7c2dbad5...31d1 | Files
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: Ransomware

wzmjbq.exe

Windows Exe (x86-32)

Created at 2019-11-19T08:17:00

...
Filters:
Filename Category Type Severity Actions
C:\Users\FD1HVy\Desktop\wzmjbq.exe Sample File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 55.00 KB
MD5 a35596ed0bfb34de4e512a3225f8300a Copy to Clipboard
SHA1 aeb09e894736cbb41e934f83cca0247fe89d8a19 Copy to Clipboard
SHA256 7c2dbad516d18d2c1c21ecc5792bc232f7b34dadc1bc19e967190d79174131d1 Copy to Clipboard
SSDeep 1536:gZVYb2bbBisyEcPC00h7sBvvKk+jTc7+T8l7RJV62CzVDL+oWB27evMCUQ:EV+GiVEc6RsMJQ Copy to Clipboard
ImpHash 3078147a4b21d62a2ff5d0ed67f98e73 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x40b730
Size Of Code 0xac00
Size Of Initialized Data 0x2c00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2019-11-16 08:37:02+00:00
Sections (4)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0xaa78 0xac00 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.55
.rdata 0x40c000 0x2430 0x2600 0xb000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.2
.data 0x40f000 0x1b4 0x200 0xd600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.34
.reloc 0x410000 0x384 0x400 0xd800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 6.07
Imports (9)
»
SHLWAPI.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StrStrW 0x0 0x40c0b8 0xe0cc 0xd0cc 0x148
wnsprintfA 0x0 0x40c0bc 0xe0d0 0xd0d0 0x16d
wnsprintfW 0x0 0x40c0c0 0xe0d4 0xd0d4 0x16e
MSVCRT.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
memcpy 0x0 0x40c098 0xe0ac 0xd0ac 0x297
memset 0x0 0x40c09c 0xe0b0 0xd0b0 0x299
SHELL32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SHEmptyRecycleBinA 0x0 0x40c0b0 0xe0c4 0xd0c4 0xa4
MPR.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WNetEnumResourceW 0x0 0x40c088 0xe09c 0xd09c 0x1c
WNetCloseEnum 0x0 0x40c08c 0xe0a0 0xd0a0 0x10
WNetOpenEnumW 0x0 0x40c090 0xe0a4 0xd0a4 0x3d
KERNEL32.dll (27)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ExitProcess 0x0 0x40c018 0xe02c 0xd02c 0x119
GetLogicalDriveStringsW 0x0 0x40c01c 0xe030 0xd030 0x208
GetUserDefaultLangID 0x0 0x40c020 0xe034 0xd034 0x29c
LoadLibraryA 0x0 0x40c024 0xe038 0xd038 0x33c
GetProcAddress 0x0 0x40c028 0xe03c 0xd03c 0x245
GetModuleHandleA 0x0 0x40c02c 0xe040 0xd040 0x215
lstrlenW 0x0 0x40c030 0xe044 0xd044 0x54e
HeapFree 0x0 0x40c034 0xe048 0xd048 0x2cf
HeapReAlloc 0x0 0x40c038 0xe04c 0xd04c 0x2d2
HeapAlloc 0x0 0x40c03c 0xe050 0xd050 0x2cb
GetProcessHeap 0x0 0x40c040 0xe054 0xd054 0x24a
ReadFile 0x0 0x40c044 0xe058 0xd058 0x3c0
WriteFile 0x0 0x40c048 0xe05c 0xd05c 0x525
QueueUserWorkItem 0x0 0x40c04c 0xe060 0xd060 0x3b0
Sleep 0x0 0x40c050 0xe064 0xd064 0x4b2
InterlockedExchangeAdd 0x0 0x40c054 0xe068 0xd068 0x2ed
CloseHandle 0x0 0x40c058 0xe06c 0xd06c 0x52
SetFilePointerEx 0x0 0x40c05c 0xe070 0xd070 0x467
lstrlenA 0x0 0x40c060 0xe074 0xd074 0x54d
FindFirstFileW 0x0 0x40c064 0xe078 0xd078 0x139
FindNextFileW 0x0 0x40c068 0xe07c 0xd07c 0x145
FindClose 0x0 0x40c06c 0xe080 0xd080 0x12e
CreateFileW 0x0 0x40c070 0xe084 0xd084 0x8f
GetCurrentProcess 0x0 0x40c074 0xe088 0xd088 0x1c0
lstrcmpW 0x0 0x40c078 0xe08c 0xd08c 0x542
MoveFileW 0x0 0x40c07c 0xe090 0xd090 0x363
lstrcpyW 0x0 0x40c080 0xe094 0xd094 0x548
USER32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CharLowerW 0x0 0x40c0c8 0xe0dc 0xd0dc 0x2e
GetKeyboardLayoutList 0x0 0x40c0cc 0xe0e0 0xd0e0 0x13f
ADVAPI32.dll (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x40c000 0xe014 0xd014 0x27d
RegOpenKeyExA 0x0 0x40c004 0xe018 0xd018 0x260
RegCreateKeyA 0x0 0x40c008 0xe01c 0xd01c 0x237
RegCloseKey 0x0 0x40c00c 0xe020 0xd020 0x230
RegQueryValueExA 0x0 0x40c010 0xe024 0xd024 0x26d
ole32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CoSetProxyBlanket 0x0 0x40c0d4 0xe0e8 0xd0e8 0x63
CoCreateInstance 0x0 0x40c0d8 0xe0ec 0xd0ec 0x10
OLEAUT32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
VariantInit 0x8 0x40c0a4 0xe0b8 0xd0b8 -
VariantClear 0x9 0x40c0a8 0xe0bc 0xd0bc -
Memory Dumps (2)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Points AV YARA Actions
wzmjbq.exe 1 0x01290000 0x012A0FFF Relevant Image - 32-bit - True False
...
wzmjbq.exe 1 0x01290000 0x012A0FFF Process Termination - 32-bit - True False
...
Local AV Matches (1)
»
Threat Name Severity
Gen:Heur.Ransom.REntS.Gen.1
Malicious
\\?\C:\588bce7c90097ed212\Client\Parameterinfo.xml.wctc Dropped File Text
Whitelisted
...
»
Mime Type text/xml
File Size 197.07 KB
MD5 eb9d318bbea1f384a78ede1d1051f47d Copy to Clipboard
SHA1 ecd4391fe00d9bb73964456af15fcd94db676cc0 Copy to Clipboard
SHA256 73b29a019c1821304c65a30f338db2747b950ebcc0e65c02cff39a0166316a72 Copy to Clipboard
SSDeep 384:wYQH0RbAGiYNVrkT+8TodTBltw11VTvcL1wCiUj78leRqmH9Hej2iXWKMNGIe9bs:w2RbYoVQTLTQTDFdPknZ13GpPcbrIl Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2014-04-28 01:50 (UTC+2)
Last Seen 2018-10-28 16:35 (UTC+1)
\\?\C:\588bce7c90097ed212\Client\UiInfo.xml.wctc Dropped File Text
Whitelisted
...
»
Mime Type text/xml
File Size 38.13 KB
MD5 d7a2e90dd9df6f93fd4b7354f8ec2b0d Copy to Clipboard
SHA1 a792c41b62796513e312f19dee91447b9280b23b Copy to Clipboard
SHA256 1d1590eb48e66646ed7917a76302862ac87e6651c841a808cf3fe797b9e697f6 Copy to Clipboard
SSDeep 768:24URyd5vssgP7ZgZ/vSguJQvFQXvDINJh6F8hZkV1GO0N0phUl9eu+dODOOODOtK:24URyd5vsTPuZXQYQLIN/6F8hZkV1GOv Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2014-04-04 04:13 (UTC+2)
Last Seen 2019-05-27 15:02 (UTC+2)
\\?\C:\588bce7c90097ed212\Extended\Parameterinfo.xml.wctc Dropped File Text
Whitelisted
...
»
Mime Type text/xml
File Size 91.13 KB
MD5 4a61e563a344188e3fdeb19c25197710 Copy to Clipboard
SHA1 bdd1e1774db4cce9d5393882b61f1360826c1dfa Copy to Clipboard
SHA256 7e682bdf51fac1b3991e6e6330bbf5e7c63060053a8503daaea77ab5cd70888a Copy to Clipboard
SSDeep 384:tYDmmqzP4JUaGMLiqedW0XeeUnG3GPcbrKFl:tRTaBG2PcbrIl Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2014-04-04 04:13 (UTC+2)
Last Seen 2019-05-27 15:02 (UTC+2)
\\?\C:\588bce7c90097ed212\Extended\UiInfo.xml.wctc Dropped File Text
Whitelisted
...
