VTI SCORE: 95/100
Dynamic Analysis Report |
Classification: Dropper, Riskware, Downloader, Trojan, Ransomware |
242713ef2f372f0d39ca8f01bd09c9f99bcfe850e156621c023dd9e0bfb9bd95 (SHA256)
CURRENT_DIRnwovkcyl.exe
Windows Exe (x86-32)
Created at 2018-10-03 03:03:00
Notifications (1/1)
Some extracted files may be missing in the report since the maximum number of extracted files was reached during the analysis. You can increase the limit in the configuration settings.
Remarks
Some extracted files may be missing in the report since the maximum number of extracted files was reached during the analysis. You can increase the limit in the configuration settings.
This is a filtered view
This list contains only the embedded files and created files
Filters: |
There are no files for this filter
Filename | Category | Type | Severity | Actions |
---|
C:\Users\CIiHmnxMn6Ps\Desktop\CURRENT_DIRnwovkcyl.exe | Sample File | Binary |
Blacklisted
|
...
|
»
File Reputation Information
»
Severity |
Blacklisted
|
First Seen | 2018-09-28 06:11 (UTC+2) |
Last Seen | 2018-10-01 18:44 (UTC+2) |
Names | Win32.Trojan.Genasom |
Families | Genasom |
Classification | Trojan |
PE Information
»
Image Base | 0x400000 |
Entry Point | 0x4dda54 |
Size Of Code | 0xe0a00 |
Size Of Initialized Data | 0x51400 |
File Type | executable |
Subsystem | windows_cui |
Machine Type | i386 |
Compile Timestamp | 2018-09-25 17:03:20+00:00 |
Sections (10)
»
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
.text | 0x401000 | 0xdb8d8 | 0xdba00 | 0x400 | cnt_code, mem_execute, mem_read | 6.39 |
.itext | 0x4dd000 | 0x4eb0 | 0x5000 | 0xdbe00 | cnt_code, mem_execute, mem_read | 5.73 |
.data | 0x4e2000 | 0x5b0c | 0x5c00 | 0xe0e00 | cnt_initialized_data, mem_read, mem_write | 6.2 |
.bss | 0x4e8000 | 0x6444 | 0x0 | 0x0 | mem_read, mem_write | 0.0 |
.idata | 0x4ef000 | 0x1236 | 0x1400 | 0xe6a00 | cnt_initialized_data, mem_read, mem_write | 4.81 |
.didata | 0x4f1000 | 0xfa | 0x200 | 0xe7e00 | cnt_initialized_data, mem_read, mem_write | 2.01 |
.edata | 0x4f2000 | 0x6c | 0x200 | 0xe8000 | cnt_initialized_data, mem_read | 1.31 |
.tls | 0x4f3000 | 0x14 | 0x0 | 0x0 | mem_read, mem_write | 0.0 |
.rdata | 0x4f4000 | 0x18 | 0x200 | 0xe8200 | cnt_initialized_data, mem_read | 0.21 |
.rsrc | 0x4f5000 | 0x49e00 | 0x49e00 | 0xe8400 | cnt_initialized_data, mem_read | 7.97 |
Imports (8)
»
oleaut32.dll (12)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
SysFreeString | 0x0 | 0x4ef36c | 0xef0b4 | 0xe6ab4 | 0x0 |
SysReAllocStringLen | 0x0 | 0x4ef370 | 0xef0b8 | 0xe6ab8 | 0x0 |
SysAllocStringLen | 0x0 | 0x4ef374 | 0xef0bc | 0xe6abc | 0x0 |
SafeArrayPtrOfIndex | 0x0 | 0x4ef378 | 0xef0c0 | 0xe6ac0 | 0x0 |
