b575cbe2...3786 | Files
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification:
Ransomware
Threat Names:
Gen:Variant.Razy.599308
Gen:Variant.Jaik.40100

captcha_visual.exe

Windows Exe (x86-32)

Created at 2020-10-28T09:06:00

...

Remarks (2/2)

(0x0200000E): The overall sleep time of all monitored processes was truncated from "15 seconds" to "10 seconds" to reveal dormant functionality.

(0x02000007): The operating system was rebooted during the analysis because the sample modified the master boot record (MBR).

Master Boot Record Changes
»
Sector Number Sector Size Actions
2063 512 Bytes
...


Filters:
Filename Category Type Severity Actions
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\captcha_visual.exe Sample File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 42.00 KB
MD5 b2b278aed753209592b051998cc78d6e Copy to Clipboard
SHA1 187fade13fa2590af0a7168a5fa1bbdd38fb696f Copy to Clipboard
SHA256 b575cbe291920b98cd523890c53902ccaad1c1f0357024c51e0ac5b1d0cd3786 Copy to Clipboard
SSDeep 768:TWAiV+oPalRR4+G1KSisOUp1efyKjJxGqYEphnsL1Gt14eisgDKL+LI+okmDWwRo:TS+oPI6f11OUp15oVph/4psgHyWw8GY Copy to Clipboard
ImpHash 008b12ff6cadf232fd3c1e1bd3121bd0 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x406850
Size Of Code 0x7a00
Size Of Initialized Data 0x16600
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2020-10-12 15:42:45+00:00
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x7804 0x7a00 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.36
.rdata 0x409000 0xd58 0xe00 0x7e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.05
.data 0x40a000 0x13aac 0x0 0x0 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.ndata 0x41e000 0x1651 0x1800 0x8c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 7.95
.rsrc 0x420000 0x298 0x400 0xa400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 2.06
Imports (6)
»
MPR.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WNetEnumResourceW 0x0 0x409144 0x945c 0x825c 0x1c
WNetOpenEnumW 0x0 0x409148 0x9460 0x8260 0x3d
WNetCloseEnum 0x0 0x40914c 0x9464 0x8264 0x10
KERNEL32.dll (64)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetFileAttributesW 0x0 0x409040 0x9358 0x8158 0x1ea
CreateFileW 0x0 0x409044 0x935c 0x815c 0x8f
GetLastError 0x0 0x409048 0x9360 0x8160 0x202
FindClose 0x0 0x40904c 0x9364 0x8164 0x12e
DeviceIoControl 0x0 0x409050 0x9368 0x8168 0xdd
WaitForMultipleObjects 0x0 0x409054 0x936c 0x816c 0x4f7
FindNextFileW 0x0 0x409058 0x9370 0x8170 0x145
GetVolumeInformationW 0x0 0x40905c 0x9374 0x8174 0x2a7
CreateThread 0x0 0x409060 0x9378 0x8178 0xb5
TryEnterCriticalSection 0x0 0x409064 0x937c 0x817c 0x4ce
Sleep 0x0 0x409068 0x9380 0x8180 0x4b2
WriteFile 0x0 0x40906c 0x9384 0x8184 0x525
GetStdHandle 0x0 0x409070 0x9388 0x8188 0x264
SetEndOfFile 0x0 0x409074 0x938c 0x818c 0x453
SetFilePointerEx 0x0 0x409078 0x9390 0x8190 0x467
ReadFile 0x0 0x40907c 0x9394 0x8194 0x3c0
GetFileSizeEx 0x0 0x409080 0x9398 0x8198 0x1f1
MoveFileW 0x0 0x409084 0x939c 0x819c 0x363
SetFileAttributesW 0x0 0x409088 0x93a0 0x81a0 0x461
HeapAlloc 0x0 0x40908c 0x93a4 0x81a4 0x2cb
GetCurrentProcess 0x0 0x409090 0x93a8 0x81a8 0x1c0
HeapFree 0x0 0x409094 0x93ac 0x81ac 0x2cf
GetProcessHeap 0x0 0x409098 0x93b0 0x81b0 0x24a
GlobalAlloc 0x0 0x40909c 0x93b4 0x81b4 0x2b3
GetLogicalDrives 0x0 0x4090a0 0x93b8 0x81b8 0x209
GetVersion 0x0 0x4090a4 0x93bc 0x81bc 0x2a2
PeekNamedPipe 0x0 0x4090a8 0x93c0 0x81c0 0x38d
GetComputerNameW 0x0 0x4090ac 0x93c4 0x81c4 0x18f
SetEvent 0x0 0x4090b0 0x93c8 0x81c8 0x459
TerminateThread 0x0 0x4090b4 0x93cc 0x81cc 0x4c1
GetProcAddress 0x0 0x4090b8 0x93d0 0x81d0 0x245
