akira | hxxps://vx-underground[.]org/Samples/Families/AgentTesla?view=grid

Resubmissions

20/03/2025, 10:23

250320-me9bdszyfs 7

20/03/2025, 10:19

20/03/2025, 09:58

20/03/2025, 08:24

20/03/2025, 08:16

20/03/2025, 08:11

20/03/2025, 08:06

Analysis

max time kernel
160s
max time network
219s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
20/03/2025, 08:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://vx-underground.org/Samples/Families/AgentTesla?view=grid

Score

10^/10

akira discovery execution ransomware ransowmware spyware stealer

Malware Config

Extracted

Path

C:\PerfLogs\akira_readme.txt

Family

akira

Ransom Note

Hi friends, Whatever who you are and what your title is if you're reading this it means the internal infrastructure of your company is fully or partially dead, all your backups - virtual, physical - everything that we managed to reach - are completely removed. Moreover, we have taken a great amount of your corporate data prior to encryption. Well, for now let's keep all the tears and resentment to ourselves and try to build a constructive dialogue. We're fully aware of what damage we caused by locking your internal sources. At the moment, you have to know: 1. Dealing with us you will save A LOT due to we are not interested in ruining your financially. We will study in depth your finance, bank & income statements, your savings, investments etc. and present our reasonable demand to you. If you have an active cyber insurance, let us know and we will guide you how to properly use it. Also, dragging out the negotiation process will lead to failing of a deal. 2. Paying us you save your TIME, MONEY, EFFORTS and be back on track within 24 hours approximately. Our decryptor works properly on any files or systems, so you will be able to check it by requesting a test decryption service from the beginning of our conversation. If you decide to recover on your own, keep in mind that you can permanently lose access to some files or accidently corrupt them - in this case we won't be able to help. 3. The security report or the exclusive first-hand information that you will receive upon reaching an agreement is of a great value, since NO full audit of your network will show you the vulnerabilities that we've managed to detect and used in order to get into, identify backup solutions and upload your data. 4. As for your data, if we fail to agree, we will try to sell personal information/trade secrets/databases/source codes - generally speaking, everything that has a value on the darkmarket - to multiple threat actors at ones. Then all of this will be published in our blog - https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion. 5. We're more than negotiable and will definitely find the way to settle this quickly and reach an agreement which will satisfy both of us. If you're indeed interested in our assistance and the services we provide you can reach out to us following simple instructions: 1. Install TOR Browser to get access to our chat room - https://www.torproject.org/download/. 2. Paste this link - https://akiralkzxzq2dsrzsrvbr2xgbbu2wgsmxryd4csgfameg52n7efvr2id.onion/d/0692153554-JRHQK 3. Use this code - 0327-NK-TPOK-NNLE - to log into our chat. Keep in mind that the faster you will get in touch, the less damage we cause.

URLs

https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion

https://akiralkzxzq2dsrzsrvbr2xgbbu2wgsmxryd4csgfameg52n7efvr2id.onion/d/0692153554-JRHQK

Signatures

Akira
Akira is a ransomware first seen in March 2023 and targets several industries, including education, finance, real estate, manufacturing, and consulting.
ransomware akira
Akira family
akira

Process spawned unexpected child process 1 IoCs

This typically indicates the parent process was compromised via an exploit or macro.

description	pid	pid_target	Process	procid_target
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	5952	3512	powershell.exe	98

Renames multiple (9896) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Run Powershell command to delete shadowcopy.

execution ransowmware

PowerShell

T1059.001

pid	Process
5952	powershell.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\akira_readme.txt	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe

