e36a9b296

SHA512
91f044b8cedfe528adff25bcec3d8c669165fece9625eb73982f771b0a054f016396a64a4b86678e5bf6c8daeadbffae730e91e0f236778e39d10f91213ce6e7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.akira

Filesize
2KB

MD5
2f8611d9ce17442ad285bc7baa589f86

SHA1
3ca059d3703dff3e08576e67cd7591954bc9767b

SHA256
49fc6140fa4984051f808fb51c448f292ddb383afe82f65c24243cff1016ccba

SHA512
b7f97cf13df86fb0ac372d2827c03c211f02d38ef660307178781f5439278cffd83d6772e0a0d0dddd1827d3c0786f95e71a08665ac2cd8d25a74879f2c00ad5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.akira

Filesize
5KB

MD5
86d2da29318b79fd2840fc2f6340cdd4

SHA1
6ec2814db2ec56b059f349ddbe9b30c92392ff7e

SHA256
04a04d011c814aaa425beb7244bd7fbb6b6f98ce8099e409b57a0c461b8fb24e

SHA512
3312833de28c531975b9f6f2301379b76ef3b23d7b91e33c6f1b64cbb2a16c52c2a1062c8d44574ddc90dcc01d282e76077f2977188465e59453590c1916ea10

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.akira

Filesize
823B

MD5
2a21b15b8f70af04ebc196b2d403c00f

SHA1
020522b60c0fa44b091ff768c3c0eea16930bd0a

SHA256
3434a35ad762dc0de829a0d0ffcd13aae7f102216c4da7c3a4614ba6c64a8283

SHA512
be66cfdb53c512661b527b129f9838c87425e8e631c5b5b3992ff92078dc7937007020850d3c609fec0c7f0b61ba59bf36b6b3b4023d017f038569f22e600e4c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.akira

Filesize
919B

MD5
66085102b2c2e4dd85101e6a8b91a28b

SHA1
6305b37e5660766aeab9361d2fc7ec28ac068884

SHA256
9874b015aed562a851f9b239859f503f1612ef3048b9502b9a91442bdb1366bc

SHA512
e841b9cca36c73d90f6b3cb46026a4e521f78ef60924a77dc83dd6826ba49ee431378088f1f4acce4deeafe6c37496e2f28d96e2b7a233e9c274e2e60f1e9fe6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.akira

Filesize
1KB

MD5
6be3952577907ed959a7cb159c179948

SHA1
d6e147f9938c948692bc15e70547e2bea1898d57

SHA256
7de56a1e21340828c0939fd38b21e4599e0a0ca86e010b9288171775d77df1b5

SHA512
123f68ac14a581ff8a2d2d4d9f0cb7756792d1e05000858cf7aabfbf06a5888c737136ceb833dc7848a10a357b20fa414f216c51e64e8626e33f43b1e56ccec3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.akira

Filesize
1KB

MD5
2d3b98faceac3811c9b856e3b4738e78

SHA1
35f1380ba214ef1326ec469001d73caefc433825

SHA256
cb2b096346b10366540bc087b2c8da26d1019f61af2107e7f08952c9aa1a918e

SHA512
5a36efaf51db44d8fc4b683aa952435d996f423f67f1264df07b2876238340f2b9b9958550b243921fa30db4d858b17b94d741e7ea4d2ee15ec90692bcd30ad7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.akira

Filesize
3KB

MD5
e473b2a365fbef117cee3eea5cca28ed

SHA1
621a009271963921b282be596c66abb207583471

SHA256
324b856268b650bc78e527b1cc8d9790bc72f109baef5f4df8fbe16541a3f092

SHA512
566fb3dee384ce90fa28caca822551bdad3b5ccf1e13e82a6dd2d15365ef7ce7c0e878afcfc1fc0923e6a69203bd5f04fa95edb49f0a5f1022b6f1076f7335a7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.akira

Filesize
1KB

MD5
3ae752ce987e9e9a855bd7e05e73bc81

SHA1
ca494d2a280573bba616e9c3568bbe13b0697c2f

SHA256
7141c3ecf9c8cb308480a90e113205fdace9ef908d5bbc3c7ca98fe9b1776ac1

SHA512
174bee2fa15f56a6c12b406d8d5aebe9860cee83bd73e357fe09e26cfaa033a4722ae87654c0e7988d9105ed434262e3e9a5bda248efdb97b1cc68f04dadfa2a

