a2cdac36...103a | Environment
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: Trojan, Dropper, Downloader

a2cdac363d6497bba4790ac8b56664c9f8f07903583ac63b5f75419095cb103a (SHA256)

KargoBilgisi.doc

Word Document

Created at 2018-10-09 05:29:00

...

Notifications (2/2)

The overall sleep time of all monitored processes was truncated from "30 seconds" to "10 seconds" to reveal dormant functionality.

The operating system was rebooted during the analysis.

Virtual Machine Information

Name win7_32_sp1-mso2013
Description -
Architecture x86 32-bit PAE
Operating System Windows 7
Kernel Version 6.1.7601.17514 (684da42a-30cc-450f-81c5-35b4d18944b1)

System Information

Computer Name F71GWAT
User Domain F71GWAT
User Name BGC6u8Oy yXGxkR
User Profile C:\Users\BGC6u8Oy yXGxkR
Temp Directory C:\Users\BGC6U8~1\AppData\Local\Temp
System Root C:\Windows
Sample Directory C:\Users\BGC6u8Oy yXGxkR\Desktop

Software Information

Adobe Acrobat Reader Version 10.0.0
Microsoft Office 2013
Microsoft Office Version 15.0.4569.1504
Internet Explorer Version 8.0.7601.17514
Chrome Version 58.0.3029.110
Firefox Version 25.0
Flash Version 10.3.183.90
Java Version 7.0.600.19
Microsoft Project Version 15.0.4569.1504
Microsoft Visio Version 15.0.4420.1017

Randomly Created Artifacts

This section provides information about processes and files that were created before the analysis was started. This is one of many steps designed to make the analysis system look more realistic and prevent evasion by environment aware malware. The number of randomly generated artifacts can be changed in the configuration.