Executes dropped EXE 1 IoCs

pid	Process
740	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Drops desktop.ini file(s) 31 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Pictures\Camera Roll\desktop.ini	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Users\Admin\Pictures\Saved Pictures\desktop.ini	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Users\Admin\Searches\desktop.ini	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Users\Public\AccountPictures\desktop.ini	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Users\Public\desktop.ini	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Users\Admin\Music\desktop.ini	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Users\Admin\Downloads\desktop.ini	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Users\Admin\Favorites\Links\desktop.ini	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Users\Admin\Links\desktop.ini	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Users\Public\Desktop\desktop.ini	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Users\Public\Music\desktop.ini	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Users\Public\Pictures\desktop.ini	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Users\Admin\Contacts\desktop.ini	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Program Files\desktop.ini	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Program Files (x86)\desktop.ini	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Users\Admin\Favorites\desktop.ini	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Users\Admin\OneDrive\desktop.ini	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Users\Admin\3D Objects\desktop.ini	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Users\Public\Documents\desktop.ini	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Users\Public\Videos\desktop.ini	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Users\Admin\Videos\desktop.ini	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Users\Public\Libraries\desktop.ini	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Users\Admin\Documents\desktop.ini	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Users\Admin\Saved Games\desktop.ini	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Users\Public\Downloads\desktop.ini	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\da-dk\ui-strings.js	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Acrobat\akira_readme.txt	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\MSB1XTOR.DLL	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\identity_proxy\akira_readme.txt	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SmallTile.scale-200_contrast-black.png	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.17.29001.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\resources.5eee580c.pri	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\akira_readme.txt	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalDemoR_BypassTrial180-ul-oob.xrm-ms	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BREEZE\akira_readme.txt	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\he\LC_MESSAGES\vlc.mo	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionLargeTile.scale-200.png	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\LTR\akira_readme.txt	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipRes.dll.mui	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSGet.Format.ps1xml	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-256_altform-unplated_contrast-black.png	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Program Files (x86)\Common Files\System\uk-UA\wab32res.dll.mui	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\AppPackageStoreLogo.scale-125_contrast-white.png	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteAppList.targetsize-36_altform-unplated.png	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\en-ae\akira_readme.txt	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\root\ui-strings.js	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-white\MixedRealityPortalAppList.targetsize-40_altform-unplated_contrast-white.png	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square150x150\PaintMedTile.scale-100.png	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\da-dk\ui-strings.js	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\9234eb742b1580a75626d83c9788c564.arika	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\jscripts\akira_readme.txt	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\libs\jquery.ui.touch-punch\0.2.2\jquery.ui.touch-punch.js	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\hr-hr\ui-strings.js	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\SplashScreen.scale-125_contrast-black.png	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\WideTile.scale-400_contrast-black.png	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\en-US\about_BeforeEach_AfterEach.help.txt	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-ul-phn.xrm-ms	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-125_8wekyb3d8bbwe\microsoft.system.package.metadata\akira_readme.txt	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\MyOffice.BackgroundTasks.winmd	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionGroupSmallTile.scale-125.png	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\IC_WelcomeBanner.scale-100.png	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2019.19071.19011.0_neutral_~_8wekyb3d8bbwe\akira_readme.txt	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Grace-ppd.xrm-ms	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Images\contrast-standard\theme-dark\Settings.png	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\skype-logo-40.png	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\StoreAppList.scale-200.png	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\CalculatorWideTile.contrast-white_scale-100.png	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\themes\dark\rhp_world_icon.png	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\s_radio_selected_18.svg	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL117.XML	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-96_altform-unplated_contrast-black.png	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\tr-TR\View3d\3DViewerProductDescription-universal.xml	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-24.png	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\Custom.propdesc	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\akira_readme.txt	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\identity_proxy\win11\identity_helper.Sparse.Beta.msix	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-100_8wekyb3d8bbwe\akira_readme.txt	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\AppxMetadata\akira_readme.txt	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\hwrdeush.dat	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\CENTEURO.TXT	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_2019.729.2301.0_neutral_~_8wekyb3d8bbwe\microsoft.system.package.metadata\akira_readme.txt	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\Configuration\ssn_high_group_info.txt	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\WidevineCdm\manifest.json.DATA	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\identity_proxy\akira_readme.txt	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\MicrosoftSolitaireAppList.targetsize-24_altform-unplated.png	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\ro-ro\akira_readme.txt	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-ppd.xrm-ms	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicsimple.dotx	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133869321962775723"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
740	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
740	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
5952	powershell.exe
5952	powershell.exe
740	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
740	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
740	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
740	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
740	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
740	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
740	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
740	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
740	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
740	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
740	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
740	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
740	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
740	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
740	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
740	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
740	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
740	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
740	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
740	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
740	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
740	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
740	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
740	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
740	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
740	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
740	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
740	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
740	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
740	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
740	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
740	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
740	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
740	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
740	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
740	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
740	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
740	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
740	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
740	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
740	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
740	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
740	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
740	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
740	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
740	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
740	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
740	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
740	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
740	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
740	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
740	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
740	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
740	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
740	f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
3384	7zG.exe
5752	7zFM.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1956 wrote to memory of 5584	1956	chrome.exe	86
PID 1956 wrote to memory of 5584	1956	chrome.exe	86
PID 1956 wrote to memory of 1780	1956	chrome.exe	87
PID 1956 wrote to memory of 1780	1956	chrome.exe	87
PID 1956 wrote to memory of 1780	1956	chrome.exe	87
PID 1956 wrote to memory of 1780	1956	chrome.exe	87
PID 1956 wrote to memory of 1780	1956	chrome.exe	87
PID 1956 wrote to memory of 1780	1956	chrome.exe	87
PID 1956 wrote to memory of 1780	1956	chrome.exe	87
PID 1956 wrote to memory of 1780	1956	chrome.exe	87
PID 1956 wrote to memory of 1780	1956	chrome.exe	87
PID 1956 wrote to memory of 1780	1956	chrome.exe	87
PID 1956 wrote to memory of 1780	1956	chrome.exe	87
PID 1956 wrote to memory of 1780	1956	chrome.exe	87
PID 1956 wrote to memory of 1780	1956	chrome.exe	87
PID 1956 wrote to memory of 1780	1956	chrome.exe	87
PID 1956 wrote to memory of 1780	1956	chrome.exe	87
PID 1956 wrote to memory of 1780	1956	chrome.exe	87
PID 1956 wrote to memory of 1780	1956	chrome.exe	87
PID 1956 wrote to memory of 1780	1956	chrome.exe	87
PID 1956 wrote to memory of 1780	1956	chrome.exe	87
PID 1956 wrote to memory of 1780	1956	chrome.exe	87
PID 1956 wrote to memory of 1780	1956	chrome.exe	87
PID 1956 wrote to memory of 1780	1956	chrome.exe	87
PID 1956 wrote to memory of 1780	1956	chrome.exe	87
PID 1956 wrote to memory of 1780	1956	chrome.exe	87
PID 1956 wrote to memory of 1780	1956	chrome.exe	87
PID 1956 wrote to memory of 1780	1956	chrome.exe	87
PID 1956 wrote to memory of 1780	1956	chrome.exe	87
PID 1956 wrote to memory of 1780	1956	chrome.exe	87
PID 1956 wrote to memory of 1780	1956	chrome.exe	87
PID 1956 wrote to memory of 1780	1956	chrome.exe	87
PID 1956 wrote to memory of 5256	1956	chrome.exe	88
PID 1956 wrote to memory of 5256	1956	chrome.exe	88
PID 1956 wrote to memory of 2272	1956	chrome.exe	90
PID 1956 wrote to memory of 2272	1956	chrome.exe	90
PID 1956 wrote to memory of 2272	1956	chrome.exe	90
PID 1956 wrote to memory of 2272	1956	chrome.exe	90
PID 1956 wrote to memory of 2272	1956	chrome.exe	90
PID 1956 wrote to memory of 2272	1956	chrome.exe	90
PID 1956 wrote to memory of 2272	1956	chrome.exe	90
PID 1956 wrote to memory of 2272	1956	chrome.exe	90
PID 1956 wrote to memory of 2272	1956	chrome.exe	90
PID 1956 wrote to memory of 2272	1956	chrome.exe	90
PID 1956 wrote to memory of 2272	1956	chrome.exe	90
PID 1956 wrote to memory of 2272	1956	chrome.exe	90
PID 1956 wrote to memory of 2272	1956	chrome.exe	90
PID 1956 wrote to memory of 2272	1956	chrome.exe	90
PID 1956 wrote to memory of 2272	1956	chrome.exe	90
PID 1956 wrote to memory of 2272	1956	chrome.exe	90
PID 1956 wrote to memory of 2272	1956	chrome.exe	90
PID 1956 wrote to memory of 2272	1956	chrome.exe	90
PID 1956 wrote to memory of 2272	1956	chrome.exe	90
PID 1956 wrote to memory of 2272	1956	chrome.exe	90
PID 1956 wrote to memory of 2272	1956	chrome.exe	90
PID 1956 wrote to memory of 2272	1956	chrome.exe	90
PID 1956 wrote to memory of 2272	1956	chrome.exe	90
PID 1956 wrote to memory of 2272	1956	chrome.exe	90
PID 1956 wrote to memory of 2272	1956	chrome.exe	90
PID 1956 wrote to memory of 2272	1956	chrome.exe	90
PID 1956 wrote to memory of 2272	1956	chrome.exe	90
PID 1956 wrote to memory of 2272	1956	chrome.exe	90
PID 1956 wrote to memory of 2272	1956	chrome.exe	90
PID 1956 wrote to memory of 2272	1956	chrome.exe	90