LoadLibraryA 0x0 0x4090bc 0x93d4 0x81d4 0x33c
CreateEventW 0x0 0x4090c0 0x93d8 0x81d8 0x85
OpenProcess 0x0 0x4090c4 0x93dc 0x81dc 0x380
GetFileType 0x0 0x4090c8 0x93e0 0x81e0 0x1f3
GetModuleHandleA 0x0 0x4090cc 0x93e4 0x81e4 0x215
DuplicateHandle 0x0 0x4090d0 0x93e8 0x81e8 0xe8
GetCurrentProcessId 0x0 0x4090d4 0x93ec 0x81ec 0x1c1
ExitProcess 0x0 0x4090d8 0x93f0 0x81f0 0x119
GetModuleHandleW 0x0 0x4090dc 0x93f4 0x81f4 0x218
GetCommandLineW 0x0 0x4090e0 0x93f8 0x81f8 0x187
CreatePipe 0x0 0x4090e4 0x93fc 0x81fc 0xa1
GetEnvironmentVariableW 0x0 0x4090e8 0x9400 0x8200 0x1dc
CreateProcessW 0x0 0x4090ec 0x9404 0x8204 0xa8
WaitForSingleObject 0x0 0x4090f0 0x9408 0x8208 0x4f9
SetHandleInformation 0x0 0x4090f4 0x940c 0x820c 0x470
GetLocaleInfoW 0x0 0x4090f8 0x9410 0x8210 0x206
GetModuleFileNameW 0x0 0x4090fc 0x9414 0x8214 0x214
Process32FirstW 0x0 0x409100 0x9418 0x8218 0x396
Process32NextW 0x0 0x409104 0x941c 0x821c 0x398
CreateToolhelp32Snapshot 0x0 0x409108 0x9420 0x8220 0xbe
CreateDirectoryW 0x0 0x40910c 0x9424 0x8224 0x81
SetErrorMode 0x0 0x409110 0x9428 0x8228 0x458
GetDriveTypeW 0x0 0x409114 0x942c 0x822c 0x1d3
FindFirstFileW 0x0 0x409118 0x9430 0x8230 0x139
CloseHandle 0x0 0x40911c 0x9434 0x8234 0x52
DeleteCriticalSection 0x0 0x409120 0x9438 0x8238 0xd1
EnterCriticalSection 0x0 0x409124 0x943c 0x823c 0xee
TerminateProcess 0x0 0x409128 0x9440 0x8240 0x4c0
GetExitCodeProcess 0x0 0x40912c 0x9444 0x8244 0x1df
LeaveCriticalSection 0x0 0x409130 0x9448 0x8248 0x339
InitializeCriticalSection 0x0 0x409134 0x944c 0x824c 0x2e2
GlobalFree 0x0 0x409138 0x9450 0x8250 0x2ba
GetSystemWindowsDirectoryW 0x0 0x40913c 0x9454 0x8254 0x27c
USER32.dll (24)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DialogBoxParamW 0x0 0x409170 0x9488 0x8288 0xac
ShowWindow 0x0 0x409174 0x948c 0x828c 0x2e4
MessageBoxW 0x0 0x409178 0x9490 0x8290 0x217
SetWindowTextA 0x0 0x40917c 0x9494 0x8294 0x2cf
SendMessageW 0x0 0x409180 0x9498 0x8298 0x280
EnableWindow 0x0 0x409184 0x949c 0x829c 0xd8
UnregisterHotKey 0x0 0x409188 0x94a0 0x82a0 0x30d
GetWindowThreadProcessId 0x0 0x40918c 0x94a4 0x82a4 0x1a5
RegisterHotKey 0x0 0x409190 0x94a8 0x82a8 0x25a
GetWindowTextLengthW 0x0 0x409194 0x94ac 0x82ac 0x1a3
CloseClipboard 0x0 0x409198 0x94b0 0x82b0 0x49
GetWindowTextA 0x0 0x40919c 0x94b4 0x82b4 0x1a1
EmptyClipboard 0x0 0x4091a0 0x94b8 0x82b8 0xd5
GetDlgItem 0x0 0x4091a4 0x94bc 0x82bc 0x127
OpenClipboard 0x0 0x4091a8 0x94c0 0x82c0 0x228
SetClipboardData 0x0 0x4091ac 0x94c4 0x82c4 0x28a
wsprintfW 0x0 0x4091b0 0x94c8 0x82c8 0x339
GetShellWindow 0x0 0x4091b4 0x94cc 0x82cc 0x17a
SetTimer 0x0 0x4091b8 0x94d0 0x82d0 0x2c0
PostMessageW 0x0 0x4091bc 0x94d4 0x82d4 0x239
KillTimer 0x0 0x4091c0 0x94d8 0x82d8 0x1e4
wsprintfA 0x0 0x4091c4 0x94dc 0x82dc 0x338
SetWindowTextW 0x0 0x4091c8 0x94e0 0x82e0 0x2d0
EndDialog 0x0 0x4091cc 0x94e4 0x82e4 0xda
ADVAPI32.dll (15)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CryptAcquireContextW 0x0 0x409000 0x9318 0x8118 0xb1
CryptSetKeyParam 0x0 0x409004 0x931c 0x811c 0xcd
CryptReleaseContext 0x0 0x409008 0x9320 0x8120 0xcb
CryptGenRandom 0x0 0x40900c 0x9324 0x8124 0xc1
CryptDestroyKey 0x0 0x409010 0x9328 0x8128 0xb7
CryptDecrypt 0x0 0x409014 0x932c 0x812c 0xb4
OpenProcessToken 0x0 0x409018 0x9330 0x8130 0x1f7
GetTokenInformation 0x0 0x40901c 0x9334 0x8134 0x15a
SetTokenInformation 0x0 0x409020 0x9338 0x8138 0x2c2
DuplicateTokenEx 0x0 0x409024 0x933c 0x813c 0xdf
RegQueryValueExA 0x0 0x409028 0x9340 0x8140 0x26d
RegOpenKeyExA 0x0 0x40902c 0x9344 0x8144 0x260
RegCloseKey 0x0 0x409030 0x9348 0x8148 0x230