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US.txt.akira

Filesize
33KB

MD5
73b967a20e2ecd289391fa26c438b83f

SHA1
3e3089b63cad6c682f86675666b48052299a410d

SHA256
cda5aefd216cc9bf0ff6fdc8bfd58cb043aebcc7beea620cc2ffb89a3366689d

SHA512
7c91a1aea0cfb5465ef34c11b267b933fc1028bf4b5c3f6d69df3f6807fe35acc78382589a48da5fa1ee155f768f9b27382b4f4a30ac39da6432ad5289ae5ca5

Download Submit
C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_MoveNoDrop32x32.gif.akira

Filesize
687B

MD5
132d94e9d72f23012d3b7e9b881fb732

SHA1
f1193a534fc2183322c1abc4f1e14e641b1502f6

SHA256
c4cb85b817bcd93b52c15885f828b547e4c1cd2c5f1ce98664d6da94f2dd1e2d

SHA512
5ba5af70bdb9d7e592ba9ad65c9cf2067eee89bd185ad6033643e38f8585889ff484380c846bc6eaca9a99943f7006abd5579e5066fc77a381c439b256a8f9a9

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_F_COL.HXK.akira

Filesize
648B

MD5
3c18e4bbf98ea94567fd6335766e6b30

SHA1
623d3275920c4254b33131ee1a201281436f5f60

SHA256
bfea114829533646faa7eec2309cc94f2c8f12db6b63b20f840cc68a17281347

SHA512
29d414b323603b6d5b2533f10075ee0fef1f8efadb1fdc62de95602c12e51a25219f7a058596889eeb7156582a1d7463473754ab07da8e6866e5831490761d13

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_K_COL.HXK.akira

Filesize
647B

MD5
d578e3b529f04f8f90664bf4d0631726

SHA1
0fd9033659224e4fb221c3bdb10114391dbc31b1

SHA256
be2465e889d763f568b5d5088132d148d72ddf3d3f5822fa44e31af30bdff146

SHA512
46156725c5d7901b64867b98712e9e8364c55de2bab04eda6808802f90e4c955ceff5ad0d629765592674342b8ab2c475e69bf0c2d29e4a1d9c963b28fb34270

Download Submit
C:\Program Files\VideoLAN\VLC\locale\es\LC_MESSAGES\vlc.mo.akira

Filesize
610KB

MD5
65ac984269fca97cb0e275c46aa7f3d6

SHA1
3a45d92339fe9ba6c4b6c2befc43b4b6e8b4a968

SHA256
14d2ae434168e18a775de7f01bf08f40ca996b11242e27685646aa937a88d15b

SHA512
c8bdd3aafaa94339ab8b9da02b6ee526299ef5a5c32a08976dc52c6054e0f045691f462dcd106378cb1aa715cb7d2122c47882b7ed3ed599914ba0ffc8b194a6

Download Submit
C:\Program Files\akira_readme.txt

Filesize
2KB

MD5
de49e2e3eeb866fc517949893ed74bed

SHA1
3b503e6776a34f026f77ba7fea719dec182575e6

SHA256
994010aaf2f723b06ace4f35eba28068160c38714fda8d62205b3b2e7b96b07e

SHA512
f4c59b0f90ff8f6e05106c47160c239da0b5598845316a5a8705bde5f47378596fead491db828f4ab35ec84f796a22907210b51729d4c023c7ace68dccc1f9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\CURRENT.akira

Filesize
550B

MD5
a2ded6f891f508a8cd04a1c614569b5e

SHA1
f1b51ac7a41bb57db95e1c8afecdc7f44291bd99

SHA256
66c6fd8e9358230b67b6086dea437cea3299216b82bcffb4e5535a726c09d1f6

SHA512
561faa4993716d607c7c634323b513bd11cd733d5b949fc842560d0504f54d62360601611aa83e34e30e88f9693f0985f52b1bf23e8d9be784dbe5367b885fbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\MANIFEST-000001.akira