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://vx-underground.org/Samples/Families/AgentTesla?view=grid
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa554bdcf8,0x7ffa554bdd04,0x7ffa554bdd10
  2⤵
  PID:5584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2000,i,13226320865353697425,15439701465028095624,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1992 /prefetch:2
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1548,i,13226320865353697425,15439701465028095624,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  PID:5256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2360,i,13226320865353697425,15439701465028095624,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2376 /prefetch:8
  2⤵
  PID:2272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,13226320865353697425,15439701465028095624,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:60
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3192,i,13226320865353697425,15439701465028095624,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:5184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4220,i,13226320865353697425,15439701465028095624,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4236 /prefetch:2
  2⤵
  PID:3820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4796,i,13226320865353697425,15439701465028095624,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4784 /prefetch:8
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=208,i,13226320865353697425,15439701465028095624,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4684 /prefetch:8
  2⤵
  PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5124,i,13226320865353697425,15439701465028095624,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5160 /prefetch:8
  2⤵
  PID:6124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5108,i,13226320865353697425,15439701465028095624,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5148 /prefetch:8
  2⤵
  PID:1408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5136,i,13226320865353697425,15439701465028095624,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5556 /prefetch:8
  2⤵
  PID:836

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:2308

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4076

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:8

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd\" -ad -an -ai#7zMap16675:188:7zEvent22094
1⤵
- Suspicious use of FindShellTrayWindow
PID:3384

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd\f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd"
1⤵
- Suspicious use of FindShellTrayWindow
PID:5752

C:\Users\Admin\Downloads\f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd\f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe
"C:\Users\Admin\Downloads\f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd\f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.exe"
1⤵
- Drops startup file
- Executes dropped EXE
- Drops desktop.ini file(s)
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
PID:740

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -Command "Get-WmiObject Win32_Shadowcopy | Remove-WmiObject"
1⤵
- Process spawned unexpected child process
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
PID:5952

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:4912

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd\Log-20-03-2025-08-17-53.txt
1⤵
PID:1052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PerfLogs\akira_readme.txt

Filesize
2KB

MD5
956cf07d77ad8778b0978d4898774a80

SHA1
c14c05a7e16399d50e59e541e812e90696e75ec9

SHA256
7d2342050398574c39a47d94bc0ec2c1ef5261d79a6c55b32fb660b16bd71fb7

SHA512
ab787de19ebb1becd9fad6999ee932125981e5993e5e1696a674bc8185edb65dd6c8cec4b8282652cc47525e9fc8cf5f4f158e55c18206ae31188c5ceca084c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma

Filesize
1.0MB

MD5
3a026eb5d4ffb2f79497cbcda9e8fb49

SHA1
ca37284833f7fb397965c4d62e1a1bd062259308

SHA256
e262249d586ddf4e88854c4088adcf5547e853881bf78c25e28935d0d0f1ceb8

SHA512
41e18e9bf76eb123efb79e32621567ceb7b4da13e902e45bd086288d9f7426f26c9c355243e01428d5df6c67f1edef39b582d2c93ab19e0f63dd492e35377be7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
552B

MD5
1223fe0386719dd22c7b492bd5fd9276

SHA1
ddfb6364fd0bd08d8adc7a5084e116b83036bb87

SHA256
67380e72bc1baa83f526509515609bbaa30bc28059613728d3da86a7841db9a0

SHA512
596ecc2b89cd3f91b5bb98d4ad39a4ed57de754c1ff8e09b1fe5195dddb233d6d0e623c2c4fb1deb832eb8219d91c2962fb086d55b88e99445430d2992b0cd7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
926B

MD5
d5fbfcf3cabc5ae71c925bdd34acd59d

SHA1
18ab2e60d8693a785cc1e4a0b4410d3416ec3203

SHA256
947cf559bdc1e2e5be304c28ffd7acf0bb92313ba67129bee59e35b9fa1e66ef

SHA512
3b47b36fcc77706b9c8903fb78b32141dae301fb66b31fe49e3fba4c5e832d7ad7b5d6c65159af7d1d92f6db1950779ea17a9ab60d6516824e56f942bd8f8552

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
414B

MD5
64557e11d034c57008adae62ece46e88

SHA1
12253e1035d51e33b0ff2600db389a1c087038af

SHA256
c94b6a23791a5623df0cc37c94411c677f23758240331aec3440e03402ec8d83

SHA512
a364c0b20e0dab6d3b18998bfbacdf13f93d0a00e042006ae5480f70fb6a5121a5889b01748e7f567ad4b2b35720e505392ec2ecbeab586f07e099f81068e99a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
35e164f9f1db9862997b9f5af43a9b4a

