5435f476...81bb | Files
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification:
Spyware
Dropper
Threat Names:
Gen:Variant.Razy.484160

uni.exe

Windows Exe (x86-32)

Created at 2020-01-28T20:25:00

...

Remarks (1/1)

(0x02000007): The operating system was rebooted during the analysis because the sample modified the master boot record (MBR).

Remarks

(0x0200001E): The maximum size of extracted files was exceeded. Some files may be missing in the report.

Master Boot Record Changes
»
Sector Number Sector Size Actions
2063 512 Bytes
...


Filters:
Filename Category Type Severity Actions
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\uni.exe Sample File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 156.00 KB
MD5 8116e91fec95489c642bd30a402960ba Copy to Clipboard
SHA1 fdb6f8c9e8487c06290efb68bec7617ff93bea2a Copy to Clipboard
SHA256 5435f4769f88fa3fb5f019d1788c78460fd974a3f1827e46d29d75c6fa5d81bb Copy to Clipboard
SSDeep 3072:vlqQsr2q0MSbpl/d6RfXpSWgIQROb2ODLx0lB+V7LAoeLNgJqtcQ:vPsr2q0MSbp+RfpXgFOXfV3kL Copy to Clipboard
ImpHash 45568e98a1cc4e7cd5f2271cf74bf160 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x4053f2
Size Of Code 0x6000
Size Of Initialized Data 0x22000
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2020-01-25 11:59:26+00:00
Version Information (8)
»
CompanyName Microsoft Corporation
FileDescription Microsoft Data Access - ActiveX Data Objects Resources
FileVersion 2.81.1117.0 (xpsp_sp2_rtm.040803-2158)
InternalName ADOER15
LegalCopyright © Microsoft Corporation. All rights reserved.
OriginalFilename msader15.dll
ProductName Microsoft Data Access Components
ProductVersion 2.81.1117.0
Sections (9)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x5662 0x6000 0x1000 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.16
.bdata 0x407000 0x2fde 0x3000 0x7000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.41
.data 0x40a000 0x222c 0x1000 0xa000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.04
.crt1 0x40d000 0x206d 0x3000 0xb000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 6.22
.reloc 0x410000 0x5918 0x6000 0xe000 IMAGE_SCN_TYPE_NOLOAD, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 7.55
X+y9UF 0x416000 0x6e23 0x7000 0x14000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 7.9
MIw0* 0x41d000 0x60d7 0x7000 0x1b000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 7.46
.rsrc 0x424000 0x3f60 0x4000 0x22000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 3.22
.reloc 0x428000 0x490 0x1000 0x26000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 2.46
Imports (11)
»
OLEAUT32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
VarCyFromUI4 0xe3 0x407080 0x9b68 0x9b68 -
GDI32.dll (7)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetDeviceGammaRamp 0x0 0x40701c 0x9b04 0x9b04 0x1cc
GetRasterizerCaps 0x0 0x407020 0x9b08 0x9b08 0x209
GetTextMetricsA 0x0 0x407024 0x9b0c 0x9b0c 0x225
GetBrushOrgEx 0x0 0x407028 0x9b10 0x9b10 0x1ad
LineTo 0x0 0x40702c 0x9b14 0x9b14 0x236
GetSystemPaletteUse 0x0 0x407030 0x9b18 0x9b18 0x213
GetRandomRgn 0x0 0x407034 0x9b1c 0x9b1c 0x208
msvcrt.dll (7)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
fwprintf 0x0 0x4070dc 0x9bc4 0x9bc4 0x4af
fwrite 0x0 0x4070e0 0x9bc8 0x9bc8 0x4b1
fseek 0x0 0x4070e4 0x9bcc 0x9bcc 0x4ac
towupper 0x0 0x4070e8 0x9bd0 0x9bd0 0x53c
memset 0x0 0x4070ec 0x9bd4 0x9bd4 0x4ee
system 0x0 0x4070f0 0x9bd8 0x9bd8 0x531
malloc 0x0 0x4070f4 0x9bdc 0x9bdc 0x4de
POWRPROF.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
IsPwrHibernateAllowed 0x0 0x407088 0x9b70 0x9b70 0xf
USER32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
LoadMenuA 0x0 0x4070a0 0x9b88 0x9b88 0x1f4
GetKeyboardLayoutNameW 0x0 0x4070a4 0x9b8c 0x9b8c 0x141
DrawTextW 0x0 0x4070a8 0x9b90 0x9b90 0xd0
CountClipboardFormats 0x0 0x4070ac 0x9b94 0x9b94 0x56
IsCharLowerA 0x0 0x4070b0 0x9b98 0x9b98 0x1c5
ToUnicode 0x0 0x4070b4 0x9b9c 0x9b9c 0x2f3
GetTopWindow 0x0 0x4070b8 0x9ba0 0x9ba0 0x185
IsZoomed 0x0 0x4070bc 0x9ba4 0x9ba4 0x1e2
GetMenuDefaultItem 0x0 0x4070c0 0x9ba8 0x9ba8 0x14f
GetMenuItemID 0x0 0x4070c4 0x9bac 0x9bac 0x152
GetWindowRect 0x0 0x4070c8 0x9bb0 0x9bb0 0x19c
DialogBoxParamW 0x0 0x4070cc 0x9bb4 0x9bb4 0xac
KERNEL32.dll (16)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetVolumeInformationA 0x0 0x40703c 0x9b24 0x9b24 0x2a5
Sleep 0x0 0x407040 0x9b28 0x9b28 0x4b2
GetQueuedCompletionStatus 0x0 0x407044 0x9b2c 0x9b2c 0x25e
lstrcpynW 0x0 0x407048 0x9b30 0x9b30 0x54b
lstrcmpiW 0x0 0x40704c 0x9b34 0x9b34 0x545
FindResourceExA 0x0 0x407050 0x9b38 0x9b38 0x14c
GetTempFileNameW 0x0 0x407054 0x9b3c 0x9b3c 0x283
GetDiskFreeSpaceExA 0x0 0x407058 0x9b40 0x9b40 0x1cd
GetConsoleFontSize 0x0 0x40705c 0x9b44 0x9b44 0x1a4
GetModuleFileNameA 0x0 0x407060 0x9b48 0x9b48 0x213
GetCommandLineW 0x0 0x407064 0x9b4c 0x9b4c 0x187
GetCPInfo 0x0 0x407068 0x9b50 0x9b50 0x172
TlsGetValue 0x0 0x40706c 0x9b54 0x9b54 0x4c7
ReleaseMutex 0x0 0x407070 0x9b58 0x9b58 0x3fa
GetProcessVersion 0x0 0x407074 0x9b5c 0x9b5c 0x253
GetModuleFileNameW 0x0 0x407078 0x9b60 0x9b60 0x214
COMDLG32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
FindTextW 0x0 0x407014 0x9afc 0x9afc 0x8
ADVAPI32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetTrusteeNameA 0x0 0x407000 0x9ae8 0x9ae8 0x160
GetSidLengthRequired 0x0 0x407004 0x9aec 0x9aec 0x156
GetLengthSid 0x0 0x407008 0x9af0 0x9af0 0x136
LookupPrivilegeDisplayNameW 0x0 0x40700c 0x9af4 0x9af4 0x193
SHLWAPI.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetMenuPosFromID 0x0 0x407090 0x9b78 0x9b78 0x13
Secur32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
FreeContextBuffer 0x0 0x407098 0x9b80 0x9b80 0x18
WININET.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
FindFirstUrlCacheEntryW 0x0 0x4070d4 0x9bbc 0x9bbc 0x19
Memory Dumps (28)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point AV YARA Actions
uni.exe 1 0x00400000 0x00428FFF Relevant Image True 32-bit 0x00406000 False False
...
buffer 1 0x00240000 0x00244FFF First Execution True 32-bit 0x00241F1A False False
...
uni.exe 1 0x00400000 0x00428FFF Content Changed True 32-bit 0x0040113A True False
...
uni.exe 1 0x00400000 0x00428FFF Content Changed True 32-bit 0x0040BD8E True False
...
uni.exe 1 0x00400000 0x00428FFF Content Changed True 32-bit 0x0040D03B True False
...
uni.exe 1 0x00400000 0x00428FFF Content Changed True 32-bit 0x0040EBA4 True False
...
uni.exe 1 0x00400000 0x00428FFF Content Changed True 32-bit 0x00402017 True False
...
buffer 1 0x003D0000 0x003E6FFF Image In Buffer True 32-bit - False False
...
buffer 1 0x00430000 0x00447FFF Marked Executable False 32-bit - False False
...
uni.exe 1 0x00400000 0x00428FFF Process Termination True 32-bit - True False
...
buffer 2 0x002D0000 0x002D4FFF First Execution True 32-bit 0x002D1F1A False False
...
uni.exe 2 0x00400000 0x00428FFF First Execution True 32-bit 0x0040113A True False
...
uni.exe 2 0x00400000 0x00428FFF Content Changed True 32-bit 0x0040BD8E True False
...
buffer 26 0x002D0000 0x002D4FFF First Execution True 32-bit 0x002D1F1A False False
...
uni.exe 26 0x00400000 0x00428FFF Content Changed True 32-bit 0x0040113A True False
...
uni.exe 26 0x00400000 0x00428FFF Content Changed True 32-bit 0x0040BD8E True False
...
buffer 2 0x002B0000 0x002C6FFF Image In Buffer True 32-bit - False False
...
buffer 2 0x002E0000 0x002F7FFF Marked Executable False 32-bit - False False
...
buffer 27 0x002D0000 0x002D4FFF First Execution True 32-bit 0x002D1F1A False False
...
uni.exe 27 0x00400000 0x00428FFF First Execution True 32-bit 0x0040113A True False
...
uni.exe 27 0x00400000 0x00428FFF Content Changed True 32-bit 0x0040BD8E True False
...
buffer 27 0x002B0000 0x002C6FFF Image In Buffer True 32-bit - False False
...
buffer 26 0x002B0000 0x002C6FFF Image In Buffer True 32-bit - False False
...
buffer 27 0x002E0000 0x002F7FFF Marked Executable False 32-bit - False False
...
buffer 71 0x001E0000 0x001E4FFF First Execution True 32-bit 0x001E1F1A False False
...
buffer 72 0x003D0000 0x003D4FFF First Execution True 32-bit 0x003D1F1A False False
...
buffer 72 0x00240000 0x00256FFF Image In Buffer True 32-bit - False False
...
buffer 71 0x001C0000 0x001D6FFF Image In Buffer True 32-bit - False False
...
C:\Windows\system32\wbem\WmiApSrv.exe:0 Dropped File Binary
Whitelisted
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 198.50 KB
MD5 38b84c94c5a8af291adfea478ae54f93 Copy to Clipboard
SHA1 858ac7b85f44b29b16cbbac3a26f78790eb4270c Copy to Clipboard
SHA256 1ac267ac73670bea5f3785c9ad9db146f8e993a862c843742b21fdb90d102b2a Copy to Clipboard
SSDeep 3072:8ux+K3HzuejYqsRQv7120Ly762B3at7VGpWnlkfNFA8w722J4h8e:8k++HiejY3RQv71xKq78w722Sh Copy to Clipboard
ImpHash 60258ff8adf15923ca3a6fc91dc62919 Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2013-03-20 15:43 (UTC+1)
Last Seen 2019-05-01 15:03 (UTC+2)
PE Information
»
Image Base 0x100000000
Entry Point 0x10001e338
Size Of Code 0x2c600
Size Of Initialized Data 0x5a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.amd64
Compile Timestamp 2009-07-13 23:47:44+00:00
Version Information (8)
»
CompanyName Microsoft Corporation
FileDescription WMI Performance Reverse Adapter
FileVersion 6.1.7600.16385 (win7_rtm.090713-1255)
InternalName WmiApSrv.exe
LegalCopyright © Microsoft Corporation. All rights reserved.