»
Mime Type text/xml
File Size 38.13 KB
MD5 ec417b1688ca10739c0737b72bf07431 Copy to Clipboard
SHA1 a1cf21fd2183c1c4e308fb3c6600d5855bdb3e51 Copy to Clipboard
SHA256 0452a6720e55b9d4e61225bb66016513dde15ce9cc1fb305fc0037d008476787 Copy to Clipboard
SSDeep 768:24URsd5vssgP7ZgZ/vSguJQvFQXvDINJh6Fuh3kr1UO0NWpPUb9cu+dOtOcOdOjQ:24URsd5vsTPuZXQYQLIN/6Fuh3kr1UOB Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2014-04-28 01:51 (UTC+2)
Last Seen 2019-05-27 15:02 (UTC+2)
\\?\C:\Recovery\ReAgentOld.xml.wctc Dropped File Text
Whitelisted
...
»
Mime Type text/xml
File Size 1006 bytes
MD5 5636591856bbf82ffb2a12c1883ff86b Copy to Clipboard
SHA1 f4c5a9c03ccbc1e34f011957c269ba48cfc5678e Copy to Clipboard
SHA256 6034f5794761664fc812a3ae1dce73d5a12bbcfa3c2cf7fc832f064c8e24f9ab Copy to Clipboard
SSDeep 24:pkDKgj4z2j4zGtj4z5fGj4zPTTGmYga562G3x4z61og:44qj4itj41ej47PGmYi47g Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2016-11-22 20:10 (UTC+1)
Last Seen 2018-04-12 07:35 (UTC+2)
\\?\C:\Users\FD1HVy\Documents\My Shapes\_private\folder.ico.wctc Dropped File Image
Whitelisted
...
»
Mime Type image/x-icon
File Size 29.22 KB
MD5 5130ee1b914d382af41ff3a35eb151b8 Copy to Clipboard
SHA1 81ad3e1731197926cc36fa9d12a1b224b6b82f5c Copy to Clipboard
SHA256 baaf97e8e0606daecc8c3271b73b91b1d8b1f2e521ae677480b0a3f87173eb39 Copy to Clipboard
SSDeep 384:K2q8VNb8qSR2uWze4k8gOSuDJ8YhU724I7LT1KwQ:KdzR2uWzrkJOSuDSYh8bWLT1KwQ Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2012-12-07 01:00 (UTC+1)
Last Seen 2018-12-01 05:29 (UTC+1)
\\?\C:\Users\FD1HVy\Favorites\Bing.url.wctc Dropped File Text
Whitelisted
...
»
Mime Type text/plain
File Size 208 bytes
MD5 5d42dddda9951546c9d43f0062c94d39 Copy to Clipboard
SHA1 4af07c23ebb93bad9b96a4279bee29eba46be1ee Copy to Clipboard
SHA256 e0c0a5a360482b5c5ded8fad5706c4c66f215f527851ad87b31380ef6060696e Copy to Clipboard
SSDeep 6:J254vVG/4xtOFJQgD8eDPOOKaihPlvsHX/qRyLb1CC:3VW4xtOFJ/DPOOKa403SyCC Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2013-02-22 01:00 (UTC+1)
Last Seen 2019-07-09 22:00 (UTC+2)
\\?\C:\Users\FD1HVy\Pictures\2va9Wdb5W2Uu.gif.wctc Dropped File Stream
Whitelisted
...
»
Mime Type application/octet-stream
File Size 14.42 KB
MD5 07c0b20751f2da8f1e4a5279f434dc22 Copy to Clipboard
SHA1 525676dd3e301027394b64429e3654ddad44d5e2 Copy to Clipboard
SHA256 74e9eb293fec624a0e1c2e8068c64a89194f45988ef848dbf71a964295bca252 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2015-08-15 06:47 (UTC+2)
Last Seen 2018-11-28 15:23 (UTC+1)
\\?\C:\Users\FD1HVy\Pictures\4tF2 NNGtZ2pkJ-G.png.wctc Dropped File Stream
Whitelisted
...
»
Mime Type application/octet-stream
File Size 31.35 KB
MD5 9606309160a5357548aae14536e1ffe1 Copy to Clipboard
SHA1 185567ece0dae998e7003f43a49d0141034e9e54 Copy to Clipboard
SHA256 470f4d0299a8096f309aefdac9d7e30edd601063ee3a497080f10a4d8be74f83 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2016-07-31 18:40 (UTC+2)
Last Seen 2018-11-26 21:52 (UTC+1)
\\?\C:\Users\FD1HVy\Pictures\5inaBI.bmp.wctc Dropped File Stream
Whitelisted
...
»
Mime Type application/octet-stream
File Size 24.29 KB
MD5 f86fa76f509e664f4bb85e3480ab024a Copy to Clipboard
SHA1 0c357835ad891493dbecb6b500ab4d897072fbc0 Copy to Clipboard
SHA256 91c537545ee6bca18c458127d8ba9e217c165755aec89ec22b059f7fb73fe45a Copy to Clipboard
SSDeep 3:: Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2015-04-14 21:59 (UTC+2)
Last Seen 2019-05-19 04:25 (UTC+2)
\\?\C:\Users\FD1HVy\Pictures\64XqXUs1bhjFgUu Q_.bmp.wctc Dropped File Stream
Whitelisted
...
»
Mime Type application/octet-stream
File Size 53.76 KB
MD5 3fa2772f219411cae386c2b23e0dbbf7 Copy to Clipboard
SHA1 9c916692a35571dcadf06853f7629ad45174f9d5 Copy to Clipboard
SHA256 13907813feabf61459886f87d91c74738da71218a57b178f7fc5e314d147514c Copy to Clipboard
SSDeep 3:: Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2016-03-31 21:37 (UTC+2)
Last Seen 2018-05-12 11:19 (UTC+2)
\\?\C:\Users\FD1HVy\Pictures\eM1Uk-X0.png.wctc Dropped File Stream
Whitelisted
...
»
Mime Type application/octet-stream
File Size 11.37 KB
MD5 647cbfe242a5a4f216dc0f67e04e9822 Copy to Clipboard
SHA1 df403f7b6947f46d89100fc8ebf983b3b1eee65c Copy to Clipboard
SHA256 62a41eac15e7d6fa8a7a17a2df5a2d5e82a1d5d79a12718e0ca702722907c3e9 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2013-03-20 15:45 (UTC+1)
Last Seen 2017-06-09 08:12 (UTC+2)
\\?\C:\Users\FD1HVy\Pictures\K61Cmx9_-gNehj G3hS.bmp.wctc Dropped File Stream
Whitelisted
...
»
Mime Type application/octet-stream
File Size 10.33 KB
MD5 c26aabc183f7408363d4970ef04656f5 Copy to Clipboard
SHA1 0e615e46e71b0e8ea443834ef4af01827b4a9452 Copy to Clipboard
SHA256 b9ae9d38ff7c271c5fc89d9ccc7a5684396016990602a71efac1b1b8908ae8df Copy to Clipboard
SSDeep 3:: Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2015-12-03 21:41 (UTC+1)
Last Seen 2018-02-28 04:04 (UTC+1)
\\?\C:\Users\FD1HVy\Pictures\kaVD3whEt7W8H.jpg.wctc Dropped File Stream
Whitelisted
...
»
Mime Type application/octet-stream
File Size 59.33 KB
MD5 5d8a20b0897d98dbddf27a125f479e65 Copy to Clipboard
SHA1 1a60da01bcc4e86e52c3c45d5289bade48a3075c Copy to Clipboard
SHA256 18b5cd2012687766fde2e8595e76cd5cec5948ef183c8b9b00b4e2b4abd2015c Copy to Clipboard
SSDeep 3:: Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2016-12-08 10:44 (UTC+1)
Last Seen 2016-12-08 10:44 (UTC+1)
\\?\C:\Users\FD1HVy\Pictures\oFc5qyTQZwQKOWz9C.gif.wctc Dropped File Stream
Whitelisted
...
»
Mime Type application/octet-stream
File Size 22.36 KB
MD5 2bb6683dddf0eed67047abc566ca63bb Copy to Clipboard
SHA1 6c98a7a9d99f6ae33032837238e00df2d8456720 Copy to Clipboard
SHA256 772de669218b2ab59688fe224e72f9d34ccb2b95b7c26f8af7b97bfe2fb9fd41 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2013-03-20 15:45 (UTC+1)
Last Seen 2018-11-16 15:14 (UTC+1)
\\?\C:\Users\FD1HVy\Pictures\Ph1zzJs.bmp.wctc Dropped File Stream
Whitelisted
...