Processes (17)
»
Filename PID GUI
C:\Program Files\Internet Explorer\dylan-mine.exe #1992 False
C:\Program Files\Internet Explorer\heights contemporary.exe #1252 False
C:\Program Files\Internet Explorer\sap wilderness documentary.exe #2080 False
C:\Program Files\Java\friend_races.exe #1356 False
C:\Program Files\MSBuild\undadopted.exe #2000 False
C:\Program Files\Microsoft Office\thisagoclaims.exe #1848 False
C:\Program Files\Mozilla Maintenance Service\enemyharvardjonathan.exe #2096 True
C:\Program Files\Reference Assemblies\bernard_burst_commodity.exe #568 False
C:\Program Files\Windows Defender\storm.exe #1248 False
C:\Program Files\Windows Journal\mediumaccount.exe #688 False
C:\Program Files\Windows Journal\revelation.exe #336 False
C:\Program Files\Windows Media Player\cases.exe #1944 False
C:\Program Files\Windows Media Player\journals.exe #2064 False
C:\Program Files\Windows NT\indicatingcasapackage.exe #1720 False
C:\Program Files\Windows NT\moved-manager.exe #1760 False
C:\Program Files\Windows NT\newspaperwebsites.exe #692 False
C:\Program Files\Windows Sidebar\tools-decent-ellen.exe #1508 False
Files (247)
»
Filename
C:\Users\BGC6U8~1\AppData\Local\Temp\-96s.jpg
C:\Users\BGC6U8~1\AppData\Local\Temp\0HU-I.wav
C:\Users\BGC6U8~1\AppData\Local\Temp\0yAp7sywK6U9.wav
C:\Users\BGC6U8~1\AppData\Local\Temp\24UaP.ppt
C:\Users\BGC6U8~1\AppData\Local\Temp\53sl4FRIIIqTwBW.gif
C:\Users\BGC6U8~1\AppData\Local\Temp\8PUO.flv
C:\Users\BGC6U8~1\AppData\Local\Temp\8mj4v8TwBjsisnBRu.wav
C:\Users\BGC6U8~1\AppData\Local\Temp\DVy1DoQ.avi
C:\Users\BGC6U8~1\AppData\Local\Temp\L8xoE7Zl3zVR.mp3
C:\Users\BGC6U8~1\AppData\Local\Temp\NGX2Ef.jpg
C:\Users\BGC6U8~1\AppData\Local\Temp\NkPmIRn6rg6jpoQH.m4a
C:\Users\BGC6U8~1\AppData\Local\Temp\YhiQILK.wav
C:\Users\BGC6U8~1\AppData\Local\Temp\YlJ-SV2q39Z1k5tlUxIh.swf
C:\Users\BGC6U8~1\AppData\Local\Temp\_-OAlTcr.avi
C:\Users\BGC6U8~1\AppData\Local\Temp\f5EARKfuxBa2s.swf
C:\Users\BGC6U8~1\AppData\Local\Temp\kgikK9U TE.gif
C:\Users\BGC6U8~1\AppData\Local\Temp\mqDaYUyL2HAL8ZIHj.wav
C:\Users\BGC6U8~1\AppData\Local\Temp\nMDKugeNIH EIPT5CR-J.jpg
C:\Users\BGC6U8~1\AppData\Local\Temp\o01_Oco.m4a
C:\Users\BGC6U8~1\AppData\Local\Temp\qLvAp.png