OriginalFilename WmiApSrv.exe
ProductName Microsoft® Windows® Operating System
ProductVersion 6.1.7600.16385
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x100001000 0x2c47d 0x2c600 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 5.91
.data 0x10002e000 0x2218 0x1a00 0x2ca00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.83
.pdata 0x100031000 0x2574 0x2600 0x2e400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.37
.rsrc 0x100034000 0x818 0xa00 0x30a00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 3.77
.reloc 0x100035000 0x51c 0x600 0x31400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 3.33
Imports (9)
»
ADVAPI32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegOpenKeyExW 0x0 0x100001000 0x29ca8 0x290a8 0x261
RegEnumKeyExW 0x0 0x100001008 0x29cb0 0x290b0 0x24f
RegDeleteKeyW 0x0 0x100001010 0x29cb8 0x290b8 0x244
RegCloseKey 0x0 0x100001018 0x29cc0 0x290c0 0x230
RegDeleteValueW 0x0 0x100001020 0x29cc8 0x290c8 0x248
RegCreateKeyExW 0x0 0x100001028 0x29cd0 0x290d0 0x239
RegSetValueExW 0x0 0x100001030 0x29cd8 0x290d8 0x27e
CloseServiceHandle 0x0 0x100001038 0x29ce0 0x290e0 0x57
OpenSCManagerW 0x0 0x100001040 0x29ce8 0x290e8 0x1f9
OpenServiceW 0x0 0x100001048 0x29cf0 0x290f0 0x1fb
QueryServiceConfigW 0x0 0x100001050 0x29cf8 0x290f8 0x224
QueryServiceStatus 0x0 0x100001058 0x29d00 0x29100 0x228
ConvertStringSecurityDescriptorToSecurityDescriptorW 0x0 0x100001060 0x29d08 0x29108 0x72
MakeAbsoluteSD 0x0 0x100001068 0x29d10 0x29110 0x1e0
InitializeSecurityDescriptor 0x0 0x100001070 0x29d18 0x29118 0x177
SetServiceStatus 0x0 0x100001078 0x29d20 0x29120 0x2c0
RegisterServiceCtrlHandlerW 0x0 0x100001080 0x29d28 0x29128 0x288
StartServiceCtrlDispatcherW 0x0 0x100001088 0x29d30 0x29130 0x2c8
CreateServiceW 0x0 0x100001090 0x29d38 0x29138 0x81
ChangeServiceConfig2W 0x0 0x100001098 0x29d40 0x29140 0x4e
ControlService 0x0 0x1000010a0 0x29d48 0x29148 0x5c
DeleteService 0x0 0x1000010a8 0x29d50 0x29150 0xda
RegEnumValueW 0x0 0x1000010b0 0x29d58 0x29158 0x252
RegOpenKeyW 0x0 0x1000010b8 0x29d60 0x29160 0x264
RegQueryValueExW 0x0 0x1000010c0 0x29d68 0x29168 0x26e
RegOpenCurrentUser 0x0 0x1000010c8 0x29d70 0x29170 0x25e
RegEnumKeyW 0x0 0x1000010d0 0x29d78 0x29178 0x250
RegQueryInfoKeyW 0x0 0x1000010d8 0x29d80 0x29180 0x268
KERNEL32.dll (65)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetCurrentThreadId 0x0 0x1000010e8 0x29d90 0x29190 0x1cb
CreateMutexW 0x0 0x1000010f0 0x29d98 0x29198 0x9e
CreateEventW 0x0 0x1000010f8 0x29da0 0x291a0 0x85
Sleep 0x0 0x100001100 0x29da8 0x291a8 0x4c0
GetModuleFileNameW 0x0 0x100001108 0x29db0 0x291b0 0x21a
GetModuleHandleW 0x0 0x100001110 0x29db8 0x291b8 0x21e
WaitForMultipleObjects 0x0 0x100001118 0x29dc0 0x291c0 0x506
UnmapViewOfFile 0x0 0x100001120 0x29dc8 0x291c8 0x4e5
lstrcmpW 0x0 0x100001128 0x29dd0 0x291d0 0x555
GetExitCodeProcess 0x0 0x100001130 0x29dd8 0x291d8 0x1e6
FlushViewOfFile 0x0 0x100001138 0x29de0 0x291e0 0x160
CreateFileMappingW 0x0 0x100001140 0x29de8 0x291e8 0x8c
MapViewOfFile 0x0 0x100001148 0x29df0 0x291f0 0x359
DeleteCriticalSection 0x0 0x100001150 0x29df8 0x291f8 0xd2
RaiseException 0x0 0x100001158 0x29e00 0x29200 0x3b4
MultiByteToWideChar 0x0 0x100001160 0x29e08 0x29208 0x369
FormatMessageW 0x0 0x100001168 0x29e10 0x29210 0x164
GetVersionExA 0x0 0x100001170 0x29e18 0x29218 0x2ab
OutputDebugStringA 0x0 0x100001178 0x29e20 0x29220 0x38b
ReleaseMutex 0x0 0x100001180 0x29e28 0x29228 0x3fd
LocalAlloc 0x0 0x100001188 0x29e30 0x29230 0x346
CompareStringW 0x0 0x100001190 0x29e38 0x29238 0x64
GetCommandLineW 0x0 0x100001198 0x29e40 0x29240 0x18d
HeapSetInformation 0x0 0x1000011a0 0x29e48 0x29248 0x2db
EnterCriticalSection 0x0 0x1000011a8 0x29e50 0x29250 0xf2
SetEvent 0x0 0x1000011b0 0x29e58 0x29258 0x467
ResetEvent 0x0 0x1000011b8 0x29e60 0x29260 0x412
LocalFree 0x0 0x1000011c0 0x29e68 0x29268 0x34a
InitializeCriticalSection 0x0 0x1000011c8 0x29e70 0x29270 0x2ea
GetLastError 0x0 0x1000011d0 0x29e78 0x29278 0x208
GetCurrentProcess 0x0 0x1000011d8 0x29e80 0x29280 0x1c6
SwitchToThread 0x0 0x1000011e0 0x29e88 0x29288 0x4ca
ReleaseSemaphore 0x0 0x1000011e8 0x29e90 0x29290 0x401
WaitForSingleObject 0x0 0x1000011f0 0x29e98 0x29298 0x508
GetVersionExW 0x0 0x1000011f8 0x29ea0 0x292a0 0x2ac
GetLocaleInfoW 0x0 0x100001200 0x29ea8 0x292a8 0x20c
lstrlenA 0x0 0x100001208 0x29eb0 0x292b0 0x560
DeleteFileW 0x0 0x100001210 0x29eb8 0x292b8 0xd7
CreateFileW 0x0 0x100001218 0x29ec0 0x292c0 0x8f
WideCharToMultiByte 0x0 0x100001220 0x29ec8 0x292c8 0x520
WriteFile 0x0 0x100001228 0x29ed0 0x292d0 0x534
CreateDirectoryW 0x0 0x100001230 0x29ed8 0x292d8 0x81
MoveFileExW 0x0 0x100001238 0x29ee0 0x292e0 0x362
OpenEventW 0x0 0x100001240 0x29ee8 0x292e8 0x377
GetProcAddress 0x0 0x100001248 0x29ef0 0x292f0 0x24c
SetLastError 0x0 0x100001250 0x29ef8 0x292f8 0x480
GetSystemDirectoryW 0x0 0x100001258 0x29f00 0x29300 0x277
OpenProcess 0x0 0x100001260 0x29f08 0x29308 0x382
FreeLibrary 0x0 0x100001268 0x29f10 0x29310 0x168
GetSystemDefaultLangID 0x0 0x100001270 0x29f18 0x29318 0x273
ExpandEnvironmentStringsW 0x0 0x100001278 0x29f20 0x29320 0x123
LoadLibraryW 0x0 0x100001280 0x29f28 0x29328 0x341
UnhandledExceptionFilter 0x0 0x100001288 0x29f30 0x29330 0x4e2
TerminateProcess 0x0 0x100001290 0x29f38 0x29338 0x4ce
lstrlenW 0x0 0x100001298 0x29f40 0x29340 0x561
LeaveCriticalSection 0x0 0x1000012a0 0x29f48 0x29348 0x33b
TryEnterCriticalSection 0x0 0x1000012a8 0x29f50 0x29350 0x4dc
CreateSemaphoreW 0x0 0x1000012b0 0x29f58 0x29358 0xae
CloseHandle 0x0 0x1000012b8 0x29f60 0x29360 0x52
GetStartupInfoW 0x0 0x1000012c0 0x29f68 0x29368 0x26a
SetUnhandledExceptionFilter 0x0 0x1000012c8 0x29f70 0x29370 0x4b3
QueryPerformanceCounter 0x0 0x1000012d0 0x29f78 0x29378 0x3a9
GetTickCount 0x0 0x1000012d8 0x29f80 0x29380 0x29a
GetCurrentProcessId 0x0 0x1000012e0 0x29f88 0x29388 0x1c7
GetSystemTimeAsFileTime 0x0 0x1000012e8 0x29f90 0x29390 0x280
USER32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CharNextW 0x0 0x100001358 0x2a000 0x29400 0x31
LoadStringW 0x0 0x100001360 0x2a008 0x29408 0x1fe
msvcrt.dll (55)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_unlock 0x0 0x100001388 0x2a030 0x29430 0x330
??1type_info@@UEAA@XZ 0x0 0x100001390 0x2a038 0x29438 0x12
__set_app_type 0x0 0x100001398 0x2a040 0x29440 0x80
_fmode 0x0 0x1000013a0 0x2a048 0x29448 0x118
_vsnwprintf 0x0 0x1000013a8 0x2a050 0x29450 0x358
wcsrchr 0x0 0x1000013b0 0x2a058 0x29458 0x4fe
memmove_s 0x0 0x1000013b8 0x2a060 0x29460 0x483
strlen 0x0 0x1000013c0 0x2a068 0x29468 0x4b8
??0exception@@QEAA@XZ 0x0 0x1000013c8 0x2a070 0x29470 0xd
??0exception@@QEAA@AEBQEBD@Z 0x0 0x1000013d0 0x2a078 0x29478 0xa
memcpy_s 0x0 0x1000013d8 0x2a080 0x29480 0x481
realloc 0x0 0x1000013e0 0x2a088 0x29488 0x497
_wtol 0x0 0x1000013e8 0x2a090 0x29490 0x3f7
_wcsicmp 0x0 0x1000013f0 0x2a098 0x29498 0x379
__dllonexit 0x0 0x1000013f8 0x2a0a0 0x294a0 0x6d
wcschr 0x0 0x100001400 0x2a0a8 0x294a8 0x4ef
__CxxFrameHandler3 0x0 0x100001408 0x2a0b0 0x294b0 0x57
_commode 0x0 0x100001410 0x2a0b8 0x294b8 0xc4
__setusermatherr 0x0 0x100001418 0x2a0c0 0x294c0 0x82
_amsg_exit 0x0 0x100001420 0x2a0c8 0x294c8 0xa0
_initterm 0x0 0x100001428 0x2a0d0 0x294d0 0x16c
_acmdln 0x0 0x100001430 0x2a0d8 0x294d8 0x94
exit 0x0 0x100001438 0x2a0e0 0x294e0 0x420
_cexit 0x0 0x100001440 0x2a0e8 0x294e8 0xb3
_ismbblead 0x0 0x100001448 0x2a0f0 0x294f0 0x188
_exit 0x0 0x100001450 0x2a0f8 0x294f8 0xff
_XcptFilter 0x0 0x100001458 0x2a100 0x29500 0x52
__C_specific_handler 0x0 0x100001460 0x2a108 0x29508 0x53
__getmainargs 0x0 0x100001468 0x2a110 0x29510 0x71
_callnewh 0x0 0x100001470 0x2a118 0x29518 0xb1
_lock 0x0 0x100001478 0x2a120 0x29520 0x1d5
_onexit 0x0 0x100001480 0x2a128 0x29528 0x27f
?terminate@@YAXXZ 0x0 0x100001488 0x2a130 0x29530 0x30
wcscspn 0x0 0x100001490 0x2a138 0x29538 0x4f4
memcpy 0x0 0x100001498 0x2a140 0x29540 0x480
iswspace 0x0 0x1000014a0 0x2a148 0x29548 0x466
atol 0x0 0x1000014a8 0x2a150 0x29550 0x40f
wcscoll 0x0 0x1000014b0 0x2a158 0x29558 0x4f1
memmove 0x0 0x1000014b8 0x2a160 0x29560 0x482
wcsspn 0x0 0x1000014c0 0x2a168 0x29568 0x501
iswdigit 0x0 0x1000014c8 0x2a170 0x29570 0x461
