8d833937...1169 | Files
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: Ransomware

bs03u4lh.exe

Windows Exe (x86-32)

Created at 2019-05-21T16:12:00

...

Remarks (1/1)

(0x2000007): The operating system was rebooted during the analysis because the sample modified the master boot record (MBR).

Remarks

(0x200001b): The maximum number of file reputation requests per analysis (20) was exceeded.

Master Boot Record Changes
»
Sector Number Sector Size Actions
2063 512 bytes
...
Filters:
Filename Category Type Severity Actions
\\?\C:\bootmgr.NHCR Dropped File Stream
Whitelisted
...
»
Mime Type application/octet-stream
File Size 374.79 KB
MD5 259525cfb422e6ac8e87bc9777b1df73 Copy to Clipboard
SHA1 7a2ac87b31aa40a1ea92eb34410305fac9f8bc6a Copy to Clipboard
SHA256 0769a292114dfe181dc4931159c24cd7adb6a3f3823177e40eb45ee59688ea4a Copy to Clipboard
SSDeep 6144:lSjzP3sVgTkndKzy1mVsEdUISLEoad8k33TW45/vPB1dTM3BMnOb:4vPnTk89VfdUPEJBTW45X/dTM3m4 Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2012-11-02 07:32 (UTC+1)
Last Seen 2019-04-17 13:50 (UTC+2)
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\bs03u4lh.exe Sample File Binary
Unknown
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 693.00 KB
MD5 6d21c5c3bcff6076179bccd9ea6d1464 Copy to Clipboard
SHA1 75aa1e3404aaab3a11ee7cb2f7e3682145fa6324 Copy to Clipboard
SHA256 8d833937f4da8ab0269850f961e8a9f963c23e6bef04a31af925a152f01a1169 Copy to Clipboard
SSDeep 12288:8mC4VMy4L1rWXVr0YHM9Jl0VXRqg+i04c3nPwhOCVbSB:Wy4L5WXXs9JSVX4eo3YhfbS Copy to Clipboard
ImpHash f4701b864eddb48ab5f95477b57d06c2 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x427c70
Size Of Code 0x5d400
Size Of Initialized Data 0x4fc00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2019-05-20 19:32:18+00:00
Version Information (13)
»
Assembly Version 7.1.84.8
Comments Tky If Dos
CompanyName High Motion Software
FileDescription Tky If Dos
FileVersion 7.1.84.8
InternalName ChristsIbrahim
Languages English
LegalCopyright (C) 2007-2015
LegalTrademarks (C) 2007-2015
OriginalFilename ChristsIbrahim
PrivateBuild 7.1.84.8
ProductName ChristsIbrahim
ProductVersion 7.1.84.8
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x5d341 0x5d400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.31
.rdata 0x45f000 0x19618 0x19800 0x5d800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.02
.data 0x479000 0x254fc 0x8c00 0x77000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.24
.rsrc 0x49f000 0x24ddc 0x24e00 0x7fc00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.4
.reloc 0x4c4000 0x8842 0x8a00 0xa4a00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 4.39
Imports (23)
»
KERNEL32.dll (124)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
InterlockedIncrement 0x0 0x45f084 0x77000 0x75800 0x2c0
CreateThread 0x0 0x45f088 0x77004 0x75804 0xa3
GetFileAttributesA 0x0 0x45f08c 0x77008 0x75808 0x1c9
GetCommandLineA 0x0 0x45f090 0x7700c 0x7580c 0x16f
ExpandEnvironmentStringsA 0x0 0x45f094 0x77010 0x75810 0x107
CreateProcessA 0x0 0x45f098 0x77014 0x75814 0x94
GetVersionExA 0x0 0x45f09c 0x77018 0x75818 0x275
SetFilePointer 0x0 0x45f0a0 0x7701c 0x7581c 0x3df
GetFileType 0x0 0x45f0a4 0x77020 0x75820 0x1d7
DuplicateHandle 0x0 0x45f0a8 0x77024 0x75824 0xd4
GetCurrentProcess 0x0 0x45f0ac 0x77028 0x75828 0x1a9
ReadFile 0x0 0x45f0b0 0x7702c 0x7582c 0x368
SystemTimeToFileTime 0x0 0x45f0b4 0x77030 0x75830 0x42a
GetCurrentDirectoryA 0x0 0x45f0b8 0x77034 0x75834 0x1a7
DosDateTimeToFileTime 0x0 0x45f0bc 0x77038 0x75838 0xd0
SetFileTime 0x0 0x45f0c0 0x7703c 0x7583c 0x3e3
InitializeCriticalSection 0x0 0x45f0c4 0x77040 0x75840 0x2b4
GetProcessHeap 0x0 0x45f0c8 0x77044 0x75844 0x223
SetEndOfFile 0x0 0x45f0cc 0x77048 0x75848 0x3cd
GetConsoleOutputCP 0x0 0x45f0d0 0x7704c 0x7584c 0x199
WriteConsoleA 0x0 0x45f0d4 0x77050 0x75850 0x482
GetLocaleInfoW 0x0 0x45f0d8 0x77054 0x75854 0x1ea
GetExitCodeProcess 0x0 0x45f0dc 0x77058 0x75858 0x1c5
SetEnvironmentVariableA 0x0 0x45f0e0 0x7705c 0x7585c 0x3d0
CompareStringW 0x0 0x45f0e4 0x77060 0x75860 0x55
CompareStringA 0x0 0x45f0e8 0x77064 0x75864 0x52
GetUserDefaultLCID 0x0 0x45f0ec 0x77068 0x75868 0x26d
EnumSystemLocalesA 0x0 0x45f0f0 0x7706c 0x7586c 0xf8
IsValidLocale 0x0 0x45f0f4 0x77070 0x75870 0x2dd
GetStringTypeW 0x0 0x45f0f8 0x77074 0x75874 0x240