CryptImportKey 0x0 0x409034 0x934c 0x814c 0xca
CryptEncrypt 0x0 0x409038 0x9350 0x8150 0xba
SHELL32.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
(by ordinal) 0x2a8 0x409154 0x946c 0x826c -
CommandLineToArgvW 0x0 0x409158 0x9470 0x8270 0x6
ShellExecuteExW 0x0 0x40915c 0x9474 0x8274 0x121
SHGetPathFromIDListW 0x0 0x409160 0x9478 0x8278 0xd7
SHBrowseForFolderW 0x0 0x409164 0x947c 0x827c 0x7b
SHGetSpecialFolderPathW 0x0 0x409168 0x9480 0x8280 0xe1
ole32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CoInitialize 0x0 0x4091d4 0x94ec 0x82ec 0x3e
CoTaskMemFree 0x0 0x4091d8 0x94f0 0x82f0 0x68
CoUninitialize 0x0 0x4091dc 0x94f4 0x82f4 0x6c
Memory Dumps (2)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point AV YARA Actions
captcha_visual.exe 1 0x00400000 0x00420FFF Relevant Image True 32-bit 0x00402850 True False
...
captcha_visual.exe 1 0x00400000 0x00420FFF Final Dump True 32-bit 0x00408610 True False
...
Local AV Matches (1)
»
Threat Name Severity
Gen:Variant.Razy.599308
Malicious
c:\windows\tasks\sa.dat Modified File Stream
Whitelisted
...
»
Mime Type application/octet-stream
File Size 6 Bytes
MD5 f1a6cd5adaab953a6764ea364e17bfb8 Copy to Clipboard
SHA1 c99a1eb2d8974a667d2e0bc2dc1efcbe0ef23387 Copy to Clipboard
SHA256 12dc5ccd7fecafe070976a1916e9672e3d53085633c86957aee305ccc584184c Copy to Clipboard
SSDeep 3:A:A Copy to Clipboard
ImpHash -
File Reputation Information
»
Severity
Whitelisted
c:\windows\bootstat.dat Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 66.00 KB
MD5 4332cfdb292bb8562a82be74ebe9d5ae Copy to Clipboard
SHA1 a849409070bffd772d341644fb41fb39f37c8b7e Copy to Clipboard
SHA256 2de3500314b9046636cbe348b8bfab3f4f8b8e89235be9e77be318eba96a0ef0 Copy to Clipboard
SSDeep 3:NlE/7k+lHlFlkflalll/1sK8Uha6aulIiblxltlQ6p1sK8UhaCtkUlcl:iPWNqtXNXautri6pXN9ny Copy to Clipboard
ImpHash -
c:\windows\setupact.log Modified File Text
Unknown
...
»
Mime Type text/plain
File Size 314 Bytes
MD5 9447e12df901c4cc0f1b49d4836e2a4b Copy to Clipboard
SHA1 dadbe7e53fa9738ee26f542968c26e01ca054e53 Copy to Clipboard
SHA256 c557e93708405df203f1bf035074d8c0f2184d20c719448ea59f25e95b7840ac Copy to Clipboard
SSDeep 6:/WNVf1gKfTOJ1F34vkxDNVf1gKfTOJ1F34vkxDNVf1gKfTOJ1F34vsjAIGF2TWN6:eVgK6JPo8xDVgK6JPo8xDVgK6JPo0qFg Copy to Clipboard
ImpHash -
c:\windows\system32\logfiles\scm\5f5a18eb-dc73-4e45-a11c-b59043598412 Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 20 Bytes
MD5 0b91b268fba9bd7806afdc1653dcb3cd Copy to Clipboard
SHA1 6a863525d44ab4ca2c1da334884b29320118c5dc Copy to Clipboard
SHA256 15a2ea1b73f8697d2c3af5a2e7e222efb3ed098d846bcd5b3ba07fac8d23c098 Copy to Clipboard
SSDeep 3:L6Stzo8:OS93 Copy to Clipboard
ImpHash -
c:\windows\system32\logfiles\scm\2470470f-2634-478e-b181-571e98a789bb Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 20 Bytes
MD5 c3654adcd6767287ae7a3ba8bf8861f0 Copy to Clipboard
SHA1 52e214af3344be09899ec344570e6c10451c0fa6 Copy to Clipboard
SHA256 1ad946eb59dc6e145137b140bf6378d9e380b50a1aeaaa0b28375d10a457f1c2 Copy to Clipboard
SSDeep 3:51Den8:rin8 Copy to Clipboard
ImpHash -
c:\windows\system32\logfiles\scm\4c8b01a2-11ff-4c41-848f-508ef4f00cf7 Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 20 Bytes
MD5 96c105f6c67d2380b1d300bc6664458d Copy to Clipboard
SHA1 a8ed52f87fbec3b9184a06f25155f08daf90ed25 Copy to Clipboard
SHA256 fa477c3e4a9b502966e3652feec7ce528ab75a7a5ba73ddc08371ac326a0e747 Copy to Clipboard
SSDeep 3:0U7J3n:0q3n Copy to Clipboard
ImpHash -
c:\windows\system32\logfiles\scm\7afcc0ca-7121-422a-ab45-b0e8d599ff08 Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 20 Bytes