SafeArrayGetUBound | 0x0 | 0x4ef37c | 0xef0c4 | 0xe6ac4 | 0x0 |
SafeArrayGetLBound | 0x0 | 0x4ef380 | 0xef0c8 | 0xe6ac8 | 0x0 |
SafeArrayCreate | 0x0 | 0x4ef384 | 0xef0cc | 0xe6acc | 0x0 |
VariantChangeType | 0x0 | 0x4ef388 | 0xef0d0 | 0xe6ad0 | 0x0 |
VariantCopy | 0x0 | 0x4ef38c | 0xef0d4 | 0xe6ad4 | 0x0 |
VariantClear | 0x0 | 0x4ef390 | 0xef0d8 | 0xe6ad8 | 0x0 |
VariantInit | 0x0 | 0x4ef394 | 0xef0dc | 0xe6adc | 0x0 |
GetErrorInfo | 0x0 | 0x4ef398 | 0xef0e0 | 0xe6ae0 | 0x0 |
advapi32.dll (15)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
RegQueryValueExW | 0x0 | 0x4ef3a0 | 0xef0e8 | 0xe6ae8 | 0x0 |
RegOpenKeyExW | 0x0 | 0x4ef3a4 | 0xef0ec | 0xe6aec | 0x0 |
RegCloseKey | 0x0 | 0x4ef3a8 | 0xef0f0 | 0xe6af0 | 0x0 |
OpenThreadToken | 0x0 | 0x4ef3ac | 0xef0f4 | 0xe6af4 | 0x0 |
OpenProcessToken | 0x0 | 0x4ef3b0 | 0xef0f8 | 0xe6af8 | 0x0 |
GetUserNameA | 0x0 | 0x4ef3b4 | 0xef0fc | 0xe6afc | 0x0 |
GetTokenInformation | 0x0 | 0x4ef3b8 | 0xef100 | 0xe6b00 | 0x0 |
GetSidSubAuthorityCount | 0x0 | 0x4ef3bc | 0xef104 | 0xe6b04 | 0x0 |
GetSidSubAuthority | 0x0 | 0x4ef3c0 | 0xef108 | 0xe6b08 | 0x0 |
FreeSid | 0x0 | 0x4ef3c4 | 0xef10c | 0xe6b0c | 0x0 |
EqualSid | 0x0 | 0x4ef3c8 | 0xef110 | 0xe6b10 | 0x0 |
AllocateAndInitializeSid | 0x0 | 0x4ef3cc | 0xef114 | 0xe6b14 | 0x0 |
CryptGenRandom | 0x0 | 0x4ef3d0 | 0xef118 | 0xe6b18 | 0x0 |
CryptReleaseContext | 0x0 | 0x4ef3d4 | 0xef11c | 0xe6b1c | 0x0 |
CryptAcquireContextW | 0x0 | 0x4ef3d8 | 0xef120 | 0xe6b20 | 0x0 |
user32.dll (10)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
MessageBoxA | 0x0 | 0x4ef3e0 | 0xef128 | 0xe6b28 | 0x0 |
CharNextW | 0x0 | 0x4ef3e4 | 0xef12c | 0xe6b2c | 0x0 |
LoadStringW | 0x0 | 0x4ef3e8 | 0xef130 | 0xe6b30 | 0x0 |
PeekMessageW | 0x0 | 0x4ef3ec | 0xef134 | 0xe6b34 | 0x0 |
MsgWaitForMultipleObjects | 0x0 | 0x4ef3f0 | 0xef138 | 0xe6b38 | 0x0 |
MessageBoxW | 0x0 | 0x4ef3f4 | 0xef13c | 0xe6b3c | 0x0 |
GetSystemMetrics | 0x0 | 0x4ef3f8 | 0xef140 | 0xe6b40 | 0x0 |
CharUpperBuffW | 0x0 | 0x4ef3fc | 0xef144 | 0xe6b44 | 0x0 |
CharUpperW | 0x0 | 0x4ef400 | 0xef148 | 0xe6b48 | 0x0 |
CharLowerBuffW | 0x0 | 0x4ef404 | 0xef14c | 0xe6b4c | 0x0 |
kernel32.dll (119)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
Sleep | 0x0 | 0x4ef40c | 0xef154 | 0xe6b54 | 0x0 |
VirtualFree | 0x0 | 0x4ef410 | 0xef158 | 0xe6b58 | 0x0 |
VirtualAlloc | 0x0 | 0x4ef414 | 0xef15c | 0xe6b5c | 0x0 |
lstrlenW | 0x0 | 0x4ef418 | 0xef160 | 0xe6b60 | 0x0 |
VirtualQuery | 0x0 | 0x4ef41c | 0xef164 | 0xe6b64 | 0x0 |
GetTickCount | 0x0 | 0x4ef420 | 0xef168 | 0xe6b68 | 0x0 |
GetSystemInfo | 0x0 | 0x4ef424 | 0xef16c | 0xe6b6c | 0x0 |
GetVersion | 0x0 | 0x4ef428 | 0xef170 | 0xe6b70 | 0x0 |