wcspbrk 0x0 0x1000014d0 0x2a178 0x29578 0x4fd
wcsstr 0x0 0x1000014d8 0x2a180 0x29580 0x502
_wcsupr 0x0 0x1000014e0 0x2a188 0x29588 0x394
malloc 0x0 0x1000014e8 0x2a190 0x29590 0x474
memset 0x0 0x1000014f0 0x2a198 0x29598 0x484
free 0x0 0x1000014f8 0x2a1a0 0x295a0 0x43a
??0exception@@QEAA@AEBQEBDH@Z 0x0 0x100001500 0x2a1a8 0x295a8 0xb
?what@exception@@UEBAPEBDXZ 0x0 0x100001508 0x2a1b0 0x295b0 0x32
??1exception@@UEAA@XZ 0x0 0x100001510 0x2a1b8 0x295b8 0x11
??0exception@@QEAA@AEBV0@@Z 0x0 0x100001518 0x2a1c0 0x295c0 0xc
_CxxThrowException 0x0 0x100001520 0x2a1c8 0x295c8 0x4c
_wcslwr 0x0 0x100001528 0x2a1d0 0x295d0 0x37d
_wcsrev 0x0 0x100001530 0x2a1d8 0x295d8 0x389
_wtoi 0x0 0x100001538 0x2a1e0 0x295e0 0x3f3
ntdll.dll (9)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RtlLookupFunctionEntry 0x0 0x100001548 0x2a1f0 0x295f0 0x401
NtQuerySecurityObject 0x0 0x100001550 0x2a1f8 0x295f8 0x1a5
RtlGetOwnerSecurityDescriptor 0x0 0x100001558 0x2a200 0x29600 0x379
RtlEqualSid 0x0 0x100001560 0x2a208 0x29608 0x31d
RtlGetDaclSecurityDescriptor 0x0 0x100001568 0x2a210 0x29610 0x35f
RtlGetAce 0x0 0x100001570 0x2a218 0x29618 0x353
RtlCaptureContext 0x0 0x100001578 0x2a220 0x29620 0x27b
NtQueryObject 0x0 0x100001580 0x2a228 0x29628 0x19d
RtlVirtualUnwind 0x0 0x100001588 0x2a230 0x29630 0x4f0
OLEAUT32.dll (11)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SafeArrayUnaccessData 0x18 0x1000012f8 0x29fa0 0x293a0 -
SafeArrayGetLBound 0x14 0x100001300 0x29fa8 0x293a8 -
SafeArrayAccessData 0x17 0x100001308 0x29fb0 0x293b0 -
SysFreeString 0x6 0x100001310 0x29fb8 0x293b8 -
SysAllocString 0x2 0x100001318 0x29fc0 0x293c0 -
SysStringLen 0x7 0x100001320 0x29fc8 0x293c8 -
VariantChangeType 0xc 0x100001328 0x29fd0 0x293d0 -
VariantClear 0x9 0x100001330 0x29fd8 0x293d8 -
SafeArrayDestroy 0x10 0x100001338 0x29fe0 0x293e0 -
SafeArrayGetUBound 0x13 0x100001340 0x29fe8 0x293e8 -
SysAllocStringLen 0x4 0x100001348 0x29ff0 0x293f0 -
ole32.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CoCreateInstance 0x0 0x100001598 0x2a240 0x29640 0x14
CoInitializeEx 0x0 0x1000015a0 0x2a248 0x29648 0x43
CoUninitialize 0x0 0x1000015a8 0x2a250 0x29650 0x70
CoFreeUnusedLibraries 0x0 0x1000015b0 0x2a258 0x29658 0x21
CoInitializeSecurity 0x0 0x1000015b8 0x2a260 0x29660 0x44
CoSetProxyBlanket 0x0 0x1000015c0 0x2a268 0x29668 0x67
wbemcomn.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
?Throttle@@YAJKKKKK@Z 0x0 0x1000015d0 0x2a278 0x29678 0x478
??0CStaticCritSec@@QEAA@XZ 0x0 0x1000015d8 0x2a280 0x29680 0x5f
??1CStaticCritSec@@QEAA@XZ 0x0 0x1000015e0 0x2a288 0x29688 0xcc
?anyFailure@CStaticCritSec@@SAHXZ 0x0 0x1000015e8 0x2a290 0x29690 0x4d2
loadperf.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
LoadPerfCounterTextStringsW 0x0 0x100001370 0x2a018 0x29418 0x4
UnloadPerfCounterTextStringsW 0x0 0x100001378 0x2a020 0x29420 0xb
Exports (191)
»
Api name EAT Address Ordinal
??0CHPtrArray@@QEAA@XZ 0x1d780 0x1
??0CHString@@QEAA@AEBV0@@Z 0x1c254 0x2
??0CHString@@QEAA@GH@Z 0x1c0a0 0x3
??0CHString@@QEAA@PEBD@Z 0x1c160 0x4
??0CHString@@QEAA@PEBE@Z 0x19010 0x5
??0CHString@@QEAA@PEBG@Z 0x1c1e0 0x6
??0CHString@@QEAA@PEBGH@Z 0x1c100 0x7
??0CHString@@QEAA@XZ 0x1c08c 0x8
??0CHStringArray@@QEAA@XZ 0x1d780 0x9
??0CRegistry@@QEAA@AEBV0@@Z 0x192c0 0xa
??0CRegistry@@QEAA@XZ 0x1951c 0xb
??0CRegistrySearch@@QEAA@AEBV0@@Z 0x1947c 0xc
??0CRegistrySearch@@QEAA@XZ 0x1aad8 0xd
??1CHPtrArray@@QEAA@XZ 0x1d798 0xe
??1CHString@@QEAA@XZ 0x1c308 0xf
??1CHStringArray@@QEAA@XZ 0x1d210 0x10
??1CRegistry@@QEAA@XZ 0x19578 0x11
??1CRegistrySearch@@QEAA@XZ 0x1aafc 0x12
??4CHPtrArray@@QEAAAEAV0@AEBV0@@Z 0x19238 0x13
??4CHString@@QEAAAEBV0@AEBV0@@Z 0x1c398 0x14
??4CHString@@QEAAAEBV0@D@Z 0x190fc 0x15
??4CHString@@QEAAAEBV0@G@Z 0x1c514 0x16
??4CHString@@QEAAAEBV0@PEAV0@@Z 0x190dc 0x17
??4CHString@@QEAAAEBV0@PEBD@Z 0x1c494 0x18
??4CHString@@QEAAAEBV0@PEBE@Z 0x190bc 0x19
??4CHString@@QEAAAEBV0@PEBG@Z 0x1c448 0x1a
??4CHStringArray@@QEAAAEAV0@AEBV0@@Z 0x19238 0x1b
??4CRegistry@@QEAAAEAV0@AEBV0@@Z 0x19398 0x1c
??4CRegistrySearch@@QEAAAEAV0@AEBV0@@Z 0x194cc 0x1d
??ACHPtrArray@@QEAAAEAPEAXH@Z 0x1dda8 0x1e
??ACHPtrArray@@QEBAPEAXH@Z 0x1dd50 0x1f
??ACHString@@QEBAGH@Z 0x19084 0x20
??ACHStringArray@@QEAAAEAVCHString@@H@Z 0x1dda8 0x21
??ACHStringArray@@QEBA?AVCHString@@H@Z 0x19214 0x22
??H@YA?AVCHString@@AEBV0@0@Z 0x1c540 0x23
??H@YA?AVCHString@@AEBV0@G@Z 0x1c6e0 0x24
??H@YA?AVCHString@@AEBV0@PEBG@Z 0x1c5bc 0x25
??H@YA?AVCHString@@GAEBV0@@Z 0x1c754 0x26
??H@YA?AVCHString@@PEBGAEBV0@@Z 0x1c64c 0x27
??YCHString@@QEAAAEBV0@AEBV0@@Z 0x1c840 0x28
??YCHString@@QEAAAEBV0@D@Z 0x1912c 0x29
??YCHString@@QEAAAEBV0@G@Z 0x1c814 0x2a
??YCHString@@QEAAAEBV0@PEBG@Z 0x1c7c8 0x2b
?Add@CHPtrArray@@QEAAHPEAX@Z 0x1dd84 0x2c
?Add@CHStringArray@@QEAAHPEBG@Z 0x191f0 0x2d
?AllocBeforeWrite@CHString@@IEAAXH@Z 0x1bf98 0x2e
?AllocBuffer@CHString@@IEAAXH@Z 0x1b7ac 0x2f
?AllocCopy@CHString@@IEBAXAEAV1@HHH@Z 0x1b6a8 0x30
?AllocSysString@CHString@@QEBAPEAGXZ 0x1d134 0x31
?Append@CHPtrArray@@QEAAHAEBV1@@Z 0x1d948 0x32
?Append@CHStringArray@@QEAAHAEBV1@@Z 0x1d42c 0x33
?AssignCopy@CHString@@IEAAXHPEBG@Z 0x1b860 0x34
?CheckAndAddToList@CRegistrySearch@@AEAAXPEAVCRegistry@@VCHString@@1AEAVCHPtrArray@@11H@Z 0x1ab28 0x35
?Close@CRegistry@@QEAAXXZ 0x1a4b4 0x36
?CloseSubKey@CRegistry@@AEAAXXZ 0x1a59c 0x37
?Collate@CHString@@QEBAHPEBG@Z 0x1916c 0x38
?Compare@CHString@@QEBAHPEBG@Z 0x1c878 0x39
?CompareNoCase@CHString@@QEBAHPEBG@Z 0x1915c 0x3a
?ConcatCopy@CHString@@IEAAXHPEBGH0@Z 0x1b910 0x3b
?ConcatInPlace@CHString@@IEAAXHPEBG@Z 0x1b9f4 0x3c
?Copy@CHPtrArray@@QEAAXAEBV1@@Z 0x1d9a4 0x3d
?Copy@CHStringArray@@QEAAXAEBV1@@Z 0x1d4a0 0x3e
?CopyBeforeWrite@CHString@@IEAAXXZ 0x1bf24 0x3f
?CreateOpen@CRegistry@@QEAAJPEAUHKEY__@@PEBGPEAGKKPEAU_SECURITY_ATTRIBUTES@@PEAK@Z 0x199d8 0x40
?DeleteCurrentKeyValue@CRegistry@@QEAAKPEAUHKEY__@@PEBG@Z 0x1b4b8 0x41
?DeleteCurrentKeyValue@CRegistry@@QEAAKPEBG@Z 0x1aac4 0x42
?DeleteKey@CRegistry@@QEAAJPEAVCHString@@@Z 0x19b2c 0x43
?DeleteValue@CRegistry@@QEAAJPEBG@Z 0x1aac4 0x44
?ElementAt@CHPtrArray@@QEAAAEAPEAXH@Z 0x1dda8 0x45
?ElementAt@CHStringArray@@QEAAAEAVCHString@@H@Z 0x1dda8 0x46
?Empty@CHString@@QEAAXXZ 0x1c2b4 0x47
?EnumerateAndGetValues@CRegistry@@QEAAJAEAKAEAPEAGAEAPEAE@Z 0x195f8 0x48
?Find@CHString@@QEBAHG@Z 0x1cb04 0x49
?Find@CHString@@QEBAHPEBG@Z 0x1cb94 0x4a
?FindOneOf@CHString@@QEBAHPEBG@Z 0x1cb34 0x4b
?Format@CHString@@QEAAXIZZ 0x1d120 0x4c
?Format@CHString@@QEAAXPEBGZZ 0x1d01c 0x4d
?FormatMessageW@CHString@@QEAAXIZZ 0x1d120 0x4e
?FormatMessageW@CHString@@QEAAXPEBGZZ 0x1d054 0x4f
?FormatV@CHString@@QEAAXPEBGPEAD@Z 0x1bb88 0x50
?FreeExtra@CHPtrArray@@QEAAXXZ 0x1d9e4 0x51
?FreeExtra@CHString@@QEAAXXZ 0x1ca1c 0x52
?FreeExtra@CHStringArray@@QEAAXXZ 0x1d9e4 0x53
?FreeSearchList@CRegistrySearch@@QEAAHHAEAVCHPtrArray@@@Z 0x1b030 0x54
?GetAllocLength@CHString@@QEBAHXZ 0x19098 0x55
?GetAt@CHPtrArray@@QEBAPEAXH@Z 0x1dd50 0x56
?GetAt@CHString@@QEBAGH@Z 0x19084 0x57
?GetAt@CHStringArray@@QEBA?AVCHString@@H@Z 0x191a8 0x58
?GetBuffer@CHString@@QEAAPEAGH@Z 0x1c8a0 0x59
?GetBufferSetLength@CHString@@QEAAPEAGH@Z 0x1c9cc 0x5a
?GetClassNameW@CRegistry@@QEAAPEAGXZ 0x19264 0x5b
?GetCurrentBinaryKeyValue@CRegistry@@QEAAKPEAUHKEY__@@PEBGPEAEPEAK@Z 0x1a31c 0x5c
?GetCurrentBinaryKeyValue@CRegistry@@QEAAKPEBGAEAVCHString@@@Z 0x1a1a0 0x5d
?GetCurrentBinaryKeyValue@CRegistry@@QEAAKPEBGPEAEPEAK@Z 0x1a2ec 0x5e
?GetCurrentKeyValue@CRegistry@@QEAAKPEAUHKEY__@@PEBGAEAK@Z 0x1a0c8 0x5f
?GetCurrentKeyValue@CRegistry@@QEAAKPEAUHKEY__@@PEBGAEAVCHString@@@Z 0x19c04 0x60
?GetCurrentKeyValue@CRegistry@@QEAAKPEAUHKEY__@@PEBGAEAVCHStringArray@@@Z 0x19f38 0x61
?GetCurrentKeyValue@CRegistry@@QEAAKPEBGAEAK@Z 0x1a188 0x62
?GetCurrentKeyValue@CRegistry@@QEAAKPEBGAEAVCHString@@@Z 0x19f20 0x63
?GetCurrentKeyValue@CRegistry@@QEAAKPEBGAEAVCHStringArray@@@Z 0x1a0b0 0x64
?GetCurrentRawKeyValue@CRegistry@@AEAAKPEAUHKEY__@@PEBGPEAXPEAK3@Z 0x19bcc 0x65
?GetCurrentRawSubKeyValue@CRegistry@@AEAAKPEBGPEAXPEAK2@Z 0x1a5c8 0x66
?GetCurrentSubKeyCount@CRegistry@@QEAAKXZ 0x19270 0x67
?GetCurrentSubKeyName@CRegistry@@QEAAKAEAVCHString@@@Z 0x1a358 0x68
?GetCurrentSubKeyPath@CRegistry@@QEAAKAEAVCHString@@@Z 0x1a3e4 0x69