SHA1
44281873fdcfac24adaabdda2506a8dd8bb5361d

SHA256
92d749dd89ce9afd9e565a0e2d426368e4cefb4bfd08ef33e315cad1acbfdcaf

SHA512
9b86090f673e4ddcd731a514f0aefdff7264c1dbdfb6aa336dba4d4edb6fd82ca9c3c1d438c31cefdb604c1125a30154999abb35418d9e1b71d07eea5791f839

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
0c953cfb75f842416688ebb83a762634

SHA1
1c49bded567155949952f8663b54d1de36d2c576

SHA256
0f8e97d30e03c766fc32dc0dea306f229909ab71cd668b7a2c8e99ff19d08d21

SHA512
ad7a682a49aad9902503a61c28de49de52e0449a22fa467fdad7417b5d131389d7ff95d222399b1b82acbc204b496f7425920976326ccde17fd7f1f593ab7df0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
412cedc406b4c54db749c901891ab742

SHA1
d83d7182d8d5b19af729fe952bf96e00edf2e308

SHA256
ead7a32b5f825343dd978ae2909c5a7f492754f13fd1a5367054c64cc6565969

SHA512
4ed5f9c5a9ec03ba4d9390a7fcd8703bfd2e7811ff54ff3c7279e05a8f756bbeb28badbc7331e7d734e892ed33623c10b9f93fe185696e907c7d8d96e8ea3e46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
490978faf57ad5f41c7a2e75529180b2

SHA1
e167907cc68e4614dad751fb1b409872c9e9a5d7

SHA256
e1937b22ba3ac70c83312c28d695b35023825893b0129ec958315d3ce32b13a5

SHA512
a8d8a18c8683dc4b4c86eb77f7a6ed8ae8978e7b3b4444ce6109cbd126799d6b36256ea671b883f10befc98dca5419bb787a6707c6e6328daf35991cc93bd910

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
53KB

MD5
b31f61752a420f91055e811cc8413820

SHA1
4b017a885b022653493f0db770fbabf3db91a771

SHA256
76b8a0c9a5a07df14d9a76ac080a51c2c2fa07ed51c15859c7b958d0df692a6c

SHA512
2f11804dd69488f4aaecae66d65a584c5402621caffd083b6f77e73b757e4bbdbd7fd7482ac556d6b30643ea9ebdd2a2713fee4c9d06237936673369b025d780

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
80KB

MD5
b00df284678c8c58a4b2cb5c515e8c18

SHA1
666e0f2a13cf9ac10d5ff0dd4598db4d3ebb8130

SHA256
a839947195a7c71d14f999718674541609128c67908dfe97103fcc66e5d3a5a7

SHA512
0cfcdf39d68ada2ff4e0ac2defe1b84a29789701698c098b4cdb9609fc027982bd541baec5315b35751f5476a009373409442a42b3d8df3ea73d1246db9ba20a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
45KB

MD5
95e6650df26caf3ab0163494112af5d8

SHA1
632eaa1d385dc7b620d4a261338693a323621a30

SHA256
11b6720d17e8d243fc4406ecb9f0a56237ed4f0839efad67e4f6dd5bc4f6efe2

SHA512
1094cb3a20bc9166f328ab8439f1f8346fadbf6b5a24fc70bc1459d39815a4ca6becc9ef36f7a298f30d4e2da80aa3f7b6fe5944fc9bee5d9c4435420bd978e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
93KB

MD5
b8713fa5c138bb1e8ec20eb018042b4f

SHA1
376f752b68fad6a688b1504849cfd7598091ef88

SHA256
1669746ce79ca288c907184307e634df00de45fe4e86e42af5fc7bd23b05982b

SHA512
919f65f2739f65e0a93b4b877bab1da2a8c202c7a3c3447f2a3d344e8dffdbc3105220fc51632540f22a4bd056569ac487b5ec4dd1606d943eaf3ec730409ba4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
18KB

MD5
8d2b3c93390d68fc0b3528a12bc251bc

SHA1
230aba01f0b7e13ba5a061da37264af4c9f1bc5e

SHA256
388fc292e546e8a87755dbca94d78681c5070aebf63e7f3ae3e3cf46f32d0685

SHA512
ea615550129af81239db8b37e5a4fe30b07c314a040cae92a45ad2a31fd4994b2deb4891716bc2cd20dfb9dad3b8872fdb3271ddb63770dd9d21d6b36198c864

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
30KB

MD5
1888533eebe4205f2135fe96b8a23308

SHA1
97ed2bfe97886d902c5eafaa39800581c5c59c72

SHA256
fd2c392918f8cf31d105a34a0f76b0a9d26b6337bd5f79de0a4c7738ba8ce78b

SHA512
c201c80ce4c38645698d48a69a5d3ac5c755cf514715d8b8b403dc2fa78359bc253a55f9f68d60b4bf5c0589d282f797f41510a67fc56639030fa19531458ff4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
118KB

MD5
3bc73a3f12c7d123f1093d2b00750877

SHA1
467f2d341287d723892809b441fa6eb04f9f6ba2

SHA256
890a75c371f210ab467e1b71dd24e903de67a77c60a30648ebf64915b42a5897

SHA512
9cd4f201043c9465e34d368978897d40538c3b7a2b3e6a9b3e967fccaee5f0af57157ed4e7b84e64d2617aaa9730089627016252fc096f9afb9028892402f711

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
330KB

MD5
4cc12aeba985266c84641ac5990bff60

SHA1
2c1c6cb3c8721c991f1821b8c158433ca7d10ee9

SHA256
1a21417bc588074cb565c7433aca891b8c7bf00cd64cb96f5e8a6974c7b40b40

SHA512
2ea63aa2b9c94d5fd8d3ef47dc8b7e8199453efc249092badb4eb4e9f10618d82f207e87d23877f44699ff21be6c51f75b210d9d0667fe08c2275f1dde482faf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\09d37bd4399cf393_0

