1f8feaad...55da | Files
Logo
Try VMRay Analyzer
VTI SCORE: 91/100
Dynamic Analysis Report
Classification: Riskware, Trojan, Ransomware

1f8feaadbc4921aae2e51ad6d43513a915bd6081ca7bcc65b412f30ef8f155da (SHA256)

whzqnu.exe

Windows Exe (x86-32)

Created at 2019-01-14 07:50:00

...

Notifications (1/1)

The maximum number of reputation file hash requests (20 per analysis) was exceeded. As a result, the reputation status could not be queried for all file hashes. In order to get the reputation status for all file hashes, please increase the 'Max File Hash Requests' setting in the system configurations.

Remarks

The maximum number of reputation file hash requests (20 per analysis) was exceeded. As a result, the reputation status could not be queried for all file hashes. In order to get the reputation status for all file hashes, please increase the 'Max File Hash Requests' setting in the system configurations.

Filters:
Filename Category Type Severity Actions
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\whzqnu.exe Sample File Binary
Suspicious
...
»
Mime Type application/x-dosexec
File Size 843.50 KB
MD5 6224156f14a8d05dbaacbaa1c27acf33 Copy to Clipboard
SHA1 2f16c0b706a3064867f49aca41a6c6203081d1be Copy to Clipboard
SHA256 1f8feaadbc4921aae2e51ad6d43513a915bd6081ca7bcc65b412f30ef8f155da Copy to Clipboard
SSDeep 24576:sQIJ5QFudgk4s87noHW3ytqv71ohwg0AwgKB:mJw0g5oHWDZLn Copy to Clipboard
ImpHash 4b0bded1905d419bcfa1baf5c35763be Copy to Clipboard
File Reputation Information
»
Severity
Suspicious
First Seen 2019-01-13 18:55 (UTC+1)
Last Seen 2019-01-13 20:11 (UTC+1)
Names Win32.Trojan.Kwa
Families Kwa
Classification Trojan
PE Information
»
Image Base 0x400000
Entry Point 0x46bcad
Size Of Code 0x90000
Size Of Initialized Data 0x42a00
File Type executable
Subsystem windows_gui
Machine Type i386
Compile Timestamp 2018-10-13 12:28:14+00:00
Sections (7)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x8fea3 0x90000 0x400 cnt_code, mem_execute, mem_read 6.62
.rdata 0x491000 0x371d6 0x37200 0x90400 cnt_initialized_data, mem_read 5.75
.data 0x4c9000 0x5eac 0x2000 0xc7600 cnt_initialized_data, mem_read, mem_write 3.83
.gfids 0x4cf000 0x258 0x400 0xc9600 cnt_initialized_data, mem_read 2.53
.tls 0x4d0000 0x9 0x200 0xc9a00 cnt_initialized_data, mem_read, mem_write 0.02
.rsrc 0x4d1000 0xe9c 0x1000 0xc9c00 cnt_initialized_data, mem_read 3.91
.reloc 0x4d2000 0x80e8 0x8200 0xcac00 cnt_initialized_data, mem_discardable, mem_read 6.56
Imports (4)
»
MPR.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WNetCloseEnum 0x0 0x4911a0 0xc7998 0xc6d98 0x17
WNetEnumResourceA 0x0 0x4911a4 0xc799c 0xc6d9c 0x22
WNetOpenEnumA 0x0 0x4911a8 0xc79a0 0xc6da0 0x43
KERNEL32.dll (99)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
FindClose 0x0 0x491010 0xc7808 0xc6c08 0x168
GetModuleHandleA 0x0 0x491014 0xc780c 0xc6c0c 0x264
GetACP 0x0 0x491018 0xc7810 0xc6c10 0x1a4
MultiByteToWideChar 0x0 0x49101c 0xc7814 0xc6c14 0x3d1
Sleep 0x0 0x491020 0xc7818 0xc6c18 0x552
CreateFileA 0x0 0x491024 0xc781c 0xc6c1c 0xba
GlobalAlloc 0x0 0x491028 0xc7820 0xc6c20 0x317
GlobalFree 0x0 0x49102c 0xc7824 0xc6c24 0x31e
GetLogicalDriveStringsA 0x0 0x491030 0xc7828 0xc6c28 0x255
WideCharToMultiByte 0x0 0x491034 0xc782c 0xc6c2c 0x5cd
GetStdHandle 0x0 0x491038 0xc7830 0xc6c30 0x2c0
GetFileType 0x0 0x49103c 0xc7834 0xc6c34 0x23e
GetCurrentThreadId 0x0 0x491040 0xc7838 0xc6c38 0x20e
GetProcAddress 0x0 0x491044 0xc783c 0xc6c3c 0x29d
SetFilePointer 0x0 0x491048 0xc7840 0xc6c40 0x4fc
GetCurrentProcessId 0x0 0x49104c 0xc7844 0xc6c44 0x20a