C:\Users\BGC6U8~1\AppData\Local\Temp\u5pCCmvGnJRMnlEwlng.png
C:\Users\BGC6U8~1\AppData\Local\Temp\uwdiDh9SePbQHBu6Q-.csv
C:\Users\BGC6U8~1\AppData\Local\Temp\vMwP09K7KX93.png
C:\Users\BGC6U8~1\AppData\Local\Temp\w8TWB.m4a
C:\Users\BGC6U8~1\AppData\Local\Temp\xBseX.mkv
C:\Users\BGC6U8~1\AppData\Local\Temp\zkuY_P3nuVyQ.swf
C:\Users\BGC6u8Oy yXGxkR\AppData\Roaming\-QUelO.swf
C:\Users\BGC6u8Oy yXGxkR\AppData\Roaming\-WlDi5C10_6eyQJnj3F.jpg
C:\Users\BGC6u8Oy yXGxkR\AppData\Roaming\1OPtuE.swf
C:\Users\BGC6u8Oy yXGxkR\AppData\Roaming\2N_nRZ7HMYPCZ0bdg4I5.swf
C:\Users\BGC6u8Oy yXGxkR\AppData\Roaming\3qkLO3zw1bGXNqppjF.wav
C:\Users\BGC6u8Oy yXGxkR\AppData\Roaming\5U05nI_wb_lRlEZ.odt
C:\Users\BGC6u8Oy yXGxkR\AppData\Roaming\64o-H.wav
C:\Users\BGC6u8Oy yXGxkR\AppData\Roaming\8s5yYO2PA.png
C:\Users\BGC6u8Oy yXGxkR\AppData\Roaming\GqZbqZxvaVKYRtXIyn.m4a
C:\Users\BGC6u8Oy yXGxkR\AppData\Roaming\Hpp3jSYsMMi 9cg.wav
C:\Users\BGC6u8Oy yXGxkR\AppData\Roaming\IO7UU.avi
C:\Users\BGC6u8Oy yXGxkR\AppData\Roaming\Il5l_eWn-g.bmp
C:\Users\BGC6u8Oy yXGxkR\AppData\Roaming\JsMe4A0_qk.m4a
C:\Users\BGC6u8Oy yXGxkR\AppData\Roaming\LrQiIg-hAg.mp3
C:\Users\BGC6u8Oy yXGxkR\AppData\Roaming\SJ50 _4d8zb64x_r8.mp4
C:\Users\BGC6u8Oy yXGxkR\AppData\Roaming\TygJ0BlrLcLGKp.flv
C:\Users\BGC6u8Oy yXGxkR\AppData\Roaming\USIf1.flv
C:\Users\BGC6u8Oy yXGxkR\AppData\Roaming\XAvUSbT.mp3
C:\Users\BGC6u8Oy yXGxkR\AppData\Roaming\_9ztPDLS.png
C:\Users\BGC6u8Oy yXGxkR\AppData\Roaming\cgL4RinNd.jpg
C:\Users\BGC6u8Oy yXGxkR\AppData\Roaming\cj0rc.mkv
C:\Users\BGC6u8Oy yXGxkR\AppData\Roaming\d0Rk2f8a.pps
C:\Users\BGC6u8Oy yXGxkR\AppData\Roaming\eGkW352kBukob193U.odp
C:\Users\BGC6u8Oy yXGxkR\AppData\Roaming\iMzH1jEvQQD_ KeK.gif
C:\Users\BGC6u8Oy yXGxkR\AppData\Roaming\k DAKG1oQ6hE_wn10LrE.png
C:\Users\BGC6u8Oy yXGxkR\AppData\Roaming\m12bHC8hUkT_.jpg
C:\Users\BGC6u8Oy yXGxkR\AppData\Roaming\nc-LP.bmp
C:\Users\BGC6u8Oy yXGxkR\AppData\Roaming\nzP1sOHITLq5eW f5_1.odp
C:\Users\BGC6u8Oy yXGxkR\AppData\Roaming\tZHf.gif
C:\Users\BGC6u8Oy yXGxkR\AppData\Roaming\tcVuFTEmKUdvkqkjCLQ.pps
C:\Users\BGC6u8Oy yXGxkR\AppData\Roaming\td kF 86KMBmpttzP.csv
C:\Users\BGC6u8Oy yXGxkR\AppData\Roaming\wPaiwD-g7STa48lsa.png
C:\Users\BGC6u8Oy yXGxkR\AppData\Roaming\yquMREj6gJpKeON_no.m4a