CompareStringW | 0x0 | 0x4ef42c | 0xef174 | 0xe6b74 | 0x0 |
IsDBCSLeadByteEx | 0x0 | 0x4ef430 | 0xef178 | 0xe6b78 | 0x0 |
IsValidLocale | 0x0 | 0x4ef434 | 0xef17c | 0xe6b7c | 0x0 |
SetThreadLocale | 0x0 | 0x4ef438 | 0xef180 | 0xe6b80 | 0x0 |
GetSystemDefaultUILanguage | 0x0 | 0x4ef43c | 0xef184 | 0xe6b84 | 0x0 |
GetUserDefaultUILanguage | 0x0 | 0x4ef440 | 0xef188 | 0xe6b88 | 0x0 |
GetLocaleInfoW | 0x0 | 0x4ef444 | 0xef18c | 0xe6b8c | 0x0 |
WideCharToMultiByte | 0x0 | 0x4ef448 | 0xef190 | 0xe6b90 | 0x0 |
MultiByteToWideChar | 0x0 | 0x4ef44c | 0xef194 | 0xe6b94 | 0x0 |
GetConsoleOutputCP | 0x0 | 0x4ef450 | 0xef198 | 0xe6b98 | 0x0 |
GetConsoleCP | 0x0 | 0x4ef454 | 0xef19c | 0xe6b9c | 0x0 |
GetACP | 0x0 | 0x4ef458 | 0xef1a0 | 0xe6ba0 | 0x0 |
LoadLibraryExW | 0x0 | 0x4ef45c | 0xef1a4 | 0xe6ba4 | 0x0 |
GetStartupInfoW | 0x0 | 0x4ef460 | 0xef1a8 | 0xe6ba8 | 0x0 |
GetProcAddress | 0x0 | 0x4ef464 | 0xef1ac | 0xe6bac | 0x0 |
GetModuleHandleW | 0x0 | 0x4ef468 | 0xef1b0 | 0xe6bb0 | 0x0 |
GetModuleFileNameW | 0x0 | 0x4ef46c | 0xef1b4 | 0xe6bb4 | 0x0 |
GetCommandLineW | 0x0 | 0x4ef470 | 0xef1b8 | 0xe6bb8 | 0x0 |
FreeLibrary | 0x0 | 0x4ef474 | 0xef1bc | 0xe6bbc | 0x0 |
GetLastError | 0x0 | 0x4ef478 | 0xef1c0 | 0xe6bc0 | 0x0 |
UnhandledExceptionFilter | 0x0 | 0x4ef47c | 0xef1c4 | 0xe6bc4 | 0x0 |
RtlUnwind | 0x0 | 0x4ef480 | 0xef1c8 | 0xe6bc8 | 0x0 |
RaiseException | 0x0 | 0x4ef484 | 0xef1cc | 0xe6bcc | 0x0 |
ExitProcess | 0x0 | 0x4ef488 | 0xef1d0 | 0xe6bd0 | 0x0 |
ExitThread | 0x0 | 0x4ef48c | 0xef1d4 | 0xe6bd4 | 0x0 |
SwitchToThread | 0x0 | 0x4ef490 | 0xef1d8 | 0xe6bd8 | 0x0 |
GetCurrentThreadId | 0x0 | 0x4ef494 | 0xef1dc | 0xe6bdc | 0x0 |
CreateThread | 0x0 | 0x4ef498 | 0xef1e0 | 0xe6be0 | 0x0 |
DeleteCriticalSection | 0x0 | 0x4ef49c | 0xef1e4 | 0xe6be4 | 0x0 |
LeaveCriticalSection | 0x0 | 0x4ef4a0 | 0xef1e8 | 0xe6be8 | 0x0 |
EnterCriticalSection | 0x0 | 0x4ef4a4 | 0xef1ec | 0xe6bec | 0x0 |
InitializeCriticalSection | 0x0 | 0x4ef4a8 | 0xef1f0 | 0xe6bf0 | 0x0 |
FindFirstFileW | 0x0 | 0x4ef4ac | 0xef1f4 | 0xe6bf4 | 0x0 |
FindClose | 0x0 | 0x4ef4b0 | 0xef1f8 | 0xe6bf8 | 0x0 |
WriteFile | 0x0 | 0x4ef4b4 | 0xef1fc | 0xe6bfc | 0x0 |
SetFilePointer | 0x0 | 0x4ef4b8 | 0xef200 | 0xe6c00 | 0x0 |
SetEndOfFile | 0x0 | 0x4ef4bc | 0xef204 | 0xe6c04 | 0x0 |
ReadFile | 0x0 | 0x4ef4c0 | 0xef208 | 0xe6c08 | 0x0 |
GetFileType | 0x0 | 0x4ef4c4 | 0xef20c | 0xe6c0c | 0x0 |
GetFileSize | 0x0 | 0x4ef4c8 | 0xef210 | 0xe6c10 | 0x0 |
CreateFileW | 0x0 | 0x4ef4cc | 0xef214 | 0xe6c14 | 0x0 |
GetStdHandle | 0x0 | 0x4ef4d0 | 0xef218 | 0xe6c18 | 0x0 |
CloseHandle | 0x0 | 0x4ef4d4 | 0xef21c | 0xe6c1c | 0x0 |
LoadLibraryA | 0x0 | 0x4ef4d8 | 0xef220 | 0xe6c20 | 0x0 |