?GetCurrentSubKeyValue@CRegistry@@QEAAKPEBGAEAK@Z 0x1a6d8 0x6a
?GetCurrentSubKeyValue@CRegistry@@QEAAKPEBGAEAVCHString@@@Z 0x1a68c 0x6b
?GetCurrentSubKeyValue@CRegistry@@QEAAKPEBGPEAXPEAK@Z 0x1a630 0x6c
?GetData@CHPtrArray@@QEAAPEAPEAXXZ 0x1dd78 0x6d
?GetData@CHPtrArray@@QEBAPEAPEBXXZ 0x1dd78 0x6e
?GetData@CHString@@IEBAPEAUCHStringData@@XZ 0x1b674 0x6f
?GetData@CHStringArray@@QEAAPEAVCHString@@XZ 0x1dd78 0x70
?GetData@CHStringArray@@QEBAPEBVCHString@@XZ 0x1dd78 0x71
?GetLength@CHString@@QEBAHXZ 0x19038 0x72
?GetLongestClassStringSize@CRegistry@@QEAAKXZ 0x19290 0x73
?GetLongestSubKeySize@CRegistry@@QEAAKXZ 0x19280 0x74
?GetLongestValueData@CRegistry@@QEAAKXZ 0x192b0 0x75
?GetLongestValueName@CRegistry@@QEAAKXZ 0x192a0 0x76
?GetSize@CHPtrArray@@QEBAHXZ 0x1917c 0x77
?GetSize@CHStringArray@@QEBAHXZ 0x1917c 0x78
?GetUpperBound@CHPtrArray@@QEBAHXZ 0x19188 0x79
?GetUpperBound@CHStringArray@@QEBAHXZ 0x19188 0x7a
?GethKey@CRegistry@@QEAAPEAUHKEY__@@XZ 0x19258 0x7b
?Init@CHString@@IEAAXXZ 0x1b694 0x7c
?InsertAt@CHPtrArray@@QEAAXHPEAV1@@Z 0x1dca4 0x7d
?InsertAt@CHPtrArray@@QEAAXHPEAXH@Z 0x1daa8 0x7e
?InsertAt@CHStringArray@@QEAAXHPEAV1@@Z 0x1d6c8 0x7f
?InsertAt@CHStringArray@@QEAAXHPEBGH@Z 0x1d54c 0x80
?IsEmpty@CHString@@QEBAHXZ 0x1905c 0x81
?Left@CHString@@QEBA?AV1@H@Z 0x1cdd8 0x82
?LoadStringW@CHString@@IEAAHIPEAGI@Z 0x1d180 0x83
?LoadStringW@CHString@@QEAAHI@Z 0x1d180 0x84
?LocateKeyByNameOrValueName@CRegistrySearch@@QEAAHPEAUHKEY__@@PEBG1PEAPEBGKAEAVCHString@@3@Z 0x1b0c0 0x85
?LockBuffer@CHString@@QEAAPEAGXZ 0x1caa0 0x86
?MakeLower@CHString@@QEAAXXZ 0x1cbe8 0x87
?MakeReverse@CHString@@QEAAXXZ 0x1cc0c 0x88
?MakeUpper@CHString@@QEAAXXZ 0x1cbc4 0x89
?Mid@CHString@@QEBA?AV1@H@Z 0x1cc30 0x8a
?Mid@CHString@@QEBA?AV1@HH@Z 0x1cc74 0x8b
?NextSubKey@CRegistry@@QEAAKXZ 0x1a724 0x8c
?Open@CRegistry@@QEAAJPEAUHKEY__@@PEBGK@Z 0x198c4 0x8d
?OpenAndEnumerateSubKeys@CRegistry@@QEAAJPEAUHKEY__@@PEBGK@Z 0x19b60 0x8e
?OpenCurrentUser@CRegistry@@QEAAKPEBGK@Z 0x19794 0x8f
?OpenLocalMachineKeyAndReadValue@CRegistry@@QEAAJPEBG0AEAVCHString@@@Z 0x19b70 0x90
?OpenSubKey@CRegistry@@AEAAKXZ 0x1a510 0x91
?PrepareToReOpen@CRegistry@@AEAAXXZ 0x1a768 0x92
?Release@CHString@@QEAAXXZ 0x1bffc 0x93
?Release@CHString@@SAXPEAUCHStringData@@@Z 0x1c05c 0x94
?ReleaseBuffer@CHString@@QEAAXH@Z 0x1c968 0x95
?RemoveAll@CHPtrArray@@QEAAXXZ 0x1dd24 0x96
?RemoveAll@CHStringArray@@QEAAXXZ 0x19194 0x97
?RemoveAt@CHPtrArray@@QEAAXHH@Z 0x1dc54 0x98
?RemoveAt@CHStringArray@@QEAAXHH@Z 0x1d62c 0x99
?ReverseFind@CHString@@QEBAHG@Z 0x1cb64 0x9a
?RewindSubKeys@CRegistry@@QEAAXXZ 0x1a590 0x9b
?Right@CHString@@QEBA?AV1@H@Z 0x1cd38 0x9c
?SafeStrlen@CHString@@KAHPEBG@Z 0x18fe4 0x9d
?SearchAndBuildList@CRegistrySearch@@QEAAHVCHString@@AEAVCHPtrArray@@00HPEAUHKEY__@@@Z 0x1accc 0x9e
?SetAt@CHPtrArray@@QEAAXHPEAX@Z 0x1dd64 0x9f
?SetAt@CHString@@QEAAXHG@Z 0x1c35c 0xa0
?SetAt@CHStringArray@@QEAAXHPEBG@Z 0x191d8 0xa1
?SetAtGrow@CHPtrArray@@QEAAXHPEAX@Z 0x1da60 0xa2
?SetAtGrow@CHStringArray@@QEAAXHPEBG@Z 0x1d4fc 0xa3
?SetCHStringResourceHandle@@YAXPEAUHINSTANCE__@@@Z 0x1b610 0xa4
?SetCurrentKeyValue@CRegistry@@QEAAKPEAUHKEY__@@PEBGAEAK@Z 0x1a898 0xa5
?SetCurrentKeyValue@CRegistry@@QEAAKPEAUHKEY__@@PEBGAEAVCHString@@@Z 0x1a844 0xa6
?SetCurrentKeyValue@CRegistry@@QEAAKPEAUHKEY__@@PEBGAEAVCHStringArray@@@Z 0x1a8d0 0xa7
?SetCurrentKeyValue@CRegistry@@QEAAKPEBGAEAK@Z 0x1a800 0xa8
?SetCurrentKeyValue@CRegistry@@QEAAKPEBGAEAVCHString@@@Z 0x1a78c 0xa9
?SetCurrentKeyValue@CRegistry@@QEAAKPEBGAEAVCHStringArray@@@Z 0x1a82c 0xaa
?SetCurrentKeyValueExpand@CRegistry@@QEAAKPEAUHKEY__@@PEBGAEAVCHString@@@Z 0x1aa70 0xab
?SetDefaultValues@CRegistry@@AEAAXXZ 0x195b0 0xac
?SetPlatformID@CRegistry@@CAHXZ 0x1b354 0xad
?SetSize@CHPtrArray@@QEAAXHH@Z 0x1d7b4 0xae
?SetSize@CHStringArray@@QEAAXHH@Z 0x1d25c 0xaf
?SpanExcluding@CHString@@QEBA?AV1@PEBG@Z 0x1cea4 0xb0
?SpanIncluding@CHString@@QEBA?AV1@PEBG@Z 0x1ce60 0xb1
?TrimLeft@CHString@@QEAAXXZ 0x1cf80 0xb2
?TrimRight@CHString@@QEAAXXZ 0x1cee8 0xb3
?UnlockBuffer@CHString@@QEAAXXZ 0x1cad8 0xb4
?myRegCreateKeyEx@CRegistry@@AEAAJPEAUHKEY__@@PEBGKPEAGKKQEAU_SECURITY_ATTRIBUTES@@PEAPEAU2@PEAK@Z 0x1b3a8 0xb5
?myRegDeleteKey@CRegistry@@AEAAJPEAUHKEY__@@PEBG@Z 0x1b4cc 0xb6
?myRegDeleteValue@CRegistry@@AEAAJPEAUHKEY__@@PEBG@Z 0x1b4b8 0xb7
?myRegEnumKey@CRegistry@@AEAAJPEAUHKEY__@@KPEAGK@Z 0x1b494 0xb8
?myRegEnumValue@CRegistry@@AEAAJPEAUHKEY__@@KPEAGPEAK22PEAE2@Z 0x1b5b0 0xb9
?myRegOpenKeyEx@CRegistry@@AEAAJPEAUHKEY__@@PEBGKKPEAPEAU2@@Z 0x1b4e0 0xba
?myRegQueryInfoKey@CRegistry@@AEAAJPEAUHKEY__@@PEAGPEAK22222222PEAU_FILETIME@@@Z 0x1b518 0xbb
?myRegQueryValueEx@CRegistry@@AEAAJPEAUHKEY__@@PEBGPEAK2PEAE2@Z 0x1b454 0xbc
?myRegSetValueEx@CRegistry@@AEAAJPEAUHKEY__@@PEBGKKPEBEK@Z 0x1b414 0xbd
?s_dwPlatform@CRegistry@@0KA 0x30100 0xbe
?s_fPlatformSet@CRegistry@@0HA 0x30104 0xbf
C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab.un1que Dropped File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab (Modified File)
Mime Type application/octet-stream
File Size 16.19 MB
MD5 fd43cf9a73846fb74bef0055b378a407 Copy to Clipboard
SHA1 3c346ceca5266c3fdd4556fa3d87d06c34575c44 Copy to Clipboard
SHA256 72ee2d7da07d31e81b6597144eeaabeca003a6ba9dbb1ec41cd9e9b22ebb2b3a Copy to Clipboard
SSDeep 196608:JWazG9JBMPunIMDcG6GJBdl8pFfpsY/T+w6yUsy7PXey7hlyZH2rp/:tGXnIMDpjvYfpsGT/ezX7DyUZ Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi Modified File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi.un1que (Dropped File)
Mime Type application/octet-stream
File Size 2.39 MB
MD5 088563d613b490d47ad31a54ad4d3581 Copy to Clipboard
SHA1 ec4993177416f1e250a12e30e1af41ca95d8a2b8 Copy to Clipboard
SHA256 b903e37206f2789d99f0da8aeeacbf7b4007a8b4ffd8a963e63fb37cffea32bb Copy to Clipboard
SSDeep 49152:LY56gzmF5iMsOsT+heukAaQeImlHEzJUrVlhfyhbC8eDB1Sv8EjOU+kXuI:856gKrUT+k9A5FtzJklhqU8WmjWoj Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml Modified File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml.un1que (Dropped File)
Mime Type application/octet-stream
File Size 1.53 KB
MD5 07aeca3e6cf215135e78730eec48bb95 Copy to Clipboard
SHA1 792a2d17b130788cb5de9dab41858480e2c73204 Copy to Clipboard
SHA256 bc276c55eb524738f80c7140ba79d2369c470d0709dc2e5cf37108a80b31975f Copy to Clipboard
SSDeep 48:aj092HPWaCeHmURWcIkJbJPhrzuF1PJ3Dacn:aI2veg+kJbvrz6PJ3Dac Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml.un1que Dropped File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml (Modified File)
Mime Type application/octet-stream
File Size 2.24 KB
MD5 d0603829da47593e147fd28cbead07dd Copy to Clipboard
SHA1 f77e7742f249ab94f31904fb04ff17e79809ef4f Copy to Clipboard
SHA256 2a681a1999d0160b3aa91dd8ddc68376285cd4e4e8c8a6e8b1b6cd8b1104b47e Copy to Clipboard
SSDeep 48:j2C7E05TPqHbGjzQpM6qxXIIvgFwvr7Ix83lT0nh:M05b6oYNqxXIigFM7IxEIh Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi.un1que Dropped File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi (Modified File)
Mime Type application/octet-stream
File Size 2.39 MB
MD5 645248505af5e625d09a302091d38a5b Copy to Clipboard
SHA1 1f22446176f609d746f5d817f9a58582c78e142c Copy to Clipboard
SHA256 1778d87590555eb59fb8cee46959269fad8c56beed1a12019f58028e4876730b Copy to Clipboard
SSDeep 49152:S/PZtlguhOy6MM+US1zaPWqh2pQYF3k2MeiF7F9mx86:S/RtR6MMi1zaONpQ8m9+86 Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml Modified File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml.un1que (Dropped File)
Mime Type application/octet-stream
File Size 1.42 KB
MD5 cc4b6d1c750bb485ea2feb3248374063 Copy to Clipboard
SHA1 74f135dce0250f8542ee71bd964572a887b99dd1 Copy to Clipboard
SHA256 3fbf331f57f3037c148731610cc54e60bc57e4132193638016ee89347c3002d0 Copy to Clipboard
SSDeep 24:bIyfWORSezEL2JEVCKN14j0vhkVLn8mbEk7gx0N6OfAPpqsaJRlOh4qtUiPJCidr:bIyXRzELDrN1w0ux887gGiqsarlOh2NW Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab.un1que Dropped File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab (Modified File)
Mime Type application/octet-stream
File Size 67.10 MB
MD5 6ed1bc2d9a4da7f6144fd5564949d974 Copy to Clipboard
SHA1 9dc5c76e9fd75a3419dd67885999139819106523 Copy to Clipboard