C:\Users\BGC6u8Oy yXGxkR\AppData\Roaming\ziEi6U8_A9UuBF4_VMS.bmp
C:\Users\BGC6u8Oy yXGxkR\Desktop\-sD3kmIIF.csv
C:\Users\BGC6u8Oy yXGxkR\Desktop\-v3CAXdNze-sRzvb u.jpg
C:\Users\BGC6u8Oy yXGxkR\Desktop\1qaHg363qD.gif
C:\Users\BGC6u8Oy yXGxkR\Desktop\2WW4tDsaQWvcT.wav
C:\Users\BGC6u8Oy yXGxkR\Desktop\56oKFqm.mp4
C:\Users\BGC6u8Oy yXGxkR\Desktop\8o3nzn1sj-jmLwsG
C:\Users\BGC6u8Oy yXGxkR\Desktop\8o3nzn1sj-jmLwsG\IeFu7QZoiopGmenj oi
C:\Users\BGC6u8Oy yXGxkR\Desktop\8o3nzn1sj-jmLwsG\IeFu7QZoiopGmenj oi\2U5LOWcvV4RJO.swf
C:\Users\BGC6u8Oy yXGxkR\Desktop\8o3nzn1sj-jmLwsG\IeFu7QZoiopGmenj oi\4eVPknwZf
C:\Users\BGC6u8Oy yXGxkR\Desktop\8o3nzn1sj-jmLwsG\IeFu7QZoiopGmenj oi\4eVPknwZf\0HnIFYmJV245e_AuPf_V.gif
C:\Users\BGC6u8Oy yXGxkR\Desktop\8o3nzn1sj-jmLwsG\IeFu7QZoiopGmenj oi\4eVPknwZf\XvE69.jpg
C:\Users\BGC6u8Oy yXGxkR\Desktop\8o3nzn1sj-jmLwsG\IeFu7QZoiopGmenj oi\4eVPknwZf\Yn2a ZhO_CSrD.doc
C:\Users\BGC6u8Oy yXGxkR\Desktop\8o3nzn1sj-jmLwsG\IeFu7QZoiopGmenj oi\4eVPknwZf\fVH19XQX6ag.swf
C:\Users\BGC6u8Oy yXGxkR\Desktop\8o3nzn1sj-jmLwsG\IeFu7QZoiopGmenj oi\4g VqOUfALIN0N.odt
C:\Users\BGC6u8Oy yXGxkR\Desktop\8o3nzn1sj-jmLwsG\IeFu7QZoiopGmenj oi\5GhaRjQAUPeXbZX84L.odt
C:\Users\BGC6u8Oy yXGxkR\Desktop\8o3nzn1sj-jmLwsG\IeFu7QZoiopGmenj oi\F1O744.flv
C:\Users\BGC6u8Oy yXGxkR\Desktop\8o3nzn1sj-jmLwsG\IeFu7QZoiopGmenj oi\g4oDL.mp4
C:\Users\BGC6u8Oy yXGxkR\Desktop\8o3nzn1sj-jmLwsG\IeFu7QZoiopGmenj oi\liztat.pptx
C:\Users\BGC6u8Oy yXGxkR\Desktop\8o3nzn1sj-jmLwsG\SC4K
C:\Users\BGC6u8Oy yXGxkR\Desktop\8o3nzn1sj-jmLwsG\SC4K\D0g Z.pptx
C:\Users\BGC6u8Oy yXGxkR\Desktop\8o3nzn1sj-jmLwsG\SC4K\MvkPy87f6j3TiGL4o.m4a
C:\Users\BGC6u8Oy yXGxkR\Desktop\8o3nzn1sj-jmLwsG\SC4K\l0R-9ubO_ oFG.pptx
C:\Users\BGC6u8Oy yXGxkR\Desktop\8o3nzn1sj-jmLwsG\TXOQjsACYUqi6.gif
C:\Users\BGC6u8Oy yXGxkR\Desktop\8o3nzn1sj-jmLwsG\nIUcCvXq.bmp
C:\Users\BGC6u8Oy yXGxkR\Desktop\8o3nzn1sj-jmLwsG\o1UKHTtQcbypNcMh.avi
C:\Users\BGC6u8Oy yXGxkR\Desktop\8o3nzn1sj-jmLwsG\pEwuClF.swf
C:\Users\BGC6u8Oy yXGxkR\Desktop\8o3nzn1sj-jmLwsG\uh2Q2wlp30W.m4a
C:\Users\BGC6u8Oy yXGxkR\Desktop\8o3nzn1sj-jmLwsG\wG6o8VPZPu2QEF1B.ppt
C:\Users\BGC6u8Oy yXGxkR\Desktop\BiBvJzIX.mkv
C:\Users\BGC6u8Oy yXGxkR\Desktop\Ded7RMN1tlth.gif
