5ce923fb...72be | Files
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification:
Ransomware
Trojan
Threat Names:
Generic.Ransom.Antefrigus.9438A566
Win32.Trojan.Delshad

sqfaea.exe

Windows Exe (x86-32)

Created at 2020-02-01T08:39:00

...

Remarks (1/1)

(0x0200000E): The overall sleep time of all monitored processes was truncated from "15 seconds" to "10 seconds" to reveal dormant functionality.

Filters:
Filename Category Type Severity Actions
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\sqfaea.exe Sample File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 159.50 KB
MD5 83545c25c707521d930a0c876ea8ba28 Copy to Clipboard
SHA1 b3a7024f75fb41bcdf0b41b43c779b8ea32f7214 Copy to Clipboard
SHA256 5ce923fbb11fa354c6a5d182c99d63437153a7204480876dd18371486c2072be Copy to Clipboard
SSDeep 3072:pMRF8utaJuweLrc+s2iD+R0in83PhNnmfCTunZ9hyBUOtveRwdFrW49rvwGVAZ:KFta4weLrIQ3n8zmfCTuZPyBU24wdFak Copy to Clipboard
ImpHash 64c25779d502193b31059172aadc6903 Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
First Seen 2020-01-20 09:00 (UTC+1)
Last Seen 2020-02-01 09:28 (UTC+1)
Names Win32.Trojan.Delshad
Families Delshad
Classification Trojan
PE Information
»
Image Base 0x400000
Entry Point 0x4662f0
Size Of Code 0x28000
Size Of Initialized Data 0x1000
Size Of Uninitialized Data 0x3e000
File Type FileType.executable
Subsystem Subsystem.windows_cui
Machine Type MachineType.i386
Compile Timestamp 2020-01-16 12:34:29+00:00
Packer UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
UPX0 0x401000 0x3e000 0x0 0x400 IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
UPX1 0x43f000 0x28000 0x27600 0x400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 7.93
.rsrc 0x467000 0x1000 0x400 0x27a00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.34
Imports (4)
»
KERNEL32.DLL (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
LoadLibraryA 0x0 0x467248 0x67248 0x27c48 0x0
GetProcAddress 0x0 0x46724c 0x6724c 0x27c4c 0x0
VirtualProtect 0x0 0x467250 0x67250 0x27c50 0x0
VirtualAlloc 0x0 0x467254 0x67254 0x27c54 0x0
VirtualFree 0x0 0x467258 0x67258 0x27c58 0x0
ExitProcess 0x0 0x46725c 0x6725c 0x27c5c 0x0
ADVAPI32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegCloseKey 0x0 0x467264 0x67264 0x27c64 0x0
USER32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShowWindow 0x0 0x46726c 0x6726c 0x27c6c 0x0
WININET.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
InternetOpenW 0x0 0x467274 0x67274 0x27c74 0x0
Local AV Matches (1)
»
Threat Name Severity
Generic.Ransom.Antefrigus.9438A566
Malicious
C:/Users/desktop.ini.bbadc Dropped File Text
Whitelisted
...
»
Also Known As C:/Users/desktop.ini (Dropped File)
Mime Type text/plain
File Size 174 Bytes
MD5 6b1a6a9959ce35fa0df98f8e602bb191 Copy to Clipboard
SHA1 ae54a61fe5715a7a23f2f517dc13d23dd28b56f9 Copy to Clipboard
SHA256 8f6c28c6f4ef09a335123af11dfd7a45ffdec661acdef2c151e871a7e060e71e Copy to Clipboard
SSDeep 3:QJ8ql62fEilSl7lA5wXdUSlAOlRXKQlcl5lWGlyHk15lulATTM7lBlnJSl6nHl49:QyqRsioTA5wmHOlRaQmZWGokJqAMhAlp Copy to Clipboard
ImpHash None Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2013-03-17 16:12 (UTC+1)
Last Seen 2019-04-17 13:50 (UTC+2)
C:/Users/5p5NrGJn0jS HALPmcxz/AppData/Local/Temp/Cookies/index.dat.bbadc Dropped File Stream
Whitelisted
...
»
Also Known As C:/Users/5p5NrGJn0jS HALPmcxz/AppData/Local/Temp/Cookies/index.dat (Dropped File)
Mime Type application/octet-stream
File Size 16.00 KB
MD5 d7a950fefd60dbaa01df2d85fefb3862 Copy to Clipboard
SHA1 15740b197555ba8e162c37a60ba655151e3bebae Copy to Clipboard
SHA256 75d0b1743f61b76a35b1fedd32378837805de58d79fa950cb6e8164bfa72073a Copy to Clipboard
SSDeep 3:qRFiJ2totWIlXllll:qjyx Copy to Clipboard
ImpHash None Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2011-05-28 23:39 (UTC+2)
Last Seen 2019-07-12 16:06 (UTC+2)
C:/Users/5p5NrGJn0jS HALPmcxz/AppData/Roaming/Microsoft/Network/Connections/Pbk/_hiddenPbk/rasphone.pbk.bbadc Dropped File Stream
Whitelisted
...
»
Also Known As C:/Users/5p5NrGJn0jS HALPmcxz/AppData/Roaming/Microsoft/Network/Connections/Pbk/_hiddenPbk/rasphone.pbk (Dropped File)
Mime Type application/octet-stream
File Size 1 Bytes
MD5 7fc56270e7a70fa81a5935b72eacbe29 Copy to Clipboard
SHA1 6dcd4ce23d88e2ee9568ba546c007c63d9131c1b Copy to Clipboard
SHA256 559aead08264d5795d3909718cdd05abd49572e84fe55590eef31a88a08fdffd Copy to Clipboard
SSDeep 3:k:k Copy to Clipboard
ImpHash None Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2011-05-31 11:47 (UTC+2)
Last Seen 2020-01-05 10:10 (UTC+1)
C:/Users/5p5NrGJn0jS HALPmcxz/Downloads/desktop.ini.bbadc Dropped File Text
Whitelisted
...