»
Mime Type application/octet-stream
File Size 35.79 KB
MD5 c85d3e1eb7773fffbd49914e0ce65093 Copy to Clipboard
SHA1 a0be3061faff791d311d167f55340713120325e5 Copy to Clipboard
SHA256 be9e5d86075f6dc3be16df426f40e2f10cdef6931a01d7e6b3305e8db4335c4f Copy to Clipboard
SSDeep 3:: Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2014-07-09 08:46 (UTC+2)
Last Seen 2018-05-13 05:46 (UTC+2)
\\?\C:\Users\FD1HVy\Pictures\TFz_.gif.wctc Dropped File Stream
Whitelisted
...
»
Mime Type application/octet-stream
File Size 34.38 KB
MD5 36e47f92ca2c59fb055d8b2e84183e7e Copy to Clipboard
SHA1 d7e50a4698ff2f491f1550da8265dc62e47b5871 Copy to Clipboard
SHA256 147547ac118956a297d7c53d014ad62ae50d1f047c5eca6af8af9b9ab4ca0417 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2015-07-05 07:23 (UTC+2)
Last Seen 2016-07-06 02:57 (UTC+2)
\\?\C:\Users\FD1HVy\Pictures\tUmlZBfa2K2ar4 sYMU.bmp.wctc Dropped File Stream
Whitelisted
...
»
Mime Type application/octet-stream
File Size 25.13 KB
MD5 d4a384e4bba40fb2682367719ba96194 Copy to Clipboard
SHA1 49c60d3899a5b3d5447b8e3ce3df3511dbd347bb Copy to Clipboard
SHA256 e367d584529b9d20c5be1cc16687684a40e06fc357abdcfb67ac44ca1f60a6f7 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2014-01-06 16:08 (UTC+1)
Last Seen 2017-06-03 14:11 (UTC+2)
\\?\C:\Boot\Resources\en-US\read_me.txt Dropped File Text
Unknown
...
»
Also Known As \\?\C:\Boot\Resources\en-US\read_me.txt (Dropped File)
\\?\C:\Logs\read_me.txt (Dropped File)
\\?\C:\588bce7c90097ed212\1038\read_me.txt (Dropped File)
\\?\C:\Boot\es-MX\read_me.txt (Dropped File)
c:\users\default\appdata\roaming\microsoft\windows\recent\read_me.txt (Dropped File)
\\?\C:\Users\FD1HVy\Music\read_me.txt (Dropped File)
c:\users\default\appdata\local\read_me.txt (Dropped File)
\\?\C:\Boot\ru-RU\read_me.txt (Dropped File)
\\?\C:\588bce7c90097ed212\1044\read_me.txt (Dropped File)
\\?\C:\Boot\Resources\read_me.txt (Dropped File)
c:\users\default\appdata\roaming\microsoft\windows\printer shortcuts\read_me.txt (Dropped File)
\\?\C:\Users\FD1HVy\Pictures\read_me.txt (Dropped File)
\\?\C:\Users\Default\Downloads\read_me.txt (Dropped File)
\\?\C:\Boot\fr-CA\read_me.txt (Dropped File)
\\?\C:\Users\Default.migrated\read_me.txt (Dropped File)
\\?\C:\Boot\sr-Latn-CS\read_me.txt (Dropped File)
\\?\C:\Boot\hr-HR\read_me.txt (Dropped File)
\\?\C:\Boot\qps-ploc\read_me.txt (Dropped File)
c:\users\fd1hvy\appdata\local\microsoft\windows\inetcookies\read_me.txt (Dropped File)
c:\users\default\appdata\roaming\microsoft\windows\start menu\read_me.txt (Dropped File)
c:\users\read_me.txt (Dropped File)
\\?\C:\Users\Default\Saved Games\read_me.txt (Dropped File)
\\?\C:\588bce7c90097ed212\1035\read_me.txt (Dropped File)
\\?\C:\Users\Default\Music\read_me.txt (Dropped File)
\\?\C:\Boot\nb-NO\read_me.txt (Dropped File)
c:\users\public\pictures\read_me.txt (Dropped File)
\\?\C:\588bce7c90097ed212\read_me.txt (Dropped File)
\\?\C:\588bce7c90097ed212\1055\read_me.txt (Dropped File)
\\?\C:\Boot\pt-BR\read_me.txt (Dropped File)
\\?\C:\Boot\Fonts\read_me.txt (Dropped File)
\\?\C:\Recovery\read_me.txt (Dropped File)
\\?\C:\Users\Default\Favorites\read_me.txt (Dropped File)
\\?\C:\Boot\fi-FI\read_me.txt (Dropped File)
\\?\C:\Boot\sv-SE\read_me.txt (Dropped File)
\\?\C:\588bce7c90097ed212\1033\read_me.txt (Dropped File)
\\?\C:\$GetCurrent\read_me.txt (Dropped File)
c:\users\fd1hvy\appdata\roaming\microsoft\windows\sendto\read_me.txt (Dropped File)
\\?\C:\Boot\en-GB\read_me.txt (Dropped File)
c:\users\default\appdata\roaming\read_me.txt (Dropped File)
\\?\C:\588bce7c90097ed212\1041\read_me.txt (Dropped File)
\\?\C:\588bce7c90097ed212\2052\read_me.txt (Dropped File)
\\?\C:\588bce7c90097ed212\1046\read_me.txt (Dropped File)
\\?\C:\588bce7c90097ed212\2070\read_me.txt (Dropped File)
\\?\C:\588bce7c90097ed212\Client\read_me.txt (Dropped File)
\\?\C:\588bce7c90097ed212\1037\read_me.txt (Dropped File)
\\?\C:\Boot\lv-LV\read_me.txt (Dropped File)
\\?\C:\588bce7c90097ed212\Graphics\read_me.txt (Dropped File)
\\?\C:\$GetCurrent\SafeOS\read_me.txt (Dropped File)
\\?\C:\Boot\da-DK\read_me.txt (Dropped File)
\\?\C:\588bce7c90097ed212\1053\read_me.txt (Dropped File)
\\?\C:\Boot\et-EE\read_me.txt (Dropped File)
\\?\C:\588bce7c90097ed212\1042\read_me.txt (Dropped File)
\\?\C:\Boot\cs-CZ\read_me.txt (Dropped File)
\\?\C:\Boot\el-GR\read_me.txt (Dropped File)
c:\users\fd1hvy\appdata\roaming\microsoft\windows\templates\read_me.txt (Dropped File)
c:\users\default\appdata\roaming\microsoft\windows\templates\read_me.txt (Dropped File)
\\?\C:\Boot\es-ES\read_me.txt (Dropped File)
\\?\C:\Boot\fr-FR\read_me.txt (Dropped File)
\\?\C:\588bce7c90097ed212\Extended\read_me.txt (Dropped File)
\\?\C:\588bce7c90097ed212\1043\read_me.txt (Dropped File)
\\?\C:\Users\Default\Pictures\read_me.txt (Dropped File)
c:\users\default\appdata\roaming\microsoft\windows\sendto\read_me.txt (Dropped File)
\\?\C:\Recovery\Logs\read_me.txt (Dropped File)
\\?\C:\Boot\zh-HK\read_me.txt (Dropped File)
\\?\C:\588bce7c90097ed212\1040\read_me.txt (Dropped File)
\\?\C:\Boot\pt-PT\read_me.txt (Dropped File)
\\?\C:\Users\Default\Documents\read_me.txt (Dropped File)
\\?\C:\588bce7c90097ed212\1025\read_me.txt (Dropped File)
\\?\C:\Boot\ko-KR\read_me.txt (Dropped File)
\\?\C:\588bce7c90097ed212\1036\read_me.txt (Dropped File)
\\?\C:\Boot\sr-Latn-RS\read_me.txt (Dropped File)
\\?\C:\Boot\uk-UA\read_me.txt (Dropped File)
\\?\C:\Boot\bg-BG\read_me.txt (Dropped File)