GetTickCount 0x0 0x491050 0xc7848 0xc6c48 0x2f2
FreeLibrary 0x0 0x491054 0xc784c 0xc6c4c 0x19e
LoadLibraryA 0x0 0x491058 0xc7850 0xc6c50 0x3a5
GlobalMemoryStatus 0x0 0x49105c 0xc7854 0xc6c54 0x323
FlushConsoleInputBuffer 0x0 0x491060 0xc7858 0xc6c58 0x191
SetEnvironmentVariableA 0x0 0x491064 0xc785c 0xc6c5c 0x4ed
FreeEnvironmentStringsW 0x0 0x491068 0xc7860 0xc6c60 0x19d
GetEnvironmentStringsW 0x0 0x49106c 0xc7864 0xc6c64 0x227
GetCommandLineW 0x0 0x491070 0xc7868 0xc6c68 0x1c9
WriteFile 0x0 0x491074 0xc786c 0xc6c6c 0x5e1
FindNextFileW 0x0 0x491078 0xc7870 0xc6c70 0x17f
GetFullPathNameW 0x0 0x49107c 0xc7874 0xc6c74 0x249
FindFirstFileExW 0x0 0x491080 0xc7878 0xc6c78 0x16e
GetOEMCP 0x0 0x491084 0xc787c 0xc6c7c 0x286
MoveFileA 0x0 0x491088 0xc7880 0xc6c80 0x3c8
ReadFile 0x0 0x49108c 0xc7884 0xc6c84 0x450
AreFileApisANSI 0x0 0x491090 0xc7888 0xc6c88 0x1b
CloseHandle 0x0 0x491094 0xc788c 0xc6c8c 0x7f
GetLastError 0x0 0x491098 0xc7890 0xc6c90 0x250
GetCurrentProcess 0x0 0x49109c 0xc7894 0xc6c94 0x209
WriteConsoleW 0x0 0x4910a0 0xc7898 0xc6c98 0x5e0
HeapSize 0x0 0x4910a4 0xc789c 0xc6c9c 0x338
QueryPerformanceCounter 0x0 0x4910a8 0xc78a0 0xc6ca0 0x42d
TlsGetValue 0x0 0x4910ac 0xc78a4 0xc6ca4 0x575
EnterCriticalSection 0x0 0x4910b0 0xc78a8 0xc6ca8 0x125
LeaveCriticalSection 0x0 0x4910b4 0xc78ac 0xc6cac 0x3a2
DeleteCriticalSection 0x0 0x4910b8 0xc78b0 0xc6cb0 0x105
EncodePointer 0x0 0x4910bc 0xc78b4 0xc6cb4 0x121
DecodePointer 0x0 0x4910c0 0xc78b8 0xc6cb8 0xfe
SetLastError 0x0 0x4910c4 0xc78bc 0xc6cbc 0x50b
InitializeCriticalSectionAndSpinCount 0x0 0x4910c8 0xc78c0 0xc6cc0 0x348
CreateEventW 0x0 0x4910cc 0xc78c4 0xc6cc4 0xb6
TlsAlloc 0x0 0x4910d0 0xc78c8 0xc6cc8 0x573
SetEndOfFile 0x0 0x4910d4 0xc78cc 0xc6ccc 0x4ea
TlsSetValue 0x0 0x4910d8 0xc78d0 0xc6cd0 0x576
TlsFree 0x0 0x4910dc 0xc78d4 0xc6cd4 0x574
GetSystemTimeAsFileTime 0x0 0x4910e0 0xc78d8 0xc6cd8 0x2d6
GetModuleHandleW 0x0 0x4910e4 0xc78dc 0xc6cdc 0x267
CompareStringW 0x0 0x4910e8 0xc78e0 0xc6ce0 0x93
LCMapStringW 0x0 0x4910ec 0xc78e4 0xc6ce4 0x396
GetLocaleInfoW 0x0 0x4910f0 0xc78e8 0xc6ce8 0x254
GetStringTypeW 0x0 0x4910f4 0xc78ec 0xc6cec 0x2c5
GetCPInfo 0x0 0x4910f8 0xc78f0 0xc6cf0 0x1b3
UnhandledExceptionFilter 0x0 0x4910fc 0xc78f4 0xc6cf4 0x582
SetUnhandledExceptionFilter 0x0 0x491100 0xc78f8 0xc6cf8 0x543
TerminateProcess 0x0 0x491104 0xc78fc 0xc6cfc 0x561
IsProcessorFeaturePresent 0x0 0x491108 0xc7900 0xc6d00 0x36d
SetEvent 0x0 0x49110c 0xc7904 0xc6d04 0x4f0
ResetEvent 0x0 0x491110 0xc7908 0xc6d08 0x4a2
WaitForSingleObjectEx 0x0 0x491114 0xc790c 0xc6d0c 0x5ac
IsDebuggerPresent 0x0 0x491118 0xc7910 0xc6d10 0x367
GetStartupInfoW 0x0 0x49111c 0xc7914 0xc6d14 0x2be
InitializeSListHead 0x0 0x491120 0xc7918 0xc6d18 0x34b
RaiseException 0x0 0x491124 0xc791c 0xc6d1c 0x440
RtlUnwind 0x0 0x491128 0xc7920 0xc6d20 0x4ad
LoadLibraryExW 0x0 0x49112c 0xc7924 0xc6d24 0x3a7
QueryPerformanceFrequency 0x0 0x491130 0xc7928 0xc6d28 0x42e
ExitProcess 0x0 0x491134 0xc792c 0xc6d2c 0x151
GetModuleHandleExW 0x0 0x491138 0xc7930 0xc6d30 0x266
SetConsoleCtrlHandler 0x0 0x49113c 0xc7934 0xc6d34 0x4c3
GetConsoleMode 0x0 0x491140 0xc7938 0xc6d38 0x1ee
ReadConsoleInputA 0x0 0x491144 0xc793c 0xc6d3c 0x445
SetConsoleMode 0x0 0x491148 0xc7940 0xc6d40 0x4d3
HeapAlloc 0x0 0x49114c 0xc7944 0xc6d44 0x32f
HeapReAlloc 0x0 0x491150 0xc7948 0xc6d48 0x336
HeapFree 0x0 0x491154 0xc794c 0xc6d4c 0x333
GetModuleFileNameW 0x0 0x491158 0xc7950 0xc6d50 0x263
FlushFileBuffers 0x0 0x49115c 0xc7954 0xc6d54 0x192
GetConsoleCP 0x0 0x491160 0xc7958 0xc6d58 0x1dc