»
Also Known As C:/Users/5p5NrGJn0jS HALPmcxz/Downloads/desktop.ini (Dropped File)
Mime Type text/plain
File Size 282 Bytes
MD5 3a37312509712d4e12d27240137ff377 Copy to Clipboard
SHA1 30ced927e23b584725cf16351394175a6d2a9577 Copy to Clipboard
SHA256 b029393ea7b7cf644fb1c9f984f57c1980077562ee2e15d0ffd049c4c48098d3 Copy to Clipboard
SSDeep 6:QyqRsioTA5wmHOlRaQmZWGokJqAMhAlt4DAlLwkAl2FlRaQmZWGokJISlVl9:QZsiL5wmHOlDmo0qmt4clLwr2FlDmo0d Copy to Clipboard
ImpHash None Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2013-01-29 10:18 (UTC+1)
Last Seen 2019-09-17 11:48 (UTC+2)
C:/Users/5p5NrGJn0jS HALPmcxz/Saved Games/desktop.ini.bbadc Dropped File Text
Whitelisted
...
»
Also Known As C:/Users/5p5NrGJn0jS HALPmcxz/Saved Games/desktop.ini (Dropped File)
Mime Type text/plain
File Size 282 Bytes
MD5 b441cf59b5a64f74ac3bed45be9fadfc Copy to Clipboard
SHA1 3da72a52e451a26ca9a35611fa8716044a7c0bbc Copy to Clipboard
SHA256 e6fdf8ed07b19b2a3b8eff05de7bc71152c85b377b9226f126dc54b58b930311 Copy to Clipboard
SSDeep 6:QyqRsioTA5wmHOlRaQmZWGokJqAMhAlCA7pDAlLwkAl2FlRaQmZWGokJISlv:QZsiL5wmHOlDmo0qmCOclLwr2FlDmo0X Copy to Clipboard
ImpHash None Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2013-03-17 16:08 (UTC+1)
Last Seen 2019-04-17 13:50 (UTC+2)
C:/Boot/CLICK_HERE-bbadc.txt Dropped File Text
Unknown
...
»
Also Known As C:/Boot/it-IT/CLICK_HERE-bbadc.txt (Dropped File)
C:/MSOCache/CLICK_HERE-bbadc.txt (Dropped File)
C:/Users/5p5NrGJn0jS HALPmcxz/AppData/Roaming/Microsoft/MS Project/14/CLICK_HERE-bbadc.txt (Dropped File)
C:/Users/5p5NrGJn0jS HALPmcxz/AppData/LocalLow/Microsoft/CryptnetUrlCache/MetaData/CLICK_HERE-bbadc.txt (Dropped File)
C:/Boot/pl-PL/CLICK_HERE-bbadc.txt (Dropped File)
C:/Boot/zh-TW/CLICK_HERE-bbadc.txt (Dropped File)
C:/Users/5p5NrGJn0jS HALPmcxz/AppData/Roaming/Microsoft/Crypto/RSA/CLICK_HERE-bbadc.txt (Dropped File)
C:/Users/5p5NrGJn0jS HALPmcxz/AppData/Roaming/Microsoft/Document Building Blocks/1033/14/CLICK_HERE-bbadc.txt (Dropped File)
C:/Boot/ja-JP/CLICK_HERE-bbadc.txt (Dropped File)
C:/Boot/pt-PT/CLICK_HERE-bbadc.txt (Dropped File)
C:/Boot/de-DE/CLICK_HERE-bbadc.txt (Dropped File)
c:\users\click_here-bbadc.txt (Dropped File)
C:/Users/5p5NrGJn0jS HALPmcxz/AppData/Roaming/Microsoft/Document Building Blocks/CLICK_HERE-bbadc.txt (Dropped File)
C:/Users/5p5NrGJn0jS HALPmcxz/AppData/LocalLow/Microsoft/IMJP12/CLICK_HERE-bbadc.txt (Dropped File)
C:/CLICK_HERE-bbadc.txt (Dropped File)
C:/Users/5p5NrGJn0jS HALPmcxz/AppData/Roaming/Microsoft/Credentials/CLICK_HERE-bbadc.txt (Dropped File)
C:/Boot/tr-TR/CLICK_HERE-bbadc.txt (Dropped File)
C:/Boot/hu-HU/CLICK_HERE-bbadc.txt (Dropped File)
C:/Users/5p5NrGJn0jS HALPmcxz/AppData/LocalLow/Microsoft/IMJP8_1/CLICK_HERE-bbadc.txt (Dropped File)
C:/Boot/zh-HK/CLICK_HERE-bbadc.txt (Dropped File)
C:/Users/5p5NrGJn0jS HALPmcxz/AppData/Roaming/Adobe/Flash Player/CLICK_HERE-bbadc.txt (Dropped File)
C:/Boot/el-GR/CLICK_HERE-bbadc.txt (Dropped File)
C:/Boot/sv-SE/CLICK_HERE-bbadc.txt (Dropped File)
C:/Boot/nl-NL/CLICK_HERE-bbadc.txt (Dropped File)
C:/Boot/nb-NO/CLICK_HERE-bbadc.txt (Dropped File)
C:/MSOCache/All Users/{90140000-0016-0409-1000-0000000FF1CE}-C/CLICK_HERE-bbadc.txt (Dropped File)
C:/Boot/ko-KR/CLICK_HERE-bbadc.txt (Dropped File)