GetStringTypeA 0x0 0x45f0fc 0x77078 0x75878 0x23d
GetLocaleInfoA 0x0 0x45f100 0x7707c 0x7587c 0x1e8
SetStdHandle 0x0 0x45f104 0x77080 0x75880 0x3fc
MapUserPhysicalPages 0x0 0x45f108 0x77084 0x75884 0x308
HeapSize 0x0 0x45f10c 0x77088 0x75888 0x2a6
HeapAlloc 0x0 0x45f110 0x7708c 0x7588c 0x29d
VirtualFree 0x0 0x45f114 0x77090 0x75890 0x457
HeapFree 0x0 0x45f118 0x77094 0x75894 0x2a1
HeapCreate 0x0 0x45f11c 0x77098 0x75898 0x29f
HeapDestroy 0x0 0x45f120 0x7709c 0x7589c 0x2a0
GetEnvironmentStringsW 0x0 0x45f124 0x770a0 0x758a0 0x1c1
FreeEnvironmentStringsW 0x0 0x45f128 0x770a4 0x758a4 0x14b
GetEnvironmentStrings 0x0 0x45f12c 0x770a8 0x758a8 0x1bf
GlobalAlloc 0x0 0x45f130 0x770ac 0x758ac 0x285
GetSystemTimeAsFileTime 0x0 0x45f134 0x770b0 0x758b0 0x24f
GetCurrentProcessId 0x0 0x45f138 0x770b4 0x758b4 0x1aa
GetTickCount 0x0 0x45f13c 0x770b8 0x758b8 0x266
QueryPerformanceCounter 0x0 0x45f140 0x770bc 0x758bc 0x354
InitializeCriticalSectionAndSpinCount 0x0 0x45f144 0x770c0 0x758c0 0x2b5
LoadLibraryA 0x0 0x45f148 0x770c4 0x758c4 0x2f1
InterlockedExchange 0x0 0x45f14c 0x770c8 0x758c8 0x2bd
GetConsoleMode 0x0 0x45f150 0x770cc 0x758cc 0x195
GetConsoleCP 0x0 0x45f154 0x770d0 0x758d0 0x183
GetModuleFileNameA 0x0 0x45f158 0x770d4 0x758d4 0x1f4
OutputDebugStringW 0x0 0x45f15c 0x770d8 0x758d8 0x33b
OutputDebugStringA 0x0 0x45f160 0x770dc 0x758dc 0x33a
DebugBreak 0x0 0x45f164 0x770e0 0x758e0 0xb4
LoadLibraryW 0x0 0x45f168 0x770e4 0x758e4 0x2f4
DeleteCriticalSection 0x0 0x45f16c 0x770e8 0x758e8 0xbe
SetHandleCount 0x0 0x45f170 0x770ec 0x758ec 0x3e8
SetLastError 0x0 0x45f174 0x770f0 0x758f0 0x3ec
TlsFree 0x0 0x45f178 0x770f4 0x758f4 0x433
TlsSetValue 0x0 0x45f17c 0x770f8 0x758f8 0x435
TlsAlloc 0x0 0x45f180 0x770fc 0x758fc 0x432
TlsGetValue 0x0 0x45f184 0x77100 0x75900 0x434
GetCPInfo 0x0 0x45f188 0x77104 0x75904 0x15b
GetOEMCP 0x0 0x45f18c 0x77108 0x75908 0x213
GetACP 0x0 0x45f190 0x7710c 0x7590c 0x152
LCMapStringW 0x0 0x45f194 0x77110 0x75910 0x2e3
LCMapStringA 0x0 0x45f198 0x77114 0x75914 0x2e1
IsBadReadPtr 0x0 0x45f19c 0x77118 0x75918 0x2c8
FindFirstFileA 0x0 0x45f1a0 0x7711c 0x7591c 0x11d
FindNextFileA 0x0 0x45f1a4 0x77120 0x75920 0x12e
FindClose 0x0 0x45f1a8 0x77124 0x75924 0x119
RemoveDirectoryA 0x0 0x45f1ac 0x77128 0x75928 0x37d
CreateEventA 0x0 0x45f1b0 0x7712c 0x7592c 0x72
WaitForSingleObject 0x0 0x45f1b4 0x77130 0x75930 0x464
lstrcpyA 0x0 0x45f1b8 0x77134 0x75934 0x4af
lstrlenA 0x0 0x45f1bc 0x77138 0x75938 0x4b5
lstrcatA 0x0 0x45f1c0 0x7713c 0x7593c 0x4a6
MultiByteToWideChar 0x0 0x45f1c4 0x77140 0x75940 0x31a
VirtualAlloc 0x0 0x45f1c8 0x77144 0x75944 0x454
GetModuleHandleA 0x0 0x45f1cc 0x77148 0x75948 0x1f6
GetProcAddress 0x0 0x45f1d0 0x7714c 0x7594c 0x220
WideCharToMultiByte 0x0 0x45f1d4 0x77150 0x75950 0x47a
IsValidCodePage 0x0 0x45f1d8 0x77154 0x75954 0x2db
GetCPInfoExA 0x0 0x45f1dc 0x77158 0x75958 0x15c
GetExitCodeThread 0x0 0x45f1e0 0x7715c 0x7595c 0x1c6
ResumeThread 0x0 0x45f1e4 0x77160 0x75960 0x38d
GetCommState 0x0 0x45f1e8 0x77164 0x75964 0x16d
PurgeComm 0x0 0x45f1ec 0x77168 0x75968 0x349
SetCommState 0x0 0x45f1f0 0x7716c 0x7596c 0x39f
HeapReAlloc 0x0 0x45f1f4 0x77170 0x75970 0x2a4
FlushFileBuffers 0x0 0x45f1f8 0x77174 0x75974 0x141
GetShortPathNameA 0x0 0x45f1fc 0x77178 0x75978 0x237
CreateDirectoryA 0x0 0x45f200 0x7717c 0x7597c 0x6c
MoveFileA 0x0 0x45f204 0x77180 0x75980 0x311
SetFileAttributesA 0x0 0x45f208 0x77184 0x75984 0x3d7
GetLastError 0x0 0x45f20c 0x77188 0x75988 0x1e6
Sleep 0x0 0x45f210 0x7718c 0x7598c 0x421
CopyFileA 0x0 0x45f214 0x77190 0x75990 0x60
CreateFileA 0x0 0x45f218 0x77194 0x75994 0x78
WriteFile 0x0 0x45f21c 0x77198 0x75998 0x48d
HeapValidate 0x0 0x45f220 0x7719c 0x7599c 0x2a9
LeaveCriticalSection 0x0 0x45f224 0x771a0 0x759a0 0x2ef
EnterCriticalSection 0x0 0x45f228 0x771a4 0x759a4 0xd9
GetStartupInfoA 0x0 0x45f22c 0x771a8 0x759a8 0x239
ExitProcess 0x0 0x45f230 0x771ac 0x759ac 0x104
InterlockedDecrement 0x0 0x45f234 0x771b0 0x759b0 0x2bc
GetModuleHandleW 0x0 0x45f238 0x771b4 0x759b4 0x1f9
GetCurrentThreadId 0x0 0x45f23c 0x771b8 0x759b8 0x1ad
IsDebuggerPresent 0x0 0x45f240 0x771bc 0x759bc 0x2d1
SetUnhandledExceptionFilter 0x0 0x45f244 0x771c0 0x759c0 0x415
UnhandledExceptionFilter 0x0 0x45f248 0x771c4 0x759c4 0x43e
TerminateProcess 0x0 0x45f24c 0x771c8 0x759c8 0x42d
RtlUnwind 0x0 0x45f250 0x771cc 0x759cc 0x392