MD5 e4df848ce3b8c72c862e77fc8bc466b1 Copy to Clipboard
SHA1 533791bd2a11f79992c37fa1139ccfd78a16b552 Copy to Clipboard
SHA256 777de28c9d0174213437b7c25e274d52fa656591e24a55ed21efb76e5745bc31 Copy to Clipboard
SSDeep 3:R4sIzstqn6:zIzs8n6 Copy to Clipboard
ImpHash -
c:\windows\system32\logfiles\scm\b2945f6a-2378-4a2d-a700-f64d33f40fe5 Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 20 Bytes
MD5 ecf26f6b2f600a782db1972daacf2d17 Copy to Clipboard
SHA1 f8922f0aa8422f5db0e6c1b263105c175dfdcad9 Copy to Clipboard
SHA256 c9317febd4332a1d39a6d36ef585fef9c1a66bf082e7f124ce55472cf4568459 Copy to Clipboard
SSDeep 3:j1wkVPzkn:hRyn Copy to Clipboard
ImpHash -
c:\windows\system32\winevt\logs\system.evtx Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 2.07 MB
MD5 c9e73b5d120abeb7f23cbb9a56036f97 Copy to Clipboard
SHA1 303a705b88c5f0ccfe4c8f3e41ae82eb7478f42d Copy to Clipboard
SHA256 dc8c8dd44dbcdd6e971ecd50c8113d0e3d26e37b72e86c6728480da57a61b12b Copy to Clipboard
SSDeep 6144:wg1wz0VgGjS233D9mCFOrdMSLMBaiDzSDK:d1C0tGU3D9mCFOrdMSLMBaiDzSDK Copy to Clipboard
ImpHash -
c:\windows\system32\winevt\logs\application.evtx Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 2.07 MB
MD5 5b784dcb9428cc9f42701d2024a9f6d8 Copy to Clipboard
SHA1 0c7412d5ec43610968c5f863fe59abe686556760 Copy to Clipboard
SHA256 d119fd1dfd4a24192b11c999e0353b2ff1b8c35b885ebb2a3765d3364a97f0f8 Copy to Clipboard
SSDeep 12288:m1sheRoQ/hqSl1LDsM4kLF37C0r5E8XK1yXeITNhz1yatDJMBD1: Copy to Clipboard
ImpHash -
c:\windows\system32\winevt\logs\security.evtx Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 1.07 MB
MD5 8d123e8d0a84619104cdf1d8eafcd082 Copy to Clipboard
SHA1 6e849b0876612441210abf0f8de17989d4a47453 Copy to Clipboard
SHA256 5ad555c2af65fd8df785d95cd570a126ca0b3f5abd20753f00909d894573c5a5 Copy to Clipboard
SSDeep 3072:TLO7IqpT9tOervMEDrPJVtHJLv3BaHDUL99JtwHVmev:gGervMEpVtHJL/V99JtwHVmev Copy to Clipboard
ImpHash -
c:\windows\system32\winevt\logs\microsoft-windows-kernel-whea%4operational.evtx Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 1.00 MB
MD5 c90e59d9cc23bf3e28d755070b846ed6 Copy to Clipboard
SHA1 af25a90490c765ac2daffa17f1cf17461770cc5a Copy to Clipboard
SHA256 1597d038fb28528fa2ed88e692dbba5bb8d8ff1851a74ce16c6da5c65756359d Copy to Clipboard
SSDeep 384:B7hkICqQ0RDIx9IyIQIhInI/JIHIAEIGYIOI7IeIvghVI/iY8CIXIi0IXIhCIHkY:B7RxTOLgPz+Rag03KvU Copy to Clipboard
ImpHash -
c:\windows\system32\winevt\logs\microsoft-windows-grouppolicy%4operational.evtx Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 1.07 MB
MD5 5371e69b77e90fc818903ac041f73f45 Copy to Clipboard
SHA1 d1599ec1146eba698575c8000f5d83f9bfeaca61 Copy to Clipboard
SHA256 4acc488e9da330f7b89ddbf34d02fc6023ab5ca71404a6b8872f74feec870f3a Copy to Clipboard
SSDeep 3072:/P3qQ2kiBNqmW+ngCJsVv06r0kJP4JqjLKTTSm:/P4hngCJsVv06r0kJP4JqjLKTTSm Copy to Clipboard
ImpHash -
c:\windows\system32\winevt\logs\microsoft-windows-user profile service%4operational.evtx Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 1.07 MB
MD5 3a3ef4832ac67df329bf363a13f1c1dd Copy to Clipboard
SHA1 772577a47f4aef7b83f32456b2308978c334a69c Copy to Clipboard
SHA256 adddd61427e6e6b14f2ce5e00f039e2eb14ede253e7e730edde72169a873cab7 Copy to Clipboard
SSDeep 1536:zdoIScVo73eJwSQpdBCA07aVN6er+FU2PflW7fRBoeRdVrnVzpbRgL8gnRb7WPi2:4RlMS1 Copy to Clipboard
ImpHash -
c:\windows\system32\winevt\logs\microsoft-windows-offlinefiles%4operational.evtx Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 68.00 KB
MD5 91d55a1d542cab3f3db38b7a6932b048 Copy to Clipboard
SHA1 ad8d859f6d45d551b954648ac9344ada0e5ac9b7 Copy to Clipboard