C:\Users\BGC6u8Oy yXGxkR\Desktop\ET8Oa.mp4
C:\Users\BGC6u8Oy yXGxkR\Desktop\Mi99ep3DXTbINv8OrUZ.mkv
C:\Users\BGC6u8Oy yXGxkR\Desktop\PsHInqXgHcdBh q.ods
C:\Users\BGC6u8Oy yXGxkR\Desktop\SDbqTZGgRx8v6.m4a
C:\Users\BGC6u8Oy yXGxkR\Desktop\Tu4yl4tF61zwO5.png
C:\Users\BGC6u8Oy yXGxkR\Desktop\XgITUotv Hes1T1Ua8.flv
C:\Users\BGC6u8Oy yXGxkR\Desktop\Xn2LDeezIAgBN0s3.jpg
C:\Users\BGC6u8Oy yXGxkR\Desktop\YzElaL.m4a
C:\Users\BGC6u8Oy yXGxkR\Desktop\Z5Y_v6QfSk.jpg
C:\Users\BGC6u8Oy yXGxkR\Desktop\Zof780rO7EgB5vQ.png
C:\Users\BGC6u8Oy yXGxkR\Desktop\_1WaitV.pptx
C:\Users\BGC6u8Oy yXGxkR\Desktop\_3yg8R8uuI.doc
C:\Users\BGC6u8Oy yXGxkR\Desktop\azKtmDff.flv
C:\Users\BGC6u8Oy yXGxkR\Desktop\cv-it0l7_ddQf.gif
C:\Users\BGC6u8Oy yXGxkR\Desktop\gFD7Bm8px_ne8YBiI0.png
C:\Users\BGC6u8Oy yXGxkR\Desktop\jpi1IuuWEh9.bmp
C:\Users\BGC6u8Oy yXGxkR\Desktop\otgXg_QbGYWBVXniK8L.png
C:\Users\BGC6u8Oy yXGxkR\Desktop\pBwiW k4OhBXLfQp.bmp
C:\Users\BGC6u8Oy yXGxkR\Desktop\qknYF.m4a
C:\Users\BGC6u8Oy yXGxkR\Desktop\r-ny6VW628G0HP-xiff.mkv
C:\Users\BGC6u8Oy yXGxkR\Desktop\shYDxUdViCIwNQEIw.png
C:\Users\BGC6u8Oy yXGxkR\Desktop\t4QxP63biXYefGkF4.odt
C:\Users\BGC6u8Oy yXGxkR\Desktop\twLxjgn_YFSA50_.wav
C:\Users\BGC6u8Oy yXGxkR\Documents\-ReJpCC AKm.ppt
C:\Users\BGC6u8Oy yXGxkR\Documents\33jgAMBV.docx
C:\Users\BGC6u8Oy yXGxkR\Documents\3TK6bZjH-CG8R-THu.pdf
C:\Users\BGC6u8Oy yXGxkR\Documents\3elBOuNM9inw.xls
C:\Users\BGC6u8Oy yXGxkR\Documents\4UdyYbKWV9mB76tE9.docx
C:\Users\BGC6u8Oy yXGxkR\Documents\5RH2djh.pptx
C:\Users\BGC6u8Oy yXGxkR\Documents\67h-cmBvlt5o.docx
C:\Users\BGC6u8Oy yXGxkR\Documents\7LhUg5hdx.pptx
C:\Users\BGC6u8Oy yXGxkR\Documents\A2JO2Q.xlsx
C:\Users\BGC6u8Oy yXGxkR\Documents\BAj1uz8WhPz.pps
C:\Users\BGC6u8Oy yXGxkR\Documents\FJwB9V_37 sXzcUl.pptx
C:\Users\BGC6u8Oy yXGxkR\Documents\FmpY3hYK.pps
C:\Users\BGC6u8Oy yXGxkR\Documents\FsMry1wDNjyHr88QbJ.doc
C:\Users\BGC6u8Oy yXGxkR\Documents\GQeTN9ctz7I Mu1_ZUAI.doc
C:\Users\BGC6u8Oy yXGxkR\Documents\GukxghO G5.doc
C:\Users\BGC6u8Oy yXGxkR\Documents\JQ Oeh4.ppt
C:\Users\BGC6u8Oy yXGxkR\Documents\Lxu7 r3Sd.pptx
C:\Users\BGC6u8Oy yXGxkR\Documents\PbGphR2.docx
C:\Users\BGC6u8Oy yXGxkR\Documents\PiM3C.pptx
C:\Users\BGC6u8Oy yXGxkR\Documents\SYNqtNKj-TqMsWL.ppt