c:\users\fd1hvy\appdata\roaming\microsoft\windows\printer shortcuts\read_me.txt (Dropped File)
\\?\C:\ESD\read_me.txt (Dropped File)
\\?\C:\Boot\read_me.txt (Dropped File)
\\?\C:\Boot\hu-HU\read_me.txt (Dropped File)
\\?\C:\Boot\ro-RO\read_me.txt (Dropped File)
\\?\C:\Boot\nl-NL\read_me.txt (Dropped File)
\\?\C:\Users\Default\Links\read_me.txt (Dropped File)
\\?\C:\588bce7c90097ed212\3082\read_me.txt (Dropped File)
\\?\C:\Users\Default\read_me.txt (Dropped File)
\\?\C:\Boot\sl-SI\read_me.txt (Dropped File)
\\?\C:\588bce7c90097ed212\1028\read_me.txt (Dropped File)
\\?\C:\$GetCurrent\Logs\read_me.txt (Dropped File)
\\?\C:\588bce7c90097ed212\1032\read_me.txt (Dropped File)
\\?\C:\588bce7c90097ed212\1049\read_me.txt (Dropped File)
\\?\C:\Boot\it-IT\read_me.txt (Dropped File)
\\?\C:\Boot\lt-LT\read_me.txt (Dropped File)
\\?\C:\588bce7c90097ed212\1030\read_me.txt (Dropped File)
\\?\C:\Boot\sk-SK\read_me.txt (Dropped File)
c:\users\fd1hvy\appdata\local\read_me.txt (Dropped File)
c:\users\fd1hvy\appdata\roaming\microsoft\windows\start menu\read_me.txt (Dropped File)
\\?\C:\Boot\en-US\read_me.txt (Dropped File)
\\?\C:\588bce7c90097ed212\3076\read_me.txt (Dropped File)
\\?\C:\Boot\zh-CN\read_me.txt (Dropped File)
\\?\C:\Users\FD1HVy\Contacts\read_me.txt (Dropped File)
\\?\C:\Boot\de-DE\read_me.txt (Dropped File)
c:\users\fd1hvy\appdata\roaming\microsoft\windows\recent\read_me.txt (Dropped File)
c:\users\fd1hvy\videos\read_me.txt (Dropped File)
c:\users\public\music\read_me.txt (Dropped File)
\\?\C:\PerfLogs\read_me.txt (Dropped File)
\\?\C:\588bce7c90097ed212\1029\read_me.txt (Dropped File)
c:\users\fd1hvy\appdata\roaming\read_me.txt (Dropped File)
\\?\C:\588bce7c90097ed212\1045\read_me.txt (Dropped File)
\\?\C:\Users\Default\Videos\read_me.txt (Dropped File)
\\?\C:\Boot\zh-TW\read_me.txt (Dropped File)
c:\users\default\appdata\local\microsoft\windows\inetcookies\read_me.txt (Dropped File)
\\?\C:\Users\Default\Desktop\read_me.txt (Dropped File)
\\?\C:\Boot\pl-PL\read_me.txt (Dropped File)
\\?\C:\588bce7c90097ed212\1031\read_me.txt (Dropped File)
\\?\C:\Boot\ja-JP\read_me.txt (Dropped File)
\\?\C:\Boot\tr-TR\read_me.txt (Dropped File)
c:\users\public\videos\read_me.txt (Dropped File)
c:\users\fd1hvy\appdata\roaming\microsoft\windows\network shortcuts\read_me.txt (Dropped File)
Mime Type text/plain
File Size 2.46 KB
MD5 011de5324c146ec3ceb16d9b10d01da4 Copy to Clipboard
SHA1 dd10d0143057559cd9ae47ff3ba359d60ffd8199 Copy to Clipboard
SHA256 b8194d9247ea552e2b8bccd2b72af74bd9eb9af51fed111ddf601ceb8b61f944 Copy to Clipboard
SSDeep 48:po3K17lCNUzJQVbwpwCZ2JbizNIwCKuU9s80c3TW9tPw/FcRaf9rpKq:G3SdzJWJCEpCNnCYj0gTk4/yk9oq Copy to Clipboard
\\?\C:\Users\FD1HVy\Desktop\QiAPpzUxpfXHQ8.bmp.wctc Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 37.50 KB
MD5 ae85c5893de2f3db19e20962c5b328cd Copy to Clipboard
SHA1 f6b78265761e16a9154acdeb9638d4e32f57fc7f Copy to Clipboard
SHA256 a4073c4c3c3a21a1136e62b9150c34dd37cf6b504a5a89cd8ea893d747280cf3 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
\\?\C:\Users\FD1HVy\Music\JoYBQ.mp3.wctc Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 28.66 KB
MD5 0af296fb749aeed8fcc140f4f16d58b6 Copy to Clipboard
SHA1 144a3fcab99010b2af2186a8eb7935ae68b234b8 Copy to Clipboard
SHA256 c277cf9f39ef86e929297e4a3be72a4db6773d6c13e2210b19b57e37d9bff188 Copy to Clipboard
SSDeep 768:1Eo78ZpW3z/NJKZHUMFw/qduSrGh9IEoghVCPcm3:1n78qfMwUHa3A60Pco Copy to Clipboard
\\?\C:\Users\FD1HVy\Music\UJu6GAm_KLvf4iqy.mp3.wctc Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 80.58 KB
MD5 69da9eae4e585d93fdefab9da3f9532b Copy to Clipboard
SHA1 a7f522ebc22ed028ac51b9d96fb95cc28ff6675f Copy to Clipboard
SHA256 2b2af42cb0597ff7672f1655fad51d18083a56554c8fa135daf7c18e2bc3eedb Copy to Clipboard
SSDeep 1536:13xhJay7snbAqmiKKES3SH/S4BzM30swm4BdkLqvvRaFmQTD8oLSW0fd:1NPeuQSH/l63r4TrXRYH8oGVF Copy to Clipboard
\\?\C:\Users\FD1HVy\Music\4FTiJ2yRkuQl_WF f1B\EEzU-1-uD5j8kPYuYTD.m4a.wctc Dropped File Audio
Unknown
...
»
Mime Type audio/x-m4a
File Size 10.97 KB
MD5 12b30f41556e016f6a24614d9e4cd4f2 Copy to Clipboard
SHA1 9726e72d9c0d5c0062808a900e6032dca1a0208b Copy to Clipboard
SHA256 33fd97de4df4aed774ef8a5521fe6db53d10fe7c1b726d107101e963d04ee7aa Copy to Clipboard
SSDeep 192:fCIXFk7At1pfQOWFJP1IFhOPBXDhhV17Q8TzuUdAjZpAHwEHQha/iuBi+WlW:Vk7At1iOWF3FDbIKkAHwEH6a/iuM+r Copy to Clipboard
\\?\C:\Users\FD1HVy\Music\4FTiJ2yRkuQl_WF f1B\JsnQunzdxY W28UR4w.wav.wctc Dropped File Audio
Unknown
...
»
Mime Type audio/x-wav
File Size 27.93 KB
MD5 e66f093407b9f0c4d44e5c202f03fcbc Copy to Clipboard
SHA1 acc41b901b54ac6d954d08a055bbaa6264693264 Copy to Clipboard
SHA256 cd574730df956812ad100d09d645b4f4e3709a02df918b8a927524cab029c811 Copy to Clipboard
SSDeep 768:HBGM8HN/CCYmjUZJrE/zQlO1aFtZlTdQ9HAdy:HBGM8HNamCJrSzQlbTdQas Copy to Clipboard
\\?\C:\Users\FD1HVy\Music\4FTiJ2yRkuQl_WF f1B\e4orhIul1aBHqg8KZabc\EkTlFGzYn6rqQXCKyS R.wav.wctc Dropped File Audio
Unknown
...
»
Mime Type audio/x-wav
File Size 21.72 KB
MD5 12fe9b220141d556de15d4441c43e313 Copy to Clipboard
SHA1 6bb773534b98ff47deaf8d6a60f793f11f4b2aa0 Copy to Clipboard
SHA256 316029fe1517baf6cebee199b9f9463abfbc07dc73b14b69d9ff20bb3f25436a Copy to Clipboard
SSDeep 384:ogIYJSFb23nj8xK3fgaeB/P+I5TBjbW6mB89NHbaMUj74Mnhlq:ogIogQnekNedmIrjbWL8FUj1nq Copy to Clipboard
\\?\C:\Users\FD1HVy\Music\4FTiJ2yRkuQl_WF f1B\e4orhIul1aBHqg8KZabc\HJ 3xtiN-E8fQHRnr-.wav.wctc Dropped File Audio
Unknown
...