SetStdHandle 0x0 0x491164 0xc795c 0xc6d5c 0x522
WaitForSingleObject 0x0 0x491168 0xc7960 0xc6d60 0x5ab
GetExitCodeProcess 0x0 0x49116c 0xc7964 0xc6d64 0x22c
CreateProcessA 0x0 0x491170 0xc7968 0xc6d68 0xd7
GetFileAttributesExW 0x0 0x491174 0xc796c 0xc6d6c 0x232
IsValidLocale 0x0 0x491178 0xc7970 0xc6d70 0x374
GetUserDefaultLCID 0x0 0x49117c 0xc7974 0xc6d74 0x2fc
EnumSystemLocalesW 0x0 0x491180 0xc7978 0xc6d78 0x147
SetFilePointerEx 0x0 0x491184 0xc797c 0xc6d7c 0x4fd
ReadConsoleW 0x0 0x491188 0xc7980 0xc6d80 0x44e
CreateFileW 0x0 0x49118c 0xc7984 0xc6d84 0xc2
GetProcessHeap 0x0 0x491190 0xc7988 0xc6d88 0x2a2
IsValidCodePage 0x0 0x491194 0xc798c 0xc6d8c 0x372
GetCommandLineA 0x0 0x491198 0xc7990 0xc6d90 0x1c8
USER32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
MessageBoxA 0x0 0x4911b0 0xc79a8 0xc6da8 0x246
LoadStringA 0x0 0x4911b4 0xc79ac 0xc6dac 0x22f
GetProcessWindowStation 0x0 0x4911b8 0xc79b0 0xc6db0 0x193
GetUserObjectInformationW 0x0 0x4911bc 0xc79b4 0xc6db4 0x1b8
ADVAPI32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegisterEventSourceA 0x0 0x491000 0xc77f8 0xc6bf8 0x2a6
DeregisterEventSource 0x0 0x491004 0xc77fc 0xc6bfc 0xeb
ReportEventA 0x0 0x491008 0xc7800 0xc6c00 0x2b6
C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml.mdk4y Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 1.35 KB
MD5 bceb474e3d6d7bb73799ab35d66623fb Copy to Clipboard
SHA1 17911b56e34dd4a0e414d2b447d513a3d8e37f32 Copy to Clipboard
SHA256 1b3d72a0b15b8daee71da107ee605c4f46f3628ce43f18d36096e95e75218d07 Copy to Clipboard
SSDeep 24:bFVPiPip/qIMcbGV+KxNeeTOw+sIDJjf6ZeFW1+wrQXIJalHeXMwL2+29Zp:6GPMOa1keIsIVjfEWwEUfX7LJ29D Copy to Clipboard
C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi.mdk4y Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 2.41 MB
MD5 9ee2324601abb5c0e67c0f106dd5bb8f Copy to Clipboard
SHA1 46e5552bf9d9eb779bf1bee7d64c6a70367c01e7 Copy to Clipboard
SHA256 848a69d5bb9facc1d35ab9a66d55965b0d6c09857fe72e831532bc9a1dfb9c0a Copy to Clipboard
SSDeep 49152:SKK4tU2yBNHYeAG1vkRdTex4S120ytJyhaM6CLC:SlB2yBtJAG1kW1o Copy to Clipboard
C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml.mdk4y Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 1.53 KB
MD5 5f36bdb35589d1235aabab123a7f979b Copy to Clipboard
SHA1 0cd0eb1f47a08ef66122eeb00d61baeaa447d915 Copy to Clipboard
SHA256 daf603a2258e8eb2f0469118c0857d90a2f8f76ae7b8d0e3031f65e41262c135 Copy to Clipboard
SSDeep 24:b+ByWCKKapXDZYMhDdCrxYiopz5eoV4oAurt0i6fEpo2ugSPgoTPuzNUy:SBNwqnhDdcYfV5hAaSEy2bSPxc Copy to Clipboard
C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml.mdk4y Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 2.24 KB
MD5 542a2ee068b10a1558779a7c5fa80938 Copy to Clipboard
SHA1 c38dc41c4cf49c1c5e70742e27175b926952e6b1 Copy to Clipboard
SHA256 4af1d12eb7d9b67fe9b34cd38507ec1ac4b967e3e55eeb16713619c86af16c3c Copy to Clipboard
SSDeep 48:4SsiluFy1BA0yomgoi9xhiphdCeRjiys2/NCYlsyl:4Ss+u4AAP9x8XiyTNnh Copy to Clipboard
C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml.mdk4y Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 1.42 KB
MD5 57fa2c381fd57ff56f421b4f16ef8474 Copy to Clipboard
SHA1 743f5dd00b2b68332c3e2f3c581e1b366bd4e7b2 Copy to Clipboard
SHA256 9daddd088b01690a4fa7ab01597feff4f7ca0e401e0ff20d8c85b4d29f7e11df Copy to Clipboard
SSDeep 24:brGvbG/1bY1eTkEE3dV57rz3LRl1bcRx8b7yAyaq1VqprEkyARaMsgP5yawXy:nGv4TkjdrXRbcRx8HyAW6prpyQaFgPjr Copy to Clipboard
C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\HOW_TO_RETURN_FILES.txt Created File Text
Unknown
...