C:/Users/5p5NrGJn0jS HALPmcxz/AppData/Roaming/Adobe/Flash Player/AssetCache/D5NTRC6R/CLICK_HERE-bbadc.txt (Dropped File)
C:/Users/5p5NrGJn0jS HALPmcxz/AppData/Roaming/Adobe/Headlights/CLICK_HERE-bbadc.txt (Dropped File)
C:/Users/5p5NrGJn0jS HALPmcxz/AppData/Roaming/Adobe/Linguistics/Dictionaries/CLICK_HERE-bbadc.txt (Dropped File)
C:/Users/5p5NrGJn0jS HALPmcxz/AppData/Roaming/Macromedia/CLICK_HERE-bbadc.txt (Dropped File)
C:/Users/5p5NrGJn0jS HALPmcxz/AppData/Roaming/Microsoft/Document Building Blocks/1033/CLICK_HERE-bbadc.txt (Dropped File)
C:/Boot/es-ES/CLICK_HERE-bbadc.txt (Dropped File)
C:/Boot/cs-CZ/CLICK_HERE-bbadc.txt (Dropped File)
C:/Users/5p5NrGJn0jS HALPmcxz/AppData/Roaming/Adobe/Acrobat/CLICK_HERE-bbadc.txt (Dropped File)
C:/Boot/ru-RU/CLICK_HERE-bbadc.txt (Dropped File)
C:/Users/5p5NrGJn0jS HALPmcxz/AppData/Roaming/Microsoft/Crypto/CLICK_HERE-bbadc.txt (Dropped File)
C:/Boot/fi-FI/CLICK_HERE-bbadc.txt (Dropped File)
C:/Boot/da-DK/CLICK_HERE-bbadc.txt (Dropped File)
C:/Users/5p5NrGJn0jS HALPmcxz/AppData/LocalLow/Microsoft/IME12/CLICK_HERE-bbadc.txt (Dropped File)
C:/Users/5p5NrGJn0jS HALPmcxz/AppData/Roaming/Identities/CLICK_HERE-bbadc.txt (Dropped File)
C:/Boot/pt-BR/CLICK_HERE-bbadc.txt (Dropped File)
C:/Users/5p5NrGJn0jS HALPmcxz/AppData/Roaming/Adobe/Linguistics/CLICK_HERE-bbadc.txt (Dropped File)
C:/Users/5p5NrGJn0jS HALPmcxz/AppData/Roaming/Adobe/Flash Player/AssetCache/CLICK_HERE-bbadc.txt (Dropped File)
C:/Boot/Fonts/CLICK_HERE-bbadc.txt (Dropped File)
C:/Users/5p5NrGJn0jS HALPmcxz/AppData/Roaming/Adobe/LogTransport2/CLICK_HERE-bbadc.txt (Dropped File)
C:/Users/5p5NrGJn0jS HALPmcxz/AppData/Roaming/Microsoft/MS Project/14/1033/CLICK_HERE-bbadc.txt (Dropped File)
C:/MSOCache/All Users/CLICK_HERE-bbadc.txt (Dropped File)
C:/Users/5p5NrGJn0jS HALPmcxz/AppData/LocalLow/Sun/CLICK_HERE-bbadc.txt (Dropped File)
C:/Users/5p5NrGJn0jS HALPmcxz/AppData/LocalLow/Sun/Java/CLICK_HERE-bbadc.txt (Dropped File)
C:/Boot/zh-CN/CLICK_HERE-bbadc.txt (Dropped File)
C:/Users/5p5NrGJn0jS HALPmcxz/AppData/Roaming/Microsoft/AddIns/CLICK_HERE-bbadc.txt (Dropped File)
C:/Boot/fr-FR/CLICK_HERE-bbadc.txt (Dropped File)
C:/Boot/en-US/CLICK_HERE-bbadc.txt (Dropped File)
C:/Users/5p5NrGJn0jS HALPmcxz/AppData/LocalLow/Microsoft/IMJP9_0/CLICK_HERE-bbadc.txt (Dropped File)
C:/Users/5p5NrGJn0jS HALPmcxz/AppData/Roaming/Identities/{31810C36-5D23-4CCE-A3B4-316DED195C38}/CLICK_HERE-bbadc.txt (Dropped File)
Mime Type text/plain
File Size 972 Bytes
MD5 c1c72b46b476b79b3d742f8117aadd1a Copy to Clipboard
SHA1 72e39b2f21b743b9234def861e16a7edb61c59e3 Copy to Clipboard
SHA256 2a12ab8a394962334ceb3a0188f77c42ad3c41cfa7d54c1f44bcdafd908fcfe3 Copy to Clipboard
SSDeep 24:y/IhpNs7wRJFrFR5TSHFWN0OpoySrFuksdwKHRN1:y/MpLr5AWN7ojgksdlf1 Copy to Clipboard
ImpHash None Copy to Clipboard
C:/BOOTSECT.BAK.bbadc Dropped File Stream
Unknown
...
»
Also Known As C:/BOOTSECT.BAK (Dropped File)
Mime Type application/octet-stream
File Size 8.00 KB
MD5 ba747f5e22df8f2b63fa5e0fd627765c Copy to Clipboard
SHA1 a588e53440ec0393b1cae408e73606f72e94face Copy to Clipboard
SHA256 75ff1b1836fd6d04c5ea4e17b4fad1163f8059dcaf2def13f1c79c69b061a464 Copy to Clipboard
SSDeep 96:vzDaidCuhFwDG+8A4PtbiW+uGGfz/+vWVrQUqDayFB3d4:7Oid3zwDGIOtbiW4q/+ZUgBN4 Copy to Clipboard
ImpHash None Copy to Clipboard
C:/Boot/BOOTSTAT.DAT.bbadc Dropped File Stream
Unknown
...