Filesize
1KB

MD5
ae27afbb2b49dd29fb4f5b39ae7c0f88

SHA1
cb9123db1d1af96633febab70623d86968743c51

SHA256
4866deb90ba31d57215546ebf7f423bee2772ff62b02d97c672b988b398ae11c

SHA512
f8ee7d408f5abdee1ae67c53616990b8c8982b514bacd0ce20612c3191e4ad10014d5f99f846ed1c164fce3be84c5cb93398ab28bcc0e4ced0e55d097a472e10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\28d075cc48d5595b_0

Filesize
776B

MD5
365ca5e16176cb3872e343177817426e

SHA1
aec815b73b69fa9870a3bd04d4f34e0401ee0390

SHA256
ea04eda58f621ed0b110e951a23bd037ef8388be956acbe6f1f5b8f517d20973

SHA512
a860f6606f3161f026788ea14a38344e4ea83aebdeeaa3a3aa1ee8c2cd119cad99b43359b31ae89e7eb540b6ba2b3c1061db6c318bd843c2901e816a6d83e068

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\33b73a7e35a1b57c_0

Filesize
806B

MD5
2848c0ac1ea9d22392b088b6938ab20e

SHA1
9751163a89fc61e7c5b902ad58486ad0314ed2be

SHA256
6f458d2e79b7eb5a570c2134a3c253f6a36d4098837e7d0bb41446a78cc30cf5

SHA512
3445817fe567b04cc2ea5167d1efb9f21bcbe56ba49de9c3662c1715a558fa918530c3a17c86eca2d7d17491d9c084f97f45ff658d74e7d57158fee9e9ac0ab4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
539286e69996ced42bec7197126e3971

SHA1
260a7315131c33d345061cd8a4df488ddaf20fb9

SHA256
7b9200852b5164727265d270e901da1475bde186a421cd2baae21ae7e3978040

SHA512
810a085f3dc4d1456f92dc068942f617f79e25bc61a7646dada59970d3480a9ec14a6c840238a6043523151dc7dabc1a312e31577bbae2385d85ae10229a26e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
680B

MD5
60e5d77efa34a1d615f211706c94b0cc

SHA1
ab5ea3028bb734d294a1a2938ce65a8b56f2c762

SHA256
2b041d0d1a676178713067d4f32e3345e6d974842630fe601b8df86c30ee6269

SHA512
860947d674f67e36f5a55ed501164a26a3ff7d0d057da9ae40b1f09f81be14655bcdb430255c6f1518ec667ae0adeaa9c15785802ba3e05b941778a73d3ad995

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DIPS-wal

Filesize
32KB

MD5
8ecbdbe71ab13ae4172a1ab3f8562b6d

SHA1
1337ad532fcb660b0ae85faa8822e03c86f90f18

SHA256
60ac967766d3ec284d7d309994661afb8ddef01bc3ed0ea45f7d110563724e39

SHA512
893757a961fc0a7d4cf86a85f9743031347386990b07c6d5dbc42cf54cc7490cac322bed6f2abcec4dda4417426e0c8b9f01e9d95c7ab86db8438d09baa2b65f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
320B

MD5
e54f417e60611442214980963c0ef54d

SHA1
82a6631788c6f640c5d0397a16a1b2f1424c72e8

SHA256
d79020acce2e357a7bb3b6149fb536f7ec47ca5c59f72eaf29510befdb0e0444

SHA512
8f4007a437e8aabc64bbcb1f59699b3912826416e6225d36e139dd0c0e936ceaf660638e028451f3a04a69d6e906befce4f7dc901d750ad08ad97d319f802599

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

Filesize
20KB

MD5
d72160aa87d678f0ef4a5faca8777f7f

SHA1
8f47f34bbe3cae05ab906601dd6e0962b9bad97b

SHA256
e432abad23bd0d9d15c7b553f613facd24abfa85538648175573aff806693e77

SHA512
59d68cd54e4f32c28d3538209dc5489c40cef8f652acbc262234b6088bd6425ff6b7c95b891c3dfc9001287405f6c0ca94542d09819fbca19bcb0787f7a5aa33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG

Filesize
842B

MD5
a9272ef446bcfd3f90f4868b7f2ffa17

SHA1
4de90916384535494f74d84ece8d5a6d2379df7f

SHA256
debc8fad3da875cb20337fd62eabadb4d2881a7f728c328bd090d00fe6b9f8ee

SHA512
bdf827543b525cf3c3e12c04f9e08afe8bf2caf478869bc8099781c134ab3ffd2886e357460d00787b23f2891cc538b33fb6d85003093e9889d4e94862ff3051

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
160KB

MD5
6b7c7d34b70e47d019a93c65e34332ee

SHA1
8212b172b1d52e8fd255be601d5d0145f0c8397b

SHA256
26b9235400eecdee67cc20b18c7632dc1e93d067cadaa6315716729739c0293d

SHA512
d9ed0328bf10ef32ee38939e10ee8c574cfc40d3da6935a45f9b215fd4294997ffe2944257b7952e3924abdbf996d0a3c7d48956a98e5b85407f552512bb6a8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History-journal

Filesize
9KB

MD5
eda92b9619e2e0c4c07117d3ae7d885f

SHA1
7e65ac07a77dbb06ce631a302370eab66f28bffd

SHA256
dce0e5c3b5f1b921015fdecc027ddaf942023e52b8200ef1c4acecf71e9c73b1

SHA512
e671195d8014ddee9eb0cfaba3432feca0b80ef2388d9eaf07958411c3bf27066957b6fb6c441e73fb3e62bdd0a593002fa977e5ebfcf9c4fda6ac0d80a1b8e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\000003.log

Filesize
599B

MD5
20a8be7d8b3af06751f407c395b5a58a

SHA1
6c14d8b0e6d8f8ba026f1185f4b90dfaf554fb1e

SHA256
ab8d0984baef2b4e22f1a48b3467ba8f863086af8a473ad2ce5bfadc3829c41a

SHA512
132ab698147cb956469d4fd4b38e428e6c76f50b453b3b83e1de6573e72536f10313fa824edec773c85f707dabbf33240a6a9d126276c8f8ce5bcc214c8c4663