SHA256 6694a6a6c3e2dea54a02c92ff45a86cbc58decae4fd86a40fbd2fcfa5d013fd8 Copy to Clipboard
SSDeep 196608:lNv1OUuWKHRVpLyc9MfE/ZJj45bBJzBlVcy/gJLpv9O6knBgmJmJdGBbcxdJ:l1oUuWyVpLyfT5bP7VJ6pv9O9Bgs5idJ Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml.un1que Dropped File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml (Modified File)
Mime Type application/octet-stream
File Size 1.84 KB
MD5 affbedb58232ffc8733b7b4cbe48e1ce Copy to Clipboard
SHA1 f344bb3169b7c4fd64fe432d09f88be75f78e931 Copy to Clipboard
SHA256 f34b0986e9bd1e87510ea67a5fd82978505b4c827bd71b8d0030842820a7aa3a Copy to Clipboard
SSDeep 48:eXa+fYGuHgebDPw/IBnu/QEkm1KaLGf0DvW+YNXZqcKXXfHG:kpAgePPw8uBbXGfEYNX1YPG Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi.un1que Dropped File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi (Modified File)
Mime Type application/octet-stream
File Size 2.40 MB
MD5 04db8470abf2aa10cbd1184bcb3c2bf5 Copy to Clipboard
SHA1 d863fb51b91535771633548ce84c9f4e0c55e776 Copy to Clipboard
SHA256 799acbea8cde8e8cc3eb72526e25c7366665768b00424fff272b5dc5ead23857 Copy to Clipboard
SSDeep 49152:WX4wrqaio2eOu4e+QwQ4kJ2dadyurNjcXejog6hEFHLqU/B0RZ1:+45aiIdhMQ4QdgXZgs2HJ50RZ1 Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml.un1que Dropped File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml (Modified File)
Mime Type application/octet-stream
File Size 1.42 KB
MD5 3455a7543196eb70ae27db4f4d697a70 Copy to Clipboard
SHA1 9f868a6708de266fa2609f09ffbbb5bcaa5c0069 Copy to Clipboard
SHA256 726d83b1a0654782aa631157cb6fdb1b5359e52e263837655ba23cca0aa4802b Copy to Clipboard
SSDeep 24:D1O60dY9aTrJ0/XgMfpST6vbOEq7vwFzMeCC3fGfQhp1wZsGySflUg+gbRi5JFdX:Q6y4aTrJ6TST6DAIFzMZC31hpqK4fRiX Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab Modified File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab.un1que (Dropped File)
Mime Type application/octet-stream
File Size 9.50 MB
MD5 78201673d76a9507b7ef7cfd0c5fcc71 Copy to Clipboard
SHA1 2eae188678fd15e72fe45267e747e1ad69efba2c Copy to Clipboard
SHA256 3a4d141a8b8f0fc87e902e8d9c5d33637d3afa44da8c0452ea031a28c250cf18 Copy to Clipboard
SSDeep 196608:AvkTkaegW890uZSCgE84dX/WLCxJMon0Ywm8BkLp0RK17ahH8:xI8WU7f/KCxF1wVhYIc Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml Modified File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml.un1que (Dropped File)
Mime Type application/octet-stream
File Size 1.57 KB
MD5 98ae29a0d0875603259a5ed773cdc427 Copy to Clipboard
SHA1 5a62f1ccfe6f22964ad40dfca19b60184585927c Copy to Clipboard
SHA256 43e70efd7a501592a7611366777531d2284e8d491590310d0f6dc1db835172d7 Copy to Clipboard
SSDeep 24:qMnjBlZI9I/kSzIRMNFa2YVmH/i48uGQ6qwfr1q3If5TFMFB+vhm6WPsUeBHV81p:qMhsIcSBYVh4+u4IYXWP09q1p Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab.un1que Dropped File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab (Modified File)
Mime Type application/octet-stream
File Size 14.13 MB
MD5 dc916abceec59e2362f0c7d5f00544f0 Copy to Clipboard
SHA1 bbb702541b057f7917d1137ba68cba5ce4ec16e3 Copy to Clipboard
SHA256 8b391ed50eb499fe5a7c4dc2009741059d55150da588e9a594e65398a9042812 Copy to Clipboard
SSDeep 196608:McX+hpkHoLw6iqEUfB581mQrLDBW1u2i1bSk7uOGf0L22OK+wq704tWEvdNEIRK:32pkHos6iKfBgF3BJj1bL++2bN70uwIg Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi.un1que Dropped File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi (Modified File)
Mime Type application/octet-stream
File Size 2.73 MB
MD5 6793c835e652e8b4dd4814dd9f473dfe Copy to Clipboard
SHA1 ac7d7152c05b0140277ed3c53e37e2c3c1e550b0 Copy to Clipboard
SHA256 a3491b6d7bb2cdd08bc1e850ede6994cd6c4bb7e5cab35fb1fffbb342f378382 Copy to Clipboard
SSDeep 49152:o5qWIScR2q9NpAYbYYcmWTGMCUfrUapwzGGFXPdCAuGXEb4369b/5ac:o5hIScYWpAYNWTZNXXGZPgAuGUk36dBj Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml Modified File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml.un1que (Dropped File)
Mime Type application/octet-stream
File Size 3.11 KB
MD5 b118cbb51ab3b47febb7b15cbc395485 Copy to Clipboard
SHA1 12e7323a81e267ccf6436b437cba542eff524b52 Copy to Clipboard
SHA256 efeb1f658fe8e2b8c2f465f0278912f62120a08bb16ff54222d7240809647f18 Copy to Clipboard
SSDeep 96:kfXz7y62vA5qeHya739pztHuDq2CZpAnGt1dm:kfXny6vqeHLLtO7CAyM Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml.un1que Dropped File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml (Modified File)
Mime Type application/octet-stream
File Size 4.11 KB
MD5 a39cd88e5caac43f7fe26a1c88af6a18 Copy to Clipboard
SHA1 04f97053ed48ddb088ce2f536b0fd20eb931233e Copy to Clipboard
SHA256 14849afed5acc5287680bc7ffa1169b2f48d3eff1f76c872a431ef7030c75d7a Copy to Clipboard
SSDeep 96:lW2CYmNUJAQJJcwah5nG2SCmbW9fWuXTiV+zq7fWphcwcWRNrjX061:tAQ4pSTbmHXWczq7rR+NrjE61 Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml Modified File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml.un1que (Dropped File)
Mime Type application/octet-stream
File Size 2.37 KB
MD5 9dbe17c109d677010b742fd4ffb490c6 Copy to Clipboard
SHA1 19b95355ceeca4ee23bc26b6e4d6e10b31e6ff2f Copy to Clipboard
SHA256 c8cd673c3c9797f96e19b57d5b689caf77bbb3ebb73af88b999b8b2a24987703 Copy to Clipboard
SSDeep 48:WRbpfAUaDLOYpbXgd/3aN1v1oEXckA+PdTsNEs9ISyxCbtJJ:e2UaDLOYpUd/3aN1CEXckvPqNEsWCzJ Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab.un1que Dropped File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab (Modified File)
Mime Type application/octet-stream
File Size 41.78 MB
MD5 2103bc14acf410c436ca92018bbb1081 Copy to Clipboard
SHA1 685c3eeeef9fb365643ba98c4e5c965dcd4fba99 Copy to Clipboard
SHA256 8fee7290b604b0f13118c95d7ff994c6e5e4ffb4e6b6ac4447a248882eb7c8c5 Copy to Clipboard
SSDeep 196608:J7ggn9VPhXcRZbSd2xEon2ARyBB901AmzVeL0Fyr3QVHFt:JNPhXsZi2xEon2Yyf901pzM+ew Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi.un1que Dropped File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi (Modified File)
Mime Type application/octet-stream
File Size 2.41 MB
MD5 8d13903e3627c9fa6274f23494cf91c2 Copy to Clipboard
SHA1 8703fc1611c7d2514d8f97b4613d757e08540798 Copy to Clipboard
SHA256 782ebd5859bd9a01aa2c586790820cf7deb58e3dbdb6bedc83fdbafd15e3ee7a Copy to Clipboard
SSDeep 49152:SY0noFGUFkZbRGNe8ivwny2Bb50fPKhnGtoYj/34wsWjsof+Kz2:GW1kZlGNe5vwy2BbMPKlAwwbjsoWKa Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml.un1que Dropped File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml (Modified File)
Mime Type application/octet-stream
File Size 1.76 KB
MD5 600e1c26ce86521690e46ba076fadcb3 Copy to Clipboard
SHA1 f405979b85a73f616a9bc8a0cdf6f2db91453e12 Copy to Clipboard
SHA256 ba3c7a4b7f18dc0ea262f7ef787512018b59401e6f3cd07e53d1d54a52957a8d Copy to Clipboard
SSDeep 48:JaSQ5f3cmvaoDEmL7ha+/cT6AOWaIWO2u:gSQN3cm7HAucYtIWxu Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi.un1que Dropped File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi (Modified File)
Mime Type application/octet-stream
File Size 848.50 KB
MD5 6fc30d7c67c29dde4aa9c2cb9481b94a Copy to Clipboard
SHA1 6fc1c36f1683eb07e6b0aa52e4eb026db66f8062 Copy to Clipboard
SHA256 f805bc40afb3a06fd7f6791e51f2584212f5eca74e25ca726fe69f6929e2c76d Copy to Clipboard
SSDeep 12288:6eM6FaOyKhh6AogQmbrnS/VHT827eyk3ip5YNP7xPJ399lnlGREGktR84g5TaL2y:6eHaOPhooQCTK5Zeyk3z0B8qT5TaL26j Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml Modified File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml.un1que (Dropped File)
Mime Type application/octet-stream
File Size 811 Bytes
MD5 53b25660d74700f47c1093424241511b Copy to Clipboard
SHA1 ad899c627dd022d6ef1424bc69148e3c854cbe6a Copy to Clipboard
SHA256 2eb0d6618048dfff12dadcd9956f2471a8491edcc901a6b4efa08076866a87d3 Copy to Clipboard
SSDeep 12:mA45qnLGQun9AYw80rxRXPP3U1JdjfKhprkMA0J9+Hpam8tA+hnxEtiwn:mA45ELGBn9gnk13fKhprkr0JgJKZZO7n Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml.un1que Dropped File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml (Modified File)
Mime Type application/octet-stream
File Size 5.75 KB
MD5 99b5ded01f18495e0f1d3fef3e88d365 Copy to Clipboard
SHA1 70ca5d68cf4bd151ba737023f9840487b4598f4e Copy to Clipboard
SHA256 a9bb4a686dad5078736189b6c124fdfe04ffcede6ac3b147f0d32850a3e19d5b Copy to Clipboard