RaiseException 0x0 0x45f254 0x771d0 0x759d0 0x35a
GetStdHandle 0x0 0x45f258 0x771d4 0x759d4 0x23b
WriteConsoleW 0x0 0x45f25c 0x771d8 0x759d8 0x48c
GetModuleFileNameW 0x0 0x45f260 0x771dc 0x759dc 0x1f5
ExitThread 0x0 0x45f264 0x771e0 0x759e0 0x105
CloseHandle 0x0 0x45f268 0x771e4 0x759e4 0x43
DeleteFileA 0x0 0x45f26c 0x771e8 0x759e8 0xc0
FreeEnvironmentStringsA 0x0 0x45f270 0x771ec 0x759ec 0x14a
USER32.dll (62)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShowWindow 0x0 0x45f2e8 0x77264 0x75a64 0x2b8
DefWindowProcA 0x0 0x45f2ec 0x77268 0x75a68 0x95
PostQuitMessage 0x0 0x45f2f0 0x7726c 0x75a6c 0x220
GetWindowRect 0x0 0x45f2f4 0x77270 0x75a70 0x188
GetSystemMetrics 0x0 0x45f2f8 0x77274 0x75a74 0x16f
IsDlgButtonChecked 0x0 0x45f2fc 0x77278 0x75a78 0x1ba
ReleaseCapture 0x0 0x45f300 0x7727c 0x75a7c 0x24b
MessageBoxW 0x0 0x45f304 0x77280 0x75a80 0x1ff
CheckDlgButton 0x0 0x45f308 0x77284 0x75a84 0x3c
SetWindowPos 0x0 0x45f30c 0x77288 0x75a88 0x2a7
DestroyWindow 0x0 0x45f310 0x7728c 0x75a8c 0xa0
CreateWindowExW 0x0 0x45f314 0x77290 0x75a90 0x68
ReleaseDC 0x0 0x45f318 0x77294 0x75a94 0x24c
UpdateLayeredWindow 0x0 0x45f31c 0x77298 0x75a98 0x2e6
GetDC 0x0 0x45f320 0x7729c 0x75a9c 0x11a
SendMessageA 0x0 0x45f324 0x772a0 0x75aa0 0x25e
InflateRect 0x0 0x45f328 0x772a4 0x75aa4 0x1a1
GetDialogBaseUnits 0x0 0x45f32c 0x772a8 0x75aa8 0x11d
DialogBoxIndirectParamA 0x0 0x45f330 0x772ac 0x75aac 0xa2
EndPaint 0x0 0x45f334 0x772b0 0x75ab0 0xd5
DialogBoxParamA 0x0 0x45f338 0x772b4 0x75ab4 0xa5
GetDlgItem 0x0 0x45f33c 0x772b8 0x75ab8 0x11f
SetWindowTextA 0x0 0x45f340 0x772bc 0x75abc 0x2ab
GetWindowTextA 0x0 0x45f344 0x772c0 0x75ac0 0x18c
EndDialog 0x0 0x45f348 0x772c4 0x75ac4 0xd3
SetFocus 0x0 0x45f34c 0x772c8 0x75ac8 0x279
CreateWindowExA 0x0 0x45f350 0x772cc 0x75acc 0x67
GetClientRect 0x0 0x45f354 0x772d0 0x75ad0 0x10d
IsWindowVisible 0x0 0x45f358 0x772d4 0x75ad4 0x1ca
BeginPaint 0x0 0x45f35c 0x772d8 0x75ad8 0xe
GetMessageA 0x0 0x45f360 0x772dc 0x75adc 0x14a
IsDialogMessageA 0x0 0x45f364 0x772e0 0x75ae0 0x1b8
TranslateMessage 0x0 0x45f368 0x772e4 0x75ae4 0x2d5
DispatchMessageA 0x0 0x45f36c 0x772e8 0x75ae8 0xa8
LoadIconA 0x0 0x45f370 0x772ec 0x75aec 0x1d6
EnableWindow 0x0 0x45f374 0x772f0 0x75af0 0xd1
CreateDialogParamA 0x0 0x45f378 0x772f4 0x75af4 0x5c
GetKeyState 0x0 0x45f37c 0x772f8 0x75af8 0x131
MessageBeep 0x0 0x45f380 0x772fc 0x75afc 0x1f7
CallWindowProcA 0x0 0x45f384 0x77300 0x75b00 0x1c
MapDialogRect 0x0 0x45f388 0x77304 0x75b04 0x1ee
CreatePopupMenu 0x0 0x45f38c 0x77308 0x75b08 0x65
InsertMenuItemA 0x0 0x45f390 0x7730c 0x75b0c 0x1a4
GetCursorPos 0x0 0x45f394 0x77310 0x75b10 0x119
TrackPopupMenu 0x0 0x45f398 0x77314 0x75b14 0x2cf
MessageBoxA 0x0 0x45f39c 0x77318 0x75b18 0x1f8
LoadCursorA 0x0 0x45f3a0 0x7731c 0x75b1c 0x1d2
SetCursor 0x0 0x45f3a4 0x77320 0x75b20 0x270
LoadImageA 0x0 0x45f3a8 0x77324 0x75b24 0x1d8
SetWindowLongA 0x0 0x45f3ac 0x77328 0x75b28 0x2a4
CopyImage 0x0 0x45f3b0 0x7732c 0x75b2c 0x4e
GetDesktopWindow 0x0 0x45f3b4 0x77330 0x75b30 0x11c
SetScrollPos 0x0 0x45f3b8 0x77334 0x75b34 0x294
SetMenu 0x0 0x45f3bc 0x77338 0x75b38 0x27f
MoveWindow 0x0 0x45f3c0 0x7733c 0x75b3c 0x205
ScreenToClient 0x0 0x45f3c4 0x77340 0x75b40 0x254
GetClassLongA 0x0 0x45f3c8 0x77344 0x75b44 0x108
SetClassLongA 0x0 0x45f3cc 0x77348 0x75b48 0x26a
GetScrollRange 0x0 0x45f3d0 0x7734c 0x75b4c 0x168
CreateMenu 0x0 0x45f3d4 0x77350 0x75b50 0x64
SetCapture 0x0 0x45f3d8 0x77354 0x75b54 0x267
InvalidateRect 0x0 0x45f3dc 0x77358 0x75b58 0x1aa
GDI32.dll (20)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
PatBlt 0x0 0x45f030 0x76fac 0x757ac 0x22d
SetDCPenColor 0x0 0x45f034 0x76fb0 0x757b0 0x26d
CreateRectRgn 0x0 0x45f038 0x76fb4 0x757b4 0x4d
CombineRgn 0x0 0x45f03c 0x76fb8 0x757b8 0x21
OffsetRgn 0x0 0x45f040 0x76fbc 0x757bc 0x224
BitBlt 0x0 0x45f044 0x76fc0 0x757c0 0x12
SwapBuffers 0x0 0x45f048 0x76fc4 0x757c4 0x29e
GetTextExtentPoint32A 0x0 0x45f04c 0x76fc8 0x757c8 0x204
StretchBlt 0x0 0x45f050 0x76fcc 0x757cc 0x29a
SetAbortProc 0x0 0x45f054 0x76fd0 0x757d0 0x260
CreateCompatibleDC 0x0 0x45f058 0x76fd4 0x757d4 0x2e
CreateDIBSection 0x0 0x45f05c 0x76fd8 0x757d8 0x33
SelectObject 0x0 0x45f060 0x76fdc 0x757dc 0x25e
DeleteObject 0x0 0x45f064 0x76fe0 0x757e0 0xd0
DeleteDC 0x0 0x45f068 0x76fe4 0x757e4 0xcd
CreateDCW 0x0 0x45f06c 0x76fe8 0x757e8 0x30