»
Also Known As C:/Boot/BOOTSTAT.DAT (Dropped File)
Mime Type application/octet-stream
File Size 64.00 KB
MD5 44111b5701159088b7eb3c5570676269 Copy to Clipboard
SHA1 3db8539fe4caf11d850eef681edde56ab0db7114 Copy to Clipboard
SHA256 1a221c56743d6569c9e2bd7a8fac866c3142e2c3b8ec300b1669e862318f389f Copy to Clipboard
SSDeep 3:/lFlkJM/0lvlllAiMl76Xkt/ulllUleK8UhaeOl2l+Sli5lWyyHk15ltpKMtt:O+0l9kl76cqUXNtOlC+SkSJkJbKMt Copy to Clipboard
ImpHash None Copy to Clipboard
C:/MSOCache/All Users/{90140000-0016-0409-1000-0000000FF1CE}-C/ExcelLR.cab.bbadc Dropped File Stream
Unknown
...
»
Also Known As C:/MSOCache/All Users/{90140000-0016-0409-1000-0000000FF1CE}-C/ExcelLR.cab (Dropped File)
Mime Type application/octet-stream
File Size 10.00 MB
MD5 5615b1b08ced586e986e9c63e2717dd8 Copy to Clipboard
SHA1 91850c7e4ceca0708dd37fd0850ecab900766aca Copy to Clipboard
SHA256 c3cc70eb5200e5cfd5835e1845d407bbc5f9c0d7f520546692b5b9ad6d6b9903 Copy to Clipboard
SSDeep 196608:xlsFVu+ZK2cp5jpOaV/T56Ci/t3sMN1oxJ+qZJZcoVsoHn+fRHZ9AeZ+8J5tJ:xKzu+ZFA5jVTaIj+QpDkRHZ9ZA8jtJ Copy to Clipboard
ImpHash None Copy to Clipboard
C:/MSOCache/All Users/{90140000-0016-0409-1000-0000000FF1CE}-C/ExcelMUI.msi.bbadc Dropped File Stream
Unknown
...
»
Also Known As C:/MSOCache/All Users/{90140000-0016-0409-1000-0000000FF1CE}-C/ExcelMUI.msi (Dropped File)
Mime Type application/octet-stream
File Size 2.39 MB
MD5 07cf00b0fde2c036002912a6f831e870 Copy to Clipboard
SHA1 8439e827190228cf3fa9799c1bf3af36456cb843 Copy to Clipboard
SHA256 b0fcb0cac026bf4a9f6470aa46974efa8049414c9df3af36d7f020fe19e0f6a0 Copy to Clipboard
SSDeep 49152:utu8ZJwfFHM9jTz783SRy+yN72XR7Xc7DiO9obME+2js:uhTyNs2u8 Copy to Clipboard
ImpHash None Copy to Clipboard
C:/MSOCache/All Users/{90140000-0016-0409-1000-0000000FF1CE}-C/ExcelMUI.xml.bbadc Dropped File Text
Unknown
...
»
Also Known As C:/MSOCache/All Users/{90140000-0016-0409-1000-0000000FF1CE}-C/ExcelMUI.xml (Dropped File)
Mime Type text/plain
File Size 1.53 KB
MD5 cab2447b002747eca3d9883ddbb420e6 Copy to Clipboard
SHA1 ac72751d997fa26f36d851777b38957e1f30893f Copy to Clipboard
SHA256 475d4e8fb1a363beac1575cabd9db553c69efbb332c4462da8fe1321f9c2f349 Copy to Clipboard
SSDeep 24:oi22VmmrKs7Xn+i3xhzSCpzmLxqWWxLJ3VxLcm7LVCAGDuZ4T6c6hkhYY+5LgJO:of2ou7Xn+SMrL5oJPn7MAgWN4b+5LgA Copy to Clipboard
ImpHash None Copy to Clipboard
C:/MSOCache/All Users/{90140000-0016-0409-1000-0000000FF1CE}-C/Setup.xml.bbadc Dropped File Text
Unknown
...
»
Also Known As C:/MSOCache/All Users/{90140000-0016-0409-1000-0000000FF1CE}-C/Setup.xml (Dropped File)
Mime Type text/plain
File Size 2.24 KB
MD5 9c50dae47fbbda276c7fa33753e1389b Copy to Clipboard
SHA1 911b50587591dd05646494accbf3ece0a6eaf288 Copy to Clipboard
SHA256 095cd64097a0a378d3df4d4cb14472bf138bdcea15b34abc5623112c6f203eae Copy to Clipboard
SSDeep 48:ovCy5+qjQjLS8la0l9tiWaWjbx57BH9dkb7nHr5HVHjnRFyvBqjA4LT6:v6+qEDaO/ftH9CbLH1HVHDRFyvIjA4C Copy to Clipboard
ImpHash None Copy to Clipboard
C:/MSOCache/All Users/{90140000-0018-0409-1000-0000000FF1CE}-C/PowerPointMUI.msi.bbadc Dropped File Stream
Unknown
...
»
Also Known As C:/MSOCache/All Users/{90140000-0018-0409-1000-0000000FF1CE}-C/PowerPointMUI.msi (Dropped File)
Mime Type application/octet-stream
File Size 2.39 MB
MD5 c58cfa18441fec1ee08a0bbd9d0da607 Copy to Clipboard
SHA1 b4e5068216dc0ec41deba047613ed51bb8350d8e Copy to Clipboard
SHA256 aaf364a8cc2b91b19712fe920eed2ce3c2ed3c9cdd02fb6f72cb3028f79d3522 Copy to Clipboard
SSDeep 49152:Ktu8ZJwfFHM9jTz783SRy+yN72XR7Xc7DiO9obME+2jP:KhTyNs2uf Copy to Clipboard
ImpHash None Copy to Clipboard
C:/MSOCache/All Users/{90140000-0018-0409-1000-0000000FF1CE}-C/PowerPointMUI.xml.bbadc Dropped File Text
Unknown
...