»
Also Known As C:\$Recycle.Bin\HOW_TO_RETURN_FILES.txt (Created File)
C:\Boot\cs-CZ\HOW_TO_RETURN_FILES.txt (Created File)
C:\Boot\da-DK\HOW_TO_RETURN_FILES.txt (Created File)
C:\Boot\de-DE\HOW_TO_RETURN_FILES.txt (Created File)
C:\Boot\el-GR\HOW_TO_RETURN_FILES.txt (Created File)
C:\Boot\en-US\HOW_TO_RETURN_FILES.txt (Created File)
C:\Boot\es-ES\HOW_TO_RETURN_FILES.txt (Created File)
C:\Boot\fi-FI\HOW_TO_RETURN_FILES.txt (Created File)
C:\Boot\Fonts\HOW_TO_RETURN_FILES.txt (Created File)
C:\Boot\fr-FR\HOW_TO_RETURN_FILES.txt (Created File)
C:\Boot\hu-HU\HOW_TO_RETURN_FILES.txt (Created File)
C:\Boot\it-IT\HOW_TO_RETURN_FILES.txt (Created File)
C:\Boot\ja-JP\HOW_TO_RETURN_FILES.txt (Created File)
C:\Boot\ko-KR\HOW_TO_RETURN_FILES.txt (Created File)
C:\Boot\nb-NO\HOW_TO_RETURN_FILES.txt (Created File)
C:\Boot\nl-NL\HOW_TO_RETURN_FILES.txt (Created File)
C:\Boot\pl-PL\HOW_TO_RETURN_FILES.txt (Created File)
C:\Boot\pt-BR\HOW_TO_RETURN_FILES.txt (Created File)
C:\Boot\pt-PT\HOW_TO_RETURN_FILES.txt (Created File)
C:\Boot\ru-RU\HOW_TO_RETURN_FILES.txt (Created File)
C:\Boot\sv-SE\HOW_TO_RETURN_FILES.txt (Created File)
C:\Boot\tr-TR\HOW_TO_RETURN_FILES.txt (Created File)
C:\Boot\zh-CN\HOW_TO_RETURN_FILES.txt (Created File)
C:\Boot\zh-HK\HOW_TO_RETURN_FILES.txt (Created File)
C:\Boot\zh-TW\HOW_TO_RETURN_FILES.txt (Created File)
C:\Boot\HOW_TO_RETURN_FILES.txt (Created File)
C:\Config.Msi\HOW_TO_RETURN_FILES.txt (Created File)
C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\HOW_TO_RETURN_FILES.txt (Created File)
C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\HOW_TO_RETURN_FILES.txt (Created File)
C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\HOW_TO_RETURN_FILES.txt (Created File)
C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\HOW_TO_RETURN_FILES.txt (Created File)
C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\HOW_TO_RETURN_FILES.txt (Created File)
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\HOW_TO_RETURN_FILES.txt (Created File)
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\HOW_TO_RETURN_FILES.txt (Created File)
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\HOW_TO_RETURN_FILES.txt (Created File)
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\HOW_TO_RETURN_FILES.txt (Created File)
C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\HOW_TO_RETURN_FILES.txt (Created File)
Mime Type text/plain
File Size 1.70 KB
MD5 68a599594512849a9f317ecf60bb78d9 Copy to Clipboard
SHA1 0ebadb01c35a3f4c63ad1503fc0327d821d57239 Copy to Clipboard
SHA256 9e6fd7630008397d8b53cdb58ff2a8a0ed0af182b912666f319c8da3c9e7584c Copy to Clipboard
SSDeep 48:HD6AhpU+hTdPlq98l18YpdpCzs1LaEXczVG:j6AhP5VpV1Ltsz0 Copy to Clipboard
C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab.mdk4y Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 10.00 MB
MD5 c979e2e5278676e25fe6697866cb6df8 Copy to Clipboard
SHA1 50e4235bdf5ba0be0caadd25f83e84ee3b8300af Copy to Clipboard
SHA256 2ebac260b0a328f9b1fd3e2614edbbe70155f20ceb1d4157084b7a2b03490963 Copy to Clipboard
SSDeep 196608:kI/A15gSG4KKCX5FvaeoDcBdxmOJR7nxOKOmE7dzaNQwr:kd5G4KKCX5FvaVczxmUJnYSE7dzAT Copy to Clipboard
C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab.mdk4y Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 10.00 MB
MD5 fc740d42312a6ad882a24ba862753398 Copy to Clipboard
SHA1 f692faee449caef44bd3e4fefd9b25194d4636aa Copy to Clipboard
SHA256 290f7eabb312eae60f5f3c1ab9e912fb10e0304376033e8a1bbf90dfa3492f8b Copy to Clipboard