GetDeviceCaps 0x0 0x45f070 0x76fec 0x757ec 0x1b5
CreateDIBPatternBrush 0x0 0x45f074 0x76ff0 0x757f0 0x31
Rectangle 0x0 0x45f078 0x76ff4 0x757f4 0x246
CreateFontIndirectA 0x0 0x45f07c 0x76ff8 0x757f8 0x3b
COMDLG32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ChooseColorA 0x0 0x45f028 0x76fa4 0x757a4 0x0
ADVAPI32.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegCreateKeyExA 0x0 0x45f000 0x76f7c 0x7577c 0x232
RegQueryValueExA 0x0 0x45f004 0x76f80 0x75780 0x267
RegOpenKeyExA 0x0 0x45f008 0x76f84 0x75784 0x25a
RegDeleteValueA 0x0 0x45f00c 0x76f88 0x75788 0x241
RegSetValueExA 0x0 0x45f010 0x76f8c 0x7578c 0x277
RegCloseKey 0x0 0x45f014 0x76f90 0x75790 0x22a
SHELL32.dll (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteExA 0x0 0x45f2c4 0x77240 0x75a40 0x116
SHGetMalloc 0x0 0x45f2c8 0x77244 0x75a44 0xc9
(by ordinal) 0x4 0x45f2cc 0x77248 0x75a48 -
SHGetPathFromIDListA 0x0 0x45f2d0 0x7724c 0x75a4c 0xcf
SHBrowseForFolderA 0x0 0x45f2d4 0x77250 0x75a50 0x77
ole32.dll (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CoInitialize 0x0 0x45f430 0x773ac 0x75bac 0x3d
CoCreateInstance 0x0 0x45f434 0x773b0 0x75bb0 0x10
StgCreateDocfile 0x0 0x45f438 0x773b4 0x75bb4 0x129
CoTaskMemAlloc 0x0 0x45f43c 0x773b8 0x75bb8 0x66
CoTaskMemFree 0x0 0x45f440 0x773bc 0x75bbc 0x67
OLEAUT32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
UnRegisterTypeLib 0xba 0x45f294 0x77210 0x75a10 -
ODBC32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
(by ordinal) 0x45 0x45f288 0x77204 0x75a04 -
(by ordinal) 0x48 0x45f28c 0x77208 0x75a08 -
OPENGL32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
wglGetCurrentDC 0x0 0x45f29c 0x77218 0x75a18 0x15f
PSAPI.DLL (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
EnumPageFilesA 0x0 0x45f2a4 0x77220 0x75a20 0x2
COMCTL32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
InitCommonControlsEx 0x0 0x45f01c 0x76f98 0x75798 0x7a
(by ordinal) 0x19d 0x45f020 0x76f9c 0x7579c -
gdiplus.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GdipCreateFromHDC 0x0 0x45f420 0x7739c 0x75b9c 0x5b
GdipDeleteGraphics 0x0 0x45f424 0x773a0 0x75ba0 0x90
GdiplusStartup 0x0 0x45f428 0x773a4 0x75ba4 0x275
SHLWAPI.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
PathRenameExtensionA 0x0 0x45f2dc 0x77258 0x75a58 0x8c
PathRemoveFileSpecA 0x0 0x45f2e0 0x7725c 0x75a5c 0x8a
SETUPAPI.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SetupDiCreateDeviceInfoList 0x0 0x45f2b8 0x77234 0x75a34 0x130
SetupDiGetClassDevsA 0x0 0x45f2bc 0x77238 0x75a38 0x151
UxTheme.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CloseThemeData 0x0 0x45f3ec 0x77368 0x75b68 0x8
OpenThemeData 0x0 0x45f3f0 0x7736c 0x75b6c 0x41
MSACM32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
acmDriverDetailsA 0x0 0x45f278 0x771f4 0x759f4 0x4
NETAPI32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
NetWkstaUserGetInfo 0x0 0x45f280 0x771fc 0x759fc 0x10f
WININET.dll (7)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
InternetConnectA 0x0 0x45f3f8 0x77374 0x75b74 0x70
InternetReadFile 0x0 0x45f3fc 0x77378 0x75b78 0x9e
HttpOpenRequestA 0x0 0x45f400 0x7737c 0x75b7c 0x56
InternetCloseHandle 0x0 0x45f404 0x77380 0x75b80 0x6a
HttpQueryInfoA 0x0 0x45f408 0x77384 0x75b84 0x58
InternetOpenA 0x0 0x45f40c 0x77388 0x75b88 0x96
HttpSendRequestA 0x0 0x45f410 0x7738c 0x75b8c 0x5a
USERENV.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CreateEnvironmentBlock 0x0 0x45f3e4 0x77360 0x75b60 0x0
pdh.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
PdhAddCounterW 0x0 0x45f448 0x773c4 0x75bc4 0x3
RPCRT4.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
UuidCreate 0x0 0x45f2ac 0x77228 0x75a28 0x1f3
UuidToStringW 0x0 0x45f2b0 0x7722c 0x75a2c 0x1fc
dbghelp.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
MapDebugInformation 0x0 0x45f418 0x77394 0x75b94 0x19
Icons (1)
»
Memory Dumps (3)
»
Name Process ID Start VA End VA Dump Reason PE Rebuilds Bitness Entry Points AV YARA Actions
bs03u4lh.exe 1 0x00400000 0x004CCFFF Relevant Image - 32-bit - True False
...
buffer 1 0x002E0000 0x002ECFFF First Execution - 32-bit 0x002E17AE, 0x002E29BE, ... False False
...
bs03u4lh.exe 1 0x00400000 0x004CCFFF Process Termination - 32-bit - False False
...
\\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml Modified File Stream
Unknown
...