»
Also Known As C:/MSOCache/All Users/{90140000-0018-0409-1000-0000000FF1CE}-C/PowerPointMUI.xml (Dropped File)
Mime Type text/plain
File Size 1.42 KB
MD5 ce37a5838c7a224f038cefdebd6bb779 Copy to Clipboard
SHA1 c7d6dcd83db54c30fa6df7708f2ea19068c359fe Copy to Clipboard
SHA256 cb5013a7f896ec7f76250ca5678074406b8a394edc77d816f68eecc1857b4dfd Copy to Clipboard
SSDeep 24:oiQc/d/yy8c36WdjgxJymgizWL7WWDDuZ4TMR2hEzq+E4YtRO:oP2yNK9gxSnL7fxgR2AqBto Copy to Clipboard
ImpHash None Copy to Clipboard
C:/MSOCache/All Users/{90140000-0018-0409-1000-0000000FF1CE}-C/Setup.xml.bbadc Dropped File Text
Unknown
...
»
Also Known As C:/MSOCache/All Users/{90140000-0018-0409-1000-0000000FF1CE}-C/Setup.xml (Dropped File)
Mime Type text/plain
File Size 1.84 KB
MD5 90fb7562fa4c864ba1212ced005dd05a Copy to Clipboard
SHA1 10fa0515e9fb97d27eb1bdb347eb4104c4ee88bb Copy to Clipboard
SHA256 f8165bcd287650d3f4b6303ed12944a5de33ffb40147bdb0da9aca9e56562cda Copy to Clipboard
SSDeep 24:oiPXIGckbSDjQDjoB9Yh6WTYhDIEsYhDjtSuOVQcJdm/jGfZn0Q+wE8jX8bk7DWj:oFGDqjQjcqTW8WjtSRimdSu+ijs4DLT6 Copy to Clipboard
ImpHash None Copy to Clipboard
C:/MSOCache/All Users/{90140000-0019-0409-1000-0000000FF1CE}-C/PublisherMUI.msi.bbadc Dropped File Stream
Unknown
...
»
Also Known As C:/MSOCache/All Users/{90140000-0019-0409-1000-0000000FF1CE}-C/PublisherMUI.msi (Dropped File)
Mime Type application/octet-stream
File Size 2.40 MB
MD5 25ccb68fc99503de29a2ff120af60a01 Copy to Clipboard
SHA1 460ef0d9c73fbe8d88c505e663bf2b08897042d4 Copy to Clipboard
SHA256 6ca88a53bbcf23f468aeee0f51e317747315cc4a9691142d0def65e1e42cd023 Copy to Clipboard
SSDeep 49152:Ltu8ZJwfFHM9jTz783SRy+yN72XR7Xc7DiO9obME+2jO:LhTyNs2ue Copy to Clipboard
ImpHash None Copy to Clipboard
C:/MSOCache/All Users/{90140000-0019-0409-1000-0000000FF1CE}-C/PublisherMUI.xml.bbadc Dropped File Text
Unknown
...
»
Also Known As C:/MSOCache/All Users/{90140000-0019-0409-1000-0000000FF1CE}-C/PublisherMUI.xml (Dropped File)
Mime Type text/plain
File Size 1.42 KB
MD5 24624e8f58bcbbe50b4d277d7f782c61 Copy to Clipboard
SHA1 b60f3566c0ff0ee5bb871332d4e1fe0992465052 Copy to Clipboard
SHA256 b42e71fb9836ddd8749080305ce723ab1f236fe83ea288f2985e849b8e06d44f Copy to Clipboard
SSDeep 24:oiJDZJAZ/l3j9lfbYXG7YXEt4UYHjpkYADuZ4TOmG7YURG6omYtRO:o8AM2sUt4JHjpZCiEURG6oRto Copy to Clipboard
ImpHash None Copy to Clipboard
C:/MSOCache/All Users/{90140000-0019-0409-1000-0000000FF1CE}-C/PubLR.cab.bbadc Dropped File Stream
Unknown
...
»
Also Known As C:/MSOCache/All Users/{90140000-0019-0409-1000-0000000FF1CE}-C/PubLR.cab (Dropped File)
Mime Type application/octet-stream
File Size 9.50 MB
MD5 f85723d458b85ddd4cc8ead2f26c5d99 Copy to Clipboard
SHA1 587dd3472ebe1ab50d21811cee6d218a926d4f34 Copy to Clipboard
SHA256 84f626398db89fdafc0772fdd69092f59d20b25fa875cef7be7f322f63ee9ff0 Copy to Clipboard
SSDeep 196608:MWVAMf1YtlSciQ3sd2obs79i9snyGhXU++bDj1z0GYn5K12802Vypv:MWVffMs23sd2Z7M9sn9hXUDbDjM5X80r Copy to Clipboard
ImpHash None Copy to Clipboard
C:/MSOCache/All Users/{90140000-0019-0409-1000-0000000FF1CE}-C/Setup.xml.bbadc Dropped File Text
Unknown
...
»
Also Known As C:/MSOCache/All Users/{90140000-0019-0409-1000-0000000FF1CE}-C/Setup.xml (Dropped File)
Mime Type text/plain
File Size 1.57 KB
MD5 6f0b1d6674d47bb1d136f63ee33c0d62 Copy to Clipboard
SHA1 08f741b9452f1c9d60ebf926a4c470aec5e52788 Copy to Clipboard
SHA256 1cfedc2e231651ebe25c7a41cdbf98cf733d9e6bb61e98fff062d7be1b33be31 Copy to Clipboard
SSDeep 24:oigkL4wlJSj9W33XvfbSDjQDjoefIYhnVQc0/kdmjoZiPG3/PG/jiHG3/4/BxjMe:obkLRC83nnqjQjJIciWdBNj3hqLT6 Copy to Clipboard
ImpHash None Copy to Clipboard
C:/MSOCache/All Users/{90140000-001A-0409-1000-0000000FF1CE}-C/OutlkLR.cab.bbadc Dropped File Stream
Unknown
...