C:\Users\BGC6u8Oy yXGxkR\Documents\SawaTvzv0_pk-8e.rtf
C:\Users\BGC6u8Oy yXGxkR\Documents\Tj0Mg.rtf
C:\Users\BGC6u8Oy yXGxkR\Documents\VH7I_1E6Mj9.docx
C:\Users\BGC6u8Oy yXGxkR\Documents\VeNX1JTlCwY55.xlsx
C:\Users\BGC6u8Oy yXGxkR\Documents\W6jV6y61.pptx
C:\Users\BGC6u8Oy yXGxkR\Documents\W6nVTxMIY.odp
C:\Users\BGC6u8Oy yXGxkR\Documents\XXenXSAdaI.xls
C:\Users\BGC6u8Oy yXGxkR\Documents\XuG0IP8tzMKGu DARc3T.xlsx
C:\Users\BGC6u8Oy yXGxkR\Documents\Ywpcv8MNE8ortTBQG.xlsx
C:\Users\BGC6u8Oy yXGxkR\Documents\_FlBh81bjaH1o.xlsx
C:\Users\BGC6u8Oy yXGxkR\Documents\bUdicoDb34gk3.xlsx
C:\Users\BGC6u8Oy yXGxkR\Documents\dIdQD4ugr.docx
C:\Users\BGC6u8Oy yXGxkR\Documents\dyfhuMZt1lp.pdf
C:\Users\BGC6u8Oy yXGxkR\Documents\h59don.pptx
C:\Users\BGC6u8Oy yXGxkR\Documents\ifmHxvhSXAT33iaD.odp
C:\Users\BGC6u8Oy yXGxkR\Documents\jnPNlw85y.xlsx
C:\Users\BGC6u8Oy yXGxkR\Documents\pORacMc.odt
C:\Users\BGC6u8Oy yXGxkR\Documents\vW4l.pptx
C:\Users\BGC6u8Oy yXGxkR\Documents\v_5XIiMspvnuKTa.xlsx
C:\Users\BGC6u8Oy yXGxkR\Documents\vfso58.ppt
C:\Users\BGC6u8Oy yXGxkR\Documents\wC0sGC.ods
C:\Users\BGC6u8Oy yXGxkR\Documents\wC7VZQsWT3B21aOy8Qb.pptx
C:\Users\BGC6u8Oy yXGxkR\Music\8OhGN3B.wav
C:\Users\BGC6u8Oy yXGxkR\Music\MpAHL8Nz.mp3
C:\Users\BGC6u8Oy yXGxkR\Music\Yx1DO
C:\Users\BGC6u8Oy yXGxkR\Music\Yx1DO\GHfZ Nwk56A4
C:\Users\BGC6u8Oy yXGxkR\Music\Yx1DO\GHfZ Nwk56A4\Je7vI7uZhvLHW__.mp3
C:\Users\BGC6u8Oy yXGxkR\Music\Yx1DO\GHfZ Nwk56A4\WiZQHOG8R4PEJ3.m4a
C:\Users\BGC6u8Oy yXGxkR\Music\Yx1DO\GHfZ Nwk56A4\gX7yKyctIIoYawR5.m4a
C:\Users\BGC6u8Oy yXGxkR\Music\Yx1DO\GHfZ Nwk56A4\nxwdOR3.m4a
C:\Users\BGC6u8Oy yXGxkR\Music\Yx1DO\HcIuybOm
C:\Users\BGC6u8Oy yXGxkR\Music\Yx1DO\HcIuybOm\VFUlWw9aHNCGGsZb_MeB
C:\Users\BGC6u8Oy yXGxkR\Music\Yx1DO\HcIuybOm\VFUlWw9aHNCGGsZb_MeB\6_ Mkgyn7NZ6Ee1yGYA7.wav
C:\Users\BGC6u8Oy yXGxkR\Music\Yx1DO\HcIuybOm\VFUlWw9aHNCGGsZb_MeB\MP0afGU0 P47B3w.mp3
C:\Users\BGC6u8Oy yXGxkR\Music\Yx1DO\HcIuybOm\VFUlWw9aHNCGGsZb_MeB\ciT3IJL.m4a
C:\Users\BGC6u8Oy yXGxkR\Music\Yx1DO\HcIuybOm\eGgjkBgGArNvx2V.mp3
C:\Users\BGC6u8Oy yXGxkR\Music\Yx1DO\HcIuybOm\oW17I.mp3
C:\Users\BGC6u8Oy yXGxkR\Music\Yx1DO\HcIuybOm\rnbNpf1jyMBa7RtnQjt.m4a
C:\Users\BGC6u8Oy yXGxkR\Music\Yx1DO\HcIuybOm\uz Jf1IQV.wav