»
Also Known As \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml.NHCR (Dropped File)
Mime Type application/octet-stream
File Size 1.53 KB
MD5 32b5b219d97523c6f44dbd437adf2e3b Copy to Clipboard
SHA1 e2b42c4321262d75605f5c1c911370c32e6b2743 Copy to Clipboard
SHA256 5e9f9ba095a94e671bc42017787564f82e8e6b2295ee579d8573147a4da803c7 Copy to Clipboard
SSDeep 24:4LWBLy+hhtK27g6YMfNMCBifLfmbTiXTw6DNNww6D2rJRkMkRq1UgJiXBrQL31VL:46++ftd7g61oITiXxrTFXSBkyUfUgZ Copy to Clipboard
\\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml Modified File Stream
Unknown
...
»
Also Known As \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml.NHCR (Dropped File)
Mime Type application/octet-stream
File Size 1.76 KB
MD5 5fa08c2cc2f765c416bf0c431d4f3b47 Copy to Clipboard
SHA1 f67ce3121940b45756457d270e7f734230565823 Copy to Clipboard
SHA256 9d18b9fd183263e9b93cee917c8c39dd958c87182a9e583ebbf8a48e745570b9 Copy to Clipboard
SSDeep 24:4LWBDj6ErLar3tBE9RsHmJjBfSRZI10vx54BsZH5mXymhzBd7ryDx8RzJvLPv3wu:46DprLW8UwfSR55qBEH5G1BtQ+vjv4c3 Copy to Clipboard
\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml Modified File Stream
Unknown
...
»
Also Known As \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml.NHCR (Dropped File)
Mime Type application/octet-stream
File Size 1.42 KB
MD5 0a3ac3a874592904a6a3ddf77ea13256 Copy to Clipboard
SHA1 483d75f08a1ca4b8b74c907f0734bb37fdd8b10f Copy to Clipboard
SHA256 436686dc03ac8d875b59741f19d0a0a84e935a46bcd5bf8e045b7ab8425aa37a Copy to Clipboard
SSDeep 24:4LWB8OVjVBZXf9OF+JoRW+J2V2P4b4YLp4YJ8w6DNDc6we6mVGDJhtfUCfBRcR5c:46hlZXfqKsixWA6Dc6z6mepUIcYTz Copy to Clipboard
\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml Modified File Stream
Unknown
...
»
Also Known As \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml.NHCR (Dropped File)
Mime Type application/octet-stream
File Size 1.42 KB
MD5 622ed42424ecbb3d991d57fc22285739 Copy to Clipboard
SHA1 fa87d7a97dd8a476db056f5029763e605fb1531a Copy to Clipboard
SHA256 40a46e0f836b0313ace1d92f977d8d842bb662efc85ad343aa2a7cb55a564195 Copy to Clipboard
SSDeep 24:4LWB94RMNqtZX+9OthF+JoRW+J2V7q+0tpv9hw6D82L6CMclZneLPA+pUMR33:4694RMNqtZX+eKs+ApQ2uCfZnejA+pUa Copy to Clipboard
\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml Modified File Stream
Unknown
...
»
Also Known As \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml.NHCR (Dropped File)
Mime Type application/octet-stream
File Size 811 bytes
MD5 509d7c9aa92ce027aa3317bb03ff180c Copy to Clipboard
SHA1 1e9c841f0c8175eab292c06c8f64379dd15ee183 Copy to Clipboard
SHA256 75bb089ea8bf2c15756771f41421d82c50ace0ce02e3c210c40d2a811b3482e2 Copy to Clipboard
SSDeep 24:4LWBsOWN8U6aoGbC5oR5tri5N8mR5+OfcR5+K+Wm:46HgoY/MKWYOfcYK+Wm Copy to Clipboard
\\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml Modified File Stream
Unknown
...
»
Also Known As \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml.NHCR (Dropped File)
Mime Type application/octet-stream
File Size 1.20 KB
MD5 e0b53850b9568d6582c92b79d89037cf Copy to Clipboard
SHA1 e89953178f2d61877b9c983c05e5c66b303caf55 Copy to Clipboard
SHA256 f64cf6d3b59c7d21463c179cefe4e3bfa3eef8b9307e07d7453e1c0579c2f26d Copy to Clipboard
SSDeep 24:4LWB24qCi9RcxaqphtBfSR6TBRsdHL8tJzsEm/zvV5N8mR5++J8UNo:4624Rikxa6dfSR6OuAbnKWY+OUK Copy to Clipboard
\\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml Modified File Stream
Unknown
...
»
Also Known As \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml.NHCR (Dropped File)
Mime Type application/octet-stream
File Size 1.81 KB
MD5 8aa44fd454012e1b6bd631b27c927e42 Copy to Clipboard
SHA1 afcc8bfb89b61cda8076093769c021a37ef96d5c Copy to Clipboard
SHA256 ee8c13db5055ef0c03ebc7a4385b03e62838e433260eaf334efce9be8fcfa8a3 Copy to Clipboard
SSDeep 48:46FFBv8bNao56dq+/+YB5nl2GvFEFB5RwMcjp:4/4Fdn9lFvEB1cjp Copy to Clipboard
\\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 9.50 MB
MD5 d95cb3be7bab4c48efe494ef44492972 Copy to Clipboard
SHA1 7fd2a0845abfdfacbd3f993b46f7415fa01fdd2b Copy to Clipboard
SHA256 dd54dedbe646e3e06cd4e084abf0d103f862dbf2e29715da5bfa6d40232cbb05 Copy to Clipboard
SSDeep 196608:NwUPUvTYpH9lBl/tus7o4L7tZiTnp/jE4U/bxlLRx+c:N7UvTiJhU4L7tZiTnprP0txRsc Copy to Clipboard
\\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab.NHCR Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 14.13 MB
MD5 3f36140c27a86a66f2ec3ca390068a8c Copy to Clipboard
SHA1 1aea3e750dd063c66c8fed32f5a3638d53c5e0dc Copy to Clipboard
SHA256 ca9324388b5c03b095f605eed1ef73e61b3b4ce8900bdf9b51d1f19961b7a547 Copy to Clipboard
SSDeep 196608:TIwm3nNVAl+ig71eZ8FclBElWHp8byLbyo9crpLlR8ioLO0ZF9CrpbQ:OL71eiFgepGHyo2rpLkcoCrpbQ Copy to Clipboard
\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab.NHCR Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 13.01 MB
MD5 0ed5eefb6eb88cb58c53870be732aee6 Copy to Clipboard
SHA1 1f1f723c3b3857e8c36589ccd8fc951733fbac0f Copy to Clipboard
SHA256 a9333230c90675b293f4cba23e6eea40f8ed05c6b32c9e46bedf8a935d6cd633 Copy to Clipboard
SSDeep 196608:KQu6eDsIwHBL4B9lCzT2bOgBoDuihGYrLpVUBJ/7HAFGtNy6aMhnRTU+:K+qsIwHNB26gfE7e/7JNMM5RTU+ Copy to Clipboard
\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\1033\dwintl20.dll.NHCR Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 105.38 KB
MD5 0d9226ff65d020e2dc28f3b0a45a97df Copy to Clipboard
SHA1 0c88d75e00b551f1c639f25f784d650d04afa898 Copy to Clipboard
SHA256 fe5d401b4310e6e7183125b6e11caff4755ac442f7014f5c8bb8d1856fd92cd8 Copy to Clipboard
SSDeep 768:m0ObcR1RkEUaXYzcQ0LQrw3/VfMNRk5H7gkmSJNlXuN0Ajdvr6FnxXKFXEX:/rR1yEU10LQA/qmWY20AjdTwlKFXe Copy to Clipboard
\\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.msi.NHCR Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 2.40 MB
MD5 30a9a34c330274793aa8d941b5d207e8 Copy to Clipboard
SHA1 0af356cf8db7b2d2e428d1013839002d26fb0b6e Copy to Clipboard
SHA256 d764f715854de9e3d272c2d4c0a34bd2a73a4fb48860807cf0d005a8e8283c65 Copy to Clipboard
SSDeep 49152:b0KDxL8QBoI9eljidTex4S120ytJyhamLCj7:b0KR89EQ1o Copy to Clipboard
\\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.msi.NHCR Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 1.90 MB
MD5 6c40f3d9705e1a6af978093bcf29d317 Copy to Clipboard
SHA1 86bca9cad3c1091d886089d7f213d5afa4f28041 Copy to Clipboard
SHA256 e57562949b149e6d366f56b27ba9dcdaf050d8f5f1e4e11a16bcafd06019012d Copy to Clipboard
SSDeep 24576:evsS646cg4svTxhF6WBckmh7EgVEG8o93s0ZWdrU+MAR+acIty0BqEI2S+o0k4Xc:eh6bHWLhHEGr0BqEI2S Copy to Clipboard
\\?\C:\# DECRYPT MY FILES #.txt Dropped File Text
Unknown
...