SSDeep 96:H5eHQst/+PcyqRyfGEoegIXwceIihnFBMLBv1i4rVqQj6eqUjfWhdgP+9dY76TMB:HMQsbuGEhggbucLFVqBTUjOhdgJEMPhz Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab.un1que Dropped File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab (Modified File)
Mime Type application/octet-stream
File Size 10.95 MB
MD5 d78ad6ba2eb6413fa1e1f9519a010431 Copy to Clipboard
SHA1 0829b64abe5b384a0faceca707b1c164839f20a9 Copy to Clipboard
SHA256 1516d72b7ccde79257f97e672b3b6b51da5a73855d70baf908af5adc38567a37 Copy to Clipboard
SSDeep 196608:baaw4v0v5+gs9sYfxgb60cxJOxXGTRNcHaLGwDowyGfrVnmfHzl:p2snlfzKGTRNiaTrVuJ Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi.un1que Dropped File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi (Modified File)
Mime Type application/octet-stream
File Size 855.00 KB
MD5 2e5fe90bbe1610ad0f80527770a21f41 Copy to Clipboard
SHA1 68f2e53211258f1e06b603ff8d3c3f9a1093da11 Copy to Clipboard
SHA256 60c13e3e36344828a4098971835b59f51462b2baefe5ffd1d07fd31d58cc4423 Copy to Clipboard
SSDeep 24576:VxQ9Mh5Lnzv556mr8bm9PKFkn7QO/LxP42pDfb:U9G3visumpKuQO/L1P Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml.un1que Dropped File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml (Modified File)
Mime Type application/octet-stream
File Size 1.32 KB
MD5 0a20d60ee9e6111191d0a371cb0b121c Copy to Clipboard
SHA1 a0f598739560d4fb65c2cfc1bcce7d52a49d0f59 Copy to Clipboard
SHA256 e4c829cd260fe604d1ac9e306fb7ce74522bd6e0dbccb4d6d85406c283a2860d Copy to Clipboard
SSDeep 24:xYi7Wk+HvN/CO8dZ0DgekvxIOTgR8gzE0dqWV5Y7i1IDeGZ39faRyjX5:xok+PN/adeU72OnQzqWTY7qgeY39iEd Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab Modified File Binary
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab.un1que (Dropped File)
Mime Type application/x-dosexec
File Size 13.01 MB
MD5 2573546e0ab3334904a98cb75afee06f Copy to Clipboard
SHA1 4a62e5df7b8c398b8ce1020a3b7778d684c4b5e5 Copy to Clipboard
SHA256 e92a2dd953795ab69a61e928f441f196555210b48e3447752803391434608eaa Copy to Clipboard
SSDeep 196608:5JdrFQFEw5CMyOBrfplx6IIDZshGIbmsS/Rf3HPWuu7dv06iCXgQg5p2X1FIt/+N:5/NwJdPE5uvbyXuN7dv05b50XMWN Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi Modified File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi.un1que (Dropped File)
Mime Type application/octet-stream
File Size 860.50 KB
MD5 ae8e63748207c87f60b857f4317e56ba Copy to Clipboard
SHA1 905875e7678373daee2988f44c70fce1819154fb Copy to Clipboard
SHA256 96c5886b611148c87ea1490deafdaddbf8131f7f03cd507b340ff43ec70c8de9 Copy to Clipboard
SSDeep 12288:n+SzMCLalVyDs0/5FrlrGHq7k7eOIIlDEvZi7aksyLAc2hid43cFeA+wbE:n+Sz4VyDb1CkkaAuvryLAxjyeubE Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml Modified File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml.un1que (Dropped File)
Mime Type application/octet-stream
File Size 1.42 KB
MD5 ee90186efe7ebf62e697d8936cc8f582 Copy to Clipboard
SHA1 2a6774abc694a5ad2bcc3f2d12275e0c59b7ef5e Copy to Clipboard
SHA256 9cea7abef444e305f883911f64994f6c72e52c2711f7830ce756a51257414534 Copy to Clipboard
SSDeep 24:+MH+mWu/toxQlYI1vicxEudDNjYUv8wZvT14PIZUlYIK+O8gVWtIE+Ho/6YMCQyA:+MemWEtmQlYIvicxEudDJYtwZL143jKZ Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab Modified File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab.un1que (Dropped File)
Mime Type application/octet-stream
File Size 20.09 MB
MD5 ed4dc2191aac16565c9adb12e0dbfdb6 Copy to Clipboard
SHA1 d110e6fb8c2a9459a56f28cb7a4b0940a54a9bdc Copy to Clipboard
SHA256 01fbd858a242897d355d7953b6eb17da0c9c3abb1674efe192c71c04b5101224 Copy to Clipboard
SSDeep 196608:M7tODhuua3qyMe6Qw8MhnZxVKjPtLlqvBqYdxSR8ocYsX:M5Gux3qyMenw8KZxgFAvBqYzmTsX Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi.un1que Dropped File Binary
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi (Modified File)
Mime Type application/x-dosexec
File Size 865.00 KB
MD5 b6f3455d58e7331c776bcbee31634cda Copy to Clipboard
SHA1 d00edb2a6fb9773247756f267b5529e0a3c32207 Copy to Clipboard
SHA256 dba70cace2f86ae15ff7555c843883a719265dda4c69862ee0bae268e6980dec Copy to Clipboard
SSDeep 24576:bxD2IzQcrLFxFPteAAFv+kN2V9+AcWTUacIvh:52IzQcrZ1e9LUXGWTRFh Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml Modified File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml.un1que (Dropped File)
Mime Type application/octet-stream
File Size 1.42 KB
MD5 956201dbc64d3f444e09a0d5c5f6e621 Copy to Clipboard
SHA1 7edcbf21b3b21bd2949f189277d97b6bd5dfb407 Copy to Clipboard
SHA256 ebe24c7190a164bf8b8af92eed7cd2f8110788770f1b247429dcc360d29aeb14 Copy to Clipboard
SSDeep 24:qQbrHX7YeVBsTsMsPoF4scEvbqU+y8/xrHkjgfswGoESDpaHIUjklfxpn:qQPEeZMNFjvmUu9HkjgsNStMIukRxp Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi Modified File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi.un1que (Dropped File)
Mime Type application/octet-stream
File Size 853.50 KB
MD5 6b6b9f0928eb83ebe98eb88acbc2a88b Copy to Clipboard
SHA1 3029bc76addd7085c60d1fececdf68820c3fdaaa Copy to Clipboard
SHA256 d52461cec15046605370b8fbc8fba12239c8ce22a676c75e09783f4139da8db3 Copy to Clipboard
SSDeep 24576:xK26HG4CK28/hdw4gYYi/2aD9tdWUAv9ZsOeQv4SB5zC:/6HbzpdFgz8R9tkUAv7KQQSnC Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml Modified File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml.un1que (Dropped File)
Mime Type application/octet-stream
File Size 1.35 KB
MD5 fd393e6a4d741ab4afa9dd46f8df7574 Copy to Clipboard
SHA1 db99c3f05843f23740af9233c6f2d31a784a325b Copy to Clipboard
SHA256 905d48fd017e84f2bc79a9eaf19b15e1bf906d4fd979687493dabd2eed7264b0 Copy to Clipboard
SSDeep 24:8EUgQwd9Tkft3IoOe6rbt2QEepzgLXn7RKO7MjgKQ5UizZp4LrGMmoiGMmVHAW4a:DQ2klxS/8oKNKpjgKRiVp4OVmRDYImGT Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab.un1que Dropped File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab (Modified File)
Mime Type application/octet-stream
File Size 2.79 MB
MD5 77b4c9c6cd7e8dc8c7c158ef43573491 Copy to Clipboard
SHA1 66a2240d6a8fef5f7fd6e61b3ba1fa10022a96c5 Copy to Clipboard
SHA256 67afcd7e2e60e314fe9a107d98e29d134d0d121f0df42517e02e2af2ae0786b3 Copy to Clipboard
SSDeep 49152:IWa4xuo/pyTJ6QjXhIK5tmsC31psKnWvr1SmNCng3oIvvfSBSC/TmN9K:IWa4QoBylp6+tlCFFnWhSmNl3wBSATak Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml.un1que Dropped File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml (Modified File)
Mime Type application/octet-stream
File Size 2.31 KB
MD5 fadf952f38606218dd241d16e698e2b2 Copy to Clipboard
SHA1 fdefe4303354200371e4310e0bbab53dd1246e18 Copy to Clipboard
SHA256 dc7ad7e681b27718adab54698218458afd514ac0716efa665e36ef04507c9cbd Copy to Clipboard
SSDeep 48:CN+kxdfF8WAGepyWVNbnKwxIEBcTOJBSHIxCT8cWDy:cYVGetVUw0MkHIwT8cr Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab Modified File Stream
Unknown
...
»
Also Known As C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab.un1que (Dropped File)
Mime Type application/octet-stream
File Size 18.00 MB
MD5 1c8422637a946dc2c95d45bfa9462605 Copy to Clipboard
SHA1 d989361c6e4fe4151618093693115a20410e51ca Copy to Clipboard
SHA256 dab0dfb8673da78a5a87ff1a71a0890736e48199b975dadfb9cf05c73411653a Copy to Clipboard
SSDeep 24576:eLWcKIgFPAM0tJb4/DXCSpAfl/RLmfJ4aAoAXfgCvsKq:eiFktJ4ReCfJ419Xo0Hq Copy to Clipboard
ImpHash None Copy to Clipboard
C:\Users\5P5NRG~1\AppData\Local\Temp\kP8E59.tmp Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 26 Bytes
MD5 e028c8417dd1f4a1bbebe990687f60be Copy to Clipboard
SHA1 735a00747091318bb37e2a99495d7d2d329eeddc Copy to Clipboard
SHA256 ad1745fb0662b3217f3d8e591fc3476278766709a185b43bdea26c966071a6c3 Copy to Clipboard
SSDeep 3:pMCMj:3Mj Copy to Clipboard
ImpHash None Copy to Clipboard
C:\Windows\TEMP\z8xE0EE.tmp Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 88 Bytes
MD5 c3cda15142c7ce754c30f2c58ce2a57b Copy to Clipboard
SHA1 63c858187dfabcd0a71b8869418d5a6151cc1414 Copy to Clipboard
SHA256 3768652c2a9eea691e968779d892bd4bfb8f256b1c031deb85431c2138e1a1b3 Copy to Clipboard
SSDeep 3:cPBk3QRtucmJhpozWNk3QRtucmJhpov:oBk3QbTwhp4WNk3QbTwhpy Copy to Clipboard
ImpHash None Copy to Clipboard
C:\Windows\TEMP\eRE9C7.tmp Dropped File Text
Unknown
...