»
Mime Type audio/x-wav
File Size 24.81 KB
MD5 a558e0c2015f77b778b3d1de62d52a36 Copy to Clipboard
SHA1 73dc65ae1583966cbe2119d7bbf6a5694a1f9eaf Copy to Clipboard
SHA256 920177a5eacc2863cb94ad8abf19baefd28f35c9769c0bba87143b5b1eeb32b8 Copy to Clipboard
SSDeep 768:GyGM+l+WAjMQ2Brj390JpmGLQHkZQWBuKAU7p:GyGM+0Wv9ypmG0HE08 Copy to Clipboard
\\?\C:\Users\FD1HVy\Music\4FTiJ2yRkuQl_WF f1B\e4orhIul1aBHqg8KZabc\TpUlLJCtEsEy_-\9jrB8s6i7To7ilvSVow.wav.wctc Dropped File Audio
Unknown
...
»
Mime Type audio/x-wav
File Size 53.91 KB
MD5 1b752a32e5fdc2b4d12e589daeb9100c Copy to Clipboard
SHA1 0a261433c5f2bd4178330843ba27adf2779a3cb2 Copy to Clipboard
SHA256 cd726b9486cc0328cb3acf5c29cac94124c36b3e974bae5a578e02d9b849229f Copy to Clipboard
SSDeep 1536:vk7Qsh7b/55GtKVxjP1VwN0HYFmKYCE6Ak4W36cVGN:8TxjoNBpND4C6cV6 Copy to Clipboard
\\?\C:\Users\FD1HVy\Music\4FTiJ2yRkuQl_WF f1B\e4orhIul1aBHqg8KZabc\TpUlLJCtEsEy_-\c1NaQjgjflbLvi.wav.wctc Dropped File Audio
Unknown
...
»
Mime Type audio/x-wav
File Size 46.12 KB
MD5 9d8e9db7a479c70fdbc051591f0c17c8 Copy to Clipboard
SHA1 3973e66397a1beb2c45932f493c80b75dba14320 Copy to Clipboard
SHA256 081689d717e75b88da1386da97d77b3f52e965a078555027e8c74cd46fed06a4 Copy to Clipboard
SSDeep 768:tVAo0yMYaT0SDoJCuj98JPrCsjeGbOWZjO/ppOUSvbPtKKPc8lDR24Fa:t+P0S4RmPfCGni/ppOlzlKKPc85h8 Copy to Clipboard
\\?\C:\Users\FD1HVy\Music\4FTiJ2yRkuQl_WF f1B\e4orhIul1aBHqg8KZabc\TpUlLJCtEsEy_-\eZlD1vAjb.m4a.wctc Dropped File Audio
Unknown
...
»
Mime Type audio/x-m4a
File Size 80.81 KB
MD5 71495ccaf3d5ae739efea6c1f5f4a7ab Copy to Clipboard
SHA1 28cf0432350a0959e42951f999ea28a0d58063e3 Copy to Clipboard
SHA256 eeee696e90cb2bd2ee57bcff6e758ff341d4a44de5f0fd759d23eb7642e545b2 Copy to Clipboard
SSDeep 1536:WJ+JkjHjpReaxcmB1MZik4Lejo6eRxoHMfIpJlJ3DOlfu/mb+OKOUsi:WFHjprx31AV4i2KFpFClm/mZq Copy to Clipboard
\\?\C:\Users\FD1HVy\Music\4FTiJ2yRkuQl_WF f1B\e4orhIul1aBHqg8KZabc\TpUlLJCtEsEy_-\h84ZqhXk.mp3.wctc Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 59.07 KB
MD5 fd8a0f28ded70abbe52628897dbf00e8 Copy to Clipboard
SHA1 88cfffeece2006d7732e6d500f114892b36631e1 Copy to Clipboard
SHA256 65c5f875153e7d6d7e4ca81348398ebafb03070b8a1da11ad54e8cd33dce7093 Copy to Clipboard
SSDeep 1536:1Qx3CsahbCcl09TEgllIF6DFTWMLWUsS5Sc+feZfr8zuWZcYQUGt9:13s+CcOwglxpTlbh+feZYzuWihD9 Copy to Clipboard
\\?\C:\Users\FD1HVy\Music\4FTiJ2yRkuQl_WF f1B\e4orhIul1aBHqg8KZabc\TpUlLJCtEsEy_-\L0eQwqm2Z9rHA.wav.wctc Dropped File Audio
Unknown
...
»
Mime Type audio/x-wav
File Size 53.32 KB
MD5 f6cd4cad49b1e2e4401cbed83c59d068 Copy to Clipboard
SHA1 cdd63351355cd2f4ae3d2e6b0fc4fede7f8c5008 Copy to Clipboard
SHA256 75498e80d995c9bd44a43a47bf186f2d9c9a02567958aad0bf490d99c96449b5 Copy to Clipboard
SSDeep 1536:3NEWHWkRNPpVa+CumsDLZsLK/r4TNRz37WaFHx:3NHWMhVaJKsLcr4xRzLWaVx Copy to Clipboard
\\?\C:\Users\FD1HVy\Music\4FTiJ2yRkuQl_WF f1B\e4orhIul1aBHqg8KZabc\TpUlLJCtEsEy_-\uJF6r4sdo.wav.wctc Dropped File Audio
Unknown
...
»
Mime Type audio/x-wav
File Size 23.67 KB
MD5 71ee4026db3bf7b93976f007e10f0b92 Copy to Clipboard
SHA1 7bac2bb7601fe603dd79b2b05ab594f69fd650f9 Copy to Clipboard
SHA256 0b79b44f76e96bcf73ddec8436ab80847cf5a6d9877d9fa2cc254ba1558dce5e Copy to Clipboard
SSDeep 384:PJ8AMbI7oJ6x1dce+k1G5DD/c9/cXT9vO2NJYSLTdyGNdyMVUeJxrxNWUcGR/nt4:PotUEehwDA/eBvOOnlywMMVrDvMaix Copy to Clipboard
\\?\C:\Users\FD1HVy\Music\4FTiJ2yRkuQl_WF f1B\e4orhIul1aBHqg8KZabc\TpUlLJCtEsEy_-\vL7hYIjHNSJpUvIFNtBP.m4a.wctc Dropped File Audio
Unknown
...
»
Mime Type audio/x-m4a
File Size 71.57 KB
MD5 7da6e7a5c20d475017d1120697e16f95 Copy to Clipboard
SHA1 c61f876614a7210056c0bc13caa9607b273b6c6f Copy to Clipboard
SHA256 9406ab0ced6502fd3facab73cd279add4b0f60d2bb3597a274c820cde8cf7803 Copy to Clipboard
SSDeep 1536:KgHIDj1PgGENQckRtgZLINJ3nUji8KKDg6nDvcTN29ofYNH+R4Ftzx:KE6gGzGZKnQi8KKDg6nDIN35gtF Copy to Clipboard
\\?\C:\Users\FD1HVy\Music\4FTiJ2yRkuQl_WF f1B\e4orhIul1aBHqg8KZabc\TpUlLJCtEsEy_-\z9VC20lul.m4a.wctc Dropped File Audio
Unknown
...
»
Mime Type audio/x-m4a
File Size 46.77 KB
MD5 7089e7da1ce71f455efd0d7a25fd7fda Copy to Clipboard
SHA1 31c91b8f1f4611d0ac75b5a2d52bc9a0740a094d Copy to Clipboard
SHA256 4494c7528d24edc90d02587166896d011f00c017ba0920851bd7c3ff6576ff9f Copy to Clipboard
SSDeep 768:zt1DqdfBOMIiKBqGJ/nqlZ2M/RokIj9vSeI413G16z+7OX20m6IGo:ztQcXBqGJ/aZ2Mqj9vSeI+3GMDG0HIGo Copy to Clipboard
\\?\C:\Users\FD1HVy\Music\4FTiJ2yRkuQl_WF f1B\e4orhIul1aBHqg8KZabc\TpUlLJCtEsEy_-\E8Z5TJoPLK1iy6\iARgNpFhhdr3YSYS3xND.wav.wctc Dropped File Audio
Unknown
...
»
Mime Type audio/x-wav
File Size 98.84 KB
MD5 cfb4c8df8bd498a51ea69683e59626e3 Copy to Clipboard
SHA1 2109b216b8063002ee3ac361a967eac3e7a0bfcf Copy to Clipboard
SHA256 2039712ac937d6a9a6c8ff194a5debd5d2ee292504670bda68a12ef05b5e3160 Copy to Clipboard
SSDeep 3072:AIfcwFfhjZHoH4SBepkn+3UiLES0PhsWE:AIfBNoHTn+3TBYhs7 Copy to Clipboard
\\?\C:\Users\FD1HVy\Music\4FTiJ2yRkuQl_WF f1B\e4orhIul1aBHqg8KZabc\TpUlLJCtEsEy_-\E8Z5TJoPLK1iy6\pqQrNVtKig.wav.wctc Dropped File Audio
Unknown
...