SSDeep 196608:/xssSw7YM4k8IMj3kMxfGbWaxJMKMA4JxuiNQG3A2r7rfiSFhysD8uxDxKj:ptJn8IQkM2BFEx96G3AUf7FnzKj Copy to Clipboard
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab.mdk4y Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 10.00 MB
MD5 44ee0260334a499bb2b6e7e5acb0563c Copy to Clipboard
SHA1 02c12adeec1d57f212aa4e3687d116cb2b8fb092 Copy to Clipboard
SHA256 02a9aaf17882924e28600edbf786e254cd3f3202eb2f50d2d293f16b8564cd9a Copy to Clipboard
SSDeep 196608:S2t3U6eDsIwHBL4B9lCzT2bOgBoDuihGYrLpVUBJ/7HAFGtNy6aMhnRTU+:SW5qsIwHNB26gfE7e/7JNMM5RTU+ Copy to Clipboard
C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi.mdk4y Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 2.73 MB
MD5 128fb4991c8ebc1190fd8d2dee19d3f8 Copy to Clipboard
SHA1 c230aa5270abc53464f21a558c72bdb955f9a7c3 Copy to Clipboard
SHA256 e45e75d2f724df92ffc52e9485f40b539f80646d3a2c390e231327ae7be97ee7 Copy to Clipboard
SSDeep 49152:Ii8yH5RbjwIvXXJzkuPpEmsskLljb1R6rOSN20yRJ63PooFMP+:I14BjwIp7Km66vj Copy to Clipboard
C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml.mdk4y Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 1.76 KB
MD5 f8f141b2602998cf4ad6f941f8c9af40 Copy to Clipboard
SHA1 2631f51ec2ce22655b4d72bc7dec65b2379d04ed Copy to Clipboard
SHA256 001e0176c3422bf7e605543311a0e6571c5e50d8b0209abe75752363ef2d9f1d Copy to Clipboard
SSDeep 48:agADcE/Md16x4KFGja3BscyjUOGgsRHnO9:SRMd16VFGG3aJ3sRI Copy to Clipboard
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml.mdk4y Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 1.42 KB
MD5 3de99edd0b54a4237bd2ef57a5d3d34d Copy to Clipboard
SHA1 f576f356ae0d59618259c883e50215e82f3eb1cf Copy to Clipboard
SHA256 a6000c1bf01f440f159fe30f6353c2592d1ac8eb1f4cbaa19cc0abdced55f6ba Copy to Clipboard
SSDeep 24:bPpTYfypEbhfkFT45yv9tqIkdw7OThF4dvVfHpptaLApQHyFaOzMKezszsJ7M5wh:VYdbV87tqIU2OTj4ddvpmLApSErasUL5 Copy to Clipboard
C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi.mdk4y Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 853.50 KB
MD5 16cff5daa2ae88f65b5485ca4b4f3515 Copy to Clipboard
SHA1 f2e3bc7711e99abb5f3e8fb08be7c317339e9d79 Copy to Clipboard
SHA256 42335970200998d81d9d795380368e13250d799d40b4c2b2c0bf61d8235c69c3 Copy to Clipboard
SSDeep 12288:6gji6K/2Frks5pIVN7UXecM+3X227o/qgn2hsDZ9Ccp/s4GFmvC5Hpv9pNXPRW2Z:R73/aNQXX3Xny6sTCw/8m+RNIt1U Copy to Clipboard
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml.mdk4y Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 1.32 KB
MD5 37342a6a3776541753f14e8f533fd9d2 Copy to Clipboard
SHA1 14c17dd6f70978dc9496065e435cbce55a59e163 Copy to Clipboard
SHA256 88f65741f00c72a7443e8cf052131f4f94da8893785380a5475106d81f6bf99c Copy to Clipboard
SSDeep 24:bKrN60WsEfosZVzWzVpIM907O7V9R2Z3hdKYe/B3PZrzR/EMG4Si9:erDWsEzaEMSO7V7abMB3ZzR8MG5k Copy to Clipboard
C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml.mdk4y Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 2.31 KB
MD5 1825028fec64ea2d4caa6f5dba5951eb Copy to Clipboard
SHA1 2d94f1fe648170d404e0a94771967694bed7470c Copy to Clipboard
SHA256 594f166908306d8440cac0e731c012972c4ddbd63b9f736366d00c55a851390f Copy to Clipboard
SSDeep 48:2vM76L6m6MvAEAiC1iHoKpO0HX34Tcyi9whVd9Xr18nH+e7DRoHm:onL6m6EA3LkhHX34g1whP9B8nH+s2Hm Copy to Clipboard
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml.mdk4y Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 1.42 KB
MD5 d11877854336ff2d4944846506277181 Copy to Clipboard
SHA1 8e169e43db0fca3aa00e693c5eb22e55f92ec74b Copy to Clipboard
SHA256 db182c76340ba1f0e0eaeee2c7525261161361ebf2cb35ad370fc82443ea0081 Copy to Clipboard