SHA256 c895f6dbe6ae3e6f77f4f546a33f4292505eebb83e87e8bc6ad8823974fc9160 Copy to Clipboard
SSDeep 1536:ywpSJQxh9R8WJQl58ipWYIWphdBdurh+sJZlpJt7iRf9JiSqhNvtAqhs9+8zhSWS:hV Copy to Clipboard
ImpHash -
c:\windows\system32\winevt\logs\microsoft-windows-branchcachesmb%4operational.evtx Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 68.00 KB
MD5 e1b85cf3eff46236a5799a218d021d25 Copy to Clipboard
SHA1 7570cb15dfa2bf3aa08cb6ea7790e999adae6a70 Copy to Clipboard
SHA256 da5f7ebeb59b696875b34fc6962c16a95b685ae0b9cd71d484393b73f75a2ee3 Copy to Clipboard
SSDeep 384:vhuhDhQ2QPhDY6hDamhDDhD8hDhhD/hDOhD1hD4hDshDchDihDohDLzhD4hDWhD+:vYrQeDQP6j Copy to Clipboard
ImpHash -
c:\windows\system32\winevt\logs\microsoft-windows-dhcpv6-client%4admin.evtx Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 68.00 KB
MD5 a21e2762042ea2afa8a7ea4a67c094eb Copy to Clipboard
SHA1 3a858883923e6ff54ce33edf28124e3c414748d1 Copy to Clipboard
SHA256 6e901e4c54cf6f73b8282c1e54becc721be3b8e42ce8e318bd45087e15ad3d17 Copy to Clipboard
SSDeep 384:vhdtKDtotS/tSPtS7tSKtSTtSntS/tSntSNtSlptSbtSbtSPtS2tS7tSRtS7tSez:voAH Copy to Clipboard
ImpHash -
c:\windows\system32\winevt\logs\microsoft-windows-terminalservices-localsessionmanager%4operational.evtx Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 68.00 KB
MD5 f95164ac32b9a71dc5d3cd566f1c45cf Copy to Clipboard
SHA1 a4d508f4ee7eff498070145b95482975a6bbd70f Copy to Clipboard
SHA256 ab80eb8b1e7eab874896efcc355b8c487d7e92a66db54abaa5d98766fb30acb3 Copy to Clipboard
SSDeep 1536:q2sCaBtBbLghOy01lNHsco0kwE2YY21lRw4DWQbrsNKQQsLbNxrVkIdsA0CcxwQq:9Y Copy to Clipboard
ImpHash -
c:\windows\tasks\schedlgu.txt Modified File Text
Unknown
...
»
Mime Type text/plain
File Size 11.37 KB
MD5 620473ce493c4565754df833c8cf5fda Copy to Clipboard
SHA1 cf668f8e981cd1113c9a18bdff823ca846bcdea3 Copy to Clipboard
SHA256 52c2f8e4f1d555b2ae01cf3caff04bfff94bd80c9c48ca15086f05775487b520 Copy to Clipboard
SSDeep 192:r1hs11161PI1Ls1qsUfURUkU0UIqUIuUjULmNm8mHmdl4rTSrSrIcrNrttUQT6jK:r1hs11161PI1Ls1qsUfURUkU0UzUvUj6 Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\80l Y.pps.[4B2E4630].[garantos@mailfence.com].captcha Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\80l Y.pps (Dropped File)
Mime Type application/octet-stream
File Size 10.47 KB
MD5 fcd19c283668c740e47d01170b05112c Copy to Clipboard
SHA1 a2ff51d5c75f1475a6686f402324384b7db06b09 Copy to Clipboard
SHA256 aacc4f7dc9ecc8418cb77978c4d98d6909a9ddb1c7188f5f612584836ef8569e Copy to Clipboard
SSDeep 192:pmgkYXK1naKmt4eLMzYnkVQPJAP8j8KJEa1SiUWVQ6tt1ERHj7nz+6j:bc1nwrQuggaIh1SgVQ6tvE9m6j Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\9tXOTB6cCqaPF.png.[4B2E4630].[garantos@mailfence.com].captcha Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\9tXOTB6cCqaPF.png (Dropped File)
Mime Type application/octet-stream
File Size 7.16 KB
MD5 37059af3bfba5e0929f9cff1258f9a46 Copy to Clipboard
SHA1 985bd8994c1352455fe3725ab93de589f7655a6a Copy to Clipboard
SHA256 24e91614e86f5122e31e82052c94ea77b71574dec0fda0e1001fdcb44e9e1d79 Copy to Clipboard
SSDeep 192:c95sEqoEplP9mIRObT6EWMclb76R0x54+MBI:ccpoWd9dR+Tiln00zoI Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\BfLJ-qJ.odp.[4B2E4630].[garantos@mailfence.com].captcha Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\BfLJ-qJ.odp (Dropped File)
Mime Type application/octet-stream
File Size 85.13 KB
MD5 5b44b2e1e82167ec7a5e6a9333d889bc Copy to Clipboard
SHA1 9a2cbb0d854785afc7e542185de47eeffc45bf2c Copy to Clipboard
SHA256 525e8518615d62262505b43faef7ab3e1c16276dd3a09914baca450c45d8479e Copy to Clipboard