»
Mime Type audio/x-wav
File Size 23.11 KB
MD5 3bcd254ba04a976680f0a15994fdce00 Copy to Clipboard
SHA1 8ee310f090573a5b6d4f8fb098885761016c2a19 Copy to Clipboard
SHA256 e52d3f48f415686d71b309607ffa5d3aeed02b1aa944ca8a7682234847810500 Copy to Clipboard
SSDeep 384:b3UWQAObcqKJJ2pxwKC8VLSNJQwAV58Ha2Ln/T+nxQMzhKvMSumIbTWs:4QOI789S4wW58H/n/vM5/bTf Copy to Clipboard
\\?\C:\Users\FD1HVy\Music\4FTiJ2yRkuQl_WF f1B\e4orhIul1aBHqg8KZabc\TpUlLJCtEsEy_-\E8Z5TJoPLK1iy6\QRrtTlFg60jlHevE_.mp3.wctc Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 3.32 KB
MD5 36f8ccec6256af7342a5f976a32311f3 Copy to Clipboard
SHA1 8a2a58b7e681460745a4b28d677bf8e16b9bfd78 Copy to Clipboard
SHA256 8be59f79961291cd81d72b65e995c78eb0ab64e610dfcfe19a14356c7cabbcf7 Copy to Clipboard
SSDeep 96:1BKqid12ashyspL/HLJLT7+sxaa/CXYqO3TK:1FiH2a2lLPdL/+sxaa/CIZ32 Copy to Clipboard
\\?\C:\Users\FD1HVy\Music\4FTiJ2yRkuQl_WF f1B\e4orhIul1aBHqg8KZabc\TpUlLJCtEsEy_-\E8Z5TJoPLK1iy6\vuQEoS_cYD4DBfb.mp3.wctc Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 16.09 KB
MD5 389c8ab2dc8205e9a6cb5f5c2a1fe415 Copy to Clipboard
SHA1 c57dd93f4020719bba4303b3080cd6c8f3c0251c Copy to Clipboard
SHA256 47a76569e563e9c10ba2e09d714dd108b17ead5dd851c870b2a1e91f0fe854a1 Copy to Clipboard
SSDeep 384:168XDkj6RGp3fcRglUNlR1Jszsff5fgbP0wTkIlHA/94/ply8/m3E:1ZjRwugl41JszsffGMwT3H9xlH/mU Copy to Clipboard
\\?\C:\Users\FD1HVy\Music\4FTiJ2yRkuQl_WF f1B\e4orhIul1aBHqg8KZabc\TpUlLJCtEsEy_-\E8Z5TJoPLK1iy6\Z9USnIN6pPHmMNoCY.wav.wctc Dropped File Audio
Unknown
...
»
Mime Type audio/x-wav
File Size 79.37 KB
MD5 24e52aaeb149f7d2d61982038fe3b642 Copy to Clipboard
SHA1 14abbfec8719addf1372369879e2a71f73a0c601 Copy to Clipboard
SHA256 daf1c14ecf112e280348f127918e08b931c4f99bbbb2210afda7f4fc4476b20f Copy to Clipboard
SSDeep 1536:9iN2Y6dvqaEjQI73EFpfqEiYEl2Mo1Pw7ioWZRfItfEe+hUII/WlsTOE:Ur6d6jQIrEFt9Elto1ui3ZRfCceVKsTx Copy to Clipboard
\\?\C:\Users\FD1HVy\Music\4FTiJ2yRkuQl_WF f1B\e4orhIul1aBHqg8KZabc\TpUlLJCtEsEy_-\E8Z5TJoPLK1iy6\aKjOckxU5PAtg9\7TFWEVyJ-dCmRVSA6.mp3.wctc Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 28.28 KB
MD5 401e90b9315fc237bd84879dc4550aeb Copy to Clipboard
SHA1 2589def03cf54b605c7b6155e83043694156a9e3 Copy to Clipboard
SHA256 4c21889498e1ebeeb9602aeadbbd7e77d56dd14ee73adb63f0c4c7592226574c Copy to Clipboard
SSDeep 768:1DQZzjIYtkV+JbHCxzFeFDcjhtlRNG/2Sxg5qrT:1DMzjIckcJbHCxzkwjDPNGOKgErT Copy to Clipboard
\\?\C:\Users\FD1HVy\Music\4FTiJ2yRkuQl_WF f1B\e4orhIul1aBHqg8KZabc\TpUlLJCtEsEy_-\E8Z5TJoPLK1iy6\aKjOckxU5PAtg9\9IIfC.m4a.wctc Dropped File Audio
Unknown
...
»
Mime Type audio/x-m4a
File Size 56.54 KB
MD5 f7bcbd3b810ba942b04be86acfa33a77 Copy to Clipboard
SHA1 e03d02349f1a5d1efcf107f52d3d2271ce5eefa6 Copy to Clipboard
SHA256 04f14a02acf0000837b40e090850660d57ecc84d1cf5c64deac15e4a5f34cd43 Copy to Clipboard
SSDeep 1536:l5FokdBDBWsc29gWZSR51BJMeP3SG4x2xz6ESLOA:NBdVc29gWZq51B9Pi52uiA Copy to Clipboard
\\?\C:\Users\FD1HVy\Music\4FTiJ2yRkuQl_WF f1B\e4orhIul1aBHqg8KZabc\TpUlLJCtEsEy_-\E8Z5TJoPLK1iy6\aKjOckxU5PAtg9\LwNl8-rW.wav.wctc Dropped File Audio
Unknown
...
»
Mime Type audio/x-wav
File Size 56.87 KB
MD5 540ef8e8dd8d33d836508a53025ebc8a Copy to Clipboard
SHA1 77822d0474426f45f8ba4779f8c38bb87b169143 Copy to Clipboard
SHA256 24b95bf525806df03d5cc178c86e3e82fbc1e3d8574baa569bd27fd31c3393ff Copy to Clipboard
SSDeep 768:xTLanmHZC9W6BD+qJKtEcaIWKCpgZXhcGmnLm+iagADgV0BiaZxgyoDQF1wZ7KyA:xTL9K+qctEVIW9gomIgADgwfXy7Gv1UY Copy to Clipboard
\\?\C:\Users\FD1HVy\Music\4FTiJ2yRkuQl_WF f1B\e4orhIul1aBHqg8KZabc\TpUlLJCtEsEy_-\E8Z5TJoPLK1iy6\aKjOckxU5PAtg9\mkMHHOm.wav.wctc Dropped File Audio
Unknown
...
»
Mime Type audio/x-wav
File Size 27.43 KB
MD5 02c5880fabb5cf211be2bb2e67902667 Copy to Clipboard
SHA1 378a8cf600ba607866138f91af547bc5a55899be Copy to Clipboard
SHA256 6da7bd9a6117aa86ef4c12c11df0ebf1557034a6390721055b67356c2e1199ca Copy to Clipboard
SSDeep 768:TgXNozn5QZRdLnQoWYOO3qatWtoL63tNov/C0Ov:TgiurWYOCqLGL6dv0Ov Copy to Clipboard
\\?\C:\Users\FD1HVy\Music\4FTiJ2yRkuQl_WF f1B\e4orhIul1aBHqg8KZabc\TpUlLJCtEsEy_-\E8Z5TJoPLK1iy6\aKjOckxU5PAtg9\mo5GlVx0TiW2qS1P.wav.wctc Dropped File Audio
Unknown
...
»
Mime Type audio/x-wav
File Size 65.76 KB
MD5 f64d47c7ef7ba0f5a4fc22192dd2a604 Copy to Clipboard
SHA1 9eb9d70412ab029a6ac3127c13363f62f85203db Copy to Clipboard
SHA256 78846e7630fc2ab6abffbe180da596e03febadc134183cf9d506c98331fc632f Copy to Clipboard
SSDeep 1536:Ni1nLjF8c6NBocaJEM7uIOPY1fXzBtL1JO9:NULjycQocUh7uIVfDbY Copy to Clipboard
\\?\C:\Users\FD1HVy\Music\4FTiJ2yRkuQl_WF f1B\e4orhIul1aBHqg8KZabc\TpUlLJCtEsEy_-\E8Z5TJoPLK1iy6\aKjOckxU5PAtg9\OYRQGOuqa72Cv.wav.wctc Dropped File Audio
Unknown
...