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\LOG

Filesize
916B

MD5
98c9bbef04f259d4e1acf8673ea1171a

SHA1
f43b63f507435c7819abd03806adf16521e9b73a

SHA256
990fbdae37e21c81dc9c30578034cd65c5ce60be6306bf71812c3697ff649141

SHA512
5626fe0cdf3230906552c687f0ec8e482739f263791b33364d5590478333c3d9d26b7a8924e29f37bfd21f86e14128264472680d8f0075730791e4f637b0798d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
844B

MD5
5d1563c12726c34157d5fdc21d4e9faa

SHA1
9f5ac10287765fd1e0e230af23c8a2141d23c56d

SHA256
c4533ebe356e0bcb56d835ec62c0c12aeb7037262270d1d9a96d0ae72a829185

SHA512
b5ab58fc329c3bdd75eb25a7205ad5eb3dc6ac75ccb0872ed01b99259312f109155b22d741f9e46d05603b34ddb53f06bb52d8298c7e347c3d7f39380d5c2d64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
56e26a8e6feb079331821d4a6c4d72bc

SHA1
2d912349b1cddd22d3d2acd5f7ba93d9d378a942

SHA256
bf15b13b6e3a3ad16fcdffe1a670082b89a125ea6dfd301cf49458ac7eabdd04

SHA512
3aa09c324f7873d2fb4b18f50ae83af04e2d4ed2153d4d79e17faf50f326c0d2f7e9eac14e5c9a85a0cb3d9a77d5fad52aea13e38adf889bcb9ef369d764a928

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
6bfc8cfa7be8fd2c1a268b155907a55c

SHA1
62efdb252751c122b5ce1a0baf9947082c628253

SHA256
17e31e5d9ad3d091893b89000bf2a8b2512086f85f9c0af1e0d2133cc07c06b9

SHA512
d9a26a064341a22631812b3fa354a9b8d19787f990eb7f4503bf55efb08f8c9bd0285f27350fd6d22b493ecdecae2ea0c052fc843d386e31eecd4bbd0cdbf669

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d2c6d7ae867ab8642649e0decb536fab

SHA1
6ab690efdc038d1d1959b965cade4e19ff8f1c8c

SHA256
95ed6a230a63b6e1dd28147ac7f6a0c22297656aadf197625f640a70d4a13e23

SHA512
6121f1f5b9e30e985ee84a953b5b2a2f715878cfa8668ac4cfad2dd42491700f1ad0fad3ccdda39dce08a533923d5cc9730a20f7d77979ec873a9d758663229d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
514B

MD5
fcb2c7f918d18e7408844515dbd30fec

SHA1
043c5d949129de7bd7a4cadd55d3fcf005281354

SHA256
f2c0e1dbb77342ac13f621ccf2d314ce4ebd3481b8832eacb565a85be2bd8ba8

SHA512
628a021bbdfa92ee905276ab65ef659033786204fe338933a5f4514e5646aafefe199f63cd5cab55181075937cdfebd0db3d2431815eadcdb84876397f19fb0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c3ede905e95ef12b0ab15d8791324f67

SHA1
8316000abde28d82b6837777fa6f1df5a3c01d6a

SHA256
0e3a4f0d41363174465e5958a5dc8aac5509dfffcc417a119133931aa97e5c4e

SHA512
8ed041676a1488c6bbd2760f3ec7239b68ad590c3ab0bc172084d7036d1f7c553dc171f92174eebb0e4070c859a8ca23ede9f2ca368bc2db34a2182a129175a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f9ba965243eedaa20b217474aa962e0a

SHA1
c62f4e9c74cbdec5d9626ff320d72a9908066be5

SHA256
42fa644e3c751095e660bf5332d2c0ebcc091d1d83b57795086d553a8a34e260

SHA512
4a79d05751fa7fb10795e08d8d1e6ef8748457e9f1383c084784a992d30a4c175381a2aa477ff9c97c7c1c7ed0d20ec84da9e25bd14c44d7de7bde47b421c90d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c49fccb1e5461f2110c54d51fa909ceb

SHA1
8b8777b9e0ee1c6cdbcd2e9f0bb3d02ad7475f81

SHA256
caffc133e614e136962bf5d3519e27198062580114fcfc6e80de70fc18e54465

SHA512
4fb3fcf5b7c01e77ab5aef9aad5b62d6ecf97691e641cf51510793ead5d9e3ad9e1e9c7f8e5420cd6c216f261bf4374b6d0150c2e170b42364a1d7e108ad3def

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f875cb2b6069e6ac95c087bd69c41462

SHA1
e6e88d1878c784cfcecc37192053a63aa6bf53c5

SHA256
5547666b53ed9b0f6d1567353941105df07b6512a1c756e613e4bc848d0ccbce

SHA512
456a9e4d7ece75a7e99587d729490cba5223443e149635f847b0f55f9d1831595d1a3d37bc36c7e5a8733462372a50f6e25454b05510d13561d9d95cdbf424cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bdc9fb9766c3d735f33b86337443cdbf

SHA1
cd3c4b4be31d3878d788164385fd3d077dd0d8de

SHA256
75c88ec1387e3543453df42fbc859cf73159704e4ed746e78ddbdbfcd3175eb3

SHA512
d9c6cec43e5253374fa8fe245761b4bb8d2bd65598594c1bb27b4fd9c8db745ff4724ba8c1477dc0544b562f782070fce71d66f702accfed2929c053877a43b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
5f22baea0df2173122c414513b653893

SHA1
95f73ff22ddc7e5fccb7ba81292d98050a9600d4

SHA256
a8361e86017e10c12d9c6702a6765bfb44967988683e9618d4666f05556da7ea

SHA512
395ef4dcf35e8933c10b5a1e75c53e77131c40e6ae79dc253d36ebdd7c94b287c19cefcf023beb57ca9da3843ad2b5fa177cfd29f2a774087b428eb3eee946cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
328c996b51b6cd31ae0b3302686b612d