Filesize
575B

MD5
9fb0dfcf4892c1af1d534cc55f961f1d

SHA1
c221c72b47c0c5af1c6b988d838cf74ba43e6697

SHA256
42dd1f1755593398a55723027480884fa55a03accb42394a1d7dce980468214d

SHA512
d1ba6a68330bf97dcae93b1d98b4fff6b9bbeda4569e1c6b8071d4542527de77e4c93ab52b5a7632610926b1e02ebd1b7307133d4e1b7f74b712b01102fc9a85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index.akira

Filesize
558B

MD5
2ef304e978ac5b2e66fe51233c9c6126

SHA1
58f63277fe07a55ea9145ac161a534836ae0a977

SHA256
a38e260c7488e215493c4bb04bd14e30ffe8d8c4bff5b54bc55fcdba2702c956

SHA512
04209b76f6e36c4d4e5f3edb1e75f88472d859c739d56771dc3addc8912d281b84c174be8242045a40ce02d36a9d130df0734382098ebf39dbb00979054342e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache\data_2.akira

Filesize
8KB

MD5
8a3ea67ab97258bec193c1b7ad38b6f9

SHA1
fd1a5d61fa25dadad386fa603c64ad9bc378233a

SHA256
ad2ef5087bcc050b49ce3e01bc121ba4f99b301a3b9a209865dd70133fa3c096

SHA512
58300c1d2d87f81befd57b022aae03eb89d697598db372fc81f7c743a67583f2d92a4802530e69b0672281904e35c9a66b3e3ace09b60526b6a0be07484995ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_0.akira

Filesize
8KB

MD5
8312ae1080fd058228775595576fe6e5

SHA1
cc39d31805a83d8e8f91b6a24491e731982a4a9f

SHA256
40174afb132eb688ff3260559deee3bf7392d988c4244b3dc8370524f059269c

SHA512
f9ed246401471c3064bf8f1d8ddcc5ef05437615dcccc61e4ca85f4c37cfffd2f45d47e426ef08ab3431424e56c68b9e757dcf1825b2546c9c49e8d10a6efe9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_1.akira

Filesize
264KB

MD5
23e16551b71ee009e389d7191c26351b

SHA1
e49f98cca3712968abe00637d6f47ba5bb34b0af

SHA256
949add66bf6c3c55c8cf17a1d51857ebe1afe5cc5bacc332c3287b80f6e67dee

SHA512
29fd7e0fe1b82c6e50f7b6d2d6932341681d686ac9edf0912a30608da3366671ce28d19c92f07ee17273c9ab4aead7e9a331486694cc435b891366c5e521a534

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_3.akira

Filesize
8KB

MD5
a70d6be4213c428768d3d1609f6b7d1e

SHA1
29e7d0c9e60f9773537ed3e8f3ef1e1e289e119f

SHA256
708ffbe2e208db9dc2342bc38324441e83626a4060117ff559a4eeb88cbf6fe3

SHA512
fc8f5173aac7acf0360717f22a2e15e97028fd317c31e12886a1717cb03271bef93b3bf41eeb0b4cf3bd9efb05c028692a234bd8fe02a5b6f9ec5535ad35dd57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
3KB

MD5
547e647192e22c8d04bd481badf62f14

SHA1
24c5e6684c3a40124a6bc8549404fcde44cd5ddd

SHA256
933079c1959b0f4f2aab9f1dd06b3d55e967cc515ed8774fc49e299412de756f

SHA512
15d4d08e790debfd1f03c44b98c5780dfb1035052c550beee231c8761cca20b78091c1026d8aa3dce07a8382de58353c5639835fbea3e68937931542e290b611

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_tird5xij.ycb.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/1912-15-0x00007FF9EC2E0000-0x00007FF9ECDA1000-memory.dmp

Filesize
10.8MB

Download
memory/1912-12-0x00007FF9EC2E0000-0x00007FF9ECDA1000-memory.dmp

Filesize
10.8MB

Download
memory/1912-11-0x00007FF9EC2E0000-0x00007FF9ECDA1000-memory.dmp

Filesize
10.8MB

Download
memory/1912-0-0x00007FF9EC2E3000-0x00007FF9EC2E5000-memory.dmp

Filesize
8KB

Download
memory/1912-1-0x0000023402E20000-0x0000023402E42000-memory.dmp

Filesize
136KB

Download