»
Mime Type audio/x-wav
File Size 98.00 KB
MD5 371888123d36a6235d6b1771cfa7d8f0 Copy to Clipboard
SHA1 59627b230a1eeb5b5a1401903eede0d90acb9eae Copy to Clipboard
SHA256 3b00297176a36339f72b5d7934594c954371be2d8fb83b87fb3e41afd85aafa2 Copy to Clipboard
SSDeep 1536:VBkkAGwsV2ZMJliy0DXD05CF1j96WgQXIhU9qtzmjx0TVWVjcVDWIv7UI:LmG9VgMJliyKz4O56Wr7qR4QVpVDWtI Copy to Clipboard
\\?\C:\Users\FD1HVy\Music\4FTiJ2yRkuQl_WF f1B\e4orhIul1aBHqg8KZabc\TpUlLJCtEsEy_-\n_ilhG4PKt 7Fb\I8GjTz1sjSq5cA.wav.wctc Dropped File Audio
Unknown
...
»
Mime Type audio/x-wav
File Size 91.06 KB
MD5 f5718bd6167a84755a8d758344623f06 Copy to Clipboard
SHA1 a91eee75703aaa201a00f8ce2edc468e97c5b1c8 Copy to Clipboard
SHA256 74ffa1106ba4707aecf70196a3d789f15986ee72654bdef7f04bf445af920076 Copy to Clipboard
SSDeep 1536:46+aK2s/7SdXfECmAZE4PujbEet1/LwCVgMPiC6I1WI6rJ+ggr2Od5EfRqNo:46+HDSdf9nW+sgetZ8wlfEgyOI Copy to Clipboard
\\?\C:\Users\FD1HVy\Music\4FTiJ2yRkuQl_WF f1B\e4orhIul1aBHqg8KZabc\TpUlLJCtEsEy_-\n_ilhG4PKt 7Fb\v4tJqiYZlKXg8.wav.wctc Dropped File Audio
Unknown
...
»
Mime Type audio/x-wav
File Size 31.23 KB
MD5 15035b6ca43326fbe2b4ea08df856f11 Copy to Clipboard
SHA1 d814e6355a8a2161df65c3c61b7d974d0e156e3b Copy to Clipboard
SHA256 e245779a65005415da7156408cc906cced086154c1dc82205404486026e8ffb5 Copy to Clipboard
SSDeep 768:Yb3ct4kSjRVv+AY9mT7zB0vVd7Z8gQJ/MBaVZOku:Yikf9YIT7i8gW/wAAku Copy to Clipboard
\\?\C:\Users\FD1HVy\Music\4FTiJ2yRkuQl_WF f1B\e4orhIul1aBHqg8KZabc\TpUlLJCtEsEy_-\n_ilhG4PKt 7Fb\XO5dD.m4a.wctc Dropped File Audio
Unknown
...
»
Mime Type audio/x-m4a
File Size 55.32 KB
MD5 a24f58125a14a29c6d94e0039be51f33 Copy to Clipboard
SHA1 163bac6c7db4277cf5db8abd0562fd8ebb8ac054 Copy to Clipboard
SHA256 efc1be0c7c6ba11075980f7119d08af062aeecfe4207a88ebaebbd1212aad8b9 Copy to Clipboard
SSDeep 1536:M8ACl2RSpvgQw6z+uHFRuGlK9VuqfySmBP1tyzt99d:JACrpvHz+UW2q6vdAztrd Copy to Clipboard
\\?\C:\Users\FD1HVy\Music\4FTiJ2yRkuQl_WF f1B\e4orhIul1aBHqg8KZabc\UHrn6B3UOTpcahw4qo\cV6-6iG.mp3.wctc Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 30.27 KB
MD5 17dd0ecdad05cc23094c982f22f883b6 Copy to Clipboard
SHA1 1d6d437a3469ecc7e5924aae505c7677e46ab0d3 Copy to Clipboard
SHA256 9da435ca53498f1cc826ffe17b7dad77fb7a63aaa55d643d3326cb79a498a354 Copy to Clipboard
SSDeep 768:1lDnwsFpp8kVvwB5o0bf0pGGIMNA34g1czVQjt:1lnwUf8gvGFbf0AGIKdg1AVQJ Copy to Clipboard
\\?\C:\Users\FD1HVy\Music\4FTiJ2yRkuQl_WF f1B\XfTxZ5k\rgSZnfmdzt8aDmWJ.wav.wctc Dropped File Audio
Unknown
...
»
Mime Type audio/x-wav
File Size 97.27 KB
MD5 43d39eb17cbaa0a8eb6133fd487de60d Copy to Clipboard
SHA1 8e67430ce293cbde1f59c0b219273613c5ec86cc Copy to Clipboard
SHA256 ac671657a600f7f044f918240c196f28520a116416443ccda6ab70bda1d06183 Copy to Clipboard
SSDeep 1536:5JCOMXZREZkzHnrdllVH2cBb7V/JshegGDHo5DhlnY1Tok9L3:yOMXZR2erdHVWcBbxhs8UnAToc Copy to Clipboard
\\?\C:\Users\FD1HVy\Music\4FTiJ2yRkuQl_WF f1B\XfTxZ5k\SdiFbdGlxP lkwOMqM.m4a.wctc Dropped File Audio
Unknown
...
»
Mime Type audio/x-m4a
File Size 2.12 KB
MD5 a20eb07451e38c1c1de7e2024a717e5f Copy to Clipboard
SHA1 a917b499bd2833c11f781215d43c1c4e411ca0aa Copy to Clipboard
SHA256 799486ad692b5637c52fd1d11f2ebfa34b2ab59931fb52a81212e8fe65a02ce7 Copy to Clipboard
SSDeep 48:Kev7yWCxBID3RYO+OXFg0H07UkKWs14NdT6sn607BwRaaM:YWiU3RbXFWUdd14DWsn97OAaM Copy to Clipboard
\\?\C:\Users\FD1HVy\Music\4FTiJ2yRkuQl_WF f1B\XfTxZ5k\sZPvHNJb7w_0LLb.m4a.wctc Dropped File Audio
Unknown
...
»
Mime Type audio/x-m4a
File Size 10.06 KB
MD5 941788f0452f6239b7d744e46e6b3152 Copy to Clipboard
SHA1 12408f3ef7603fc6fd926a6ba25de69ba40f67d4 Copy to Clipboard
SHA256 95cf60422e9f0e495f5e989fd49187177cec55532bb8c0a146105f4257a6fbb3 Copy to Clipboard
SSDeep 192:JfsNQNAfvwiDXFAlKpuX5GrIHxv0W5kGSTGMlRRs8C9C8qxAu/0ZzXyZ42K6a3:JfsNQWfvbXFAl6/exv0LqMlRRPC9CvLU Copy to Clipboard
\\?\C:\Users\FD1HVy\Music\4FTiJ2yRkuQl_WF f1B\XfTxZ5k\t9UrLv_AqJUN0R.m4a.wctc Dropped File Audio
Unknown
...
»
Mime Type audio/x-m4a
File Size 76.90 KB
MD5 9940974cb4f243621e7bd209ddb6af5d Copy to Clipboard
SHA1 19e50a7a4af816554c4a6b07943fcac5cb3b567d Copy to Clipboard
SHA256 0ee59a389b541fb52acb6db288fb08ec630f9c770c4ca4576a608918fd14d43e Copy to Clipboard
SSDeep 1536:M9pgeanjLl1uZU73W88RI7rwQ71y2L6j3hV3dgYtQ/iV26C:+t4jZ1+UrV8kwQ7BL6XqQQwC Copy to Clipboard
\\?\C:\Users\FD1HVy\Music\4FTiJ2yRkuQl_WF f1B\XfTxZ5k\Xber9uoMEGIzKLfabXRe.wav.wctc Dropped File Audio
Unknown
...