SSDeep 1536:gJKjOnhP5fFoz5KNflrfjjIKUOguQpMl++WG8a/FpdjqINZhY4V8DlAJR/hdj:gAinhPkgNflrfIUgUk+WG8yFlRVUmTht Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\bYmDuT2Ba.m4a.[4B2E4630].[garantos@mailfence.com].captcha Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\bYmDuT2Ba.m4a (Dropped File)
Mime Type application/octet-stream
File Size 76.02 KB
MD5 a78e27e7e863fb7417603d884af062a7 Copy to Clipboard
SHA1 631a60fee8453f18f40c01e0c78d8d0867ad0d54 Copy to Clipboard
SHA256 8aa99db73e6db4409f6bbbcdc40d7ae35d454d2c0762fb537dad29bbd2a7610f Copy to Clipboard
SSDeep 1536:WBVtLfy5VXYnfEsE6KNNs8MKdDuwmUREXW5FNgjk0ZJYZHXQAWEh:WBVs8sNvSwmU6ygjktQAT Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\C4P_ngTwnzZZoM\i oNgTBn.csv.[4B2E4630].[garantos@mailfence.com].captcha Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\C4P_ngTwnzZZoM\i oNgTBn.csv (Dropped File)
Mime Type application/octet-stream
File Size 15.55 KB
MD5 215b510c84439adec6b54fe7d525629d Copy to Clipboard
SHA1 a0db02a8634e6bf61970721b901bda10fc57e2b8 Copy to Clipboard
SHA256 e3c4dc5137ccd069bd5211766778f0b99f8257c3db42c5a6dd9c321a4fc137f5 Copy to Clipboard
SSDeep 384:MzHqGg4AqHpAkGXJxPzWRy/CE+Ke0S7fF/KoPCQ7OV2ZA5:CHuwNGbQy/2L0YB6Qa5 Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\FD1vIXwTkAV.gif.[4B2E4630].[garantos@mailfence.com].captcha Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\FD1vIXwTkAV.gif (Dropped File)
Mime Type application/octet-stream
File Size 27.68 KB
MD5 3f2f6f49a6581dc00cfa5a2968b2d99c Copy to Clipboard
SHA1 2494eee6e77d8739b259df7c2ed897592ee2d6c6 Copy to Clipboard
SHA256 f6477e747ff4dbc803e049b7947a495708457f0ca384b63604d20cb674922f8d Copy to Clipboard
SSDeep 768:PBjGkTTP9YbF3Takic4LO84e6Up1hC0mgtfhGI1F82oVH+7RhUEQj:PJ3vatavc4ODe6KvXmKFJoZwRhULj Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\fKh p\OUbB8Nw.bmp.[4B2E4630].[garantos@mailfence.com].captcha Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\fKh p\OUbB8Nw.bmp (Dropped File)
Mime Type application/octet-stream
File Size 86.99 KB
MD5 f8973659df5fd45cb45866ec0ee7c19b Copy to Clipboard
SHA1 a6d8eb2ab6ee0d660f89d47b7455dbbf5b52572f Copy to Clipboard
SHA256 2637d857d0d7a3c0906ff8bc5b81733494f67f79c4cdb680eb55a59e53f81d15 Copy to Clipboard
SSDeep 1536:lApn8YrRTYy3zd8UdLcMIrzGTZkO/me2Ms0PkGDAkyofGgUkqJV+aj:W8YxYy3zaUd6zGyMs08HkyIjUZ+Y Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\fKh p\qnAgUAAuMSkT3L.bmp.[4B2E4630].[garantos@mailfence.com].captcha Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\fKh p\qnAgUAAuMSkT3L.bmp (Dropped File)
Mime Type application/octet-stream
File Size 56.88 KB
MD5 4a285b2e03f1d33d17c2ffb571620198 Copy to Clipboard
SHA1 22134d8ecce82029b019fc1e7dd43288711501bc Copy to Clipboard
SHA256 edc5b388a8adf59945d16253ff5d09e544e81dd221dc57ef24f8e3ba1f369cec Copy to Clipboard
SSDeep 1536:7S0oxVhIdDSQGF5nfBNzAMeTl3vWBsdUw1lXl+/6YaNG9:e2dvGHnwMyuY17YaK Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\gjhUgLL.jpg.[4B2E4630].[garantos@mailfence.com].captcha Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\gjhUgLL.jpg (Dropped File)
Mime Type application/octet-stream
File Size 54.89 KB
MD5 70e5ca4994229e9027f3f67d050974f2 Copy to Clipboard
SHA1 e860d426e746d9af7efb1d55323b1777f4517e75 Copy to Clipboard
SHA256 597dd4c3e77aafe75686374e3fd43fa7088c43cb1fdd06c1f51b49a3fdd75550 Copy to Clipboard
SSDeep 1536:SVxVAmZhzov/N4WYTuLIEEa1llmnSmSVym4xz:SaSY/V1L91llmngyRxz Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\j3JyUbK.doc.[4B2E4630].[garantos@mailfence.com].captcha Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\j3JyUbK.doc (Dropped File)