»
Also Known As C:/MSOCache/All Users/{90140000-001A-0409-1000-0000000FF1CE}-C/OutlkLR.cab (Dropped File)
Mime Type application/octet-stream
File Size 10.00 MB
MD5 bffdb8760782294fdaf0ebf1e85a7093 Copy to Clipboard
SHA1 633ef671f0280b67e907bc48ddc5947e8ab15542 Copy to Clipboard
SHA256 69483053f8bd18aa1658db96f16cb72e3bdd62bc420305b85dec1800160f1e56 Copy to Clipboard
SSDeep 196608:1XvNgY3TUgxHSkCvNyhRXDF9xZ3NxMGfzJq3s9Ic2KQBTJjmFwQXm3nzVMVDwlWj:XgmNykCCRXbxZ3Plq3pcKBTJjmFz4VoR Copy to Clipboard
ImpHash None Copy to Clipboard
C:/MSOCache/All Users/{90140000-001A-0409-1000-0000000FF1CE}-C/OutlookMUI.msi.bbadc Dropped File Stream
Unknown
...
»
Also Known As C:/MSOCache/All Users/{90140000-001A-0409-1000-0000000FF1CE}-C/OutlookMUI.msi (Dropped File)
Mime Type application/octet-stream
File Size 2.73 MB
MD5 8c8b50b6312c8ed79a6b5b1ec65c14f2 Copy to Clipboard
SHA1 9dbb21221c1a05caee964cbde69363c4188798cc Copy to Clipboard
SHA256 2212c76da1922a8e90c3adcec9ab1693da27b5135f7381f022add6832a8f9f86 Copy to Clipboard
SSDeep 49152:ftuMZ5afFAM9jTz7D3SBywI0VYikfdDryNpSan7Xc77CK9oPMey2jy:fzc7yNzC4e Copy to Clipboard
ImpHash None Copy to Clipboard
C:/MSOCache/All Users/{90140000-001A-0409-1000-0000000FF1CE}-C/OutlookMUI.xml.bbadc Dropped File Text
Unknown
...
»
Also Known As C:/MSOCache/All Users/{90140000-001A-0409-1000-0000000FF1CE}-C/OutlookMUI.xml (Dropped File)
Mime Type text/plain
File Size 3.11 KB
MD5 bfb3258f5f570a206e197a70b2abe203 Copy to Clipboard
SHA1 3955fad560c5aebfc9bd4993f962503bde992b41 Copy to Clipboard
SHA256 8d4fe4e528a6fe99f7d30b856b574f5acf71aa7d631dde5d35f257d6ec6323d8 Copy to Clipboard
SSDeep 48:obwFk8Pd5P0I1h9Ozqi/oKP9RN5KDRevDqt2LS2nBDqS:7JPDylXZ Copy to Clipboard
ImpHash None Copy to Clipboard
C:/MSOCache/All Users/{90140000-001A-0409-1000-0000000FF1CE}-C/Setup.xml.bbadc Dropped File Text
Unknown
...
»
Also Known As C:/MSOCache/All Users/{90140000-001A-0409-1000-0000000FF1CE}-C/Setup.xml (Dropped File)
Mime Type text/plain
File Size 4.11 KB
MD5 39211ec28193cfeb2302f44cb2096e5e Copy to Clipboard
SHA1 89e284cae4c369a305948c344213790e7df4044f Copy to Clipboard
SHA256 c0fc6767a3301de81062d25b3fb45bf96b2121fe00750541e83e2cd7b42d47c9 Copy to Clipboard
SSDeep 48:oUkzhQJqjQjpur20Hsl3lrPlDlalDlvmlwlkW3Y8fWsWfzmIWjbg/bxxJWjbx579:86qEVj1JhghUaR30pydRlvpjwiFCC Copy to Clipboard
ImpHash None Copy to Clipboard
C:/MSOCache/All Users/{90140000-0115-0409-1000-0000000FF1CE}-C/OfficeMUI.msi.bbadc Dropped File Stream
Unknown
...
»
Also Known As C:/MSOCache/All Users/{90140000-0115-0409-1000-0000000FF1CE}-C/OfficeMUI.msi (Dropped File)
Mime Type application/octet-stream
File Size 3.53 MB
MD5 4b2948e4208055cf198805880d284f15 Copy to Clipboard
SHA1 4092584ed8065595c8cc1392992432c36fe1e692 Copy to Clipboard
SHA256 08da134474c57478e02458d072e277014c439591be98139b2186576ea3d738c6 Copy to Clipboard
SSDeep 49152:MtuoZLHfFnM9jTz743SFylJyI0DYikDjXoyNkSgR7X67/GW9obM6v2jVdgj8hski:MCY/IyNcsUMdn8 Copy to Clipboard
ImpHash None Copy to Clipboard
C:/MSOCache/All Users/{90140000-0115-0409-1000-0000000FF1CE}-C/1033/dwintl20.dll.bbadc Dropped File Stream
Unknown
...
»
Also Known As C:/MSOCache/All Users/{90140000-0115-0409-1000-0000000FF1CE}-C/1033/dwintl20.dll (Dropped File)
Mime Type application/octet-stream
File Size 105.38 KB
MD5 262d228892c3a6c2333b2912edaaa24d Copy to Clipboard
SHA1 27ccfd727301a930c40bf17f5b79e98836edd4bc Copy to Clipboard
SHA256 53530620b1c8c041b022138f4a938a65d6dea9e2a6577b9c4f45eed8c2eada04 Copy to Clipboard
SSDeep 3072:RYjjNajlajoajNajCaj4ajgaj6ajNajZaj8aj/ajPajbajJajJvJ:Si Copy to Clipboard
ImpHash None Copy to Clipboard
C:/Users/5p5NrGJn0jS HALPmcxz/AppData/Local/Adobe/Color/ACECache11.lst.bbadc Dropped File Stream
Unknown
...