»
Also Known As \\?\C:\Config.Msi\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\Users\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\MSOCache\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\MSOCache\All Users\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\1033\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\PerfLogs\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\PerfLogs\Admin\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\# DECRYPT MY FILES #.txt (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\# decrypt my files #.txt (Dropped File)
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\# DECRYPT MY FILES #.txt (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\cookies\# decrypt my files #.txt (Dropped File)
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\C0PIb-NmaAc\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\E8 kE88i1W3QwH\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\_BbTYNGdbH5Er5Ql6fD\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\_private\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Outlook Files\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Downloads\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\# DECRYPT MY FILES #.txt (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\# decrypt my files #.txt (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\network shortcuts\# decrypt my files #.txt (Dropped File)
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4pgvi X8ath7_NzVFNz\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4pgvi X8ath7_NzVFNz\1kDt-\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4pgvi X8ath7_NzVFNz\1kDt-\f3gTFn8Ddo23uUVVU6Dv\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4pgvi X8ath7_NzVFNz\1kDt-\uzo-m B66K9r\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4pgvi X8ath7_NzVFNz\OQDsus71EbAl-\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4pgvi X8ath7_NzVFNz\YH4mtHxOGxbcYGviW\# DECRYPT MY FILES #.txt (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\printer shortcuts\# decrypt my files #.txt (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\recent\# decrypt my files #.txt (Dropped File)
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Saved Games\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\# DECRYPT MY FILES #.txt (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\sendto\# decrypt my files #.txt (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\# decrypt my files #.txt (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\templates\# decrypt my files #.txt (Dropped File)
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\7IumM\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\qDjEFmi9tRNCJfVVaJ7f\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\tqX WlfzIDt33h1fI4\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\Users\Default\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\Users\Default\Contacts\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\Users\Default\Desktop\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\Users\Default\Documents\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\Users\Default\Music\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\Users\Default\Pictures\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\Users\Default\Videos\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\Users\Default\Downloads\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\Users\Default\Favorites\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\Users\Default\Favorites\Links\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\Users\Default\Favorites\Microsoft Websites\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\Users\Default\Favorites\MSN Websites\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\Users\Default\Favorites\Windows Live\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\Users\Default\Links\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\Users\Default\Saved Games\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\Users\Default\Searches\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\Users\Public\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\Users\Public\Desktop\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\Users\Public\Documents\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\Users\Public\Music\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\Users\Public\Pictures\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\Users\Public\Videos\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\Users\Public\Downloads\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\Users\Public\Favorites\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\Users\Public\Libraries\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\Users\Public\Music\Sample Music\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\Users\Public\Pictures\Sample Pictures\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\Users\Public\Recorded TV\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\Users\Public\Recorded TV\Sample Media\# DECRYPT MY FILES #.txt (Dropped File)
\\?\C:\Users\Public\Videos\Sample Videos\# DECRYPT MY FILES #.txt (Dropped File)
Mime Type text/plain
File Size 1.22 KB
MD5 ede13b21233ca85f199e27d62e3481dc Copy to Clipboard
SHA1 f7c3631fbff9a1b521c91e52336c1c74732e492a Copy to Clipboard
SHA256 371f5d64768e311faf4bb7f0e4c6f723bff741103bf04ab60d4d2b10d1341e2f Copy to Clipboard
SSDeep 24:scyXQmGr9yd9VfJwu9r73tLLrUtU3h8Y4iy9c7sHmq:wQmW9eZd97dLLgG3h8rijO1 Copy to Clipboard
\\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml.NHCR Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 2.24 KB
MD5 f8a19ac5118217f228f4b3d15468f52c Copy to Clipboard
SHA1 01d919e6499274af9de3dfdc6c8b202e02ef664d Copy to Clipboard
SHA256 b0303b69a56a1176419b8ce6ef4ecfa8ae84c4df0ce9241d39fdb1b5ec5d61a6 Copy to Clipboard
SSDeep 48:46blJTfn57yG2kbHhksKXGjzt5mUT1Qg/OoEdvPq4iwg/WSlsmlT:443fn52Q+cTL2oEdv0wg/XCm5 Copy to Clipboard
\\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi.NHCR Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 2.39 MB
MD5 3003e10327d414ef1e46068e9d091a59 Copy to Clipboard
SHA1 95c35f978c2e1f457442cdc1839f57b3e12b5e5b Copy to Clipboard
SHA256 9cde240207b7e950df2a6b8c1c20bedbaa76dd73ee90f523480fa13307e3271c Copy to Clipboard
SSDeep 49152:q0KDxL8QBoI9eljidTex4S120ytJyha16CZt:q0KR89EQ1o Copy to Clipboard
\\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab.NHCR Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 10.00 MB
MD5 adbc1eccd44dc4f22b12bd479f5b1a59 Copy to Clipboard
SHA1 ada4f4a6b26fd56fa47fe70e257cf68fea08fad9 Copy to Clipboard
SHA256 d1561f6533472be68eba8606b7615deaaddfe684367993f552e0a13a48a22857 Copy to Clipboard
SSDeep 196608:54KKCX5FvaeoDcBdxmOJR7nxOKOmE7dzaNQwr:54KKCX5FvaVczxmUJnYSE7dzAT Copy to Clipboard
\\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi.NHCR Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 2.73 MB
MD5 f9a9f478a70c981089ffc72a7456adff Copy to Clipboard
SHA1 0456a3af325516042ad3129eec531b2f85d2444d Copy to Clipboard
SHA256 b601ed52f8423b31664a62c27b10bfff6daa0c356520a4330bc5683b72f671e6 Copy to Clipboard
SSDeep 49152:14QHYLL/Wo9kLljb1R6rOSN20yRJ63PooFMP+:14QqLVe6vj Copy to Clipboard
\\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml Modified File Stream
Not Queried
...