»
Mime Type text/x-diff
File Size 61 Bytes
MD5 4678067bd01181640bde714e7434d241 Copy to Clipboard
SHA1 fcbaf15ccf3149fa1af11d1a7c3a1f30454ad233 Copy to Clipboard
SHA256 80198ae0df1a42c0375515db21dd34bbe35774c543ac848ae449649b5296f3f1 Copy to Clipboard
SSDeep 3:TdiHTmJh1k5RAkSZv:Rewh+5mfR Copy to Clipboard
ImpHash None Copy to Clipboard
C:\Windows\TEMP\xEEF6.tmp Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 93 Bytes
MD5 db979d53371d4bde6672ba3db1ff2771 Copy to Clipboard
SHA1 44ef8f92be27376ab9126e05f7092f55afdba7c6 Copy to Clipboard
SHA256 3f2c028d618726c98e729f249c9960930581197f76220ed7b31e329f48cc88fa Copy to Clipboard
SSDeep 3:cPBk3QRtucmJhpozzlLq3QRtt7hX4an:oBk3QbTwhp4oAbt6a Copy to Clipboard
ImpHash None Copy to Clipboard
C:\Windows\TEMP\EG1F9B2.tmp Dropped File Text
Unknown
...
»
Mime Type text/x-diff
File Size 59 Bytes
MD5 b1080b9e249ebba794ca2a1cbeecd213 Copy to Clipboard
SHA1 ee0cf6f57765a76b58b5bfdd9be10dfd2597f556 Copy to Clipboard
SHA256 1dc1b0ae7ef38e8c382e27e0d1e8346c5de8ac55685b6a0513cd6e31ebd94cd8 Copy to Clipboard
SSDeep 3:TdiHJhXcsR5RAkSZv:RK5mfR Copy to Clipboard
ImpHash None Copy to Clipboard
C:\Windows\TEMP\wE9C6.tmp Dropped File Text
Unknown
...
»
Also Known As C:\Windows\TEMP\Dkn5B4.tmp (Dropped File)
C:\Windows\TEMP\D6F9B1.tmp (Dropped File)
Mime Type text/plain
File Size 44 Bytes
MD5 1497efd1e5f1395f13cac021b9a2115c Copy to Clipboard
SHA1 980ae7f7c1f6f33bd5300ebd45930da3d0c1f238 Copy to Clipboard
SHA256 c2a4b12da8a8d17786b197e61c5fe8d24e1441214b8d06212688e6cb5e2e387d Copy to Clipboard
SSDeep 3:cPBk3QRtucmJhpov:oBk3QbTwhpy Copy to Clipboard
ImpHash None Copy to Clipboard
C:\Windows\TEMP\1j5C5.tmp Dropped File Text
Unknown
...
»
Mime Type text/x-diff
File Size 57 Bytes
MD5 c44e117bcbef4685632a3660f69040ed Copy to Clipboard
SHA1 8189a5f443b014142cc478c1ded09b83f6f5fdb6 Copy to Clipboard
SHA256 d097e7399a6d3e57e57529ae65b49d6dd5fccd5259638fac08c44d2f5efac010 Copy to Clipboard
SSDeep 3:TdiHXDXCWv:RQDyo Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab.un1que_readme Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 1.07 KB
MD5 dc340fec6221653983b002b81954acb0 Copy to Clipboard
SHA1 9a244cb7a589ed2f60c439e32d6972ac5ea10743 Copy to Clipboard
SHA256 706a40ac9aa0776db6c3122c5f964ef94e68f1c42289181417326ae5d523372f Copy to Clipboard
SSDeep 24:aGvGzqukMrSJgTN8ogsEO2vLHYhwTjfodxUB2vPNOn2Cf1OFidY5gCC:aGXuHrSCTNblX2DHdTjQEionFyC Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi.un1que_readme Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 1.09 KB
MD5 d5da857c4254f72459c55886ea6832e2 Copy to Clipboard
SHA1 d8806b7af2b5ee034ac3e18c6c91221f2dd0589a Copy to Clipboard
SHA256 5e0007e40dfc63ec266d6906e8171f9eb69116069a701c2c7dfabaacceab4f84 Copy to Clipboard
SSDeep 24:aGvGzqukMrSJgTN8ogsEOgvLNeg5/ZR8IgFGCxM+6pRVjouD:aGXuHrSCTNblXgDEy/rgFzxM+wR2c Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml.un1que_readme Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 1.07 KB
MD5 ead3ec4e0b8e4996eec61205e6011d81 Copy to Clipboard
SHA1 31f76a2d6e8895759059185d43c65c9aeda76d17 Copy to Clipboard
SHA256 3422caa62a0a82a0394e327a5b6959ab09c22e77efcd50a3d87c6ccba9ce59f9 Copy to Clipboard
SSDeep 24:aGvGzqukMrSJgTN8ogsEOYvL5yX3F5AlvdGfO6RVrMv+M02db+/I:aGXuHrSCTNblXYD5MYvdwO8xy3 Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml.un1que_readme Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 1.08 KB
MD5 a6c1191e3d84750a6990529d203b4218 Copy to Clipboard
SHA1 66a1ceaded0ee2e8e573d5be3249bc30ddbc1dd3 Copy to Clipboard
SHA256 2ca85ed7882430ca3a51e9095f92f0257a4192480f13dff18daabc7259a201cb Copy to Clipboard
SSDeep 24:aGvGzqukMrSJgTN8ogsEOhvLgrZTVjjkHe65hrshUovHv//hKmXFPZD7H3Ca5+dn:aGXuHrSCTNblXhDgrMHecrsFnEmhVb5Y Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi.un1que_readme Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 1.09 KB
MD5 6503d1d2cca1bb00115f4e30ce89a07e Copy to Clipboard
SHA1 41fd47765a3739774e42943e1046ac4db884dea0 Copy to Clipboard
SHA256 cb816101ebc2ecc1f6b9b57e8bc5188e0354b5a4c64faafe3494419153c817d4 Copy to Clipboard
SSDeep 24:aGvGzqukMrSJgTN8ogsEOCzIvL1cSd5EQwA8BoSyaZtxHzUn:aGXuHrSCTNblXVDaAEQZSyMt9Un Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml.un1que_readme Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 1.07 KB
MD5 24edd5e8645870c9c2f4ff487987e9da Copy to Clipboard
SHA1 beb1f7eed20bf1308991486538c1b4222896c3d1 Copy to Clipboard
SHA256 5ded2c71629b078bd277f7751dbe3d6c6ef81a90a18eb38a7dbec7a89252e88e Copy to Clipboard
SSDeep 24:aGvGzqukMrSJgTN8ogsEO+lvLdM2po4rwL12Qu79Mjo9mfViAB1z9XHP:aGXuHrSCTNblX+lDG2rwLkQqWjoQfQAJ Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab.un1que_readme Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 1.09 KB
MD5 8ddeebc9bdc0fbbd72b490528bdec7f7 Copy to Clipboard
SHA1 65bd915e1aa18110705fe45deb1416fac44d2f08 Copy to Clipboard
SHA256 f837ea08610ad9c08cb6e5f8cf8a34e2474528302c6646641a525e7d64811799 Copy to Clipboard
SSDeep 24:aGvGzqukMrSJgTN8ogsEO/kd7nvL0L0jSKsIowF3xvY3AuavVbbvprpgJOeAeAE:aGXuHrSCTNblX/WnDRWelvkJOAf Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml.un1que_readme Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 1.07 KB
MD5 bd3cd0cf8d88b16576f8fb0c17e190b1 Copy to Clipboard
SHA1 d044b58d55c6c3932d7bf233fba924f01c8fa31b Copy to Clipboard
SHA256 83d7238bcb7cb0d44b69ea71347aa9972b34914d6ae7d655c0ff52c881e16d3f Copy to Clipboard
SSDeep 24:aGvGzqukMrSJgTN8ogsEOYvLDzRABVgOC+YXhELy3u7u42SjaRT1Sv:aGXuHrSCTNblXYDDzRAkOC+O3st2Tcv Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi.un1que_readme Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 1.09 KB
MD5 b246742ce743a1379625092380e0d13e Copy to Clipboard
SHA1 7ea1b3725690dfc8f8bf090f9f8e02f91a9df0c8 Copy to Clipboard
SHA256 ff674cdb94153560114f0422b68e19b1711e41800facc0e36cbafa4bc277a713 Copy to Clipboard
SSDeep 24:aGvGzqukMrSJgTN8ogsEOJvLxAlzL0KFncjVVRm08VQAn5cQFL:aGXuHrSCTNblXJDxWzwKIdm08eAWQFL Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml.un1que_readme Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 1.07 KB
MD5 6cbd4c3cdbb9a40cde70a33f401c2a5e Copy to Clipboard
SHA1 2d599fa4187e9f7c5fc75afce7ab64872e74ae9f Copy to Clipboard
SHA256 569a2d3da4b9c4b218e93c5b651e21f8372898c2a09c7d21174f9cb9adbc6ae4 Copy to Clipboard
SSDeep 24:aGvGzqukMrSJgTN8ogsEOceYvLPl/VcxVmh5tJoEhGF9wlP3Plnkcv:aGXuHrSCTNblXcRD9GxVMZ1GF+Ptnke Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab.un1que_readme Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 1.08 KB
MD5 963d04f9390bf99a6951c9811cf3cd54 Copy to Clipboard
SHA1 c8641f18b49fd22f950fff91e15739246c43d409 Copy to Clipboard
SHA256 4c346b05577c62da8d827001e439cf2530aa7283d833f1062e3235efa74f9c06 Copy to Clipboard
SSDeep 24:aGvGzqukMrSJgTN8ogsEOp6CvLJPCRem5gYY6shLKdZlg8dmHB7ioHRBvcNp48+e:aGXuHrSCTNblXoCDJPEVeL60LKdZlg8/ Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml.un1que_readme Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 1.08 KB
MD5 643cf9f5840f6ff9c9a6380f4e46e58b Copy to Clipboard
SHA1 6a31266428e5a04ed00284b258fbc31c873bd791 Copy to Clipboard
SHA256 030e7ef2a990ca1a9b9b1b0b19ffa42f5b7c43a76879364c162d461916fd0b11 Copy to Clipboard
SSDeep 24:aGvGzqukMrSJgTN8ogsEOxjynvL8HfxzMxJo2pPpZqP68ST5oAnZa+F+xoiW0tO:aGXuHrSCTNblXInD8tMxJX7qdy5vnZ1r Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab.un1que_readme Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 1.07 KB
MD5 c4674b0d7f1623e752a3046602e7d496 Copy to Clipboard
SHA1 17d035efa2164a84a30955eb59c44b2c91884879 Copy to Clipboard
SHA256 1648408323fc251f7fb950450697a065986f12fd1607bcdef5b84194835d4b1d Copy to Clipboard
SSDeep 24:aGvGzqukMrSJgTN8ogsEO7/vLjR2jnicfAr327kv/9tChEP8jolUqVe6:aGXuHrSCTNblXrDjRkc2SltoE0oO16 Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi.un1que_readme Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 1.09 KB
MD5 5a0cf162bc99075a2cf2c806a1e1582e Copy to Clipboard
SHA1 086c9489af4d032bd00370588963c2f6ce20d21c Copy to Clipboard
SHA256 ef63cef92264e2acc964ade7407cd3190c2762a427c367db8edcada84c7eb7f6 Copy to Clipboard
SSDeep 24:aGvGzqukMrSJgTN8ogsEO/nvLVnNSeG1fV4YFZ+6pqXnsf0MDMwarqH9X:aGXuHrSCTNblX/nDVnNSzqY/+6pq3sf7 Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml.un1que_readme Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 1.08 KB
MD5 f2ddc7e6774e6474c86840b068325820 Copy to Clipboard
SHA1 1704469913c3f3ad84e37819160bfc268de4fc6c Copy to Clipboard
SHA256 ae01fd0a30b67a68eb3631f7e5fdf5109c0b160d464d8d6f55728dad993cd113 Copy to Clipboard
SSDeep 24:aGvGzqukMrSJgTN8ogsEO3vLDK3bgZLdgP7Ifh1+cYgVGiaA:aGXuHrSCTNblX3DDyb2gEfv+QG0 Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml.un1que_readme Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 1.07 KB
MD5 aa966382efb43b9d6b4d421ad8975626 Copy to Clipboard
SHA1 7714a9407719aed5fe9b63c13f5e9e168f4eced9 Copy to Clipboard
SHA256 66d21b5a309844f828c4170ebccfca6f5c09e2bef71832d1017ec90b24035f2e Copy to Clipboard