TlsSetValue | 0x0 | 0x4ef4dc | 0xef224 | 0xe6c24 | 0x0 |
TlsGetValue | 0x0 | 0x4ef4e0 | 0xef228 | 0xe6c28 | 0x0 |
LocalFree | 0x0 | 0x4ef4e4 | 0xef22c | 0xe6c2c | 0x0 |
LocalAlloc | 0x0 | 0x4ef4e8 | 0xef230 | 0xe6c30 | 0x0 |
WaitForSingleObject | 0x0 | 0x4ef4ec | 0xef234 | 0xe6c34 | 0x0 |
WaitForMultipleObjects | 0x0 | 0x4ef4f0 | 0xef238 | 0xe6c38 | 0x0 |
VirtualQueryEx | 0x0 | 0x4ef4f4 | 0xef23c | 0xe6c3c | 0x0 |
VirtualProtect | 0x0 | 0x4ef4f8 | 0xef240 | 0xe6c40 | 0x0 |
VerSetConditionMask | 0x0 | 0x4ef4fc | 0xef244 | 0xe6c44 | 0x0 |
VerifyVersionInfoW | 0x0 | 0x4ef500 | 0xef248 | 0xe6c48 | 0x0 |
SuspendThread | 0x0 | 0x4ef504 | 0xef24c | 0xe6c4c | 0x0 |
SizeofResource | 0x0 | 0x4ef508 | 0xef250 | 0xe6c50 | 0x0 |
SetThreadPriority | 0x0 | 0x4ef50c | 0xef254 | 0xe6c54 | 0x0 |
SetLastError | 0x0 | 0x4ef510 | 0xef258 | 0xe6c58 | 0x0 |
SetFileAttributesW | 0x0 | 0x4ef514 | 0xef25c | 0xe6c5c | 0x0 |
SetEvent | 0x0 | 0x4ef518 | 0xef260 | 0xe6c60 | 0x0 |
SetErrorMode | 0x0 | 0x4ef51c | 0xef264 | 0xe6c64 | 0x0 |
ResumeThread | 0x0 | 0x4ef520 | 0xef268 | 0xe6c68 | 0x0 |
ResetEvent | 0x0 | 0x4ef524 | 0xef26c | 0xe6c6c | 0x0 |
ReleaseMutex | 0x0 | 0x4ef528 | 0xef270 | 0xe6c70 | 0x0 |
QueryPerformanceFrequency | 0x0 | 0x4ef52c | 0xef274 | 0xe6c74 | 0x0 |
QueryPerformanceCounter | 0x0 | 0x4ef530 | 0xef278 | 0xe6c78 | 0x0 |
OpenMutexW | 0x0 | 0x4ef534 | 0xef27c | 0xe6c7c | 0x0 |
MoveFileExW | 0x0 | 0x4ef538 | 0xef280 | 0xe6c80 | 0x0 |
LockResource | 0x0 | 0x4ef53c | 0xef284 | 0xe6c84 | 0x0 |
LoadResource | 0x0 | 0x4ef540 | 0xef288 | 0xe6c88 | 0x0 |
LoadLibraryW | 0x0 | 0x4ef544 | 0xef28c | 0xe6c8c | 0x0 |
HeapFree | 0x0 | 0x4ef548 | 0xef290 | 0xe6c90 | 0x0 |
HeapDestroy | 0x0 | 0x4ef54c | 0xef294 | 0xe6c94 | 0x0 |
HeapCreate | 0x0 | 0x4ef550 | 0xef298 | 0xe6c98 | 0x0 |
HeapAlloc | 0x0 | 0x4ef554 | 0xef29c | 0xe6c9c | 0x0 |
GetVolumeInformationW | 0x0 | 0x4ef558 | 0xef2a0 | 0xe6ca0 | 0x0 |
GetVersionExW | 0x0 | 0x4ef55c | 0xef2a4 | 0xe6ca4 | 0x0 |
GetUserDefaultLangID | 0x0 | 0x4ef560 | 0xef2a8 | 0xe6ca8 | 0x0 |
GetUserDefaultLCID | 0x0 | 0x4ef564 | 0xef2ac | 0xe6cac | 0x0 |
GetThreadTimes | 0x0 | 0x4ef568 | 0xef2b0 | 0xe6cb0 | 0x0 |
GetThreadPriority | 0x0 | 0x4ef56c | 0xef2b4 | 0xe6cb4 | 0x0 |
GetThreadLocale | 0x0 | 0x4ef570 | 0xef2b8 | 0xe6cb8 | 0x0 |
GetSystemTimes | 0x0 | 0x4ef574 | 0xef2bc | 0xe6cbc | 0x0 |
GetSystemDefaultLangID | 0x0 | 0x4ef578 | 0xef2c0 | 0xe6cc0 | 0x0 |
GetSystemDefaultLCID | 0x0 | 0x4ef57c | 0xef2c4 | 0xe6cc4 | 0x0 |
GetProcessTimes | 0x0 | 0x4ef580 | 0xef2c8 | 0xe6cc8 | 0x0 |
GetLocalTime | 0x0 | 0x4ef584 | 0xef2cc | 0xe6ccc | 0x0 |
GetFullPathNameW | 0x0 | 0x4ef588 | 0xef2d0 | 0xe6cd0 | 0x0 |