»
Also Known As \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml.NHCR (Dropped File)
Mime Type application/octet-stream
File Size 1.42 KB
MD5 0635cdf96bbacd3d4a8671b1804c4e67 Copy to Clipboard
SHA1 d37242bbbf7970fa1334e10a162dd34a6b61193d Copy to Clipboard
SHA256 fedaf0ba550d1500eb031054a04abf5d779c27124a756d8f1c2fdcd8e5822fe1 Copy to Clipboard
SSDeep 24:4LWBENtZjb1RZi/nhP+ZXa9OF+JoRW+J2UzseB6RMzR7HidY3FRqn1j/8UjYNdjZ:46ENtZjbLZifhGZXaqKUTBaMlbFun1jW Copy to Clipboard
\\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml Modified File Stream
Not Queried
...
»
Also Known As \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml.NHCR (Dropped File)
Mime Type application/octet-stream
File Size 1.84 KB
MD5 751e7b0d879201c21eb164ffdfff9cce Copy to Clipboard
SHA1 a6804d5e917a454ceb5002e9527af0e5cc2cf195 Copy to Clipboard
SHA256 a9bcf07785771fe64ac8a5b5510d4103f5ccba26b2e577e872f1bbcfaa6daf1a Copy to Clipboard
SSDeep 48:46iKB7qxjkeMqNFSXh/AkrQ2v98S4vEu5H9/8+ldie:4OYjT/WCkr5uRcu5Ha+h Copy to Clipboard
\\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml Modified File Stream
Not Queried
...
»
Also Known As \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml.NHCR (Dropped File)
Mime Type application/octet-stream
File Size 1.42 KB
MD5 f75f4b5dfd7aa5c07c8a57ec2576014f Copy to Clipboard
SHA1 cf5b1566fe6fac670f3980f6b39dfb6647fb8c14 Copy to Clipboard
SHA256 c3b221278ff667a0eaad11e99531630e5e80327f924de624be017d069a8056fa Copy to Clipboard
SSDeep 24:4LWBbedqrik2SNxC5oR54Jw6D1cYEL9aD0Rd7itJzsftRrB6A+0Uyibjlzs7:46b8qb6cYErgi4A+btflo Copy to Clipboard
\\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml Modified File Stream
Not Queried
...
»
Also Known As \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml.NHCR (Dropped File)
Mime Type application/octet-stream
File Size 1.57 KB
MD5 e9acb2e60d1b75eab153c46bc84096c9 Copy to Clipboard
SHA1 9afcb0fcfe7b86f391a00fc2bc3201edfbf0cfb5 Copy to Clipboard
SHA256 28d42d40c71ec2e2a08a77504ff9da83949cbc7eb98f8b66a428d380d404c412 Copy to Clipboard
SSDeep 24:4LWBKaNmJNl8pp/8QRRkbb8g9WlMcV/I9B5MOI5fg2EC0oa+NAaVCyp7FhTfIW4Y:46KaYJNlc1kbHhj9vMgoacIWCBmlT Copy to Clipboard
\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml Modified File Stream
Not Queried
...
»
Also Known As \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml.NHCR (Dropped File)
Mime Type application/octet-stream
File Size 1.32 KB
MD5 1550289f98c2dea2643740f2d9484e46 Copy to Clipboard
SHA1 31b5a518229813d21f8fbfbd4c9bd3e67c8d07bb Copy to Clipboard
SHA256 a59e44d4b991517c12b06038413c6e2658c95e74a0b0efa5016f24127b1f4774 Copy to Clipboard
SSDeep 24:4LWBjIRjHFb4JZXw9OJDTiXTw6DhZgbLNjVKhmhQxORxxElzR5htfUCfBRcR5+KO:46Ehl8ZXwwDTiXavUkxsBUIcYK+Wm Copy to Clipboard
\\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml Modified File Stream
Not Queried
...
»
Also Known As \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml.NHCR (Dropped File)
Mime Type application/octet-stream
File Size 1.35 KB
MD5 3076b6c75b20e938b74fa29a4e74f128 Copy to Clipboard
SHA1 14cb072ff96a6bb16827295ff18cb67fdf516914 Copy to Clipboard
SHA256 180ca3f6fe46a03914f5c90c298fbdb39dfdc988e93126e392062b2db61c3623 Copy to Clipboard
SSDeep 24:4LWBgR6HUZzgZNw9RiRe6F+JoRW+J2QdC1ND16eFWzspi8R181UgJi5N8mR5++Jc:46/sWwaeIKQd66eFDAMKWY+OUK Copy to Clipboard
\\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi Modified File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 2.40 MB
MD5 8d002f7d05f06d719fa9be61de6c09d3 Copy to Clipboard
SHA1 8ecb3097dc86818822011273b6e4217ea340fbb7 Copy to Clipboard
SHA256 161abcf835ceb239080306e26fed2fe85f6d45787755aac72ddd2a3daf1f5e6b Copy to Clipboard
SSDeep 49152:F0KDxL8QBoI9eljidTex4S120ytJyhaLz6CCHm:F0KR89EQ1oL Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\encrypted_key.bin Dropped File Text
Not Queried
...