SSDeep 24:aGvGzqukMrSJgTN8ogsEOFsnvLjJ/j4/tG2wTUag5D50Xc0eFZQ7ZluHJcsMqRG:aGXuHrSCTNblXFsnDjJ8lGsN510Xc0ew Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml.un1que_readme Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 1.08 KB
MD5 6b2f39765e9b0c7d18df775e39c51307 Copy to Clipboard
SHA1 29eee9fc42f1651e83225b1cd327a247af2c3b9a Copy to Clipboard
SHA256 3ca05dacd0693cc16b9e5c68e4d5821b7fc8d313030fca9466fecbcf5f337be3 Copy to Clipboard
SSDeep 24:aGvGzqukMrSJgTN8ogsEO3vLsnOwnuFW2S/URpW1qsOIRDQz99yRfy:aGXuHrSCTNblX3Ds2FxSsFMRfy Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab.un1que_readme Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 1.07 KB
MD5 86b198a99386617a1c2d417ee4085f25 Copy to Clipboard
SHA1 b5a3a9a9848082d7d192b4f4870be76b2babf317 Copy to Clipboard
SHA256 2370332bbd48489db41263ed866eeb345472e7c6d126235469fa1c996a5dda56 Copy to Clipboard
SSDeep 24:aGvGzqukMrSJgTN8ogsEO/zvLW3VdjXB9j4SSZgsv9C3YdumWc15FG74bNixkU:aGXuHrSCTNblX7DWFP9jXtY9P915csbO Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi.un1que_readme Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 1.09 KB
MD5 13e21ef86205c33104ec3fb3f04c05e0 Copy to Clipboard
SHA1 a8cbe720da1d1898c6b3dbff07d9ae6e5ff55fd7 Copy to Clipboard
SHA256 718bc5210c79c55ed7bfdeaaf0ea3d62b5eb325eaf15c54e120deac2323eb991 Copy to Clipboard
SSDeep 24:aGvGzqukMrSJgTN8ogsEOevLS2WYcDMz/+keYXLvQODUw2MbyTwGf:aGXuHrSCTNblXeDSTQzmWXbB97GTwGf Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml.un1que_readme Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 1.08 KB
MD5 f3d6679df0ca076d8be382ec8665f74e Copy to Clipboard
SHA1 a1a9d287fd2875cd039ff9c4637029a7578c17eb Copy to Clipboard
SHA256 be0ef347bf2786ebb11d042da144f5fcb94934dac65acae1fb14e8854047b887 Copy to Clipboard
SSDeep 24:aGvGzqukMrSJgTN8ogsEOKvLiC6hiro79o2qFMYcfRl9BYGb5gTCSdnK9d5uB:aGXuHrSCTNblXKDiCdKK8YcfH9qJTDdz Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi.un1que_readme Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 1.09 KB
MD5 8409341179071a1dba132236ddabc2b9 Copy to Clipboard
SHA1 2c4d22cd696faba2a282453a0cb40420c65f09e5 Copy to Clipboard
SHA256 936ce9743326c11a1d280bfa06e770fb4dc5097e49dc01d66597fbea77289e33 Copy to Clipboard
SSDeep 24:aGvGzqukMrSJgTN8ogsEOvJmvLh1r5RfbBfGgD854awHXWOz9xYLN4m1UEj7n:aGXuHrSCTNblXvJmDhxFle4bWOzrYKvk Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml.un1que_readme Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 1.07 KB
MD5 ee3b84e961c94200887f33cc3cba04a7 Copy to Clipboard
SHA1 f2f73d78e21d55664e5227c605b7a89ba1354fcb Copy to Clipboard
SHA256 fcf1a13655fcca8510b523483bb410f1845a42ab9939de607090b32a3c6335d9 Copy to Clipboard
SSDeep 24:aGvGzqukMrSJgTN8ogsEORvLBFamwsOzWaJ27ZPnpVmtrQNPX2mNaL:aGXuHrSCTNblXRDheJ27ZPpVkrnmNaL Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml.un1que_readme Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 1.07 KB
MD5 5b1747ee80e92c4db1ff39d6a1534053 Copy to Clipboard
SHA1 f8e714be55e5514dfadb3ea7cfb70acfbe374c7c Copy to Clipboard
SHA256 2d5b89818f7273f63b4781641f9be3631ca27b947d66722875adeb5a0be82ade Copy to Clipboard
SSDeep 24:aGvGzqukMrSJgTN8ogsEOqovnvLKuxvh0ZYBxSO7LSzdlKqpX7i/X5K:aGXuHrSCTNblXTvnDKuxvh0ZYBxzcdZ9 Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab.un1que_readme Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 1.07 KB
MD5 7e797268e1dbe2a389530c75d1b5900e Copy to Clipboard
SHA1 f3087368d3f14df15d0c935e9767b7a2bfa1883d Copy to Clipboard
SHA256 435f5deacc91d8b1f937e45ec8e1158a82df09d65e03e27601907386d013d30d Copy to Clipboard
SSDeep 24:aGvGzqukMrSJgTN8ogsEOkyAvL6A2T3neA9xTUsIDkDRZnEndWriCKQa5CqneEC:aGXuHrSCTNblXkrD6AI3eEYsIDkDEndq Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi.un1que_readme Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 1.09 KB
MD5 6e2b69ad969a0d492b3d601aeabe2d62 Copy to Clipboard
SHA1 99433a7508bc9908faa7a0e55fe9bee6aa0e9c00 Copy to Clipboard
SHA256 eda65679f238f5574269f0fb96fe6c7279c544fd98f612e0811f864c6728476b Copy to Clipboard
SSDeep 24:aGvGzqukMrSJgTN8ogsEO00vLwXMCE7d3Jwe8xAoTEKYBBtZUDtTfp7pA:aGXuHrSCTNblX00DwXMKxAozYBBStTRi Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml.un1que_readme Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 1.08 KB
MD5 d4230017dfa0fd2d588c6dadad01c446 Copy to Clipboard
SHA1 798c32686d6752131299ae4a4be707b0ed29cb5c Copy to Clipboard
SHA256 03235a844eebf5561139bb9ef1f47e2b0fe4b01c7e8a733fd0309e863acf0234 Copy to Clipboard
SSDeep 24:aGvGzqukMrSJgTN8ogsEOQvL6QBOVJeJg/l11kCJoc5USHrKGdQoJLWqeS7nZ:aGXuHrSCTNblXQDWVGg/l11t3DrLQoJd Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab.un1que_readme Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 1.07 KB
MD5 b8dc8a1e809c85a8a91f74d074191d09 Copy to Clipboard
SHA1 a517fc72af4f952f54d907583e67f1962f8260ad Copy to Clipboard
SHA256 676eead8b2dc3f3e81f3a72324dabc18f6495610db0c34f0f17092227d76a62b Copy to Clipboard
SSDeep 24:aGvGzqukMrSJgTN8ogsEO5vLlBxBe8UXXZTvF4bD/eb+qjlP:aGXuHrSCTNblX5DlBne8iX9F4u6qRP Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi.un1que_readme Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 1.09 KB
MD5 9982597d5d739bdb0e2c565cdfba9596 Copy to Clipboard
SHA1 03034e782171bc831680abeff056db9d39b3c3b6 Copy to Clipboard
SHA256 6b46b3b915eb0fba64f8b2dcc8ed51d3a8c8f17115de7002cb9c1d60198f7ab8 Copy to Clipboard
SSDeep 24:aGvGzqukMrSJgTN8ogsEO7mvLVrfKuASLb6hnQdEi1KtHHSYmbd:aGXuHrSCTNblXaD9D+hnQd9OnxmB Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml.un1que_readme Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 1.08 KB
MD5 663e70dcb6642f7b7f7a9ca2d7b1b0f4 Copy to Clipboard
SHA1 75e7cf27244f7a8d533ff633f7c4b7e528ecac29 Copy to Clipboard
SHA256 3d70a2e9992ad5200af3fe89073473054a9e3a38c493b6260248c26d58523021 Copy to Clipboard
SSDeep 24:aGvGzqukMrSJgTN8ogsEOFvL33FNDg/xenuZrd0x+T8BK5x:aGXuHrSCTNblXFD3mpas Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab.un1que_readme Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 1.08 KB
MD5 62bdf2b585c62f9debf0d2c36740f865 Copy to Clipboard
SHA1 6a9cc1b6888a4414ae7217a147d3a1a45d85f446 Copy to Clipboard
SHA256 c76618bab2612ef3ab9476193377469ab024c2061404b922855b2280c7926b52 Copy to Clipboard
SSDeep 24:aGvGzqukMrSJgTN8ogsEO/JEqvLd/IdWFEUez4Bgv7w5xNbsd63:aGXuHrSCTNblX/qqDdgcEUSWgvAxqS Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi.un1que_readme Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 1.09 KB
MD5 2718d7422a97a4c0febd91ed42f5b97a Copy to Clipboard
SHA1 1cd1d210d8ab417d9b5d62b644f210e66e69052c Copy to Clipboard
SHA256 ff5851caba4d6eba4292a180e907c055d990a9e2700050b541b24a3ef6b5111f Copy to Clipboard
SSDeep 24:aGvGzqukMrSJgTN8ogsEOpvLGA8wqoOHlvKnC/fBcZ7jFen:aGXuHrSCTNblXpDGA8wqoOFSnsetjFe Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml.un1que_readme Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 1.08 KB
MD5 84ccc953abdaed24294cac951c852dac Copy to Clipboard
SHA1 a42ca49bed1a9d9d6b6f9358fcaa47698f475c02 Copy to Clipboard
SHA256 4a511d1301259b1e6c92881899cff0c87db79a6c6bf0b3bf78687a66252756cd Copy to Clipboard
SSDeep 24:aGvGzqukMrSJgTN8ogsEOUvL2mAgLmzCV6njJLJNeIlAJD+//ajsbv:aGXuHrSCTNblXUD2mN3gn9LsJD+Xa4 Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi.un1que_readme Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 1.09 KB
MD5 aa84d621cc29541e3d1b0de86bc1e01b Copy to Clipboard
SHA1 9727c972d3780a4cc4f3277cbd03b74221d9a290 Copy to Clipboard
SHA256 d75f6dee0ee4f6e25cc83a8850555530b6190703878b118b35d65ee0c5ace58e Copy to Clipboard
SSDeep 24:aGvGzqukMrSJgTN8ogsEOAhGvLRPFD+PCSSjcHUlWvVR5O:aGXuHrSCTNblXAhGDRP0PPd0lKVu Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml.un1que_readme Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 1.08 KB
MD5 9492510efcf2d1aacdc225adcc7c4879 Copy to Clipboard
SHA1 f33357874e8abf33de219e89d4f0bfd75ce7e850 Copy to Clipboard
SHA256 3dc9547bc0cc0ef80343819f504670fa2757c80234d32853512c4b569237bc17 Copy to Clipboard
SSDeep 24:aGvGzqukMrSJgTN8ogsEO99vL4eJk3sAuRMET1vBTZyRX5:aGXuHrSCTNblXbDJEEsX5 Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab.un1que_readme Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 1.07 KB
MD5 3783330bed01c79285d8966f200bead3 Copy to Clipboard
SHA1 3862c9139f821e62b4651cbf4a57797a5e6fb9ea Copy to Clipboard
SHA256 af60b55c3726121a1a3d99126792cbcc294c9ec39dcb3277c50bdfec0c88ac95 Copy to Clipboard
SSDeep 24:aGvGzqukMrSJgTN8ogsEOUvLKIcdL+g/tuPEJwdSX9ls:aGXuHrSCTNblXUDKIcFDtuPFdSXjs Copy to Clipboard
ImpHash None Copy to Clipboard
C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml.un1que_readme Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 1.07 KB
MD5 4db945da9acd07fd814e34b2e9356e20 Copy to Clipboard
SHA1 913e39050fa8f40a4486b7282bcdb5084421c27a Copy to Clipboard
SHA256 1ff6de93defec1757295889f66197301da1ba041a9acae97f069677f0a8b0189 Copy to Clipboard
SSDeep 24:aGvGzqukMrSJgTN8ogsEOhYvLJtKdRTidBp2OHmIz580MKl9BYBE76:aGXuHrSCTNblXhYDJUdRmdL2OHmmsKlG Copy to Clipboard
ImpHash None Copy to Clipboard
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image