C:\Users\BGC6u8Oy yXGxkR\Music\Yx1DO\KZv5ybbRXHAj.m4a
C:\Users\BGC6u8Oy yXGxkR\Music\Yx1DO\KfTyhuo.mp3
C:\Users\BGC6u8Oy yXGxkR\Music\Yx1DO\O9eO4Ax1gk
C:\Users\BGC6u8Oy yXGxkR\Music\Yx1DO\O9eO4Ax1gk\1imanP.mp3
C:\Users\BGC6u8Oy yXGxkR\Music\Yx1DO\O9eO4Ax1gk\LS_Lm0.m4a
C:\Users\BGC6u8Oy yXGxkR\Music\Yx1DO\O9eO4Ax1gk\MV_iF.mp3
C:\Users\BGC6u8Oy yXGxkR\Music\Yx1DO\O9eO4Ax1gk\Z53570-Xfgh2ds9pmIU.wav
C:\Users\BGC6u8Oy yXGxkR\Music\Yx1DO\O9eO4Ax1gk\fR5Mj_MEb6UEpK322faP.wav
C:\Users\BGC6u8Oy yXGxkR\Music\Yx1DO\O9eO4Ax1gk\jUSM3SpsrG6SAtFT6Fc.mp3
C:\Users\BGC6u8Oy yXGxkR\Music\Yx1DO\ThZcHRVY4rp3JRI.wav
C:\Users\BGC6u8Oy yXGxkR\Music\Yx1DO\jJ5LkUA6uJ.wav
C:\Users\BGC6u8Oy yXGxkR\Music\Yx1DO\metdI9KiiXd0t.wav
C:\Users\BGC6u8Oy yXGxkR\Music\aSQaQ3.wav
C:\Users\BGC6u8Oy yXGxkR\Pictures\BRAx.gif
C:\Users\BGC6u8Oy yXGxkR\Pictures\Frjq-E6bNB6ZD_Cr.gif
C:\Users\BGC6u8Oy yXGxkR\Pictures\N9spw9 w00-A
C:\Users\BGC6u8Oy yXGxkR\Pictures\N9spw9 w00-A\7CVoROeQ_lU3VXQ.jpg
C:\Users\BGC6u8Oy yXGxkR\Pictures\N9spw9 w00-A\Fynw_e YdR2gIZQTakrF
C:\Users\BGC6u8Oy yXGxkR\Pictures\N9spw9 w00-A\Fynw_e YdR2gIZQTakrF\KVAo
C:\Users\BGC6u8Oy yXGxkR\Pictures\N9spw9 w00-A\Fynw_e YdR2gIZQTakrF\KVAo\PKFuV3LeVb-Tnn7oeO.png
C:\Users\BGC6u8Oy yXGxkR\Pictures\N9spw9 w00-A\Fynw_e YdR2gIZQTakrF\KVAo\fxO6.png
C:\Users\BGC6u8Oy yXGxkR\Pictures\N9spw9 w00-A\Fynw_e YdR2gIZQTakrF\QCPANAvt1G.jpg
C:\Users\BGC6u8Oy yXGxkR\Pictures\N9spw9 w00-A\Fynw_e YdR2gIZQTakrF\T7e8Tk.png
C:\Users\BGC6u8Oy yXGxkR\Pictures\N9spw9 w00-A\G0er9CIr5Q3sSMkq
C:\Users\BGC6u8Oy yXGxkR\Pictures\N9spw9 w00-A\G0er9CIr5Q3sSMkq\AzIHVMwhXzQq2vxHts.gif
C:\Users\BGC6u8Oy yXGxkR\Pictures\N9spw9 w00-A\G0er9CIr5Q3sSMkq\FT_HdP0 L.gif
C:\Users\BGC6u8Oy yXGxkR\Pictures\N9spw9 w00-A\NLXAjk54DiwyZrj4E.jpg
C:\Users\BGC6u8Oy yXGxkR\Pictures\N9spw9 w00-A\zEfNt8NLJVm-Gr.gif
C:\Users\BGC6u8Oy yXGxkR\Pictures\QrR59Od3wk8MiaB
C:\Users\BGC6u8Oy yXGxkR\Pictures\QrR59Od3wk8MiaB\23 uc3BnU9djxhTPD.bmp
C:\Users\BGC6u8Oy yXGxkR\Pictures\QrR59Od3wk8MiaB\Crg00rCcAQxvBHIofd.bmp
C:\Users\BGC6u8Oy yXGxkR\Pictures\QrR59Od3wk8MiaB\Gr7kRTBysE5ePVZa-X.jpg
C:\Users\BGC6u8Oy yXGxkR\Pictures\QrR59Od3wk8MiaB\JOZB9I1uWbQLbgKwV85Z.bmp
C:\Users\BGC6u8Oy yXGxkR\Pictures\QrR59Od3wk8MiaB\iXPB_EYHe.png