Mime Type application/octet-stream
File Size 37.50 KB
MD5 a2c7c60f9105d024da129e38c4763c0d Copy to Clipboard
SHA1 5c4862471900a7304c0ee26bce73da8cf9973b73 Copy to Clipboard
SHA256 767de9dbcc49e6c6fe5616f04017d371b1508066ff400de6e13e86c7b603c373 Copy to Clipboard
SSDeep 768:331gNvwBNuk7X1bXpMPWfIN4v+SOOm36u0gdN47fU2s+/o+A6mj:3lnbZ9MPWVcOm36TgdNDilA6mj Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KBDfGIul9lKj5bzlyj.jpg.[4B2E4630].[garantos@mailfence.com].captcha Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KBDfGIul9lKj5bzlyj.jpg (Dropped File)
Mime Type application/octet-stream
File Size 96.27 KB
MD5 e4554f4ff525eedc81bb7ea5658ea311 Copy to Clipboard
SHA1 6f283d240516c0422d45945fa67dbf972935455b Copy to Clipboard
SHA256 dd4aace0dece85d0019eb307f57d3ca9722961462f0483b94b437384781ab4b8 Copy to Clipboard
SSDeep 1536:65l5FnwaHs66+fnxP8MHaH4Suk/AN0PGmbXSVcpBOeiExBC6ZhBGvYe5qCb1w8:65lw66/M6H4SDPhbCIB/if6ZPGvbb1w8 Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\LtxycJwYc8aiI.xlsx.[4B2E4630].[garantos@mailfence.com].captcha Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\LtxycJwYc8aiI.xlsx (Dropped File)
Mime Type application/octet-stream
File Size 79.72 KB
MD5 faa6970f1706ab22db9051ebf5a6a2e1 Copy to Clipboard
SHA1 62b9a3a43bff647ff8927de1807aa51313414858 Copy to Clipboard
SHA256 d3065848c1d36d010fe9e47a85d14874b9beca460aabebcdbbd03c240f312833 Copy to Clipboard
SSDeep 1536:6ugVGqiVjSJiZ/kJIrbMN8M+FMs/C9JSg2eGG3jxFN5Xu1tbIcdAj:q4bVjnKJIcH+F569JSLLG3jN5X0dk Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\NFMf.gif.[4B2E4630].[garantos@mailfence.com].captcha Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\NFMf.gif (Dropped File)
Mime Type application/octet-stream
File Size 21.55 KB
MD5 ef12b3de4f777b899024deffda771069 Copy to Clipboard
SHA1 f06d5b49286a4e9fdfb328b4cf2332d93a22d310 Copy to Clipboard
SHA256 8d4c209e1c3886896e873b861c6d09dc1e5d1f775708ab9ecea5b3b0749968da Copy to Clipboard
SSDeep 384:/QvYLGYPprI8QYto52zPom4mrOAdp0uzVN3hYN1HT1dK6MO7y/uGlzVx2CpU2Ate:/QvkGoPQYto5yoef0u3ClT1dK6MtVkC9 Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Po53K6XUyzjsd4PBoD_.jpg.[4B2E4630].[garantos@mailfence.com].captcha Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Po53K6XUyzjsd4PBoD_.jpg (Dropped File)
Mime Type application/octet-stream
File Size 44.52 KB
MD5 1b0ea93a97a2b9040e2ace211e615ea4 Copy to Clipboard
SHA1 0f0309047f39440884845dbcb100b0bfef7140cf Copy to Clipboard
SHA256 c4b617c754eaf787755d04f8c187d67c1f1a72685ed84365f67d4f4100aee76b Copy to Clipboard
SSDeep 768:yfmdTMXdlBlSIHLV5Hj0NfwV41lDz7ksO6uuYCv3fBaFxOGwxQPzNeKgPB5jfjpS:yfiS7LPANfwV4ksOlu1ZafhwyLNetfqR Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\RwTVxn7lStVnd_WKK.jpg.[4B2E4630].[garantos@mailfence.com].captcha Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\RwTVxn7lStVnd_WKK.jpg (Dropped File)
Mime Type application/octet-stream
File Size 67.77 KB
MD5 5be024821243ae80a08cb9d748f00e64 Copy to Clipboard
SHA1 b435fa7906d4f0ee81c5fc2cfb5c722af8b13dc4 Copy to Clipboard
SHA256 1db2ee0a0da2985a7c4e35680bec61b256d0f4775cdbc0c13265bafeaf513305 Copy to Clipboard
SSDeep 1536:1qVkNkHvz0gM3bm1v7Szd6PtEIPPchNGE+G0BL4IAPaf:oVj0gMwv7YEEIPPchNGE+GG8IASf Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\sINUfMi95MsWn.m4a.[4B2E4630].[garantos@mailfence.com].captcha Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\sINUfMi95MsWn.m4a (Dropped File)
Mime Type application/octet-stream
File Size 79.88 KB
MD5 770178ea429c322b805872e87cdae405 Copy to Clipboard
SHA1 19273421edc6828104ee85e8752c7aaac9bde56c Copy to Clipboard