»
Mime Type text/plain
File Size 684 bytes
MD5 a87d256f5f4e289cc5aa2932c771cdfa Copy to Clipboard
SHA1 66d29d9131e88dbc839420430ec835f5013b6ff2 Copy to Clipboard
SHA256 ce466b9810249764ff06edebd9cc81378f834ca501f111f0c8af56a84a5d20b0 Copy to Clipboard
SSDeep 12:9VYISEji4CGrIqW2riSwdVI3hTw2VLb7EKpy9cezvPyh7sKuadq:VLLrUtU3h8Y4iy9c7sHmq Copy to Clipboard
\\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml.NHCR Dropped File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 4.11 KB
MD5 1097f77415e54d63c575d166b488f19f Copy to Clipboard
SHA1 8b963a197bfc3cf250bc24cb133c3b1b370365bf Copy to Clipboard
SHA256 0d2f841435f89863f1b29b2adcca3cfd702e806f1edd372b66d5c61cfb70f88e Copy to Clipboard
SSDeep 96:4jB/2amlrO1FYHXTH0bhuwZynZMvgkS7jP6fX:4t//oq163j0bhuL7kS7js Copy to Clipboard
\\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi.NHCR Dropped File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 2.41 MB
MD5 a5c0697ec176096554fe7e74d0d63eee Copy to Clipboard
SHA1 571402e1f0a2be0804f63ce0d0fc7b9d7043f1f3 Copy to Clipboard
SHA256 c2256c8b5d223b119ade770d27921c62cf9d7770afb43c7b0c01fb3731992da3 Copy to Clipboard
SSDeep 49152:s0KDxL8QBoI9eljidTex4S120ytJyhaM6CLC:s0KR89EQ1o Copy to Clipboard
\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi.NHCR Dropped File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 855.00 KB
MD5 37800fb8973738356f47e35562526df9 Copy to Clipboard
SHA1 0ef7b3087f3dc52d75c86cc01eb82b066a6b5616 Copy to Clipboard
SHA256 9a78766a4a19f08bc52b0e339f4ea728e776934688b40737c690fa42b3696e75 Copy to Clipboard
SSDeep 24576:FS64Zcg4sRj2npo0g4zBVi1zKYvO8QPi4x3P6WBWkmf3egDqo8o9370Pv6Yw:M6JzgLf7qo6Pv6Y Copy to Clipboard
\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi.NHCR Dropped File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 865.00 KB
MD5 ac8d95045485417a7507bf6af8100cd6 Copy to Clipboard
SHA1 1270495ceadabf588614f5ce663349c70213c7f2 Copy to Clipboard
SHA256 90fac19ded061877035fae627b91321eba4944955106dc90db650f1c57880981 Copy to Clipboard
SSDeep 24576:pS64Tcg4sRj2npo0g4zBVi1zKYvOwQPmzxnP6WBzkm83xgDBo8o93m9XLH5X:w6sDxL8QBo6XLH5 Copy to Clipboard
\\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab.NHCR Dropped File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 18.00 MB
MD5 38c3eb3a0cd9f6b1828495c53bdca609 Copy to Clipboard
SHA1 58256f3020a6950068fdb5feed310f38b896c23a Copy to Clipboard
SHA256 cf69b21ab817c3ac8fc50ddb33565da230789e42409fcee031dc124679131645 Copy to Clipboard
SSDeep 196608:H0aDH9F7/iHXDI2CPKBUq6qMuGm9vqrRxoi93nnedBwzSlmKwDhANZbPhn:HNDdFDX2J5uuGyCEi9uIQmlANRh Copy to Clipboard
C:\Users\5P5NRG~1\AppData\Local\Tempdesk.bmp Dropped File Image
Not Queried
...
»
Mime Type image/x-ms-bmp
File Size 3.71 MB
MD5 20662257296aceaf751a836a99ab063a Copy to Clipboard
SHA1 fd76aa0ef24b2ff72f522e3d519fe63a59624e6b Copy to Clipboard
SHA256 6d75a63449a162452d417da432a658e9dc4b1bcf2c78990f6174c9cb9a6757c3 Copy to Clipboard
SSDeep 98304:rV/4epdRpgrVspkkE6E7lWSPGYz3VYosjE7ma8AK1WqGyt7:R/Hn/grnk5E5W+GYbsjElQ6yt7 Copy to Clipboard
\\?\C:\BOOTSECT.BAK.NHCR Dropped File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 8.00 KB
MD5 773df45195d897d9c43cc0bb5edd65d7 Copy to Clipboard
SHA1 7ecefaef312238ad95e093e51ba19da303a32364 Copy to Clipboard
SHA256 90bf6497eb2a62400d9489a893e3d321c617eb9c4892c72ffd112a713a7b6252 Copy to Clipboard
SSDeep 96:Fih3A0tObUFtMHhHSxBIuxbLjnYEk05x+X7bdbgjs2Z1owIzxbr:Ue0td+HhImulLjnwq4dKsXwIFbr Copy to Clipboard
\\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab.NHCR Dropped File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 10.00 MB
MD5 b9bafc135b920f093145b5da53c61640 Copy to Clipboard
SHA1 ff1efbfbc2e85b081b9974a987502df57972e30f Copy to Clipboard
SHA256 f247ec296b2f5dd6676487c0925ef85493d616439eb24a18d0b60e04c7a791d1 Copy to Clipboard
SSDeep 196608:Gba8A7fKP0ReD0wXKLUEfRrDXP2ifogB+jHcSBLWiyvyWJRMLhdPWfi:0aRDKP0q0wM9JrL2ifJEjhW/6vL3Ai Copy to Clipboard
\\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi.NHCR Dropped File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 2.39 MB
MD5 ddbd5252ea0802a45e65970a61eaa877 Copy to Clipboard
SHA1 82d2dd47680a9a1bd61f7a5a7121cf767d395cc3 Copy to Clipboard
SHA256 54fd59f8736f0a0966861c6663d8f2e93c0bbfac6cdb4f2955b0a7a815d14857 Copy to Clipboard
SSDeep 49152:q0KDxL8QBoI9eljidTex4S120ytJyham6Co6:q0KR89EQ1o Copy to Clipboard
\\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml.NHCR Dropped File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 3.11 KB
MD5 813e9742d8ccdb8d8b2b003d6fe88ce7 Copy to Clipboard
SHA1 bbcce9a8e423940c481cd98144ba62e7f22032e5 Copy to Clipboard
SHA256 6e0e92ee3589594100fa36dc23a32c1eac3e6cab521004bf9da6fa647af888ec Copy to Clipboard
SSDeep 48:46Goc9u9mQvjvkiaa5hw6fJ2jWoMgQO6eSy6wh0GiDNuBE6/cpx:4J9uoQ7cba5h9xIgfaSy6whckE6/Y Copy to Clipboard
\\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab.NHCR Dropped File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 2.70 MB
MD5 f34d6aea97a3eff7b9655d11d370bf25 Copy to Clipboard
SHA1 df4c0d9323ae81ed2c34e9a8f4be087d783fe5c9 Copy to Clipboard
SHA256 4d66561ca62cffda1a030a3922aea55bd2187eb0d26f0482fb1f93457ad19d12 Copy to Clipboard
SSDeep 49152:/lwmxJIKCfK/j+YLHOjuR9O1bNjRwjnT7fWc/U4CS84WfOawmjVPBXuqjEmxAcFz:/qmxJvCfKb+YLH0uRcbj2jR84gO7mjui Copy to Clipboard
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image