SHA1
2830f5d4e26278403aaf6b36de2c4273100265ac

SHA256
d036f2520fe83f5001b255f7008ebb03622edf5d1c4c9a89a786e31a1d321030

SHA512
abae3ccc6a0ff87b5ba8c8b5ab90f8af02ad9419a2d1f4a7259003d76fad600a81b8e953ac08ce93e00d85324041fb3a446fbe97b3b02c0a3863f2e645c31070

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000003.log

Filesize
4KB

MD5
759c4995a936e6824762d574f7380869

SHA1
2c6b8b80bc3054f905bc39d351129ed69306863d

SHA256
a2729b5c9bd1822012ed688ea87e838577e563f2d89306a97c588c731af835e5

SHA512
a794584ce4f1afde8db6002a7e5a39b56880e9484daa625b705a10ccbd1ab61d4a5097f3506d79131a794aace0c51500e4388dc6d142eb861677b046859bd7e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

Filesize
845B

MD5
8b43c0ed06fc6f5c7793c66c18c00cba

SHA1
a079e7c5b6254b4f5626bf7cf3d3d4c7d6b40b03

SHA256
f1338f2c58551acf8656c1155cfa75145b1e13c07a004e7f55b83b099f10c347

SHA512
aeb9f2b279c1c01af6b1da9ccf242031135c5821afc8336714ec60265968b958c15be8d11818037de998357ff2ac03dab6c744dbac596709d63f60ae3fb947a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_0

Filesize
128KB

MD5
49fac8364e53993f04bd9d51c23fe463

SHA1
647460e4c82845ead4d7c64806b200f9784ded1e

SHA256
de1b2bd6f20826af1991d9caaad82263ca0d1f02e8d4431f926324c55d649555

SHA512
329e6a9f7a9303a921961f9cdf64a94c98d4eb2f2cfaa80b1cd1b680966f0507258def955ddac1db64bd2447753ce4b9f4a014aec1f5459e3a768e8494361dd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_1

Filesize
343KB

MD5
697bffeb7ccbb863103d73f2cccbb5a2

SHA1
baa1f5b7ba5e62c149c25006bfedf31e834e4f4a

SHA256
9610ec4cb6d89fe6ccd74c59a2c781217ea44dd70b0040f6b3ced1341f00259b

SHA512
c01b9e188d16658833afcf9597c320aae61c9172167fce1400c5affeaa80039a7b233f89148f593ce1b20504bb833885e74b632fb96a72805c6a4471ab4a0feb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
584B

MD5
0750af8d9638336980dc67a527b124fd

SHA1
b0295ca777dd4592fc46d9e2fb6d63acd54faafe

SHA256
5359977333b0852eb7333a5d1f2d7162d8d971dfae0a71afc36acdbf97a83563

SHA512
9eed4fdef46cd44c0c3bfe99bb6a03b892811693dd4d4277f245f08ee1d2af89757f920b3a8d03706aeed3fdfcc64ff6a4dd01795700896eaf78c7abcca903c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
0862e129ecd1045167dc65b7f5d7160b

SHA1
38688af5ae029234fc9da5a249da4c1428b73426

SHA256
877478939223b812f704d7fe028d7c30324c6e17327cedd97ec09d4297b5192d

SHA512
95f6d717199b7257e9ea30de5283b86183c4fca54f570f8f580ec5f72a5405cb06cb0e91ef84e4725a576c1eebff1c3dac76d2c3ab929f7b649c595b49375a12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57ddae.TMP

Filesize
48B

MD5
d056b912a53a16af13d2806f25e1cfb6

SHA1
4534704935f3f493bbeba0575f31fa9c66dc6016

SHA256
5998a481216ee870e2257ce850823babd334f5dbb09adc02b0e8be06ec8902f4

SHA512
87ab0072a9e87d464456c54041dbd0a3fdc3db4b17aa69c374a71ff4e7411dbf23a0c78ce1186fbdbe4b532c88350f8e420bbeb52940bfe81a34837dc00a7412

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

Filesize
1002B

MD5
9f821eb061c4fe8f56ab33fc58679f65

SHA1
b177d8e99223fb956c708839af56e3dda92bac1f

SHA256
fb87af3bc04ac590f6cffa8455e233f3cf5218972a77ac015a5f3069b9e064c7

SHA512
a8c8efcd98ac6964cde659f6a018da0fb36c3ccc02ebb4633902e61f95f7912713028046ef077c6fff202c72fbf8e27ba1e3545ddc48ecae3692b8a4bc924eb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
832B

MD5
fe2e76071dafb11564ca80469df498ad

SHA1
34e4f4ea4c41cdfda611872665fb695a8249eeb6

SHA256
0d15e31aa92d890a06bee45382befa031b057644bad79254129278bf7bb510b0

SHA512
5ab9f0f11e22d9c872c8b44f2941e0a4d8e461f1a5538d7fd9a602ddad817341ddd2310a12a0fee33a90cc8387cf62de8863702b153649d09e9f3ba8f20f2b3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13386932194159680

Filesize
33KB

MD5
045e1de6a777279f9db834194cc9b38e

SHA1
2afc0caf6a3b34f819394a7e7501e3c560164b03

SHA256
23f5380d0a58c1926c76824f9ff72e9d6e4f33c0d4b00619925f628098493fc0

SHA512
06a42f8c474a082bd8e929eb95c81bfd5ea61e17a345360cf7331b7627ff63b50b18a9f40e05aa5efe509f0d3498d3f0c74a0d524087056cc751754639d3bd54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
860B

MD5
99a6c5e35a61aafab77ebc71503bd4b7

SHA1
8e9464badc9d4ac45fcc00f0a2c9d41b08cfda57

SHA256
5ddbbd363739b8d205aad71be606ed39649c0812c153c8f763f4a66df7603fbd

SHA512
d682a8a0fdbddddb777685cf55c6f1434331c447e94f56ad468dabeb10ac369af0761af6261142bda62f2432e042d2aa37f1d5ce0d22e7a9d1f2e9f7bb1ab0a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
836B