SSDeep 24:bNu9ODIkWd3qTKeWQC31F8hP4qEsvsjbh7m558hU9U4KHY8Ap270y2dhk85K2GX2:RYEe3qTKeWQC378d4qM+8hU92Yl2YWTQ Copy to Clipboard
C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab.mdk4y Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 10.00 MB
MD5 6ee1074893e3b3323b7b8c0f0eb917ab Copy to Clipboard
SHA1 5a82c5905a0a08a9b452e17df8d7fbe4d6c4f052 Copy to Clipboard
SHA256 38c48e03861236dc15fd1e7a419565d687022445321015c8efd6e350da717476 Copy to Clipboard
SSDeep 196608:Z2onYmqQNVAl+ig71eZ8FclBElWHp8byLbyo9crpLlR8ioLO0ZF9CrpbQ:ILmqyL71eiFgepGHyo2rpLkcoCrpbQ Copy to Clipboard
C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml.mdk4y Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 1.42 KB
MD5 f78a1b144957433d19e735e33938f4b5 Copy to Clipboard
SHA1 c8f082e2882020168c3edf21c5be3a413fb8f946 Copy to Clipboard
SHA256 d5e3263c19f4de06db4ed0b0b610c540ccc8525031b2a1e9a2525d5a59c6ddb0 Copy to Clipboard
SSDeep 24:bqmJnRdUHlkQlaIoXqx59sLdpk1W06tb+ID9EpcGBO+0JksXZfL8jxHZC5AM/CjF:lRdUHeivJ0rk1iJzD9M7c1XFw9HQb/sF Copy to Clipboard
Log Created File Text
Unknown
...
»
Mime Type text/plain
File Size 0.19 KB
MD5 3b781dcca5b3dc03d73822fda2ddd26f Copy to Clipboard
SHA1 30656d062183857533b93ab32316c16426921285 Copy to Clipboard
SHA256 c960d140797ebb77f392d84050b7de0816ccec52101a8c1075c84d375e855eec Copy to Clipboard
SSDeep 3:qFVAgvL9v+ScnBHyqFAHy6yqFAHy6yqFAHy6y6yqFAVWm2ovn:qvAqLN+SaBHZAHtZAHtZAHttZAln Copy to Clipboard
C:\Boot\BOOTSTAT.DAT.mdk4y Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 64.00 KB
MD5 76637118408f39086f41ae2ae23bef4c Copy to Clipboard
SHA1 1f396ffbb7df1096484b9b44b1e1ce11467074b5 Copy to Clipboard
SHA256 10188489b1ea6d487f8e075a3694b5dbe4271756fdf3c312b8391f4d32f3638d Copy to Clipboard
SSDeep 1536:hm8HHR1g1xls2kdkvvP2pl0eykBBMQ3B0rSW6Ma9JHuz9Q:hm8nV2j3PilSk5erSUa9JHj Copy to Clipboard
C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi.mdk4y Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 2.40 MB
MD5 be550420674fbcc52a58904b697a250b Copy to Clipboard
SHA1 d4c5487d55291e0064004a4ab150e4815d4f93b4 Copy to Clipboard
SHA256 753210f82d058effc8efa7a15580a0704eb72ca0912c9aabceaa3deb0240cf1d Copy to Clipboard
SSDeep 49152:EDRRcPbWWPMMGtBjhdTex4S120ytJyhaLz6CCHm:EVRcZy3q1oL Copy to Clipboard
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab.mdk4y Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 10.00 MB
MD5 f1efca2f46980667afe49e84ae57b4a1 Copy to Clipboard
SHA1 4c919322c1299142cc68f520b4d05306cdd3f481 Copy to Clipboard
SHA256 9128af3f1cab4f601ba1b52b25bf516c48eb7f8139606521494be5874d09cced Copy to Clipboard
SSDeep 196608:ZSC4M+DiOm1j3/abCsYwFOSQo2eWDOQs4hW6s63HS:ETPZmN3/abtYIQo2OQ93RS Copy to Clipboard
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi.mdk4y Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 848.50 KB
MD5 329b313de8334ac84ed192f0ba0a2175 Copy to Clipboard
SHA1 d95d4edd721b1f58f35d055785eb4f16c2b8d01c Copy to Clipboard
SHA256 7a6306350568635d490d27c9e579b225bcd7654c85e9b7f87c951d5174059bc9 Copy to Clipboard
SSDeep 24576:Z3I79pYEKa01YThltUiDzHP7YAeUPA61+Ddl4nITr:Z3I7vmXghltUiHP7FXPMDff Copy to Clipboard
C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml.mdk4y Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 4.11 KB
MD5 d52f3ce4c583c78d78081455ff046d1e Copy to Clipboard
SHA1 b09989e533f1dd7a319dcc1df56752a1e69dccd5 Copy to Clipboard
SHA256 f67a4eddcaaa77308df904f898f913266702f288ec8d9b475568a50ec51b8388 Copy to Clipboard
SSDeep 96:RhvtYmIeM1PFDayJZSizgXQdmtCB1U+p5eIRcW9eyWQiAgrPX/VN2mst:RNOmIeyFBZrkA6CB11WIRc7/PX/V2 Copy to Clipboard