»
Also Known As C:/Users/5p5NrGJn0jS HALPmcxz/AppData/Local/Adobe/Color/ACECache11.lst (Dropped File)
Mime Type application/octet-stream
File Size 1.15 KB
MD5 2575d6ad6bd4f07c3929e48a1721fbe1 Copy to Clipboard
SHA1 0c17e6161c1af64e9786d936c3ca093e64725209 Copy to Clipboard
SHA256 897ef1a6f225bedf7fd53a67117967f2ecfb43ab0168d631474fb374dd5ee6ac Copy to Clipboard
SSDeep 12:Ir5ZUkrM03S3YEjLj+UkrMAu/q0USE8EQLtrdg7BaFtr98nQcLoRg7BaF5OZDLk9:MZXr7qYJXrBu7yYp+/2 Copy to Clipboard
ImpHash None Copy to Clipboard
C:/Users/5p5NrGJn0jS HALPmcxz/AppData/Local/Microsoft/FORMS/FRMCACHE.DAT.bbadc Dropped File Stream
Unknown
...
»
Also Known As C:/Users/5p5NrGJn0jS HALPmcxz/AppData/Local/Microsoft/FORMS/FRMCACHE.DAT (Dropped File)
Mime Type application/octet-stream
File Size 240.22 KB
MD5 9469e59353ded3cf460ae45141c44640 Copy to Clipboard
SHA1 eb33f3a6d04d76dbf1f4bad8c0b2b8da6c8bcdb3 Copy to Clipboard
SHA256 170f8f6c6bcf6117dcbcc31adf136b8a794f82298697b722e01d1c1d73c3c5e5 Copy to Clipboard
SSDeep 1536:YawnRwnsCJsC/3kVhFgerczRtxIdamkzb72jcygynnms2cVaG7wn4wnS:mSzJL/3ku+cttqEXn2AygMmsmNS Copy to Clipboard
ImpHash None Copy to Clipboard
C:/Users/5p5NrGJn0jS HALPmcxz/AppData/Local/Temp/oxWc1bfIw0.avi Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 27.89 KB
MD5 b287fa87d8af0cccb89f5fc403b6449a Copy to Clipboard
SHA1 4eff1d76acda730bb4f3dbcf2d841819c8712402 Copy to Clipboard
SHA256 470e98d55c17751547c2686af0bcaf2f8a95538fa9457caad2a4d689dde0d3f5 Copy to Clipboard
SSDeep 768:jeeF3cHGGdDYGfGnQ0i9qnNjFKhrS27HV:PtYVDuQ0icnwr7 Copy to Clipboard
ImpHash None Copy to Clipboard
C:/Users/5p5NrGJn0jS HALPmcxz/AppData/Roaming/OipkaHKh.bmp.bbadc Dropped File Stream
Unknown
...
»
Also Known As C:/Users/5p5NrGJn0jS HALPmcxz/AppData/Roaming/OipkaHKh.bmp (Dropped File)
Mime Type application/octet-stream
File Size 88.04 KB
MD5 19a5d3592c6910d7213202484c2a51fc Copy to Clipboard
SHA1 9398c7b3a14a02448e6b11b5a78bfd42c380ccf8 Copy to Clipboard
SHA256 fc758884e0714b9992817d061547d849dad9e870f2c6520d3961176d0913d1c3 Copy to Clipboard
SSDeep 1536:earmIrDzgmDrFfjc3q7N895hhHTzIjRVTre0IBEKsoN4EDorE5IM3e7sVQ3BWx9w:earmCDzgmDlg3qYhdTzKR1OKKLNDKE5i Copy to Clipboard
ImpHash None Copy to Clipboard
C:/Users/5p5NrGJn0jS HALPmcxz/AppData/Roaming/Microsoft/Document Building Blocks/1033/14/Built-In Building Blocks.dotx.bbadc Dropped File Stream
Unknown
...
»
Also Known As C:/Users/5p5NrGJn0jS HALPmcxz/AppData/Roaming/Microsoft/Document Building Blocks/1033/14/Built-In Building Blocks.dotx (Dropped File)
Mime Type application/octet-stream
File Size 3.99 MB
MD5 280355f2b97809f8c8b5cc792eb8bd66 Copy to Clipboard
SHA1 0237c2000dfc702182122c9887333547fad25dcc Copy to Clipboard
SHA256 9546a710a0a42708bf6e2c519092c1ebf30114676275797b955cfd8e2f5d6ea5 Copy to Clipboard
SSDeep 98304:hmIRrO7K+FS8iUvRVr4HbLhRR9Fy1OCHiORatCfnSRVkPmWNW2q7KWrzmIs:Rr9EvXuHhRpRAatWnqVkHNTxWrq Copy to Clipboard
ImpHash None Copy to Clipboard
C:/Users/5p5NrGJn0jS HALPmcxz/AppData/Roaming/Microsoft/MS Project/14/1033/Global.MPT.bbadc Dropped File Stream
Unknown
...