GetFileAttributesW | 0x0 | 0x4ef58c | 0xef2d4 | 0xe6cd4 | 0x0 |
GetExitCodeThread | 0x0 | 0x4ef590 | 0xef2d8 | 0xe6cd8 | 0x0 |
GetDriveTypeW | 0x0 | 0x4ef594 | 0xef2dc | 0xe6cdc | 0x0 |
GetDiskFreeSpaceW | 0x0 | 0x4ef598 | 0xef2e0 | 0xe6ce0 | 0x0 |
GetDateFormatW | 0x0 | 0x4ef59c | 0xef2e4 | 0xe6ce4 | 0x0 |
GetCurrentThread | 0x0 | 0x4ef5a0 | 0xef2e8 | 0xe6ce8 | 0x0 |
GetCurrentProcessId | 0x0 | 0x4ef5a4 | 0xef2ec | 0xe6cec | 0x0 |
GetCurrentProcess | 0x0 | 0x4ef5a8 | 0xef2f0 | 0xe6cf0 | 0x0 |
GetComputerNameA | 0x0 | 0x4ef5ac | 0xef2f4 | 0xe6cf4 | 0x0 |
GetCPInfoExW | 0x0 | 0x4ef5b0 | 0xef2f8 | 0xe6cf8 | 0x0 |
GetCPInfo | 0x0 | 0x4ef5b4 | 0xef2fc | 0xe6cfc | 0x0 |
FreeResource | 0x0 | 0x4ef5b8 | 0xef300 | 0xe6d00 | 0x0 |
InterlockedCompareExchange | 0x0 | 0x4ef5bc | 0xef304 | 0xe6d04 | 0x0 |
FormatMessageW | 0x0 | 0x4ef5c0 | 0xef308 | 0xe6d08 | 0x0 |
FindResourceW | 0x0 | 0x4ef5c4 | 0xef30c | 0xe6d0c | 0x0 |
FindNextFileW | 0x0 | 0x4ef5c8 | 0xef310 | 0xe6d10 | 0x0 |
ExpandEnvironmentStringsW | 0x0 | 0x4ef5cc | 0xef314 | 0xe6d14 | 0x0 |
EnumSystemLocalesW | 0x0 | 0x4ef5d0 | 0xef318 | 0xe6d18 | 0x0 |
EnumCalendarInfoW | 0x0 | 0x4ef5d4 | 0xef31c | 0xe6d1c | 0x0 |
DeleteFileW | 0x0 | 0x4ef5d8 | 0xef320 | 0xe6d20 | 0x0 |
CreateProcessW | 0x0 | 0x4ef5dc | 0xef324 | 0xe6d24 | 0x0 |
CreateMutexW | 0x0 | 0x4ef5e0 | 0xef328 | 0xe6d28 | 0x0 |
CreateEventW | 0x0 | 0x4ef5e4 | 0xef32c | 0xe6d2c | 0x0 |
ole32.dll (2)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
CoUninitialize | 0x0 | 0x4ef5ec | 0xef334 | 0xe6d34 | 0x0 |
CoInitialize | 0x0 | 0x4ef5f0 | 0xef338 | 0xe6d38 | 0x0 |
shell32.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
SHGetSpecialFolderPathW | 0x0 | 0x4ef5f8 | 0xef340 | 0xe6d40 | 0x0 |
wsock32.dll (5)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
WSACleanup | 0x0 | 0x4ef600 | 0xef348 | 0xe6d48 | 0x0 |
WSAStartup | 0x0 | 0x4ef604 | 0xef34c | 0xe6d4c | 0x0 |
gethostname | 0x0 | 0x4ef608 | 0xef350 | 0xe6d50 | 0x0 |
gethostbyname | 0x0 | 0x4ef60c | 0xef354 | 0xe6d54 | 0x0 |
inet_ntoa | 0x0 | 0x4ef610 | 0xef358 | 0xe6d58 | 0x0 |
netapi32.dll (2)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
NetShareEnum | 0x0 | 0x4ef618 | 0xef360 | 0xe6d60 | 0x0 |
NetApiBufferFree | 0x0 | 0x4ef61c | 0xef364 | 0xe6d64 | 0x0 |
Exports (1)
»
Api name | EAT Address | Ordinal |
---|---|---|
TMethodImplementationIntercept | 0x51450 | 0x1 |
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\MuA3C6WI.vbs | Created File | Text |
Suspicious
|
...
|
»
YARA Matches
»
Rule Name | Rule Description | Classification | Severity | Actions |
---|---|---|---|---|
VBA_Execution_Commands | VBA macro may execute files or system commands | - |
3/5
|
...