SHA256 6828f57534359eb59514721d034e8d29778ebf21315606ac59cb747cfeb5ced0 Copy to Clipboard
SSDeep 1536:kyshiYw+5i96qpR65OSkXAK3Gqkx0IlbvlfHQpx/LNu1H35DjEoYBtEyNa8oj:kfVw+5i96iR6oLQt21pKx3p/oNS Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\vBXWRkjqa.swf.[4B2E4630].[garantos@mailfence.com].captcha Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\vBXWRkjqa.swf (Dropped File)
Mime Type application/octet-stream
File Size 21.27 KB
MD5 32ee82ddbf8a99b60ebfa4a290b3753f Copy to Clipboard
SHA1 d667a9071f2c2aa6f51cdf54435726b589975184 Copy to Clipboard
SHA256 59d237b1e6887e8e418ee6bafc475562ac98556bd31446819b5573ba80fe183b Copy to Clipboard
SSDeep 384:LuhQ6VmQQFZPqtWd4LV0IvIQf32JbX4RPiookSPk58QgIEZO3/qEglIxk46Zc:LuhQAOZ2Wd45UYu4FGPUgIEZO3elIxkm Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\VEOSuKZMb2iFfRfNLI.jpg.[4B2E4630].[garantos@mailfence.com].captcha Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\VEOSuKZMb2iFfRfNLI.jpg (Dropped File)
Mime Type application/octet-stream
File Size 99.36 KB
MD5 f80545431b2301f1f16afca80a96e80b Copy to Clipboard
SHA1 ea2e1c224d7302471f0c8065c3cddfcac8278a6d Copy to Clipboard
SHA256 2464d853cdb68288bc3de02d618c20142a73ea79ad52f7988e395e31eacdf2d7 Copy to Clipboard
SSDeep 3072:ozJzYXsO3BZygESVqfuhTs0EHyHi9Tr7Q3iHYaZ4eg:K1PO3B1VOtHyHi513Zlg Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\W7RXP9kYuvmTV.gif.[4B2E4630].[garantos@mailfence.com].captcha Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\W7RXP9kYuvmTV.gif (Dropped File)
Mime Type application/octet-stream
File Size 84.39 KB
MD5 430341a2c6811910b231294f07ed638a Copy to Clipboard
SHA1 d75a35a1db11d1f19acc7de67381967b39ffa89a Copy to Clipboard
SHA256 5e10d17a8ae94864aab0b0b2ea1b13ef11a6c4575f79233f176ea07b578d6075 Copy to Clipboard
SSDeep 1536:+Ic0oZaahXDxiXThZTv8YwweBc6/xQDmMKVQ2h3w5OeECR3B:TocatV8Xtw3Bc6/WDmMKVQ2hrC3 Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wu4Z6746em5wpqR.swf.[4B2E4630].[garantos@mailfence.com].captcha Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wu4Z6746em5wpqR.swf (Dropped File)
Mime Type application/octet-stream
File Size 33.13 KB
MD5 360644fae95676e983f08c25d027086b Copy to Clipboard
SHA1 4bf6dbb52cb208b53cb12f851ef2586d62f035d3 Copy to Clipboard
SHA256 f06870a90eac519e3799c937ea58bc0829ad6149e75379fa98f2356651061f66 Copy to Clipboard
SSDeep 768:WXG5m+YsN3UfnTKZ/2KUfGIEjLuAElqOUABj:Wl+Ys1YAWWalk+j Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Y6o3bM eaIX_bwj.png.[4B2E4630].[garantos@mailfence.com].captcha Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Y6o3bM eaIX_bwj.png (Dropped File)
Mime Type application/octet-stream
File Size 86.02 KB
MD5 112ad89d29316fc0ca3222514a83bc7a Copy to Clipboard
SHA1 d9a56cd6b5c312f8c07e3f2502ed1e9c17e342c9 Copy to Clipboard
SHA256 99e4bfd9c7343b51b227b4d2c7fac81fca81158d1effa0db96ebe5442a8019d3 Copy to Clipboard
SSDeep 1536:vRBo/6JesFEFqsM5dq2uRSMMKSeDye+Bx9pyUSR54g9ybJdpRc3lwhSvE:Z06QsSqh5k7fMK7Dy1B1yUi4/bJvRawb Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\build note.txt Dropped File Text
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\fKh p\build note.txt (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\C4P_ngTwnzZZoM\build note.txt (Dropped File)
Mime Type text/plain
File Size 996 Bytes
MD5 4ffcf994ae11581160302b2a60ac1819 Copy to Clipboard
SHA1 5b5eed384f40c406f363b8969a76e3cf281ed3b4 Copy to Clipboard
SHA256 fdce46d685f8a9d048b23eaf0a47c03ea37b07c4611098295c84d7d8190fd68c Copy to Clipboard
SSDeep 24:PBYUel6jkFklH3g/QHAYAbS5w/Fo8mHlczvunE1iBhD/Qo:PWl2lQAgS54opFrIChX Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image