»
Also Known As C:/Users/5p5NrGJn0jS HALPmcxz/AppData/Roaming/Microsoft/MS Project/14/1033/Global.MPT (Dropped File)
Mime Type application/octet-stream
File Size 381.50 KB
MD5 6bedf7b194a04a7fea3219a39db93246 Copy to Clipboard
SHA1 59250e2b476c1bf46e5e380a7f6629017085e724 Copy to Clipboard
SHA256 6f6239ba66bbc25efaefda93f74c19253a50add2e7729a2b8f03c669229f90b3 Copy to Clipboard
SSDeep 3072:UNAB9BKWbjhKEWh19I9IjNBqIYJsjNwslt2eEA1I:ylINIYJsjNwslt2eEH Copy to Clipboard
ImpHash None Copy to Clipboard
C:/Users/5p5NrGJn0jS HALPmcxz/AppData/Roaming/Microsoft/Office/MSO1033.acl.bbadc Dropped File Stream
Unknown
...
»
Also Known As C:/Users/5p5NrGJn0jS HALPmcxz/AppData/Roaming/Microsoft/Office/MSO1033.acl (Dropped File)
Mime Type application/octet-stream
File Size 36.88 KB
MD5 c9165cf6ce640f025602a27012426629 Copy to Clipboard
SHA1 1c72266120e28ac0a31b0430929e524f3c2d9755 Copy to Clipboard
SHA256 7335b28526fdae393cc2ba908129405532e8d617f9c24d03fa19f6eea3b9317a Copy to Clipboard
SSDeep 384:lQpI+cyJeYbbEtoNuB24GH2Qo+UQhXCnLDx1p863KtuWuUctJrfZK5HGN0H2FsYZ:MJpbI/ao+Usa9ZK/LJOX3QI Copy to Clipboard
ImpHash None Copy to Clipboard
C:/Users/5p5NrGJn0jS HALPmcxz/AppData/Roaming/Microsoft/Publisher Building Blocks/ContentStore.xml.bbadc Dropped File Stream
Unknown
...
»
Also Known As C:/Users/5p5NrGJn0jS HALPmcxz/AppData/Roaming/Microsoft/Publisher Building Blocks/ContentStore.xml (Dropped File)
Mime Type application/octet-stream
File Size 169 Bytes
MD5 1e1330b379b2a12de83cde13f659ecb8 Copy to Clipboard
SHA1 b98f569b55d064c5801250aa999917c48e24ce29 Copy to Clipboard
SHA256 494c17cb440ea52610b4ae320c3f89161e0f60796169018fbd741fd9d33d9e5f Copy to Clipboard
SSDeep 3:MJBBEkbE7ExG1qE7GE9msIiGwV4geExG1qE7Ezb7xjErExEvLkEGE8xjErExEvLZ:M7yaxG1zT9pIrQJxG1zELxjCYETNT8xY Copy to Clipboard
ImpHash None Copy to Clipboard
C:/Users/5p5NrGJn0jS HALPmcxz/AppData/Roaming/Microsoft/Templates/Normal.dotm.bbadc Dropped File Stream
Unknown
...
»
Also Known As C:/Users/5p5NrGJn0jS HALPmcxz/AppData/Roaming/Microsoft/Templates/Normal.dotm (Dropped File)
Mime Type application/octet-stream
File Size 20.15 KB
MD5 8e5de5e4be02502ceacc389b1f9df772 Copy to Clipboard
SHA1 9c1f375b3f3f907abdb9105ff24562a607f60bfb Copy to Clipboard
SHA256 1dca5acd0fac0a7a3195f636543ad7b70d8aa48fabd4057fe2017877d748efdb Copy to Clipboard
SSDeep 384:ZpWtyX3oX/Cr4uaze/oKA++G1nAVAZsPsF0qKkY0CqGVDK:ZMXagwoQn1noAHF0jfKGZK Copy to Clipboard
ImpHash None Copy to Clipboard
C:/Users/5p5NrGJn0jS HALPmcxz/AppData/Roaming/Microsoft/UProof/CUSTOM.DIC.bbadc Dropped File Stream
Unknown
...
»
Also Known As C:/Users/5p5NrGJn0jS HALPmcxz/AppData/Roaming/Microsoft/UProof/CUSTOM.DIC (Dropped File)
Mime Type application/octet-stream
File Size 3 Bytes
MD5 bda0a0d26402f91782ba25cc24d8b30c Copy to Clipboard
SHA1 a1ba34f728c94714e8bdfb920d5f97890081523d Copy to Clipboard
SHA256 8e9a259921a05712babf89e4182424fda464ca3f9b5c9fb8313f21f157e746cb Copy to Clipboard
SSDeep 3:M6:M6 Copy to Clipboard
ImpHash None Copy to Clipboard
C:/Users/5p5NrGJn0jS HALPmcxz/Documents/DythYZf1DZqfSUtTi_x.xlsx.bbadc Dropped File Stream
Unknown
...
»
Also Known As C:/Users/5p5NrGJn0jS HALPmcxz/Documents/DythYZf1DZqfSUtTi_x.xlsx (Dropped File)
Mime Type application/octet-stream
File Size 54.54 KB
MD5 808ffbe385ed952fc8ac569193b52c14 Copy to Clipboard
SHA1 bbd920c2bdbeb5f25b5e27b0dd63c3c892b6691f Copy to Clipboard
SHA256 fc88938aa21694f4f1abbcbd09d48909ead2b4656b01b14f608f89c15f6900c7 Copy to Clipboard
SSDeep 1536:FbA2hWtBC/FJHgcQdI0wEryEpnVJM2YF52/PzQT/hML:15ikFN0dlrZpnVWR2/PzS/2 Copy to Clipboard
ImpHash None Copy to Clipboard
C:/Boot/BCD.LOG1.bbadc Dropped File Unknown
Not Queried
...
»
Also Known As C:/Boot/BCD.LOG2.bbadc (Dropped File)
C:/Boot/BCD.LOG1 (Dropped File)
C:/Boot/BCD.LOG2 (Dropped File)
Mime Type -
File Size 0 Bytes
MD5 d41d8cd98f00b204e9800998ecf8427e Copy to Clipboard
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 Copy to Clipboard
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash None Copy to Clipboard
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image