|
C:\Users\CIiHmnxMn6Ps\Documents\B2HRjnj Cy6A-H dgdys.pdf | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\CIiHmnxMn6Ps\Pictures\V_-s9qc7fmZDb\-omfRXhku4HtqHef7\k-jt3_fF8Y22f3ge\cDSWR2OIb8.jpg | Modified File | Stream |
Unknown
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\bin\javaw.exe | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\CIiHmnxMn6Ps\Pictures\V_-s9qc7fmZDb\-omfRXhku4HtqHef7\k-jt3_fF8Y22f3ge\FqTQKxshtz5\r4_0oc9EnjRh.jpg | Modified File | Stream |
Unknown
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\cmm\GRAY.pf | Modified File | Compressed |
Unknown
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\cmm\sRGB.pf | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\CIiHmnxMn6Ps\Documents\uTLPAIPSplyVaoV88\sQcpe7y_e37kKQ 1S.ods | Modified File | Stream |
Unknown
|
...
|
»
C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Locales\hu.pak | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\CIiHmnxMn6Ps\Documents\IHepA6qmtTk6v8 rtu\xg45.xls | Modified File | Stream |
Unknown
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\deploy\messages_it.properties | Modified File | Stream |
Unknown
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\deploy\messages_sv.properties | Modified File | Stream |
Unknown
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\ext\sunpkcs11.jar | Modified File | Stream |
Unknown
|
...
|
»
C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Locales\it.pak | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Locales\th.pak | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\flavormap.properties | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\deploy\ffjcext.zip | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\cert8.db | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\bin\javacpl.exe | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_200_percent.pak | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\images\cursors\win32_MoveDrop32x32.gif | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Installer\chrome.7z | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\net.properties | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Locales\en-GB.pak | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\calendars.properties | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome.exe.sig | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\Documents\_t6aWhRfJ2C7a_e5.pdf | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\deploy\messages_fr.properties | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\bin\orbd.exe | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Locales\es.pak | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Locales\bn.pak | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\ext\sunec.jar | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\bin\klist.exe | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\previews_opt_out.db | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\deploy.jar | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\images\cursors\win32_LinkDrop32x32.gif | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Locales\uk.pak | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\bin\ktab.exe | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Locales\vi.pak | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Installer\setup.exe | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\VisualElements\logo.png | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Locales\fa.pak | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\Pictures\V_-s9qc7fmZDb\-omfRXhku4HtqHef7\k-jt3_fF8Y22f3ge\ctKhzFxQrBX.jpg | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\plugin.jar | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\accessibility.properties | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\Pictures\V_-s9qc7fmZDb\sUjiIGFw8gHqMQ5uJmO.jpg | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\deploy\messages_zh_HK.properties | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Locales\de.pak | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\jfr\profile.jfc | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\fonts\LucidaBrightItalic.ttf | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Locales\nb.pak | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\Documents\uTLPAIPSplyVaoV88\gzgG b o3c.ods | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\cmm\LINEAR_RGB.pf | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Locales\en-US.pak | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\management\snmp.acl.template | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\deploy\messages_de.properties | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Locales\gu.pak | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\Pictures\V_-s9qc7fmZDb\-omfRXhku4HtqHef7\k-jt3_fF8Y22f3ge\FqTQKxshtz5\95MYVGF5_rM.jpg | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\deploy\messages_ja.properties | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\Documents\IHepA6qmtTk6v8 rtu\5QVKTwqSooul.docx | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\Documents\5A-3b.xlsx | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\meta-index | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\images\cursors\cursors.properties | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\deploy\splash@2x.gif | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\default_apps\gmail.crx | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\cookies.sqlite | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\Documents\uTLPAIPSplyVaoV88\sZ-mvJRFLSQGLSr.pdf | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Locales\da.pak | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\ext\meta-index | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\bin\pack200.exe | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\bin\javaws.exe | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\classlist | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\THIRDPARTYLICENSEREADME-JAVAFX.txt | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\Documents\FiKLlYoo j5ePOAA.odt | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\deploy\messages.properties | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\bin\kinit.exe | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\bin\tnameserv.exe | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\bin\javacpl.cpl | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\kinto.sqlite | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\snapshot_blob.bin | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\VisualElements\smalllogocanary.png | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\deploy\splash.gif | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\default_apps\docs.crx | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\fonts\LucidaBrightDemiBold.ttf | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\bin\java.exe | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\security\java.security | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\Pictures\cQep-2gcU8N-eLTI1k\FHEJii.jpg | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\bin\rmiregistry.exe | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\bin\servertool.exe | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\bin\keytool.exe | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\default_apps\external_extensions.json | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\jfr\default.jfc | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\key3.db | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Installer\chrmstp.exe | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Locales\ml.pak | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_100_percent.pak | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\images\cursors\win32_CopyNoDrop32x32.gif | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Extensions\external_extensions.json | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Locales\tr.pak | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\Documents\IHepA6qmtTk6v8 rtu\wqHfuxshMYQlz.odt | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Locales\bg.pak | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Locales\el.pak | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\bin\rmid.exe | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\psfontj2d.properties | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Locales\et.pak | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Locales\he.pak | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\webappsstore.sqlite | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\security\cacerts | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\Pictures\n94BTv1wcjugrAM5GRY9.jpg | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Document Building Blocks\1033\16\Built-In Building Blocks.dotx | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\content-types.properties | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Locales\sk.pak | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\Documents\uTLPAIPSplyVaoV88\4ueyApzjR.pdf | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\bin\policytool.exe | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\Pictures\V_-s9qc7fmZDb\zHUFhJqrOM5gMx575z_\t2vg0Qz0z6T.jpg | Modified File | Compressed |
Not Queried
|
...