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml.mdk4y Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 0.79 KB
MD5 6997e2de1bf572f657031219842278d9 Copy to Clipboard
SHA1 f5e2027945b70bfc8ae4029c1ca9ef35f7fd4c70 Copy to Clipboard
SHA256 9e867784f18a2d6090010ca81d920881b664d1312bc4a70e7332b76644bd19bb Copy to Clipboard
SSDeep 12:bX8m4ZyXNk2NpLWDldDGIp/l3A4UC2G4D9lwORz68JJGY9Pm79Ol8CB5Nkb4mdcP:bVRDLaXGs3UQ4prlL9w59y Copy to Clipboard
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi.mdk4y Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 860.50 KB
MD5 7d0e957ddba1983dfae9256c0044b9d8 Copy to Clipboard
SHA1 dad4d8ce8e623b9119a64d66fba9b8a0477cf94e Copy to Clipboard
SHA256 3ac36c6bde9c5f310da190486033ebd64b187204b978f66911a95eb87c66e83f Copy to Clipboard
SSDeep 12288:V5J18qyNngwBiQsPBCm2NUpA+eY/ft2ij8KY+WpNCq2J4dyUjP597ofjlv:f/CHqis/cehvq2J4dya1ofx Copy to Clipboard
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi.mdk4y Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 865.00 KB
MD5 5c0ba21f7b65c5a99302667d69d6d404 Copy to Clipboard
SHA1 7b0761fd8cf24f067123f609fcaff37069d571df Copy to Clipboard
SHA256 f7e1910143febd5be156748d4a9aa3560bc848357e704b5455c5d6b3a4d4e540 Copy to Clipboard
SSDeep 12288:908QrHteGKXa5zNpIy5uZ9l8oRboPXjgb17SZNSnosyDgDjZrM/PvSqqFiGqLbCG:9NQLteBopCPZ9ld5XJZrM/Pvm4N9 Copy to Clipboard
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml.mdk4y Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 5.75 KB
MD5 2c0b02481bc24a5e11a065935340303f Copy to Clipboard
SHA1 2a76d837b92abe111ec460bb9e78bfc7c7a9fc7c Copy to Clipboard
SHA256 fbbd1987998aed9a4b884fb5ef4784f746587a2929a3fb8b1a23cf75687a861d Copy to Clipboard
SSDeep 96:pHbGGLTOzg12PY8pJ3PFIHwmTMoqCS5Kb+s2hs555OevR+XKAV/6ZZrcWgF5Udp1:Rb1vOzg12/p3Mwm0Ls6sEeYV/6ZlBWSN Copy to Clipboard
C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi.mdk4y Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 2.39 MB
MD5 0df18d0157f1cbeb73a810e229449835 Copy to Clipboard
SHA1 3b621adfd75d87bfabd62869c38bd182c5691954 Copy to Clipboard
SHA256 08583d6c0ddc80724f66df49d95a21f376eda35cf454f813c004fc5a6233c4fb Copy to Clipboard
SSDeep 49152:jr/3ARBzFJ27ebkCHCdTex4S120ytJyha16CZt:lebtH1o Copy to Clipboard
C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml.mdk4y Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 1.84 KB
MD5 593e355f472d52501c80ff046ad53472 Copy to Clipboard
SHA1 3843484d44b1427b32e9623c0ad309de2ad31ccf Copy to Clipboard
SHA256 0427864578de27e098cff65e5d20af670c3cc9a5399ae258151b200691047622 Copy to Clipboard
SSDeep 24:bjAXzHsoms9UMFbDpYgrKTmeJBetGTy6/WuwGulVSmpYSQ3a2ZtRMkq62TX28:HAXzMOJ9ze/DWf7S+LQZfRMkg7 Copy to Clipboard
C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab.mdk4y Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 1.05 MB
MD5 0b28d8b1d142a480017b97d41240e3fe Copy to Clipboard
SHA1 758dd5a4a73817569e2e33c595fc7126a278fbef Copy to Clipboard
SHA256 ef58d07e286211ff562b6e8cffd956809a3fed89031a9909b0706d3b28a8ce61 Copy to Clipboard
SSDeep 24576:vuCgjra7lJQyE2hGgdo60HiKKdPm5wHhuHQzGH0KryE/9hSCEn/:T5jjog8CPFiHoKryshSCE/ Copy to Clipboard
C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml.mdk4y Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 1.57 KB
MD5 5540a68c5b536ce11ba81dc423392660 Copy to Clipboard
SHA1 81d2096889d9f67f41e0f92cbf0cad7893652e97 Copy to Clipboard
SHA256 ac2992bfa6d00485c7a7759aab319ed1c15cf7ee5514baefe36df7afed99af45 Copy to Clipboard
SSDeep 48:MyBbFaktaILnHhQsr9mqKEnBS6BMyYayNz/t0:hbQknZ9HBS6BBYaI/t0 Copy to Clipboard