C:\Users\BGC6u8Oy yXGxkR\Pictures\TjiIsH6Qon.gif
C:\Users\BGC6u8Oy yXGxkR\Pictures\Uou9_lh0.jpg
C:\Users\BGC6u8Oy yXGxkR\Pictures\X509O9YBLtwm 3Sd5.gif
C:\Users\BGC6u8Oy yXGxkR\Pictures\dlbAN
C:\Users\BGC6u8Oy yXGxkR\Pictures\dlbAN\6dc8SOco.png
C:\Users\BGC6u8Oy yXGxkR\Pictures\dlbAN\CAgSMk6gPZBWJ3aGw.bmp
C:\Users\BGC6u8Oy yXGxkR\Pictures\dlbAN\CBOB_OTuFV.bmp
C:\Users\BGC6u8Oy yXGxkR\Pictures\dlbAN\dUGcnxB2ONmGpvokzW4b
C:\Users\BGC6u8Oy yXGxkR\Pictures\dlbAN\dUGcnxB2ONmGpvokzW4b\-EhYQwq_Uk.gif
C:\Users\BGC6u8Oy yXGxkR\Pictures\dlbAN\dUGcnxB2ONmGpvokzW4b\1dC3cA8.gif
C:\Users\BGC6u8Oy yXGxkR\Pictures\dlbAN\dUGcnxB2ONmGpvokzW4b\AoCyFLkm L.bmp
C:\Users\BGC6u8Oy yXGxkR\Pictures\dlbAN\rU0rQNjMuhp3E w3ohW.png
C:\Users\BGC6u8Oy yXGxkR\Pictures\ea5gqT_FpoAQ.gif
C:\Users\BGC6u8Oy yXGxkR\Videos\- xT zeThxkwr3xC8I.flv
C:\Users\BGC6u8Oy yXGxkR\Videos\-AifsbSJWz5g6bAlrRHP.swf
C:\Users\BGC6u8Oy yXGxkR\Videos\5BRlIjvv7Ti.swf
C:\Users\BGC6u8Oy yXGxkR\Videos\7GaAGIN4.mkv
C:\Users\BGC6u8Oy yXGxkR\Videos\7KXvcRJ7ZuE8FthH.mp4
C:\Users\BGC6u8Oy yXGxkR\Videos\8CG-tt.mkv
C:\Users\BGC6u8Oy yXGxkR\Videos\DX52K4YZ9YI5APd.flv
C:\Users\BGC6u8Oy yXGxkR\Videos\GUKo9Kp0miCKQ-.flv
C:\Users\BGC6u8Oy yXGxkR\Videos\HQlzf_5Kz0B.avi
C:\Users\BGC6u8Oy yXGxkR\Videos\J7qydcq-TB9V.mkv
C:\Users\BGC6u8Oy yXGxkR\Videos\P7qn.swf
C:\Users\BGC6u8Oy yXGxkR\Videos\PPHQIixnc6Nx_.mp4
C:\Users\BGC6u8Oy yXGxkR\Videos\QzGlwn-aOzSUDpPg3DP.swf
C:\Users\BGC6u8Oy yXGxkR\Videos\RboLGXwNwpMbnqFj6bZW.swf
C:\Users\BGC6u8Oy yXGxkR\Videos\Sv oGVoA9zPbM1.avi
C:\Users\BGC6u8Oy yXGxkR\Videos\Sxl1.mkv
C:\Users\BGC6u8Oy yXGxkR\Videos\YMxiwITp8EJytVL.swf
C:\Users\BGC6u8Oy yXGxkR\Videos\aUC0s JtmZZH82.mp4
C:\Users\BGC6u8Oy yXGxkR\Videos\bHDfbWOhbmbeHyElu9j.avi
C:\Users\BGC6u8Oy yXGxkR\Videos\erp1YH0TkZ7tLq9.mkv
C:\Users\BGC6u8Oy yXGxkR\Videos\fhhI2.avi
C:\Users\BGC6u8Oy yXGxkR\Videos\fpS qzJE1S0igUjGy.mp4
C:\Users\BGC6u8Oy yXGxkR\Videos\gwqpQUUykPMaWj.mkv
C:\Users\BGC6u8Oy yXGxkR\Videos\jxvaw9.mkv
C:\Users\BGC6u8Oy yXGxkR\Videos\lOtuIf2QGE.mkv
C:\Users\BGC6u8Oy yXGxkR\Videos\u7VqR.mp4
C:\Users\BGC6u8Oy yXGxkR\Videos\wAkkOZ0Y6KAnzZHp.mkv
C:\Users\BGC6u8Oy yXGxkR\Videos\z043v_.mp4
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image