MD5
9431d63b4737f4b4d020a28ffd31a421

SHA1
57708ac0afa2fa9e6b1e8bb348b8a1ba224b731d

SHA256
8196cafea7cc15b3d40f8f77d03199c34c2952b3e9b90ad936d78b3f6980efdd

SHA512
ba760ccc5ef867322554e58b5d7a5967539eee49dc77fdb4beac752f471d99b0dfead8773277d26ab3e94fffebe40e401367b801ad01f20c768cb603af565487

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

Filesize
21KB

MD5
c7a68affc872137980ccbb5ccfe81a1d

SHA1
6379eabeecc8c1355df82d28a6c2a0a60eff727a

SHA256
429c7205ea6b26bc65e424309c6971e558869ceb744e457e0c182ae446729f60

SHA512
791c175958f7052ceb742589d1525bf166e222a7cc61ae8637e9d2a2374e25308f6c25ab4d73352be1e1ca351e38971af9a45131febafcccbcbd3e6c50ecda7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
832B

MD5
5431a1f8451ac6a4120d8432e21fb53c

SHA1
dfcbba55869005f8dd62c07dacc4d115467aebbe

SHA256
8a9ad2976095b8372221738710a3b133f58b5fd5528e6e77e7fc78b0753d6d5d

SHA512
f3735efcc7e5da61bbd089e8d54c25c9e7cd5a5970a1ec26bdfccf4c09aafff21684be83bc2dc64f921bfdd19452bec58134aedf12192d3a230c8be5340fc09d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
1KB

MD5
483823ea61343eb67d5bb08496a57c4d

SHA1
49007dceb68d4a97fcee723fb1eec71ff0de9301

SHA256
4852991d9556574f97c5f19b5a5d39cb6a7e648f75c8b4353260b4b10d4a3172

SHA512
4cacc0675ea400f7e36b4bcd6ac8eb2db18bb28ffa99301a8130d537967d81dee1afd046f9e12cf3f62a64668cf10ad51e8d4a00454e569908f3afd3a4511d52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
850B

MD5
227ec313acb8e16b60868ec8e209148d

SHA1
0bac388eb7a177008cab1675fca144ea522e2b9d

SHA256
237e269337ca5ffbe94a9e32485cf9cbeb6293da31cfd9a33826e019759512cd

SHA512
1395e01cbf25dd8e5e53fded5fc5812e6e796ba16494dba8df98cd9172e1a75bbd02e656c35e9ed2275d8053131c59c8542bd356a861a82a9c3de1d5fce0bd93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
11ef9feb81bcda267243229ccb5a2177

SHA1
e6aaf7e444cbc786447d18919c3ef1127bfc72b3

SHA256
88668d609d479167fd6f06a61608247c922a0490cf77d4708d6561d62b68f1ae

SHA512
0bc2f74a3023e6f0bfda3a17bf5e401329011b21675d65ab159172c2aa30bddfcb9aa66916f9eed8effe3289eb135f90b447927ba3eef03970e2ed80ef730057

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
aef9d4f0dbd4df8c7015e1dde3045a94

SHA1
0e064f5fc224a0d7d5b2bd99d2fc1ee80634cc44

SHA256
77e44b0c3ec3d5fa450a93089f6535439e78e5545cc153ee262edc8381fe8f11

SHA512
08b4ebea45dd7006338fcb9d3f15c48f33b591d08195f287b45dc02f2003d6c496f68a0023af32b1284b929f2b6a88894b5bedc9cb74c9d133fbf2e319017e3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
0425f0ac633197c4898b7968f08dc9c1

SHA1
e3361a4297c94c97b3eea7c44eaac901ae156a2c

SHA256
7405e6c07efc313ab4cad5da91162eb5072958127750c7da5d725de98f612f5f

SHA512
ee4b8ce74f6399773d3d5b454aa309b1a5b9058b4f937a62bd930e0825d4722382b7de92af5d2f9275179bf2dc946842249ae53b786cd7035fbe4353d33c6b2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_0uw4cubn.bbi.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\Downloads\f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd.7z.crdownload

Filesize
330KB

MD5
d8cf19a7561ced14492182262c114550

SHA1
dc7e4d57014dcec1d7a5a49d2934cb81bdd0cd53

SHA256
ecca981d801d0e43339948a84d448e9f94026205f37bf05d3b1a603004616338

SHA512
1655d844b33a951716a48739daca214e539721ef7245e1c6cfd56c826900a012802650ce23f15fdafd4c19d4f49e7ade1020d09a2f053dca074ab4d9b6441783

Download Submit
C:\Users\Admin\Downloads\f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd\Log-20-03-2025-08-17-53.txt

Filesize
43KB

MD5
f89f382b3adb635d2779fb7f35b49a8f

SHA1
fd8e9263c99e0945e08e659453c010b1da96e2d1

SHA256
c741c6826a8063c5d8c9d4ddce30f9d344ebdb344460298bfa791e88e3271d46

SHA512
edab8434bc2ed2338f8016fdd724ec435fe6cc43cfc651b099b7a1ae94a3d638b735195ff93fa4646b605036929a83b10e81d90b12a8d1c98092644d8cf0972a

Download Submit
C:\Users\Admin\Downloads\f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd\f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd

Filesize
1.0MB

MD5
b71956ba98abacf4b4dcc5a0453baaa2

SHA1
81d5d6bec94a564b2d2734cf6fd53d84f14b274a

SHA256
f11b60b273e2606e91832edbb014ad229563f5c537ddab11dba80018c11364dd

SHA512
ce48361e7fb40e1bde5800b1220d49052a2d3923b4431fcae02d54a72e51f02ebe2767b3e30d7cdf31c4b53989f9b66a89973b23aa945f7d174137bdaffd11ea

Download Submit
memory/5952-189-0x00000200BB3F0000-0x00000200BB412000-memory.dmp

Filesize
136KB

Download