C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml.mdk4y Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 3.11 KB
MD5 f2622575a9c0c786ff52f0cd16716c11 Copy to Clipboard
SHA1 792046a368eb36651f98d8d4c2ae13b29ceaf043 Copy to Clipboard
SHA256 be59dc2fd9762ddddcf221884b423050579d94646cfba315cca9e2ac7fb67f9c Copy to Clipboard
SSDeep 96:57ynn14sASbzVB6mfZwGCEJPl84+4npJtU3:s65SPVB68KiXLJk Copy to Clipboard
C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab.mdk4y Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 9.50 MB
MD5 eee5b825cf736f65e2fe1855f1fbceef Copy to Clipboard
SHA1 e2009d19ceb10651f66f7dbe2b2fdfb0eb9b2083 Copy to Clipboard
SHA256 29f47ca0bd319b46fdd19d7bb0614078279b8851bd98a5f3a1ddf6ac422f4b2b Copy to Clipboard
SSDeep 196608:M4+MUUvTYpH9lBl/tus7o4L7tZiTnp/jE4U/bxlLRx+c:Mv/UvTiJhU4L7tZiTnprP0txRsc Copy to Clipboard
C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml.mdk4y Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 2.37 KB
MD5 f69ed81eb654d32c4d37e68cd483782c Copy to Clipboard
SHA1 c5b05465a5d1c3888f5a335e5dff67270bb39f69 Copy to Clipboard
SHA256 8b0729962afb832802d54b34d8d0f577753b95b1d51eedac3d1f445d6129336a Copy to Clipboard
SSDeep 48:TWI/xpEXdlcvsQ9nbZWp9+I5bIBHYXVLaRmFgKpW2:ycxpE/t2l1INIBHeVdF82 Copy to Clipboard
C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab.mdk4y Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 2.79 MB
MD5 4ddb0d4dda511ec7042154d99e1e3fb6 Copy to Clipboard
SHA1 6927342ef4414a05f4da3c53ac5a4f6620ca3577 Copy to Clipboard
SHA256 8c40a605bef98af7c46da25ffe223eb3ca582d53397e5e57cc1e93b7384b853d Copy to Clipboard
SSDeep 49152:udBbZ/efNwRfLnYmJf+YoC59POSOwPFhbYRjfIDPHLoBTv5oJBB47q5FqciWDxQm:CbYlaDaC5VPFhbY12HLodiF4+5riWDem Copy to Clipboard
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab.mdk4y Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 10.00 MB
MD5 92cd704d0a8bf51d2f3181db940bc22f Copy to Clipboard
SHA1 d32cd24b6812e59211ccbeea724d71ff6727ce99 Copy to Clipboard
SHA256 319d16c3f55f0fecb94354d0e4c0d56a83028f414efaf0801808d826014b504d Copy to Clipboard
SSDeep 196608:N6lS4CjQR9g8YYIcjfX+vntQdQGzFZaGkGdN7p06H1JX/WanfW/OIV0h:AS4LR9YY5mvJGBZWGRz1kaza0h Copy to Clipboard
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi.mdk4y Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 855.00 KB
MD5 2ebecd806144364a8ac8d0bafa402e01 Copy to Clipboard
SHA1 1d6e5b59f2eee24bce1ddd5f3bc789c976d5a0e4 Copy to Clipboard
SHA256 abf09f7a31f441874029ef9d378a0e0968817183d13f40c0e425fda9bc5d5f46 Copy to Clipboard
SSDeep 24576:j7OfZN00F6nzP+hiGgjOEFNKcDBVD4YR9U:XORP6zJjdNKW34YR6 Copy to Clipboard
C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi.mdk4y Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 2.39 MB
MD5 92fb5ae0a1307b123248fe3dc8247747 Copy to Clipboard
SHA1 37cfb0f173a034789f58306dce91e97e90c638e3 Copy to Clipboard
SHA256 1a6da5af565d2d05a96106722e9c51f45de544d47cabbf262af197f2c9e4b1d0 Copy to Clipboard
SSDeep 49152:4nkMKgqy+d0Vj3kokYace79RLWYqEndTex4S120ytJyham6Co6:WVGy+KrkqaLLWL1o Copy to Clipboard
C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab.mdk4y Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 10.00 MB
MD5 1df81fdc8b063439a43d0c93d6b53134 Copy to Clipboard
SHA1 9e6ae8949ef60e19b55d5690bea45e8345885c6a Copy to Clipboard
SHA256 c482f17a43af62264ed51b1c03be1d1f18bf3840ee84002d616e55c94536ff22 Copy to Clipboard
SSDeep 196608:GH6NusPQqb7fKP0ReD0wXKLUEfRrDXP2ifogB+jHcSBLWiyvyWJRMLhdPWfi:g6NuszDKP0q0wM9JrL2ifJEjhW/6vL3D Copy to Clipboard
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image