|
»
C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Locales\fr.pak | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\Documents\uTLPAIPSplyVaoV88\DHBFRkC0Y1s_1InoiwZ.docx | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Locales\sr.pak | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\security\java.policy | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\release | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\VisualElements\smalllogo.png | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\fonts\LucidaSansDemiBold.ttf | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\jsse.jar | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\Documents\L2 LL5CzSzHg0d.docx | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\default_apps\drive.crx | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\resources.jar | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\fonts\LucidaSansRegular.ttf | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\jfxswt.jar | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\deploy\messages_zh_CN.properties | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\0wJchQcNkFvmoOWLqz.jpg | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Locales\id.pak | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\OfflineCache\index.sqlite | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Locales\lt.pak | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\charsets.jar | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\ext\sunjce_provider.jar | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\fonts\LucidaTypewriterRegular.ttf | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Locales\pt-BR.pak | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\Documents\FEPhIIgzp.xlsx | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\management-agent.jar | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\deploy\splash_11@2x-lic.gif | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome.dll.sig | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Locales\ms.pak | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\bin\unpack200.exe | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Locales\pt-PT.pak | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\ext\nashorn.jar | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\secmod.db | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\Pictures\V_-s9qc7fmZDb\-omfRXhku4HtqHef7\k-jt3_fF8Y22f3ge\FkQKXs7m2F.jpg | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\psfont.properties.ja | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\jce.jar | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\64ViLky MJ-FbLZtty.xls | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Locales\ca.pak | Modified File | Compressed |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\images\cursors\invalid32x32.gif | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\jfr.jar | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\security\blacklisted.certs | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\Documents\FAlPf1_iqLEidMEN4F.docx | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\Pictures\V_-s9qc7fmZDb\-omfRXhku4HtqHef7\k-jt3_fF8Y22f3ge\3PnXkAK4_WoRrsR.jpg | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\moz-safe-about+home\idb\818200132aebmoouht.sqlite | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\2M-Nd j92CbW7ShqCq.xls | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\Documents\IHepA6qmtTk6v8 rtu\54Z4PLTGEqndqiz3l.ods | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\bin\jabswitch.exe | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\bin\ssvagent.exe | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\logging.properties | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\bin\server\Xusage.txt | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll.sig | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\places.sqlite | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\images\cursors\win32_LinkNoDrop32x32.gif | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\COPYRIGHT | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files (x86)\Mozilla Firefox\freebl3.chk | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\THIRDPARTYLICENSEREADME.txt | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Locales\te.pak | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\images\cursors\win32_MoveNoDrop32x32.gif | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\Welcome.html | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\sound.properties | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\security\javaws.policy | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\formhistory.sqlite | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\ext\access-bridge-64.jar | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\ext\cldrdata.jar | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\Documents\j1_seNfY9YsSPrO.xlsx | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\Documents\qeYwSL.docx | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\deploy\messages_ko.properties | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\security\local_policy.jar | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\LICENSE | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\permissions.sqlite | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\ext\zipfs.jar | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\Pictures\cQep-2gcU8N-eLTI1k\WVY4HBl.jpg | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files (x86)\Mozilla Firefox\application.ini | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Locales\sv.pak | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\management\management.properties | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\ext\dnsns.jar | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\Documents\uTLPAIPSplyVaoV88\1otVYv2w1PnUvoA.xls | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\fontconfig.properties.src | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\bin\java-rmi.exe | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\Documents\pA4DlvvotSqCLQb.xlsx | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\ext\localedata.jar | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Locales\lv.pak | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\cmm\PYCC.pf | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\management\jmxremote.access | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\bin\jjs.exe | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\fonts\LucidaBrightRegular.ttf | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\deploy\splash_11-lic.gif | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Locales\kn.pak | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Locales\ko.pak | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\icudtl.dat | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\content-prefs.sqlite | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\Documents\Database1.accdb | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\security\US_export_policy.jar | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Locales\am.pak | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\Documents\kAZBkdhribwEPz- GM.docx | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Locales\hi.pak | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\amd64\jvm.cfg | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\tzmappings | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\images\cursors\win32_CopyDrop32x32.gif | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\bin\jp2launcher.exe | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage.sqlite | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Locales\ro.pak | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\Documents\5UC29z.xlsx | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\Documents\QiIJIhuAAuEZBbLqKHJ6.pdf | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\Documents\cXulwEpXFuX3h8kmE.docx | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files (x86)\Google\Chrome\Application\SetupMetrics\20170524140843.pma | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\README.txt | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\currency.data | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\fonts\LucidaTypewriterBold.ttf | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files (x86)\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\javafx.properties | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\ext\jaccess.jar | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Access\AccessCache.accdb | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\Documents\uTLPAIPSplyVaoV88\vi3pXsOlMjGV.doc | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Locales\ru.pak | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\Documents\uTLPAIPSplyVaoV88\EM8H.doc | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Locales\nl.pak | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Locales\fil.pak | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\cmm\CIEXYZ.pf | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\deploy\messages_es.properties | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\ext\sunmscapi.jar | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\deploy\messages_pt_BR.properties | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\jvm.hprof.txt | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\security\blacklist | Modified File | Stream |
Not Queried
|
...