»
Mime Type audio/x-wav
File Size 21.88 KB
MD5 1aebaa18c8d28441bec8327a8daf8ffb Copy to Clipboard
SHA1 ab7351f02bcbd03a2882bdcdd2976e59efb97aae Copy to Clipboard
SHA256 5a64f6d2de57d59272d33b5e2b880ef149a68cabb537519c1fe06e16d9af1b58 Copy to Clipboard
SSDeep 384:t9LT3zsopeziJZb+NbGKqWBVyIV1Jnuz+wkdTBSkt54FtYRYLAHvumFdB:vTjsoiiP+t9ywlHwUTBS0SFG1H9FdB Copy to Clipboard
\\?\C:\Users\FD1HVy\Music\4FTiJ2yRkuQl_WF f1B\XfTxZ5k\XDEj.mp3.wctc Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 92.64 KB
MD5 6143e5b3a1ea6710ecfd365c40406b33 Copy to Clipboard
SHA1 df97f301fc1c5c8204bf3feeda7e785ed49ca4de Copy to Clipboard
SHA256 650ad93e637e350d846bf08507bd42e4886b731c47606a55527f145fca4b7bed Copy to Clipboard
SSDeep 1536:1Z0vleBEsdtaK++dwKHgtln1ddCMYMsQf4vIWCoZQmxWP9lbqqf76xnhNeErGscu:1Z8leB5wCgtl1ddCMpd/aZQmxWPrOqfy Copy to Clipboard
\\?\C:\Users\FD1HVy\Pictures\1968To6BGO5.png.wctc Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 60.18 KB
MD5 40453fa3a851b87e61d0aa074b6e50e9 Copy to Clipboard
SHA1 53135de844f7359c3fdd5ae8b4d73e17cfa193d1 Copy to Clipboard
SHA256 2ef1236926224427c46fe8362a9368fcc220748eadf3436f86be8f581af24ca4 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
\\?\C:\Users\FD1HVy\Pictures\5PwdV6ub-sQy.png.wctc Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 71.69 KB
MD5 a92afddc8ae3d36d135355e1fafa49a1 Copy to Clipboard
SHA1 3c77249d6ed899c257a86934bc00e8c0d3eeb4b1 Copy to Clipboard
SHA256 491dc0e96ae414d1a68a5ddb1363bc819bcec6ef5a39bd33a42c49fb41ab705f Copy to Clipboard
SSDeep 3:: Copy to Clipboard
\\?\C:\Users\FD1HVy\Pictures\6FSJqm3OA-5HC1ZmbA.png.wctc Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 56.65 KB
MD5 81c06641acd0ec90672c598282d8389c Copy to Clipboard
SHA1 5e0e341c18955b2b54f09c1c58b22fd479079378 Copy to Clipboard
SHA256 7ee8b41198bcaf0df0de6f58cfaddbffca8233eb5fecb84cea5019ca442b9e07 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
\\?\C:\Users\FD1HVy\Pictures\fGWdn09l9jZ6UZ.bmp.wctc Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 93.18 KB
MD5 0ac368e424ee972fb0feded7e4e0a8a9 Copy to Clipboard
SHA1 3c8221213e607c7713230df7b665be899bbded8f Copy to Clipboard
SHA256 21a851ac9be3f894436b35a67ccc475ac613f42433894986609861513207b845 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
\\?\C:\Users\FD1HVy\Pictures\hULtTm S.gif.wctc Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 54.74 KB
MD5 afca9f7c056806ce9d8387a7fb4de6b5 Copy to Clipboard
SHA1 43cfdeacbfbc06df590bdf80ebf71bcde38a5b0f Copy to Clipboard
SHA256 fced1ad16f7262d7d12c5d45843e955e44d2a44036184d5fbbebe61459fe8687 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
\\?\C:\Users\FD1HVy\Pictures\I5de.png.wctc Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 20.82 KB
MD5 66a08b60ccc09facc5b5a05339ffe200 Copy to Clipboard
SHA1 1167d8a2c3f7bf2f4c2ea5a43fa01aa6d9126caa Copy to Clipboard
SHA256 4200221fedf6ac7cee944a61612b7abc8f0ffb8917ee93c6d859555009b2ada9 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
\\?\C:\Users\FD1HVy\Pictures\InF0j ztbn378.jpg.wctc Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 94.61 KB
MD5 35694c90286bd725d81cbfb60b430b75 Copy to Clipboard
SHA1 13bdc0f77dd93a94280c6c83e5f984337c2ddb61 Copy to Clipboard
SHA256 8f100f86823752f4fc29ffe0ec740fb496599a03151f2cb4334411be7379005b Copy to Clipboard
SSDeep 3:: Copy to Clipboard
\\?\C:\Users\FD1HVy\Pictures\k7mxuk4-gd.png.wctc Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 81.83 KB
MD5 9cbc0362c949d582ccb579bbf6c117df Copy to Clipboard
SHA1 bebaa0cda5ec6dcdfa347a9b0db5244dc52134b9 Copy to Clipboard
SHA256 fa3d9ce95a93ac8d17d2edeb5e848478523ad2a658b343121e90c59d128701f7 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
\\?\C:\Users\FD1HVy\Pictures\ME2J.png.wctc Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 34.75 KB
MD5 e36d55223bca01b64eeebd0f4f5e6fdf Copy to Clipboard
SHA1 4941beed5201046e256e27e0b6f5a4bdb47981ac Copy to Clipboard
SHA256 82af18ab89f41e379e883ca80443189a03f0ea7b951866ecb04e3f324a1c84f3 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
\\?\C:\Users\FD1HVy\Pictures\P613od.bmp.wctc Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 55.26 KB
MD5 f43d36940500e356f6cf4078950f134e Copy to Clipboard
SHA1 3dc83db0ba4b5de0d80fbfee74a570156f29c06d Copy to Clipboard
SHA256 cecc2995d0b25623880a87ad6041dd1c08b9d8725e8ec8ef1e636805b08455af Copy to Clipboard
SSDeep 3:: Copy to Clipboard
\\?\C:\Users\FD1HVy\Pictures\qs UsBEnajx0.jpg.wctc Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 50.40 KB
MD5 19b309796e140375609b383e0131c5f7 Copy to Clipboard
SHA1 74efbcf5b557e23cdcc2f8e086692b74e06f11be Copy to Clipboard
SHA256 a81df4cbbc28589ca38528b23ffa09335080fea5da02afca2fc71e8972a81b3a Copy to Clipboard
SSDeep 3:: Copy to Clipboard
\\?\C:\Users\FD1HVy\Pictures\rwr9IwC8CY0dHjz1.jpg.wctc Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 12.01 KB
MD5 043710b6b1f6c6589c99ee57c37e66ba Copy to Clipboard
SHA1 79adb6219db0a29acec540fed2f9a0840f6114bf Copy to Clipboard
SHA256 8b688b2ce74b731674aaa6c13916a3ed8133fbd5287eb7fe9d4aa0bdc110e444 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
\\?\C:\Users\FD1HVy\Pictures\SNGc8TcGqU.jpg.wctc Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 62.52 KB
MD5 c6f2e7534cdfe9a0008ecc420c9c7057 Copy to Clipboard
SHA1 8b67fd02782d05d4874a6fb76a681df95743b974 Copy to Clipboard
SHA256 e2acd83c7c332f29662b347078f12e250fa042cd5ebacd5fe508602cd2f676af Copy to Clipboard
SSDeep 3:: Copy to Clipboard
\\?\C:\Users\FD1HVy\Pictures\sXPcvI4GR.bmp.wctc Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 40.64 KB
MD5 bb2bcdd6e10ba5b2d4de71970c93572a Copy to Clipboard
SHA1 4bdfd9e190fc8a94e7a7ff6e557ef5961980017e Copy to Clipboard
SHA256 64029267f2168975cea2d3d177f07c20ea59f9d4cfb7bb91bd0898dbacd54168 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
\\?\C:\Users\FD1HVy\Pictures\TQONL9Kgh.png.wctc Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 63.72 KB
MD5 9f42e18134fa2ed55ca703ae15bec9f1 Copy to Clipboard
SHA1 f42483428303ba5eef02dd6ac4d76503ded4a13c Copy to Clipboard
SHA256 35968ddf925bb8f6b48dc5ab58e242df6613dc190134661570e177341ea88c37 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
\\?\C:\Users\FD1HVy\Pictures\TzPqQOlXuHrHf7ZYmW.bmp.wctc Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 79.71 KB
MD5 244a1ef7b4984cbd0ecd9203676c7f61 Copy to Clipboard
SHA1 69e0854c6cf13e2c470aa80c9c2c1b594498ad6f Copy to Clipboard
SHA256 e67c8e0f31fb939247bd3591c68a623edb2d45a701c3c95b3c54a9d8c4e75814 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
\\?\C:\Users\FD1HVy\Documents\My Shapes\Favorites.vssx.wctc Dropped File Unknown
Not Queried
...
»
Mime Type -
File Size 0 bytes
MD5 d41d8cd98f00b204e9800998ecf8427e Copy to Clipboard
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 Copy to Clipboard
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image