|
»
C:\Program Files\Java\jre1.8.0_131\lib\fonts\LucidaBrightDemiItalic.ttf | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\Desktop\elog_460F9943EA70F103.txt | Created File | Text |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\Desktop\elog_460F9943EA70F103.txt | Created File | Text |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\cKJ5Qstc.bat | Created File | Text |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\F7t5Hk0D.bmp | Created File | Image |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\Desktop\bad_460F9943EA70F103.txt | Created File | Text |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\Desktop\elog_460F9943EA70F103.txt | Created File | Text |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\Desktop\vRnqNMBW.bat | Created File | Text |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\Desktop\vIDhS3md.exe | Created File | Binary |
Not Queried
|
...
|
»
PE Information
»
Image Base | 0x400000 |
Entry Point | 0x475810 |
Size Of Code | 0x29000 |
Size Of Initialized Data | 0x1000 |
Size Of Uninitialized Data | 0x4c000 |
File Type | executable |
Subsystem | windows_cui |
Machine Type | i386 |
Compile Timestamp | 2017-12-10 21:18:46+00:00 |
Version Information (8)
»
LegalCopyright | Copyright (C) 1997-2017 Mark Russinovich |
InternalName | Nthandle |
FileVersion | 4.11 |
CompanyName | Sysinternals - www.sysinternals.com |
ProductName | Sysinternals Handle |
ProductVersion | 4.11 |
FileDescription | Handle viewer |
OriginalFilename | Nthandle.exe |
Sections (3)
»
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
UPX0 | 0x401000 | 0x4c000 | 0x0 | 0x400 | cnt_uninitialized_data, mem_execute, mem_read, mem_write | 0.0 |
UPX1 | 0x44d000 | 0x29000 | 0x28a00 | 0x400 | cnt_initialized_data, mem_execute, mem_read, mem_write | 7.93 |
.rsrc | 0x476000 | 0x1000 | 0x800 | 0x28e00 | cnt_initialized_data, mem_read, mem_write | 4.04 |
Imports (6)
»
ADVAPI32.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
RegOpenKeyW | 0x0 | 0x47666c | 0x7666c | 0x2946c | 0x0 |
COMDLG32.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
PrintDlgW | 0x0 | 0x476674 | 0x76674 | 0x29474 | 0x0 |
GDI32.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
EndDoc | 0x0 | 0x47667c | 0x7667c | 0x2947c | 0x0 |
KERNEL32.DLL (4)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
LoadLibraryA | 0x0 | 0x476684 | 0x76684 | 0x29484 | 0x0 |
ExitProcess | 0x0 | 0x476688 | 0x76688 | 0x29488 | 0x0 |
GetProcAddress | 0x0 | 0x47668c | 0x7668c | 0x2948c | 0x0 |
VirtualProtect | 0x0 | 0x476690 | 0x76690 | 0x29490 | 0x0 |
USER32.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
EndDialog | 0x0 | 0x476698 | 0x76698 | 0x29498 | 0x0 |
VERSION.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
VerQueryValueW | 0x0 | 0x4766a0 | 0x766a0 | 0x294a0 | 0x0 |
C:\Users\CIiHmnxMn6Ps\Desktop\elog_460F9943EA70F103.txt | Created File | Text |
Not Queried
|
...
|
»
C:\Users\CIiHmnxMn6Ps\Desktop\ALL_dmp.fldp | Created File | Stream |
Not Queried
|
...
|
»